* Add HasVerifiedDomainsAsync method to IOrganizationDomainService
* Add GetManagedUserIdsByOrganizationIdAsync method to IOrganizationUserRepository and the corresponding queries
* Fix case on the sproc OrganizationUser_ReadManagedIdsByOrganizationId parameter
* Update the EF query to use the Email from the User table
* dotnet format
* Fix IOrganizationDomainService.HasVerifiedDomainsAsync by checking that domains have been Verified and add unit tests
* Rename IOrganizationUserRepository.GetManagedUserIdsByOrganizationAsync
* Fix domain queries
* Add OrganizationUserRepository integration tests
* Add summary to IOrganizationDomainService.HasVerifiedDomainsAsync
* chore: Rename IOrganizationUserRepository.GetManagedUserIdsByOrganizationAsync to GetManyIdsManagedByOrganizationIdAsync
* Add IsManagedByAnyOrganizationAsync method to IUserRepository
* Add integration tests for UserRepository.IsManagedByAnyOrganizationAsync
* Refactor to IUserService.IsManagedByAnyOrganizationAsync and IOrganizationService.GetUsersOrganizationManagementStatusAsync
* chore: Refactor IsManagedByAnyOrganizationAsync method in UserService
* Refactor IOrganizationService.GetUsersOrganizationManagementStatusAsync to return IDictionary<Guid, bool>
* Extract IOrganizationService.GetUsersOrganizationManagementStatusAsync into a query
* Update comments in OrganizationDomainService to use proper capitalization
* Move OrganizationDomainService to AdminConsole ownership and update namespace
* feat: Add support for organization domains in enterprise plans
* feat: Add HasOrganizationDomains property to OrganizationAbility class
* refactor: Update GetOrganizationUsersManagementStatusQuery to use IApplicationCacheService
* Remove HasOrganizationDomains and use UseSso to check if Organization can have Verified Domains
* Refactor UserService.IsManagedByAnyOrganizationAsync to simply check the UseSso flag
* Add TODO comment for replacing 'UseSso' organization ability on user verified domain checks
* Bump date on migration script
* Add indexes to OrganizationDomain table
* Bump script migration date; Remove WITH ONLINE = ON from data migration.
* Added invoices and transaction history endpoints. Added cursor paging for each
* Removed try/catch since it's handled by middleware. Updated condition to use pattern matching
* Added unit tests for PaymentHistoryService
* Removed organizationId from account billing controller endpoints
* Rename IDeleteOrganizationUserCommand to IRemoveOrganizationUserCommand
* Rename IOrganizationService DeleteUser methods to RemoveUser
* Rename API endpoints for deleting organization users to "Remove"
* chore: Rename Delete method to Remove in MembersController
* Refactor: Rename some methods and models for consistency
This commit contains no logic changes at all. It's entirely comprised of renames of existing models and methods to bring our codebase more in line with our app's functionality and terminology.
* Add feature flag: AC-2476-deprecate-stripe-sources-api
* Standardize error responses from applicable billing controllers
During my work on CB, I found that just using the built-in TypedResults errors results in the client choking on the response because it's looking for the ErrroResponseModel. The new BaseBillingController provides Error utilities to return TypedResults wrapping that model so the client can process it.
* Add feature flagged payment method endoints to OrganizationBillingController
* Run dotnet format
* Log events from the import organization flow
* Use an interface for the `OrganizationUser` object used to log events
* Log import events as being from the public api if they are
* Add logging for created groups
* Log proper group ids
* Fix tests
* Also log update events for groups
* Remove private API `import` endpoint
* Make `eventSystemUser` non-nullable for `ImportAsync`
* Fix tests
* Delete `ImportOrganizationUsersRequestModel`
* Fix tests
Subscription update tests were not fixing the current maxAutoscaleSeats
value. Autodata could sometimes make it the same as the new value,
so the update code wouldn't be triggered and the test would fail
* Add Collections Tests
* Update CollectionRepository Implementation
* Test Adding And Deleting Through Replace
* Format
* Fix Most Test Warnings
* Format
* feat: Add stored procedure for reading organization user details with premium access by organization ID
The code changes include:
- Addition of a new stored procedure [dbo].[OrganizationUserUserDetailsWithPremiumAccess_ReadByOrganizationId] to read organization user details with premium access by organization ID
- Modification of the IUserService interface to include an optional parameter for checking two-factor authentication with premium access
- Modification of the UserService class to handle the new optional parameter in the TwoFactorIsEnabledAsync method
- Addition of a new method GetManyDetailsWithPremiumAccessByOrganizationAsync in the IOrganizationUserRepository interface to retrieve organization user details with premium access by organization ID
- Addition of a new view [dbo].[OrganizationUserUserDetailsWithPremiumAccessView] to retrieve organization user details with premium access
* Add IUserRepository.SearchDetailsAsync that includes the field HasPremiumAccess
* Check the feature flag on Admin.UsersController to see if the optimization runs
* Modify PolicyService to run query optimization if the feature flag is enabled
* Refactor the parameter check on UserService.TwoFactorIsEnabledAsync
* Run query optimization on public MembersController if feature flag is enabled
* Restore refactor
* Reverted change used for development
* Add unit tests for OrganizationService.RestoreUser
* Separate new CheckPoliciesBeforeRestoreAsync optimization into new method
* Add more unit tests
* Apply refactor to bulk restore
* Add GetManyDetailsAsync method to IUserRepository. Add ConfirmUsersAsync_vNext method to IOrganizationService
* Add unit tests for ConfirmUser_vNext
* Refactor the optimization to use the new TwoFactorIsEnabledAsync method instead of changing the existing one
* Removed unused sql scripts and added migration script
* Remove unnecessary view
* chore: Remove unused SearchDetailsAsync method from IUserRepository and UserRepository
* refactor: Use UserDetails constructor in UserRepository
* Add summary to IUserRepository.GetManyDetailsAsync
* Add summary descriptions to IUserService.TwoFactorIsEnabledAsync
* Remove obsolete annotation from IUserRepository.UpdateUserKeyAndEncryptedDataAsync
* refactor: Rename UserDetails to UserWithCalculatedPremium across the codebase
* Extract IUserService.TwoFactorIsEnabledAsync into a new TwoFactorIsEnabledQuery class
* Add unit tests for TwoFactorIsEnabledQuery
* Update TwoFactorIsEnabledQueryTests to include additional provider types
* Refactor TwoFactorIsEnabledQuery
* Refactor TwoFactorIsEnabledQuery and update tests
* refactor: Update TwoFactorIsEnabledQueryTests to include test for null TwoFactorProviders
* refactor: Improve TwoFactorIsEnabledQuery and update tests
* refactor: Improve TwoFactorIsEnabledQuery and update tests
* Remove empty <returns> from summary
* Update User_ReadByIdsWithCalculatedPremium stored procedure to accept JSON array of IDs
* Fix error handling in provider setup process
This update ensures that when 'enable-consolidated-billing' is on, any exception thrown during the Stripe customer or subscription setup process for the provider will block the remainder of the setup process so the provider does not enter an invalid state
* Refactor the way BillingException is thrown
Made it simpler to just use the exception constructor and also ensured it was added to the exception handling middleware so it could provide a simple response to the client
* Handle all Stripe exceptions in exception handling middleware
* Fixed error response output for billing's provider controllers
* Cleaned up billing owned provider controllers
Changes were made based on feature updates by product and stuff that's no longer needed. No need to expose sensitive endpoints when they're not being used.
* Reafctored get invoices
Removed unnecssarily bloated method from SubscriberService
* Updated error handling for generating the client invoice report
* Moved get provider subscription to controller
This is only used once and the service layer doesn't seem like the correct choice anymore when thinking about error handling with retrieval
* Handled bad request for update tax information
* Split out Stripe configuration from unauthorization
* Run dotnet format
* Addison's feedback
* Remove Organization.FlexibleCollections from code
* Drop Organization.FlexibleCollections column in EF databases
(MSSQL column to be retained for 1 additional deployment to support rollback in cloud)
* Attempt to fix tde to mp flow
* Move tde offboarding to dedicated flag
* Add tde offboarding password request
* Validate tde offboarding input
* Correctly check whether tde is active when building trusted device options
* Refactor Tde offboarding into a separate command
* Add unit tests for tde offboarding
* Update tde offboarding request model
* Fix tests
* Fix further tests
* Fix documentation
* Add validation for updatetdepasswordasync key/newmasterpassword
* Add comment explaining test
* Remove unrelated changes
* chore: remove fc refs in CreateGroup and UpdateGroup commands, refs AC-2646
* chore: remove fc refs and update interface to represent usage/get rid of double enumeration warnings, refs AC-2646
* chore: remove org/provider service fc callers, refs AC-2646
* chore: remove collection service fc callers, refs AC-2646
* chore: remove cipher service import ciphers fc callers, refs AC-2646
* fix: UpdateOrganizationUserCommandTests collections to list, refs AC-2646
* fix: update CreateGroupCommandTests, refs AC-2646
* fix: adjust UpdateGroupCommandTests, refs AC-2646
* fix: adjust UpdateOrganizationUserCommandTests for FC always true, refs AC-2646
* fix: update CollectionServiceTests, refs AC-2646
* fix: remove unnecessary test with fc disabled, refs AC-2646
* fix: update tests to account for AccessAll removal and Manager removal, refs AC-2646
* chore: remove dependence on FC flag for tests, refs AC-2646
Remove FlexibleCollections feature flag logic for repository methods:
* GetManyByUserIdAsync
* GetManyByUserIdCipherIdAsync
* UpdateCollectionsAsync
* UpdateCollectionsForCiphersAsync
This feature flag was never turned on and we will update the sprocs
directly as required.
Remove FlexibleCollections feature flag logic for repository methods:
* CiphersController.GetByIdAsync
* CipherRepository.DeleteAsync
* CipherRepository.MoveAsync
* RestoreAsync
* SoftDeleteAsync
This feature flag was never turned on and we will update the sprocs
directly as required.
* PM-7322 - AccountsController.cs - create empty method + empty req model to be able to create draft PR.
* PM-7322 - Start on RegisterFinishRequestModel.cs
* PM-7322 - WIP on Complete Registration endpoint
* PM-7322 - UserService.cs - RegisterUserAsync - Tweak of token to be orgInviteToken as we are adding a new email verification token to the mix.
* PM-7322 - UserService - Rename MP to MPHash
* PM-7322 - More WIP progress on getting new finish registration process in place.
* PM-7322 Create IRegisterUserCommand
* PM-7322 - RegisterUserCommand.cs - first WIP draft
* PM-7322 - Implement use of new command in Identity.
* PM-7322 - Rename RegisterUserViaOrgInvite to just be RegisterUser as orgInvite is optional.
* PM07322 - Test RegisterUserCommand.RegisterUser(...) happy paths and one bad request path.
* PM-7322 - More WIP on RegisterUserCommand.cs and tests
* PM-7322 - RegisterUserCommand.cs - refactor ValidateOrgInviteToken logic to always validate the token if we have one.
* PM-7322 - RegisterUserCommand.cs - Refactor OrgInviteToken validation to be more clear + validate org invite token even in open registration scenarios + added tests.
* PM-7322 - Add more test coverage to RegisterUserWithOptionalOrgInvite
* PM-7322 - IRegisterUserCommand - DOCS
* PM-7322 - Test RegisterUser
* PM-7322 - IRegisterUserCommand - Add more docs.
* PM-7322 - Finish updating all existing user service register calls to use the new command.
* PM-7322 - RegistrationEmailVerificationTokenable.cs changes + tests
* PM-7322 - RegistrationEmailVerificationTokenable.cs changed to only verify email as it's the only thing we need to verify + updated tests.
* PM-7322 - Get RegisterUserViaEmailVerificationToken built and tested
* PM-7322 - AccountsController.cs - get bones of PostRegisterFinish in place
* PM-7322 - SendVerificationEmailForRegistrationCommand - Feature flag timing attack delays per architecture discussion with a default of keeping them around.
* PM-7322 - RegisterFinishRequestModel.cs - EmailVerificationToken must be optional for org invite scenarios.
* PM-7322 - HandlebarsMailService.cs - SendRegistrationVerificationEmailAsync - must URL encode email to avoid invalid email upon submission to server on complete registration step
* PM-7322 - RegisterUserCommandTests.cs - add API key assertions
* PM-7322 - Clean up RegisterUserCommand.cs
* PM-7322 - Refactor AccountsController.cs existing org invite method and new process to consider new feature flag for delays.
* PM-7322 - Add feature flag svc to AccountsControllerTests.cs + add TODO
* PM-7322 - AccountsController.cs - Refactor shared IdentityResult logic into private helper.
* PM-7322 - Work on getting PostRegisterFinish tests in place.
* PM-7322 - AccountsControllerTests.cs - test new method.
* PM-7322 - RegisterFinishRequestModel.cs - Update to use required keyword instead of required annotations as it is easier to catch mistakes.
* PM-7322 - Fix misspelling
* PM-7322 - Integration tests for RegistrationWithEmailVerification
* PM-7322 - Fix leaky integration tests.
* PM-7322 - Another leaky test fix.
* PM-7322 - AccountsControllerTests.cs - fix RegistrationWithEmailVerification_WithOrgInviteToken_Succeeds
* PM-7322 - AccountsControllerTests.cs - Finish out integration test suite!
* PM-5092 - Add new EnableEmailVerification global setting.
* PM-5092 - WIP - AccountsController.cs - create stub for new PostRegisterSendEmailVerification
* PM-5092 - RegisterSendEmailVerificationRequestModel
* PM-5092 - Create EmailVerificationTokenable.cs and get started on tests (still WIP).
* PM-5092 - EmailVerificationTokenable.cs finished + tests working.
* PM-5092 - Add token data factory for new EmailVerificationTokenable factory.
* PM-5092 - EmailVerificationTokenable.cs - set expiration to match existing verify email.
* PM-5092 - Get SendVerificationEmailForRegistrationCommand command mostly written + register as scoped.
* PM-5092 - Rename tokenable to be more clear and differentiate it from the existing email verification token.
* PM-5092 - Add new registration verify email method on mail service.
* PM-5092 - Refactor SendVerificationEmailForRegistrationCommand and add call to mail service to send email.
* PM-5092 - NoopMailService.cs needs to implement all interface methods.
* PM-5092 - AccountsController.cs - get PostRegisterSendEmailVerification logic in place.
* PM-5092 - AccountsControllerTests.cs - Add some unit tests - WIP
* PM-5092 - SendVerificationEmailForRegistrationCommandTests
* PM-5092 - Add integration tests for new acct controller method
* PM-5092 - Cleanup unit tests
* PM-5092 - AccountsController.cs - PostRegisterSendEmailVerification - remove modelState invalid check as .NET literally executes this validation pre-method execution.
* PM-5092 - Rename to read better - send verification email > send email verification
* PM-5092 - Revert primary constructor approach so DI works.
* PM-5092 - (1) Cleanup new but now not needed global setting (2) Add custom email for registration verify email.
* PM-5092 - Fix email text
* PM-5092 - (1) Modify ReferenceEvent.cs to allow nullable values for the 2 params which should have been nullable based on the constructor logic (2) Add new ReferenceEventType.cs for email verification register submit (3) Update AccountsController.cs to log new reference event (4) Update tests
* PM-5092 - RegistrationEmailVerificationTokenable - update prefix, purpose, and token id to include registration to differentiate it from the existing email verification token.
* PM-5092 - Per PR feedback, cleanup used dict.
* PM-5092 - formatting pass (manual + dotnet format)
* PM-5092 - Per PR feedback, log reference event after core business logic executes
* PM-5092 - Per PR feedback, add validation + added nullable flag to name as it is optional.
* PM-5092 - Per PR feedback, add constructor validation for required tokenable data
* PM-5092 - RegisterVerifyEmail url now contains email as that is required in client side registration step to create a master key.
* PM-5092 - Add fromEmail flag + some docs
* PM-5092 - ReferenceEvent.cs - Per PR feedback, make SignupInitiationPath and PlanUpgradePath nullable
* PM-5092 - ReferenceEvent.cs - remove nullability per PR feedback
* PM-5092 - Per PR feedback, use default constructor and manually create reference event.
* PM-5092 - Per PR feedback, add more docs!
* Renamed ProductType to ProductTierType
* Renamed Product properties to ProductTier
* Moved ProductTierType to Bit.Core.Billing.Enums namespace from Bit.Core.Enums
* Moved PlanType enum to Bit.Core.Billing.Enums
* Moved StaticStore to Bit.Core.Billing.Models.StaticStore namespace
* Added ProductType enum
* dotnet format
* Moved AccountsBilling controller to be owned by Billing
* Added org billing history endpoint
* Updated GetBillingInvoicesAsync to only retrieve paid, open, and uncollectible invoices, and added option to limit results
* Removed invoices and transactions from GetBillingAsync
* Limiting the number of invoices and transactions returned
* Moved Billing models to Billing namespace
* Split billing info and billing history objects
* Removed billing method GetBillingBalanceAndSourceAsync
* Removed unused using
* Cleaned up BillingInfo a bit
* Update migration scripts to use `CREATE OR ALTER` instead of checking for the `OBJECT_ID`
* Applying limit to aggregated invoices after they return from Stripe
* Refactored GET provider subscription
Refactoring this endpoint and its associated tests in preparation for the addition of more endpoints that share similar patterns
* Replaced StripePaymentService call in AccountsController, OrganizationsController
This was made in error during a previous PR. Since this is not related to Consolidated Billing, we want to try not to include it in these changes.
* Removing GetPaymentInformation call from ProviderBillingService
This method is a good call for the SubscriberService as we'll want to extend the functionality to all subscriber types
* Refactored GetTaxInformation to use Billing owned DTO
* Add UpdateTaxInformation to SubscriberService
* Added GetTaxInformation and UpdateTaxInformation endpoints to ProviderBillingController
* Added controller to manage creation of Stripe SetupIntents
With the deprecation of the Sources API, we need to move the bank account creation process to using SetupIntents. This controller brings both the creation of "card" and "us_bank_account" SetupIntents
under billing management.
* Added UpdatePaymentMethod method to SubscriberService
This method utilizes the SetupIntents created by the StripeController from the previous commit when a customer adds a card or us_bank_account payment method (Stripe). We need to cache the most recent SetupIntent for the subscriber so that we know which PaymentMethod is their most recent even when it hasn't been confirmed yet.
* Refactored GetPaymentMethod to use billing owned DTO and check setup intents
* Added GetPaymentMethod and UpdatePaymentMethod endpoints to ProviderBillingController
* Re-added GetPaymentInformation endpoint to consolidate API calls on the payment method page
* Added VerifyBankAccount endpoint to ProviderBillingController in order to finalize bank account payment methods
* Updated BitPayInvoiceRequestModel to support providers
* run dotnet format
* Conner's feedback
* Run dotnet format'
* Add check to verify the vault state for rotation is not obviously desynced (empty)
* Add unit test for key rotation guardrail
* Move de-synced vault detection to validators
* Add tests
* Define a model for updating many auth requests
In order to facilitate a command method that can update many auth
requests at one time a new model must be defined that accepts valid
input for the command's needs. To achieve this a new file has been
created at
`Core/AdminConsole/OrganizationAuth/Models/OrganizationAuthRequestUpdateCommandModel.cs`
that contains a class of the same name. It's properties match those that
need to come from any calling API request models to fulfill the request.
* Declare a new command interface method
Calling API functions of the `UpdateOrganizationAuthRequestCommand` need
a function that can accept many auth request response objects and
process them as approved or denied. To achieve this a new function has
been added to `IUpdateOrganizationAuthRequestCommand` called
`UpdateManyAsync()` that accepts an
`IEnumberable<OrganizationAuthRequest>` and returns a `Task`.
Implementations of this interface method will be used to bulk process
auth requests as approved or denied.
* Stub out method implementation for unit testing
To facilitate a bulk device login request approval workflow in the admin
console `UpdateOrganizationAuthRequestCommand` needs to be updated to
include an `UpdateMany()` method. It should accept a list of
`OrganizationAuthRequestUpdateCommandModel` objects, perform some simple
data validation checks, and then pass those along to
`AuthRequestRepository` for updating in the database.
This commit stubs out this method for the purpose of writing unit tests.
At this stage the method throws a `NotImplementedException()`. It will
be expand after writing assertions.
* Inject `IAuthRequestRepository` into `UpdateOrganizationAuthCommand`
The updates to `UpdateOrganizationAuthRequestCommand` require a new
direct dependency on `IAuthRequestRepository`. This commit simply
registers this dependency in the `UpdateOrganizationAuthRequest`
constructor for use in unit tests and the `UpdateManyAsync()`
implementation.
* Write tests
* Rename `UpdateManyAsync()` to `UpdateAsync`
* Drop the `CommandModel` suffix
* Invert business logic update filters
* Rework everything to be more model-centric
* Bulk send push notifications
* Write tests that validate the command as a whole
* Fix a test that I broke by mistake
* Swap to using await instead of chained methods for processing
* Seperate a function arguement into a variable declaration
* Ungeneric-ify the processor
* Adjust ternary formatting
* Adjust naming of methods regarding logging organization events
* Throw an exception if Process is called with no auth request loaded
* Rename `_updates` -> `_update`
* Rename email methods
* Stop returning `this`
* Allow callbacks to be null
* Make some assertions about the state of a processed auth request
* Be more terse about arguements in happy path test
* Remove unneeded null check
* Expose an endpoint for bulk processing of organization auth requests (#4077)
---------
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* Replace SubscriberQueries with SubscriberService
* Replace OrganizationBillingQueries with OrganizationBillingService
* Replace ProviderBillingQueries with ProviderBillingService, move to Commercial
* Replace AssignSeatsToClientOrganizationCommand with ProviderBillingService, move to commercial
* Replace ScaleSeatsCommand with ProviderBillingService and move to Commercial
* Replace CancelSubscriptionCommand with SubscriberService
* Replace CreateCustomerCommand with ProviderBillingService and move to Commercial
* Replace StartSubscriptionCommand with ProviderBillingService and moved to Commercial
* Replaced RemovePaymentMethodCommand with SubscriberService
* Formatting
* Used dotnet format this time
* Changing ProviderBillingService to scoped
* Found circular dependency'
* One more time with feeling
* Formatting
* Fix error in remove org from provider
* Missed test fix in conflit
* [AC-1937] Server: Implement endpoint to retrieve provider payment information (#4107)
* Move the gettax and paymentmethod from stripepayment class
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Add the method to retrieve the tax and payment details
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Add unit tests for the paymentInformation method
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Add the endpoint to retrieve paymentinformation
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Add unit tests to the SubscriberService
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Remove the getTaxInfoAsync update reference
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
---------
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
---------
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
* Remove FlexibleCollectionsSignUp feature flag
* Always set Organization.FlexibleCollections to true
* Remove explicit assignment of LimitCollectionCreationDeletion so it defaults to false
* fix: align policy checks for excluded types, update tests, create fixture, refs AC-240
* fix: update final policy check against other orgs (not including the current), refs AC-240
* Add unit tests for the StorageSubscriptionUpdateTests.cs
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* remove unwanted comment from the class
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Create a class file and add unit tests for SmSeatSubscriptionUpdateTest.cs
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Add unit test for the secrets manager seat update
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Fix the failing test cases
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Add unit test for service account update
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
---------
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Add new models
* Update repositories
* Add new authz handler
* Add new query
* Add new command
* Add authz, command, and query to DI
* Add new endpoint to controller
* Add query unit tests
* Add api unit tests
* Add api integration tests
* Add the ability to get multi projects access
* Add access policy helper + tests
* Add new data/request models
* Add access policy operations to repo
* Add authz handler for new operations
* Add new controller endpoints
* add updating service account revision
