src/Core/Services/Implementations/UserService.cs

using System.Security.Claims;
using Bit.Core.AdminConsole.Entities;
using Bit.Core.AdminConsole.Enums;
using Bit.Core.AdminConsole.Models.Data;
using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Requests;
using Bit.Core.AdminConsole.Repositories;
using Bit.Core.AdminConsole.Services;
using Bit.Core.Auth.Enums;
using Bit.Core.Auth.Models;
using Bit.Core.Auth.Models.Business.Tokenables;
using Bit.Core.Billing.Models.Sales;
using Bit.Core.Billing.Services;
using Bit.Core.Context;
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Exceptions;
using Bit.Core.Models.Business;
using Bit.Core.Models.Data.Organizations.OrganizationUsers;
using Bit.Core.OrganizationFeatures.OrganizationUsers.Interfaces;
using Bit.Core.Platform.Push;
using Bit.Core.Repositories;
using Bit.Core.Settings;
using Bit.Core.Tokens;
using Bit.Core.Tools.Enums;
using Bit.Core.Tools.Models.Business;
using Bit.Core.Tools.Services;
using Bit.Core.Utilities;
using Bit.Core.Vault.Repositories;
using Fido2NetLib;
using Fido2NetLib.Objects;
using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.Caching.Distributed;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using File = System.IO.File;
using JsonSerializer = System.Text.Json.JsonSerializer;

namespace Bit.Core.Services;

public class UserService : UserManager<User>, IUserService, IDisposable
{
    private const string PremiumPlanId = "premium-annually";
    private const string StoragePlanId = "storage-gb-annually";

    private readonly IUserRepository _userRepository;
    private readonly ICipherRepository _cipherRepository;
    private readonly IOrganizationUserRepository _organizationUserRepository;
    private readonly IOrganizationRepository _organizationRepository;
    private readonly IMailService _mailService;
    private readonly IPushNotificationService _pushService;
    private readonly IdentityErrorDescriber _identityErrorDescriber;
    private readonly IdentityOptions _identityOptions;
    private readonly IPasswordHasher<User> _passwordHasher;
    private readonly IEnumerable<IPasswordValidator<User>> _passwordValidators;
    private readonly ILicensingService _licenseService;
    private readonly IEventService _eventService;
    private readonly IApplicationCacheService _applicationCacheService;
    private readonly IPaymentService _paymentService;
    private readonly IPolicyRepository _policyRepository;
    private readonly IPolicyService _policyService;
    private readonly IDataProtector _organizationServiceDataProtector;
    private readonly IReferenceEventService _referenceEventService;
    private readonly IFido2 _fido2;
    private readonly ICurrentContext _currentContext;
    private readonly IGlobalSettings _globalSettings;
    private readonly IAcceptOrgUserCommand _acceptOrgUserCommand;
    private readonly IProviderUserRepository _providerUserRepository;
    private readonly IStripeSyncService _stripeSyncService;
    private readonly IDataProtectorTokenFactory<OrgUserInviteTokenable> _orgUserInviteTokenDataFactory;
    private readonly IFeatureService _featureService;
    private readonly IPremiumUserBillingService _premiumUserBillingService;
    private readonly IRemoveOrganizationUserCommand _removeOrganizationUserCommand;
    private readonly IRevokeNonCompliantOrganizationUserCommand _revokeNonCompliantOrganizationUserCommand;
    private readonly IDistributedCache _distributedCache;

    public UserService(
        IUserRepository userRepository,
        ICipherRepository cipherRepository,
        IOrganizationUserRepository organizationUserRepository,
        IOrganizationRepository organizationRepository,
        IMailService mailService,
        IPushNotificationService pushService,
        IUserStore<User> store,
        IOptions<IdentityOptions> optionsAccessor,
        IPasswordHasher<User> passwordHasher,
        IEnumerable<IUserValidator<User>> userValidators,
        IEnumerable<IPasswordValidator<User>> passwordValidators,
        ILookupNormalizer keyNormalizer,
        IdentityErrorDescriber errors,
        IServiceProvider services,
        ILogger<UserManager<User>> logger,
        ILicensingService licenseService,
        IEventService eventService,
        IApplicationCacheService applicationCacheService,
        IDataProtectionProvider dataProtectionProvider,
        IPaymentService paymentService,
        IPolicyRepository policyRepository,
        IPolicyService policyService,
        IReferenceEventService referenceEventService,
        IFido2 fido2,
        ICurrentContext currentContext,
        IGlobalSettings globalSettings,
        IAcceptOrgUserCommand acceptOrgUserCommand,
        IProviderUserRepository providerUserRepository,
        IStripeSyncService stripeSyncService,
        IDataProtectorTokenFactory<OrgUserInviteTokenable> orgUserInviteTokenDataFactory,
        IFeatureService featureService,
        IPremiumUserBillingService premiumUserBillingService,
        IRemoveOrganizationUserCommand removeOrganizationUserCommand,
        IRevokeNonCompliantOrganizationUserCommand revokeNonCompliantOrganizationUserCommand,
        IDistributedCache distributedCache)
        : base(
              store,
              optionsAccessor,
              passwordHasher,
              userValidators,
              passwordValidators,
              keyNormalizer,
              errors,
              services,
              logger)
    {
        _userRepository = userRepository;
        _cipherRepository = cipherRepository;
        _organizationUserRepository = organizationUserRepository;
        _organizationRepository = organizationRepository;
        _mailService = mailService;
        _pushService = pushService;
        _identityOptions = optionsAccessor?.Value ?? new IdentityOptions();
        _identityErrorDescriber = errors;
        _passwordHasher = passwordHasher;
        _passwordValidators = passwordValidators;
        _licenseService = licenseService;
        _eventService = eventService;
        _applicationCacheService = applicationCacheService;
        _paymentService = paymentService;
        _policyRepository = policyRepository;
        _policyService = policyService;
        _organizationServiceDataProtector = dataProtectionProvider.CreateProtector(
            "OrganizationServiceDataProtector");
        _referenceEventService = referenceEventService;
        _fido2 = fido2;
        _currentContext = currentContext;
        _globalSettings = globalSettings;
        _acceptOrgUserCommand = acceptOrgUserCommand;
        _providerUserRepository = providerUserRepository;
        _stripeSyncService = stripeSyncService;
        _orgUserInviteTokenDataFactory = orgUserInviteTokenDataFactory;
        _featureService = featureService;
        _premiumUserBillingService = premiumUserBillingService;
        _removeOrganizationUserCommand = removeOrganizationUserCommand;
        _revokeNonCompliantOrganizationUserCommand = revokeNonCompliantOrganizationUserCommand;
        _distributedCache = distributedCache;
    }

    public Guid? GetProperUserId(ClaimsPrincipal principal)
    {
        if (!Guid.TryParse(GetUserId(principal), out var userIdGuid))
        {
            return null;
        }

        return userIdGuid;
    }

    public async Task<User> GetUserByIdAsync(string userId)
    {
        if (_currentContext?.User != null &&
            string.Equals(_currentContext.User.Id.ToString(), userId, StringComparison.InvariantCultureIgnoreCase))
        {
            return _currentContext.User;
        }

        if (!Guid.TryParse(userId, out var userIdGuid))
        {
            return null;
        }

        _currentContext.User = await _userRepository.GetByIdAsync(userIdGuid);
        return _currentContext.User;
    }

    public async Task<User> GetUserByIdAsync(Guid userId)
    {
        if (_currentContext?.User != null && _currentContext.User.Id == userId)
        {
            return _currentContext.User;
        }

        _currentContext.User = await _userRepository.GetByIdAsync(userId);
        return _currentContext.User;
    }

    public async Task<User> GetUserByPrincipalAsync(ClaimsPrincipal principal)
    {
        var userId = GetProperUserId(principal);
        if (!userId.HasValue)
        {
            return null;
        }

        return await GetUserByIdAsync(userId.Value);
    }

    public async Task<DateTime> GetAccountRevisionDateByIdAsync(Guid userId)
    {
        return await _userRepository.GetAccountRevisionDateAsync(userId);
    }

    public async Task SaveUserAsync(User user, bool push = false)
    {
        if (user.Id == default(Guid))
        {
            throw new ApplicationException("Use register method to create a new user.");
        }

        // if the name is empty, set it to null
        if (String.Equals(user.Name, String.Empty))
        {
            user.Name = null;
        }

        user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
        await _userRepository.ReplaceAsync(user);

        if (push)
        {
            // push
            await _pushService.PushSyncSettingsAsync(user.Id);
        }
    }

    public override async Task<IdentityResult> DeleteAsync(User user)
    {
        // Check if user is the only owner of any organizations.
        var onlyOwnerCount = await _organizationUserRepository.GetCountByOnlyOwnerAsync(user.Id);
        if (onlyOwnerCount > 0)
        {
            var deletedOrg = false;
            var orgs = await _organizationUserRepository.GetManyDetailsByUserAsync(user.Id,
                OrganizationUserStatusType.Confirmed);
            if (orgs.Count == 1)
            {
                var org = await _organizationRepository.GetByIdAsync(orgs.First().OrganizationId);
                if (org != null && (!org.Enabled || string.IsNullOrWhiteSpace(org.GatewaySubscriptionId)))
                {
                    var orgCount = await _organizationUserRepository.GetCountByOrganizationIdAsync(org.Id);
                    if (orgCount <= 1)
                    {
                        await _organizationRepository.DeleteAsync(org);
                        deletedOrg = true;
                    }
                }
            }

            if (!deletedOrg)
            {
                return IdentityResult.Failed(new IdentityError
                {
                    Description = "Cannot delete this user because it is the sole owner of at least one organization. Please delete these organizations or upgrade another user.",
                });
            }
        }

        var onlyOwnerProviderCount = await _providerUserRepository.GetCountByOnlyOwnerAsync(user.Id);
        if (onlyOwnerProviderCount > 0)
        {
            return IdentityResult.Failed(new IdentityError
            {
                Description = "Cannot delete this user because it is the sole owner of at least one provider. Please delete these providers or upgrade another user.",
            });
        }

        if (!string.IsNullOrWhiteSpace(user.GatewaySubscriptionId))
        {
            try
            {
                await CancelPremiumAsync(user);
            }
            catch (GatewayException) { }
        }

        await _userRepository.DeleteAsync(user);
        await _referenceEventService.RaiseEventAsync(
            new ReferenceEvent(ReferenceEventType.DeleteAccount, user, _currentContext));
        await _pushService.PushLogOutAsync(user.Id);
        return IdentityResult.Success;
    }

    public async Task<IdentityResult> DeleteAsync(User user, string token)
    {
        if (!(await VerifyUserTokenAsync(user, TokenOptions.DefaultProvider, "DeleteAccount", token)))
        {
            return IdentityResult.Failed(ErrorDescriber.InvalidToken());
        }

        return await DeleteAsync(user);
    }

    public async Task SendDeleteConfirmationAsync(string email)
    {
        var user = await _userRepository.GetByEmailAsync(email);
        if (user == null)
        {
            // No user exists.
            return;
        }

        if (await IsManagedByAnyOrganizationAsync(user.Id))
        {
            await _mailService.SendCannotDeleteManagedAccountEmailAsync(user.Email);
            return;
        }

        var token = await base.GenerateUserTokenAsync(user, TokenOptions.DefaultProvider, "DeleteAccount");
        await _mailService.SendVerifyDeleteEmailAsync(user.Email, user.Id, token);
    }

    public async Task<IdentityResult> CreateUserAsync(User user)
    {
        return await CreateAsync(user);
    }

    public async Task<IdentityResult> CreateUserAsync(User user, string masterPasswordHash)
    {
        return await CreateAsync(user, masterPasswordHash);
    }

    public async Task SendMasterPasswordHintAsync(string email)
    {
        var user = await _userRepository.GetByEmailAsync(email);
        if (user == null)
        {
            // No user exists. Do we want to send an email telling them this in the future?
            return;
        }

        if (string.IsNullOrWhiteSpace(user.MasterPasswordHint))
        {
            await _mailService.SendNoMasterPasswordHintEmailAsync(email);
            return;
        }

        await _mailService.SendMasterPasswordHintEmailAsync(email, user.MasterPasswordHint);
    }

    public async Task SendTwoFactorEmailAsync(User user)
    {
        var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Email);
        if (provider == null || provider.MetaData == null || !provider.MetaData.ContainsKey("Email"))
        {
            throw new ArgumentNullException("No email.");
        }

        var email = ((string)provider.MetaData["Email"]).ToLowerInvariant();
        var token = await base.GenerateTwoFactorTokenAsync(user,
            CoreHelpers.CustomProviderName(TwoFactorProviderType.Email));
        await _mailService.SendTwoFactorEmailAsync(email, token);
    }

    public async Task<bool> VerifyTwoFactorEmailAsync(User user, string token)
    {
        var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Email);
        if (provider == null || provider.MetaData == null || !provider.MetaData.ContainsKey("Email"))
        {
            throw new ArgumentNullException("No email.");
        }

        var email = ((string)provider.MetaData["Email"]).ToLowerInvariant();
        return await base.VerifyTwoFactorTokenAsync(user,
            CoreHelpers.CustomProviderName(TwoFactorProviderType.Email), token);
    }

    public async Task<CredentialCreateOptions> StartWebAuthnRegistrationAsync(User user)
    {
        var providers = user.GetTwoFactorProviders();
        if (providers == null)
        {
            providers = new Dictionary<TwoFactorProviderType, TwoFactorProvider>();
        }
        var provider = user.GetTwoFactorProvider(TwoFactorProviderType.WebAuthn);
        if (provider == null)
        {
            provider = new TwoFactorProvider
            {
                Enabled = false
            };
        }
        if (provider.MetaData == null)
        {
            provider.MetaData = new Dictionary<string, object>();
        }

        var fidoUser = new Fido2User
        {
            DisplayName = user.Name,
            Name = user.Email,
            Id = user.Id.ToByteArray(),
        };

        var excludeCredentials = provider.MetaData
            .Where(k => k.Key.StartsWith("Key"))
            .Select(k => new TwoFactorProvider.WebAuthnData((dynamic)k.Value).Descriptor)
            .ToList();

        var authenticatorSelection = new AuthenticatorSelection
        {
            AuthenticatorAttachment = null,
            RequireResidentKey = false,
            UserVerification = UserVerificationRequirement.Discouraged
        };
        var options = _fido2.RequestNewCredential(fidoUser, excludeCredentials, authenticatorSelection, AttestationConveyancePreference.None);

        provider.MetaData["pending"] = options.ToJson();
        providers[TwoFactorProviderType.WebAuthn] = provider;
        user.SetTwoFactorProviders(providers);
        await UpdateTwoFactorProviderAsync(user, TwoFactorProviderType.WebAuthn, false);

        return options;
    }

    public async Task<bool> CompleteWebAuthRegistrationAsync(User user, int id, string name, AuthenticatorAttestationRawResponse attestationResponse)
    {
        var keyId = $"Key{id}";

        var provider = user.GetTwoFactorProvider(TwoFactorProviderType.WebAuthn);
        if (!provider?.MetaData?.ContainsKey("pending") ?? true)
        {
            return false;
        }

        var options = CredentialCreateOptions.FromJson((string)provider.MetaData["pending"]);

        // Callback to ensure credential ID is unique. Always return true since we don't care if another
        // account uses the same 2FA key.
        IsCredentialIdUniqueToUserAsyncDelegate callback = (args, cancellationToken) => Task.FromResult(true);

        var success = await _fido2.MakeNewCredentialAsync(attestationResponse, options, callback);

        provider.MetaData.Remove("pending");
        provider.MetaData[keyId] = new TwoFactorProvider.WebAuthnData
        {
            Name = name,
            Descriptor = new PublicKeyCredentialDescriptor(success.Result.CredentialId),
            PublicKey = success.Result.PublicKey,
            UserHandle = success.Result.User.Id,
            SignatureCounter = success.Result.Counter,
            CredType = success.Result.CredType,
            RegDate = DateTime.Now,
            AaGuid = success.Result.Aaguid
        };

        var providers = user.GetTwoFactorProviders();
        providers[TwoFactorProviderType.WebAuthn] = provider;
        user.SetTwoFactorProviders(providers);
        await UpdateTwoFactorProviderAsync(user, TwoFactorProviderType.WebAuthn);

        return true;
    }

    public async Task<bool> DeleteWebAuthnKeyAsync(User user, int id)
    {
        var providers = user.GetTwoFactorProviders();
        if (providers == null)
        {
            return false;
        }

        var keyName = $"Key{id}";
        var provider = user.GetTwoFactorProvider(TwoFactorProviderType.WebAuthn);
        if (!provider?.MetaData?.ContainsKey(keyName) ?? true)
        {
            return false;
        }

        if (provider.MetaData.Count < 2)
        {
            return false;
        }

        provider.MetaData.Remove(keyName);
        providers[TwoFactorProviderType.WebAuthn] = provider;
        user.SetTwoFactorProviders(providers);
        await UpdateTwoFactorProviderAsync(user, TwoFactorProviderType.WebAuthn);
        return true;
    }

    public async Task SendEmailVerificationAsync(User user)
    {
        if (user.EmailVerified)
        {
            throw new BadRequestException("Email already verified.");
        }

        var token = await base.GenerateEmailConfirmationTokenAsync(user);
        await _mailService.SendVerifyEmailEmailAsync(user.Email, user.Id, token);
    }

    public async Task InitiateEmailChangeAsync(User user, string newEmail)
    {
        var existingUser = await _userRepository.GetByEmailAsync(newEmail);
        if (existingUser != null)
        {
            await _mailService.SendChangeEmailAlreadyExistsEmailAsync(user.Email, newEmail);
            return;
        }

        var token = await base.GenerateChangeEmailTokenAsync(user, newEmail);
        await _mailService.SendChangeEmailEmailAsync(newEmail, token);
    }

    public async Task<IdentityResult> ChangeEmailAsync(User user, string masterPassword, string newEmail,
        string newMasterPassword, string token, string key)
    {
        var verifyPasswordResult = _passwordHasher.VerifyHashedPassword(user, user.MasterPassword, masterPassword);
        if (verifyPasswordResult == PasswordVerificationResult.Failed)
        {
            return IdentityResult.Failed(_identityErrorDescriber.PasswordMismatch());
        }

        if (!await base.VerifyUserTokenAsync(user, _identityOptions.Tokens.ChangeEmailTokenProvider,
            GetChangeEmailTokenPurpose(newEmail), token))
        {
            return IdentityResult.Failed(_identityErrorDescriber.InvalidToken());
        }

        var existingUser = await _userRepository.GetByEmailAsync(newEmail);
        if (existingUser != null && existingUser.Id != user.Id)
        {
            return IdentityResult.Failed(_identityErrorDescriber.DuplicateEmail(newEmail));
        }

        var previousState = new
        {
            Key = user.Key,
            MasterPassword = user.MasterPassword,
            SecurityStamp = user.SecurityStamp,
            Email = user.Email
        };

        var result = await UpdatePasswordHash(user, newMasterPassword);
        if (!result.Succeeded)
        {
            return result;
        }

        var now = DateTime.UtcNow;

        user.Key = key;
        user.Email = newEmail;
        user.EmailVerified = true;
        user.RevisionDate = user.AccountRevisionDate = now;
        user.LastEmailChangeDate = now;
        await _userRepository.ReplaceAsync(user);

        if (user.Gateway == GatewayType.Stripe)
        {

            try
            {
                await _stripeSyncService.UpdateCustomerEmailAddress(user.GatewayCustomerId,
                    user.BillingEmailAddress());
            }
            catch (Exception ex)
            {
                //if sync to strip fails, update email and securityStamp to previous
                user.Key = previousState.Key;
                user.Email = previousState.Email;
                user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
                user.MasterPassword = previousState.MasterPassword;
                user.SecurityStamp = previousState.SecurityStamp;

                await _userRepository.ReplaceAsync(user);
                return IdentityResult.Failed(new IdentityError
                {
                    Description = ex.Message
                });
            }
        }

        await _pushService.PushLogOutAsync(user.Id);

        return IdentityResult.Success;
    }

    public async Task<IdentityResult> ChangePasswordAsync(User user, string masterPassword, string newMasterPassword, string passwordHint,
        string key)
    {
        if (user == null)
        {
            throw new ArgumentNullException(nameof(user));
        }

        if (await CheckPasswordAsync(user, masterPassword))
        {
            var result = await UpdatePasswordHash(user, newMasterPassword);
            if (!result.Succeeded)
            {
                return result;
            }

            var now = DateTime.UtcNow;
            user.RevisionDate = user.AccountRevisionDate = now;
            user.LastPasswordChangeDate = now;
            user.Key = key;
            user.MasterPasswordHint = passwordHint;

            await _userRepository.ReplaceAsync(user);
            await _eventService.LogUserEventAsync(user.Id, EventType.User_ChangedPassword);
            await _pushService.PushLogOutAsync(user.Id, true);

            return IdentityResult.Success;
        }

        Logger.LogWarning("Change password failed for user {userId}.", user.Id);
        return IdentityResult.Failed(_identityErrorDescriber.PasswordMismatch());
    }

    public async Task<IdentityResult> SetKeyConnectorKeyAsync(User user, string key, string orgIdentifier)
    {
        var identityResult = CheckCanUseKeyConnector(user);
        if (identityResult != null)
        {
            return identityResult;
        }

        user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
        user.Key = key;
        user.UsesKeyConnector = true;

        await _userRepository.ReplaceAsync(user);
        await _eventService.LogUserEventAsync(user.Id, EventType.User_MigratedKeyToKeyConnector);

        await _acceptOrgUserCommand.AcceptOrgUserByOrgSsoIdAsync(orgIdentifier, user, this);

        return IdentityResult.Success;
    }

    public async Task<IdentityResult> ConvertToKeyConnectorAsync(User user)
    {
        var identityResult = CheckCanUseKeyConnector(user);
        if (identityResult != null)
        {
            return identityResult;
        }

        user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
        user.MasterPassword = null;
        user.UsesKeyConnector = true;

        await _userRepository.ReplaceAsync(user);
        await _eventService.LogUserEventAsync(user.Id, EventType.User_MigratedKeyToKeyConnector);

        return IdentityResult.Success;
    }

    private IdentityResult CheckCanUseKeyConnector(User user)
    {
        if (user == null)
        {
            throw new ArgumentNullException(nameof(user));
        }

        if (user.UsesKeyConnector)
        {
            Logger.LogWarning("Already uses Key Connector.");
            return IdentityResult.Failed(_identityErrorDescriber.UserAlreadyHasPassword());
        }

        if (_currentContext.Organizations.Any(u =>
                u.Type is OrganizationUserType.Owner or OrganizationUserType.Admin))
        {
            throw new BadRequestException("Cannot use Key Connector when admin or owner of an organization.");
        }

        return null;
    }

    public async Task<IdentityResult> AdminResetPasswordAsync(OrganizationUserType callingUserType, Guid orgId, Guid id, string newMasterPassword, string key)
    {
        // Org must be able to use reset password
        var org = await _organizationRepository.GetByIdAsync(orgId);
        if (org == null || !org.UseResetPassword)
        {
            throw new BadRequestException("Organization does not allow password reset.");
        }

        // Enterprise policy must be enabled
        var resetPasswordPolicy =
            await _policyRepository.GetByOrganizationIdTypeAsync(orgId, PolicyType.ResetPassword);
        if (resetPasswordPolicy == null || !resetPasswordPolicy.Enabled)
        {
            throw new BadRequestException("Organization does not have the password reset policy enabled.");
        }

        // Org User must be confirmed and have a ResetPasswordKey
        var orgUser = await _organizationUserRepository.GetByIdAsync(id);
        if (orgUser == null || orgUser.Status != OrganizationUserStatusType.Confirmed ||
            orgUser.OrganizationId != orgId || string.IsNullOrEmpty(orgUser.ResetPasswordKey) ||
            !orgUser.UserId.HasValue)
        {
            throw new BadRequestException("Organization User not valid");
        }

        // Calling User must be of higher/equal user type to reset user's password
        var canAdjustPassword = false;
        switch (callingUserType)
        {
            case OrganizationUserType.Owner:
                canAdjustPassword = true;
                break;
            case OrganizationUserType.Admin:
                canAdjustPassword = orgUser.Type != OrganizationUserType.Owner;
                break;
            case OrganizationUserType.Custom:
                canAdjustPassword = orgUser.Type != OrganizationUserType.Owner &&
                    orgUser.Type != OrganizationUserType.Admin;
                break;
        }

        if (!canAdjustPassword)
        {
            throw new BadRequestException("Calling user does not have permission to reset this user's master password");
        }

        var user = await GetUserByIdAsync(orgUser.UserId.Value);
        if (user == null)
        {
            throw new NotFoundException();
        }

        if (user.UsesKeyConnector)
        {
            throw new BadRequestException("Cannot reset password of a user with Key Connector.");
        }

        var result = await UpdatePasswordHash(user, newMasterPassword);
        if (!result.Succeeded)
        {
            return result;
        }

        user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
        user.LastPasswordChangeDate = user.RevisionDate;
        user.ForcePasswordReset = true;
        user.Key = key;

        await _userRepository.ReplaceAsync(user);
        await _mailService.SendAdminResetPasswordEmailAsync(user.Email, user.Name, org.DisplayName());
        await _eventService.LogOrganizationUserEventAsync(orgUser, EventType.OrganizationUser_AdminResetPassword);
        await _pushService.PushLogOutAsync(user.Id);

        return IdentityResult.Success;
    }

    public async Task<IdentityResult> UpdateTempPasswordAsync(User user, string newMasterPassword, string key, string hint)
    {
        if (!user.ForcePasswordReset)
        {
            throw new BadRequestException("User does not have a temporary password to update.");
        }

        var result = await UpdatePasswordHash(user, newMasterPassword);
        if (!result.Succeeded)
        {
            return result;
        }

        user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
        user.ForcePasswordReset = false;
        user.Key = key;
        user.MasterPasswordHint = hint;

        await _userRepository.ReplaceAsync(user);
        await _mailService.SendUpdatedTempPasswordEmailAsync(user.Email, user.Name);
        await _eventService.LogUserEventAsync(user.Id, EventType.User_UpdatedTempPassword);
        await _pushService.PushLogOutAsync(user.Id);

        return IdentityResult.Success;
    }

    public async Task<IdentityResult> ChangeKdfAsync(User user, string masterPassword, string newMasterPassword,
        string key, KdfType kdf, int kdfIterations, int? kdfMemory, int? kdfParallelism)
    {
        if (user == null)
        {
            throw new ArgumentNullException(nameof(user));
        }

        if (await CheckPasswordAsync(user, masterPassword))
        {
            var result = await UpdatePasswordHash(user, newMasterPassword);
            if (!result.Succeeded)
            {
                return result;
            }

            var now = DateTime.UtcNow;
            user.RevisionDate = user.AccountRevisionDate = now;
            user.LastKdfChangeDate = now;
            user.Key = key;
            user.Kdf = kdf;
            user.KdfIterations = kdfIterations;
            user.KdfMemory = kdfMemory;
            user.KdfParallelism = kdfParallelism;
            await _userRepository.ReplaceAsync(user);
            await _pushService.PushLogOutAsync(user.Id);
            return IdentityResult.Success;
        }

        Logger.LogWarning("Change KDF failed for user {userId}.", user.Id);
        return IdentityResult.Failed(_identityErrorDescriber.PasswordMismatch());
    }

    public async Task<IdentityResult> RefreshSecurityStampAsync(User user, string secret)
    {
        if (user == null)
        {
            throw new ArgumentNullException(nameof(user));
        }

        if (await VerifySecretAsync(user, secret))
        {
            var result = await base.UpdateSecurityStampAsync(user);
            if (!result.Succeeded)
            {
                return result;
            }

            await SaveUserAsync(user);
            await _pushService.PushLogOutAsync(user.Id);
            return IdentityResult.Success;
        }

        Logger.LogWarning("Refresh security stamp failed for user {userId}.", user.Id);
        return IdentityResult.Failed(_identityErrorDescriber.PasswordMismatch());
    }

    public async Task UpdateTwoFactorProviderAsync(User user, TwoFactorProviderType type, bool setEnabled = true, bool logEvent = true)
    {
        SetTwoFactorProvider(user, type, setEnabled);
        await SaveUserAsync(user);
        if (logEvent)
        {
            await _eventService.LogUserEventAsync(user.Id, EventType.User_Updated2fa);
        }
    }

    public async Task DisableTwoFactorProviderAsync(User user, TwoFactorProviderType type)
    {
        var providers = user.GetTwoFactorProviders();
        if (!providers?.ContainsKey(type) ?? true)
        {
            return;
        }

        providers.Remove(type);
        user.SetTwoFactorProviders(providers);
        await SaveUserAsync(user);
        await _eventService.LogUserEventAsync(user.Id, EventType.User_Disabled2fa);

        if (!await TwoFactorIsEnabledAsync(user))
        {
            await CheckPoliciesOnTwoFactorRemovalAsync(user);
        }
    }

    public async Task<bool> RecoverTwoFactorAsync(string email, string secret, string recoveryCode)
    {
        var user = await _userRepository.GetByEmailAsync(email);
        if (user == null)
        {
            // No user exists. Do we want to send an email telling them this in the future?
            return false;
        }

        if (!await VerifySecretAsync(user, secret))
        {
            return false;
        }

        if (!CoreHelpers.FixedTimeEquals(user.TwoFactorRecoveryCode, recoveryCode))
        {
            return false;
        }

        user.TwoFactorProviders = null;
        user.TwoFactorRecoveryCode = CoreHelpers.SecureRandomString(32, upper: false, special: false);
        await SaveUserAsync(user);
        await _mailService.SendRecoverTwoFactorEmail(user.Email, DateTime.UtcNow, _currentContext.IpAddress);
        await _eventService.LogUserEventAsync(user.Id, EventType.User_Recovered2fa);
        await CheckPoliciesOnTwoFactorRemovalAsync(user);

        return true;
    }

    public async Task<Tuple<bool, string>> SignUpPremiumAsync(User user, string paymentToken,
        PaymentMethodType paymentMethodType, short additionalStorageGb, UserLicense license,
        TaxInfo taxInfo)
    {
        if (user.Premium)
        {
            throw new BadRequestException("Already a premium user.");
        }

        if (additionalStorageGb < 0)
        {
            throw new BadRequestException("You can't subtract storage!");
        }

        string paymentIntentClientSecret = null;
        IPaymentService paymentService = null;
        if (_globalSettings.SelfHosted)
        {
            if (license == null || !_licenseService.VerifyLicense(license))
            {
                throw new BadRequestException("Invalid license.");
            }

            var claimsPrincipal = _licenseService.GetClaimsPrincipalFromLicense(license);

            if (!license.CanUse(user, claimsPrincipal, out var exceptionMessage))
            {
                throw new BadRequestException(exceptionMessage);
            }

            var dir = $"{_globalSettings.LicenseDirectory}/user";
            Directory.CreateDirectory(dir);
            using var fs = File.OpenWrite(Path.Combine(dir, $"{user.Id}.json"));
            await JsonSerializer.SerializeAsync(fs, license, JsonHelpers.Indented);
        }
        else
        {
            var deprecateStripeSourcesAPI = _featureService.IsEnabled(FeatureFlagKeys.AC2476_DeprecateStripeSourcesAPI);

            if (deprecateStripeSourcesAPI)
            {
                var sale = PremiumUserSale.From(user, paymentMethodType, paymentToken, taxInfo, additionalStorageGb);
                await _premiumUserBillingService.Finalize(sale);
            }
            else
            {
                paymentIntentClientSecret = await _paymentService.PurchasePremiumAsync(user, paymentMethodType,
                    paymentToken, additionalStorageGb, taxInfo);
            }
        }

        user.Premium = true;
        user.RevisionDate = DateTime.UtcNow;

        if (_globalSettings.SelfHosted)
        {
            user.MaxStorageGb = 10240; // 10 TB
            user.LicenseKey = license.LicenseKey;
            user.PremiumExpirationDate = license.Expires;
        }
        else
        {
            user.MaxStorageGb = (short)(1 + additionalStorageGb);
            user.LicenseKey = CoreHelpers.SecureRandomString(20);
        }

        try
        {
            await SaveUserAsync(user);
            await _pushService.PushSyncVaultAsync(user.Id);
            await _referenceEventService.RaiseEventAsync(
                new ReferenceEvent(ReferenceEventType.UpgradePlan, user, _currentContext)
                {
                    Storage = user.MaxStorageGb,
                    PlanName = PremiumPlanId,
                });
        }
        catch when (!_globalSettings.SelfHosted)
        {
            await paymentService.CancelAndRecoverChargesAsync(user);
            throw;
        }


        return new Tuple<bool, string>(string.IsNullOrWhiteSpace(paymentIntentClientSecret),
            paymentIntentClientSecret);
    }

    public async Task UpdateLicenseAsync(User user, UserLicense license)
    {
        if (!_globalSettings.SelfHosted)
        {
            throw new InvalidOperationException("Licenses require self hosting.");
        }

        if (license?.LicenseType != null && license.LicenseType != LicenseType.User)
        {
            throw new BadRequestException("Organization licenses cannot be applied to a user. "
                + "Upload this license from the Organization settings page.");
        }

        if (license == null || !_licenseService.VerifyLicense(license))
        {
            throw new BadRequestException("Invalid license.");
        }

        var claimsPrincipal = _licenseService.GetClaimsPrincipalFromLicense(license);

        if (!license.CanUse(user, claimsPrincipal, out var exceptionMessage))
        {
            throw new BadRequestException(exceptionMessage);
        }

        var dir = $"{_globalSettings.LicenseDirectory}/user";
        Directory.CreateDirectory(dir);
        using var fs = File.OpenWrite(Path.Combine(dir, $"{user.Id}.json"));
        await JsonSerializer.SerializeAsync(fs, license, JsonHelpers.Indented);

        user.Premium = license.Premium;
        user.RevisionDate = DateTime.UtcNow;
        user.MaxStorageGb = _globalSettings.SelfHosted ? 10240 : license.MaxStorageGb; // 10 TB
        user.LicenseKey = license.LicenseKey;
        user.PremiumExpirationDate = license.Expires;
        await SaveUserAsync(user);
    }

    public async Task<string> AdjustStorageAsync(User user, short storageAdjustmentGb)
    {
        if (user == null)
        {
            throw new ArgumentNullException(nameof(user));
        }

        if (!user.Premium)
        {
            throw new BadRequestException("Not a premium user.");
        }

        var secret = await BillingHelpers.AdjustStorageAsync(_paymentService, user, storageAdjustmentGb,
            StoragePlanId);
        await _referenceEventService.RaiseEventAsync(
            new ReferenceEvent(ReferenceEventType.AdjustStorage, user, _currentContext)
            {
                Storage = storageAdjustmentGb,
                PlanName = StoragePlanId,
            });
        await SaveUserAsync(user);
        return secret;
    }

    public async Task ReplacePaymentMethodAsync(User user, string paymentToken, PaymentMethodType paymentMethodType, TaxInfo taxInfo)
    {
        if (paymentToken.StartsWith("btok_"))
        {
            throw new BadRequestException("Invalid token.");
        }

        var updated = await _paymentService.UpdatePaymentMethodAsync(user, paymentMethodType, paymentToken, taxInfo: taxInfo);
        if (updated)
        {
            await SaveUserAsync(user);
        }
    }

    public async Task CancelPremiumAsync(User user, bool? endOfPeriod = null)
    {
        var eop = endOfPeriod.GetValueOrDefault(true);
        if (!endOfPeriod.HasValue && user.PremiumExpirationDate.HasValue &&
            user.PremiumExpirationDate.Value < DateTime.UtcNow)
        {
            eop = false;
        }
        await _paymentService.CancelSubscriptionAsync(user, eop);
        await _referenceEventService.RaiseEventAsync(
            new ReferenceEvent(ReferenceEventType.CancelSubscription, user, _currentContext)
            {
                EndOfPeriod = eop
            });
    }

    public async Task ReinstatePremiumAsync(User user)
    {
        await _paymentService.ReinstateSubscriptionAsync(user);
        await _referenceEventService.RaiseEventAsync(
            new ReferenceEvent(ReferenceEventType.ReinstateSubscription, user, _currentContext));
    }

    public async Task EnablePremiumAsync(Guid userId, DateTime? expirationDate)
    {
        var user = await _userRepository.GetByIdAsync(userId);
        await EnablePremiumAsync(user, expirationDate);
    }

    public async Task EnablePremiumAsync(User user, DateTime? expirationDate)
    {
        if (user != null && !user.Premium && user.Gateway.HasValue)
        {
            user.Premium = true;
            user.PremiumExpirationDate = expirationDate;
            user.RevisionDate = DateTime.UtcNow;
            await _userRepository.ReplaceAsync(user);
        }
    }

    public async Task DisablePremiumAsync(Guid userId, DateTime? expirationDate)
    {
        var user = await _userRepository.GetByIdAsync(userId);
        await DisablePremiumAsync(user, expirationDate);
    }

    public async Task DisablePremiumAsync(User user, DateTime? expirationDate)
    {
        if (user != null && user.Premium)
        {
            user.Premium = false;
            user.PremiumExpirationDate = expirationDate;
            user.RevisionDate = DateTime.UtcNow;
            await _userRepository.ReplaceAsync(user);
        }
    }

    public async Task UpdatePremiumExpirationAsync(Guid userId, DateTime? expirationDate)
    {
        var user = await _userRepository.GetByIdAsync(userId);
        if (user != null)
        {
            user.PremiumExpirationDate = expirationDate;
            user.RevisionDate = DateTime.UtcNow;
            await _userRepository.ReplaceAsync(user);
        }
    }

    public async Task<UserLicense> GenerateLicenseAsync(
        User user,
        SubscriptionInfo subscriptionInfo = null,
        int? version = null)
    {
        if (user == null)
        {
            throw new NotFoundException();
        }

        if (subscriptionInfo == null && user.Gateway != null)
        {
            subscriptionInfo = await _paymentService.GetSubscriptionAsync(user);
        }

        var userLicense = subscriptionInfo == null
            ? new UserLicense(user, _licenseService)
            : new UserLicense(user, subscriptionInfo, _licenseService);

        if (_featureService.IsEnabled(FeatureFlagKeys.SelfHostLicenseRefactor))
        {
            userLicense.Token = await _licenseService.CreateUserTokenAsync(user, subscriptionInfo);
        }

        return userLicense;
    }

    public override async Task<bool> CheckPasswordAsync(User user, string password)
    {
        if (user == null)
        {
            return false;
        }

        var result = await base.VerifyPasswordAsync(Store as IUserPasswordStore<User>, user, password);
        if (result == PasswordVerificationResult.SuccessRehashNeeded)
        {
            await UpdatePasswordHash(user, password, false, false);
            user.RevisionDate = DateTime.UtcNow;
            await _userRepository.ReplaceAsync(user);
        }

        var success = result != PasswordVerificationResult.Failed;
        if (!success)
        {
            Logger.LogWarning(0, "Invalid password for user {userId}.", user.Id);
        }
        return success;
    }

    public async Task<bool> CanAccessPremium(ITwoFactorProvidersUser user)
    {
        var userId = user.GetUserId();
        if (!userId.HasValue)
        {
            return false;
        }

        return user.GetPremium() || await this.HasPremiumFromOrganization(user);
    }

    public async Task<bool> HasPremiumFromOrganization(ITwoFactorProvidersUser user)
    {
        var userId = user.GetUserId();
        if (!userId.HasValue)
        {
            return false;
        }

        // orgUsers in the Invited status are not associated with a userId yet, so this will get
        // orgUsers in Accepted and Confirmed states only
        var orgUsers = await _organizationUserRepository.GetManyByUserAsync(userId.Value);

        if (!orgUsers.Any())
        {
            return false;
        }

        var orgAbilities = await _applicationCacheService.GetOrganizationAbilitiesAsync();
        return orgUsers.Any(ou =>
            orgAbilities.TryGetValue(ou.OrganizationId, out var orgAbility) &&
            orgAbility.UsersGetPremium &&
            orgAbility.Enabled);
    }

    public async Task<bool> TwoFactorIsEnabledAsync(ITwoFactorProvidersUser user)
    {
        var providers = user.GetTwoFactorProviders();
        if (providers == null)
        {
            return false;
        }

        foreach (var p in providers)
        {
            if (p.Value?.Enabled ?? false)
            {
                if (!TwoFactorProvider.RequiresPremium(p.Key))
                {
                    return true;
                }
                if (await CanAccessPremium(user))
                {
                    return true;
                }
            }
        }
        return false;
    }

    public async Task<bool> TwoFactorProviderIsEnabledAsync(TwoFactorProviderType provider, ITwoFactorProvidersUser user)
    {
        var providers = user.GetTwoFactorProviders();
        if (providers == null || !providers.ContainsKey(provider) || !providers[provider].Enabled)
        {
            return false;
        }

        if (!TwoFactorProvider.RequiresPremium(provider))
        {
            return true;
        }

        return await CanAccessPremium(user);
    }

    public async Task<string> GenerateSignInTokenAsync(User user, string purpose)
    {
        var token = await GenerateUserTokenAsync(user, Options.Tokens.PasswordResetTokenProvider,
            purpose);
        return token;
    }

    public async Task<IdentityResult> UpdatePasswordHash(User user, string newPassword,
        bool validatePassword = true, bool refreshStamp = true)
    {
        if (validatePassword)
        {
            var validate = await ValidatePasswordInternal(user, newPassword);
            if (!validate.Succeeded)
            {
                return validate;
            }
        }

        user.MasterPassword = _passwordHasher.HashPassword(user, newPassword);
        if (refreshStamp)
        {
            user.SecurityStamp = Guid.NewGuid().ToString();
        }

        return IdentityResult.Success;
    }

    public async Task<bool> IsLegacyUser(string userId)
    {
        if (string.IsNullOrWhiteSpace(userId))
        {
            return false;
        }

        var user = await FindByIdAsync(userId);
        if (user == null)
        {
            return false;
        }

        return IsLegacyUser(user);
    }

    public async Task<bool> IsManagedByAnyOrganizationAsync(Guid userId)
    {
        var managingOrganizations = await GetOrganizationsManagingUserAsync(userId);
        return managingOrganizations.Any();
    }

    public async Task<IEnumerable<Organization>> GetOrganizationsManagingUserAsync(Guid userId)
    {
        if (!_featureService.IsEnabled(FeatureFlagKeys.AccountDeprovisioning))
        {
            return Enumerable.Empty<Organization>();
        }

        // Get all organizations that have verified the user's email domain.
        var organizationsWithVerifiedUserEmailDomain = await _organizationRepository.GetByVerifiedUserEmailDomainAsync(userId);

        // Organizations must be enabled and able to have verified domains.
        // TODO: Replace "UseSso" with a new organization ability like "UseOrganizationDomains" (PM-11622).
        // Verified domains were tied to SSO, so we currently check the "UseSso" organization ability.
        return organizationsWithVerifiedUserEmailDomain.Where(organization => organization is { Enabled: true, UseSso: true });
    }

    /// <inheritdoc cref="IsLegacyUser(string)"/>
    public static bool IsLegacyUser(User user)
    {
        return user.Key == null && user.MasterPassword != null && user.PrivateKey != null;
    }

    private async Task<IdentityResult> ValidatePasswordInternal(User user, string password)
    {
        var errors = new List<IdentityError>();
        foreach (var v in _passwordValidators)
        {
            var result = await v.ValidateAsync(this, user, password);
            if (!result.Succeeded)
            {
                errors.AddRange(result.Errors);
            }
        }

        if (errors.Count > 0)
        {
            Logger.LogWarning("User {userId} password validation failed: {errors}.", await GetUserIdAsync(user),
                string.Join(";", errors.Select(e => e.Code)));
            return IdentityResult.Failed(errors.ToArray());
        }

        return IdentityResult.Success;
    }

    public void SetTwoFactorProvider(User user, TwoFactorProviderType type, bool setEnabled = true)
    {
        var providers = user.GetTwoFactorProviders();
        if (!providers?.ContainsKey(type) ?? true)
        {
            return;
        }

        if (setEnabled)
        {
            providers[type].Enabled = true;
        }
        user.SetTwoFactorProviders(providers);

        if (string.IsNullOrWhiteSpace(user.TwoFactorRecoveryCode))
        {
            user.TwoFactorRecoveryCode = CoreHelpers.SecureRandomString(32, upper: false, special: false);
        }
    }

    private async Task CheckPoliciesOnTwoFactorRemovalAsync(User user)
    {
        var twoFactorPolicies = await _policyService.GetPoliciesApplicableToUserAsync(user.Id, PolicyType.TwoFactorAuthentication);
        var organizationsManagingUser = await GetOrganizationsManagingUserAsync(user.Id);

        var removeOrgUserTasks = twoFactorPolicies.Select(async p =>
        {
            var organization = await _organizationRepository.GetByIdAsync(p.OrganizationId);
            if (_featureService.IsEnabled(FeatureFlagKeys.AccountDeprovisioning) && organizationsManagingUser.Any(o => o.Id == p.OrganizationId))
            {
                await _revokeNonCompliantOrganizationUserCommand.RevokeNonCompliantOrganizationUsersAsync(
                    new RevokeOrganizationUsersRequest(
                        p.OrganizationId,
                        [new OrganizationUserUserDetails { UserId = user.Id, OrganizationId = p.OrganizationId }],
                        new SystemUser(EventSystemUser.TwoFactorDisabled)));
                await _mailService.SendOrganizationUserRevokedForTwoFactoryPolicyEmailAsync(organization.DisplayName(), user.Email);
            }
            else
            {
                await _removeOrganizationUserCommand.RemoveUserAsync(p.OrganizationId, user.Id);
                await _mailService.SendOrganizationUserRemovedForPolicyTwoStepEmailAsync(
                    organization.DisplayName(), user.Email);
            }

        }).ToArray();

        await Task.WhenAll(removeOrgUserTasks);
    }

    public override async Task<IdentityResult> ConfirmEmailAsync(User user, string token)
    {
        var result = await base.ConfirmEmailAsync(user, token);
        if (result.Succeeded)
        {
            await _referenceEventService.RaiseEventAsync(
                new ReferenceEvent(ReferenceEventType.ConfirmEmailAddress, user, _currentContext));
        }
        return result;
    }

    public async Task RotateApiKeyAsync(User user)
    {
        user.ApiKey = CoreHelpers.SecureRandomString(30);
        user.RevisionDate = DateTime.UtcNow;
        await _userRepository.ReplaceAsync(user);
    }

    public async Task SendOTPAsync(User user)
    {
        if (string.IsNullOrEmpty(user.Email))
        {
            throw new BadRequestException("No user email.");
        }

        var token = await base.GenerateUserTokenAsync(user, TokenOptions.DefaultEmailProvider,
            "otp:" + user.Email);
        await _mailService.SendOTPEmailAsync(user.Email, token);
    }

    public async Task<bool> VerifyOTPAsync(User user, string token)
    {
        return await base.VerifyUserTokenAsync(user, TokenOptions.DefaultEmailProvider,
            "otp:" + user.Email, token);
    }

    public async Task<bool> VerifySecretAsync(User user, string secret, bool isSettingMFA = false)
    {
        bool isVerified;
        if (user.HasMasterPassword())
        {
            // If the user has a master password the secret is most likely going to be a hash
            // of their password, but in certain scenarios, like when the user has logged into their
            // device without a password (trusted device encryption) but the account
            // does still have a password we will allow the use of OTP.
            isVerified = await CheckPasswordAsync(user, secret) ||
                await VerifyOTPAsync(user, secret);
        }
        else if (isSettingMFA)
        {
            // this is temporary to allow users to view their MFA settings without invalidating email TOTP
            // Will be removed with PM-9925
            isVerified = true;
        }
        else
        {
            // If they don't have a password at all they can only do OTP
            isVerified = await VerifyOTPAsync(user, secret);
        }

        return isVerified;
    }

    public async Task ResendNewDeviceVerificationEmail(string email, string secret)
    {
        var user = await _userRepository.GetByEmailAsync(email);
        if (user == null)
        {
            return;
        }

        if (await VerifySecretAsync(user, secret))
        {
            await SendOTPAsync(user);
        }
    }

    public async Task<bool> ActiveNewDeviceVerificationException(Guid userId)
    {
        var cacheKey = string.Format(AuthConstants.NewDeviceVerificationExceptionCacheKeyFormat, userId.ToString());
        var cacheValue = await _distributedCache.GetAsync(cacheKey);
        return cacheValue != null;
    }

    public async Task ToggleNewDeviceVerificationException(Guid userId)
    {
        var cacheKey = string.Format(AuthConstants.NewDeviceVerificationExceptionCacheKeyFormat, userId.ToString());
        var cacheValue = await _distributedCache.GetAsync(cacheKey);
        if (cacheValue != null)
        {
            await _distributedCache.RemoveAsync(cacheKey);
        }
        else
        {
            await _distributedCache.SetAsync(cacheKey, new byte[1], new DistributedCacheEntryOptions
            {
                AbsoluteExpirationRelativeToNow = TimeSpan.FromHours(24)
            });
        }
    }

    private async Task SendAppropriateWelcomeEmailAsync(User user, string initiationPath)
    {
        var isFromMarketingWebsite = initiationPath.Contains("Secrets Manager trial");

        if (isFromMarketingWebsite)
        {
            await _mailService.SendTrialInitiationEmailAsync(user.Email);
        }
        else
        {
            await _mailService.SendWelcomeEmailAsync(user);
        }
    }
}
-												Turn On `ImplicitUsings` (#2079)

* Turn on ImplicitUsings

* Fix formatting

* Run linter
											
										
										
											2022-06-29 19:46:41 -04:00
+								using System.Security.Claims;
-												[PM-11334] Add managed status to sync data (#4791)

* Refactor UserService to add GetOrganizationManagingUserAsync method to retrive the organization that manages a user

* Refactor SyncController and AccountsController to include ManagedByOrganizationId in profile response
											
										
										
											2024-09-26 11:21:51 +01:00
+								using Bit.Core.AdminConsole.Entities;
-												[AC-1287] AC Team code ownership moves: Policies (1/2) (#3383)

* note: IPolicyData and EntityFramework Policy.cs are moved without any
  changes to namespace or content in order to preserve git history.
											
										
										
											2023-11-23 07:07:37 +10:00
+								using Bit.Core.AdminConsole.Enums;
-												[PM-15547] Revoke managed user on 2FA removal if enforced by organization policy (#5124)

* Revoke managed user on 2FA removal if enforced by organization policy

* Rename TwoFactorDisabling to TwoFactorDisabled in EventSystemUser enum
											
										
										
											2024-12-13 11:32:29 +00:00
+								using Bit.Core.AdminConsole.Models.Data;
-												[AC-607] Extract IOrganizationService.DeleteUserAsync into IRemoveOrganizationUserCommand (#4803)

* Add HasConfirmedOwnersExceptQuery class, interface and unit tests

* Register IHasConfirmedOwnersExceptQuery for dependency injection

* Replace OrganizationService.HasConfirmedOwnersExceptAsync with HasConfirmedOwnersExceptQuery

* Refactor DeleteManagedOrganizationUserAccountCommand to use IHasConfirmedOwnersExceptQuery

* Fix unit tests

* Extract IOrganizationService.RemoveUserAsync into IRemoveOrganizationUserCommand; Update unit tests

* Extract IOrganizationService.RemoveUsersAsync into IRemoveOrganizationUserCommand; Update unit tests

* Refactor RemoveUserAsync(Guid organizationId, Guid userId) to use ValidateDeleteUser

* Refactor RemoveOrganizationUserCommandTests to use more descriptive method names

* Refactor controller actions to accept Guid directly instead of parsing strings

* Add unit tests for removing OrganizationUser by UserId

* Refactor remove OrganizationUser by UserId method

* Add summary to IHasConfirmedOwnersExceptQuery
											
										
										
											2024-10-16 10:33:00 +01:00
+								using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
-												[PM-15547] Revoke managed user on 2FA removal if enforced by organization policy (#5124)

* Revoke managed user on 2FA removal if enforced by organization policy

* Rename TwoFactorDisabling to TwoFactorDisabled in EventSystemUser enum
											
										
										
											2024-12-13 11:32:29 +00:00
+								using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Requests;
-												[AC-1284] AC Team code ownership moves - Provider (#3359)


											
										
										
											2023-10-27 03:38:29 +10:00
+								using Bit.Core.AdminConsole.Repositories;
-												[AC-1287] AC Team code ownership moves: Policies (1/2) (#3383)

* note: IPolicyData and EntityFramework Policy.cs are moved without any
  changes to namespace or content in order to preserve git history.
											
										
										
											2023-11-23 07:07:37 +10:00
+								using Bit.Core.AdminConsole.Services;
-												[PM-1188] Server owner auth migration (#2825)

* [PM-1188] add sso project to auth

* [PM-1188] move sso api models to auth

* [PM-1188] fix sso api model namespace & imports

* [PM-1188] move core files to auth

* [PM-1188] fix core sso namespace & models

* [PM-1188] move sso repository files to auth

* [PM-1188] fix sso repo files namespace & imports

* [PM-1188] move sso sql files to auth folder

* [PM-1188] move sso test files to auth folders

* [PM-1188] fix sso tests namespace & imports

* [PM-1188] move auth api files to auth folder

* [PM-1188] fix auth api files namespace & imports

* [PM-1188] move auth core files to auth folder

* [PM-1188] fix auth core files namespace & imports

* [PM-1188] move auth email templates to auth folder

* [PM-1188] move auth email folder back into shared directory

* [PM-1188] fix auth email names

* [PM-1188] move auth core models to auth folder

* [PM-1188] fix auth model namespace & imports

* [PM-1188] add entire Identity project to auth codeowners

* [PM-1188] fix auth orm files namespace & imports

* [PM-1188] move auth orm files to auth folder

* [PM-1188] move auth sql files to auth folder

* [PM-1188] move auth tests to auth folder

* [PM-1188] fix auth test files namespace & imports

* [PM-1188] move emergency access api files to auth folder

* [PM-1188] fix emergencyaccess api files namespace & imports

* [PM-1188] move emergency access core files to auth folder

* [PM-1188] fix emergency access core files namespace & imports

* [PM-1188] move emergency access orm files to auth folder

* [PM-1188] fix emergency access orm files namespace & imports

* [PM-1188] move emergency access sql files to auth folder

* [PM-1188] move emergencyaccess test files to auth folder

* [PM-1188] fix emergency access test files namespace & imports

* [PM-1188] move captcha files to auth folder

* [PM-1188] fix captcha files namespace & imports

* [PM-1188] move auth admin files into auth folder

* [PM-1188] fix admin auth files namespace & imports
- configure mvc to look in auth folders for views

* [PM-1188] remove extra imports and formatting

* [PM-1188] fix ef auth model imports

* [PM-1188] fix DatabaseContextModelSnapshot paths

* [PM-1188] fix grant import in ef

* [PM-1188] update sqlproj

* [PM-1188] move missed sqlproj files

* [PM-1188] move auth ef models out of auth folder

* [PM-1188] fix auth ef models namespace

* [PM-1188] remove auth ef models unused imports

* [PM-1188] fix imports for auth ef models

* [PM-1188] fix more ef model imports

* [PM-1188] fix file encodings
											
										
										
											2023-04-14 13:25:56 -04:00
+								using Bit.Core.Auth.Enums;
 								using Bit.Core.Auth.Models;
-												Support for passkey registration (#2885)

* support for fido2 auth

* stub out registration implementations

* stub out assertion steps and token issuance

* verify token

* webauthn tokenable

* remove duplicate expiration set

* revert sqlproj changes

* update sqlproj target framework

* update new validator signature

* [PM-2014] Passkey registration (#2915)

* [PM-2014] chore: rename `IWebAuthnRespository` to `IWebAuthnCredentialRepository`

* [PM-2014] fix: add missing service registration

* [PM-2014] feat: add user verification when fetching options

* [PM-2014] feat: create migration script for mssql

* [PM-2014] chore: append to todo comment

* [PM-2014] feat: add support for creation token

* [PM-2014] feat: implement credential saving

* [PM-2014] chore: add resident key TODO comment

* [PM-2014] feat: implement passkey listing

* [PM-2014] feat: implement deletion without user verification

* [PM-2014] feat: add user verification to delete

* [PM-2014] feat: implement passkey limit

* [PM-2014] chore: clean up todo comments

* [PM-2014] fix: add missing sql scripts

Missed staging them when commiting

* [PM-2014] feat: include options response model in swagger docs

* [PM-2014] chore: move properties after ctor

* [PM-2014] feat: use `Guid` directly as input paramter

* [PM-2014] feat: use nullable guid in token

* [PM-2014] chore: add new-line

* [PM-2014] feat: add support for feature flag

* [PM-2014] feat: start adding controller tests

* [PM-2014] feat: add user verification test

* [PM-2014] feat: add controller tests for token interaction

* [PM-2014] feat: add tokenable tests

* [PM-2014] chore: clean up commented premium check

* [PM-2014] feat: add user service test for credential limit

* [PM-2014] fix: run `dotnet format`

* [PM-2014] chore: remove trailing comma

* [PM-2014] chore: add `Async` suffix

* [PM-2014] chore: move delay to constant

* [PM-2014] chore: change `default` to `null`

* [PM-2014] chore: remove autogenerated weirdness

* [PM-2014] fix: lint

* Added check for PasswordlessLogin feature flag on new controller and methods. (#3284)

* Added check for PasswordlessLogin feature flag on new controller and methods.

* fix: build error from missing constructor argument

---------

Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>

* [PM-4171] Update DB to support PRF (#3321)

* [PM-4171] feat: update database to support PRF

* [PM-4171] feat: rename `DescriptorId` to `CredentialId`

* [PM-4171] feat: add PRF felds to domain object

* [PM-4171] feat: add `SupportsPrf` column

* [PM-4171] fix: add missing comma

* [PM-4171] fix: add comma

* [PM-3263] fix identity server tests for passkey registration (#3331)

* Added WebAuthnRepo to EF DI

* updated config to match current grant types

* Remove ExtensionGrantValidator (#3363)

* Linting

---------

Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>
Co-authored-by: Todd Martin <106564991+trmartin4@users.noreply.github.com>
Co-authored-by: Ike <137194738+ike-kottlowski@users.noreply.github.com>
Co-authored-by: Todd Martin <tmartin@bitwarden.com>
											
										
										
											2023-10-30 08:40:06 -05:00
+								using Bit.Core.Auth.Models.Business.Tokenables;
-												[PM-7452] Handle PayPal for premium users (#4835)

* Add PremiumUserSale

* Add PremiumUserBillingService

* Integrate into UserService behind FF

* Update invoice.created handler to bill newly created PayPal customers

* Run dotnet format
											
										
										
											2024-10-01 09:12:08 -04:00
+								using Bit.Core.Billing.Models.Sales;
 								using Bit.Core.Billing.Services;
-												Add disable send policy (#1130)

* Add Disable Send policy

* Test DisableSend policy

* PR Review

* Update tests for using CurrentContext

This required making an interface for CurrentContext and mocking out
the members used. The interface can be expanded as needed for tests.

I moved CurrentContext to a folder, which changes the namespace
and causes a lot of file touches, but most are just adding a reference

* Fix failing test

* Update exemption to include all exempt users

* Move all CurrentContext usages to ICurrentContext

* PR review. Match messaging with Web
											
										
										
											2021-02-04 12:54:21 -06:00
+								using Bit.Core.Context;
-												Split out repositories to Infrastructure.Dapper / EntityFramework (#1759)


											
										
										
											2022-01-11 10:40:51 +01:00
+								using Bit.Core.Entities;
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								using Bit.Core.Enums;
-												verify email apis and emails

											
										
										
											2017-07-01 23:20:19 -04:00
+								using Bit.Core.Exceptions;
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								using Bit.Core.Models.Business;
-												[PM-15547] Revoke managed user on 2FA removal if enforced by organization policy (#5124)

* Revoke managed user on 2FA removal if enforced by organization policy

* Rename TwoFactorDisabling to TwoFactorDisabled in EventSystemUser enum
											
										
										
											2024-12-13 11:32:29 +00:00
+								using Bit.Core.Models.Data.Organizations.OrganizationUsers;
-												Auth/PM-3275 - Changes to support TDE User without MP being able to Set a Password + misc refactoring (#3242)

* PM-3275 - Add new GetMasterPasswordPolicy endpoint which will allow authenticated clients to get an enabled MP org policy if it exists for the purposes of enforcing those policy requirements when setting a password.

* PM-3275 - AccountsController.cs - PostSetPasswordAsync - (1) Convert UserService.setPasswordAsync into new SetInitialMasterPasswordCommand (2) Refactor SetInitialMasterPasswordCommand to only accept post SSO users who are in the invited state
(3) Add TODOs for more cleanup work and more commands

* PM-3275 - Update AccountsControllerTests.cs to add new SetInitialMasterPasswordCommand

* PM-3275 - UserService.cs - Remove non implemented ChangePasswordAsync method

* PM-3275 - The new SetInitialMasterPasswordCommand leveraged the OrganizationService.cs AcceptUserAsync method so while I was in here I converted the AcceptUserAsync methods into a new AcceptOrgUserCommand.cs and turned the private method which accepted an existing org user public for use in the SetInitialMasterPasswordCommand

* PM-3275 - Dotnet format

* PM-3275 - Test SetInitialMasterPasswordCommand

* Dotnet format

* PM-3275 - In process AcceptOrgUserCommandTests.cs

* PM-3275 - Migrate changes from AC-244 / #3199 over into new AcceptOrgUserCommand

* PM-3275 - AcceptOrgUserCommand.cs - create data protector specifically for this command

* PM-3275 - Add TODO for renaming / removing overloading of methods to improve readability / clarity

* PM-3275 - AcceptOrgUserCommand.cs - refactor AcceptOrgUserAsync by OrgId to retrieve orgUser with _organizationUserRepository.GetByOrganizationAsync which gets a single user instead of a collection

* PM-3275 - AcceptOrgUserCommand.cs - update name in TODO for evaluation later

* PM-3275 / PM-1196 - (1) Slightly refactor SsoEmail2faSessionTokenable to provide public static GetTokenLifeTime() method for testing (2) Add missed tests to SsoEmail2faSessionTokenable in preparation for building tests for new OrgUserInviteTokenable.cs

* PM-3275 / PM-1196 - Removing SsoEmail2faSessionTokenable.cs changes + tests as I've handled that separately in a new PR (#3270) for newly created task PM-3925

* PM-3275 - ExpiringTokenable.cs - add clarifying comments to help distinguish between the Valid property and the TokenIsValid method.

* PM-3275 - Create OrgUserInviteTokenable.cs and add tests in OrgUserInviteTokenableTests.cs

* PM-3275 - OrganizationService.cs - Refactor Org User Invite methods to use new OrgUserInviteTokenable instead of manual creation of a token

* PM-3275 - OrgUserInviteTokenable.cs - clarify backwards compat note

* PM-3275 - AcceptOrgUserCommand.cs - Add TODOs + minor name refactor

* PM-3275 - AcceptOrgUserCommand.cs - replace method overloading with more easily readable names.

* PM-3275 - AcceptOrgUserCommand.cs - Update ValidateOrgUserInviteToken to add new token validation while maintaining backwards compatibility for 1 release.

* dotnet format

* PM-3275 - AcceptOrgUserCommand.cs - Move private method below where it is used

* PM-3275 - ServiceCollectionExtensions.cs - Must register IDataProtectorTokenFactory<OrgUserInviteTokenable> for new tokenable

* PM-3275 - OrgUserInviteTokenable needed access to global settings to set its token lifetime to the _globalSettings.OrganizationInviteExpirationHours value.  Creating a factory seemed the most straightforward way to encapsulate the desired creation logic. Unsure if in the correct location in ServiceCollectionExtensions.cs but will figure that out later.

* PM-3275 - In process work of creating AcceptOrgUserCommandTests.cs

* PM-3275 - Remove no longer relevant AcceptOrgUser tests from OrganizationServiceTests.cs

* PM-3275 - Register OrgUserInviteTokenableFactory alongside tokenizer

* PM-3275 - AcceptOrgUserCommandTests.cs - AcceptOrgUserAsync basic test suite completed.

* PM-3275 - AcceptOrgUserCommandTests.cs - tweak test names

* PM-3275 - AcceptOrgUserCommandTests.cs - (1) Remove old tests from OrganizationServiceTests as no longer needed to reference (2) Add summary for SetupCommonAcceptOrgUserMocks (3) Get AcceptOrgUserByToken_OldToken_AcceptsUserAndVerifiesEmail passing

* PM-3275 - Create interface for OrgUserInviteTokenableFactory b/c that's the right thing to do + enables test substitution

* PM-3275 - AcceptOrgUserCommandTests.cs - (1) Start work on AcceptOrgUserByToken_NewToken_AcceptsUserAndVerifiesEmail (2) Create and use SetupCommonAcceptOrgUserByTokenMocks() (3) Create generic FakeDataProtectorTokenFactory for tokenable testing

* PM-3275 - (1) Get AcceptOrgUserByToken_NewToken_AcceptsUserAndVerifiesEmail test passing (2) Move FakeDataProtectorTokenFactory to own file

* PM-3275 - AcceptOrgUserCommandTests.cs - Finish up tests for AcceptOrgUserByTokenAsync

* PM-3275 - Add pseudo section comments

* PM-3275 - Clean up unused params on AcceptOrgUserByToken_EmailMismatch_ThrowsBadRequest test

* PM-3275 - (1) Tests written for AcceptOrgUserByOrgSsoIdAsync (2) Refactor happy path assertions into helper function AssertValidAcceptedOrgUser to reduce code duplication

* PM-3275 - Finish up testing AcceptOrgUserCommandTests.cs by adding tests for AcceptOrgUserByOrgIdAsync

* PM-3275 - Tweaking test naming to ensure consistency.

* PM-3275 - Bugfix - OrgUserInviteTokenableFactory implementation required when declaring singleton service in ServiceCollectionExtensions.cs

* PM-3275 - Resolve failing OrganizationServiceTests.cs

* dotnet format

* PM-3275 - PoliciesController.cs - GetMasterPasswordPolicy bugfix - for orgs without a MP policy, policy comes back as null and we should return notFound in that case.

* PM-3275 - Add PoliciesControllerTests.cs specifically for new GetMasterPasswordPolicy(...) endpoint.

* PM-3275 - dotnet format PoliciesControllerTests.cs

* PM-3275 - PoliciesController.cs - (1) Add tech debt task number (2) Properly flag endpoint as deprecated

* PM-3275 - Add new hasManageResetPasswordPermission property to ProfileResponseModel.cs primarily for sync so that we can condition client side if TDE user obtains elevated permissions

* PM-3275 - Fix AccountsControllerTests.cs

* PM-3275 - OrgUserInviteTokenable.cs - clarify TODO

* PM-3275 - AcceptOrgUserCommand.cs - Refactor token validation to use short circuiting to only run old token validation if new token validation fails.

* PM-3275 - OrgUserInviteTokenable.cs - (1) Add new static methods to centralize validation logic to avoid repetition (2) Add new token validation method so we can avoid having to pass in a full org user (and hitting the db to do so)

* PM-3275 - Realized that the old token validation was used in the PoliciesController.cs (existing user clicks invite link in email and goes to log in) and UserService.cs (user clicks invite link in email and registers for a new acct). Added tech debt item for cleaning up backwards compatibility in future.

* dotnet format

* PM-3275 - (1) AccountsController.cs - Update PostSetPasswordAsync SetPasswordRequestModel to allow null keys for the case where we have a TDE user who obtains elevated permissions - they already have a user public and user encrypted private key saved in the db. (2) AccountsControllerTests.cs - test PostSetPasswordAsync scenarios to ensure changes will work as expected.

* PM-3275 - PR review feedback - (1) set CurrentContext to private (2) Refactor GetProfile to use variables to improve clarity and simplify debugging.

* PM-3275 - SyncController.cs - PR Review Feedback - Set current context as private instead of protected.

* PM-3275 - CurrentContextExtensions.cs - PR Feedback - move parenthesis up from own line.

* PM-3275 - SetInitialMasterPasswordCommandTests.cs - Replace unnecessary variable

* PM-3275 - SetInitialMasterPasswordCommandTests.cs - PR Feedback - Add expected outcome statement to test name

* PM-3275 - Set Initial Password command and tests - PR Feedback changes - (1) Rename orgIdentifier --> OrgSsoIdentifier for clarity (2) Update SetInitialMasterPasswordAsync to not allow null orgSsoId with explicit message saying this vs letting null org trigger invalid organization (3) Add test to cover this new scenario.

* PM-3275 - SetInitialMasterPasswordCommand.cs - Move summary from implementation to interface to better respect standards and the fact that the interface is the more seen piece of code.

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, rename AcceptOrgUserByTokenAsync -> AcceptOrgUserByEmailTokenAsync + replace generic name token with emailToken

* PM-3275 - OrganizationService.cs - Per PR feedback, remove dupe line

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, remove new lines in error messages for consistency.

* PM-3275 - SetInitialMasterPasswordCommand.cs - Per PR feedback, adjust formatting of constructor for improved readability.

* PM-3275 - CurrentContextExtensions.cs - Refactor AnyOrgUserHasManageResetPasswordPermission per PR feedback to remove unnecessary var.

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, remove completed TODO

* PM-3275 - PoliciesController.cs - Per PR feedback, update GetByInvitedUser param to be guid instead of string.

* PM-3275 - OrgUserInviteTokenable.cs - per PR feedback, add tech debt item info.

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, use const purpose from tokenable instead of magic string.

* PM-3275 - Restore non duplicate line to fix tests

* PM-3275 - Per PR feedback, revert all sync controller changes as the ProfileResponseModel.organizations array has org objects which have permissions which have the ManageResetPassword permission.  So, I have the information that I need clientside already to determine if the user has the ManageResetPassword in any org.

* PM-3275 - PoliciesControllerTests.cs - Update imports as the PoliciesController was moved under the admin console team's domain.

* PM-3275 - Resolve issues from merge conflict resolutions to get solution building.

* PM-3275 / PM-4633 - PoliciesController.cs - use orgUserId to look up user instead of orgId. Oops.

* Fix user service tests

* Resolve merge conflict
											
										
										
											2023-11-02 11:02:25 -04:00
+								using Bit.Core.OrganizationFeatures.OrganizationUsers.Interfaces;
-												chore: move `Installation` and `Push` to platform's domain folders (#5085)

* chore: set up a `CODEOWNERS` space for platform

* chore: move sql objects for `Installation` to platform's domain

* chore: move `Installation` and `PushRelay` code to platform's domain
											
										
										
											2025-01-06 12:10:53 -05:00
+								using Bit.Core.Platform.Push;
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								using Bit.Core.Repositories;
-												Use sas token for attachment downloads (#1153)

* Get limited life attachment download URL

This change limits url download to a 1min lifetime.
This requires moving to a new container to allow for non-public blob
access.

Clients will have to call GetAttachmentData api function to receive the download
URL. For backwards compatibility, attachment URLs are still present, but will not
work for attachments stored in non-public access blobs.

* Make GlobalSettings interface for testing

* Test LocalAttachmentStorageService equivalence

* Remove comment

* Add missing globalSettings using

* Simplify default attachment container

* Default to attachments containe for existing methods

A new upload method will be made for uploading to attachments-v2.
For compatibility for clients which don't use these new methods, we need
to still use the old container. The new container will be used only for
new uploads

* Remove Default MetaData fixture.

* Keep attachments container blob-level security for all instances

* Close unclosed FileStream

* Favor default value for noop services
											
										
										
											2021-02-22 15:35:16 -06:00
+								using Bit.Core.Settings;
-												Support for passkey registration (#2885)

* support for fido2 auth

* stub out registration implementations

* stub out assertion steps and token issuance

* verify token

* webauthn tokenable

* remove duplicate expiration set

* revert sqlproj changes

* update sqlproj target framework

* update new validator signature

* [PM-2014] Passkey registration (#2915)

* [PM-2014] chore: rename `IWebAuthnRespository` to `IWebAuthnCredentialRepository`

* [PM-2014] fix: add missing service registration

* [PM-2014] feat: add user verification when fetching options

* [PM-2014] feat: create migration script for mssql

* [PM-2014] chore: append to todo comment

* [PM-2014] feat: add support for creation token

* [PM-2014] feat: implement credential saving

* [PM-2014] chore: add resident key TODO comment

* [PM-2014] feat: implement passkey listing

* [PM-2014] feat: implement deletion without user verification

* [PM-2014] feat: add user verification to delete

* [PM-2014] feat: implement passkey limit

* [PM-2014] chore: clean up todo comments

* [PM-2014] fix: add missing sql scripts

Missed staging them when commiting

* [PM-2014] feat: include options response model in swagger docs

* [PM-2014] chore: move properties after ctor

* [PM-2014] feat: use `Guid` directly as input paramter

* [PM-2014] feat: use nullable guid in token

* [PM-2014] chore: add new-line

* [PM-2014] feat: add support for feature flag

* [PM-2014] feat: start adding controller tests

* [PM-2014] feat: add user verification test

* [PM-2014] feat: add controller tests for token interaction

* [PM-2014] feat: add tokenable tests

* [PM-2014] chore: clean up commented premium check

* [PM-2014] feat: add user service test for credential limit

* [PM-2014] fix: run `dotnet format`

* [PM-2014] chore: remove trailing comma

* [PM-2014] chore: add `Async` suffix

* [PM-2014] chore: move delay to constant

* [PM-2014] chore: change `default` to `null`

* [PM-2014] chore: remove autogenerated weirdness

* [PM-2014] fix: lint

* Added check for PasswordlessLogin feature flag on new controller and methods. (#3284)

* Added check for PasswordlessLogin feature flag on new controller and methods.

* fix: build error from missing constructor argument

---------

Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>

* [PM-4171] Update DB to support PRF (#3321)

* [PM-4171] feat: update database to support PRF

* [PM-4171] feat: rename `DescriptorId` to `CredentialId`

* [PM-4171] feat: add PRF felds to domain object

* [PM-4171] feat: add `SupportsPrf` column

* [PM-4171] fix: add missing comma

* [PM-4171] fix: add comma

* [PM-3263] fix identity server tests for passkey registration (#3331)

* Added WebAuthnRepo to EF DI

* updated config to match current grant types

* Remove ExtensionGrantValidator (#3363)

* Linting

---------

Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>
Co-authored-by: Todd Martin <106564991+trmartin4@users.noreply.github.com>
Co-authored-by: Ike <137194738+ike-kottlowski@users.noreply.github.com>
Co-authored-by: Todd Martin <tmartin@bitwarden.com>
											
										
										
											2023-10-30 08:40:06 -05:00
+								using Bit.Core.Tokens;
-												[PM-328] Move files for team-tools (#2857)

* Extract Import-Api endpoints into separate controller

Moved ciphers/import and ciphers/import-organization into new ImportController
Paths have been kept intact for now (no changes on clients needed)
Moved request-models used for import into tools-subfolder

* Update CODEOWNERS for team-tools-dev

* Move HibpController (reports) to tools

* Moving files related to Send

* Moving files related to ReferenceEvent

* Removed unneeded newline
											
										
										
											2023-04-18 14:05:17 +02:00
+								using Bit.Core.Tools.Enums;
 								using Bit.Core.Tools.Models.Business;
 								using Bit.Core.Tools.Services;
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								using Bit.Core.Utilities;
-												[SG-998] Move files to Vault folders (#2724)

* Move Api files

* Move Core files

* Move Infrastructure files

* Move Sql Files

* Move Api Sync files to Vault

* Move test vault files

* Update Sql.sqlproj paths

* Update Codeowners

* Fix vault file paths in sqlproj

* Update CipherDetails.sql path in sqlproj

* Update Core models and entities namespaces

* Update namespaces Core Services and Repositories

* Missed service namespaces

* Update Api namespaces

* Update Infrastructure namespaces

* Move infrastructure queries that were missed

* Tests namespace updates

* Admin and Events namespace updates

* Remove unused usings

* Remove extra CiphersController usings

* Rename folder

* Fix CipherDetails namespace

* Sqlproj fixes

* Move stored procs into folders by table

* using order fix
											
										
										
											2023-03-02 13:23:38 -05:00
+								using Bit.Core.Vault.Repositories;
-												WebAuthn (#903)


											
										
										
											2021-03-22 23:21:43 +01:00
+								using Fido2NetLib;
 								using Fido2NetLib.Objects;
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								using Microsoft.AspNetCore.DataProtection;
 								using Microsoft.AspNetCore.Identity;
-												[PM-12995] Create UI elements for New Device Verification in Admin Portal (#5165)

* feat(NewDeviceVerification) :
- Added constant to constants in Bit.Core because the cache key format needs to be shared between the Identity Server and the MVC project Admin.
- Updated DeviceValidator class to handle checking cache for user information to allow pass through.
- Updated and Added tests to handle new flow.
- Adding exception flow to admin project. Added tests for new methods in UserService.
											
										
										
											2025-01-09 18:10:54 -08:00
+								using Microsoft.Extensions.Caching.Distributed;
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								using Microsoft.Extensions.Logging;
 								using Microsoft.Extensions.Options;
 								using File = System.IO.File;
-												Sent initiation path for organization and user signups (#3723)


											
										
										
											2024-02-26 11:50:24 -05:00
+								using JsonSerializer = System.Text.Json.JsonSerializer;
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
-												CanAccessPremium checks instead of User.Premium

											
										
										
											2018-08-28 16:23:58 -04:00
+								namespace Bit.Core.Services;
-												Added API for getting the current user's account revision date

											
										
										
											2017-01-14 10:02:37 -05:00
-												re-working claims for aspnet core identity integration and backwards compat

											
										
										
											2017-01-11 21:46:36 -05:00
+								public class UserService : UserManager<User>, IUserService, IDisposable
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								{
-												APIs for premium. Billing helpers.

											
										
										
											2017-07-06 14:55:58 -04:00
+								    private const string PremiumPlanId = "premium-annually";
 								    private const string StoragePlanId = "storage-gb-annually";
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								    private readonly IUserRepository _userRepository;
 								    private readonly ICipherRepository _cipherRepository;
-												handle user delete scenarios when part of org

											
										
										
											2017-04-27 17:28:39 -04:00
+								    private readonly IOrganizationUserRepository _organizationUserRepository;
-												sometimes delete org on user delete

											
										
										
											2018-12-03 10:56:55 -05:00
+								    private readonly IOrganizationRepository _organizationRepository;
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								    private readonly IMailService _mailService;
-												rename to push notification service

											
										
										
											2017-05-26 09:44:54 -04:00
+								    private readonly IPushNotificationService _pushService;
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								    private readonly IdentityErrorDescriber _identityErrorDescriber;
 								    private readonly IdentityOptions _identityOptions;
 								    private readonly IPasswordHasher<User> _passwordHasher;
-												re-working claims for aspnet core identity integration and backwards compat

											
										
										
											2017-01-11 21:46:36 -05:00
+								    private readonly IEnumerable<IPasswordValidator<User>> _passwordValidators;
-												more premium licensing

											
										
										
											2017-08-11 22:55:25 -04:00
+								    private readonly ILicensingService _licenseService;
-												log user events

											
										
										
											2017-12-01 10:07:14 -05:00
+								    private readonly IEventService _eventService;
-												CanAccessPremium checks instead of User.Premium

											
										
										
											2018-08-28 16:23:58 -04:00
+								    private readonly IApplicationCacheService _applicationCacheService;
-												inject stripepaymentservice

											
										
										
											2019-02-08 23:53:09 -05:00
+								    private readonly IPaymentService _paymentService;
-												Enforce 2fa policy (#654)


											
										
										
											2020-02-19 14:56:16 -05:00
+								    private readonly IPolicyRepository _policyRepository;
-												[EC-787] Create a method in PolicyService to check if a policy applies to a user (#2537)

* [EC-787] Add new stored procedure OrganizationUser_ReadByUserIdWithPolicyDetails

* [EC-787] Add new method IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync

* [EC-787] Add OrganizationUserPolicyDetails to represent policies applicable to a specific user

* [EC-787] Add method IPolicyService.GetPoliciesApplicableToUser to filter the obtained policy data

* [EC-787] Returning PolicyData on stored procedures

* [EC-787] Changed GetPoliciesApplicableToUserAsync to return ICollection

* [EC-787] Switched all usings of IPolicyRepository.GetManyByTypeApplicableToUserIdAsync to IPolicyService.GetPoliciesApplicableToUserAsync

* [EC-787] Removed policy logic from BaseRequestValidator and added usage of IPolicyService.GetPoliciesApplicableToUserAsync

* [EC-787] Added unit tests for IPolicyService.GetPoliciesApplicableToUserAsync

* [EC-787] Added unit tests for OrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync

* [EC-787] Changed integration test to check for single result

* [EC-787] Marked IPolicyRepository methods GetManyByTypeApplicableToUserIdAsync and GetCountByTypeApplicableToUserIdAsync as obsolete

* [EC-787] Returning OrganizationUserId on OrganizationUser_ReadByUserIdWithPolicyDetails

* [EC-787] Remove deprecated stored procedures Policy_CountByTypeApplicableToUser, Policy_ReadByTypeApplicableToUser and function PolicyApplicableToUser

* [EC-787] Added method IPolicyService.AnyPoliciesApplicableToUserAsync

* [EC-787] Removed 'OrganizationUserType' parameter from queries

* [EC-787] Formatted OrganizationUserPolicyDetailsCompare

* [EC-787] Renamed SQL migration files

* [EC-787] Changed OrganizationUser_ReadByUserIdWithPolicyDetails to return Permissions json

* [EC-787] Refactored excluded user types for each Policy

* [EC-787] Updated dates on dbo_future files

* [EC-787] Remove dbo_future files from sql proj

* [EC-787] Added parameter PolicyType to IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync

* [EC-787] Rewrote OrganizationUser_ReadByUserIdWithPolicyDetails and added parameter for PolicyType

* Update util/Migrator/DbScripts/2023-03-10_00_OrganizationUserReadByUserIdWithPolicyDetails.sql

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

---------

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
											
										
										
											2023-05-12 08:22:19 +01:00
+								    private readonly IPolicyService _policyService;
-												allow org user reg. when reg. is disabled

											
										
										
											2018-05-24 16:53:07 -04:00
+								    private readonly IDataProtector _organizationServiceDataProtector;
-												Reference event service implementation (#811)

* Reference event service implementation

* Fix IReferenceable implementation of Id

* add structure to event body
											
										
										
											2020-07-07 12:01:34 -04:00
+								    private readonly IReferenceEventService _referenceEventService;
-												WebAuthn (#903)


											
										
										
											2021-03-22 23:21:43 +01:00
+								    private readonly IFido2 _fido2;
-												re-working claims for aspnet core identity integration and backwards compat

											
										
										
											2017-01-11 21:46:36 -05:00
+								    private readonly ICurrentContext _currentContext;
 								    private readonly IGlobalSettings _globalSettings;
-												Auth/PM-3275 - Changes to support TDE User without MP being able to Set a Password + misc refactoring (#3242)

* PM-3275 - Add new GetMasterPasswordPolicy endpoint which will allow authenticated clients to get an enabled MP org policy if it exists for the purposes of enforcing those policy requirements when setting a password.

* PM-3275 - AccountsController.cs - PostSetPasswordAsync - (1) Convert UserService.setPasswordAsync into new SetInitialMasterPasswordCommand (2) Refactor SetInitialMasterPasswordCommand to only accept post SSO users who are in the invited state
(3) Add TODOs for more cleanup work and more commands

* PM-3275 - Update AccountsControllerTests.cs to add new SetInitialMasterPasswordCommand

* PM-3275 - UserService.cs - Remove non implemented ChangePasswordAsync method

* PM-3275 - The new SetInitialMasterPasswordCommand leveraged the OrganizationService.cs AcceptUserAsync method so while I was in here I converted the AcceptUserAsync methods into a new AcceptOrgUserCommand.cs and turned the private method which accepted an existing org user public for use in the SetInitialMasterPasswordCommand

* PM-3275 - Dotnet format

* PM-3275 - Test SetInitialMasterPasswordCommand

* Dotnet format

* PM-3275 - In process AcceptOrgUserCommandTests.cs

* PM-3275 - Migrate changes from AC-244 / #3199 over into new AcceptOrgUserCommand

* PM-3275 - AcceptOrgUserCommand.cs - create data protector specifically for this command

* PM-3275 - Add TODO for renaming / removing overloading of methods to improve readability / clarity

* PM-3275 - AcceptOrgUserCommand.cs - refactor AcceptOrgUserAsync by OrgId to retrieve orgUser with _organizationUserRepository.GetByOrganizationAsync which gets a single user instead of a collection

* PM-3275 - AcceptOrgUserCommand.cs - update name in TODO for evaluation later

* PM-3275 / PM-1196 - (1) Slightly refactor SsoEmail2faSessionTokenable to provide public static GetTokenLifeTime() method for testing (2) Add missed tests to SsoEmail2faSessionTokenable in preparation for building tests for new OrgUserInviteTokenable.cs

* PM-3275 / PM-1196 - Removing SsoEmail2faSessionTokenable.cs changes + tests as I've handled that separately in a new PR (#3270) for newly created task PM-3925

* PM-3275 - ExpiringTokenable.cs - add clarifying comments to help distinguish between the Valid property and the TokenIsValid method.

* PM-3275 - Create OrgUserInviteTokenable.cs and add tests in OrgUserInviteTokenableTests.cs

* PM-3275 - OrganizationService.cs - Refactor Org User Invite methods to use new OrgUserInviteTokenable instead of manual creation of a token

* PM-3275 - OrgUserInviteTokenable.cs - clarify backwards compat note

* PM-3275 - AcceptOrgUserCommand.cs - Add TODOs + minor name refactor

* PM-3275 - AcceptOrgUserCommand.cs - replace method overloading with more easily readable names.

* PM-3275 - AcceptOrgUserCommand.cs - Update ValidateOrgUserInviteToken to add new token validation while maintaining backwards compatibility for 1 release.

* dotnet format

* PM-3275 - AcceptOrgUserCommand.cs - Move private method below where it is used

* PM-3275 - ServiceCollectionExtensions.cs - Must register IDataProtectorTokenFactory<OrgUserInviteTokenable> for new tokenable

* PM-3275 - OrgUserInviteTokenable needed access to global settings to set its token lifetime to the _globalSettings.OrganizationInviteExpirationHours value.  Creating a factory seemed the most straightforward way to encapsulate the desired creation logic. Unsure if in the correct location in ServiceCollectionExtensions.cs but will figure that out later.

* PM-3275 - In process work of creating AcceptOrgUserCommandTests.cs

* PM-3275 - Remove no longer relevant AcceptOrgUser tests from OrganizationServiceTests.cs

* PM-3275 - Register OrgUserInviteTokenableFactory alongside tokenizer

* PM-3275 - AcceptOrgUserCommandTests.cs - AcceptOrgUserAsync basic test suite completed.

* PM-3275 - AcceptOrgUserCommandTests.cs - tweak test names

* PM-3275 - AcceptOrgUserCommandTests.cs - (1) Remove old tests from OrganizationServiceTests as no longer needed to reference (2) Add summary for SetupCommonAcceptOrgUserMocks (3) Get AcceptOrgUserByToken_OldToken_AcceptsUserAndVerifiesEmail passing

* PM-3275 - Create interface for OrgUserInviteTokenableFactory b/c that's the right thing to do + enables test substitution

* PM-3275 - AcceptOrgUserCommandTests.cs - (1) Start work on AcceptOrgUserByToken_NewToken_AcceptsUserAndVerifiesEmail (2) Create and use SetupCommonAcceptOrgUserByTokenMocks() (3) Create generic FakeDataProtectorTokenFactory for tokenable testing

* PM-3275 - (1) Get AcceptOrgUserByToken_NewToken_AcceptsUserAndVerifiesEmail test passing (2) Move FakeDataProtectorTokenFactory to own file

* PM-3275 - AcceptOrgUserCommandTests.cs - Finish up tests for AcceptOrgUserByTokenAsync

* PM-3275 - Add pseudo section comments

* PM-3275 - Clean up unused params on AcceptOrgUserByToken_EmailMismatch_ThrowsBadRequest test

* PM-3275 - (1) Tests written for AcceptOrgUserByOrgSsoIdAsync (2) Refactor happy path assertions into helper function AssertValidAcceptedOrgUser to reduce code duplication

* PM-3275 - Finish up testing AcceptOrgUserCommandTests.cs by adding tests for AcceptOrgUserByOrgIdAsync

* PM-3275 - Tweaking test naming to ensure consistency.

* PM-3275 - Bugfix - OrgUserInviteTokenableFactory implementation required when declaring singleton service in ServiceCollectionExtensions.cs

* PM-3275 - Resolve failing OrganizationServiceTests.cs

* dotnet format

* PM-3275 - PoliciesController.cs - GetMasterPasswordPolicy bugfix - for orgs without a MP policy, policy comes back as null and we should return notFound in that case.

* PM-3275 - Add PoliciesControllerTests.cs specifically for new GetMasterPasswordPolicy(...) endpoint.

* PM-3275 - dotnet format PoliciesControllerTests.cs

* PM-3275 - PoliciesController.cs - (1) Add tech debt task number (2) Properly flag endpoint as deprecated

* PM-3275 - Add new hasManageResetPasswordPermission property to ProfileResponseModel.cs primarily for sync so that we can condition client side if TDE user obtains elevated permissions

* PM-3275 - Fix AccountsControllerTests.cs

* PM-3275 - OrgUserInviteTokenable.cs - clarify TODO

* PM-3275 - AcceptOrgUserCommand.cs - Refactor token validation to use short circuiting to only run old token validation if new token validation fails.

* PM-3275 - OrgUserInviteTokenable.cs - (1) Add new static methods to centralize validation logic to avoid repetition (2) Add new token validation method so we can avoid having to pass in a full org user (and hitting the db to do so)

* PM-3275 - Realized that the old token validation was used in the PoliciesController.cs (existing user clicks invite link in email and goes to log in) and UserService.cs (user clicks invite link in email and registers for a new acct). Added tech debt item for cleaning up backwards compatibility in future.

* dotnet format

* PM-3275 - (1) AccountsController.cs - Update PostSetPasswordAsync SetPasswordRequestModel to allow null keys for the case where we have a TDE user who obtains elevated permissions - they already have a user public and user encrypted private key saved in the db. (2) AccountsControllerTests.cs - test PostSetPasswordAsync scenarios to ensure changes will work as expected.

* PM-3275 - PR review feedback - (1) set CurrentContext to private (2) Refactor GetProfile to use variables to improve clarity and simplify debugging.

* PM-3275 - SyncController.cs - PR Review Feedback - Set current context as private instead of protected.

* PM-3275 - CurrentContextExtensions.cs - PR Feedback - move parenthesis up from own line.

* PM-3275 - SetInitialMasterPasswordCommandTests.cs - Replace unnecessary variable

* PM-3275 - SetInitialMasterPasswordCommandTests.cs - PR Feedback - Add expected outcome statement to test name

* PM-3275 - Set Initial Password command and tests - PR Feedback changes - (1) Rename orgIdentifier --> OrgSsoIdentifier for clarity (2) Update SetInitialMasterPasswordAsync to not allow null orgSsoId with explicit message saying this vs letting null org trigger invalid organization (3) Add test to cover this new scenario.

* PM-3275 - SetInitialMasterPasswordCommand.cs - Move summary from implementation to interface to better respect standards and the fact that the interface is the more seen piece of code.

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, rename AcceptOrgUserByTokenAsync -> AcceptOrgUserByEmailTokenAsync + replace generic name token with emailToken

* PM-3275 - OrganizationService.cs - Per PR feedback, remove dupe line

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, remove new lines in error messages for consistency.

* PM-3275 - SetInitialMasterPasswordCommand.cs - Per PR feedback, adjust formatting of constructor for improved readability.

* PM-3275 - CurrentContextExtensions.cs - Refactor AnyOrgUserHasManageResetPasswordPermission per PR feedback to remove unnecessary var.

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, remove completed TODO

* PM-3275 - PoliciesController.cs - Per PR feedback, update GetByInvitedUser param to be guid instead of string.

* PM-3275 - OrgUserInviteTokenable.cs - per PR feedback, add tech debt item info.

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, use const purpose from tokenable instead of magic string.

* PM-3275 - Restore non duplicate line to fix tests

* PM-3275 - Per PR feedback, revert all sync controller changes as the ProfileResponseModel.organizations array has org objects which have permissions which have the ManageResetPassword permission.  So, I have the information that I need clientside already to determine if the user has the ManageResetPassword in any org.

* PM-3275 - PoliciesControllerTests.cs - Update imports as the PoliciesController was moved under the admin console team's domain.

* PM-3275 - Resolve issues from merge conflict resolutions to get solution building.

* PM-3275 / PM-4633 - PoliciesController.cs - use orgUserId to look up user instead of orgId. Oops.

* Fix user service tests

* Resolve merge conflict
											
										
										
											2023-11-02 11:02:25 -04:00
+								    private readonly IAcceptOrgUserCommand _acceptOrgUserCommand;
-												Resolve error when deleting an account connected to a provider (#1580)


											
										
										
											2021-09-15 20:34:06 +02:00
+								    private readonly IProviderUserRepository _providerUserRepository;
-												[SG-72] Sync changed email address with stripe (#2042)

* sync changed email address with strip

* sync changed email address with strip

* fixed formatting

* throw exception if not successful

* Added revert if stripe sync fails

* Added revert if stripe sync fails

* Added revert if stripe sync fails

* created stripe sync service

* fixed lint issue

* reverted to use stripe exception message

* added null checks to customer id and email address

* added braces

* removed empty email
											
										
										
											2022-06-16 17:45:26 +01:00
+								    private readonly IStripeSyncService _stripeSyncService;
-												Auth/PM-3275 - Changes to support TDE User without MP being able to Set a Password + misc refactoring (#3242)

* PM-3275 - Add new GetMasterPasswordPolicy endpoint which will allow authenticated clients to get an enabled MP org policy if it exists for the purposes of enforcing those policy requirements when setting a password.

* PM-3275 - AccountsController.cs - PostSetPasswordAsync - (1) Convert UserService.setPasswordAsync into new SetInitialMasterPasswordCommand (2) Refactor SetInitialMasterPasswordCommand to only accept post SSO users who are in the invited state
(3) Add TODOs for more cleanup work and more commands

* PM-3275 - Update AccountsControllerTests.cs to add new SetInitialMasterPasswordCommand

* PM-3275 - UserService.cs - Remove non implemented ChangePasswordAsync method

* PM-3275 - The new SetInitialMasterPasswordCommand leveraged the OrganizationService.cs AcceptUserAsync method so while I was in here I converted the AcceptUserAsync methods into a new AcceptOrgUserCommand.cs and turned the private method which accepted an existing org user public for use in the SetInitialMasterPasswordCommand

* PM-3275 - Dotnet format

* PM-3275 - Test SetInitialMasterPasswordCommand

* Dotnet format

* PM-3275 - In process AcceptOrgUserCommandTests.cs

* PM-3275 - Migrate changes from AC-244 / #3199 over into new AcceptOrgUserCommand

* PM-3275 - AcceptOrgUserCommand.cs - create data protector specifically for this command

* PM-3275 - Add TODO for renaming / removing overloading of methods to improve readability / clarity

* PM-3275 - AcceptOrgUserCommand.cs - refactor AcceptOrgUserAsync by OrgId to retrieve orgUser with _organizationUserRepository.GetByOrganizationAsync which gets a single user instead of a collection

* PM-3275 - AcceptOrgUserCommand.cs - update name in TODO for evaluation later

* PM-3275 / PM-1196 - (1) Slightly refactor SsoEmail2faSessionTokenable to provide public static GetTokenLifeTime() method for testing (2) Add missed tests to SsoEmail2faSessionTokenable in preparation for building tests for new OrgUserInviteTokenable.cs

* PM-3275 / PM-1196 - Removing SsoEmail2faSessionTokenable.cs changes + tests as I've handled that separately in a new PR (#3270) for newly created task PM-3925

* PM-3275 - ExpiringTokenable.cs - add clarifying comments to help distinguish between the Valid property and the TokenIsValid method.

* PM-3275 - Create OrgUserInviteTokenable.cs and add tests in OrgUserInviteTokenableTests.cs

* PM-3275 - OrganizationService.cs - Refactor Org User Invite methods to use new OrgUserInviteTokenable instead of manual creation of a token

* PM-3275 - OrgUserInviteTokenable.cs - clarify backwards compat note

* PM-3275 - AcceptOrgUserCommand.cs - Add TODOs + minor name refactor

* PM-3275 - AcceptOrgUserCommand.cs - replace method overloading with more easily readable names.

* PM-3275 - AcceptOrgUserCommand.cs - Update ValidateOrgUserInviteToken to add new token validation while maintaining backwards compatibility for 1 release.

* dotnet format

* PM-3275 - AcceptOrgUserCommand.cs - Move private method below where it is used

* PM-3275 - ServiceCollectionExtensions.cs - Must register IDataProtectorTokenFactory<OrgUserInviteTokenable> for new tokenable

* PM-3275 - OrgUserInviteTokenable needed access to global settings to set its token lifetime to the _globalSettings.OrganizationInviteExpirationHours value.  Creating a factory seemed the most straightforward way to encapsulate the desired creation logic. Unsure if in the correct location in ServiceCollectionExtensions.cs but will figure that out later.

* PM-3275 - In process work of creating AcceptOrgUserCommandTests.cs

* PM-3275 - Remove no longer relevant AcceptOrgUser tests from OrganizationServiceTests.cs

* PM-3275 - Register OrgUserInviteTokenableFactory alongside tokenizer

* PM-3275 - AcceptOrgUserCommandTests.cs - AcceptOrgUserAsync basic test suite completed.

* PM-3275 - AcceptOrgUserCommandTests.cs - tweak test names

* PM-3275 - AcceptOrgUserCommandTests.cs - (1) Remove old tests from OrganizationServiceTests as no longer needed to reference (2) Add summary for SetupCommonAcceptOrgUserMocks (3) Get AcceptOrgUserByToken_OldToken_AcceptsUserAndVerifiesEmail passing

* PM-3275 - Create interface for OrgUserInviteTokenableFactory b/c that's the right thing to do + enables test substitution

* PM-3275 - AcceptOrgUserCommandTests.cs - (1) Start work on AcceptOrgUserByToken_NewToken_AcceptsUserAndVerifiesEmail (2) Create and use SetupCommonAcceptOrgUserByTokenMocks() (3) Create generic FakeDataProtectorTokenFactory for tokenable testing

* PM-3275 - (1) Get AcceptOrgUserByToken_NewToken_AcceptsUserAndVerifiesEmail test passing (2) Move FakeDataProtectorTokenFactory to own file

* PM-3275 - AcceptOrgUserCommandTests.cs - Finish up tests for AcceptOrgUserByTokenAsync

* PM-3275 - Add pseudo section comments

* PM-3275 - Clean up unused params on AcceptOrgUserByToken_EmailMismatch_ThrowsBadRequest test

* PM-3275 - (1) Tests written for AcceptOrgUserByOrgSsoIdAsync (2) Refactor happy path assertions into helper function AssertValidAcceptedOrgUser to reduce code duplication

* PM-3275 - Finish up testing AcceptOrgUserCommandTests.cs by adding tests for AcceptOrgUserByOrgIdAsync

* PM-3275 - Tweaking test naming to ensure consistency.

* PM-3275 - Bugfix - OrgUserInviteTokenableFactory implementation required when declaring singleton service in ServiceCollectionExtensions.cs

* PM-3275 - Resolve failing OrganizationServiceTests.cs

* dotnet format

* PM-3275 - PoliciesController.cs - GetMasterPasswordPolicy bugfix - for orgs without a MP policy, policy comes back as null and we should return notFound in that case.

* PM-3275 - Add PoliciesControllerTests.cs specifically for new GetMasterPasswordPolicy(...) endpoint.

* PM-3275 - dotnet format PoliciesControllerTests.cs

* PM-3275 - PoliciesController.cs - (1) Add tech debt task number (2) Properly flag endpoint as deprecated

* PM-3275 - Add new hasManageResetPasswordPermission property to ProfileResponseModel.cs primarily for sync so that we can condition client side if TDE user obtains elevated permissions

* PM-3275 - Fix AccountsControllerTests.cs

* PM-3275 - OrgUserInviteTokenable.cs - clarify TODO

* PM-3275 - AcceptOrgUserCommand.cs - Refactor token validation to use short circuiting to only run old token validation if new token validation fails.

* PM-3275 - OrgUserInviteTokenable.cs - (1) Add new static methods to centralize validation logic to avoid repetition (2) Add new token validation method so we can avoid having to pass in a full org user (and hitting the db to do so)

* PM-3275 - Realized that the old token validation was used in the PoliciesController.cs (existing user clicks invite link in email and goes to log in) and UserService.cs (user clicks invite link in email and registers for a new acct). Added tech debt item for cleaning up backwards compatibility in future.

* dotnet format

* PM-3275 - (1) AccountsController.cs - Update PostSetPasswordAsync SetPasswordRequestModel to allow null keys for the case where we have a TDE user who obtains elevated permissions - they already have a user public and user encrypted private key saved in the db. (2) AccountsControllerTests.cs - test PostSetPasswordAsync scenarios to ensure changes will work as expected.

* PM-3275 - PR review feedback - (1) set CurrentContext to private (2) Refactor GetProfile to use variables to improve clarity and simplify debugging.

* PM-3275 - SyncController.cs - PR Review Feedback - Set current context as private instead of protected.

* PM-3275 - CurrentContextExtensions.cs - PR Feedback - move parenthesis up from own line.

* PM-3275 - SetInitialMasterPasswordCommandTests.cs - Replace unnecessary variable

* PM-3275 - SetInitialMasterPasswordCommandTests.cs - PR Feedback - Add expected outcome statement to test name

* PM-3275 - Set Initial Password command and tests - PR Feedback changes - (1) Rename orgIdentifier --> OrgSsoIdentifier for clarity (2) Update SetInitialMasterPasswordAsync to not allow null orgSsoId with explicit message saying this vs letting null org trigger invalid organization (3) Add test to cover this new scenario.

* PM-3275 - SetInitialMasterPasswordCommand.cs - Move summary from implementation to interface to better respect standards and the fact that the interface is the more seen piece of code.

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, rename AcceptOrgUserByTokenAsync -> AcceptOrgUserByEmailTokenAsync + replace generic name token with emailToken

* PM-3275 - OrganizationService.cs - Per PR feedback, remove dupe line

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, remove new lines in error messages for consistency.

* PM-3275 - SetInitialMasterPasswordCommand.cs - Per PR feedback, adjust formatting of constructor for improved readability.

* PM-3275 - CurrentContextExtensions.cs - Refactor AnyOrgUserHasManageResetPasswordPermission per PR feedback to remove unnecessary var.

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, remove completed TODO

* PM-3275 - PoliciesController.cs - Per PR feedback, update GetByInvitedUser param to be guid instead of string.

* PM-3275 - OrgUserInviteTokenable.cs - per PR feedback, add tech debt item info.

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, use const purpose from tokenable instead of magic string.

* PM-3275 - Restore non duplicate line to fix tests

* PM-3275 - Per PR feedback, revert all sync controller changes as the ProfileResponseModel.organizations array has org objects which have permissions which have the ManageResetPassword permission.  So, I have the information that I need clientside already to determine if the user has the ManageResetPassword in any org.

* PM-3275 - PoliciesControllerTests.cs - Update imports as the PoliciesController was moved under the admin console team's domain.

* PM-3275 - Resolve issues from merge conflict resolutions to get solution building.

* PM-3275 / PM-4633 - PoliciesController.cs - use orgUserId to look up user instead of orgId. Oops.

* Fix user service tests

* Resolve merge conflict
											
										
										
											2023-11-02 11:02:25 -04:00
+								    private readonly IDataProtectorTokenFactory<OrgUserInviteTokenable> _orgUserInviteTokenDataFactory;
-												[PM-7452] Handle PayPal for premium users (#4835)

* Add PremiumUserSale

* Add PremiumUserBillingService

* Integrate into UserService behind FF

* Update invoice.created handler to bill newly created PayPal customers

* Run dotnet format
											
										
										
											2024-10-01 09:12:08 -04:00
+								    private readonly IFeatureService _featureService;
 								    private readonly IPremiumUserBillingService _premiumUserBillingService;
-												[AC-607] Extract IOrganizationService.DeleteUserAsync into IRemoveOrganizationUserCommand (#4803)

* Add HasConfirmedOwnersExceptQuery class, interface and unit tests

* Register IHasConfirmedOwnersExceptQuery for dependency injection

* Replace OrganizationService.HasConfirmedOwnersExceptAsync with HasConfirmedOwnersExceptQuery

* Refactor DeleteManagedOrganizationUserAccountCommand to use IHasConfirmedOwnersExceptQuery

* Fix unit tests

* Extract IOrganizationService.RemoveUserAsync into IRemoveOrganizationUserCommand; Update unit tests

* Extract IOrganizationService.RemoveUsersAsync into IRemoveOrganizationUserCommand; Update unit tests

* Refactor RemoveUserAsync(Guid organizationId, Guid userId) to use ValidateDeleteUser

* Refactor RemoveOrganizationUserCommandTests to use more descriptive method names

* Refactor controller actions to accept Guid directly instead of parsing strings

* Add unit tests for removing OrganizationUser by UserId

* Refactor remove OrganizationUser by UserId method

* Add summary to IHasConfirmedOwnersExceptQuery
											
										
										
											2024-10-16 10:33:00 +01:00
+								    private readonly IRemoveOrganizationUserCommand _removeOrganizationUserCommand;
-												[PM-15547] Revoke managed user on 2FA removal if enforced by organization policy (#5124)

* Revoke managed user on 2FA removal if enforced by organization policy

* Rename TwoFactorDisabling to TwoFactorDisabled in EventSystemUser enum
											
										
										
											2024-12-13 11:32:29 +00:00
+								    private readonly IRevokeNonCompliantOrganizationUserCommand _revokeNonCompliantOrganizationUserCommand;
-												[PM-12995] Create UI elements for New Device Verification in Admin Portal (#5165)

* feat(NewDeviceVerification) :
- Added constant to constants in Bit.Core because the cache key format needs to be shared between the Identity Server and the MVC project Admin.
- Updated DeviceValidator class to handle checking cache for user information to allow pass through.
- Updated and Added tests to handle new flow.
- Adding exception flow to admin project. Added tests for new methods in UserService.
											
										
										
											2025-01-09 18:10:54 -08:00
+								    private readonly IDistributedCache _distributedCache;
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								    public UserService(
 								        IUserRepository userRepository,
 								        ICipherRepository cipherRepository,
-												handle user delete scenarios when part of org

											
										
										
											2017-04-27 17:28:39 -04:00
+								        IOrganizationUserRepository organizationUserRepository,
-												sometimes delete org on user delete

											
										
										
											2018-12-03 10:56:55 -05:00
+								        IOrganizationRepository organizationRepository,
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        IMailService mailService,
-												rename to push notification service

											
										
										
											2017-05-26 09:44:54 -04:00
+								        IPushNotificationService pushService,
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        IUserStore<User> store,
 								        IOptions<IdentityOptions> optionsAccessor,
 								        IPasswordHasher<User> passwordHasher,
 								        IEnumerable<IUserValidator<User>> userValidators,
 								        IEnumerable<IPasswordValidator<User>> passwordValidators,
 								        ILookupNormalizer keyNormalizer,
 								        IdentityErrorDescriber errors,
 								        IServiceProvider services,
-												Move claims issuance and security stamp checks out into profile service. moved context sets out of identity implementations and into get methods.

											
										
										
											2017-01-24 22:15:21 -05:00
+								        ILogger<UserManager<User>> logger,
-												more premium licensing

											
										
										
											2017-08-11 22:55:25 -04:00
+								        ILicensingService licenseService,
-												log user events

											
										
										
											2017-12-01 10:07:14 -05:00
+								        IEventService eventService,
-												CanAccessPremium checks instead of User.Premium

											
										
										
											2018-08-28 16:23:58 -04:00
+								        IApplicationCacheService applicationCacheService,
-												allow org user reg. when reg. is disabled

											
										
										
											2018-05-24 16:53:07 -04:00
+								        IDataProtectionProvider dataProtectionProvider,
-												inject stripepaymentservice

											
										
										
											2019-02-08 23:53:09 -05:00
+								        IPaymentService paymentService,
-												Enforce 2fa policy (#654)


											
										
										
											2020-02-19 14:56:16 -05:00
+								        IPolicyRepository policyRepository,
-												[EC-787] Create a method in PolicyService to check if a policy applies to a user (#2537)

* [EC-787] Add new stored procedure OrganizationUser_ReadByUserIdWithPolicyDetails

* [EC-787] Add new method IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync

* [EC-787] Add OrganizationUserPolicyDetails to represent policies applicable to a specific user

* [EC-787] Add method IPolicyService.GetPoliciesApplicableToUser to filter the obtained policy data

* [EC-787] Returning PolicyData on stored procedures

* [EC-787] Changed GetPoliciesApplicableToUserAsync to return ICollection

* [EC-787] Switched all usings of IPolicyRepository.GetManyByTypeApplicableToUserIdAsync to IPolicyService.GetPoliciesApplicableToUserAsync

* [EC-787] Removed policy logic from BaseRequestValidator and added usage of IPolicyService.GetPoliciesApplicableToUserAsync

* [EC-787] Added unit tests for IPolicyService.GetPoliciesApplicableToUserAsync

* [EC-787] Added unit tests for OrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync

* [EC-787] Changed integration test to check for single result

* [EC-787] Marked IPolicyRepository methods GetManyByTypeApplicableToUserIdAsync and GetCountByTypeApplicableToUserIdAsync as obsolete

* [EC-787] Returning OrganizationUserId on OrganizationUser_ReadByUserIdWithPolicyDetails

* [EC-787] Remove deprecated stored procedures Policy_CountByTypeApplicableToUser, Policy_ReadByTypeApplicableToUser and function PolicyApplicableToUser

* [EC-787] Added method IPolicyService.AnyPoliciesApplicableToUserAsync

* [EC-787] Removed 'OrganizationUserType' parameter from queries

* [EC-787] Formatted OrganizationUserPolicyDetailsCompare

* [EC-787] Renamed SQL migration files

* [EC-787] Changed OrganizationUser_ReadByUserIdWithPolicyDetails to return Permissions json

* [EC-787] Refactored excluded user types for each Policy

* [EC-787] Updated dates on dbo_future files

* [EC-787] Remove dbo_future files from sql proj

* [EC-787] Added parameter PolicyType to IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync

* [EC-787] Rewrote OrganizationUser_ReadByUserIdWithPolicyDetails and added parameter for PolicyType

* Update util/Migrator/DbScripts/2023-03-10_00_OrganizationUserReadByUserIdWithPolicyDetails.sql

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

---------

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
											
										
										
											2023-05-12 08:22:19 +01:00
+								        IPolicyService policyService,
-												Reference event service implementation (#811)

* Reference event service implementation

* Fix IReferenceable implementation of Id

* add structure to event body
											
										
										
											2020-07-07 12:01:34 -04:00
+								        IReferenceEventService referenceEventService,
-												WebAuthn (#903)


											
										
										
											2021-03-22 23:21:43 +01:00
+								        IFido2 fido2,
-												Add disable send policy (#1130)

* Add Disable Send policy

* Test DisableSend policy

* PR Review

* Update tests for using CurrentContext

This required making an interface for CurrentContext and mocking out
the members used. The interface can be expanded as needed for tests.

I moved CurrentContext to a folder, which changes the namespace
and causes a lot of file touches, but most are just adding a reference

* Fix failing test

* Update exemption to include all exempt users

* Move all CurrentContext usages to ICurrentContext

* PR review. Match messaging with Web
											
										
										
											2021-02-04 12:54:21 -06:00
+								        ICurrentContext currentContext,
-												EC-198 Added feature flag for 2FA Email for new device login (#1993)

* EC-198 added global setting flag for 2FA email on new device login feature

* EC-198 Removed is development environment check on 2FA email new device login given that we can now rely on the global settings feature flag

* EC-198 Improved IGlobalSettings and UserService code for testing
											
										
										
											2022-05-13 10:48:48 -03:00
+								        IGlobalSettings globalSettings,
-												Auth/PM-3275 - Changes to support TDE User without MP being able to Set a Password + misc refactoring (#3242)

* PM-3275 - Add new GetMasterPasswordPolicy endpoint which will allow authenticated clients to get an enabled MP org policy if it exists for the purposes of enforcing those policy requirements when setting a password.

* PM-3275 - AccountsController.cs - PostSetPasswordAsync - (1) Convert UserService.setPasswordAsync into new SetInitialMasterPasswordCommand (2) Refactor SetInitialMasterPasswordCommand to only accept post SSO users who are in the invited state
(3) Add TODOs for more cleanup work and more commands

* PM-3275 - Update AccountsControllerTests.cs to add new SetInitialMasterPasswordCommand

* PM-3275 - UserService.cs - Remove non implemented ChangePasswordAsync method

* PM-3275 - The new SetInitialMasterPasswordCommand leveraged the OrganizationService.cs AcceptUserAsync method so while I was in here I converted the AcceptUserAsync methods into a new AcceptOrgUserCommand.cs and turned the private method which accepted an existing org user public for use in the SetInitialMasterPasswordCommand

* PM-3275 - Dotnet format

* PM-3275 - Test SetInitialMasterPasswordCommand

* Dotnet format

* PM-3275 - In process AcceptOrgUserCommandTests.cs

* PM-3275 - Migrate changes from AC-244 / #3199 over into new AcceptOrgUserCommand

* PM-3275 - AcceptOrgUserCommand.cs - create data protector specifically for this command

* PM-3275 - Add TODO for renaming / removing overloading of methods to improve readability / clarity

* PM-3275 - AcceptOrgUserCommand.cs - refactor AcceptOrgUserAsync by OrgId to retrieve orgUser with _organizationUserRepository.GetByOrganizationAsync which gets a single user instead of a collection

* PM-3275 - AcceptOrgUserCommand.cs - update name in TODO for evaluation later

* PM-3275 / PM-1196 - (1) Slightly refactor SsoEmail2faSessionTokenable to provide public static GetTokenLifeTime() method for testing (2) Add missed tests to SsoEmail2faSessionTokenable in preparation for building tests for new OrgUserInviteTokenable.cs

* PM-3275 / PM-1196 - Removing SsoEmail2faSessionTokenable.cs changes + tests as I've handled that separately in a new PR (#3270) for newly created task PM-3925

* PM-3275 - ExpiringTokenable.cs - add clarifying comments to help distinguish between the Valid property and the TokenIsValid method.

* PM-3275 - Create OrgUserInviteTokenable.cs and add tests in OrgUserInviteTokenableTests.cs

* PM-3275 - OrganizationService.cs - Refactor Org User Invite methods to use new OrgUserInviteTokenable instead of manual creation of a token

* PM-3275 - OrgUserInviteTokenable.cs - clarify backwards compat note

* PM-3275 - AcceptOrgUserCommand.cs - Add TODOs + minor name refactor

* PM-3275 - AcceptOrgUserCommand.cs - replace method overloading with more easily readable names.

* PM-3275 - AcceptOrgUserCommand.cs - Update ValidateOrgUserInviteToken to add new token validation while maintaining backwards compatibility for 1 release.

* dotnet format

* PM-3275 - AcceptOrgUserCommand.cs - Move private method below where it is used

* PM-3275 - ServiceCollectionExtensions.cs - Must register IDataProtectorTokenFactory<OrgUserInviteTokenable> for new tokenable

* PM-3275 - OrgUserInviteTokenable needed access to global settings to set its token lifetime to the _globalSettings.OrganizationInviteExpirationHours value.  Creating a factory seemed the most straightforward way to encapsulate the desired creation logic. Unsure if in the correct location in ServiceCollectionExtensions.cs but will figure that out later.

* PM-3275 - In process work of creating AcceptOrgUserCommandTests.cs

* PM-3275 - Remove no longer relevant AcceptOrgUser tests from OrganizationServiceTests.cs

* PM-3275 - Register OrgUserInviteTokenableFactory alongside tokenizer

* PM-3275 - AcceptOrgUserCommandTests.cs - AcceptOrgUserAsync basic test suite completed.

* PM-3275 - AcceptOrgUserCommandTests.cs - tweak test names

* PM-3275 - AcceptOrgUserCommandTests.cs - (1) Remove old tests from OrganizationServiceTests as no longer needed to reference (2) Add summary for SetupCommonAcceptOrgUserMocks (3) Get AcceptOrgUserByToken_OldToken_AcceptsUserAndVerifiesEmail passing

* PM-3275 - Create interface for OrgUserInviteTokenableFactory b/c that's the right thing to do + enables test substitution

* PM-3275 - AcceptOrgUserCommandTests.cs - (1) Start work on AcceptOrgUserByToken_NewToken_AcceptsUserAndVerifiesEmail (2) Create and use SetupCommonAcceptOrgUserByTokenMocks() (3) Create generic FakeDataProtectorTokenFactory for tokenable testing

* PM-3275 - (1) Get AcceptOrgUserByToken_NewToken_AcceptsUserAndVerifiesEmail test passing (2) Move FakeDataProtectorTokenFactory to own file

* PM-3275 - AcceptOrgUserCommandTests.cs - Finish up tests for AcceptOrgUserByTokenAsync

* PM-3275 - Add pseudo section comments

* PM-3275 - Clean up unused params on AcceptOrgUserByToken_EmailMismatch_ThrowsBadRequest test

* PM-3275 - (1) Tests written for AcceptOrgUserByOrgSsoIdAsync (2) Refactor happy path assertions into helper function AssertValidAcceptedOrgUser to reduce code duplication

* PM-3275 - Finish up testing AcceptOrgUserCommandTests.cs by adding tests for AcceptOrgUserByOrgIdAsync

* PM-3275 - Tweaking test naming to ensure consistency.

* PM-3275 - Bugfix - OrgUserInviteTokenableFactory implementation required when declaring singleton service in ServiceCollectionExtensions.cs

* PM-3275 - Resolve failing OrganizationServiceTests.cs

* dotnet format

* PM-3275 - PoliciesController.cs - GetMasterPasswordPolicy bugfix - for orgs without a MP policy, policy comes back as null and we should return notFound in that case.

* PM-3275 - Add PoliciesControllerTests.cs specifically for new GetMasterPasswordPolicy(...) endpoint.

* PM-3275 - dotnet format PoliciesControllerTests.cs

* PM-3275 - PoliciesController.cs - (1) Add tech debt task number (2) Properly flag endpoint as deprecated

* PM-3275 - Add new hasManageResetPasswordPermission property to ProfileResponseModel.cs primarily for sync so that we can condition client side if TDE user obtains elevated permissions

* PM-3275 - Fix AccountsControllerTests.cs

* PM-3275 - OrgUserInviteTokenable.cs - clarify TODO

* PM-3275 - AcceptOrgUserCommand.cs - Refactor token validation to use short circuiting to only run old token validation if new token validation fails.

* PM-3275 - OrgUserInviteTokenable.cs - (1) Add new static methods to centralize validation logic to avoid repetition (2) Add new token validation method so we can avoid having to pass in a full org user (and hitting the db to do so)

* PM-3275 - Realized that the old token validation was used in the PoliciesController.cs (existing user clicks invite link in email and goes to log in) and UserService.cs (user clicks invite link in email and registers for a new acct). Added tech debt item for cleaning up backwards compatibility in future.

* dotnet format

* PM-3275 - (1) AccountsController.cs - Update PostSetPasswordAsync SetPasswordRequestModel to allow null keys for the case where we have a TDE user who obtains elevated permissions - they already have a user public and user encrypted private key saved in the db. (2) AccountsControllerTests.cs - test PostSetPasswordAsync scenarios to ensure changes will work as expected.

* PM-3275 - PR review feedback - (1) set CurrentContext to private (2) Refactor GetProfile to use variables to improve clarity and simplify debugging.

* PM-3275 - SyncController.cs - PR Review Feedback - Set current context as private instead of protected.

* PM-3275 - CurrentContextExtensions.cs - PR Feedback - move parenthesis up from own line.

* PM-3275 - SetInitialMasterPasswordCommandTests.cs - Replace unnecessary variable

* PM-3275 - SetInitialMasterPasswordCommandTests.cs - PR Feedback - Add expected outcome statement to test name

* PM-3275 - Set Initial Password command and tests - PR Feedback changes - (1) Rename orgIdentifier --> OrgSsoIdentifier for clarity (2) Update SetInitialMasterPasswordAsync to not allow null orgSsoId with explicit message saying this vs letting null org trigger invalid organization (3) Add test to cover this new scenario.

* PM-3275 - SetInitialMasterPasswordCommand.cs - Move summary from implementation to interface to better respect standards and the fact that the interface is the more seen piece of code.

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, rename AcceptOrgUserByTokenAsync -> AcceptOrgUserByEmailTokenAsync + replace generic name token with emailToken

* PM-3275 - OrganizationService.cs - Per PR feedback, remove dupe line

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, remove new lines in error messages for consistency.

* PM-3275 - SetInitialMasterPasswordCommand.cs - Per PR feedback, adjust formatting of constructor for improved readability.

* PM-3275 - CurrentContextExtensions.cs - Refactor AnyOrgUserHasManageResetPasswordPermission per PR feedback to remove unnecessary var.

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, remove completed TODO

* PM-3275 - PoliciesController.cs - Per PR feedback, update GetByInvitedUser param to be guid instead of string.

* PM-3275 - OrgUserInviteTokenable.cs - per PR feedback, add tech debt item info.

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, use const purpose from tokenable instead of magic string.

* PM-3275 - Restore non duplicate line to fix tests

* PM-3275 - Per PR feedback, revert all sync controller changes as the ProfileResponseModel.organizations array has org objects which have permissions which have the ManageResetPassword permission.  So, I have the information that I need clientside already to determine if the user has the ManageResetPassword in any org.

* PM-3275 - PoliciesControllerTests.cs - Update imports as the PoliciesController was moved under the admin console team's domain.

* PM-3275 - Resolve issues from merge conflict resolutions to get solution building.

* PM-3275 / PM-4633 - PoliciesController.cs - use orgUserId to look up user instead of orgId. Oops.

* Fix user service tests

* Resolve merge conflict
											
										
										
											2023-11-02 11:02:25 -04:00
+								        IAcceptOrgUserCommand acceptOrgUserCommand,
-												PS-82 check send 2FA email for new devices on TwoFactorController send-email-login (#1977)


											
										
										
											2022-04-28 13:14:09 -03:00
+								        IProviderUserRepository providerUserRepository,
-												Support for passkey registration (#2885)

* support for fido2 auth

* stub out registration implementations

* stub out assertion steps and token issuance

* verify token

* webauthn tokenable

* remove duplicate expiration set

* revert sqlproj changes

* update sqlproj target framework

* update new validator signature

* [PM-2014] Passkey registration (#2915)

* [PM-2014] chore: rename `IWebAuthnRespository` to `IWebAuthnCredentialRepository`

* [PM-2014] fix: add missing service registration

* [PM-2014] feat: add user verification when fetching options

* [PM-2014] feat: create migration script for mssql

* [PM-2014] chore: append to todo comment

* [PM-2014] feat: add support for creation token

* [PM-2014] feat: implement credential saving

* [PM-2014] chore: add resident key TODO comment

* [PM-2014] feat: implement passkey listing

* [PM-2014] feat: implement deletion without user verification

* [PM-2014] feat: add user verification to delete

* [PM-2014] feat: implement passkey limit

* [PM-2014] chore: clean up todo comments

* [PM-2014] fix: add missing sql scripts

Missed staging them when commiting

* [PM-2014] feat: include options response model in swagger docs

* [PM-2014] chore: move properties after ctor

* [PM-2014] feat: use `Guid` directly as input paramter

* [PM-2014] feat: use nullable guid in token

* [PM-2014] chore: add new-line

* [PM-2014] feat: add support for feature flag

* [PM-2014] feat: start adding controller tests

* [PM-2014] feat: add user verification test

* [PM-2014] feat: add controller tests for token interaction

* [PM-2014] feat: add tokenable tests

* [PM-2014] chore: clean up commented premium check

* [PM-2014] feat: add user service test for credential limit

* [PM-2014] fix: run `dotnet format`

* [PM-2014] chore: remove trailing comma

* [PM-2014] chore: add `Async` suffix

* [PM-2014] chore: move delay to constant

* [PM-2014] chore: change `default` to `null`

* [PM-2014] chore: remove autogenerated weirdness

* [PM-2014] fix: lint

* Added check for PasswordlessLogin feature flag on new controller and methods. (#3284)

* Added check for PasswordlessLogin feature flag on new controller and methods.

* fix: build error from missing constructor argument

---------

Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>

* [PM-4171] Update DB to support PRF (#3321)

* [PM-4171] feat: update database to support PRF

* [PM-4171] feat: rename `DescriptorId` to `CredentialId`

* [PM-4171] feat: add PRF felds to domain object

* [PM-4171] feat: add `SupportsPrf` column

* [PM-4171] fix: add missing comma

* [PM-4171] fix: add comma

* [PM-3263] fix identity server tests for passkey registration (#3331)

* Added WebAuthnRepo to EF DI

* updated config to match current grant types

* Remove ExtensionGrantValidator (#3363)

* Linting

---------

Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>
Co-authored-by: Todd Martin <106564991+trmartin4@users.noreply.github.com>
Co-authored-by: Ike <137194738+ike-kottlowski@users.noreply.github.com>
Co-authored-by: Todd Martin <tmartin@bitwarden.com>
											
										
										
											2023-10-30 08:40:06 -05:00
+								        IStripeSyncService stripeSyncService,
-												[PM-7452] Handle PayPal for premium users (#4835)

* Add PremiumUserSale

* Add PremiumUserBillingService

* Integrate into UserService behind FF

* Update invoice.created handler to bill newly created PayPal customers

* Run dotnet format
											
										
										
											2024-10-01 09:12:08 -04:00
+								        IDataProtectorTokenFactory<OrgUserInviteTokenable> orgUserInviteTokenDataFactory,
 								        IFeatureService featureService,
-												[AC-607] Extract IOrganizationService.DeleteUserAsync into IRemoveOrganizationUserCommand (#4803)

* Add HasConfirmedOwnersExceptQuery class, interface and unit tests

* Register IHasConfirmedOwnersExceptQuery for dependency injection

* Replace OrganizationService.HasConfirmedOwnersExceptAsync with HasConfirmedOwnersExceptQuery

* Refactor DeleteManagedOrganizationUserAccountCommand to use IHasConfirmedOwnersExceptQuery

* Fix unit tests

* Extract IOrganizationService.RemoveUserAsync into IRemoveOrganizationUserCommand; Update unit tests

* Extract IOrganizationService.RemoveUsersAsync into IRemoveOrganizationUserCommand; Update unit tests

* Refactor RemoveUserAsync(Guid organizationId, Guid userId) to use ValidateDeleteUser

* Refactor RemoveOrganizationUserCommandTests to use more descriptive method names

* Refactor controller actions to accept Guid directly instead of parsing strings

* Add unit tests for removing OrganizationUser by UserId

* Refactor remove OrganizationUser by UserId method

* Add summary to IHasConfirmedOwnersExceptQuery
											
										
										
											2024-10-16 10:33:00 +01:00
+								        IPremiumUserBillingService premiumUserBillingService,
-												[PM-15547] Revoke managed user on 2FA removal if enforced by organization policy (#5124)

* Revoke managed user on 2FA removal if enforced by organization policy

* Rename TwoFactorDisabling to TwoFactorDisabled in EventSystemUser enum
											
										
										
											2024-12-13 11:32:29 +00:00
+								        IRemoveOrganizationUserCommand removeOrganizationUserCommand,
-												[PM-12995] Create UI elements for New Device Verification in Admin Portal (#5165)

* feat(NewDeviceVerification) :
- Added constant to constants in Bit.Core because the cache key format needs to be shared between the Identity Server and the MVC project Admin.
- Updated DeviceValidator class to handle checking cache for user information to allow pass through.
- Updated and Added tests to handle new flow.
- Adding exception flow to admin project. Added tests for new methods in UserService.
											
										
										
											2025-01-09 18:10:54 -08:00
+								        IRevokeNonCompliantOrganizationUserCommand revokeNonCompliantOrganizationUserCommand,
 								        IDistributedCache distributedCache)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        : base(
 								              store,
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								              optionsAccessor,
 								              passwordHasher,
 								              userValidators,
 								              passwordValidators,
 								              keyNormalizer,
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								              errors,
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								              services,
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								              logger)
 								    {
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        _userRepository = userRepository;
 								        _cipherRepository = cipherRepository;
-												handle user delete scenarios when part of org

											
										
										
											2017-04-27 17:28:39 -04:00
+								        _organizationUserRepository = organizationUserRepository;
-												sometimes delete org on user delete

											
										
										
											2018-12-03 10:56:55 -05:00
+								        _organizationRepository = organizationRepository;
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        _mailService = mailService;
-												push nots. for ciphers, folders, keys, & settings

											
										
										
											2017-04-21 14:22:32 -04:00
+								        _pushService = pushService;
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        _identityOptions = optionsAccessor?.Value ?? new IdentityOptions();
 								        _identityErrorDescriber = errors;
 								        _passwordHasher = passwordHasher;
 								        _passwordValidators = passwordValidators;
-												more premium licensing

											
										
										
											2017-08-11 22:55:25 -04:00
+								        _licenseService = licenseService;
-												log user events

											
										
										
											2017-12-01 10:07:14 -05:00
+								        _eventService = eventService;
-												CanAccessPremium checks instead of User.Premium

											
										
										
											2018-08-28 16:23:58 -04:00
+								        _applicationCacheService = applicationCacheService;
-												inject stripepaymentservice

											
										
										
											2019-02-08 23:53:09 -05:00
+								        _paymentService = paymentService;
-												Enforce 2fa policy (#654)


											
										
										
											2020-02-19 14:56:16 -05:00
+								        _policyRepository = policyRepository;
-												[EC-787] Create a method in PolicyService to check if a policy applies to a user (#2537)

* [EC-787] Add new stored procedure OrganizationUser_ReadByUserIdWithPolicyDetails

* [EC-787] Add new method IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync

* [EC-787] Add OrganizationUserPolicyDetails to represent policies applicable to a specific user

* [EC-787] Add method IPolicyService.GetPoliciesApplicableToUser to filter the obtained policy data

* [EC-787] Returning PolicyData on stored procedures

* [EC-787] Changed GetPoliciesApplicableToUserAsync to return ICollection

* [EC-787] Switched all usings of IPolicyRepository.GetManyByTypeApplicableToUserIdAsync to IPolicyService.GetPoliciesApplicableToUserAsync

* [EC-787] Removed policy logic from BaseRequestValidator and added usage of IPolicyService.GetPoliciesApplicableToUserAsync

* [EC-787] Added unit tests for IPolicyService.GetPoliciesApplicableToUserAsync

* [EC-787] Added unit tests for OrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync

* [EC-787] Changed integration test to check for single result

* [EC-787] Marked IPolicyRepository methods GetManyByTypeApplicableToUserIdAsync and GetCountByTypeApplicableToUserIdAsync as obsolete

* [EC-787] Returning OrganizationUserId on OrganizationUser_ReadByUserIdWithPolicyDetails

* [EC-787] Remove deprecated stored procedures Policy_CountByTypeApplicableToUser, Policy_ReadByTypeApplicableToUser and function PolicyApplicableToUser

* [EC-787] Added method IPolicyService.AnyPoliciesApplicableToUserAsync

* [EC-787] Removed 'OrganizationUserType' parameter from queries

* [EC-787] Formatted OrganizationUserPolicyDetailsCompare

* [EC-787] Renamed SQL migration files

* [EC-787] Changed OrganizationUser_ReadByUserIdWithPolicyDetails to return Permissions json

* [EC-787] Refactored excluded user types for each Policy

* [EC-787] Updated dates on dbo_future files

* [EC-787] Remove dbo_future files from sql proj

* [EC-787] Added parameter PolicyType to IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync

* [EC-787] Rewrote OrganizationUser_ReadByUserIdWithPolicyDetails and added parameter for PolicyType

* Update util/Migrator/DbScripts/2023-03-10_00_OrganizationUserReadByUserIdWithPolicyDetails.sql

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

---------

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
											
										
										
											2023-05-12 08:22:19 +01:00
+								        _policyService = policyService;
-												allow org user reg. when reg. is disabled

											
										
										
											2018-05-24 16:53:07 -04:00
+								        _organizationServiceDataProtector = dataProtectionProvider.CreateProtector(
 								            "OrganizationServiceDataProtector");
-												Reference event service implementation (#811)

* Reference event service implementation

* Fix IReferenceable implementation of Id

* add structure to event body
											
										
										
											2020-07-07 12:01:34 -04:00
+								        _referenceEventService = referenceEventService;
-												WebAuthn (#903)


											
										
										
											2021-03-22 23:21:43 +01:00
+								        _fido2 = fido2;
-												Move claims issuance and security stamp checks out into profile service. moved context sets out of identity implementations and into get methods.

											
										
										
											2017-01-24 22:15:21 -05:00
+								        _currentContext = currentContext;
-												initiating u2f registration

											
										
										
											2017-06-21 22:33:45 -04:00
+								        _globalSettings = globalSettings;
-												Auth/PM-3275 - Changes to support TDE User without MP being able to Set a Password + misc refactoring (#3242)

* PM-3275 - Add new GetMasterPasswordPolicy endpoint which will allow authenticated clients to get an enabled MP org policy if it exists for the purposes of enforcing those policy requirements when setting a password.

* PM-3275 - AccountsController.cs - PostSetPasswordAsync - (1) Convert UserService.setPasswordAsync into new SetInitialMasterPasswordCommand (2) Refactor SetInitialMasterPasswordCommand to only accept post SSO users who are in the invited state
(3) Add TODOs for more cleanup work and more commands

* PM-3275 - Update AccountsControllerTests.cs to add new SetInitialMasterPasswordCommand

* PM-3275 - UserService.cs - Remove non implemented ChangePasswordAsync method

* PM-3275 - The new SetInitialMasterPasswordCommand leveraged the OrganizationService.cs AcceptUserAsync method so while I was in here I converted the AcceptUserAsync methods into a new AcceptOrgUserCommand.cs and turned the private method which accepted an existing org user public for use in the SetInitialMasterPasswordCommand

* PM-3275 - Dotnet format

* PM-3275 - Test SetInitialMasterPasswordCommand

* Dotnet format

* PM-3275 - In process AcceptOrgUserCommandTests.cs

* PM-3275 - Migrate changes from AC-244 / #3199 over into new AcceptOrgUserCommand

* PM-3275 - AcceptOrgUserCommand.cs - create data protector specifically for this command

* PM-3275 - Add TODO for renaming / removing overloading of methods to improve readability / clarity

* PM-3275 - AcceptOrgUserCommand.cs - refactor AcceptOrgUserAsync by OrgId to retrieve orgUser with _organizationUserRepository.GetByOrganizationAsync which gets a single user instead of a collection

* PM-3275 - AcceptOrgUserCommand.cs - update name in TODO for evaluation later

* PM-3275 / PM-1196 - (1) Slightly refactor SsoEmail2faSessionTokenable to provide public static GetTokenLifeTime() method for testing (2) Add missed tests to SsoEmail2faSessionTokenable in preparation for building tests for new OrgUserInviteTokenable.cs

* PM-3275 / PM-1196 - Removing SsoEmail2faSessionTokenable.cs changes + tests as I've handled that separately in a new PR (#3270) for newly created task PM-3925

* PM-3275 - ExpiringTokenable.cs - add clarifying comments to help distinguish between the Valid property and the TokenIsValid method.

* PM-3275 - Create OrgUserInviteTokenable.cs and add tests in OrgUserInviteTokenableTests.cs

* PM-3275 - OrganizationService.cs - Refactor Org User Invite methods to use new OrgUserInviteTokenable instead of manual creation of a token

* PM-3275 - OrgUserInviteTokenable.cs - clarify backwards compat note

* PM-3275 - AcceptOrgUserCommand.cs - Add TODOs + minor name refactor

* PM-3275 - AcceptOrgUserCommand.cs - replace method overloading with more easily readable names.

* PM-3275 - AcceptOrgUserCommand.cs - Update ValidateOrgUserInviteToken to add new token validation while maintaining backwards compatibility for 1 release.

* dotnet format

* PM-3275 - AcceptOrgUserCommand.cs - Move private method below where it is used

* PM-3275 - ServiceCollectionExtensions.cs - Must register IDataProtectorTokenFactory<OrgUserInviteTokenable> for new tokenable

* PM-3275 - OrgUserInviteTokenable needed access to global settings to set its token lifetime to the _globalSettings.OrganizationInviteExpirationHours value.  Creating a factory seemed the most straightforward way to encapsulate the desired creation logic. Unsure if in the correct location in ServiceCollectionExtensions.cs but will figure that out later.

* PM-3275 - In process work of creating AcceptOrgUserCommandTests.cs

* PM-3275 - Remove no longer relevant AcceptOrgUser tests from OrganizationServiceTests.cs

* PM-3275 - Register OrgUserInviteTokenableFactory alongside tokenizer

* PM-3275 - AcceptOrgUserCommandTests.cs - AcceptOrgUserAsync basic test suite completed.

* PM-3275 - AcceptOrgUserCommandTests.cs - tweak test names

* PM-3275 - AcceptOrgUserCommandTests.cs - (1) Remove old tests from OrganizationServiceTests as no longer needed to reference (2) Add summary for SetupCommonAcceptOrgUserMocks (3) Get AcceptOrgUserByToken_OldToken_AcceptsUserAndVerifiesEmail passing

* PM-3275 - Create interface for OrgUserInviteTokenableFactory b/c that's the right thing to do + enables test substitution

* PM-3275 - AcceptOrgUserCommandTests.cs - (1) Start work on AcceptOrgUserByToken_NewToken_AcceptsUserAndVerifiesEmail (2) Create and use SetupCommonAcceptOrgUserByTokenMocks() (3) Create generic FakeDataProtectorTokenFactory for tokenable testing

* PM-3275 - (1) Get AcceptOrgUserByToken_NewToken_AcceptsUserAndVerifiesEmail test passing (2) Move FakeDataProtectorTokenFactory to own file

* PM-3275 - AcceptOrgUserCommandTests.cs - Finish up tests for AcceptOrgUserByTokenAsync

* PM-3275 - Add pseudo section comments

* PM-3275 - Clean up unused params on AcceptOrgUserByToken_EmailMismatch_ThrowsBadRequest test

* PM-3275 - (1) Tests written for AcceptOrgUserByOrgSsoIdAsync (2) Refactor happy path assertions into helper function AssertValidAcceptedOrgUser to reduce code duplication

* PM-3275 - Finish up testing AcceptOrgUserCommandTests.cs by adding tests for AcceptOrgUserByOrgIdAsync

* PM-3275 - Tweaking test naming to ensure consistency.

* PM-3275 - Bugfix - OrgUserInviteTokenableFactory implementation required when declaring singleton service in ServiceCollectionExtensions.cs

* PM-3275 - Resolve failing OrganizationServiceTests.cs

* dotnet format

* PM-3275 - PoliciesController.cs - GetMasterPasswordPolicy bugfix - for orgs without a MP policy, policy comes back as null and we should return notFound in that case.

* PM-3275 - Add PoliciesControllerTests.cs specifically for new GetMasterPasswordPolicy(...) endpoint.

* PM-3275 - dotnet format PoliciesControllerTests.cs

* PM-3275 - PoliciesController.cs - (1) Add tech debt task number (2) Properly flag endpoint as deprecated

* PM-3275 - Add new hasManageResetPasswordPermission property to ProfileResponseModel.cs primarily for sync so that we can condition client side if TDE user obtains elevated permissions

* PM-3275 - Fix AccountsControllerTests.cs

* PM-3275 - OrgUserInviteTokenable.cs - clarify TODO

* PM-3275 - AcceptOrgUserCommand.cs - Refactor token validation to use short circuiting to only run old token validation if new token validation fails.

* PM-3275 - OrgUserInviteTokenable.cs - (1) Add new static methods to centralize validation logic to avoid repetition (2) Add new token validation method so we can avoid having to pass in a full org user (and hitting the db to do so)

* PM-3275 - Realized that the old token validation was used in the PoliciesController.cs (existing user clicks invite link in email and goes to log in) and UserService.cs (user clicks invite link in email and registers for a new acct). Added tech debt item for cleaning up backwards compatibility in future.

* dotnet format

* PM-3275 - (1) AccountsController.cs - Update PostSetPasswordAsync SetPasswordRequestModel to allow null keys for the case where we have a TDE user who obtains elevated permissions - they already have a user public and user encrypted private key saved in the db. (2) AccountsControllerTests.cs - test PostSetPasswordAsync scenarios to ensure changes will work as expected.

* PM-3275 - PR review feedback - (1) set CurrentContext to private (2) Refactor GetProfile to use variables to improve clarity and simplify debugging.

* PM-3275 - SyncController.cs - PR Review Feedback - Set current context as private instead of protected.

* PM-3275 - CurrentContextExtensions.cs - PR Feedback - move parenthesis up from own line.

* PM-3275 - SetInitialMasterPasswordCommandTests.cs - Replace unnecessary variable

* PM-3275 - SetInitialMasterPasswordCommandTests.cs - PR Feedback - Add expected outcome statement to test name

* PM-3275 - Set Initial Password command and tests - PR Feedback changes - (1) Rename orgIdentifier --> OrgSsoIdentifier for clarity (2) Update SetInitialMasterPasswordAsync to not allow null orgSsoId with explicit message saying this vs letting null org trigger invalid organization (3) Add test to cover this new scenario.

* PM-3275 - SetInitialMasterPasswordCommand.cs - Move summary from implementation to interface to better respect standards and the fact that the interface is the more seen piece of code.

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, rename AcceptOrgUserByTokenAsync -> AcceptOrgUserByEmailTokenAsync + replace generic name token with emailToken

* PM-3275 - OrganizationService.cs - Per PR feedback, remove dupe line

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, remove new lines in error messages for consistency.

* PM-3275 - SetInitialMasterPasswordCommand.cs - Per PR feedback, adjust formatting of constructor for improved readability.

* PM-3275 - CurrentContextExtensions.cs - Refactor AnyOrgUserHasManageResetPasswordPermission per PR feedback to remove unnecessary var.

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, remove completed TODO

* PM-3275 - PoliciesController.cs - Per PR feedback, update GetByInvitedUser param to be guid instead of string.

* PM-3275 - OrgUserInviteTokenable.cs - per PR feedback, add tech debt item info.

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, use const purpose from tokenable instead of magic string.

* PM-3275 - Restore non duplicate line to fix tests

* PM-3275 - Per PR feedback, revert all sync controller changes as the ProfileResponseModel.organizations array has org objects which have permissions which have the ManageResetPassword permission.  So, I have the information that I need clientside already to determine if the user has the ManageResetPassword in any org.

* PM-3275 - PoliciesControllerTests.cs - Update imports as the PoliciesController was moved under the admin console team's domain.

* PM-3275 - Resolve issues from merge conflict resolutions to get solution building.

* PM-3275 / PM-4633 - PoliciesController.cs - use orgUserId to look up user instead of orgId. Oops.

* Fix user service tests

* Resolve merge conflict
											
										
										
											2023-11-02 11:02:25 -04:00
+								        _acceptOrgUserCommand = acceptOrgUserCommand;
-												Resolve error when deleting an account connected to a provider (#1580)


											
										
										
											2021-09-15 20:34:06 +02:00
+								        _providerUserRepository = providerUserRepository;
-												[SG-72] Sync changed email address with stripe (#2042)

* sync changed email address with strip

* sync changed email address with strip

* fixed formatting

* throw exception if not successful

* Added revert if stripe sync fails

* Added revert if stripe sync fails

* Added revert if stripe sync fails

* created stripe sync service

* fixed lint issue

* reverted to use stripe exception message

* added null checks to customer id and email address

* added braces

* removed empty email
											
										
										
											2022-06-16 17:45:26 +01:00
+								        _stripeSyncService = stripeSyncService;
-												Auth/PM-3275 - Changes to support TDE User without MP being able to Set a Password + misc refactoring (#3242)

* PM-3275 - Add new GetMasterPasswordPolicy endpoint which will allow authenticated clients to get an enabled MP org policy if it exists for the purposes of enforcing those policy requirements when setting a password.

* PM-3275 - AccountsController.cs - PostSetPasswordAsync - (1) Convert UserService.setPasswordAsync into new SetInitialMasterPasswordCommand (2) Refactor SetInitialMasterPasswordCommand to only accept post SSO users who are in the invited state
(3) Add TODOs for more cleanup work and more commands

* PM-3275 - Update AccountsControllerTests.cs to add new SetInitialMasterPasswordCommand

* PM-3275 - UserService.cs - Remove non implemented ChangePasswordAsync method

* PM-3275 - The new SetInitialMasterPasswordCommand leveraged the OrganizationService.cs AcceptUserAsync method so while I was in here I converted the AcceptUserAsync methods into a new AcceptOrgUserCommand.cs and turned the private method which accepted an existing org user public for use in the SetInitialMasterPasswordCommand

* PM-3275 - Dotnet format

* PM-3275 - Test SetInitialMasterPasswordCommand

* Dotnet format

* PM-3275 - In process AcceptOrgUserCommandTests.cs

* PM-3275 - Migrate changes from AC-244 / #3199 over into new AcceptOrgUserCommand

* PM-3275 - AcceptOrgUserCommand.cs - create data protector specifically for this command

* PM-3275 - Add TODO for renaming / removing overloading of methods to improve readability / clarity

* PM-3275 - AcceptOrgUserCommand.cs - refactor AcceptOrgUserAsync by OrgId to retrieve orgUser with _organizationUserRepository.GetByOrganizationAsync which gets a single user instead of a collection

* PM-3275 - AcceptOrgUserCommand.cs - update name in TODO for evaluation later

* PM-3275 / PM-1196 - (1) Slightly refactor SsoEmail2faSessionTokenable to provide public static GetTokenLifeTime() method for testing (2) Add missed tests to SsoEmail2faSessionTokenable in preparation for building tests for new OrgUserInviteTokenable.cs

* PM-3275 / PM-1196 - Removing SsoEmail2faSessionTokenable.cs changes + tests as I've handled that separately in a new PR (#3270) for newly created task PM-3925

* PM-3275 - ExpiringTokenable.cs - add clarifying comments to help distinguish between the Valid property and the TokenIsValid method.

* PM-3275 - Create OrgUserInviteTokenable.cs and add tests in OrgUserInviteTokenableTests.cs

* PM-3275 - OrganizationService.cs - Refactor Org User Invite methods to use new OrgUserInviteTokenable instead of manual creation of a token

* PM-3275 - OrgUserInviteTokenable.cs - clarify backwards compat note

* PM-3275 - AcceptOrgUserCommand.cs - Add TODOs + minor name refactor

* PM-3275 - AcceptOrgUserCommand.cs - replace method overloading with more easily readable names.

* PM-3275 - AcceptOrgUserCommand.cs - Update ValidateOrgUserInviteToken to add new token validation while maintaining backwards compatibility for 1 release.

* dotnet format

* PM-3275 - AcceptOrgUserCommand.cs - Move private method below where it is used

* PM-3275 - ServiceCollectionExtensions.cs - Must register IDataProtectorTokenFactory<OrgUserInviteTokenable> for new tokenable

* PM-3275 - OrgUserInviteTokenable needed access to global settings to set its token lifetime to the _globalSettings.OrganizationInviteExpirationHours value.  Creating a factory seemed the most straightforward way to encapsulate the desired creation logic. Unsure if in the correct location in ServiceCollectionExtensions.cs but will figure that out later.

* PM-3275 - In process work of creating AcceptOrgUserCommandTests.cs

* PM-3275 - Remove no longer relevant AcceptOrgUser tests from OrganizationServiceTests.cs

* PM-3275 - Register OrgUserInviteTokenableFactory alongside tokenizer

* PM-3275 - AcceptOrgUserCommandTests.cs - AcceptOrgUserAsync basic test suite completed.

* PM-3275 - AcceptOrgUserCommandTests.cs - tweak test names

* PM-3275 - AcceptOrgUserCommandTests.cs - (1) Remove old tests from OrganizationServiceTests as no longer needed to reference (2) Add summary for SetupCommonAcceptOrgUserMocks (3) Get AcceptOrgUserByToken_OldToken_AcceptsUserAndVerifiesEmail passing

* PM-3275 - Create interface for OrgUserInviteTokenableFactory b/c that's the right thing to do + enables test substitution

* PM-3275 - AcceptOrgUserCommandTests.cs - (1) Start work on AcceptOrgUserByToken_NewToken_AcceptsUserAndVerifiesEmail (2) Create and use SetupCommonAcceptOrgUserByTokenMocks() (3) Create generic FakeDataProtectorTokenFactory for tokenable testing

* PM-3275 - (1) Get AcceptOrgUserByToken_NewToken_AcceptsUserAndVerifiesEmail test passing (2) Move FakeDataProtectorTokenFactory to own file

* PM-3275 - AcceptOrgUserCommandTests.cs - Finish up tests for AcceptOrgUserByTokenAsync

* PM-3275 - Add pseudo section comments

* PM-3275 - Clean up unused params on AcceptOrgUserByToken_EmailMismatch_ThrowsBadRequest test

* PM-3275 - (1) Tests written for AcceptOrgUserByOrgSsoIdAsync (2) Refactor happy path assertions into helper function AssertValidAcceptedOrgUser to reduce code duplication

* PM-3275 - Finish up testing AcceptOrgUserCommandTests.cs by adding tests for AcceptOrgUserByOrgIdAsync

* PM-3275 - Tweaking test naming to ensure consistency.

* PM-3275 - Bugfix - OrgUserInviteTokenableFactory implementation required when declaring singleton service in ServiceCollectionExtensions.cs

* PM-3275 - Resolve failing OrganizationServiceTests.cs

* dotnet format

* PM-3275 - PoliciesController.cs - GetMasterPasswordPolicy bugfix - for orgs without a MP policy, policy comes back as null and we should return notFound in that case.

* PM-3275 - Add PoliciesControllerTests.cs specifically for new GetMasterPasswordPolicy(...) endpoint.

* PM-3275 - dotnet format PoliciesControllerTests.cs

* PM-3275 - PoliciesController.cs - (1) Add tech debt task number (2) Properly flag endpoint as deprecated

* PM-3275 - Add new hasManageResetPasswordPermission property to ProfileResponseModel.cs primarily for sync so that we can condition client side if TDE user obtains elevated permissions

* PM-3275 - Fix AccountsControllerTests.cs

* PM-3275 - OrgUserInviteTokenable.cs - clarify TODO

* PM-3275 - AcceptOrgUserCommand.cs - Refactor token validation to use short circuiting to only run old token validation if new token validation fails.

* PM-3275 - OrgUserInviteTokenable.cs - (1) Add new static methods to centralize validation logic to avoid repetition (2) Add new token validation method so we can avoid having to pass in a full org user (and hitting the db to do so)

* PM-3275 - Realized that the old token validation was used in the PoliciesController.cs (existing user clicks invite link in email and goes to log in) and UserService.cs (user clicks invite link in email and registers for a new acct). Added tech debt item for cleaning up backwards compatibility in future.

* dotnet format

* PM-3275 - (1) AccountsController.cs - Update PostSetPasswordAsync SetPasswordRequestModel to allow null keys for the case where we have a TDE user who obtains elevated permissions - they already have a user public and user encrypted private key saved in the db. (2) AccountsControllerTests.cs - test PostSetPasswordAsync scenarios to ensure changes will work as expected.

* PM-3275 - PR review feedback - (1) set CurrentContext to private (2) Refactor GetProfile to use variables to improve clarity and simplify debugging.

* PM-3275 - SyncController.cs - PR Review Feedback - Set current context as private instead of protected.

* PM-3275 - CurrentContextExtensions.cs - PR Feedback - move parenthesis up from own line.

* PM-3275 - SetInitialMasterPasswordCommandTests.cs - Replace unnecessary variable

* PM-3275 - SetInitialMasterPasswordCommandTests.cs - PR Feedback - Add expected outcome statement to test name

* PM-3275 - Set Initial Password command and tests - PR Feedback changes - (1) Rename orgIdentifier --> OrgSsoIdentifier for clarity (2) Update SetInitialMasterPasswordAsync to not allow null orgSsoId with explicit message saying this vs letting null org trigger invalid organization (3) Add test to cover this new scenario.

* PM-3275 - SetInitialMasterPasswordCommand.cs - Move summary from implementation to interface to better respect standards and the fact that the interface is the more seen piece of code.

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, rename AcceptOrgUserByTokenAsync -> AcceptOrgUserByEmailTokenAsync + replace generic name token with emailToken

* PM-3275 - OrganizationService.cs - Per PR feedback, remove dupe line

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, remove new lines in error messages for consistency.

* PM-3275 - SetInitialMasterPasswordCommand.cs - Per PR feedback, adjust formatting of constructor for improved readability.

* PM-3275 - CurrentContextExtensions.cs - Refactor AnyOrgUserHasManageResetPasswordPermission per PR feedback to remove unnecessary var.

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, remove completed TODO

* PM-3275 - PoliciesController.cs - Per PR feedback, update GetByInvitedUser param to be guid instead of string.

* PM-3275 - OrgUserInviteTokenable.cs - per PR feedback, add tech debt item info.

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, use const purpose from tokenable instead of magic string.

* PM-3275 - Restore non duplicate line to fix tests

* PM-3275 - Per PR feedback, revert all sync controller changes as the ProfileResponseModel.organizations array has org objects which have permissions which have the ManageResetPassword permission.  So, I have the information that I need clientside already to determine if the user has the ManageResetPassword in any org.

* PM-3275 - PoliciesControllerTests.cs - Update imports as the PoliciesController was moved under the admin console team's domain.

* PM-3275 - Resolve issues from merge conflict resolutions to get solution building.

* PM-3275 / PM-4633 - PoliciesController.cs - use orgUserId to look up user instead of orgId. Oops.

* Fix user service tests

* Resolve merge conflict
											
										
										
											2023-11-02 11:02:25 -04:00
+								        _orgUserInviteTokenDataFactory = orgUserInviteTokenDataFactory;
-												[PM-7452] Handle PayPal for premium users (#4835)

* Add PremiumUserSale

* Add PremiumUserBillingService

* Integrate into UserService behind FF

* Update invoice.created handler to bill newly created PayPal customers

* Run dotnet format
											
										
										
											2024-10-01 09:12:08 -04:00
+								        _featureService = featureService;
 								        _premiumUserBillingService = premiumUserBillingService;
-												[AC-607] Extract IOrganizationService.DeleteUserAsync into IRemoveOrganizationUserCommand (#4803)

* Add HasConfirmedOwnersExceptQuery class, interface and unit tests

* Register IHasConfirmedOwnersExceptQuery for dependency injection

* Replace OrganizationService.HasConfirmedOwnersExceptAsync with HasConfirmedOwnersExceptQuery

* Refactor DeleteManagedOrganizationUserAccountCommand to use IHasConfirmedOwnersExceptQuery

* Fix unit tests

* Extract IOrganizationService.RemoveUserAsync into IRemoveOrganizationUserCommand; Update unit tests

* Extract IOrganizationService.RemoveUsersAsync into IRemoveOrganizationUserCommand; Update unit tests

* Refactor RemoveUserAsync(Guid organizationId, Guid userId) to use ValidateDeleteUser

* Refactor RemoveOrganizationUserCommandTests to use more descriptive method names

* Refactor controller actions to accept Guid directly instead of parsing strings

* Add unit tests for removing OrganizationUser by UserId

* Refactor remove OrganizationUser by UserId method

* Add summary to IHasConfirmedOwnersExceptQuery
											
										
										
											2024-10-16 10:33:00 +01:00
+								        _removeOrganizationUserCommand = removeOrganizationUserCommand;
-												[PM-15547] Revoke managed user on 2FA removal if enforced by organization policy (#5124)

* Revoke managed user on 2FA removal if enforced by organization policy

* Rename TwoFactorDisabling to TwoFactorDisabled in EventSystemUser enum
											
										
										
											2024-12-13 11:32:29 +00:00
+								        _revokeNonCompliantOrganizationUserCommand = revokeNonCompliantOrganizationUserCommand;
-												[PM-12995] Create UI elements for New Device Verification in Admin Portal (#5165)

* feat(NewDeviceVerification) :
- Added constant to constants in Bit.Core because the cache key format needs to be shared between the Identity Server and the MVC project Admin.
- Updated DeviceValidator class to handle checking cache for user information to allow pass through.
- Updated and Added tests to handle new flow.
- Adding exception flow to admin project. Added tests for new methods in UserService.
											
										
										
											2025-01-09 18:10:54 -08:00
+								        _distributedCache = distributedCache;
-												Move claims issuance and security stamp checks out into profile service. moved context sets out of identity implementations and into get methods.

											
										
										
											2017-01-24 22:15:21 -05:00
+								    }
 								    public Guid? GetProperUserId(ClaimsPrincipal principal)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												Move claims issuance and security stamp checks out into profile service. moved context sets out of identity implementations and into get methods.

											
										
										
											2017-01-24 22:15:21 -05:00
+								        if (!Guid.TryParse(GetUserId(principal), out var userIdGuid))
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								        {
-												Move claims issuance and security stamp checks out into profile service. moved context sets out of identity implementations and into get methods.

											
										
										
											2017-01-24 22:15:21 -05:00
+								            return null;
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								        }
-												refactored data storage to use cipher table. added history table and insert triggers.

											
										
										
											2016-05-21 17:16:22 -04:00
+								        return userIdGuid;
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								    }
-												react to contact changes not being set from identity

											
										
										
											2017-01-24 22:46:54 -05:00
+								    public async Task<User> GetUserByIdAsync(string userId)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												react to contact changes not being set from identity

											
										
										
											2017-01-24 22:46:54 -05:00
+								        if (_currentContext?.User != null &&
 								            string.Equals(_currentContext.User.Id.ToString(), userId, StringComparison.InvariantCultureIgnoreCase))
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												Move claims issuance and security stamp checks out into profile service. moved context sets out of identity implementations and into get methods.

											
										
										
											2017-01-24 22:15:21 -05:00
+								            return _currentContext.User;
-												re-working claims for aspnet core identity integration and backwards compat

											
										
										
											2017-01-11 21:46:36 -05:00
+								        }
-												refactored data storage to use cipher table. added history table and insert triggers.

											
										
										
											2016-05-21 17:16:22 -04:00
+								        if (!Guid.TryParse(userId, out var userIdGuid))
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        {
-												react to contact changes not being set from identity

											
										
										
											2017-01-24 22:46:54 -05:00
+								            return null;
 								        }
-												[Reset Password] Get/Post Org Keys and API updates (#1323)

* [Reset Password] Organization Keys APIs

* Updated details response to include private key and added more security checks for reset password methods

* Added org type and policy security checks to the enrollment api

* Updated based on PR feedback

* Added org user type permission checks

* Added TODO for email to user

* Removed unecessary policyRepository object
											
										
										
											2021-05-19 09:40:32 -05:00
+								        _currentContext.User = await _userRepository.GetByIdAsync(userIdGuid);
 								        return _currentContext.User;
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								    }
-												Added API for getting the current user's account revision date

											
										
										
											2017-01-14 10:02:37 -05:00
+								    public async Task<User> GetUserByIdAsync(Guid userId)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												react to contact changes not being set from identity

											
										
										
											2017-01-24 22:46:54 -05:00
+								        if (_currentContext?.User != null && _currentContext.User.Id == userId)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												Added API for getting the current user's account revision date

											
										
										
											2017-01-14 10:02:37 -05:00
+								            return _currentContext.User;
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								        }
-												updates for license validation

											
										
										
											2017-08-14 13:06:44 -04:00
+								        _currentContext.User = await _userRepository.GetByIdAsync(userId);
 								        return _currentContext.User;
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												updates for license validation

											
										
										
											2017-08-14 13:06:44 -04:00
+								    public async Task<User> GetUserByPrincipalAsync(ClaimsPrincipal principal)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												updates for license validation

											
										
										
											2017-08-14 13:06:44 -04:00
+								        var userId = GetProperUserId(principal);
-												[Reset Password] Get/Post Org Keys and API updates (#1323)

* [Reset Password] Organization Keys APIs

* Updated details response to include private key and added more security checks for reset password methods

* Added org type and policy security checks to the enrollment api

* Updated based on PR feedback

* Added org user type permission checks

* Added TODO for email to user

* Removed unecessary policyRepository object
											
										
										
											2021-05-19 09:40:32 -05:00
+								        if (!userId.HasValue)
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        {
 								            return null;
 								        }
-												Transactionally safe user password and email change updates.

											
										
										
											2016-02-21 00:15:17 -05:00
-												[Reset Password] Get/Post Org Keys and API updates (#1323)

* [Reset Password] Organization Keys APIs

* Updated details response to include private key and added more security checks for reset password methods

* Added org type and policy security checks to the enrollment api

* Updated based on PR feedback

* Added org user type permission checks

* Added TODO for email to user

* Removed unecessary policyRepository object
											
										
										
											2021-05-19 09:40:32 -05:00
+								        return await GetUserByIdAsync(userId.Value);
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												verify and disable premium from license check

											
										
										
											2017-08-16 17:08:20 -04:00
+								    public async Task<DateTime> GetAccountRevisionDateByIdAsync(Guid userId)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        return await _userRepository.GetAccountRevisionDateAsync(userId);
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								    public async Task SaveUserAsync(User user, bool push = false)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								        if (user.Id == default(Guid))
-												updates for license validation

											
										
										
											2017-08-14 13:06:44 -04:00
+								        {
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								            throw new ApplicationException("Use register method to create a new user.");
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								        }
-												[EC-1032] if name is Empty, set to null before saving (#2619)


											
										
										
											2023-01-25 11:07:33 -05:00
+								        // if the name is empty, set it to null
 								        if (String.Equals(user.Name, String.Empty))
 								        {
 								            user.Name = null;
 								        }
-												Added API for getting the current user's account revision date

											
										
										
											2017-01-14 10:02:37 -05:00
+								        user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
-												"user key" schema and api changes

											
										
										
											2017-05-31 09:54:32 -04:00
+								        await _userRepository.ReplaceAsync(user);
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								        if (push)
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								        {
-												updates for license validation

											
										
										
											2017-08-14 13:06:44 -04:00
+								            // push
 								            await _pushService.PushSyncSettingsAsync(user.Id);
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        }
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
-												handle user delete scenarios when part of org

											
										
										
											2017-04-27 17:28:39 -04:00
+								    public override async Task<IdentityResult> DeleteAsync(User user)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												allow user delete if they are not the only owner

											
										
										
											2017-10-25 11:36:54 -04:00
+								        // Check if user is the only owner of any organizations.
 								        var onlyOwnerCount = await _organizationUserRepository.GetCountByOnlyOwnerAsync(user.Id);
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								        if (onlyOwnerCount > 0)
-												handle user delete scenarios when part of org

											
										
										
											2017-04-27 17:28:39 -04:00
+								        {
-												allow user delete if they are not the only owner

											
										
										
											2017-10-25 11:36:54 -04:00
+								            var deletedOrg = false;
 								            var orgs = await _organizationUserRepository.GetManyDetailsByUserAsync(user.Id,
 								                OrganizationUserStatusType.Confirmed);
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            if (orgs.Count == 1)
-												handle user delete scenarios when part of org

											
										
										
											2017-04-27 17:28:39 -04:00
+								            {
-												sometimes delete org on user delete

											
										
										
											2018-12-03 10:56:55 -05:00
+								                var org = await _organizationRepository.GetByIdAsync(orgs.First().OrganizationId);
 								                if (org != null && (!org.Enabled || string.IsNullOrWhiteSpace(org.GatewaySubscriptionId)))
-												handle user delete scenarios when part of org

											
										
										
											2017-04-27 17:28:39 -04:00
+								                {
-												sometimes delete org on user delete

											
										
										
											2018-12-03 10:56:55 -05:00
+								                    var orgCount = await _organizationUserRepository.GetCountByOrganizationIdAsync(org.Id);
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                    if (orgCount <= 1)
-												sometimes delete org on user delete

											
										
										
											2018-12-03 10:56:55 -05:00
+								                    {
 								                        await _organizationRepository.DeleteAsync(org);
 								                        deletedOrg = true;
 								                    }
 								                }
-												handle user delete scenarios when part of org

											
										
										
											2017-04-27 17:28:39 -04:00
+								            }
-												Resolve error when deleting an account connected to a provider (#1580)


											
										
										
											2021-09-15 20:34:06 +02:00
+								            if (!deletedOrg)
 								            {
 								                return IdentityResult.Failed(new IdentityError
 								                {
 								                    Description = "Cannot delete this user because it is the sole owner of at least one organization. Please delete these organizations or upgrade another user.",
 								                });
 								            }
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        }
-												Resolve error when deleting an account connected to a provider (#1580)


											
										
										
											2021-09-15 20:34:06 +02:00
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								        var onlyOwnerProviderCount = await _providerUserRepository.GetCountByOnlyOwnerAsync(user.Id);
 								        if (onlyOwnerProviderCount > 0)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            return IdentityResult.Failed(new IdentityError
-												cancel any subscriptions when deleting account

											
										
										
											2017-07-11 11:19:58 -04:00
+								            {
-												handle user delete scenarios when part of org

											
										
										
											2017-04-27 17:28:39 -04:00
+								                Description = "Cannot delete this user because it is the sole owner of at least one provider. Please delete these providers or upgrade another user.",
 								            });
 								        }
-												account recovery to delete via email

											
										
										
											2017-08-09 10:53:42 -04:00
+								        if (!string.IsNullOrWhiteSpace(user.GatewaySubscriptionId))
 								        {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            try
-												account recovery to delete via email

											
										
										
											2017-08-09 10:53:42 -04:00
+								            {
-												[PM-5548] Eliminate in-app purchase logic (#3640)

* Eliminate in-app purchase logic

* Totally remove obsolete and unused properties / types

* Remove unused enum values

* Restore token update
											
										
										
											2024-01-11 15:26:32 -05:00
+								                await CancelPremiumAsync(user);
-												account recovery to delete via email

											
										
										
											2017-08-09 10:53:42 -04:00
+								            }
 								            catch (GatewayException) { }
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								        }
-												account recovery to delete via email

											
										
										
											2017-08-09 10:53:42 -04:00
+								        await _userRepository.DeleteAsync(user);
-												handle user delete scenarios when part of org

											
										
										
											2017-04-27 17:28:39 -04:00
+								        await _referenceEventService.RaiseEventAsync(
-												[PM-214] Extend Reference Events (#2926)

* Extend ReferenceEvents

Add ClientId and ClientVersion
Modify all callsites to pass in currentContext if available to fill ClientId and ClientVersion

* Extend ReferenceEvent to save if Send has notes
											
										
										
											2023-05-16 16:21:57 +02:00
+								            new ReferenceEvent(ReferenceEventType.DeleteAccount, user, _currentContext));
-												handle user delete scenarios when part of org

											
										
										
											2017-04-27 17:28:39 -04:00
+								        await _pushService.PushLogOutAsync(user.Id);
 								        return IdentityResult.Success;
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												account recovery to delete via email

											
										
										
											2017-08-09 10:53:42 -04:00
+								    public async Task<IdentityResult> DeleteAsync(User user, string token)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												account recovery to delete via email

											
										
										
											2017-08-09 10:53:42 -04:00
+								        if (!(await VerifyUserTokenAsync(user, TokenOptions.DefaultProvider, "DeleteAccount", token)))
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								        {
-												verify email apis and emails

											
										
										
											2017-07-01 23:20:19 -04:00
+								            return IdentityResult.Failed(ErrorDescriber.InvalidToken());
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        }
-												verify email apis and emails

											
										
										
											2017-07-01 23:20:19 -04:00
+								        return await DeleteAsync(user);
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								    }
-												check to make sure user actually needs key update

											
										
										
											2018-07-31 08:19:49 -04:00
+								    public async Task SendDeleteConfirmationAsync(string email)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												back to corehelpers

											
										
										
											2019-06-11 17:17:23 -04:00
+								        var user = await _userRepository.GetByEmailAsync(email);
 								        if (user == null)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												back to corehelpers

											
										
										
											2019-06-11 17:17:23 -04:00
+								            // No user exists.
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								            return;
-												allow org user reg. when reg. is disabled

											
										
										
											2018-05-24 16:53:07 -04:00
+								        }
-												[PM-11406] Account Management: Prevent a verified user from deleting their account (#4878)

* Add check for managed user before purging account

* Rename IOrganizationRepository.GetByClaimedUserDomainAsync to GetByVerifiedUserEmailDomainAsync and refactor to return a list. Remove ManagedByOrganizationId from ProfileResponseMode. Add ManagesActiveUser to ProfileOrganizationResponseModel

* Rename the property ManagesActiveUser to UserIsManagedByOrganization

* Remove whole class #nullable enable and add it to specific places

* [PM-11405] Account Deprovisioning: Prevent a verified user from changing their email address

* Remove unnecessary .ToList()

* Refactor IUserService methods GetOrganizationsManagingUserAsync and IsManagedByAnyOrganizationAsync to not return nullable objects. Update ProfileOrganizationResponseModel.UserIsManagedByOrganization to not be nullable

* Prevent deletion of accounts managed by an organization when Account Deprovisioning is enabled

* Add CannotDeleteManagedAccountViewModel and email templates

- Added CannotDeleteManagedAccountViewModel class to handle emails related to preventing deletion of accounts managed by an organization.
- Added HTML and text email templates for sending notifications about the inability to delete an account owned by an organization.
- Updated IMailService interface with a new method to send the cannot delete managed account email.
- Implemented the SendCannotDeleteManagedAccountEmailAsync method in HandlebarsMailService.
- Added a check in UserService to send the cannot delete managed account email if the user is managed by any organization.
- Added a no-op implementation for SendCannotDeleteManagedAccountEmailAsync in NoopMailService.

* Update error message when unable to purge vault for managed account

* Update error message when unable to change email for managed account

* Update error message when unable to delete account when managed by organization

* Update error message in test for deleting organization-owned accounts
											
										
										
											2024-11-04 16:37:21 +00:00
+								        if (await IsManagedByAnyOrganizationAsync(user.Id))
 								        {
 								            await _mailService.SendCannotDeleteManagedAccountEmailAsync(user.Email);
 								            return;
 								        }
-												refactorings around two-factor controller

											
										
										
											2017-06-20 10:08:59 -04:00
+								        var token = await base.GenerateUserTokenAsync(user, TokenOptions.DefaultProvider, "DeleteAccount");
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        await _mailService.SendVerifyDeleteEmailAsync(user.Email, user.Id, token);
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												Auth/PM-7322 - Registration with Email verification - Finish registration endpoint (#4182)

* PM-7322 - AccountsController.cs - create empty method + empty req model to be able to create draft PR.

* PM-7322 - Start on RegisterFinishRequestModel.cs

* PM-7322 - WIP on Complete Registration endpoint

* PM-7322 - UserService.cs - RegisterUserAsync - Tweak of token to be orgInviteToken as we are adding a new email verification token to the mix.

* PM-7322 - UserService - Rename MP to MPHash

* PM-7322 - More WIP progress on getting new finish registration process in place.

* PM-7322 Create IRegisterUserCommand

* PM-7322 - RegisterUserCommand.cs - first WIP draft

* PM-7322 - Implement use of new command in Identity.

* PM-7322 - Rename RegisterUserViaOrgInvite to just be RegisterUser as orgInvite is optional.

* PM07322 - Test RegisterUserCommand.RegisterUser(...) happy paths and one bad request path.

* PM-7322 - More WIP on RegisterUserCommand.cs and tests

* PM-7322 - RegisterUserCommand.cs - refactor ValidateOrgInviteToken logic to always validate the token if we have one.

* PM-7322 - RegisterUserCommand.cs - Refactor OrgInviteToken validation to be more clear + validate org invite token even in open registration scenarios + added tests.

* PM-7322 - Add more test coverage to RegisterUserWithOptionalOrgInvite

* PM-7322 - IRegisterUserCommand - DOCS

* PM-7322 - Test RegisterUser

* PM-7322 - IRegisterUserCommand - Add more docs.

* PM-7322 - Finish updating all existing user service register calls to use the new command.

* PM-7322 - RegistrationEmailVerificationTokenable.cs changes + tests

* PM-7322 - RegistrationEmailVerificationTokenable.cs changed to only verify email as it's the only thing we need to verify + updated tests.

* PM-7322 - Get RegisterUserViaEmailVerificationToken built and tested

* PM-7322 - AccountsController.cs - get bones of PostRegisterFinish in place

* PM-7322 - SendVerificationEmailForRegistrationCommand - Feature flag timing attack delays per architecture discussion with a default of keeping them around.

* PM-7322 - RegisterFinishRequestModel.cs - EmailVerificationToken must be optional for org invite scenarios.

* PM-7322 - HandlebarsMailService.cs - SendRegistrationVerificationEmailAsync - must URL encode email to avoid invalid email upon submission to server on complete registration step

* PM-7322 - RegisterUserCommandTests.cs - add API key assertions

* PM-7322 - Clean up RegisterUserCommand.cs

* PM-7322 - Refactor AccountsController.cs existing org invite method and new process to consider new feature flag for delays.

* PM-7322 - Add feature flag svc to AccountsControllerTests.cs + add TODO

* PM-7322 - AccountsController.cs - Refactor shared IdentityResult logic into private helper.

* PM-7322 - Work on getting PostRegisterFinish tests in place.

* PM-7322 - AccountsControllerTests.cs - test new method.

* PM-7322 - RegisterFinishRequestModel.cs - Update to use required keyword instead of required annotations as it is easier to catch mistakes.

* PM-7322 - Fix misspelling

* PM-7322 - Integration tests for RegistrationWithEmailVerification

* PM-7322 - Fix leaky integration tests.

* PM-7322 - Another leaky test fix.

* PM-7322 - AccountsControllerTests.cs - fix RegistrationWithEmailVerification_WithOrgInviteToken_Succeeds

* PM-7322 - AccountsControllerTests.cs - Finish out integration test suite!
											
										
										
											2024-07-02 17:03:36 -04:00
+								    public async Task<IdentityResult> CreateUserAsync(User user)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												Auth/PM-7322 - Registration with Email verification - Finish registration endpoint (#4182)

* PM-7322 - AccountsController.cs - create empty method + empty req model to be able to create draft PR.

* PM-7322 - Start on RegisterFinishRequestModel.cs

* PM-7322 - WIP on Complete Registration endpoint

* PM-7322 - UserService.cs - RegisterUserAsync - Tweak of token to be orgInviteToken as we are adding a new email verification token to the mix.

* PM-7322 - UserService - Rename MP to MPHash

* PM-7322 - More WIP progress on getting new finish registration process in place.

* PM-7322 Create IRegisterUserCommand

* PM-7322 - RegisterUserCommand.cs - first WIP draft

* PM-7322 - Implement use of new command in Identity.

* PM-7322 - Rename RegisterUserViaOrgInvite to just be RegisterUser as orgInvite is optional.

* PM07322 - Test RegisterUserCommand.RegisterUser(...) happy paths and one bad request path.

* PM-7322 - More WIP on RegisterUserCommand.cs and tests

* PM-7322 - RegisterUserCommand.cs - refactor ValidateOrgInviteToken logic to always validate the token if we have one.

* PM-7322 - RegisterUserCommand.cs - Refactor OrgInviteToken validation to be more clear + validate org invite token even in open registration scenarios + added tests.

* PM-7322 - Add more test coverage to RegisterUserWithOptionalOrgInvite

* PM-7322 - IRegisterUserCommand - DOCS

* PM-7322 - Test RegisterUser

* PM-7322 - IRegisterUserCommand - Add more docs.

* PM-7322 - Finish updating all existing user service register calls to use the new command.

* PM-7322 - RegistrationEmailVerificationTokenable.cs changes + tests

* PM-7322 - RegistrationEmailVerificationTokenable.cs changed to only verify email as it's the only thing we need to verify + updated tests.

* PM-7322 - Get RegisterUserViaEmailVerificationToken built and tested

* PM-7322 - AccountsController.cs - get bones of PostRegisterFinish in place

* PM-7322 - SendVerificationEmailForRegistrationCommand - Feature flag timing attack delays per architecture discussion with a default of keeping them around.

* PM-7322 - RegisterFinishRequestModel.cs - EmailVerificationToken must be optional for org invite scenarios.

* PM-7322 - HandlebarsMailService.cs - SendRegistrationVerificationEmailAsync - must URL encode email to avoid invalid email upon submission to server on complete registration step

* PM-7322 - RegisterUserCommandTests.cs - add API key assertions

* PM-7322 - Clean up RegisterUserCommand.cs

* PM-7322 - Refactor AccountsController.cs existing org invite method and new process to consider new feature flag for delays.

* PM-7322 - Add feature flag svc to AccountsControllerTests.cs + add TODO

* PM-7322 - AccountsController.cs - Refactor shared IdentityResult logic into private helper.

* PM-7322 - Work on getting PostRegisterFinish tests in place.

* PM-7322 - AccountsControllerTests.cs - test new method.

* PM-7322 - RegisterFinishRequestModel.cs - Update to use required keyword instead of required annotations as it is easier to catch mistakes.

* PM-7322 - Fix misspelling

* PM-7322 - Integration tests for RegistrationWithEmailVerification

* PM-7322 - Fix leaky integration tests.

* PM-7322 - Another leaky test fix.

* PM-7322 - AccountsControllerTests.cs - fix RegistrationWithEmailVerification_WithOrgInviteToken_Succeeds

* PM-7322 - AccountsControllerTests.cs - Finish out integration test suite!
											
										
										
											2024-07-02 17:03:36 -04:00
+								        return await CreateAsync(user);
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												Auth/PM-7322 - Registration with Email verification - Finish registration endpoint (#4182)

* PM-7322 - AccountsController.cs - create empty method + empty req model to be able to create draft PR.

* PM-7322 - Start on RegisterFinishRequestModel.cs

* PM-7322 - WIP on Complete Registration endpoint

* PM-7322 - UserService.cs - RegisterUserAsync - Tweak of token to be orgInviteToken as we are adding a new email verification token to the mix.

* PM-7322 - UserService - Rename MP to MPHash

* PM-7322 - More WIP progress on getting new finish registration process in place.

* PM-7322 Create IRegisterUserCommand

* PM-7322 - RegisterUserCommand.cs - first WIP draft

* PM-7322 - Implement use of new command in Identity.

* PM-7322 - Rename RegisterUserViaOrgInvite to just be RegisterUser as orgInvite is optional.

* PM07322 - Test RegisterUserCommand.RegisterUser(...) happy paths and one bad request path.

* PM-7322 - More WIP on RegisterUserCommand.cs and tests

* PM-7322 - RegisterUserCommand.cs - refactor ValidateOrgInviteToken logic to always validate the token if we have one.

* PM-7322 - RegisterUserCommand.cs - Refactor OrgInviteToken validation to be more clear + validate org invite token even in open registration scenarios + added tests.

* PM-7322 - Add more test coverage to RegisterUserWithOptionalOrgInvite

* PM-7322 - IRegisterUserCommand - DOCS

* PM-7322 - Test RegisterUser

* PM-7322 - IRegisterUserCommand - Add more docs.

* PM-7322 - Finish updating all existing user service register calls to use the new command.

* PM-7322 - RegistrationEmailVerificationTokenable.cs changes + tests

* PM-7322 - RegistrationEmailVerificationTokenable.cs changed to only verify email as it's the only thing we need to verify + updated tests.

* PM-7322 - Get RegisterUserViaEmailVerificationToken built and tested

* PM-7322 - AccountsController.cs - get bones of PostRegisterFinish in place

* PM-7322 - SendVerificationEmailForRegistrationCommand - Feature flag timing attack delays per architecture discussion with a default of keeping them around.

* PM-7322 - RegisterFinishRequestModel.cs - EmailVerificationToken must be optional for org invite scenarios.

* PM-7322 - HandlebarsMailService.cs - SendRegistrationVerificationEmailAsync - must URL encode email to avoid invalid email upon submission to server on complete registration step

* PM-7322 - RegisterUserCommandTests.cs - add API key assertions

* PM-7322 - Clean up RegisterUserCommand.cs

* PM-7322 - Refactor AccountsController.cs existing org invite method and new process to consider new feature flag for delays.

* PM-7322 - Add feature flag svc to AccountsControllerTests.cs + add TODO

* PM-7322 - AccountsController.cs - Refactor shared IdentityResult logic into private helper.

* PM-7322 - Work on getting PostRegisterFinish tests in place.

* PM-7322 - AccountsControllerTests.cs - test new method.

* PM-7322 - RegisterFinishRequestModel.cs - Update to use required keyword instead of required annotations as it is easier to catch mistakes.

* PM-7322 - Fix misspelling

* PM-7322 - Integration tests for RegistrationWithEmailVerification

* PM-7322 - Fix leaky integration tests.

* PM-7322 - Another leaky test fix.

* PM-7322 - AccountsControllerTests.cs - fix RegistrationWithEmailVerification_WithOrgInviteToken_Succeeds

* PM-7322 - AccountsControllerTests.cs - Finish out integration test suite!
											
										
										
											2024-07-02 17:03:36 -04:00
+								    public async Task<IdentityResult> CreateUserAsync(User user, string masterPasswordHash)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												Auth/PM-7322 - Registration with Email verification - Finish registration endpoint (#4182)

* PM-7322 - AccountsController.cs - create empty method + empty req model to be able to create draft PR.

* PM-7322 - Start on RegisterFinishRequestModel.cs

* PM-7322 - WIP on Complete Registration endpoint

* PM-7322 - UserService.cs - RegisterUserAsync - Tweak of token to be orgInviteToken as we are adding a new email verification token to the mix.

* PM-7322 - UserService - Rename MP to MPHash

* PM-7322 - More WIP progress on getting new finish registration process in place.

* PM-7322 Create IRegisterUserCommand

* PM-7322 - RegisterUserCommand.cs - first WIP draft

* PM-7322 - Implement use of new command in Identity.

* PM-7322 - Rename RegisterUserViaOrgInvite to just be RegisterUser as orgInvite is optional.

* PM07322 - Test RegisterUserCommand.RegisterUser(...) happy paths and one bad request path.

* PM-7322 - More WIP on RegisterUserCommand.cs and tests

* PM-7322 - RegisterUserCommand.cs - refactor ValidateOrgInviteToken logic to always validate the token if we have one.

* PM-7322 - RegisterUserCommand.cs - Refactor OrgInviteToken validation to be more clear + validate org invite token even in open registration scenarios + added tests.

* PM-7322 - Add more test coverage to RegisterUserWithOptionalOrgInvite

* PM-7322 - IRegisterUserCommand - DOCS

* PM-7322 - Test RegisterUser

* PM-7322 - IRegisterUserCommand - Add more docs.

* PM-7322 - Finish updating all existing user service register calls to use the new command.

* PM-7322 - RegistrationEmailVerificationTokenable.cs changes + tests

* PM-7322 - RegistrationEmailVerificationTokenable.cs changed to only verify email as it's the only thing we need to verify + updated tests.

* PM-7322 - Get RegisterUserViaEmailVerificationToken built and tested

* PM-7322 - AccountsController.cs - get bones of PostRegisterFinish in place

* PM-7322 - SendVerificationEmailForRegistrationCommand - Feature flag timing attack delays per architecture discussion with a default of keeping them around.

* PM-7322 - RegisterFinishRequestModel.cs - EmailVerificationToken must be optional for org invite scenarios.

* PM-7322 - HandlebarsMailService.cs - SendRegistrationVerificationEmailAsync - must URL encode email to avoid invalid email upon submission to server on complete registration step

* PM-7322 - RegisterUserCommandTests.cs - add API key assertions

* PM-7322 - Clean up RegisterUserCommand.cs

* PM-7322 - Refactor AccountsController.cs existing org invite method and new process to consider new feature flag for delays.

* PM-7322 - Add feature flag svc to AccountsControllerTests.cs + add TODO

* PM-7322 - AccountsController.cs - Refactor shared IdentityResult logic into private helper.

* PM-7322 - Work on getting PostRegisterFinish tests in place.

* PM-7322 - AccountsControllerTests.cs - test new method.

* PM-7322 - RegisterFinishRequestModel.cs - Update to use required keyword instead of required annotations as it is easier to catch mistakes.

* PM-7322 - Fix misspelling

* PM-7322 - Integration tests for RegistrationWithEmailVerification

* PM-7322 - Fix leaky integration tests.

* PM-7322 - Another leaky test fix.

* PM-7322 - AccountsControllerTests.cs - fix RegistrationWithEmailVerification_WithOrgInviteToken_Succeeds

* PM-7322 - AccountsControllerTests.cs - Finish out integration test suite!
											
										
										
											2024-07-02 17:03:36 -04:00
+								        return await CreateAsync(user, masterPasswordHash);
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												allow user registration for sso (#865)


											
										
										
											2020-08-13 17:30:10 -04:00
+								    public async Task SendMasterPasswordHintAsync(string email)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												allow user registration for sso (#865)


											
										
										
											2020-08-13 17:30:10 -04:00
+								        var user = await _userRepository.GetByEmailAsync(email);
 								        if (user == null)
 								        {
 								            // No user exists. Do we want to send an email telling them this in the future?
 								            return;
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        }
 								        if (string.IsNullOrWhiteSpace(user.MasterPasswordHint))
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								            await _mailService.SendNoMasterPasswordHintEmailAsync(email);
 								            return;
 								        }
 								        await _mailService.SendMasterPasswordHintEmailAsync(email, user.MasterPasswordHint);
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												[EC-400] Code clean up Device Verification (#2601)

* EC-400 Clean up code regarding Unknown Device Verification

* EC-400 Fix formatting
											
										
										
											2023-02-17 10:15:28 -03:00
+								    public async Task SendTwoFactorEmailAsync(User user)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Email);
 								        if (provider == null || provider.MetaData == null || !provider.MetaData.ContainsKey("Email"))
 								        {
 								            throw new ArgumentNullException("No email.");
 								        }
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								        var email = ((string)provider.MetaData["Email"]).ToLowerInvariant();
-												[PM-5518] Refactor Email Token Providers (#3784)

* new email token providers

* move email redaction to core helpers

* make token options configurable

* protected setters on options

* fix email token provider tests

* fix core tests

---------

Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
											
										
										
											2024-07-11 14:39:27 -04:00
+								        var token = await base.GenerateTwoFactorTokenAsync(user,
 								            CoreHelpers.CustomProviderName(TwoFactorProviderType.Email));
-												[EC-400] Code clean up Device Verification (#2601)

* EC-400 Clean up code regarding Unknown Device Verification

* EC-400 Fix formatting
											
										
										
											2023-02-17 10:15:28 -03:00
+								        await _mailService.SendTwoFactorEmailAsync(email, token);
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
-												Email verification for new devices (#1931)

* PS-56 Added Email 2FA on login with new devices that don't have any 2FA enabled

* PS-56 Fixed wrong argument in VerifyTwoFactor call
											
										
										
											2022-04-01 17:08:47 -03:00
+								    public async Task<bool> VerifyTwoFactorEmailAsync(User user, string token)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												Email verification for new devices (#1931)

* PS-56 Added Email 2FA on login with new devices that don't have any 2FA enabled

* PS-56 Fixed wrong argument in VerifyTwoFactor call
											
										
										
											2022-04-01 17:08:47 -03:00
+								        var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Email);
 								        if (provider == null || provider.MetaData == null || !provider.MetaData.ContainsKey("Email"))
-												two factor email setup

											
										
										
											2017-06-20 09:21:35 -04:00
+								        {
-												refactorings around two-factor controller

											
										
										
											2017-06-20 10:08:59 -04:00
+								            throw new ArgumentNullException("No email.");
-												two factor email setup

											
										
										
											2017-06-20 09:21:35 -04:00
+								        }
-												email 2fa is not case sensitive

											
										
										
											2017-11-02 23:29:58 -04:00
+								        var email = ((string)provider.MetaData["Email"]).ToLowerInvariant();
-												[PM-5518] Refactor Email Token Providers (#3784)

* new email token providers

* move email redaction to core helpers

* make token options configurable

* protected setters on options

* fix email token provider tests

* fix core tests

---------

Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
											
										
										
											2024-07-11 14:39:27 -04:00
+								        return await base.VerifyTwoFactorTokenAsync(user,
 								            CoreHelpers.CustomProviderName(TwoFactorProviderType.Email), token);
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												Email verification for new devices (#1931)

* PS-56 Added Email 2FA on login with new devices that don't have any 2FA enabled

* PS-56 Fixed wrong argument in VerifyTwoFactor call
											
										
										
											2022-04-01 17:08:47 -03:00
-												email 2fa is not case sensitive

											
										
										
											2017-11-02 23:29:58 -04:00
+								    public async Task<CredentialCreateOptions> StartWebAuthnRegistrationAsync(User user)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												WebAuthn (#903)


											
										
										
											2021-03-22 23:21:43 +01:00
+								        var providers = user.GetTwoFactorProviders();
-												Discourage user verification on WebAuthn enroll (#1322)


											
										
										
											2021-05-12 18:46:35 +02:00
+								        if (providers == null)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												email 2fa is not case sensitive

											
										
										
											2017-11-02 23:29:58 -04:00
+								            providers = new Dictionary<TwoFactorProviderType, TwoFactorProvider>();
-												two factor email setup

											
										
										
											2017-06-20 09:21:35 -04:00
+								        }
-												WebAuthn (#903)


											
										
										
											2021-03-22 23:21:43 +01:00
+								        var provider = user.GetTwoFactorProvider(TwoFactorProviderType.WebAuthn);
 								        if (provider == null)
-												initiating u2f registration

											
										
										
											2017-06-21 22:33:45 -04:00
+								        {
-												WebAuthn (#903)


											
										
										
											2021-03-22 23:21:43 +01:00
+								            provider = new TwoFactorProvider
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								            {
-												WebAuthn (#903)


											
										
										
											2021-03-22 23:21:43 +01:00
+								                Enabled = false
 								            };
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        }
-												WebAuthn (#903)


											
										
										
											2021-03-22 23:21:43 +01:00
+								        if (provider.MetaData == null)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												WebAuthn (#903)


											
										
										
											2021-03-22 23:21:43 +01:00
+								            provider.MetaData = new Dictionary<string, object>();
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								        }
-												initiating u2f registration

											
										
										
											2017-06-21 22:33:45 -04:00
-												Discourage user verification on WebAuthn enroll (#1322)


											
										
										
											2021-05-12 18:46:35 +02:00
+								        var fidoUser = new Fido2User
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								        {
-												WebAuthn (#903)


											
										
										
											2021-03-22 23:21:43 +01:00
+								            DisplayName = user.Name,
 								            Name = user.Email,
 								            Id = user.Id.ToByteArray(),
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								        };
-												add support for multiple u2f keys

											
										
										
											2018-10-08 14:38:11 -04:00
-												WebAuthn (#903)


											
										
										
											2021-03-22 23:21:43 +01:00
+								        var excludeCredentials = provider.MetaData
 								            .Where(k => k.Key.StartsWith("Key"))
 								            .Select(k => new TwoFactorProvider.WebAuthnData((dynamic)k.Value).Descriptor)
 								            .ToList();
-												add support for multiple u2f keys

											
										
										
											2018-10-08 14:38:11 -04:00
-												Discourage user verification on WebAuthn enroll (#1322)


											
										
										
											2021-05-12 18:46:35 +02:00
+								        var authenticatorSelection = new AuthenticatorSelection
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												WebAuthn (#903)


											
										
										
											2021-03-22 23:21:43 +01:00
+								            AuthenticatorAttachment = null,
-												Discourage user verification on WebAuthn enroll (#1322)


											
										
										
											2021-05-12 18:46:35 +02:00
+								            RequireResidentKey = false,
-												WebAuthn (#903)


											
										
										
											2021-03-22 23:21:43 +01:00
+								            UserVerification = UserVerificationRequirement.Discouraged
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        };
-												WebAuthn (#903)


											
										
										
											2021-03-22 23:21:43 +01:00
+								        var options = _fido2.RequestNewCredential(fidoUser, excludeCredentials, authenticatorSelection, AttestationConveyancePreference.None);
-												catch u2f exceptions

											
										
										
											2018-10-10 15:21:54 -04:00
-												WebAuthn (#903)


											
										
										
											2021-03-22 23:21:43 +01:00
+								        provider.MetaData["pending"] = options.ToJson();
 								        providers[TwoFactorProviderType.WebAuthn] = provider;
 								        user.SetTwoFactorProviders(providers);
 								        await UpdateTwoFactorProviderAsync(user, TwoFactorProviderType.WebAuthn, false);
 								        return options;
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												WebAuthn (#903)


											
										
										
											2021-03-22 23:21:43 +01:00
 								    public async Task<bool> CompleteWebAuthRegistrationAsync(User user, int id, string name, AuthenticatorAttestationRawResponse attestationResponse)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												WebAuthn (#903)


											
										
										
											2021-03-22 23:21:43 +01:00
+								        var keyId = $"Key{id}";
 								        var provider = user.GetTwoFactorProvider(TwoFactorProviderType.WebAuthn);
 								        if (!provider?.MetaData?.ContainsKey("pending") ?? true)
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								        {
-												WebAuthn (#903)


											
										
										
											2021-03-22 23:21:43 +01:00
+								            return false;
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        }
-												WebAuthn (#903)


											
										
										
											2021-03-22 23:21:43 +01:00
 								        var options = CredentialCreateOptions.FromJson((string)provider.MetaData["pending"]);
-												Upgrade FIDO2 library usage out of beta (#2579)


											
										
										
											2023-01-19 11:06:51 -05:00
+								        // Callback to ensure credential ID is unique. Always return true since we don't care if another
 								        // account uses the same 2FA key.
 								        IsCredentialIdUniqueToUserAsyncDelegate callback = (args, cancellationToken) => Task.FromResult(true);
-												WebAuthn (#903)


											
										
										
											2021-03-22 23:21:43 +01:00
 								        var success = await _fido2.MakeNewCredentialAsync(attestationResponse, options, callback);
-												initiating u2f registration

											
										
										
											2017-06-21 22:33:45 -04:00
-												WebAuthn (#903)


											
										
										
											2021-03-22 23:21:43 +01:00
+								        provider.MetaData.Remove("pending");
 								        provider.MetaData[keyId] = new TwoFactorProvider.WebAuthnData
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												WebAuthn (#903)


											
										
										
											2021-03-22 23:21:43 +01:00
+								            Name = name,
 								            Descriptor = new PublicKeyCredentialDescriptor(success.Result.CredentialId),
 								            PublicKey = success.Result.PublicKey,
 								            UserHandle = success.Result.User.Id,
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            SignatureCounter = success.Result.Counter,
-												WebAuthn (#903)


											
										
										
											2021-03-22 23:21:43 +01:00
+								            CredType = success.Result.CredType,
 								            RegDate = DateTime.Now,
 								            AaGuid = success.Result.Aaguid
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        };
-												add support for multiple u2f keys

											
										
										
											2018-10-08 14:38:11 -04:00
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								        var providers = user.GetTwoFactorProviders();
-												WebAuthn (#903)


											
										
										
											2021-03-22 23:21:43 +01:00
+								        providers[TwoFactorProviderType.WebAuthn] = provider;
 								        user.SetTwoFactorProviders(providers);
-												add support for multiple u2f keys

											
										
										
											2018-10-08 14:38:11 -04:00
+								        await UpdateTwoFactorProviderAsync(user, TwoFactorProviderType.WebAuthn);
 								        return true;
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												add support for multiple u2f keys

											
										
										
											2018-10-08 14:38:11 -04:00
-												WebAuthn (#903)


											
										
										
											2021-03-22 23:21:43 +01:00
+								    public async Task<bool> DeleteWebAuthnKeyAsync(User user, int id)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												verify email apis

											
										
										
											2017-07-05 15:35:46 -04:00
+								        var providers = user.GetTwoFactorProviders();
 								        if (providers == null)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												WebAuthn (#903)


											
										
										
											2021-03-22 23:21:43 +01:00
+								            return false;
-												initiating u2f registration

											
										
										
											2017-06-21 22:33:45 -04:00
+								        }
-												verify email apis and emails

											
										
										
											2017-07-01 23:20:19 -04:00
+								        var keyName = $"Key{id}";
 								        var provider = user.GetTwoFactorProvider(TwoFactorProviderType.WebAuthn);
 								        if (!provider?.MetaData?.ContainsKey(keyName) ?? true)
 								        {
-												verify email apis

											
										
										
											2017-07-05 15:35:46 -04:00
+								            return false;
-												verify email apis and emails

											
										
										
											2017-07-01 23:20:19 -04:00
+								        }
 								        if (provider.MetaData.Count < 2)
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								        {
-												verify email apis and emails

											
										
										
											2017-07-01 23:20:19 -04:00
+								            return false;
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								        }
-												verify email apis and emails

											
										
										
											2017-07-01 23:20:19 -04:00
+								        provider.MetaData.Remove(keyName);
-												WebAuthn (#903)


											
										
										
											2021-03-22 23:21:43 +01:00
+								        providers[TwoFactorProviderType.WebAuthn] = provider;
-												verify email apis and emails

											
										
										
											2017-07-01 23:20:19 -04:00
+								        user.SetTwoFactorProviders(providers);
 								        await UpdateTwoFactorProviderAsync(user, TwoFactorProviderType.WebAuthn);
 								        return true;
 								    }
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								    public async Task SendEmailVerificationAsync(User user)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        if (user.EmailVerified)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								            throw new BadRequestException("Email already verified.");
 								        }
 								        var token = await base.GenerateEmailConfirmationTokenAsync(user);
 								        await _mailService.SendVerifyEmailEmailAsync(user.Email, user.Id, token);
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								    public async Task InitiateEmailChangeAsync(User user, string newEmail)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												change email/password adjustments

											
										
										
											2017-04-17 14:53:07 -04:00
+								        var existingUser = await _userRepository.GetByEmailAsync(newEmail);
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								        if (existingUser != null)
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								        {
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								            await _mailService.SendChangeEmailAlreadyExistsEmailAsync(user.Email, newEmail);
 								            return;
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								        }
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        var token = await base.GenerateChangeEmailTokenAsync(user, newEmail);
 								        await _mailService.SendChangeEmailEmailAsync(newEmail, token);
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								    public async Task<IdentityResult> ChangeEmailAsync(User user, string masterPassword, string newEmail,
-												"user key" schema and api changes

											
										
										
											2017-05-31 09:54:32 -04:00
+								        string newMasterPassword, string token, string key)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        var verifyPasswordResult = _passwordHasher.VerifyHashedPassword(user, user.MasterPassword, masterPassword);
 								        if (verifyPasswordResult == PasswordVerificationResult.Failed)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								            return IdentityResult.Failed(_identityErrorDescriber.PasswordMismatch());
 								        }
-												change email/password adjustments

											
										
										
											2017-04-17 14:53:07 -04:00
+								        if (!await base.VerifyUserTokenAsync(user, _identityOptions.Tokens.ChangeEmailTokenProvider,
 								            GetChangeEmailTokenPurpose(newEmail), token))
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								        {
-												change email/password adjustments

											
										
										
											2017-04-17 14:53:07 -04:00
+								            return IdentityResult.Failed(_identityErrorDescriber.InvalidToken());
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								        }
-												change email/password adjustments

											
										
										
											2017-04-17 14:53:07 -04:00
+								        var existingUser = await _userRepository.GetByEmailAsync(newEmail);
 								        if (existingUser != null && existingUser.Id != user.Id)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												change email/password adjustments

											
										
										
											2017-04-17 14:53:07 -04:00
+								            return IdentityResult.Failed(_identityErrorDescriber.DuplicateEmail(newEmail));
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								        }
-												"user key" schema and api changes

											
										
										
											2017-05-31 09:54:32 -04:00
+								        var previousState = new
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												"user key" schema and api changes

											
										
										
											2017-05-31 09:54:32 -04:00
+								            Key = user.Key,
 								            MasterPassword = user.MasterPassword,
 								            SecurityStamp = user.SecurityStamp,
 								            Email = user.Email
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        };
-												"user key" schema and api changes

											
										
										
											2017-05-31 09:54:32 -04:00
+								        var result = await UpdatePasswordHash(user, newMasterPassword);
 								        if (!result.Succeeded)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												Transactionally safe user password and email change updates.

											
										
										
											2016-02-21 00:15:17 -05:00
+								            return result;
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        }
-												add timestamps to user table for security related events (#2660)

* add timestamps to user table for security related events

* ef migrations

* fix lint problems

* formatting

* add missing namespace back

* move `now` up some

* review fixes

* add missing view rebuild to migration script
											
										
										
											2023-02-02 14:39:57 -05:00
+								        var now = DateTime.UtcNow;
-												"user key" schema and api changes

											
										
										
											2017-05-31 09:54:32 -04:00
+								        user.Key = key;
 								        user.Email = newEmail;
 								        user.EmailVerified = true;
-												add timestamps to user table for security related events (#2660)

* add timestamps to user table for security related events

* ef migrations

* fix lint problems

* formatting

* add missing namespace back

* move `now` up some

* review fixes

* add missing view rebuild to migration script
											
										
										
											2023-02-02 14:39:57 -05:00
+								        user.RevisionDate = user.AccountRevisionDate = now;
 								        user.LastEmailChangeDate = now;
-												"user key" schema and api changes

											
										
										
											2017-05-31 09:54:32 -04:00
+								        await _userRepository.ReplaceAsync(user);
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
-												"user key" schema and api changes

											
										
										
											2017-05-31 09:54:32 -04:00
+								        if (user.Gateway == GatewayType.Stripe)
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        {
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								            try
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								            {
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								                await _stripeSyncService.UpdateCustomerEmailAddress(user.GatewayCustomerId,
 								                    user.BillingEmailAddress());
 								            }
-												Transactionally safe user password and email change updates.

											
										
										
											2016-02-21 00:15:17 -05:00
+								            catch (Exception ex)
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								            {
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								                //if sync to strip fails, update email and securityStamp to previous
-												[SG-72] Sync changed email address with stripe (#2042)

* sync changed email address with strip

* sync changed email address with strip

* fixed formatting

* throw exception if not successful

* Added revert if stripe sync fails

* Added revert if stripe sync fails

* Added revert if stripe sync fails

* created stripe sync service

* fixed lint issue

* reverted to use stripe exception message

* added null checks to customer id and email address

* added braces

* removed empty email
											
										
										
											2022-06-16 17:45:26 +01:00
+								                user.Key = previousState.Key;
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								                user.Email = previousState.Email;
-												cipher events

											
										
										
											2017-12-01 14:06:16 -05:00
+								                user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								                user.MasterPassword = previousState.MasterPassword;
-												[SG-72] Sync changed email address with stripe (#2042)

* sync changed email address with strip

* sync changed email address with strip

* fixed formatting

* throw exception if not successful

* Added revert if stripe sync fails

* Added revert if stripe sync fails

* Added revert if stripe sync fails

* created stripe sync service

* fixed lint issue

* reverted to use stripe exception message

* added null checks to customer id and email address

* added braces

* removed empty email
											
										
										
											2022-06-16 17:45:26 +01:00
+								                user.SecurityStamp = previousState.SecurityStamp;
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								                await _userRepository.ReplaceAsync(user);
 								                return IdentityResult.Failed(new IdentityError
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								                {
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								                    Description = ex.Message
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								                });
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								            }
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        }
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
-												[SG-199] Move MP hint to MP change form (#2080)

* chore: backend changes

* fixed: test

* fix: lint
											
										
										
											2022-07-11 09:28:14 -04:00
+								        await _pushService.PushLogOutAsync(user.Id);
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        return IdentityResult.Success;
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												[SG-199] Move MP hint to MP change form (#2080)

* chore: backend changes

* fixed: test

* fix: lint
											
										
										
											2022-07-11 09:28:14 -04:00
+								    public async Task<IdentityResult> ChangePasswordAsync(User user, string masterPassword, string newMasterPassword, string passwordHint,
 								        string key)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												Transactionally safe user password and email change updates.

											
										
										
											2016-02-21 00:15:17 -05:00
+								        if (user == null)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								            throw new ArgumentNullException(nameof(user));
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        }
-												[SG-199] Move MP hint to MP change form (#2080)

* chore: backend changes

* fixed: test

* fix: lint
											
										
										
											2022-07-11 09:28:14 -04:00
+								        if (await CheckPasswordAsync(user, masterPassword))
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												Transactionally safe user password and email change updates.

											
										
										
											2016-02-21 00:15:17 -05:00
+								            var result = await UpdatePasswordHash(user, newMasterPassword);
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            if (!result.Succeeded)
-												Transactionally safe user password and email change updates.

											
										
										
											2016-02-21 00:15:17 -05:00
+								            {
 								                return result;
 								            }
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
-												add timestamps to user table for security related events (#2660)

* add timestamps to user table for security related events

* ef migrations

* fix lint problems

* formatting

* add missing namespace back

* move `now` up some

* review fixes

* add missing view rebuild to migration script
											
										
										
											2023-02-02 14:39:57 -05:00
+								            var now = DateTime.UtcNow;
 								            user.RevisionDate = user.AccountRevisionDate = now;
 								            user.LastPasswordChangeDate = now;
-												[SG-72] Sync changed email address with stripe (#2042)

* sync changed email address with strip

* sync changed email address with strip

* fixed formatting

* throw exception if not successful

* Added revert if stripe sync fails

* Added revert if stripe sync fails

* Added revert if stripe sync fails

* created stripe sync service

* fixed lint issue

* reverted to use stripe exception message

* added null checks to customer id and email address

* added braces

* removed empty email
											
										
										
											2022-06-16 17:45:26 +01:00
+								            user.Key = key;
-												cipher events

											
										
										
											2017-12-01 14:06:16 -05:00
+								            user.MasterPasswordHint = passwordHint;
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
-												"user key" schema and api changes

											
										
										
											2017-05-31 09:54:32 -04:00
+								            await _userRepository.ReplaceAsync(user);
 								            await _eventService.LogUserEventAsync(user.Id, EventType.User_ChangedPassword);
-												Ps 1904 (#2439)

* Add self host notification launch settings

* Exclude current context from push for password updates

This is needed to allow the current context to process a key
rotation if one is being done.

Does not change any other call to `PushLogOut`.

* Revert inverted exclude logic

This exclude is referring to exempting the requesting client
from the notification push.
											
										
										
											2022-11-24 11:25:16 -05:00
+								            await _pushService.PushLogOutAsync(user.Id, true);
-												If no ciphers yet, just save user when changing password/email

											
										
										
											2016-10-05 22:03:02 -04:00
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								            return IdentityResult.Success;
 								        }
-												Transactionally safe user password and email change updates.

											
										
										
											2016-02-21 00:15:17 -05:00
+								        Logger.LogWarning("Change password failed for user {userId}.", user.Id);
 								        return IdentityResult.Failed(_identityErrorDescriber.PasswordMismatch());
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												Removed security stamp rotation during set-password SSO flow (#933)


											
										
										
											2020-09-14 14:27:30 -05:00
+								    public async Task<IdentityResult> SetKeyConnectorKeyAsync(User user, string key, string orgIdentifier)
 								    {
 								        var identityResult = CheckCanUseKeyConnector(user);
 								        if (identityResult != null)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												Removed security stamp rotation during set-password SSO flow (#933)


											
										
										
											2020-09-14 14:27:30 -05:00
+								            return identityResult;
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								        }
-												SSO support (#862)

* [SSO] Added change password API (#836)

* Created API for updating password with no current comparison

* Changed name of method and request // Added user has password error flow

* Updated user service method name // Updated string null/empty check

* Replaced hardcoded sso domain hints with config loader (#850)

* Replaced hardcoded sso domain hints with config loader

* use async/await for sso config loader

* Update AccountsController.cs

Co-authored-by: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com>
Co-authored-by: Matt Portune <mportune@bitwarden.com>
Co-authored-by: Matt Portune <59324545+mportune-bw@users.noreply.github.com>
											
										
										
											2020-08-12 17:03:09 -04:00
 								        user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								        user.Key = key;
-												SSO support (#862)

* [SSO] Added change password API (#836)

* Created API for updating password with no current comparison

* Changed name of method and request // Added user has password error flow

* Updated user service method name // Updated string null/empty check

* Replaced hardcoded sso domain hints with config loader (#850)

* Replaced hardcoded sso domain hints with config loader

* use async/await for sso config loader

* Update AccountsController.cs

Co-authored-by: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com>
Co-authored-by: Matt Portune <mportune@bitwarden.com>
Co-authored-by: Matt Portune <59324545+mportune-bw@users.noreply.github.com>
											
										
										
											2020-08-12 17:03:09 -04:00
+								        user.UsesKeyConnector = true;
 								        await _userRepository.ReplaceAsync(user);
 								        await _eventService.LogUserEventAsync(user.Id, EventType.User_MigratedKeyToKeyConnector);
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
-												Auth/PM-3275 - Changes to support TDE User without MP being able to Set a Password + misc refactoring (#3242)

* PM-3275 - Add new GetMasterPasswordPolicy endpoint which will allow authenticated clients to get an enabled MP org policy if it exists for the purposes of enforcing those policy requirements when setting a password.

* PM-3275 - AccountsController.cs - PostSetPasswordAsync - (1) Convert UserService.setPasswordAsync into new SetInitialMasterPasswordCommand (2) Refactor SetInitialMasterPasswordCommand to only accept post SSO users who are in the invited state
(3) Add TODOs for more cleanup work and more commands

* PM-3275 - Update AccountsControllerTests.cs to add new SetInitialMasterPasswordCommand

* PM-3275 - UserService.cs - Remove non implemented ChangePasswordAsync method

* PM-3275 - The new SetInitialMasterPasswordCommand leveraged the OrganizationService.cs AcceptUserAsync method so while I was in here I converted the AcceptUserAsync methods into a new AcceptOrgUserCommand.cs and turned the private method which accepted an existing org user public for use in the SetInitialMasterPasswordCommand

* PM-3275 - Dotnet format

* PM-3275 - Test SetInitialMasterPasswordCommand

* Dotnet format

* PM-3275 - In process AcceptOrgUserCommandTests.cs

* PM-3275 - Migrate changes from AC-244 / #3199 over into new AcceptOrgUserCommand

* PM-3275 - AcceptOrgUserCommand.cs - create data protector specifically for this command

* PM-3275 - Add TODO for renaming / removing overloading of methods to improve readability / clarity

* PM-3275 - AcceptOrgUserCommand.cs - refactor AcceptOrgUserAsync by OrgId to retrieve orgUser with _organizationUserRepository.GetByOrganizationAsync which gets a single user instead of a collection

* PM-3275 - AcceptOrgUserCommand.cs - update name in TODO for evaluation later

* PM-3275 / PM-1196 - (1) Slightly refactor SsoEmail2faSessionTokenable to provide public static GetTokenLifeTime() method for testing (2) Add missed tests to SsoEmail2faSessionTokenable in preparation for building tests for new OrgUserInviteTokenable.cs

* PM-3275 / PM-1196 - Removing SsoEmail2faSessionTokenable.cs changes + tests as I've handled that separately in a new PR (#3270) for newly created task PM-3925

* PM-3275 - ExpiringTokenable.cs - add clarifying comments to help distinguish between the Valid property and the TokenIsValid method.

* PM-3275 - Create OrgUserInviteTokenable.cs and add tests in OrgUserInviteTokenableTests.cs

* PM-3275 - OrganizationService.cs - Refactor Org User Invite methods to use new OrgUserInviteTokenable instead of manual creation of a token

* PM-3275 - OrgUserInviteTokenable.cs - clarify backwards compat note

* PM-3275 - AcceptOrgUserCommand.cs - Add TODOs + minor name refactor

* PM-3275 - AcceptOrgUserCommand.cs - replace method overloading with more easily readable names.

* PM-3275 - AcceptOrgUserCommand.cs - Update ValidateOrgUserInviteToken to add new token validation while maintaining backwards compatibility for 1 release.

* dotnet format

* PM-3275 - AcceptOrgUserCommand.cs - Move private method below where it is used

* PM-3275 - ServiceCollectionExtensions.cs - Must register IDataProtectorTokenFactory<OrgUserInviteTokenable> for new tokenable

* PM-3275 - OrgUserInviteTokenable needed access to global settings to set its token lifetime to the _globalSettings.OrganizationInviteExpirationHours value.  Creating a factory seemed the most straightforward way to encapsulate the desired creation logic. Unsure if in the correct location in ServiceCollectionExtensions.cs but will figure that out later.

* PM-3275 - In process work of creating AcceptOrgUserCommandTests.cs

* PM-3275 - Remove no longer relevant AcceptOrgUser tests from OrganizationServiceTests.cs

* PM-3275 - Register OrgUserInviteTokenableFactory alongside tokenizer

* PM-3275 - AcceptOrgUserCommandTests.cs - AcceptOrgUserAsync basic test suite completed.

* PM-3275 - AcceptOrgUserCommandTests.cs - tweak test names

* PM-3275 - AcceptOrgUserCommandTests.cs - (1) Remove old tests from OrganizationServiceTests as no longer needed to reference (2) Add summary for SetupCommonAcceptOrgUserMocks (3) Get AcceptOrgUserByToken_OldToken_AcceptsUserAndVerifiesEmail passing

* PM-3275 - Create interface for OrgUserInviteTokenableFactory b/c that's the right thing to do + enables test substitution

* PM-3275 - AcceptOrgUserCommandTests.cs - (1) Start work on AcceptOrgUserByToken_NewToken_AcceptsUserAndVerifiesEmail (2) Create and use SetupCommonAcceptOrgUserByTokenMocks() (3) Create generic FakeDataProtectorTokenFactory for tokenable testing

* PM-3275 - (1) Get AcceptOrgUserByToken_NewToken_AcceptsUserAndVerifiesEmail test passing (2) Move FakeDataProtectorTokenFactory to own file

* PM-3275 - AcceptOrgUserCommandTests.cs - Finish up tests for AcceptOrgUserByTokenAsync

* PM-3275 - Add pseudo section comments

* PM-3275 - Clean up unused params on AcceptOrgUserByToken_EmailMismatch_ThrowsBadRequest test

* PM-3275 - (1) Tests written for AcceptOrgUserByOrgSsoIdAsync (2) Refactor happy path assertions into helper function AssertValidAcceptedOrgUser to reduce code duplication

* PM-3275 - Finish up testing AcceptOrgUserCommandTests.cs by adding tests for AcceptOrgUserByOrgIdAsync

* PM-3275 - Tweaking test naming to ensure consistency.

* PM-3275 - Bugfix - OrgUserInviteTokenableFactory implementation required when declaring singleton service in ServiceCollectionExtensions.cs

* PM-3275 - Resolve failing OrganizationServiceTests.cs

* dotnet format

* PM-3275 - PoliciesController.cs - GetMasterPasswordPolicy bugfix - for orgs without a MP policy, policy comes back as null and we should return notFound in that case.

* PM-3275 - Add PoliciesControllerTests.cs specifically for new GetMasterPasswordPolicy(...) endpoint.

* PM-3275 - dotnet format PoliciesControllerTests.cs

* PM-3275 - PoliciesController.cs - (1) Add tech debt task number (2) Properly flag endpoint as deprecated

* PM-3275 - Add new hasManageResetPasswordPermission property to ProfileResponseModel.cs primarily for sync so that we can condition client side if TDE user obtains elevated permissions

* PM-3275 - Fix AccountsControllerTests.cs

* PM-3275 - OrgUserInviteTokenable.cs - clarify TODO

* PM-3275 - AcceptOrgUserCommand.cs - Refactor token validation to use short circuiting to only run old token validation if new token validation fails.

* PM-3275 - OrgUserInviteTokenable.cs - (1) Add new static methods to centralize validation logic to avoid repetition (2) Add new token validation method so we can avoid having to pass in a full org user (and hitting the db to do so)

* PM-3275 - Realized that the old token validation was used in the PoliciesController.cs (existing user clicks invite link in email and goes to log in) and UserService.cs (user clicks invite link in email and registers for a new acct). Added tech debt item for cleaning up backwards compatibility in future.

* dotnet format

* PM-3275 - (1) AccountsController.cs - Update PostSetPasswordAsync SetPasswordRequestModel to allow null keys for the case where we have a TDE user who obtains elevated permissions - they already have a user public and user encrypted private key saved in the db. (2) AccountsControllerTests.cs - test PostSetPasswordAsync scenarios to ensure changes will work as expected.

* PM-3275 - PR review feedback - (1) set CurrentContext to private (2) Refactor GetProfile to use variables to improve clarity and simplify debugging.

* PM-3275 - SyncController.cs - PR Review Feedback - Set current context as private instead of protected.

* PM-3275 - CurrentContextExtensions.cs - PR Feedback - move parenthesis up from own line.

* PM-3275 - SetInitialMasterPasswordCommandTests.cs - Replace unnecessary variable

* PM-3275 - SetInitialMasterPasswordCommandTests.cs - PR Feedback - Add expected outcome statement to test name

* PM-3275 - Set Initial Password command and tests - PR Feedback changes - (1) Rename orgIdentifier --> OrgSsoIdentifier for clarity (2) Update SetInitialMasterPasswordAsync to not allow null orgSsoId with explicit message saying this vs letting null org trigger invalid organization (3) Add test to cover this new scenario.

* PM-3275 - SetInitialMasterPasswordCommand.cs - Move summary from implementation to interface to better respect standards and the fact that the interface is the more seen piece of code.

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, rename AcceptOrgUserByTokenAsync -> AcceptOrgUserByEmailTokenAsync + replace generic name token with emailToken

* PM-3275 - OrganizationService.cs - Per PR feedback, remove dupe line

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, remove new lines in error messages for consistency.

* PM-3275 - SetInitialMasterPasswordCommand.cs - Per PR feedback, adjust formatting of constructor for improved readability.

* PM-3275 - CurrentContextExtensions.cs - Refactor AnyOrgUserHasManageResetPasswordPermission per PR feedback to remove unnecessary var.

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, remove completed TODO

* PM-3275 - PoliciesController.cs - Per PR feedback, update GetByInvitedUser param to be guid instead of string.

* PM-3275 - OrgUserInviteTokenable.cs - per PR feedback, add tech debt item info.

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, use const purpose from tokenable instead of magic string.

* PM-3275 - Restore non duplicate line to fix tests

* PM-3275 - Per PR feedback, revert all sync controller changes as the ProfileResponseModel.organizations array has org objects which have permissions which have the ManageResetPassword permission.  So, I have the information that I need clientside already to determine if the user has the ManageResetPassword in any org.

* PM-3275 - PoliciesControllerTests.cs - Update imports as the PoliciesController was moved under the admin console team's domain.

* PM-3275 - Resolve issues from merge conflict resolutions to get solution building.

* PM-3275 / PM-4633 - PoliciesController.cs - use orgUserId to look up user instead of orgId. Oops.

* Fix user service tests

* Resolve merge conflict
											
										
										
											2023-11-02 11:02:25 -04:00
+								        await _acceptOrgUserCommand.AcceptOrgUserByOrgSsoIdAsync(orgIdentifier, user, this);
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
-												SSO support (#862)

* [SSO] Added change password API (#836)

* Created API for updating password with no current comparison

* Changed name of method and request // Added user has password error flow

* Updated user service method name // Updated string null/empty check

* Replaced hardcoded sso domain hints with config loader (#850)

* Replaced hardcoded sso domain hints with config loader

* use async/await for sso config loader

* Update AccountsController.cs

Co-authored-by: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com>
Co-authored-by: Matt Portune <mportune@bitwarden.com>
Co-authored-by: Matt Portune <59324545+mportune-bw@users.noreply.github.com>
											
										
										
											2020-08-12 17:03:09 -04:00
+								        return IdentityResult.Success;
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								    }
-												SSO support (#862)

* [SSO] Added change password API (#836)

* Created API for updating password with no current comparison

* Changed name of method and request // Added user has password error flow

* Updated user service method name // Updated string null/empty check

* Replaced hardcoded sso domain hints with config loader (#850)

* Replaced hardcoded sso domain hints with config loader

* use async/await for sso config loader

* Update AccountsController.cs

Co-authored-by: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com>
Co-authored-by: Matt Portune <mportune@bitwarden.com>
Co-authored-by: Matt Portune <59324545+mportune-bw@users.noreply.github.com>
											
										
										
											2020-08-12 17:03:09 -04:00
+								    public async Task<IdentityResult> ConvertToKeyConnectorAsync(User user)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												Add check to ensure admins or owners arn't enrolled in key connector (#1725)


											
										
										
											2021-11-18 21:56:13 +01:00
+								        var identityResult = CheckCanUseKeyConnector(user);
 								        if (identityResult != null)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												SSO support (#862)

* [SSO] Added change password API (#836)

* Created API for updating password with no current comparison

* Changed name of method and request // Added user has password error flow

* Updated user service method name // Updated string null/empty check

* Replaced hardcoded sso domain hints with config loader (#850)

* Replaced hardcoded sso domain hints with config loader

* use async/await for sso config loader

* Update AccountsController.cs

Co-authored-by: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com>
Co-authored-by: Matt Portune <mportune@bitwarden.com>
Co-authored-by: Matt Portune <59324545+mportune-bw@users.noreply.github.com>
											
										
										
											2020-08-12 17:03:09 -04:00
+								            return identityResult;
 								        }
-												Add support for crypto agent (#1623)


											
										
										
											2021-10-25 15:09:14 +02:00
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								        user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
 								        user.MasterPassword = null;
 								        user.UsesKeyConnector = true;
-												Add support for crypto agent (#1623)


											
										
										
											2021-10-25 15:09:14 +02:00
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								        await _userRepository.ReplaceAsync(user);
 								        await _eventService.LogUserEventAsync(user.Id, EventType.User_MigratedKeyToKeyConnector);
-												Add support for crypto agent (#1623)


											
										
										
											2021-10-25 15:09:14 +02:00
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								        return IdentityResult.Success;
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												Add support for crypto agent (#1623)


											
										
										
											2021-10-25 15:09:14 +02:00
 								    private IdentityResult CheckCanUseKeyConnector(User user)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												Add support for crypto agent (#1623)


											
										
										
											2021-10-25 15:09:14 +02:00
+								        if (user == null)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												Add support for crypto agent (#1623)


											
										
										
											2021-10-25 15:09:14 +02:00
+								            throw new ArgumentNullException(nameof(user));
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        }
-												Add support for crypto agent (#1623)


											
										
										
											2021-10-25 15:09:14 +02:00
-												Key Connector feature toggle (#1716)


											
										
										
											2021-11-17 11:46:35 +01:00
+								        if (user.UsesKeyConnector)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												Key Connector feature toggle (#1716)


											
										
										
											2021-11-17 11:46:35 +01:00
+								            Logger.LogWarning("Already uses Key Connector.");
-												Add support for crypto agent (#1623)


											
										
										
											2021-10-25 15:09:14 +02:00
+								            return IdentityResult.Failed(_identityErrorDescriber.UserAlreadyHasPassword());
 								        }
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								        if (_currentContext.Organizations.Any(u =>
 								                u.Type is OrganizationUserType.Owner or OrganizationUserType.Admin))
-												Add check to ensure admins or owners arn't enrolled in key connector (#1725)


											
										
										
											2021-11-18 21:56:13 +01:00
+								        {
 								            throw new BadRequestException("Cannot use Key Connector when admin or owner of an organization.");
 								        }
 								        return null;
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												Add check to ensure admins or owners arn't enrolled in key connector (#1725)


											
										
										
											2021-11-18 21:56:13 +01:00
 								    public async Task<IdentityResult> AdminResetPasswordAsync(OrganizationUserType callingUserType, Guid orgId, Guid id, string newMasterPassword, string key)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												Add check to ensure admins or owners arn't enrolled in key connector (#1725)


											
										
										
											2021-11-18 21:56:13 +01:00
+								        // Org must be able to use reset password
 								        var org = await _organizationRepository.GetByIdAsync(orgId);
 								        if (org == null || !org.UseResetPassword)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												Add check to ensure admins or owners arn't enrolled in key connector (#1725)


											
										
										
											2021-11-18 21:56:13 +01:00
+								            throw new BadRequestException("Organization does not allow password reset.");
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        }
-												Add check to ensure admins or owners arn't enrolled in key connector (#1725)


											
										
										
											2021-11-18 21:56:13 +01:00
 								        // Enterprise policy must be enabled
-												[Reset Password] Get/Post Org Keys and API updates (#1323)

* [Reset Password] Organization Keys APIs

* Updated details response to include private key and added more security checks for reset password methods

* Added org type and policy security checks to the enrollment api

* Updated based on PR feedback

* Added org user type permission checks

* Added TODO for email to user

* Removed unecessary policyRepository object
											
										
										
											2021-05-19 09:40:32 -05:00
+								        var resetPasswordPolicy =
-												Add check to ensure admins or owners arn't enrolled in key connector (#1725)


											
										
										
											2021-11-18 21:56:13 +01:00
+								            await _policyRepository.GetByOrganizationIdTypeAsync(orgId, PolicyType.ResetPassword);
 								        if (resetPasswordPolicy == null || !resetPasswordPolicy.Enabled)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												Add check to ensure admins or owners arn't enrolled in key connector (#1725)


											
										
										
											2021-11-18 21:56:13 +01:00
+								            throw new BadRequestException("Organization does not have the password reset policy enabled.");
 								        }
 								        // Org User must be confirmed and have a ResetPasswordKey
 								        var orgUser = await _organizationUserRepository.GetByIdAsync(id);
 								        if (orgUser == null || orgUser.Status != OrganizationUserStatusType.Confirmed ||
 								            orgUser.OrganizationId != orgId || string.IsNullOrEmpty(orgUser.ResetPasswordKey) ||
-												[Reset Password] Get/Post Org Keys and API updates (#1323)

* [Reset Password] Organization Keys APIs

* Updated details response to include private key and added more security checks for reset password methods

* Added org type and policy security checks to the enrollment api

* Updated based on PR feedback

* Added org user type permission checks

* Added TODO for email to user

* Removed unecessary policyRepository object
											
										
										
											2021-05-19 09:40:32 -05:00
+								            !orgUser.UserId.HasValue)
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								        {
 								            throw new BadRequestException("Organization User not valid");
 								        }
-												Key Connector feature toggle (#1716)


											
										
										
											2021-11-17 11:46:35 +01:00
+								        // Calling User must be of higher/equal user type to reset user's password
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								        var canAdjustPassword = false;
 								        switch (callingUserType)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								            case OrganizationUserType.Owner:
-												[Reset Password] Get/Post Org Keys and API updates (#1323)

* [Reset Password] Organization Keys APIs

* Updated details response to include private key and added more security checks for reset password methods

* Added org type and policy security checks to the enrollment api

* Updated based on PR feedback

* Added org user type permission checks

* Added TODO for email to user

* Removed unecessary policyRepository object
											
										
										
											2021-05-19 09:40:32 -05:00
+								                canAdjustPassword = true;
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								                break;
-												[Reset Password] Get/Post Org Keys and API updates (#1323)

* [Reset Password] Organization Keys APIs

* Updated details response to include private key and added more security checks for reset password methods

* Added org type and policy security checks to the enrollment api

* Updated based on PR feedback

* Added org user type permission checks

* Added TODO for email to user

* Removed unecessary policyRepository object
											
										
										
											2021-05-19 09:40:32 -05:00
+								            case OrganizationUserType.Admin:
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								                canAdjustPassword = orgUser.Type != OrganizationUserType.Owner;
 								                break;
-												[Reset Password] Get/Post Org Keys and API updates (#1323)

* [Reset Password] Organization Keys APIs

* Updated details response to include private key and added more security checks for reset password methods

* Added org type and policy security checks to the enrollment api

* Updated based on PR feedback

* Added org user type permission checks

* Added TODO for email to user

* Removed unecessary policyRepository object
											
										
										
											2021-05-19 09:40:32 -05:00
+								            case OrganizationUserType.Custom:
 								                canAdjustPassword = orgUser.Type != OrganizationUserType.Owner &&
 								                    orgUser.Type != OrganizationUserType.Admin;
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								                break;
 								        }
-												Add check to ensure admins or owners arn't enrolled in key connector (#1725)


											
										
										
											2021-11-18 21:56:13 +01:00
+								        if (!canAdjustPassword)
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								        {
-												Add check to ensure admins or owners arn't enrolled in key connector (#1725)


											
										
										
											2021-11-18 21:56:13 +01:00
+								            throw new BadRequestException("Calling user does not have permission to reset this user's master password");
 								        }
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
-												Add check to ensure admins or owners arn't enrolled in key connector (#1725)


											
										
										
											2021-11-18 21:56:13 +01:00
+								        var user = await GetUserByIdAsync(orgUser.UserId.Value);
 								        if (user == null)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												[Reset Password] Get/Post Org Keys and API updates (#1323)

* [Reset Password] Organization Keys APIs

* Updated details response to include private key and added more security checks for reset password methods

* Added org type and policy security checks to the enrollment api

* Updated based on PR feedback

* Added org user type permission checks

* Added TODO for email to user

* Removed unecessary policyRepository object
											
										
										
											2021-05-19 09:40:32 -05:00
+								            throw new NotFoundException();
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								        }
-												[Reset Password] Get/Post Org Keys and API updates (#1323)

* [Reset Password] Organization Keys APIs

* Updated details response to include private key and added more security checks for reset password methods

* Added org type and policy security checks to the enrollment api

* Updated based on PR feedback

* Added org user type permission checks

* Added TODO for email to user

* Removed unecessary policyRepository object
											
										
										
											2021-05-19 09:40:32 -05:00
+								        if (user.UsesKeyConnector)
-												[Reset Password] Admin reset actions (#1272)

* [Reset Password] Admin reset actions

* Updated thrown except for permission collision

* Updated GET/PUT password reset to use orgUser.Id for db operations
											
										
										
											2021-04-20 16:58:57 -05:00
+								        {
-												[Reset Password] Get/Post Org Keys and API updates (#1323)

* [Reset Password] Organization Keys APIs

* Updated details response to include private key and added more security checks for reset password methods

* Added org type and policy security checks to the enrollment api

* Updated based on PR feedback

* Added org user type permission checks

* Added TODO for email to user

* Removed unecessary policyRepository object
											
										
										
											2021-05-19 09:40:32 -05:00
+								            throw new BadRequestException("Cannot reset password of a user with Key Connector.");
 								        }
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
-												[Reset Password] Get/Post Org Keys and API updates (#1323)

* [Reset Password] Organization Keys APIs

* Updated details response to include private key and added more security checks for reset password methods

* Added org type and policy security checks to the enrollment api

* Updated based on PR feedback

* Added org user type permission checks

* Added TODO for email to user

* Removed unecessary policyRepository object
											
										
										
											2021-05-19 09:40:32 -05:00
+								        var result = await UpdatePasswordHash(user, newMasterPassword);
 								        if (!result.Succeeded)
 								        {
 								            return result;
 								        }
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
-												[Reset Password] Get/Post Org Keys and API updates (#1323)

* [Reset Password] Organization Keys APIs

* Updated details response to include private key and added more security checks for reset password methods

* Added org type and policy security checks to the enrollment api

* Updated based on PR feedback

* Added org user type permission checks

* Added TODO for email to user

* Removed unecessary policyRepository object
											
										
										
											2021-05-19 09:40:32 -05:00
+								        user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
-												Update user last password change (#4685)


											
										
										
											2024-08-20 16:20:56 -07:00
+								        user.LastPasswordChangeDate = user.RevisionDate;
-												[Reset Password] Get/Post Org Keys and API updates (#1323)

* [Reset Password] Organization Keys APIs

* Updated details response to include private key and added more security checks for reset password methods

* Added org type and policy security checks to the enrollment api

* Updated based on PR feedback

* Added org user type permission checks

* Added TODO for email to user

* Removed unecessary policyRepository object
											
										
										
											2021-05-19 09:40:32 -05:00
+								        user.ForcePasswordReset = true;
-												Update user last password change (#4685)


											
										
										
											2024-08-20 16:20:56 -07:00
+								        user.Key = key;
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
-												[Reset Password] Get/Post Org Keys and API updates (#1323)

* [Reset Password] Organization Keys APIs

* Updated details response to include private key and added more security checks for reset password methods

* Added org type and policy security checks to the enrollment api

* Updated based on PR feedback

* Added org user type permission checks

* Added TODO for email to user

* Removed unecessary policyRepository object
											
										
										
											2021-05-19 09:40:32 -05:00
+								        await _userRepository.ReplaceAsync(user);
-												[AC-1637] Sanitize Business and Organization Names from html script injection prior to storing in db (#3302)

* [AC-1637] Added HtmlEncodingStringConverter to encode/decode special chars on JSON serialization/deserialization

* [AC-1637] Added unit tests for HtmlEncodingStringConverter

* [AC-1637] Moved expected values on unit tests to the arrange phase

* [AC-1637] Added HtmlEncodingStringConverter to properties that are for input/output of Org Name and Business name

* [AC-1637] Modified views in Admin project to decode values to display

* [AC-1637] Replaced Html.Raw with HttpUtility.HtmlDecode

* [AC-1637] Added JsonConverter to Provider DTOs

* [AC-1637] Modified HandlebarsMailService to decode organization name before sending emails

* Revert "[AC-1637] Added JsonConverter to Provider DTOs"

This reverts commit 94d507cf93e4c9f7f02890b9286dba90bad3f516.

* [AC-1637] Fixed Admin panel organization search

* [AC-1637] Sanitizing Organization name and business name on creation in Admin panel

* [AC-1637] Sanitizing organization name and business name on creation by a provider

* [AC-1637] Sanitizing provider name on creation and on viewing in admin panel

* [AC-1637] Added sanitization to more places where Org name is used

* [AC-1637] Swapped using HttpUtility for WebUtility since the later is part of the dotnet framework

* [AC-1637] Updated error messages

* [AC-1637] Decoding on Admin panel add existing organization

* [AC-1637] Fix HTML decoding issues

* [AC-1637] Refactor HTML decoding in View and Model classes on Admin panel

* [AC-1637] Refactor provider name and business name usages to use methods that output decoded values

* [AC-1637] Fixed typo

* [AC-1637] Renamed Provider methods to retrieve Decoded Name and BusinessName

* [AC-1637] Renamed Organization methods to retrieve Decoded Name and BusinessName

* [AC-1637] Update the display name method in the `ProviderOrganizationOrganizationDetails` class to `DisplayName()`
											
										
										
											2024-03-05 10:56:48 +00:00
+								        await _mailService.SendAdminResetPasswordEmailAsync(user.Email, user.Name, org.DisplayName());
-												[Reset Password] Get/Post Org Keys and API updates (#1323)

* [Reset Password] Organization Keys APIs

* Updated details response to include private key and added more security checks for reset password methods

* Added org type and policy security checks to the enrollment api

* Updated based on PR feedback

* Added org user type permission checks

* Added TODO for email to user

* Removed unecessary policyRepository object
											
										
										
											2021-05-19 09:40:32 -05:00
+								        await _eventService.LogOrganizationUserEventAsync(orgUser, EventType.OrganizationUser_AdminResetPassword);
 								        await _pushService.PushLogOutAsync(user.Id);
 								        return IdentityResult.Success;
 								    }
 								    public async Task<IdentityResult> UpdateTempPasswordAsync(User user, string newMasterPassword, string key, string hint)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												[Reset Password] Get/Post Org Keys and API updates (#1323)

* [Reset Password] Organization Keys APIs

* Updated details response to include private key and added more security checks for reset password methods

* Added org type and policy security checks to the enrollment api

* Updated based on PR feedback

* Added org user type permission checks

* Added TODO for email to user

* Removed unecessary policyRepository object
											
										
										
											2021-05-19 09:40:32 -05:00
+								        if (!user.ForcePasswordReset)
 								        {
 								            throw new BadRequestException("User does not have a temporary password to update.");
 								        }
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
-												Key Connector feature toggle (#1716)


											
										
										
											2021-11-17 11:46:35 +01:00
+								        var result = await UpdatePasswordHash(user, newMasterPassword);
 								        if (!result.Succeeded)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												Key Connector feature toggle (#1716)


											
										
										
											2021-11-17 11:46:35 +01:00
+								            return result;
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								        }
-												[Reset Password] Admin reset actions (#1272)

* [Reset Password] Admin reset actions

* Updated thrown except for permission collision

* Updated GET/PUT password reset to use orgUser.Id for db operations
											
										
										
											2021-04-20 16:58:57 -05:00
+								        user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
 								        user.ForcePasswordReset = false;
-												[Reset Password v1] Update Temporary Password API (#1481)

* [Reset Password v1] Update Temporary Password API

* Fixed Noop interface
											
										
										
											2021-07-22 09:20:14 -05:00
+								        user.Key = key;
-												[Reset Password] Admin reset actions (#1272)

* [Reset Password] Admin reset actions

* Updated thrown except for permission collision

* Updated GET/PUT password reset to use orgUser.Id for db operations
											
										
										
											2021-04-20 16:58:57 -05:00
+								        user.MasterPasswordHint = hint;
 								        await _userRepository.ReplaceAsync(user);
 								        await _mailService.SendUpdatedTempPasswordEmailAsync(user.Email, user.Name);
 								        await _eventService.LogUserEventAsync(user.Id, EventType.User_UpdatedTempPassword);
 								        await _pushService.PushLogOutAsync(user.Id);
-												[Reset Password] Added new event type for admin password reset (#1350)


											
										
										
											2021-05-26 15:51:54 -05:00
+								        return IdentityResult.Success;
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												[Reset Password] Admin reset actions (#1272)

* [Reset Password] Admin reset actions

* Updated thrown except for permission collision

* Updated GET/PUT password reset to use orgUser.Id for db operations
											
										
										
											2021-04-20 16:58:57 -05:00
 								    public async Task<IdentityResult> ChangeKdfAsync(User user, string masterPassword, string newMasterPassword,
-												[PS-2267] Add KdfMemory and KDFParallelism fields (#2583)

* Add KdfMemory and KDFParallelism fields

* Revise argon2 support

This pull request makes the new attribues for argon2, kdfMemory and
kdfParallelism optional. Furthermore it adds checks for the argon2
parametrs and improves the database migration script.

* Add validation for argon2 in RegisterRequestModel

* update validation messages

* update sql scripts

* register data protection with migration factories

* add ef migrations

* update kdf option validation

* adjust validation

* Centralize and Test KDF Validation

Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com>
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
											
										
										
											2023-01-25 13:56:54 +01:00
+								        string key, KdfType kdf, int kdfIterations, int? kdfMemory, int? kdfParallelism)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								        if (user == null)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												[Reset Password] Admin reset actions (#1272)

* [Reset Password] Admin reset actions

* Updated thrown except for permission collision

* Updated GET/PUT password reset to use orgUser.Id for db operations
											
										
										
											2021-04-20 16:58:57 -05:00
+								            throw new ArgumentNullException(nameof(user));
 								        }
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
-												[Reset Password v1] Updated force password reset models (#1492)


											
										
										
											2021-08-05 13:00:24 -05:00
+								        if (await CheckPasswordAsync(user, masterPassword))
-												[Reset Password v1] Update Temporary Password API (#1481)

* [Reset Password v1] Update Temporary Password API

* Fixed Noop interface
											
										
										
											2021-07-22 09:20:14 -05:00
+								        {
 								            var result = await UpdatePasswordHash(user, newMasterPassword);
 								            if (!result.Succeeded)
 								            {
 								                return result;
 								            }
-												add timestamps to user table for security related events (#2660)

* add timestamps to user table for security related events

* ef migrations

* fix lint problems

* formatting

* add missing namespace back

* move `now` up some

* review fixes

* add missing view rebuild to migration script
											
										
										
											2023-02-02 14:39:57 -05:00
+								            var now = DateTime.UtcNow;
 								            user.RevisionDate = user.AccountRevisionDate = now;
 								            user.LastKdfChangeDate = now;
-												[Reset Password v1] Update Temporary Password API (#1481)

* [Reset Password v1] Update Temporary Password API

* Fixed Noop interface
											
										
										
											2021-07-22 09:20:14 -05:00
+								            user.Key = key;
-												support for user defined kdf parameters

											
										
										
											2018-08-14 15:30:04 -04:00
+								            user.Kdf = kdf;
-												[Reset Password v1] Updated force password reset models (#1492)


											
										
										
											2021-08-05 13:00:24 -05:00
+								            user.KdfIterations = kdfIterations;
-												[PS-2267] Add KdfMemory and KDFParallelism fields (#2583)

* Add KdfMemory and KDFParallelism fields

* Revise argon2 support

This pull request makes the new attribues for argon2, kdfMemory and
kdfParallelism optional. Furthermore it adds checks for the argon2
parametrs and improves the database migration script.

* Add validation for argon2 in RegisterRequestModel

* update validation messages

* update sql scripts

* register data protection with migration factories

* add ef migrations

* update kdf option validation

* adjust validation

* Centralize and Test KDF Validation

Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com>
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
											
										
										
											2023-01-25 13:56:54 +01:00
+								            user.KdfMemory = kdfMemory;
 								            user.KdfParallelism = kdfParallelism;
-												[Reset Password v1] Update Temporary Password API (#1481)

* [Reset Password v1] Update Temporary Password API

* Fixed Noop interface
											
										
										
											2021-07-22 09:20:14 -05:00
+								            await _userRepository.ReplaceAsync(user);
 								            await _pushService.PushLogOutAsync(user.Id);
 								            return IdentityResult.Success;
 								        }
-												"user key" schema and api changes

											
										
										
											2017-05-31 09:54:32 -04:00
 								        Logger.LogWarning("Change KDF failed for user {userId}.", user.Id);
-												[Reset Password v1] Update Temporary Password API (#1481)

* [Reset Password v1] Update Temporary Password API

* Fixed Noop interface
											
										
										
											2021-07-22 09:20:14 -05:00
+								        return IdentityResult.Failed(_identityErrorDescriber.PasswordMismatch());
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												[Bug] Skip WebAuthn 2fa event logs during login flow (#1978)

* [Bug] Supress WebAuthn 2fa event logs during login process

* Formatting

* Simplified method call with new paramter input
											
										
										
											2022-04-28 16:42:47 -05:00
+								    public async Task<IdentityResult> RefreshSecurityStampAsync(User user, string secret)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												[Bug] Skip WebAuthn 2fa event logs during login flow (#1978)

* [Bug] Supress WebAuthn 2fa event logs during login process

* Formatting

* Simplified method call with new paramter input
											
										
										
											2022-04-28 16:42:47 -05:00
+								        if (user == null)
-												refactor code to with user TwoFactorProviders

											
										
										
											2017-06-07 14:14:34 -04:00
+								        {
-												WebAuthn (#903)


											
										
										
											2021-03-22 23:21:43 +01:00
+								            throw new ArgumentNullException(nameof(user));
-												refactor to a new two-factor controller

											
										
										
											2017-06-19 22:08:10 -04:00
+								        }
-												Enforce 2fa policy (#654)


											
										
										
											2020-02-19 14:56:16 -05:00
+								        if (await VerifySecretAsync(user, secret))
-												refactor to a new two-factor controller

											
										
										
											2017-06-19 22:08:10 -04:00
+								        {
 								            var result = await base.UpdateSecurityStampAsync(user);
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            if (!result.Succeeded)
-												refactor to a new two-factor controller

											
										
										
											2017-06-19 22:08:10 -04:00
+								            {
 								                return result;
 								            }
-												user revision date updates

											
										
										
											2016-02-21 01:10:31 -05:00
+								            await SaveUserAsync(user);
-												cipher events

											
										
										
											2017-12-01 14:06:16 -05:00
+								            await _pushService.PushLogOutAsync(user.Id);
-												Adjusted two factor recovery model and moved functionality to user service

											
										
										
											2016-11-14 23:32:15 -05:00
+								            return IdentityResult.Success;
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								        }
-												Adjusted two factor recovery model and moved functionality to user service

											
										
										
											2016-11-14 23:32:15 -05:00
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								        Logger.LogWarning("Refresh security stamp failed for user {userId}.", user.Id);
 								        return IdentityResult.Failed(_identityErrorDescriber.PasswordMismatch());
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								    public async Task UpdateTwoFactorProviderAsync(User user, TwoFactorProviderType type, bool setEnabled = true, bool logEvent = true)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												Enforce 2fa policy (#654)


											
										
										
											2020-02-19 14:56:16 -05:00
+								        SetTwoFactorProvider(user, type, setEnabled);
-												WebAuthn (#903)


											
										
										
											2021-03-22 23:21:43 +01:00
+								        await SaveUserAsync(user);
-												Enforce 2fa policy (#654)


											
										
										
											2020-02-19 14:56:16 -05:00
+								        if (logEvent)
-												Adjusted two factor recovery model and moved functionality to user service

											
										
										
											2016-11-14 23:32:15 -05:00
+								        {
-												combined tax updates with other operations

											
										
										
											2020-06-17 19:49:27 -04:00
+								            await _eventService.LogUserEventAsync(user.Id, EventType.User_Updated2fa);
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        }
-												Adjusted two factor recovery model and moved functionality to user service

											
										
										
											2016-11-14 23:32:15 -05:00
+								    }
-												[AC-607] Extract IOrganizationService.DeleteUserAsync into IRemoveOrganizationUserCommand (#4803)

* Add HasConfirmedOwnersExceptQuery class, interface and unit tests

* Register IHasConfirmedOwnersExceptQuery for dependency injection

* Replace OrganizationService.HasConfirmedOwnersExceptAsync with HasConfirmedOwnersExceptQuery

* Refactor DeleteManagedOrganizationUserAccountCommand to use IHasConfirmedOwnersExceptQuery

* Fix unit tests

* Extract IOrganizationService.RemoveUserAsync into IRemoveOrganizationUserCommand; Update unit tests

* Extract IOrganizationService.RemoveUsersAsync into IRemoveOrganizationUserCommand; Update unit tests

* Refactor RemoveUserAsync(Guid organizationId, Guid userId) to use ValidateDeleteUser

* Refactor RemoveOrganizationUserCommandTests to use more descriptive method names

* Refactor controller actions to accept Guid directly instead of parsing strings

* Add unit tests for removing OrganizationUser by UserId

* Refactor remove OrganizationUser by UserId method

* Add summary to IHasConfirmedOwnersExceptQuery
											
										
										
											2024-10-16 10:33:00 +01:00
+								    public async Task DisableTwoFactorProviderAsync(User user, TwoFactorProviderType type)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												use fixed-time comparison of secrets (#1698)


											
										
										
											2021-11-08 15:55:42 -05:00
+								        var providers = user.GetTwoFactorProviders();
 								        if (!providers?.ContainsKey(type) ?? true)
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								        {
-												use fixed-time comparison of secrets (#1698)


											
										
										
											2021-11-08 15:55:42 -05:00
+								            return;
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								        }
-												Adjusted two factor recovery model and moved functionality to user service

											
										
										
											2016-11-14 23:32:15 -05:00
-												Add email notification on Two Factor recovery use (#625)

* Add email notification on Two Factor recovery use

* A user who has lost their 2fa device can clear out the
  2fa settings using a recovery code.  When this happens
  it gets logged but no notification to the user occurs.
* Add a notification to be sent when 2fa recovery code is
  used

* Add email message templates

											
										
										
											2019-12-23 15:26:39 -05:00
+								        providers.Remove(type);
 								        user.SetTwoFactorProviders(providers);
-												user revision date updates

											
										
										
											2016-02-21 01:10:31 -05:00
+								        await SaveUserAsync(user);
-												Add email notification on Two Factor recovery use (#625)

* Add email notification on Two Factor recovery use

* A user who has lost their 2fa device can clear out the
  2fa settings using a recovery code.  When this happens
  it gets logged but no notification to the user occurs.
* Add a notification to be sent when 2fa recovery code is
  used

* Add email message templates

											
										
										
											2019-12-23 15:26:39 -05:00
+								        await _eventService.LogUserEventAsync(user.Id, EventType.User_Disabled2fa);
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
-												Add email notification on Two Factor recovery use (#625)

* Add email notification on Two Factor recovery use

* A user who has lost their 2fa device can clear out the
  2fa settings using a recovery code.  When this happens
  it gets logged but no notification to the user occurs.
* Add a notification to be sent when 2fa recovery code is
  used

* Add email message templates

											
										
										
											2019-12-23 15:26:39 -05:00
+								        if (!await TwoFactorIsEnabledAsync(user))
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												[AC-607] Extract IOrganizationService.DeleteUserAsync into IRemoveOrganizationUserCommand (#4803)

* Add HasConfirmedOwnersExceptQuery class, interface and unit tests

* Register IHasConfirmedOwnersExceptQuery for dependency injection

* Replace OrganizationService.HasConfirmedOwnersExceptAsync with HasConfirmedOwnersExceptQuery

* Refactor DeleteManagedOrganizationUserAccountCommand to use IHasConfirmedOwnersExceptQuery

* Fix unit tests

* Extract IOrganizationService.RemoveUserAsync into IRemoveOrganizationUserCommand; Update unit tests

* Extract IOrganizationService.RemoveUsersAsync into IRemoveOrganizationUserCommand; Update unit tests

* Refactor RemoveUserAsync(Guid organizationId, Guid userId) to use ValidateDeleteUser

* Refactor RemoveOrganizationUserCommandTests to use more descriptive method names

* Refactor controller actions to accept Guid directly instead of parsing strings

* Add unit tests for removing OrganizationUser by UserId

* Refactor remove OrganizationUser by UserId method

* Add summary to IHasConfirmedOwnersExceptQuery
											
										
										
											2024-10-16 10:33:00 +01:00
+								            await CheckPoliciesOnTwoFactorRemovalAsync(user);
-												Adjusted two factor recovery model and moved functionality to user service

											
										
										
											2016-11-14 23:32:15 -05:00
+								        }
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												Adjusted two factor recovery model and moved functionality to user service

											
										
										
											2016-11-14 23:32:15 -05:00
-												[AC-607] Extract IOrganizationService.DeleteUserAsync into IRemoveOrganizationUserCommand (#4803)

* Add HasConfirmedOwnersExceptQuery class, interface and unit tests

* Register IHasConfirmedOwnersExceptQuery for dependency injection

* Replace OrganizationService.HasConfirmedOwnersExceptAsync with HasConfirmedOwnersExceptQuery

* Refactor DeleteManagedOrganizationUserAccountCommand to use IHasConfirmedOwnersExceptQuery

* Fix unit tests

* Extract IOrganizationService.RemoveUserAsync into IRemoveOrganizationUserCommand; Update unit tests

* Extract IOrganizationService.RemoveUsersAsync into IRemoveOrganizationUserCommand; Update unit tests

* Refactor RemoveUserAsync(Guid organizationId, Guid userId) to use ValidateDeleteUser

* Refactor RemoveOrganizationUserCommandTests to use more descriptive method names

* Refactor controller actions to accept Guid directly instead of parsing strings

* Add unit tests for removing OrganizationUser by UserId

* Refactor remove OrganizationUser by UserId method

* Add summary to IHasConfirmedOwnersExceptQuery
											
										
										
											2024-10-16 10:33:00 +01:00
+								    public async Task<bool> RecoverTwoFactorAsync(string email, string secret, string recoveryCode)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												combined tax updates with other operations

											
										
										
											2020-06-17 19:49:27 -04:00
+								        var user = await _userRepository.GetByEmailAsync(email);
-												Consistency on TaxInfo use in service params

											
										
										
											2020-06-18 10:41:55 -04:00
+								        if (user == null)
-												APIs for premium. Billing helpers.

											
										
										
											2017-07-06 14:55:58 -04:00
+								        {
-												no additional storage for premium

											
										
										
											2019-09-18 10:52:53 -04:00
+								            // No user exists. Do we want to send an email telling them this in the future?
-												more premium licensing

											
										
										
											2017-08-11 22:55:25 -04:00
+								            return false;
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								        }
-												more premium licensing

											
										
										
											2017-08-11 22:55:25 -04:00
 								        if (!await VerifySecretAsync(user, secret))
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												payment intent/method support for incomplete status

											
										
										
											2019-08-09 23:56:26 -04:00
+								            return false;
-												APIs for premium. Billing helpers.

											
										
										
											2017-07-06 14:55:58 -04:00
+								        }
-												iap pre-purchase check

											
										
										
											2019-09-19 08:46:26 -04:00
+								        if (!CoreHelpers.FixedTimeEquals(user.TwoFactorRecoveryCode, recoveryCode))
 								        {
 								            return false;
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								        }
-												iap pre-purchase check

											
										
										
											2019-09-19 08:46:26 -04:00
-												Consistency on TaxInfo use in service params

											
										
										
											2020-06-18 10:41:55 -04:00
+								        user.TwoFactorProviders = null;
 								        user.TwoFactorRecoveryCode = CoreHelpers.SecureRandomString(32, upper: false, special: false);
 								        await SaveUserAsync(user);
-												iap pre-purchase check

											
										
										
											2019-09-19 08:46:26 -04:00
+								        await _mailService.SendRecoverTwoFactorEmail(user.Email, DateTime.UtcNow, _currentContext.IpAddress);
-												cipher events

											
										
										
											2017-12-01 14:06:16 -05:00
+								        await _eventService.LogUserEventAsync(user.Id, EventType.User_Recovered2fa);
-												[AC-607] Extract IOrganizationService.DeleteUserAsync into IRemoveOrganizationUserCommand (#4803)

* Add HasConfirmedOwnersExceptQuery class, interface and unit tests

* Register IHasConfirmedOwnersExceptQuery for dependency injection

* Replace OrganizationService.HasConfirmedOwnersExceptAsync with HasConfirmedOwnersExceptQuery

* Refactor DeleteManagedOrganizationUserAccountCommand to use IHasConfirmedOwnersExceptQuery

* Fix unit tests

* Extract IOrganizationService.RemoveUserAsync into IRemoveOrganizationUserCommand; Update unit tests

* Extract IOrganizationService.RemoveUsersAsync into IRemoveOrganizationUserCommand; Update unit tests

* Refactor RemoveUserAsync(Guid organizationId, Guid userId) to use ValidateDeleteUser

* Refactor RemoveOrganizationUserCommandTests to use more descriptive method names

* Refactor controller actions to accept Guid directly instead of parsing strings

* Add unit tests for removing OrganizationUser by UserId

* Refactor remove OrganizationUser by UserId method

* Add summary to IHasConfirmedOwnersExceptQuery
											
										
										
											2024-10-16 10:33:00 +01:00
+								        await CheckPoliciesOnTwoFactorRemovalAsync(user);
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
-												iap pre-purchase check

											
										
										
											2019-09-19 08:46:26 -04:00
+								        return true;
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												iap pre-purchase check

											
										
										
											2019-09-19 08:46:26 -04:00
+								    public async Task<Tuple<bool, string>> SignUpPremiumAsync(User user, string paymentToken,
 								        PaymentMethodType paymentMethodType, short additionalStorageGb, UserLicense license,
-												Consistency on TaxInfo use in service params

											
										
										
											2020-06-18 10:41:55 -04:00
+								        TaxInfo taxInfo)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												iap pre-purchase check

											
										
										
											2019-09-19 08:46:26 -04:00
+								        if (user.Premium)
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								        {
-												iap pre-purchase check

											
										
										
											2019-09-19 08:46:26 -04:00
+								            throw new BadRequestException("Already a premium user.");
 								        }
-												update premium license and self host attr checks

											
										
										
											2017-08-14 12:08:57 -04:00
+								        if (additionalStorageGb < 0)
 								        {
 								            throw new BadRequestException("You can't subtract storage!");
 								        }
-												no additional storage for premium

											
										
										
											2019-09-18 10:52:53 -04:00
+								        string paymentIntentClientSecret = null;
-												refactor for addtnl. payment service (braintree)

											
										
										
											2017-07-28 12:09:12 -04:00
+								        IPaymentService paymentService = null;
-												no additional storage for premium

											
										
										
											2019-09-18 10:52:53 -04:00
+								        if (_globalSettings.SelfHosted)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            if (license == null || !_licenseService.VerifyLicense(license))
-												update premium license and self host attr checks

											
										
										
											2017-08-14 12:08:57 -04:00
+								            {
 								                throw new BadRequestException("Invalid license.");
 								            }
-												[PM-11516] Initial license file refactor (#5002)

* Added the ability to create a JWT on an organization license that contains all license properties as claims

* Added the ability to create a JWT on a user license that contains all license properties as claims

* Added ability to consume JWT licenses

* Resolved generic type issues when getting claim value

* Now validating the jwt signature, exp, and iat

* Moved creation of ClaimsPrincipal outside of licenses given dependecy on cert

* Ran dotnet format. Resolved identity error

* Updated claim types to use string constants

* Updated jwt expires to be one year

* Fixed bug requiring email verification to be on the token

* dotnet format

* Patch build process

---------

Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
											
										
										
											2024-12-05 09:31:14 -05:00
+								            var claimsPrincipal = _licenseService.GetClaimsPrincipalFromLicense(license);
 								            if (!license.CanUse(user, claimsPrincipal, out var exceptionMessage))
-												better error handling around license updates.

											
										
										
											2017-08-16 15:43:11 -04:00
+								            {
-												[PM-1635] Invalid license error is inaccurate (#4631)

* Resolve the unclear error messages

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Refactor to return the errormessage from userLicense

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Resolve the pr comments

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* resolve the error returned message

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Add period at the end of error messages

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

---------

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
											
										
										
											2024-08-26 14:12:58 +01:00
+								                throw new BadRequestException(exceptionMessage);
-												better error handling around license updates.

											
										
										
											2017-08-16 15:43:11 -04:00
+								            }
-												update premium license and self host attr checks

											
										
										
											2017-08-14 12:08:57 -04:00
+								            var dir = $"{_globalSettings.LicenseDirectory}/user";
 								            Directory.CreateDirectory(dir);
-												Start Migration from Newtonsoft.Json to System.Text.Json (#1803)

* Start switch to System.Text.Json

* Work on switching to System.Text.Json

* Main work on STJ refactor

* Fix build errors

* Run formatting

* Delete unused file

* Use legacy for two factor providers

* Run formatter

* Add TokenProviderTests

* Run formatting

* Fix merge issues

* Switch to use JsonSerializer

* Address PR feedback

* Fix formatting

* Ran formatter

* Switch to async

* Ensure Enums are serialized as strings

* Fix formatting

* Enqueue single items as arrays

* Remove CreateAsync method on AzureQueueService
											
										
										
											2022-01-21 09:36:25 -05:00
+								            using var fs = File.OpenWrite(Path.Combine(dir, $"{user.Id}.json"));
 								            await JsonSerializer.SerializeAsync(fs, license, JsonHelpers.Indented);
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        }
 								        else
 								        {
-												[PM-7452] Handle PayPal for premium users (#4835)

* Add PremiumUserSale

* Add PremiumUserBillingService

* Integrate into UserService behind FF

* Update invoice.created handler to bill newly created PayPal customers

* Run dotnet format
											
										
										
											2024-10-01 09:12:08 -04:00
+								            var deprecateStripeSourcesAPI = _featureService.IsEnabled(FeatureFlagKeys.AC2476_DeprecateStripeSourcesAPI);
 								            if (deprecateStripeSourcesAPI)
 								            {
 								                var sale = PremiumUserSale.From(user, paymentMethodType, paymentToken, taxInfo, additionalStorageGb);
 								                await _premiumUserBillingService.Finalize(sale);
 								            }
 								            else
 								            {
 								                paymentIntentClientSecret = await _paymentService.PurchasePremiumAsync(user, paymentMethodType,
 								                    paymentToken, additionalStorageGb, taxInfo);
 								            }
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        }
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
-												better error handling around license updates.

											
										
										
											2017-08-16 15:43:11 -04:00
+								        user.Premium = true;
 								        user.RevisionDate = DateTime.UtcNow;
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
-												better error handling around license updates.

											
										
										
											2017-08-16 15:43:11 -04:00
+								        if (_globalSettings.SelfHosted)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												better error handling around license updates.

											
										
										
											2017-08-16 15:43:11 -04:00
+								            user.MaxStorageGb = 10240; // 10 TB
-												update premium license and self host attr checks

											
										
										
											2017-08-14 12:08:57 -04:00
+								            user.LicenseKey = license.LicenseKey;
 								            user.PremiumExpirationDate = license.Expires;
-												APIs for premium. Billing helpers.

											
										
										
											2017-07-06 14:55:58 -04:00
+								        }
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								        else
 								        {
-												adjust storage with payment intent/method handling

											
										
										
											2019-08-10 12:59:32 -04:00
+								            user.MaxStorageGb = (short)(1 + additionalStorageGb);
 								            user.LicenseKey = CoreHelpers.SecureRandomString(20);
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								        }
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        try
 								        {
-												adjust storage with payment intent/method handling

											
										
										
											2019-08-10 12:59:32 -04:00
+								            await SaveUserAsync(user);
 								            await _pushService.PushSyncVaultAsync(user.Id);
-												Reference event service implementation (#811)

* Reference event service implementation

* Fix IReferenceable implementation of Id

* add structure to event body
											
										
										
											2020-07-07 12:01:34 -04:00
+								            await _referenceEventService.RaiseEventAsync(
-												[PM-214] Extend Reference Events (#2926)

* Extend ReferenceEvents

Add ClientId and ClientVersion
Modify all callsites to pass in currentContext if available to fill ClientId and ClientVersion

* Extend ReferenceEvent to save if Send has notes
											
										
										
											2023-05-16 16:21:57 +02:00
+								                new ReferenceEvent(ReferenceEventType.UpgradePlan, user, _currentContext)
-												Reference event service implementation (#811)

* Reference event service implementation

* Fix IReferenceable implementation of Id

* add structure to event body
											
										
										
											2020-07-07 12:01:34 -04:00
+								                {
 								                    Storage = user.MaxStorageGb,
 								                    PlanName = PremiumPlanId,
 								                });
-												do not accept bank tokens for premium

											
										
										
											2017-08-13 00:33:37 -04:00
+								        }
-												more premium licensing

											
										
										
											2017-08-11 22:55:25 -04:00
+								        catch when (!_globalSettings.SelfHosted)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												more premium licensing

											
										
										
											2017-08-11 22:55:25 -04:00
+								            await paymentService.CancelAndRecoverChargesAsync(user);
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								            throw;
 								        }
-												[PM-13999] show estimated tax for taxable countries (#5110)


											
										
										
											2025-01-02 20:27:53 +01:00
-												payment intent/method support for incomplete status

											
										
										
											2019-08-09 23:56:26 -04:00
+								        return new Tuple<bool, string>(string.IsNullOrWhiteSpace(paymentIntentClientSecret),
 								            paymentIntentClientSecret);
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												do not accept bank tokens for premium

											
										
										
											2017-08-13 00:33:37 -04:00
-												payment intent/method support for incomplete status

											
										
										
											2019-08-09 23:56:26 -04:00
+								    public async Task UpdateLicenseAsync(User user, UserLicense license)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												payment intent/method support for incomplete status

											
										
										
											2019-08-09 23:56:26 -04:00
+								        if (!_globalSettings.SelfHosted)
 								        {
 								            throw new InvalidOperationException("Licenses require self hosting.");
 								        }
 								        if (license?.LicenseType != null && license.LicenseType != LicenseType.User)
 								        {
 								            throw new BadRequestException("Organization licenses cannot be applied to a user. "
 								                + "Upload this license from the Organization settings page.");
 								        }
-												update expiration dates

											
										
										
											2017-08-12 22:16:42 -04:00
+								        if (license == null || !_licenseService.VerifyLicense(license))
-												disable premium membership

											
										
										
											2017-07-25 09:04:22 -04:00
+								        {
 								            throw new BadRequestException("Invalid license.");
-												verify and disable premium from license check

											
										
										
											2017-08-16 17:08:20 -04:00
+								        }
-												[PM-11516] Initial license file refactor (#5002)

* Added the ability to create a JWT on an organization license that contains all license properties as claims

* Added the ability to create a JWT on a user license that contains all license properties as claims

* Added ability to consume JWT licenses

* Resolved generic type issues when getting claim value

* Now validating the jwt signature, exp, and iat

* Moved creation of ClaimsPrincipal outside of licenses given dependecy on cert

* Ran dotnet format. Resolved identity error

* Updated claim types to use string constants

* Updated jwt expires to be one year

* Fixed bug requiring email verification to be on the token

* dotnet format

* Patch build process

---------

Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
											
										
										
											2024-12-05 09:31:14 -05:00
+								        var claimsPrincipal = _licenseService.GetClaimsPrincipalFromLicense(license);
 								        if (!license.CanUse(user, claimsPrincipal, out var exceptionMessage))
-												verify and disable premium from license check

											
										
										
											2017-08-16 17:08:20 -04:00
+								        {
-												[PM-1635] Invalid license error is inaccurate (#4631)

* Resolve the unclear error messages

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Refactor to return the errormessage from userLicense

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Resolve the pr comments

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* resolve the error returned message

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Add period at the end of error messages

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

---------

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
											
										
										
											2024-08-26 14:12:58 +01:00
+								            throw new BadRequestException(exceptionMessage);
-												update expiration dates

											
										
										
											2017-08-12 22:16:42 -04:00
+								        }
 								        var dir = $"{_globalSettings.LicenseDirectory}/user";
-												update premium license and self host attr checks

											
										
										
											2017-08-14 12:08:57 -04:00
+								        Directory.CreateDirectory(dir);
-												update expiration dates

											
										
										
											2017-08-12 22:16:42 -04:00
+								        using var fs = File.OpenWrite(Path.Combine(dir, $"{user.Id}.json"));
-												Start Migration from Newtonsoft.Json to System.Text.Json (#1803)

* Start switch to System.Text.Json

* Work on switching to System.Text.Json

* Main work on STJ refactor

* Fix build errors

* Run formatting

* Delete unused file

* Use legacy for two factor providers

* Run formatter

* Add TokenProviderTests

* Run formatting

* Fix merge issues

* Switch to use JsonSerializer

* Address PR feedback

* Fix formatting

* Ran formatter

* Switch to async

* Ensure Enums are serialized as strings

* Fix formatting

* Enqueue single items as arrays

* Remove CreateAsync method on AzureQueueService
											
										
										
											2022-01-21 09:36:25 -05:00
+								        await JsonSerializer.SerializeAsync(fs, license, JsonHelpers.Indented);
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
-												update premium license and self host attr checks

											
										
										
											2017-08-14 12:08:57 -04:00
+								        user.Premium = license.Premium;
-												update expiration dates

											
										
										
											2017-08-12 22:16:42 -04:00
+								        user.RevisionDate = DateTime.UtcNow;
 								        user.MaxStorageGb = _globalSettings.SelfHosted ? 10240 : license.MaxStorageGb; // 10 TB
-												update premium license and self host attr checks

											
										
										
											2017-08-14 12:08:57 -04:00
+								        user.LicenseKey = license.LicenseKey;
-												update expiration dates

											
										
										
											2017-08-12 22:16:42 -04:00
+								        user.PremiumExpirationDate = license.Expires;
 								        await SaveUserAsync(user);
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												update expiration dates

											
										
										
											2017-08-12 22:16:42 -04:00
+								    public async Task<string> AdjustStorageAsync(User user, short storageAdjustmentGb)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												adjust storage with payment intent/method handling

											
										
										
											2019-08-10 12:59:32 -04:00
+								        if (user == null)
-												update expiration dates

											
										
										
											2017-08-12 22:16:42 -04:00
+								        {
-												adjust storage with payment intent/method handling

											
										
										
											2019-08-10 12:59:32 -04:00
+								            throw new ArgumentNullException(nameof(user));
-												added licensing apis, refactored some services

											
										
										
											2017-08-30 11:23:55 -04:00
+								        }
-												apis for subscription vs billing

											
										
										
											2019-02-18 15:40:47 -05:00
+								        if (!user.Premium)
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								        {
-												apis for subscription vs billing

											
										
										
											2019-02-18 15:40:47 -05:00
+								            throw new BadRequestException("Not a premium user.");
-												added licensing apis, refactored some services

											
										
										
											2017-08-30 11:23:55 -04:00
+								        }
-												dont cycle security token on re-hash

											
										
										
											2018-04-17 08:10:17 -04:00
+								        var secret = await BillingHelpers.AdjustStorageAsync(_paymentService, user, storageAdjustmentGb,
 								            StoragePlanId);
 								        await _referenceEventService.RaiseEventAsync(
-												[PM-214] Extend Reference Events (#2926)

* Extend ReferenceEvents

Add ClientId and ClientVersion
Modify all callsites to pass in currentContext if available to fill ClientId and ClientVersion

* Extend ReferenceEvent to save if Send has notes
											
										
										
											2023-05-16 16:21:57 +02:00
+								            new ReferenceEvent(ReferenceEventType.AdjustStorage, user, _currentContext)
-												dont cycle security token on re-hash

											
										
										
											2018-04-17 08:10:17 -04:00
+								            {
-												adjust storage with payment intent/method handling

											
										
										
											2019-08-10 12:59:32 -04:00
+								                Storage = storageAdjustmentGb,
-												Reference event service implementation (#811)

* Reference event service implementation

* Fix IReferenceable implementation of Id

* add structure to event body
											
										
										
											2020-07-07 12:01:34 -04:00
+								                PlanName = StoragePlanId,
 								            });
-												more premium licensing

											
										
										
											2017-08-11 22:55:25 -04:00
+								        await SaveUserAsync(user);
-												payment intent/method support for incomplete status

											
										
										
											2019-08-09 23:56:26 -04:00
+								        return secret;
-												dont cycle security token on re-hash

											
										
										
											2018-04-17 08:10:17 -04:00
+								    }
 								    public async Task ReplacePaymentMethodAsync(User user, string paymentToken, PaymentMethodType paymentMethodType, TaxInfo taxInfo)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												dont cycle security token on re-hash

											
										
										
											2018-04-17 08:10:17 -04:00
+								        if (paymentToken.StartsWith("btok_"))
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												dont cycle security token on re-hash

											
										
										
											2018-04-17 08:10:17 -04:00
+								            throw new BadRequestException("Invalid token.");
 								        }
 								        var updated = await _paymentService.UpdatePaymentMethodAsync(user, paymentMethodType, paymentToken, taxInfo: taxInfo);
 								        if (updated)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												dont cycle security token on re-hash

											
										
										
											2018-04-17 08:10:17 -04:00
+								            await SaveUserAsync(user);
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								        }
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
-												[PM-5548] Eliminate in-app purchase logic (#3640)

* Eliminate in-app purchase logic

* Totally remove obsolete and unused properties / types

* Remove unused enum values

* Restore token update
											
										
										
											2024-01-11 15:26:32 -05:00
+								    public async Task CancelPremiumAsync(User user, bool? endOfPeriod = null)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												dont cycle security token on re-hash

											
										
										
											2018-04-17 08:10:17 -04:00
+								        var eop = endOfPeriod.GetValueOrDefault(true);
 								        if (!endOfPeriod.HasValue && user.PremiumExpirationDate.HasValue &&
-												Reference event service implementation (#811)

* Reference event service implementation

* Fix IReferenceable implementation of Id

* add structure to event body
											
										
										
											2020-07-07 12:01:34 -04:00
+								            user.PremiumExpirationDate.Value < DateTime.UtcNow)
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								        {
-												payment intent/method support for incomplete status

											
										
										
											2019-08-09 23:56:26 -04:00
+								            eop = false;
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        }
-												[PM-5548] Eliminate in-app purchase logic (#3640)

* Eliminate in-app purchase logic

* Totally remove obsolete and unused properties / types

* Remove unused enum values

* Restore token update
											
										
										
											2024-01-11 15:26:32 -05:00
+								        await _paymentService.CancelSubscriptionAsync(user, eop);
-												Reference event service implementation (#811)

* Reference event service implementation

* Fix IReferenceable implementation of Id

* add structure to event body
											
										
										
											2020-07-07 12:01:34 -04:00
+								        await _referenceEventService.RaiseEventAsync(
-												[PM-214] Extend Reference Events (#2926)

* Extend ReferenceEvents

Add ClientId and ClientVersion
Modify all callsites to pass in currentContext if available to fill ClientId and ClientVersion

* Extend ReferenceEvent to save if Send has notes
											
										
										
											2023-05-16 16:21:57 +02:00
+								            new ReferenceEvent(ReferenceEventType.CancelSubscription, user, _currentContext)
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								            {
-												[PM-5548] Eliminate in-app purchase logic (#3640)

* Eliminate in-app purchase logic

* Totally remove obsolete and unused properties / types

* Remove unused enum values

* Restore token update
											
										
										
											2024-01-11 15:26:32 -05:00
+								                EndOfPeriod = eop
-												dont cycle security token on re-hash

											
										
										
											2018-04-17 08:10:17 -04:00
+								            });
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								    }
-												update expiration dates

											
										
										
											2017-08-12 22:16:42 -04:00
+								    public async Task ReinstatePremiumAsync(User user)
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								    {
-												verify and disable premium from license check

											
										
										
											2017-08-16 17:08:20 -04:00
+								        await _paymentService.ReinstateSubscriptionAsync(user);
 								        await _referenceEventService.RaiseEventAsync(
-												[PM-214] Extend Reference Events (#2926)

* Extend ReferenceEvents

Add ClientId and ClientVersion
Modify all callsites to pass in currentContext if available to fill ClientId and ClientVersion

* Extend ReferenceEvent to save if Send has notes
											
										
										
											2023-05-16 16:21:57 +02:00
+								            new ReferenceEvent(ReferenceEventType.ReinstateSubscription, user, _currentContext));
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								    }
-												dont cycle security token on re-hash

											
										
										
											2018-04-17 08:10:17 -04:00
-												return twofactor enabled property on org users api

											
										
										
											2018-12-19 11:48:36 -05:00
+								    public async Task EnablePremiumAsync(Guid userId, DateTime? expirationDate)
-												CanAccessPremium checks instead of User.Premium

											
										
										
											2018-08-28 16:23:58 -04:00
+								    {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								        var user = await _userRepository.GetByIdAsync(userId);
 								        await EnablePremiumAsync(user, expirationDate);
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								    public async Task EnablePremiumAsync(User user, DateTime? expirationDate)
 								    {
 								        if (user != null && !user.Premium && user.Gateway.HasValue)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												disable premium membership

											
										
										
											2017-07-25 09:04:22 -04:00
+								            user.Premium = true;
 								            user.PremiumExpirationDate = expirationDate;
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            user.RevisionDate = DateTime.UtcNow;
 								            await _userRepository.ReplaceAsync(user);
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								        }
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												verify and disable premium from license check

											
										
										
											2017-08-16 17:08:20 -04:00
+								    public async Task DisablePremiumAsync(Guid userId, DateTime? expirationDate)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												[EC-243] Grant premium status when member accepts org invite (#2043)


											
										
										
											2022-06-17 06:30:50 +10:00
+								        var user = await _userRepository.GetByIdAsync(userId);
-												update expiration dates

											
										
										
											2017-08-12 22:16:42 -04:00
+								        await DisablePremiumAsync(user, expirationDate);
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												[EC-243] Grant premium status when member accepts org invite (#2043)


											
										
										
											2022-06-17 06:30:50 +10:00
 								    public async Task DisablePremiumAsync(User user, DateTime? expirationDate)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												[EC-243] Grant premium status when member accepts org invite (#2043)


											
										
										
											2022-06-17 06:30:50 +10:00
+								        if (user != null && user.Premium)
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								        {
-												[EC-243] Grant premium status when member accepts org invite (#2043)


											
										
										
											2022-06-17 06:30:50 +10:00
+								            user.Premium = false;
 								            user.PremiumExpirationDate = expirationDate;
 								            user.RevisionDate = DateTime.UtcNow;
 								            await _userRepository.ReplaceAsync(user);
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        }
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								    }
-												[EC-243] Grant premium status when member accepts org invite (#2043)


											
										
										
											2022-06-17 06:30:50 +10:00
 								    public async Task UpdatePremiumExpirationAsync(Guid userId, DateTime? expirationDate)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												[EC-243] Grant premium status when member accepts org invite (#2043)


											
										
										
											2022-06-17 06:30:50 +10:00
+								        var user = await _userRepository.GetByIdAsync(userId);
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								        if (user != null)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												[EC-243] Grant premium status when member accepts org invite (#2043)


											
										
										
											2022-06-17 06:30:50 +10:00
+								            user.PremiumExpirationDate = expirationDate;
 								            user.RevisionDate = DateTime.UtcNow;
 								            await _userRepository.ReplaceAsync(user);
-												CanAccessPremium checks instead of User.Premium

											
										
										
											2018-08-28 16:23:58 -04:00
+								        }
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												[EC-243] Grant premium status when member accepts org invite (#2043)


											
										
										
											2022-06-17 06:30:50 +10:00
-												[PM-11516] Initial license file refactor (#5002)

* Added the ability to create a JWT on an organization license that contains all license properties as claims

* Added the ability to create a JWT on a user license that contains all license properties as claims

* Added ability to consume JWT licenses

* Resolved generic type issues when getting claim value

* Now validating the jwt signature, exp, and iat

* Moved creation of ClaimsPrincipal outside of licenses given dependecy on cert

* Ran dotnet format. Resolved identity error

* Updated claim types to use string constants

* Updated jwt expires to be one year

* Fixed bug requiring email verification to be on the token

* dotnet format

* Patch build process

---------

Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
											
										
										
											2024-12-05 09:31:14 -05:00
+								    public async Task<UserLicense> GenerateLicenseAsync(
 								        User user,
 								        SubscriptionInfo subscriptionInfo = null,
-												[EC-243] Grant premium status when member accepts org invite (#2043)


											
										
										
											2022-06-17 06:30:50 +10:00
+								        int? version = null)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												adjust storage with payment intent/method handling

											
										
										
											2019-08-10 12:59:32 -04:00
+								        if (user == null)
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								        {
-												[EC-243] Grant premium status when member accepts org invite (#2043)


											
										
										
											2022-06-17 06:30:50 +10:00
+								            throw new NotFoundException();
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								        }
-												[EC-243] Grant premium status when member accepts org invite (#2043)


											
										
										
											2022-06-17 06:30:50 +10:00
-												CanAccessPremium checks instead of User.Premium

											
										
										
											2018-08-28 16:23:58 -04:00
+								        if (subscriptionInfo == null && user.Gateway != null)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												CanAccessPremium checks instead of User.Premium

											
										
										
											2018-08-28 16:23:58 -04:00
+								            subscriptionInfo = await _paymentService.GetSubscriptionAsync(user);
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        }
-												[EC-243] Grant premium status when member accepts org invite (#2043)


											
										
										
											2022-06-17 06:30:50 +10:00
-												[PM-11516] Initial license file refactor (#5002)

* Added the ability to create a JWT on an organization license that contains all license properties as claims

* Added the ability to create a JWT on a user license that contains all license properties as claims

* Added ability to consume JWT licenses

* Resolved generic type issues when getting claim value

* Now validating the jwt signature, exp, and iat

* Moved creation of ClaimsPrincipal outside of licenses given dependecy on cert

* Ran dotnet format. Resolved identity error

* Updated claim types to use string constants

* Updated jwt expires to be one year

* Fixed bug requiring email verification to be on the token

* dotnet format

* Patch build process

---------

Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
											
										
										
											2024-12-05 09:31:14 -05:00
+								        var userLicense = subscriptionInfo == null
 								            ? new UserLicense(user, _licenseService)
 								            : new UserLicense(user, subscriptionInfo, _licenseService);
-												[PM-16700] Handling nulls in UserLicenseClaimsFactory (#5217)

* Handling nulls in UserLicenseClaimsFactory

* Only setting Token if the flag is enabled
											
										
										
											2025-01-03 15:34:29 -05:00
+								        if (_featureService.IsEnabled(FeatureFlagKeys.SelfHostLicenseRefactor))
 								        {
-												Ran `dotnet format` (#5218)

* Ran `dotnet format`

* Re-added usings
											
										
										
											2025-01-03 16:00:52 -05:00
+								            userLicense.Token = await _licenseService.CreateUserTokenAsync(user, subscriptionInfo);
-												[PM-16700] Handling nulls in UserLicenseClaimsFactory (#5217)

* Handling nulls in UserLicenseClaimsFactory

* Only setting Token if the flag is enabled
											
										
										
											2025-01-03 15:34:29 -05:00
+								        }
-												[PM-11516] Initial license file refactor (#5002)

* Added the ability to create a JWT on an organization license that contains all license properties as claims

* Added the ability to create a JWT on a user license that contains all license properties as claims

* Added ability to consume JWT licenses

* Resolved generic type issues when getting claim value

* Now validating the jwt signature, exp, and iat

* Moved creation of ClaimsPrincipal outside of licenses given dependecy on cert

* Ran dotnet format. Resolved identity error

* Updated claim types to use string constants

* Updated jwt expires to be one year

* Fixed bug requiring email verification to be on the token

* dotnet format

* Patch build process

---------

Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
											
										
										
											2024-12-05 09:31:14 -05:00
 								        return userLicense;
-												CanAccessPremium checks instead of User.Premium

											
										
										
											2018-08-28 16:23:58 -04:00
+								    }
-												return twofactor enabled property on org users api

											
										
										
											2018-12-19 11:48:36 -05:00
+								    public override async Task<bool> CheckPasswordAsync(User user, string password)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												return twofactor enabled property on org users api

											
										
										
											2018-12-19 11:48:36 -05:00
+								        if (user == null)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												return twofactor enabled property on org users api

											
										
										
											2018-12-19 11:48:36 -05:00
+								            return false;
-												move some 2fa logic functions to userService

											
										
										
											2018-12-19 10:47:53 -05:00
+								        }
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								        var result = await base.VerifyPasswordAsync(Store as IUserPasswordStore<User>, user, password);
 								        if (result == PasswordVerificationResult.SuccessRehashNeeded)
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								        {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            await UpdatePasswordHash(user, password, false, false);
 								            user.RevisionDate = DateTime.UtcNow;
 								            await _userRepository.ReplaceAsync(user);
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								        }
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								        var success = result != PasswordVerificationResult.Failed;
 								        if (!success)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            Logger.LogWarning(0, "Invalid password for user {userId}.", user.Id);
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        }
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								        return success;
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								    public async Task<bool> CanAccessPremium(ITwoFactorProvidersUser user)
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								    {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								        var userId = user.GetUserId();
 								        if (!userId.HasValue)
-												move some 2fa logic functions to userService

											
										
										
											2018-12-19 10:47:53 -05:00
+								        {
 								            return false;
 								        }
-												return twofactor enabled property on org users api

											
										
										
											2018-12-19 11:48:36 -05:00
+								        return user.GetPremium() || await this.HasPremiumFromOrganization(user);
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												return twofactor enabled property on org users api

											
										
										
											2018-12-19 11:48:36 -05:00
+								    public async Task<bool> HasPremiumFromOrganization(ITwoFactorProvidersUser user)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												return twofactor enabled property on org users api

											
										
										
											2018-12-19 11:48:36 -05:00
+								        var userId = user.GetUserId();
 								        if (!userId.HasValue)
-												move some 2fa logic functions to userService

											
										
										
											2018-12-19 10:47:53 -05:00
+								        {
 								            return false;
 								        }
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								        // orgUsers in the Invited status are not associated with a userId yet, so this will get
 								        // orgUsers in Accepted and Confirmed states only
 								        var orgUsers = await _organizationUserRepository.GetManyByUserAsync(userId.Value);
-												move some 2fa logic functions to userService

											
										
										
											2018-12-19 10:47:53 -05:00
 								        if (!orgUsers.Any())
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												move some 2fa logic functions to userService

											
										
										
											2018-12-19 10:47:53 -05:00
+								            return false;
 								        }
-												return twofactor enabled property on org users api

											
										
										
											2018-12-19 11:48:36 -05:00
+								        var orgAbilities = await _applicationCacheService.GetOrganizationAbilitiesAsync();
-												Create sso user api (#886)

* facilitate linking/unlinking existing users from an sso enabled org

* added user_identifier to identity methods for sso

* moved sso user delete method to account controller

* fixed a broken test

* Update AccountsController.cs

* facilitate linking/unlinking existing users from an sso enabled org

* added user_identifier to identity methods for sso

* moved sso user delete method to account controller

* fixed a broken test

* added a token to the existing user sso link flow

* added a token to the existing user sso link flow

* fixed a typo

* added an event log for unlink ssoUser records

* fixed a merge issue

* fixed a busted test

* fixed a busted test

* ran a formatter over everything & changed .vscode settings in .gitignore

* chagned a variable to use string interpolation

* removed a blank line

* Changed TokenPurpose enum to a static class of strings

* code review cleanups

* formatting fix

* Changed parameters & logging for delete sso user

* changed th method used to get organization user for deleting sso user records

Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
											
										
										
											2020-08-26 14:12:04 -04:00
+								        return orgUsers.Any(ou =>
 								            orgAbilities.TryGetValue(ou.OrganizationId, out var orgAbility) &&
-												move some 2fa logic functions to userService

											
										
										
											2018-12-19 10:47:53 -05:00
+								            orgAbility.UsersGetPremium &&
-												Create sso user api (#886)

* facilitate linking/unlinking existing users from an sso enabled org

* added user_identifier to identity methods for sso

* moved sso user delete method to account controller

* fixed a broken test

* Update AccountsController.cs

* facilitate linking/unlinking existing users from an sso enabled org

* added user_identifier to identity methods for sso

* moved sso user delete method to account controller

* fixed a broken test

* added a token to the existing user sso link flow

* added a token to the existing user sso link flow

* fixed a typo

* added an event log for unlink ssoUser records

* fixed a merge issue

* fixed a busted test

* fixed a busted test

* ran a formatter over everything & changed .vscode settings in .gitignore

* chagned a variable to use string interpolation

* removed a blank line

* Changed TokenPurpose enum to a static class of strings

* code review cleanups

* formatting fix

* Changed parameters & logging for delete sso user

* changed th method used to get organization user for deleting sso user records

Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
											
										
										
											2020-08-26 14:12:04 -04:00
+								            orgAbility.Enabled);
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												Create sso user api (#886)

* facilitate linking/unlinking existing users from an sso enabled org

* added user_identifier to identity methods for sso

* moved sso user delete method to account controller

* fixed a broken test

* Update AccountsController.cs

* facilitate linking/unlinking existing users from an sso enabled org

* added user_identifier to identity methods for sso

* moved sso user delete method to account controller

* fixed a broken test

* added a token to the existing user sso link flow

* added a token to the existing user sso link flow

* fixed a typo

* added an event log for unlink ssoUser records

* fixed a merge issue

* fixed a busted test

* fixed a busted test

* ran a formatter over everything & changed .vscode settings in .gitignore

* chagned a variable to use string interpolation

* removed a blank line

* Changed TokenPurpose enum to a static class of strings

* code review cleanups

* formatting fix

* Changed parameters & logging for delete sso user

* changed th method used to get organization user for deleting sso user records

Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
											
										
										
											2020-08-26 14:12:04 -04:00
+								    public async Task<bool> TwoFactorIsEnabledAsync(ITwoFactorProvidersUser user)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												Create sso user api (#886)

* facilitate linking/unlinking existing users from an sso enabled org

* added user_identifier to identity methods for sso

* moved sso user delete method to account controller

* fixed a broken test

* Update AccountsController.cs

* facilitate linking/unlinking existing users from an sso enabled org

* added user_identifier to identity methods for sso

* moved sso user delete method to account controller

* fixed a broken test

* added a token to the existing user sso link flow

* added a token to the existing user sso link flow

* fixed a typo

* added an event log for unlink ssoUser records

* fixed a merge issue

* fixed a busted test

* fixed a busted test

* ran a formatter over everything & changed .vscode settings in .gitignore

* chagned a variable to use string interpolation

* removed a blank line

* Changed TokenPurpose enum to a static class of strings

* code review cleanups

* formatting fix

* Changed parameters & logging for delete sso user

* changed th method used to get organization user for deleting sso user records

Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
											
										
										
											2020-08-26 14:12:04 -04:00
+								        var providers = user.GetTwoFactorProviders();
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								        if (providers == null)
-												Create sso user api (#886)

* facilitate linking/unlinking existing users from an sso enabled org

* added user_identifier to identity methods for sso

* moved sso user delete method to account controller

* fixed a broken test

* Update AccountsController.cs

* facilitate linking/unlinking existing users from an sso enabled org

* added user_identifier to identity methods for sso

* moved sso user delete method to account controller

* fixed a broken test

* added a token to the existing user sso link flow

* added a token to the existing user sso link flow

* fixed a typo

* added an event log for unlink ssoUser records

* fixed a merge issue

* fixed a busted test

* fixed a busted test

* ran a formatter over everything & changed .vscode settings in .gitignore

* chagned a variable to use string interpolation

* removed a blank line

* Changed TokenPurpose enum to a static class of strings

* code review cleanups

* formatting fix

* Changed parameters & logging for delete sso user

* changed th method used to get organization user for deleting sso user records

Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
											
										
										
											2020-08-26 14:12:04 -04:00
+								        {
 								            return false;
 								        }
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
-												dont cycle security token on re-hash

											
										
										
											2018-04-17 08:10:17 -04:00
+								        foreach (var p in providers)
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            if (p.Value?.Enabled ?? false)
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								            {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                if (!TwoFactorProvider.RequiresPremium(p.Key))
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								                {
-												move some 2fa logic functions to userService

											
										
										
											2018-12-19 10:47:53 -05:00
+								                    return true;
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								                }
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                if (await CanAccessPremium(user))
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								                {
-												move some 2fa logic functions to userService

											
										
										
											2018-12-19 10:47:53 -05:00
+								                    return true;
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								                }
 								            }
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        }
-												move some 2fa logic functions to userService

											
										
										
											2018-12-19 10:47:53 -05:00
+								        return false;
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
 								    public async Task<bool> TwoFactorProviderIsEnabledAsync(TwoFactorProviderType provider, ITwoFactorProvidersUser user)
-												dont cycle security token on re-hash

											
										
										
											2018-04-17 08:10:17 -04:00
+								    {
 								        var providers = user.GetTwoFactorProviders();
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        if (providers == null || !providers.ContainsKey(provider) || !providers[provider].Enabled)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								            return false;
 								        }
-												WebAuthn (#903)


											
										
										
											2021-03-22 23:21:43 +01:00
+								        if (!TwoFactorProvider.RequiresPremium(provider))
-												enable email 2fa if joining an org with policy (#658)


											
										
										
											2020-02-28 09:14:33 -05:00
+								        {
 								            return true;
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								        }
-												enable email 2fa if joining an org with policy (#658)


											
										
										
											2020-02-28 09:14:33 -05:00
+								        return await CanAccessPremium(user);
 								    }
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
-												Refactor policy checks (#1536)

* Move policy checking logic inside PolicyService

* Refactor to use currentContext.ManagePolicies

* Make orgUser status check more semantic

* Fix single org user checks

* Use CoreHelper implementation to deserialize json

* Refactor policy checks to use db query

* Use new db query for enforcing 2FA Policy

* Add Policy_ReadByTypeApplicableToUser

* Stub out EF implementations

* Refactor: use PolicyRepository only

* Refactor tests

* Copy SQL queries to proj and update sqlproj file

* Refactor importCiphersAsync to use new method

* Add EF implementations and tests

* Refactor SQL to remove unnecessary operations
											
										
										
											2021-09-28 06:54:28 +10:00
+								    public async Task<string> GenerateSignInTokenAsync(User user, string purpose)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												Refactor policy checks (#1536)

* Move policy checking logic inside PolicyService

* Refactor to use currentContext.ManagePolicies

* Make orgUser status check more semantic

* Fix single org user checks

* Use CoreHelper implementation to deserialize json

* Refactor policy checks to use db query

* Use new db query for enforcing 2FA Policy

* Add Policy_ReadByTypeApplicableToUser

* Stub out EF implementations

* Refactor: use PolicyRepository only

* Refactor tests

* Copy SQL queries to proj and update sqlproj file

* Refactor importCiphersAsync to use new method

* Add EF implementations and tests

* Refactor SQL to remove unnecessary operations
											
										
										
											2021-09-28 06:54:28 +10:00
+								        var token = await GenerateUserTokenAsync(user, Options.Tokens.PasswordResetTokenProvider,
-												Create sso user api (#886)

* facilitate linking/unlinking existing users from an sso enabled org

* added user_identifier to identity methods for sso

* moved sso user delete method to account controller

* fixed a broken test

* Update AccountsController.cs

* facilitate linking/unlinking existing users from an sso enabled org

* added user_identifier to identity methods for sso

* moved sso user delete method to account controller

* fixed a broken test

* added a token to the existing user sso link flow

* added a token to the existing user sso link flow

* fixed a typo

* added an event log for unlink ssoUser records

* fixed a merge issue

* fixed a busted test

* fixed a busted test

* ran a formatter over everything & changed .vscode settings in .gitignore

* chagned a variable to use string interpolation

* removed a blank line

* Changed TokenPurpose enum to a static class of strings

* code review cleanups

* formatting fix

* Changed parameters & logging for delete sso user

* changed th method used to get organization user for deleting sso user records

Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
											
										
										
											2020-08-26 14:12:04 -04:00
+								            purpose);
-												Refactor policy checks (#1536)

* Move policy checking logic inside PolicyService

* Refactor to use currentContext.ManagePolicies

* Make orgUser status check more semantic

* Fix single org user checks

* Use CoreHelper implementation to deserialize json

* Refactor policy checks to use db query

* Use new db query for enforcing 2FA Policy

* Add Policy_ReadByTypeApplicableToUser

* Stub out EF implementations

* Refactor: use PolicyRepository only

* Refactor tests

* Copy SQL queries to proj and update sqlproj file

* Refactor importCiphersAsync to use new method

* Add EF implementations and tests

* Refactor SQL to remove unnecessary operations
											
										
										
											2021-09-28 06:54:28 +10:00
+								        return token;
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								    }
-												enable email 2fa if joining an org with policy (#658)


											
										
										
											2020-02-28 09:14:33 -05:00
-												Auth/PM-3275 - Changes to support TDE User without MP being able to Set a Password + misc refactoring (#3242)

* PM-3275 - Add new GetMasterPasswordPolicy endpoint which will allow authenticated clients to get an enabled MP org policy if it exists for the purposes of enforcing those policy requirements when setting a password.

* PM-3275 - AccountsController.cs - PostSetPasswordAsync - (1) Convert UserService.setPasswordAsync into new SetInitialMasterPasswordCommand (2) Refactor SetInitialMasterPasswordCommand to only accept post SSO users who are in the invited state
(3) Add TODOs for more cleanup work and more commands

* PM-3275 - Update AccountsControllerTests.cs to add new SetInitialMasterPasswordCommand

* PM-3275 - UserService.cs - Remove non implemented ChangePasswordAsync method

* PM-3275 - The new SetInitialMasterPasswordCommand leveraged the OrganizationService.cs AcceptUserAsync method so while I was in here I converted the AcceptUserAsync methods into a new AcceptOrgUserCommand.cs and turned the private method which accepted an existing org user public for use in the SetInitialMasterPasswordCommand

* PM-3275 - Dotnet format

* PM-3275 - Test SetInitialMasterPasswordCommand

* Dotnet format

* PM-3275 - In process AcceptOrgUserCommandTests.cs

* PM-3275 - Migrate changes from AC-244 / #3199 over into new AcceptOrgUserCommand

* PM-3275 - AcceptOrgUserCommand.cs - create data protector specifically for this command

* PM-3275 - Add TODO for renaming / removing overloading of methods to improve readability / clarity

* PM-3275 - AcceptOrgUserCommand.cs - refactor AcceptOrgUserAsync by OrgId to retrieve orgUser with _organizationUserRepository.GetByOrganizationAsync which gets a single user instead of a collection

* PM-3275 - AcceptOrgUserCommand.cs - update name in TODO for evaluation later

* PM-3275 / PM-1196 - (1) Slightly refactor SsoEmail2faSessionTokenable to provide public static GetTokenLifeTime() method for testing (2) Add missed tests to SsoEmail2faSessionTokenable in preparation for building tests for new OrgUserInviteTokenable.cs

* PM-3275 / PM-1196 - Removing SsoEmail2faSessionTokenable.cs changes + tests as I've handled that separately in a new PR (#3270) for newly created task PM-3925

* PM-3275 - ExpiringTokenable.cs - add clarifying comments to help distinguish between the Valid property and the TokenIsValid method.

* PM-3275 - Create OrgUserInviteTokenable.cs and add tests in OrgUserInviteTokenableTests.cs

* PM-3275 - OrganizationService.cs - Refactor Org User Invite methods to use new OrgUserInviteTokenable instead of manual creation of a token

* PM-3275 - OrgUserInviteTokenable.cs - clarify backwards compat note

* PM-3275 - AcceptOrgUserCommand.cs - Add TODOs + minor name refactor

* PM-3275 - AcceptOrgUserCommand.cs - replace method overloading with more easily readable names.

* PM-3275 - AcceptOrgUserCommand.cs - Update ValidateOrgUserInviteToken to add new token validation while maintaining backwards compatibility for 1 release.

* dotnet format

* PM-3275 - AcceptOrgUserCommand.cs - Move private method below where it is used

* PM-3275 - ServiceCollectionExtensions.cs - Must register IDataProtectorTokenFactory<OrgUserInviteTokenable> for new tokenable

* PM-3275 - OrgUserInviteTokenable needed access to global settings to set its token lifetime to the _globalSettings.OrganizationInviteExpirationHours value.  Creating a factory seemed the most straightforward way to encapsulate the desired creation logic. Unsure if in the correct location in ServiceCollectionExtensions.cs but will figure that out later.

* PM-3275 - In process work of creating AcceptOrgUserCommandTests.cs

* PM-3275 - Remove no longer relevant AcceptOrgUser tests from OrganizationServiceTests.cs

* PM-3275 - Register OrgUserInviteTokenableFactory alongside tokenizer

* PM-3275 - AcceptOrgUserCommandTests.cs - AcceptOrgUserAsync basic test suite completed.

* PM-3275 - AcceptOrgUserCommandTests.cs - tweak test names

* PM-3275 - AcceptOrgUserCommandTests.cs - (1) Remove old tests from OrganizationServiceTests as no longer needed to reference (2) Add summary for SetupCommonAcceptOrgUserMocks (3) Get AcceptOrgUserByToken_OldToken_AcceptsUserAndVerifiesEmail passing

* PM-3275 - Create interface for OrgUserInviteTokenableFactory b/c that's the right thing to do + enables test substitution

* PM-3275 - AcceptOrgUserCommandTests.cs - (1) Start work on AcceptOrgUserByToken_NewToken_AcceptsUserAndVerifiesEmail (2) Create and use SetupCommonAcceptOrgUserByTokenMocks() (3) Create generic FakeDataProtectorTokenFactory for tokenable testing

* PM-3275 - (1) Get AcceptOrgUserByToken_NewToken_AcceptsUserAndVerifiesEmail test passing (2) Move FakeDataProtectorTokenFactory to own file

* PM-3275 - AcceptOrgUserCommandTests.cs - Finish up tests for AcceptOrgUserByTokenAsync

* PM-3275 - Add pseudo section comments

* PM-3275 - Clean up unused params on AcceptOrgUserByToken_EmailMismatch_ThrowsBadRequest test

* PM-3275 - (1) Tests written for AcceptOrgUserByOrgSsoIdAsync (2) Refactor happy path assertions into helper function AssertValidAcceptedOrgUser to reduce code duplication

* PM-3275 - Finish up testing AcceptOrgUserCommandTests.cs by adding tests for AcceptOrgUserByOrgIdAsync

* PM-3275 - Tweaking test naming to ensure consistency.

* PM-3275 - Bugfix - OrgUserInviteTokenableFactory implementation required when declaring singleton service in ServiceCollectionExtensions.cs

* PM-3275 - Resolve failing OrganizationServiceTests.cs

* dotnet format

* PM-3275 - PoliciesController.cs - GetMasterPasswordPolicy bugfix - for orgs without a MP policy, policy comes back as null and we should return notFound in that case.

* PM-3275 - Add PoliciesControllerTests.cs specifically for new GetMasterPasswordPolicy(...) endpoint.

* PM-3275 - dotnet format PoliciesControllerTests.cs

* PM-3275 - PoliciesController.cs - (1) Add tech debt task number (2) Properly flag endpoint as deprecated

* PM-3275 - Add new hasManageResetPasswordPermission property to ProfileResponseModel.cs primarily for sync so that we can condition client side if TDE user obtains elevated permissions

* PM-3275 - Fix AccountsControllerTests.cs

* PM-3275 - OrgUserInviteTokenable.cs - clarify TODO

* PM-3275 - AcceptOrgUserCommand.cs - Refactor token validation to use short circuiting to only run old token validation if new token validation fails.

* PM-3275 - OrgUserInviteTokenable.cs - (1) Add new static methods to centralize validation logic to avoid repetition (2) Add new token validation method so we can avoid having to pass in a full org user (and hitting the db to do so)

* PM-3275 - Realized that the old token validation was used in the PoliciesController.cs (existing user clicks invite link in email and goes to log in) and UserService.cs (user clicks invite link in email and registers for a new acct). Added tech debt item for cleaning up backwards compatibility in future.

* dotnet format

* PM-3275 - (1) AccountsController.cs - Update PostSetPasswordAsync SetPasswordRequestModel to allow null keys for the case where we have a TDE user who obtains elevated permissions - they already have a user public and user encrypted private key saved in the db. (2) AccountsControllerTests.cs - test PostSetPasswordAsync scenarios to ensure changes will work as expected.

* PM-3275 - PR review feedback - (1) set CurrentContext to private (2) Refactor GetProfile to use variables to improve clarity and simplify debugging.

* PM-3275 - SyncController.cs - PR Review Feedback - Set current context as private instead of protected.

* PM-3275 - CurrentContextExtensions.cs - PR Feedback - move parenthesis up from own line.

* PM-3275 - SetInitialMasterPasswordCommandTests.cs - Replace unnecessary variable

* PM-3275 - SetInitialMasterPasswordCommandTests.cs - PR Feedback - Add expected outcome statement to test name

* PM-3275 - Set Initial Password command and tests - PR Feedback changes - (1) Rename orgIdentifier --> OrgSsoIdentifier for clarity (2) Update SetInitialMasterPasswordAsync to not allow null orgSsoId with explicit message saying this vs letting null org trigger invalid organization (3) Add test to cover this new scenario.

* PM-3275 - SetInitialMasterPasswordCommand.cs - Move summary from implementation to interface to better respect standards and the fact that the interface is the more seen piece of code.

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, rename AcceptOrgUserByTokenAsync -> AcceptOrgUserByEmailTokenAsync + replace generic name token with emailToken

* PM-3275 - OrganizationService.cs - Per PR feedback, remove dupe line

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, remove new lines in error messages for consistency.

* PM-3275 - SetInitialMasterPasswordCommand.cs - Per PR feedback, adjust formatting of constructor for improved readability.

* PM-3275 - CurrentContextExtensions.cs - Refactor AnyOrgUserHasManageResetPasswordPermission per PR feedback to remove unnecessary var.

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, remove completed TODO

* PM-3275 - PoliciesController.cs - Per PR feedback, update GetByInvitedUser param to be guid instead of string.

* PM-3275 - OrgUserInviteTokenable.cs - per PR feedback, add tech debt item info.

* PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, use const purpose from tokenable instead of magic string.

* PM-3275 - Restore non duplicate line to fix tests

* PM-3275 - Per PR feedback, revert all sync controller changes as the ProfileResponseModel.organizations array has org objects which have permissions which have the ManageResetPassword permission.  So, I have the information that I need clientside already to determine if the user has the ManageResetPassword in any org.

* PM-3275 - PoliciesControllerTests.cs - Update imports as the PoliciesController was moved under the admin console team's domain.

* PM-3275 - Resolve issues from merge conflict resolutions to get solution building.

* PM-3275 / PM-4633 - PoliciesController.cs - use orgUserId to look up user instead of orgId. Oops.

* Fix user service tests

* Resolve merge conflict
											
										
										
											2023-11-02 11:02:25 -04:00
+								    public async Task<IdentityResult> UpdatePasswordHash(User user, string newPassword,
-												enable email 2fa if joining an org with policy (#658)


											
										
										
											2020-02-28 09:14:33 -05:00
+								        bool validatePassword = true, bool refreshStamp = true)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												enable email 2fa if joining an org with policy (#658)


											
										
										
											2020-02-28 09:14:33 -05:00
+								        if (validatePassword)
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								        {
-												enable email 2fa if joining an org with policy (#658)


											
										
										
											2020-02-28 09:14:33 -05:00
+								            var validate = await ValidatePasswordInternal(user, newPassword);
 								            if (!validate.Succeeded)
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								            {
-												enable email 2fa if joining an org with policy (#658)


											
										
										
											2020-02-28 09:14:33 -05:00
+								                return validate;
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								            }
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        }
-												enable email 2fa if joining an org with policy (#658)


											
										
										
											2020-02-28 09:14:33 -05:00
-												refactor to a new two-factor controller

											
										
										
											2017-06-19 22:08:10 -04:00
+								        user.MasterPassword = _passwordHasher.HashPassword(user, newPassword);
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        if (refreshStamp)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												refactor to a new two-factor controller

											
										
										
											2017-06-19 22:08:10 -04:00
+								            user.SecurityStamp = Guid.NewGuid().ToString();
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        }
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								        return IdentityResult.Success;
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												[PM-6794] block legacy users from authN (#4088)

* block legacy users from authN

* undo change to GetDeviceFromRequest

* lint

* add feature flag

* format

* add web vault url to error message

* fix test

* format
											
										
										
											2024-06-03 09:19:56 -04:00
+								    public async Task<bool> IsLegacyUser(string userId)
 								    {
 								        if (string.IsNullOrWhiteSpace(userId))
 								        {
 								            return false;
 								        }
 								        var user = await FindByIdAsync(userId);
 								        if (user == null)
 								        {
 								            return false;
 								        }
 								        return IsLegacyUser(user);
 								    }
-												[PM-10311] Account Management: Create helper methods for checking against verified domains (#4636)

* Add HasVerifiedDomainsAsync method to IOrganizationDomainService

* Add GetManagedUserIdsByOrganizationIdAsync method to IOrganizationUserRepository and the corresponding queries

* Fix case on the sproc OrganizationUser_ReadManagedIdsByOrganizationId parameter

* Update the EF query to use the Email from the User table

* dotnet format

* Fix IOrganizationDomainService.HasVerifiedDomainsAsync by checking that domains have been Verified and add unit tests

* Rename IOrganizationUserRepository.GetManagedUserIdsByOrganizationAsync

* Fix domain queries

* Add OrganizationUserRepository integration tests

* Add summary to IOrganizationDomainService.HasVerifiedDomainsAsync

* chore: Rename IOrganizationUserRepository.GetManagedUserIdsByOrganizationAsync to GetManyIdsManagedByOrganizationIdAsync

* Add IsManagedByAnyOrganizationAsync method to IUserRepository

* Add integration tests for UserRepository.IsManagedByAnyOrganizationAsync

* Refactor to IUserService.IsManagedByAnyOrganizationAsync and IOrganizationService.GetUsersOrganizationManagementStatusAsync

* chore: Refactor IsManagedByAnyOrganizationAsync method in UserService

* Refactor IOrganizationService.GetUsersOrganizationManagementStatusAsync to return IDictionary<Guid, bool>

* Extract IOrganizationService.GetUsersOrganizationManagementStatusAsync into a query

* Update comments in OrganizationDomainService to use proper capitalization

* Move OrganizationDomainService to AdminConsole ownership and update namespace

* feat: Add support for organization domains in enterprise plans

* feat: Add HasOrganizationDomains property to OrganizationAbility class

* refactor: Update GetOrganizationUsersManagementStatusQuery to use IApplicationCacheService

* Remove HasOrganizationDomains and use UseSso to check if Organization can have Verified Domains

* Refactor UserService.IsManagedByAnyOrganizationAsync to simply check the UseSso flag

* Add TODO comment for replacing 'UseSso' organization ability on user verified domain checks

* Bump date on migration script

* Add indexes to OrganizationDomain table

* Bump script migration date; Remove WITH ONLINE = ON from data migration.
											
										
										
											2024-09-11 11:29:57 +01:00
+								    public async Task<bool> IsManagedByAnyOrganizationAsync(Guid userId)
-												[PM-11334] Add managed status to sync data (#4791)

* Refactor UserService to add GetOrganizationManagingUserAsync method to retrive the organization that manages a user

* Refactor SyncController and AccountsController to include ManagedByOrganizationId in profile response
											
										
										
											2024-09-26 11:21:51 +01:00
+								    {
-												[PM-11404] Account Management: Prevent a verified user from purging their vault (#4853)

* Add check for managed user before purging account

* Rename IOrganizationRepository.GetByClaimedUserDomainAsync to GetByVerifiedUserEmailDomainAsync and refactor to return a list. Remove ManagedByOrganizationId from ProfileResponseMode. Add ManagesActiveUser to ProfileOrganizationResponseModel

* Rename the property ManagesActiveUser to UserIsManagedByOrganization

* Remove whole class #nullable enable and add it to specific places

* Remove unnecessary .ToList()

* Refactor IUserService methods GetOrganizationsManagingUserAsync and IsManagedByAnyOrganizationAsync to not return nullable objects. Update ProfileOrganizationResponseModel.UserIsManagedByOrganization to not be nullable

* Update error message when unable to purge vault for managed account
											
										
										
											2024-10-17 16:06:32 +01:00
+								        var managingOrganizations = await GetOrganizationsManagingUserAsync(userId);
 								        return managingOrganizations.Any();
-												[PM-11334] Add managed status to sync data (#4791)

* Refactor UserService to add GetOrganizationManagingUserAsync method to retrive the organization that manages a user

* Refactor SyncController and AccountsController to include ManagedByOrganizationId in profile response
											
										
										
											2024-09-26 11:21:51 +01:00
+								    }
-												[PM-11404] Account Management: Prevent a verified user from purging their vault (#4853)

* Add check for managed user before purging account

* Rename IOrganizationRepository.GetByClaimedUserDomainAsync to GetByVerifiedUserEmailDomainAsync and refactor to return a list. Remove ManagedByOrganizationId from ProfileResponseMode. Add ManagesActiveUser to ProfileOrganizationResponseModel

* Rename the property ManagesActiveUser to UserIsManagedByOrganization

* Remove whole class #nullable enable and add it to specific places

* Remove unnecessary .ToList()

* Refactor IUserService methods GetOrganizationsManagingUserAsync and IsManagedByAnyOrganizationAsync to not return nullable objects. Update ProfileOrganizationResponseModel.UserIsManagedByOrganization to not be nullable

* Update error message when unable to purge vault for managed account
											
										
										
											2024-10-17 16:06:32 +01:00
+								    public async Task<IEnumerable<Organization>> GetOrganizationsManagingUserAsync(Guid userId)
-												[PM-10311] Account Management: Create helper methods for checking against verified domains (#4636)

* Add HasVerifiedDomainsAsync method to IOrganizationDomainService

* Add GetManagedUserIdsByOrganizationIdAsync method to IOrganizationUserRepository and the corresponding queries

* Fix case on the sproc OrganizationUser_ReadManagedIdsByOrganizationId parameter

* Update the EF query to use the Email from the User table

* dotnet format

* Fix IOrganizationDomainService.HasVerifiedDomainsAsync by checking that domains have been Verified and add unit tests

* Rename IOrganizationUserRepository.GetManagedUserIdsByOrganizationAsync

* Fix domain queries

* Add OrganizationUserRepository integration tests

* Add summary to IOrganizationDomainService.HasVerifiedDomainsAsync

* chore: Rename IOrganizationUserRepository.GetManagedUserIdsByOrganizationAsync to GetManyIdsManagedByOrganizationIdAsync

* Add IsManagedByAnyOrganizationAsync method to IUserRepository

* Add integration tests for UserRepository.IsManagedByAnyOrganizationAsync

* Refactor to IUserService.IsManagedByAnyOrganizationAsync and IOrganizationService.GetUsersOrganizationManagementStatusAsync

* chore: Refactor IsManagedByAnyOrganizationAsync method in UserService

* Refactor IOrganizationService.GetUsersOrganizationManagementStatusAsync to return IDictionary<Guid, bool>

* Extract IOrganizationService.GetUsersOrganizationManagementStatusAsync into a query

* Update comments in OrganizationDomainService to use proper capitalization

* Move OrganizationDomainService to AdminConsole ownership and update namespace

* feat: Add support for organization domains in enterprise plans

* feat: Add HasOrganizationDomains property to OrganizationAbility class

* refactor: Update GetOrganizationUsersManagementStatusQuery to use IApplicationCacheService

* Remove HasOrganizationDomains and use UseSso to check if Organization can have Verified Domains

* Refactor UserService.IsManagedByAnyOrganizationAsync to simply check the UseSso flag

* Add TODO comment for replacing 'UseSso' organization ability on user verified domain checks

* Bump date on migration script

* Add indexes to OrganizationDomain table

* Bump script migration date; Remove WITH ONLINE = ON from data migration.
											
										
										
											2024-09-11 11:29:57 +01:00
+								    {
-												[PM-11404] Account Management: Prevent a verified user from purging their vault (#4853)

* Add check for managed user before purging account

* Rename IOrganizationRepository.GetByClaimedUserDomainAsync to GetByVerifiedUserEmailDomainAsync and refactor to return a list. Remove ManagedByOrganizationId from ProfileResponseMode. Add ManagesActiveUser to ProfileOrganizationResponseModel

* Rename the property ManagesActiveUser to UserIsManagedByOrganization

* Remove whole class #nullable enable and add it to specific places

* Remove unnecessary .ToList()

* Refactor IUserService methods GetOrganizationsManagingUserAsync and IsManagedByAnyOrganizationAsync to not return nullable objects. Update ProfileOrganizationResponseModel.UserIsManagedByOrganization to not be nullable

* Update error message when unable to purge vault for managed account
											
										
										
											2024-10-17 16:06:32 +01:00
+								        if (!_featureService.IsEnabled(FeatureFlagKeys.AccountDeprovisioning))
 								        {
 								            return Enumerable.Empty<Organization>();
 								        }
 								        // Get all organizations that have verified the user's email domain.
 								        var organizationsWithVerifiedUserEmailDomain = await _organizationRepository.GetByVerifiedUserEmailDomainAsync(userId);
-												[PM-10311] Account Management: Create helper methods for checking against verified domains (#4636)

* Add HasVerifiedDomainsAsync method to IOrganizationDomainService

* Add GetManagedUserIdsByOrganizationIdAsync method to IOrganizationUserRepository and the corresponding queries

* Fix case on the sproc OrganizationUser_ReadManagedIdsByOrganizationId parameter

* Update the EF query to use the Email from the User table

* dotnet format

* Fix IOrganizationDomainService.HasVerifiedDomainsAsync by checking that domains have been Verified and add unit tests

* Rename IOrganizationUserRepository.GetManagedUserIdsByOrganizationAsync

* Fix domain queries

* Add OrganizationUserRepository integration tests

* Add summary to IOrganizationDomainService.HasVerifiedDomainsAsync

* chore: Rename IOrganizationUserRepository.GetManagedUserIdsByOrganizationAsync to GetManyIdsManagedByOrganizationIdAsync

* Add IsManagedByAnyOrganizationAsync method to IUserRepository

* Add integration tests for UserRepository.IsManagedByAnyOrganizationAsync

* Refactor to IUserService.IsManagedByAnyOrganizationAsync and IOrganizationService.GetUsersOrganizationManagementStatusAsync

* chore: Refactor IsManagedByAnyOrganizationAsync method in UserService

* Refactor IOrganizationService.GetUsersOrganizationManagementStatusAsync to return IDictionary<Guid, bool>

* Extract IOrganizationService.GetUsersOrganizationManagementStatusAsync into a query

* Update comments in OrganizationDomainService to use proper capitalization

* Move OrganizationDomainService to AdminConsole ownership and update namespace

* feat: Add support for organization domains in enterprise plans

* feat: Add HasOrganizationDomains property to OrganizationAbility class

* refactor: Update GetOrganizationUsersManagementStatusQuery to use IApplicationCacheService

* Remove HasOrganizationDomains and use UseSso to check if Organization can have Verified Domains

* Refactor UserService.IsManagedByAnyOrganizationAsync to simply check the UseSso flag

* Add TODO comment for replacing 'UseSso' organization ability on user verified domain checks

* Bump date on migration script

* Add indexes to OrganizationDomain table

* Bump script migration date; Remove WITH ONLINE = ON from data migration.
											
										
										
											2024-09-11 11:29:57 +01:00
-												[PM-11404] Account Management: Prevent a verified user from purging their vault (#4853)

* Add check for managed user before purging account

* Rename IOrganizationRepository.GetByClaimedUserDomainAsync to GetByVerifiedUserEmailDomainAsync and refactor to return a list. Remove ManagedByOrganizationId from ProfileResponseMode. Add ManagesActiveUser to ProfileOrganizationResponseModel

* Rename the property ManagesActiveUser to UserIsManagedByOrganization

* Remove whole class #nullable enable and add it to specific places

* Remove unnecessary .ToList()

* Refactor IUserService methods GetOrganizationsManagingUserAsync and IsManagedByAnyOrganizationAsync to not return nullable objects. Update ProfileOrganizationResponseModel.UserIsManagedByOrganization to not be nullable

* Update error message when unable to purge vault for managed account
											
										
										
											2024-10-17 16:06:32 +01:00
+								        // Organizations must be enabled and able to have verified domains.
-												[PM-10311] Account Management: Create helper methods for checking against verified domains (#4636)

* Add HasVerifiedDomainsAsync method to IOrganizationDomainService

* Add GetManagedUserIdsByOrganizationIdAsync method to IOrganizationUserRepository and the corresponding queries

* Fix case on the sproc OrganizationUser_ReadManagedIdsByOrganizationId parameter

* Update the EF query to use the Email from the User table

* dotnet format

* Fix IOrganizationDomainService.HasVerifiedDomainsAsync by checking that domains have been Verified and add unit tests

* Rename IOrganizationUserRepository.GetManagedUserIdsByOrganizationAsync

* Fix domain queries

* Add OrganizationUserRepository integration tests

* Add summary to IOrganizationDomainService.HasVerifiedDomainsAsync

* chore: Rename IOrganizationUserRepository.GetManagedUserIdsByOrganizationAsync to GetManyIdsManagedByOrganizationIdAsync

* Add IsManagedByAnyOrganizationAsync method to IUserRepository

* Add integration tests for UserRepository.IsManagedByAnyOrganizationAsync

* Refactor to IUserService.IsManagedByAnyOrganizationAsync and IOrganizationService.GetUsersOrganizationManagementStatusAsync

* chore: Refactor IsManagedByAnyOrganizationAsync method in UserService

* Refactor IOrganizationService.GetUsersOrganizationManagementStatusAsync to return IDictionary<Guid, bool>

* Extract IOrganizationService.GetUsersOrganizationManagementStatusAsync into a query

* Update comments in OrganizationDomainService to use proper capitalization

* Move OrganizationDomainService to AdminConsole ownership and update namespace

* feat: Add support for organization domains in enterprise plans

* feat: Add HasOrganizationDomains property to OrganizationAbility class

* refactor: Update GetOrganizationUsersManagementStatusQuery to use IApplicationCacheService

* Remove HasOrganizationDomains and use UseSso to check if Organization can have Verified Domains

* Refactor UserService.IsManagedByAnyOrganizationAsync to simply check the UseSso flag

* Add TODO comment for replacing 'UseSso' organization ability on user verified domain checks

* Bump date on migration script

* Add indexes to OrganizationDomain table

* Bump script migration date; Remove WITH ONLINE = ON from data migration.
											
										
										
											2024-09-11 11:29:57 +01:00
+								        // TODO: Replace "UseSso" with a new organization ability like "UseOrganizationDomains" (PM-11622).
 								        // Verified domains were tied to SSO, so we currently check the "UseSso" organization ability.
-												[PM-11404] Account Management: Prevent a verified user from purging their vault (#4853)

* Add check for managed user before purging account

* Rename IOrganizationRepository.GetByClaimedUserDomainAsync to GetByVerifiedUserEmailDomainAsync and refactor to return a list. Remove ManagedByOrganizationId from ProfileResponseMode. Add ManagesActiveUser to ProfileOrganizationResponseModel

* Rename the property ManagesActiveUser to UserIsManagedByOrganization

* Remove whole class #nullable enable and add it to specific places

* Remove unnecessary .ToList()

* Refactor IUserService methods GetOrganizationsManagingUserAsync and IsManagedByAnyOrganizationAsync to not return nullable objects. Update ProfileOrganizationResponseModel.UserIsManagedByOrganization to not be nullable

* Update error message when unable to purge vault for managed account
											
										
										
											2024-10-17 16:06:32 +01:00
+								        return organizationsWithVerifiedUserEmailDomain.Where(organization => organization is { Enabled: true, UseSso: true });
-												[PM-10311] Account Management: Create helper methods for checking against verified domains (#4636)

* Add HasVerifiedDomainsAsync method to IOrganizationDomainService

* Add GetManagedUserIdsByOrganizationIdAsync method to IOrganizationUserRepository and the corresponding queries

* Fix case on the sproc OrganizationUser_ReadManagedIdsByOrganizationId parameter

* Update the EF query to use the Email from the User table

* dotnet format

* Fix IOrganizationDomainService.HasVerifiedDomainsAsync by checking that domains have been Verified and add unit tests

* Rename IOrganizationUserRepository.GetManagedUserIdsByOrganizationAsync

* Fix domain queries

* Add OrganizationUserRepository integration tests

* Add summary to IOrganizationDomainService.HasVerifiedDomainsAsync

* chore: Rename IOrganizationUserRepository.GetManagedUserIdsByOrganizationAsync to GetManyIdsManagedByOrganizationIdAsync

* Add IsManagedByAnyOrganizationAsync method to IUserRepository

* Add integration tests for UserRepository.IsManagedByAnyOrganizationAsync

* Refactor to IUserService.IsManagedByAnyOrganizationAsync and IOrganizationService.GetUsersOrganizationManagementStatusAsync

* chore: Refactor IsManagedByAnyOrganizationAsync method in UserService

* Refactor IOrganizationService.GetUsersOrganizationManagementStatusAsync to return IDictionary<Guid, bool>

* Extract IOrganizationService.GetUsersOrganizationManagementStatusAsync into a query

* Update comments in OrganizationDomainService to use proper capitalization

* Move OrganizationDomainService to AdminConsole ownership and update namespace

* feat: Add support for organization domains in enterprise plans

* feat: Add HasOrganizationDomains property to OrganizationAbility class

* refactor: Update GetOrganizationUsersManagementStatusQuery to use IApplicationCacheService

* Remove HasOrganizationDomains and use UseSso to check if Organization can have Verified Domains

* Refactor UserService.IsManagedByAnyOrganizationAsync to simply check the UseSso flag

* Add TODO comment for replacing 'UseSso' organization ability on user verified domain checks

* Bump date on migration script

* Add indexes to OrganizationDomain table

* Bump script migration date; Remove WITH ONLINE = ON from data migration.
											
										
										
											2024-09-11 11:29:57 +01:00
+								    }
-												[PM-6794] block legacy users from authN (#4088)

* block legacy users from authN

* undo change to GetDeviceFromRequest

* lint

* add feature flag

* format

* add web vault url to error message

* fix test

* format
											
										
										
											2024-06-03 09:19:56 -04:00
+								    /// <inheritdoc cref="IsLegacyUser(string)"/>
 								    public static bool IsLegacyUser(User user)
 								    {
 								        return user.Key == null && user.MasterPassword != null && user.PrivateKey != null;
 								    }
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								    private async Task<IdentityResult> ValidatePasswordInternal(User user, string password)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								        var errors = new List<IdentityError>();
 								        foreach (var v in _passwordValidators)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            var result = await v.ValidateAsync(this, user, password);
 								            if (!result.Succeeded)
-												enable email 2fa if joining an org with policy (#658)


											
										
										
											2020-02-28 09:14:33 -05:00
+								            {
 								                errors.AddRange(result.Errors);
 								            }
 								        }
-												`CheckPoliciesOnTwoFactorRemoval` for 2fa recovery (#659)


											
										
										
											2020-02-28 10:23:19 -05:00
 								        if (errors.Count > 0)
 								        {
-												Refactor policy checks (#1536)

* Move policy checking logic inside PolicyService

* Refactor to use currentContext.ManagePolicies

* Make orgUser status check more semantic

* Fix single org user checks

* Use CoreHelper implementation to deserialize json

* Refactor policy checks to use db query

* Use new db query for enforcing 2FA Policy

* Add Policy_ReadByTypeApplicableToUser

* Stub out EF implementations

* Refactor: use PolicyRepository only

* Refactor tests

* Copy SQL queries to proj and update sqlproj file

* Refactor importCiphersAsync to use new method

* Add EF implementations and tests

* Refactor SQL to remove unnecessary operations
											
										
										
											2021-09-28 06:54:28 +10:00
+								            Logger.LogWarning("User {userId} password validation failed: {errors}.", await GetUserIdAsync(user),
 								                string.Join(";", errors.Select(e => e.Code)));
 								            return IdentityResult.Failed(errors.ToArray());
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        }
-												Refactor policy checks (#1536)

* Move policy checking logic inside PolicyService

* Refactor to use currentContext.ManagePolicies

* Make orgUser status check more semantic

* Fix single org user checks

* Use CoreHelper implementation to deserialize json

* Refactor policy checks to use db query

* Use new db query for enforcing 2FA Policy

* Add Policy_ReadByTypeApplicableToUser

* Stub out EF implementations

* Refactor: use PolicyRepository only

* Refactor tests

* Copy SQL queries to proj and update sqlproj file

* Refactor importCiphersAsync to use new method

* Add EF implementations and tests

* Refactor SQL to remove unnecessary operations
											
										
										
											2021-09-28 06:54:28 +10:00
 								        return IdentityResult.Success;
 								    }
 								    public void SetTwoFactorProvider(User user, TwoFactorProviderType type, bool setEnabled = true)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												Refactor policy checks (#1536)

* Move policy checking logic inside PolicyService

* Refactor to use currentContext.ManagePolicies

* Make orgUser status check more semantic

* Fix single org user checks

* Use CoreHelper implementation to deserialize json

* Refactor policy checks to use db query

* Use new db query for enforcing 2FA Policy

* Add Policy_ReadByTypeApplicableToUser

* Stub out EF implementations

* Refactor: use PolicyRepository only

* Refactor tests

* Copy SQL queries to proj and update sqlproj file

* Refactor importCiphersAsync to use new method

* Add EF implementations and tests

* Refactor SQL to remove unnecessary operations
											
										
										
											2021-09-28 06:54:28 +10:00
+								        var providers = user.GetTwoFactorProviders();
 								        if (!providers?.ContainsKey(type) ?? true)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												Refactor policy checks (#1536)

* Move policy checking logic inside PolicyService

* Refactor to use currentContext.ManagePolicies

* Make orgUser status check more semantic

* Fix single org user checks

* Use CoreHelper implementation to deserialize json

* Refactor policy checks to use db query

* Use new db query for enforcing 2FA Policy

* Add Policy_ReadByTypeApplicableToUser

* Stub out EF implementations

* Refactor: use PolicyRepository only

* Refactor tests

* Copy SQL queries to proj and update sqlproj file

* Refactor importCiphersAsync to use new method

* Add EF implementations and tests

* Refactor SQL to remove unnecessary operations
											
										
										
											2021-09-28 06:54:28 +10:00
+								            return;
-												`CheckPoliciesOnTwoFactorRemoval` for 2fa recovery (#659)


											
										
										
											2020-02-28 10:23:19 -05:00
+								        }
-												reference event changes and cleanup (#823)


											
										
										
											2020-07-15 12:38:45 -04:00
 								        if (setEnabled)
 								        {
 								            providers[type].Enabled = true;
 								        }
-												use fixed-time comparison of secrets (#1698)


											
										
										
											2021-11-08 15:55:42 -05:00
+								        user.SetTwoFactorProviders(providers);
-												Implement User-based API Keys (#981)

* added column ApiKey to dbo.User

* added dbo.User.ApiKey to User_Update

* added dbo.User.ApiKey to User_Create

* wrote migration script for implementing dbo.User.ApiKey

* Added ApiKey prop to the User table model

* Created AccountsController method for getting a user's API Key

* Created AccountsController method for rotating a user API key

* Added support to ApiClient for passed-through ClientSecrets when the request comes from the cli

* Added a new conditional to ClientStore to account for user API keys

* Wrote unit tests for new user API Key methods

* Added a refresh of dbo.UserView to new migration script for ApiKey

* Let client_credentials grants into the custom token logic

* Cleanup for ApiKey auth in the CLI feature

* Created user API key on registration

* Removed uneeded code for user API keys

* Changed a .Contains() to a .StartsWith() in ClientStore

* Changed index that an array is searched on

* Added more claims to the user apikey clients

* Moved some claim finding logic to a helper method
											
										
										
											2020-11-10 15:15:29 -05:00
 								        if (string.IsNullOrWhiteSpace(user.TwoFactorRecoveryCode))
 								        {
 								            user.TwoFactorRecoveryCode = CoreHelpers.SecureRandomString(32, upper: false, special: false);
 								        }
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
-												[AC-607] Extract IOrganizationService.DeleteUserAsync into IRemoveOrganizationUserCommand (#4803)

* Add HasConfirmedOwnersExceptQuery class, interface and unit tests

* Register IHasConfirmedOwnersExceptQuery for dependency injection

* Replace OrganizationService.HasConfirmedOwnersExceptAsync with HasConfirmedOwnersExceptQuery

* Refactor DeleteManagedOrganizationUserAccountCommand to use IHasConfirmedOwnersExceptQuery

* Fix unit tests

* Extract IOrganizationService.RemoveUserAsync into IRemoveOrganizationUserCommand; Update unit tests

* Extract IOrganizationService.RemoveUsersAsync into IRemoveOrganizationUserCommand; Update unit tests

* Refactor RemoveUserAsync(Guid organizationId, Guid userId) to use ValidateDeleteUser

* Refactor RemoveOrganizationUserCommandTests to use more descriptive method names

* Refactor controller actions to accept Guid directly instead of parsing strings

* Add unit tests for removing OrganizationUser by UserId

* Refactor remove OrganizationUser by UserId method

* Add summary to IHasConfirmedOwnersExceptQuery
											
										
										
											2024-10-16 10:33:00 +01:00
+								    private async Task CheckPoliciesOnTwoFactorRemovalAsync(User user)
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								    {
-												[EC-787] Create a method in PolicyService to check if a policy applies to a user (#2537)

* [EC-787] Add new stored procedure OrganizationUser_ReadByUserIdWithPolicyDetails

* [EC-787] Add new method IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync

* [EC-787] Add OrganizationUserPolicyDetails to represent policies applicable to a specific user

* [EC-787] Add method IPolicyService.GetPoliciesApplicableToUser to filter the obtained policy data

* [EC-787] Returning PolicyData on stored procedures

* [EC-787] Changed GetPoliciesApplicableToUserAsync to return ICollection

* [EC-787] Switched all usings of IPolicyRepository.GetManyByTypeApplicableToUserIdAsync to IPolicyService.GetPoliciesApplicableToUserAsync

* [EC-787] Removed policy logic from BaseRequestValidator and added usage of IPolicyService.GetPoliciesApplicableToUserAsync

* [EC-787] Added unit tests for IPolicyService.GetPoliciesApplicableToUserAsync

* [EC-787] Added unit tests for OrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync

* [EC-787] Changed integration test to check for single result

* [EC-787] Marked IPolicyRepository methods GetManyByTypeApplicableToUserIdAsync and GetCountByTypeApplicableToUserIdAsync as obsolete

* [EC-787] Returning OrganizationUserId on OrganizationUser_ReadByUserIdWithPolicyDetails

* [EC-787] Remove deprecated stored procedures Policy_CountByTypeApplicableToUser, Policy_ReadByTypeApplicableToUser and function PolicyApplicableToUser

* [EC-787] Added method IPolicyService.AnyPoliciesApplicableToUserAsync

* [EC-787] Removed 'OrganizationUserType' parameter from queries

* [EC-787] Formatted OrganizationUserPolicyDetailsCompare

* [EC-787] Renamed SQL migration files

* [EC-787] Changed OrganizationUser_ReadByUserIdWithPolicyDetails to return Permissions json

* [EC-787] Refactored excluded user types for each Policy

* [EC-787] Updated dates on dbo_future files

* [EC-787] Remove dbo_future files from sql proj

* [EC-787] Added parameter PolicyType to IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync

* [EC-787] Rewrote OrganizationUser_ReadByUserIdWithPolicyDetails and added parameter for PolicyType

* Update util/Migrator/DbScripts/2023-03-10_00_OrganizationUserReadByUserIdWithPolicyDetails.sql

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

---------

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
											
										
										
											2023-05-12 08:22:19 +01:00
+								        var twoFactorPolicies = await _policyService.GetPoliciesApplicableToUserAsync(user.Id, PolicyType.TwoFactorAuthentication);
-												[PM-15547] Revoke managed user on 2FA removal if enforced by organization policy (#5124)

* Revoke managed user on 2FA removal if enforced by organization policy

* Rename TwoFactorDisabling to TwoFactorDisabled in EventSystemUser enum
											
										
										
											2024-12-13 11:32:29 +00:00
+								        var organizationsManagingUser = await GetOrganizationsManagingUserAsync(user.Id);
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
 								        var removeOrgUserTasks = twoFactorPolicies.Select(async p =>
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								        {
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								            var organization = await _organizationRepository.GetByIdAsync(p.OrganizationId);
-												[PM-15547] Revoke managed user on 2FA removal if enforced by organization policy (#5124)

* Revoke managed user on 2FA removal if enforced by organization policy

* Rename TwoFactorDisabling to TwoFactorDisabled in EventSystemUser enum
											
										
										
											2024-12-13 11:32:29 +00:00
+								            if (_featureService.IsEnabled(FeatureFlagKeys.AccountDeprovisioning) && organizationsManagingUser.Any(o => o.Id == p.OrganizationId))
 								            {
 								                await _revokeNonCompliantOrganizationUserCommand.RevokeNonCompliantOrganizationUsersAsync(
 								                    new RevokeOrganizationUsersRequest(
 								                        p.OrganizationId,
 								                        [new OrganizationUserUserDetails { UserId = user.Id, OrganizationId = p.OrganizationId }],
 								                        new SystemUser(EventSystemUser.TwoFactorDisabled)));
 								                await _mailService.SendOrganizationUserRevokedForTwoFactoryPolicyEmailAsync(organization.DisplayName(), user.Email);
 								            }
 								            else
 								            {
 								                await _removeOrganizationUserCommand.RemoveUserAsync(p.OrganizationId, user.Id);
 								                await _mailService.SendOrganizationUserRemovedForPolicyTwoStepEmailAsync(
 								                    organization.DisplayName(), user.Email);
 								            }
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								        }).ToArray();
 								        await Task.WhenAll(removeOrgUserTasks);
 								    }
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								    public override async Task<IdentityResult> ConfirmEmailAsync(User user, string token)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								        var result = await base.ConfirmEmailAsync(user, token);
 								        if (result.Succeeded)
 								        {
 								            await _referenceEventService.RaiseEventAsync(
-												[PM-214] Extend Reference Events (#2926)

* Extend ReferenceEvents

Add ClientId and ClientVersion
Modify all callsites to pass in currentContext if available to fill ClientId and ClientVersion

* Extend ReferenceEvent to save if Send has notes
											
										
										
											2023-05-16 16:21:57 +02:00
+								                new ReferenceEvent(ReferenceEventType.ConfirmEmailAddress, user, _currentContext));
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								        }
-												reference event changes and cleanup (#823)


											
										
										
											2020-07-15 12:38:45 -04:00
+								        return result;
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												Implement User-based API Keys (#981)

* added column ApiKey to dbo.User

* added dbo.User.ApiKey to User_Update

* added dbo.User.ApiKey to User_Create

* wrote migration script for implementing dbo.User.ApiKey

* Added ApiKey prop to the User table model

* Created AccountsController method for getting a user's API Key

* Created AccountsController method for rotating a user API key

* Added support to ApiClient for passed-through ClientSecrets when the request comes from the cli

* Added a new conditional to ClientStore to account for user API keys

* Wrote unit tests for new user API Key methods

* Added a refresh of dbo.UserView to new migration script for ApiKey

* Let client_credentials grants into the custom token logic

* Cleanup for ApiKey auth in the CLI feature

* Created user API key on registration

* Removed uneeded code for user API keys

* Changed a .Contains() to a .StartsWith() in ClientStore

* Changed index that an array is searched on

* Added more claims to the user apikey clients

* Moved some claim finding logic to a helper method
											
										
										
											2020-11-10 15:15:29 -05:00
+								    public async Task RotateApiKeyAsync(User user)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												APIs for premium. Billing helpers.

											
										
										
											2017-07-06 14:55:58 -04:00
+								        user.ApiKey = CoreHelpers.SecureRandomString(30);
-												Implement User-based API Keys (#981)

* added column ApiKey to dbo.User

* added dbo.User.ApiKey to User_Update

* added dbo.User.ApiKey to User_Create

* wrote migration script for implementing dbo.User.ApiKey

* Added ApiKey prop to the User table model

* Created AccountsController method for getting a user's API Key

* Created AccountsController method for rotating a user API key

* Added support to ApiClient for passed-through ClientSecrets when the request comes from the cli

* Added a new conditional to ClientStore to account for user API keys

* Wrote unit tests for new user API Key methods

* Added a refresh of dbo.UserView to new migration script for ApiKey

* Let client_credentials grants into the custom token logic

* Cleanup for ApiKey auth in the CLI feature

* Created user API key on registration

* Removed uneeded code for user API keys

* Changed a .Contains() to a .StartsWith() in ClientStore

* Changed index that an array is searched on

* Added more claims to the user apikey clients

* Moved some claim finding logic to a helper method
											
										
										
											2020-11-10 15:15:29 -05:00
+								        user.RevisionDate = DateTime.UtcNow;
 								        await _userRepository.ReplaceAsync(user);
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												PS-82 check send 2FA email for new devices on TwoFactorController send-email-login (#1977)


											
										
										
											2022-04-28 13:14:09 -03:00
 								    public async Task SendOTPAsync(User user)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												[PM-12512] Add Endpoint to allow users to request a new device otp (#5146)

feat(NewDeviceVerification): Added a resend new device OTP endpoint and method for the IUserService as well as wrote test for new methods for the user service.
											
										
										
											2024-12-16 07:57:56 -08:00
+								        if (string.IsNullOrEmpty(user.Email))
-												PS-82 check send 2FA email for new devices on TwoFactorController send-email-login (#1977)


											
										
										
											2022-04-28 13:14:09 -03:00
+								        {
 								            throw new BadRequestException("No user email.");
 								        }
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								        var token = await base.GenerateUserTokenAsync(user, TokenOptions.DefaultEmailProvider,
 								            "otp:" + user.Email);
 								        await _mailService.SendOTPEmailAsync(user.Email, token);
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												Trusted Device Encryption feature (#3151)

* [PM-1203] feat: allow verification for all passwordless accounts (#3038)

* [PM-1033] Org invite user creation flow 1 (#3028)

* [PM-1033] feat: remove user verification from password enrollment

* [PM-1033] feat: auto accept invitation when enrolling into password reset

* [PM-1033] fix: controller tests

* [PM-1033] refactor: `UpdateUserResetPasswordEnrollmentCommand`

* [PM-1033] refactor(wip): make `AcceptUserCommand`

* Revert "[PM-1033] refactor(wip): make `AcceptUserCommand`"

This reverts commit dc1319e7fa70c4844bbc70e0b01089b682ac2843.

* Revert "[PM-1033] refactor: `UpdateUserResetPasswordEnrollmentCommand`"

This reverts commit 43df689c7f244af4f7ffec1f9768a72081a624c3.

* [PM-1033] refactor: move invite accept to controller

This avoids creating yet another method that depends on having `IUserService` passed in as a parameter

* [PM-1033] fix: add missing changes

* [PM-1381] Add Trusted Device Keys to Auth Response (#3066)

* Return Keys for Trusted Device

- Check whether the current logging in device is trusted
- Return their keys on successful login

* Formatting

* Address PR Feedback

* Add Remarks Comment

* [PM-1338] `AuthRequest` Event Logs (#3046)

* Update AuthRequestController

- Only allow AdminApproval Requests to be created from authed endpoint
- Add endpoint that has authentication to be able to create admin approval

* Add PasswordlessAuthSettings

- Add settings for customizing expiration times

* Add new EventTypes

* Add Logic for AdminApproval Type

- Add logic for validating AdminApproval expiration
- Add event logging for Approval/Disapproval of AdminApproval
- Add logic for creating AdminApproval types

* Add Test Helpers

- Change BitAutoData to allow you to use string representations of common types.

* Add/Update AuthRequestService Tests

* Run Formatting

* Switch to 7 Days

* Add Test Covering ResponseDate Being Set

* Address PR Feedback

- Create helper for checking if date is expired
- Move validation logic into smaller methods

* Switch to User Event Type

- Make RequestDeviceApproval user type
- User types will log for each org user is in

* [PM-2998] Move Approving Device Check (#3101)

* Move Check for Approving Devices

- Exclude currently logging in device
- Remove old way of checking
- Add tests asserting behavior

* Update DeviceType list

* Update Naming & Address PR Feedback

* Fix Tests

* Address PR Feedback

* Formatting

* Now Fully Update Naming?

* Feature/auth/pm 2759/add can reset password to user decryption options (#3113)

* PM-2759 - BaseRequestValidator.cs - CreateUserDecryptionOptionsAsync - Add new hasManageResetPasswordPermission for post SSO redirect logic required on client.

* PM-2759 - Update IdentityServerSsoTests.cs to all pass based on the addition of HasManageResetPasswordPermission to TrustedDeviceUserDecryptionOption

* IdentityServerSsoTests.cs - fix typo in test name:  LoggingApproval --> LoginApproval

* PM1259 - Add test case for verifying that TrustedDeviceOption.hasManageResetPasswordPermission is set properly based on user permission

* dotnet format run

* Feature/auth/pm 2759/add can reset password to user decryption options fix jit users (#3120)

* PM-2759 - IdentityServer - CreateUserDecryptionOptionsAsync - hasManageResetPasswordPermission set logic was broken for JIT provisioned users as I assumed we would always have a list of at least 1 org during the SSO process. Added TODO for future test addition but getting this out there now as QA is blocked by being unable to create JIT provisioned users.

* dotnet format

* Tiny tweak

* [PM-1339] Allow Rotating Device Keys (#3096)

* Allow Rotation of Trusted Device Keys

- Add endpoint for getting keys relating to rotation
- Add endpoint for rotating your current device
- In the same endpoint allow a list of other devices to rotate

* Formatting

* Use Extension Method

* Add Tests from PR

Co-authored-by: Jared Snider <jsnider@bitwarden.com>

---------

Co-authored-by: Jared Snider <jsnider@bitwarden.com>

* Check the user directly if they have the ResetPasswordKey (#3153)

* PM-3327 - UpdateKeyAsync must exempt the currently calling device from the logout notification in order to prevent prematurely logging the user out before the client side key rotation process can complete. The calling device will log itself out once it is done. (#3170)

* Allow OTP Requests When Users Are On TDE (#3184)

* [PM-3356][PM-3292] Allow OTP For All (#3188)

* Allow OTP For All

- On a trusted device isn't a good check because a user might be using a trusted device locally but not trusted it long term
- The logic wasn't working for KC users anyways

* Remove Old Comment

* [AC-1601] Added RequireSso policy as a dependency of TDE (#3209)

* Added RequireSso policy as a dependency of TDE.

* Added test for RequireSso for TDE.

* Added save.

* Fixed policy name.

---------

Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
Co-authored-by: Vincent Salucci <vincesalucci21@gmail.com>
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
Co-authored-by: Jared Snider <jsnider@bitwarden.com>
											
										
										
											2023-08-17 16:03:06 -04:00
+								    public async Task<bool> VerifyOTPAsync(User user, string token)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												Trusted Device Encryption feature (#3151)

* [PM-1203] feat: allow verification for all passwordless accounts (#3038)

* [PM-1033] Org invite user creation flow 1 (#3028)

* [PM-1033] feat: remove user verification from password enrollment

* [PM-1033] feat: auto accept invitation when enrolling into password reset

* [PM-1033] fix: controller tests

* [PM-1033] refactor: `UpdateUserResetPasswordEnrollmentCommand`

* [PM-1033] refactor(wip): make `AcceptUserCommand`

* Revert "[PM-1033] refactor(wip): make `AcceptUserCommand`"

This reverts commit dc1319e7fa70c4844bbc70e0b01089b682ac2843.

* Revert "[PM-1033] refactor: `UpdateUserResetPasswordEnrollmentCommand`"

This reverts commit 43df689c7f244af4f7ffec1f9768a72081a624c3.

* [PM-1033] refactor: move invite accept to controller

This avoids creating yet another method that depends on having `IUserService` passed in as a parameter

* [PM-1033] fix: add missing changes

* [PM-1381] Add Trusted Device Keys to Auth Response (#3066)

* Return Keys for Trusted Device

- Check whether the current logging in device is trusted
- Return their keys on successful login

* Formatting

* Address PR Feedback

* Add Remarks Comment

* [PM-1338] `AuthRequest` Event Logs (#3046)

* Update AuthRequestController

- Only allow AdminApproval Requests to be created from authed endpoint
- Add endpoint that has authentication to be able to create admin approval

* Add PasswordlessAuthSettings

- Add settings for customizing expiration times

* Add new EventTypes

* Add Logic for AdminApproval Type

- Add logic for validating AdminApproval expiration
- Add event logging for Approval/Disapproval of AdminApproval
- Add logic for creating AdminApproval types

* Add Test Helpers

- Change BitAutoData to allow you to use string representations of common types.

* Add/Update AuthRequestService Tests

* Run Formatting

* Switch to 7 Days

* Add Test Covering ResponseDate Being Set

* Address PR Feedback

- Create helper for checking if date is expired
- Move validation logic into smaller methods

* Switch to User Event Type

- Make RequestDeviceApproval user type
- User types will log for each org user is in

* [PM-2998] Move Approving Device Check (#3101)

* Move Check for Approving Devices

- Exclude currently logging in device
- Remove old way of checking
- Add tests asserting behavior

* Update DeviceType list

* Update Naming & Address PR Feedback

* Fix Tests

* Address PR Feedback

* Formatting

* Now Fully Update Naming?

* Feature/auth/pm 2759/add can reset password to user decryption options (#3113)

* PM-2759 - BaseRequestValidator.cs - CreateUserDecryptionOptionsAsync - Add new hasManageResetPasswordPermission for post SSO redirect logic required on client.

* PM-2759 - Update IdentityServerSsoTests.cs to all pass based on the addition of HasManageResetPasswordPermission to TrustedDeviceUserDecryptionOption

* IdentityServerSsoTests.cs - fix typo in test name:  LoggingApproval --> LoginApproval

* PM1259 - Add test case for verifying that TrustedDeviceOption.hasManageResetPasswordPermission is set properly based on user permission

* dotnet format run

* Feature/auth/pm 2759/add can reset password to user decryption options fix jit users (#3120)

* PM-2759 - IdentityServer - CreateUserDecryptionOptionsAsync - hasManageResetPasswordPermission set logic was broken for JIT provisioned users as I assumed we would always have a list of at least 1 org during the SSO process. Added TODO for future test addition but getting this out there now as QA is blocked by being unable to create JIT provisioned users.

* dotnet format

* Tiny tweak

* [PM-1339] Allow Rotating Device Keys (#3096)

* Allow Rotation of Trusted Device Keys

- Add endpoint for getting keys relating to rotation
- Add endpoint for rotating your current device
- In the same endpoint allow a list of other devices to rotate

* Formatting

* Use Extension Method

* Add Tests from PR

Co-authored-by: Jared Snider <jsnider@bitwarden.com>

---------

Co-authored-by: Jared Snider <jsnider@bitwarden.com>

* Check the user directly if they have the ResetPasswordKey (#3153)

* PM-3327 - UpdateKeyAsync must exempt the currently calling device from the logout notification in order to prevent prematurely logging the user out before the client side key rotation process can complete. The calling device will log itself out once it is done. (#3170)

* Allow OTP Requests When Users Are On TDE (#3184)

* [PM-3356][PM-3292] Allow OTP For All (#3188)

* Allow OTP For All

- On a trusted device isn't a good check because a user might be using a trusted device locally but not trusted it long term
- The logic wasn't working for KC users anyways

* Remove Old Comment

* [AC-1601] Added RequireSso policy as a dependency of TDE (#3209)

* Added RequireSso policy as a dependency of TDE.

* Added test for RequireSso for TDE.

* Added save.

* Fixed policy name.

---------

Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
Co-authored-by: Vincent Salucci <vincesalucci21@gmail.com>
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
Co-authored-by: Jared Snider <jsnider@bitwarden.com>
											
										
										
											2023-08-17 16:03:06 -04:00
+								        return await base.VerifyUserTokenAsync(user, TokenOptions.DefaultEmailProvider,
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								            "otp:" + user.Email, token);
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												[PM-9826] Remove validation from 2fa GET and mask sensitive data (#4526)

* remove validation from 2fa GET and mask sensitive data

* skip verification check on put email

* disable verification on send-email and reenable on put email

* validate authenticator on set instead of get

* Revert "validate authenticator on set instead of get"

This reverts commit 7bf2084531e811656c0d0b177554e3863399e8fc.

* fix tests

* fix more tests

* Narrow scope of verify bypass

* Defaulted to false on VerifySecretAsync

* fix default param value

---------

Co-authored-by: Ike Kottlowski <ikottlowski@bitwarden.com>
Co-authored-by: Todd Martin <tmartin@bitwarden.com>
											
										
										
											2024-07-22 11:21:14 -04:00
+								    public async Task<bool> VerifySecretAsync(User user, string secret, bool isSettingMFA = false)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												Trusted Device Encryption feature (#3151)

* [PM-1203] feat: allow verification for all passwordless accounts (#3038)

* [PM-1033] Org invite user creation flow 1 (#3028)

* [PM-1033] feat: remove user verification from password enrollment

* [PM-1033] feat: auto accept invitation when enrolling into password reset

* [PM-1033] fix: controller tests

* [PM-1033] refactor: `UpdateUserResetPasswordEnrollmentCommand`

* [PM-1033] refactor(wip): make `AcceptUserCommand`

* Revert "[PM-1033] refactor(wip): make `AcceptUserCommand`"

This reverts commit dc1319e7fa70c4844bbc70e0b01089b682ac2843.

* Revert "[PM-1033] refactor: `UpdateUserResetPasswordEnrollmentCommand`"

This reverts commit 43df689c7f244af4f7ffec1f9768a72081a624c3.

* [PM-1033] refactor: move invite accept to controller

This avoids creating yet another method that depends on having `IUserService` passed in as a parameter

* [PM-1033] fix: add missing changes

* [PM-1381] Add Trusted Device Keys to Auth Response (#3066)

* Return Keys for Trusted Device

- Check whether the current logging in device is trusted
- Return their keys on successful login

* Formatting

* Address PR Feedback

* Add Remarks Comment

* [PM-1338] `AuthRequest` Event Logs (#3046)

* Update AuthRequestController

- Only allow AdminApproval Requests to be created from authed endpoint
- Add endpoint that has authentication to be able to create admin approval

* Add PasswordlessAuthSettings

- Add settings for customizing expiration times

* Add new EventTypes

* Add Logic for AdminApproval Type

- Add logic for validating AdminApproval expiration
- Add event logging for Approval/Disapproval of AdminApproval
- Add logic for creating AdminApproval types

* Add Test Helpers

- Change BitAutoData to allow you to use string representations of common types.

* Add/Update AuthRequestService Tests

* Run Formatting

* Switch to 7 Days

* Add Test Covering ResponseDate Being Set

* Address PR Feedback

- Create helper for checking if date is expired
- Move validation logic into smaller methods

* Switch to User Event Type

- Make RequestDeviceApproval user type
- User types will log for each org user is in

* [PM-2998] Move Approving Device Check (#3101)

* Move Check for Approving Devices

- Exclude currently logging in device
- Remove old way of checking
- Add tests asserting behavior

* Update DeviceType list

* Update Naming & Address PR Feedback

* Fix Tests

* Address PR Feedback

* Formatting

* Now Fully Update Naming?

* Feature/auth/pm 2759/add can reset password to user decryption options (#3113)

* PM-2759 - BaseRequestValidator.cs - CreateUserDecryptionOptionsAsync - Add new hasManageResetPasswordPermission for post SSO redirect logic required on client.

* PM-2759 - Update IdentityServerSsoTests.cs to all pass based on the addition of HasManageResetPasswordPermission to TrustedDeviceUserDecryptionOption

* IdentityServerSsoTests.cs - fix typo in test name:  LoggingApproval --> LoginApproval

* PM1259 - Add test case for verifying that TrustedDeviceOption.hasManageResetPasswordPermission is set properly based on user permission

* dotnet format run

* Feature/auth/pm 2759/add can reset password to user decryption options fix jit users (#3120)

* PM-2759 - IdentityServer - CreateUserDecryptionOptionsAsync - hasManageResetPasswordPermission set logic was broken for JIT provisioned users as I assumed we would always have a list of at least 1 org during the SSO process. Added TODO for future test addition but getting this out there now as QA is blocked by being unable to create JIT provisioned users.

* dotnet format

* Tiny tweak

* [PM-1339] Allow Rotating Device Keys (#3096)

* Allow Rotation of Trusted Device Keys

- Add endpoint for getting keys relating to rotation
- Add endpoint for rotating your current device
- In the same endpoint allow a list of other devices to rotate

* Formatting

* Use Extension Method

* Add Tests from PR

Co-authored-by: Jared Snider <jsnider@bitwarden.com>

---------

Co-authored-by: Jared Snider <jsnider@bitwarden.com>

* Check the user directly if they have the ResetPasswordKey (#3153)

* PM-3327 - UpdateKeyAsync must exempt the currently calling device from the logout notification in order to prevent prematurely logging the user out before the client side key rotation process can complete. The calling device will log itself out once it is done. (#3170)

* Allow OTP Requests When Users Are On TDE (#3184)

* [PM-3356][PM-3292] Allow OTP For All (#3188)

* Allow OTP For All

- On a trusted device isn't a good check because a user might be using a trusted device locally but not trusted it long term
- The logic wasn't working for KC users anyways

* Remove Old Comment

* [AC-1601] Added RequireSso policy as a dependency of TDE (#3209)

* Added RequireSso policy as a dependency of TDE.

* Added test for RequireSso for TDE.

* Added save.

* Fixed policy name.

---------

Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
Co-authored-by: Vincent Salucci <vincesalucci21@gmail.com>
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
Co-authored-by: Jared Snider <jsnider@bitwarden.com>
											
										
										
											2023-08-17 16:03:06 -04:00
+								        bool isVerified;
 								        if (user.HasMasterPassword())
 								        {
 								            // If the user has a master password the secret is most likely going to be a hash
 								            // of their password, but in certain scenarios, like when the user has logged into their
 								            // device without a password (trusted device encryption) but the account
 								            // does still have a password we will allow the use of OTP.
 								            isVerified = await CheckPasswordAsync(user, secret) ||
 								                await VerifyOTPAsync(user, secret);
 								        }
-												[PM-9826] Remove validation from 2fa GET and mask sensitive data (#4526)

* remove validation from 2fa GET and mask sensitive data

* skip verification check on put email

* disable verification on send-email and reenable on put email

* validate authenticator on set instead of get

* Revert "validate authenticator on set instead of get"

This reverts commit 7bf2084531e811656c0d0b177554e3863399e8fc.

* fix tests

* fix more tests

* Narrow scope of verify bypass

* Defaulted to false on VerifySecretAsync

* fix default param value

---------

Co-authored-by: Ike Kottlowski <ikottlowski@bitwarden.com>
Co-authored-by: Todd Martin <tmartin@bitwarden.com>
											
										
										
											2024-07-22 11:21:14 -04:00
+								        else if (isSettingMFA)
 								        {
 								            // this is temporary to allow users to view their MFA settings without invalidating email TOTP
 								            // Will be removed with PM-9925
 								            isVerified = true;
 								        }
-												Trusted Device Encryption feature (#3151)

* [PM-1203] feat: allow verification for all passwordless accounts (#3038)

* [PM-1033] Org invite user creation flow 1 (#3028)

* [PM-1033] feat: remove user verification from password enrollment

* [PM-1033] feat: auto accept invitation when enrolling into password reset

* [PM-1033] fix: controller tests

* [PM-1033] refactor: `UpdateUserResetPasswordEnrollmentCommand`

* [PM-1033] refactor(wip): make `AcceptUserCommand`

* Revert "[PM-1033] refactor(wip): make `AcceptUserCommand`"

This reverts commit dc1319e7fa70c4844bbc70e0b01089b682ac2843.

* Revert "[PM-1033] refactor: `UpdateUserResetPasswordEnrollmentCommand`"

This reverts commit 43df689c7f244af4f7ffec1f9768a72081a624c3.

* [PM-1033] refactor: move invite accept to controller

This avoids creating yet another method that depends on having `IUserService` passed in as a parameter

* [PM-1033] fix: add missing changes

* [PM-1381] Add Trusted Device Keys to Auth Response (#3066)

* Return Keys for Trusted Device

- Check whether the current logging in device is trusted
- Return their keys on successful login

* Formatting

* Address PR Feedback

* Add Remarks Comment

* [PM-1338] `AuthRequest` Event Logs (#3046)

* Update AuthRequestController

- Only allow AdminApproval Requests to be created from authed endpoint
- Add endpoint that has authentication to be able to create admin approval

* Add PasswordlessAuthSettings

- Add settings for customizing expiration times

* Add new EventTypes

* Add Logic for AdminApproval Type

- Add logic for validating AdminApproval expiration
- Add event logging for Approval/Disapproval of AdminApproval
- Add logic for creating AdminApproval types

* Add Test Helpers

- Change BitAutoData to allow you to use string representations of common types.

* Add/Update AuthRequestService Tests

* Run Formatting

* Switch to 7 Days

* Add Test Covering ResponseDate Being Set

* Address PR Feedback

- Create helper for checking if date is expired
- Move validation logic into smaller methods

* Switch to User Event Type

- Make RequestDeviceApproval user type
- User types will log for each org user is in

* [PM-2998] Move Approving Device Check (#3101)

* Move Check for Approving Devices

- Exclude currently logging in device
- Remove old way of checking
- Add tests asserting behavior

* Update DeviceType list

* Update Naming & Address PR Feedback

* Fix Tests

* Address PR Feedback

* Formatting

* Now Fully Update Naming?

* Feature/auth/pm 2759/add can reset password to user decryption options (#3113)

* PM-2759 - BaseRequestValidator.cs - CreateUserDecryptionOptionsAsync - Add new hasManageResetPasswordPermission for post SSO redirect logic required on client.

* PM-2759 - Update IdentityServerSsoTests.cs to all pass based on the addition of HasManageResetPasswordPermission to TrustedDeviceUserDecryptionOption

* IdentityServerSsoTests.cs - fix typo in test name:  LoggingApproval --> LoginApproval

* PM1259 - Add test case for verifying that TrustedDeviceOption.hasManageResetPasswordPermission is set properly based on user permission

* dotnet format run

* Feature/auth/pm 2759/add can reset password to user decryption options fix jit users (#3120)

* PM-2759 - IdentityServer - CreateUserDecryptionOptionsAsync - hasManageResetPasswordPermission set logic was broken for JIT provisioned users as I assumed we would always have a list of at least 1 org during the SSO process. Added TODO for future test addition but getting this out there now as QA is blocked by being unable to create JIT provisioned users.

* dotnet format

* Tiny tweak

* [PM-1339] Allow Rotating Device Keys (#3096)

* Allow Rotation of Trusted Device Keys

- Add endpoint for getting keys relating to rotation
- Add endpoint for rotating your current device
- In the same endpoint allow a list of other devices to rotate

* Formatting

* Use Extension Method

* Add Tests from PR

Co-authored-by: Jared Snider <jsnider@bitwarden.com>

---------

Co-authored-by: Jared Snider <jsnider@bitwarden.com>

* Check the user directly if they have the ResetPasswordKey (#3153)

* PM-3327 - UpdateKeyAsync must exempt the currently calling device from the logout notification in order to prevent prematurely logging the user out before the client side key rotation process can complete. The calling device will log itself out once it is done. (#3170)

* Allow OTP Requests When Users Are On TDE (#3184)

* [PM-3356][PM-3292] Allow OTP For All (#3188)

* Allow OTP For All

- On a trusted device isn't a good check because a user might be using a trusted device locally but not trusted it long term
- The logic wasn't working for KC users anyways

* Remove Old Comment

* [AC-1601] Added RequireSso policy as a dependency of TDE (#3209)

* Added RequireSso policy as a dependency of TDE.

* Added test for RequireSso for TDE.

* Added save.

* Fixed policy name.

---------

Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
Co-authored-by: Vincent Salucci <vincesalucci21@gmail.com>
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
Co-authored-by: Jared Snider <jsnider@bitwarden.com>
											
										
										
											2023-08-17 16:03:06 -04:00
+								        else
 								        {
 								            // If they don't have a password at all they can only do OTP
 								            isVerified = await VerifyOTPAsync(user, secret);
 								        }
 								        return isVerified;
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												AC 2266 two email notifications is sent when creating org from sm trial (#3878)

* remove the unwanted test

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Fix the double email issue

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Resolve the bug issue

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* change the category name

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* move private  down the class

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* move the private method down the class file

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Add the RegisterUser Test

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* modify the test

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* remove the failing test

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* revert the test

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* add the email method

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* revert changes on the UserServiceTests.cs

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

---------

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
											
										
										
											2024-03-11 14:36:32 +01:00
-												[PM-12512] Add Endpoint to allow users to request a new device otp (#5146)

feat(NewDeviceVerification): Added a resend new device OTP endpoint and method for the IUserService as well as wrote test for new methods for the user service.
											
										
										
											2024-12-16 07:57:56 -08:00
+								    public async Task ResendNewDeviceVerificationEmail(string email, string secret)
 								    {
 								        var user = await _userRepository.GetByEmailAsync(email);
 								        if (user == null)
 								        {
 								            return;
 								        }
 								        if (await VerifySecretAsync(user, secret))
 								        {
 								            await SendOTPAsync(user);
 								        }
 								    }
-												[PM-12995] Create UI elements for New Device Verification in Admin Portal (#5165)

* feat(NewDeviceVerification) :
- Added constant to constants in Bit.Core because the cache key format needs to be shared between the Identity Server and the MVC project Admin.
- Updated DeviceValidator class to handle checking cache for user information to allow pass through.
- Updated and Added tests to handle new flow.
- Adding exception flow to admin project. Added tests for new methods in UserService.
											
										
										
											2025-01-09 18:10:54 -08:00
+								    public async Task<bool> ActiveNewDeviceVerificationException(Guid userId)
 								    {
 								        var cacheKey = string.Format(AuthConstants.NewDeviceVerificationExceptionCacheKeyFormat, userId.ToString());
 								        var cacheValue = await _distributedCache.GetAsync(cacheKey);
 								        return cacheValue != null;
 								    }
 								    public async Task ToggleNewDeviceVerificationException(Guid userId)
 								    {
 								        var cacheKey = string.Format(AuthConstants.NewDeviceVerificationExceptionCacheKeyFormat, userId.ToString());
 								        var cacheValue = await _distributedCache.GetAsync(cacheKey);
 								        if (cacheValue != null)
 								        {
 								            await _distributedCache.RemoveAsync(cacheKey);
 								        }
 								        else
 								        {
 								            await _distributedCache.SetAsync(cacheKey, new byte[1], new DistributedCacheEntryOptions
 								            {
 								                AbsoluteExpirationRelativeToNow = TimeSpan.FromHours(24)
 								            });
 								        }
 								    }
-												AC 2266 two email notifications is sent when creating org from sm trial (#3878)

* remove the unwanted test

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Fix the double email issue

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Resolve the bug issue

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* change the category name

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* move private  down the class

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* move the private method down the class file

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Add the RegisterUser Test

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* modify the test

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* remove the failing test

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* revert the test

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* add the email method

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* revert changes on the UserServiceTests.cs

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

---------

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
											
										
										
											2024-03-11 14:36:32 +01:00
+								    private async Task SendAppropriateWelcomeEmailAsync(User user, string initiationPath)
 								    {
 								        var isFromMarketingWebsite = initiationPath.Contains("Secrets Manager trial");
 								        if (isFromMarketingWebsite)
 								        {
 								            await _mailService.SendTrialInitiationEmailAsync(user.Email);
 								        }
 								        else
 								        {
 								            await _mailService.SendWelcomeEmailAsync(user);
 								        }
 								    }
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								}