Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow for bulk processing new login device requests #4064

Merged
merged 32 commits into from May 27, 2024
Merged

Allow for bulk processing new login device requests #4064

merged 32 commits into from May 27, 2024

Conversation

addisonbeck
Copy link
Contributor

@addisonbeck addisonbeck commented May 7, 2024
edited

Type of change

- [ ] Bug fix
- [x] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

To facilitate a new bulk device login request in the admin console server
logic needs to be written that can bulk approve and deny new device login
requests safely. This logic will need to accept a list of ids, keys, and
approval states and process those requests to apply the keys and approval
states.

Code changes

See the commits tab

References

  • AC-2301 is the Jira ticket for this work.
  • This PR builds on #4053, which implements the repository and
    database functionality needed to bulk update AuthRequest table records.
  • This PR is extended by #4077, which exposes an API endpoint that calls through to the UpdateManyAsync command written here.

@addisonbeck addisonbeck mentioned this pull request May 7, 2024
Merged
@codecov Codecov
Copy link

codecov bot commented May 7, 2024
edited

Codecov Report

Attention: Patch coverage is 91.15044% with 20 lines in your changes are missing coverage. Please review.

Project coverage is 39.31%. Comparing base (0d2e953) to head (5d263fa).

Files Patch % Lines
...t/OrganizationAuthRequestUpdateManyRequestModel.cs 27.27% 8 Missing ⚠️
...anizationAuth/Models/AuthRequestUpdateProcessor.cs 92.10% 0 Missing and 6 partials ⚠️
...zationAuth/UpdateOrganizationAuthRequestCommand.cs 90.00% 3 Missing and 3 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4064      +/-   ##
==========================================
+ Coverage   39.09%   39.31%   +0.22%     
==========================================
  Files        1202     1210       +8     
  Lines       58110    58335     +225     
  Branches     5349     5369      +20     
==========================================
+ Hits        22717    22934     +217     
+ Misses      34323    34321       -2     
- Partials     1070     1080      +10

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 7, 2024
edited

Logo
Checkmarx One – Scan Summary & Detailsbc206b91-8d6c-49a8-b6c3-00214176f55d

New Issues

Severity Issue Source File / Package Checkmarx Insight
MEDIUM Privacy_Violation /src/Api/Controllers/DevicesController.cs: [155](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Controllers/DevicesController.cs# L155) Attack Vector
MEDIUM Privacy_Violation /src/Api/AdminConsole/Controllers/OrganizationsController.cs: [428](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/OrganizationsController.cs# L428) Attack Vector
MEDIUM Privacy_Violation /src/Api/AdminConsole/Controllers/OrganizationsController.cs: [375](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/OrganizationsController.cs# L375) Attack Vector
LOW Log_Forging /src/Api/Vault/Controllers/CiphersController.cs: [222](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L222) Attack Vector
LOW Log_Forging /src/Api/Controllers/DevicesController.cs: [146](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Controllers/DevicesController.cs# L146) Attack Vector
LOW Log_Forging /src/Api/AdminConsole/Controllers/OrganizationsController.cs: [403](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/OrganizationsController.cs# L403) Attack Vector
LOW Log_Forging /src/Api/AdminConsole/Controllers/OrganizationsController.cs: [340](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/OrganizationsController.cs# L340) Attack Vector
LOW Missing_CSP_Header /src/Core/MailTemplates/Handlebars/InitiateDeleteOrganzation.html.hbs: [10](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Core/MailTemplates/Handlebars/InitiateDeleteOrganzation.html.hbs# L10) Attack Vector

Fixed Issues

Severity Issue Source File / Package
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [628](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L628)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [628](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L628)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [628](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L628)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [628](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L628)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProvidersController.cs: [82](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/ProvidersController.cs# L82)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [607](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L607)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [607](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L607)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [607](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L607)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [607](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L607)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: [132](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/GroupsController.cs# L132)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProvidersController.cs: [143](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/ProvidersController.cs# L143)
MEDIUM CSRF /src/Api/SecretsManager/Controllers/AccessPoliciesController.cs: [229](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/SecretsManager/Controllers/AccessPoliciesController.cs# L229)
MEDIUM CSRF /src/Admin/AdminConsole/Controllers/ProvidersController.cs: [319](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Admin/AdminConsole/Controllers/ProvidersController.cs# L319)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: [163](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/GroupsController.cs# L163)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: [163](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/GroupsController.cs# L163)
MEDIUM CSRF /src/Api/Billing/Controllers/ProviderClientsController.cs: [28](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Billing/Controllers/ProviderClientsController.cs# L28)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [205](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L205)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [348](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L348)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [348](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L348)
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: [665](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Auth/Controllers/AccountsController.cs# L665)
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: [641](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Auth/Controllers/AccountsController.cs# L641)
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: [707](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Auth/Controllers/AccountsController.cs# L707)
MEDIUM CSRF /src/Api/Vault/Controllers/FoldersController.cs: [45](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/FoldersController.cs# L45)
MEDIUM CSRF /src/Api/Controllers/SelfHosted/SelfHostedOrganizationLicensesController.cs: [51](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Controllers/SelfHosted/SelfHostedOrganizationLicensesController.cs# L51)
MEDIUM CSRF /src/Api/Controllers/UsersController.cs: [22](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Controllers/UsersController.cs# L22)
MEDIUM CSRF /src/Api/Controllers/DevicesController.cs: [70](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Controllers/DevicesController.cs# L70)
MEDIUM CSRF /src/Api/Controllers/DevicesController.cs: [57](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Controllers/DevicesController.cs# L57)
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/PoliciesController.cs: [69](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Public/Controllers/PoliciesController.cs# L69)
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/PoliciesController.cs: [49](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Public/Controllers/PoliciesController.cs# L49)
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/OrganizationController.cs: [42](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Public/Controllers/OrganizationController.cs# L42)
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/GroupsController.cs: [92](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Public/Controllers/GroupsController.cs# L92)
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/GroupsController.cs: [49](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Public/Controllers/GroupsController.cs# L49)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProviderUsersController.cs: [142](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/ProviderUsersController.cs# L142)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/PoliciesController.cs: [148](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/PoliciesController.cs# L148)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/PoliciesController.cs: [78](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/PoliciesController.cs# L78)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/PoliciesController.cs: [61](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/PoliciesController.cs# L61)
MEDIUM CSRF /bitwarden_license/src/Sso/Controllers/AccountController.cs: [163](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//bitwarden_license/src/Sso/Controllers/AccountController.cs# L163)
MEDIUM CSRF /bitwarden_license/src/Sso/Controllers/AccountController.cs: [96](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//bitwarden_license/src/Sso/Controllers/AccountController.cs# L96)
MEDIUM CSRF /bitwarden_license/src/Scim/Controllers/v2/UsersController.cs: [50](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//bitwarden_license/src/Scim/Controllers/v2/UsersController.cs# L50)
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/GroupsController.cs: [161](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Public/Controllers/GroupsController.cs# L161)
MEDIUM CSRF /src/Api/Auth/Controllers/EmergencyAccessController.cs: [159](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Auth/Controllers/EmergencyAccessController.cs# L159)
MEDIUM CSRF /bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: [98](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs# L98)
MEDIUM CSRF /bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: [88](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs# L88)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [1073](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L1073)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [1073](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L1073)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [464](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L464)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [316](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L316)
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: [541](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Auth/Controllers/AccountsController.cs# L541)
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: [428](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Auth/Controllers/AccountsController.cs# L428)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [222](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L222)
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: [303](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Controllers/CollectionsController.cs# L303)
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: [411](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Controllers/CollectionsController.cs# L411)
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: [323](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Controllers/CollectionsController.cs# L323)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [159](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L159)
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/MembersController.cs: [150](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Public/Controllers/MembersController.cs# L150)
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/MembersController.cs: [150](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Public/Controllers/MembersController.cs# L150)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [855](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L855)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProviderUsersController.cs: [188](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/ProviderUsersController.cs# L188)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [570](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L570)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: [260](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/GroupsController.cs# L260)
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: [375](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Controllers/CollectionsController.cs# L375)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [841](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L841)
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: [217](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Auth/Controllers/AccountsController.cs# L217)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [193](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L193)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProviderUsersController.cs: [175](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/ProviderUsersController.cs# L175)
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: [283](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Auth/Controllers/AccountsController.cs# L283)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [261](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L261)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [928](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L928)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [174](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L174)
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: [357](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Auth/Controllers/AccountsController.cs# L357)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [301](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L301)
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: [920](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Auth/Controllers/AccountsController.cs# L920)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [778](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L778)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [1130](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L1130)
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: [568](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Auth/Controllers/AccountsController.cs# L568)
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: [861](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Auth/Controllers/AccountsController.cs# L861)
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/GroupsController.cs: [133](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Public/Controllers/GroupsController.cs# L133)
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: [403](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Auth/Controllers/AccountsController.cs# L403)
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: [411](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Controllers/CollectionsController.cs# L411)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [1047](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L1047)
MEDIUM CSRF /src/Admin/AdminConsole/Controllers/OrganizationsController.cs: [334](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Admin/AdminConsole/Controllers/OrganizationsController.cs# L334)
MEDIUM CSRF /src/Admin/AdminConsole/Controllers/ProvidersController.cs: [243](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Admin/AdminConsole/Controllers/ProvidersController.cs# L243)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [1047](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L1047)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [816](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L816)
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: [770](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Auth/Controllers/AccountsController.cs# L770)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: [81](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/GroupsController.cs# L81)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: [118](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/GroupsController.cs# L118)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: [118](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/OrganizationsController.cs# L118)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: [315](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/OrganizationsController.cs# L315)
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/OrganizationController.cs: [42](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Public/Controllers/OrganizationController.cs# L42)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [87](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L87)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [1096](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L1096)
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: [303](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Controllers/CollectionsController.cs# L303)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [1150](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L1150)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [657](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L657)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [657](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L657)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: [315](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/OrganizationsController.cs# L315)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: [315](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/OrganizationsController.cs# L315)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [222](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L222)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [570](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L570)
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: [308](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Auth/Controllers/AccountsController.cs# L308)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [193](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L193)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [261](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L261)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: [315](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/OrganizationsController.cs# L315)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [583](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L583)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [583](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L583)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [301](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L301)
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/MembersController.cs: [187](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Public/Controllers/MembersController.cs# L187)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [752](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L752)
MEDIUM CSRF /src/Api/Auth/Controllers/TwoFactorController.cs: [403](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Auth/Controllers/TwoFactorController.cs# L403)
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: [526](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Auth/Controllers/AccountsController.cs# L526)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: [315](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/OrganizationsController.cs# L315)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [144](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L144)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [233](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L233)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [315](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L315)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [333](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L333)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProviderOrganizationsController.cs: [48](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/ProviderOrganizationsController.cs# L48)
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/OrganizationController.cs: [42](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Public/Controllers/OrganizationController.cs# L42)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [1096](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L1096)
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/OrganizationController.cs: [42](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Public/Controllers/OrganizationController.cs# L42)
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: [961](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Vault/Controllers/CiphersController.cs# L961)
MEDIUM CSRF /src/Api/Controllers/SettingsController.cs: [36](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Controllers/SettingsController.cs# L36)
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: [375](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Controllers/CollectionsController.cs# L375)
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: [277](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Controllers/GroupsController.cs# L277)
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: [515](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Auth/Controllers/AccountsController.cs# L515)
MEDIUM CSRF /src/Api/Tools/Controllers/ImportCiphersController.cs: [50](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Tools/Controllers/ImportCiphersController.cs# L50)
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/MembersController.cs: [127](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Public/Controllers/MembersController.cs# L127)
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/MembersController.cs: [59](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/AdminConsole/Public/Controllers/MembersController.cs# L59)
MEDIUM CSRF /src/Api/Public/Controllers/CollectionsController.cs: [64](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Public/Controllers/CollectionsController.cs# L64)
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: [156](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Controllers/CollectionsController.cs# L156)
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: [187](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Controllers/CollectionsController.cs# L187)
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: [196](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Api/Controllers/CollectionsController.cs# L196)
MEDIUM CSRF /src/Identity/Controllers/AccountsController.cs: [72](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Identity/Controllers/AccountsController.cs# L72)
MEDIUM CSRF /src/Identity/Controllers/AccountsController.cs: [50](https://github.com/bitwarden/server/blob/ac/addison/ac-2301/bulk-device-approval-service//src/Identity/Controllers/AccountsController.cs# L50)
MEDIUM CSRF

More results are available on AST platform

@addisonbeck addisonbeck force-pushed the ac/addison/ac-2301/bulk-device-approval-service branch 7 times, most recently from 640de72 to a1777e5 Compare May 9, 2024 11:45
@addisonbeck addisonbeck changed the base branch from main to ac/addison/ac-2301/service-bulk-device-approval-endpoint-api May 9, 2024 11:46
@addisonbeck addisonbeck force-pushed the ac/addison/ac-2301/bulk-device-approval-service branch 16 times, most recently from bc7770c to e9cb44f Compare May 10, 2024 21:08
@addisonbeck addisonbeck mentioned this pull request May 10, 2024
Merged
@addisonbeck addisonbeck force-pushed the ac/addison/ac-2301/bulk-device-approval-service branch 2 times, most recently from fc353d3 to a42b1da Compare May 10, 2024 23:53
@addisonbeck addisonbeck requested review from r-tome and eliykat and removed request for jlf0dev May 22, 2024 17:30
@addisonbeck
Copy link
Contributor Author

@eliykat @r-tome history got messed up here when the base branch changed to main, so the updates view is probably broken for you. My apologies, The changes should be all fixed up and valid, though.

eliykat
eliykat requested changes May 23, 2024
View reviewed changes
Copy link
Member

@eliykat eliykat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A bunch of smaller stuff, overall looking good!

src/Core/AdminConsole/OrganizationAuth/Models/ApprovedAuthRequestIsMissingKeyException.cs Outdated Show resolved Hide resolved
src/Core/AdminConsole/OrganizationAuth/UpdateOrganizationAuthRequestCommand.cs Outdated Show resolved Hide resolved
src/Core/AdminConsole/OrganizationAuth/UpdateOrganizationAuthRequestCommand.cs Show resolved Hide resolved
src/Core/AdminConsole/OrganizationAuth/UpdateOrganizationAuthRequestCommand.cs Outdated Show resolved Hide resolved
src/Core/AdminConsole/OrganizationAuth/UpdateOrganizationAuthRequestCommand.cs Outdated
await _eventService.LogOrganizationUserEventsAsync(
organizationUsers.Select(ou =>
{
var e = events.FirstOrDefault(e => e.AuthRequest.OrganizationId == ou.Id);
Copy link
Member

@eliykat eliykat May 23, 2024
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is a typo:

Suggested change
var e = events.FirstOrDefault(e => e.AuthRequest.OrganizationId == ou.Id);
var e = events.FirstOrDefault(e => e.AuthRequest.OrganizationUserId == ou.Id);

Is there any way tests could've picked this up?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This got caught by being more terse on 51a837a

Resolved!

src/Core/AdminConsole/OrganizationAuth/Models/AuthRequestUpdateProcessor.cs Outdated Show resolved Hide resolved
src/Core/AdminConsole/OrganizationAuth/Models/AuthRequestUpdateProcessor.cs Outdated Show resolved Hide resolved
test/Core.Test/AdminConsole/OrganizationAuth/Models/AuthRequestUpdateProcessorTests.cs Outdated Show resolved Hide resolved
test/Core.Test/AdminConsole/OrganizationAuth/UpdateOrganizationAuthRequestCommandTests.cs Show resolved Hide resolved
test/Core.Test/AdminConsole/OrganizationAuth/UpdateOrganizationAuthRequestCommandTests.cs
Comment on lines +195 to +207
// Assert that because we passed in good data we call a save
// operation and raise all events
await sutProvider.GetDependency<IAuthRequestRepository>().ReceivedWithAnyArgs().UpdateManyAsync(Arg.Any<IEnumerable<OrganizationAdminAuthRequest>>());
await sutProvider.GetDependency<IPushNotificationService>().DidNotReceiveWithAnyArgs().PushAuthRequestResponseAsync(Arg.Any<AuthRequest>());
await sutProvider.GetDependency<IMailService>().DidNotReceiveWithAnyArgs().SendTrustedDeviceAdminApprovalEmailAsync(
Arg.Any<string>(),
Arg.Any<DateTime>(),
Arg.Any<string>(),
Arg.Any<string>()
);
await sutProvider.GetDependency<IEventService>().ReceivedWithAnyArgs().LogOrganizationUserEventsAsync(
Arg.Any<IEnumerable<(OrganizationUser, EventType, DateTime?)>>()
);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please use Arg.Is to assert some basic values here - I think that asserting calls with Arg.Any is not very precise. And while the processor tests test that the callbacks are called, you want to make sure that the callback has passed on the arguments to the dependency correctly.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't really know how to do this, but appreciate the push to do it because it was fun. The test is more precise as of 51a837a.

I left the denied specific test alone, since it's really just a big test to make sure notifications don't ever get sent.

@addisonbeck addisonbeck force-pushed the ac/addison/ac-2301/bulk-device-approval-service branch from 9059960 to aa56cac Compare May 23, 2024 15:46
@addisonbeck addisonbeck force-pushed the ac/addison/ac-2301/bulk-device-approval-service branch from aa56cac to 456fdb3 Compare May 23, 2024 15:48
@addisonbeck addisonbeck force-pushed the ac/addison/ac-2301/bulk-device-approval-service branch from 996bbd1 to 44af01f Compare May 23, 2024 16:53
@addisonbeck addisonbeck force-pushed the ac/addison/ac-2301/bulk-device-approval-service branch 2 times, most recently from 2b31eb4 to 7f17510 Compare May 23, 2024 18:38
@addisonbeck addisonbeck force-pushed the ac/addison/ac-2301/bulk-device-approval-service branch from 7f17510 to cdb5a32 Compare May 23, 2024 18:58
eliykat
eliykat requested changes May 24, 2024
View reviewed changes
Copy link
Member

@eliykat eliykat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed changes to date and resolved most feedback. I can see you're still working on a couple of items.

src/Core/AdminConsole/OrganizationAuth/Models/AuthRequestUpdateProcessor.cs Outdated
var isExpired = DateTime.UtcNow >
_unprocessedAuthRequest.CreationDate
.Add(_configuration.AuthRequestExpiresAfter);
var isSpent = _unprocessedAuthRequest == null ||
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This null check is now unnecessary because it's already checked above.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Implemented as suggested on 23b60d4

@addisonbeck addisonbeck requested a review from eliykat May 25, 2024 01:29
@eliykat eliykat enabled auto-merge (squash) May 27, 2024 01:56
@eliykat eliykat merged commit 98a191a into main May 27, 2024
49 checks passed
@eliykat eliykat deleted the ac/addison/ac-2301/bulk-device-approval-service branch May 27, 2024 01:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eliykat eliykat eliykat approved these changes

@r-tome r-tome Awaiting requested review from r-tome

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@addisonbeck @eliykat @r-tome