organization status changed code changes

[cyprain-okeke]

🎟️ Tracking

📔 Objective

📸 Screenshots

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[codecov]

Codecov Report

Attention: Patch coverage is 0% with 58 lines in your changes missing coverage. Please review.

Project coverage is 43.35%. Comparing base (21fcfcd) to head (819ef74).
Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
...ationHub/NotificationHubPushNotificationService.cs	0.00%	8 Missing ⚠️
...plementations/AzureQueuePushNotificationService.cs	0.00%	8 Missing ⚠️
...tations/NotificationsApiPushNotificationService.cs	0.00%	8 Missing ⚠️
...es/Implementations/RelayPushNotificationService.cs	0.00%	8 Missing ⚠️
...ices/Implementations/SubscriptionUpdatedHandler.cs	0.00%	7 Missing ⚠️
src/Notifications/HubHelpers.cs	0.00%	6 Missing ⚠️
...ervices/Implementations/PaymentSucceededHandler.cs	0.00%	4 Missing ⚠️
...ementations/MultiServicePushNotificationService.cs	0.00%	4 Missing ⚠️
...NoopImplementations/NoopPushNotificationService.cs	0.00%	3 Missing ⚠️
src/Core/Models/PushNotification.cs	0.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5113      +/-   ##
==========================================
- Coverage   43.39%   43.35%   -0.04%     
==========================================
  Files        1456     1456              
  Lines       66412    66468      +56     
  Branches     6078     6078              
==========================================
  Hits        28817    28817              
- Misses      36304    36360      +56     
  Partials     1291     1291              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

Checkmarx One – Scan Summary & Details – d9ffe0e0-3d7f-47a7-8021-80f7a1ebfac0

New Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	CSRF	/src/Billing/Controllers/PayPalController.cs: 66	Attack Vector
	Privacy_Violation	/src/Core/NotificationHub/NotificationHubPushNotificationService.cs: 195	Attack Vector
	Privacy_Violation	/src/Api/Vault/Models/Request/CipherRequestModel.cs: 169	Attack Vector
	Privacy_Violation	/src/Api/Vault/Models/Request/CipherRequestModel.cs: 173	Attack Vector
	Privacy_Violation	/src/Core/Auth/Services/Implementations/AuthRequestService.cs: 213	Attack Vector
	Privacy_Violation	/src/Api/Vault/Models/Request/CipherRequestModel.cs: 202	Attack Vector
	Log_Forging	/src/Api/Vault/Controllers/CiphersController.cs: 220	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/AuthRequestsController.cs: 75	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/AuthRequestsController.cs: 87	Attack Vector
	Missing_CSP_Header	/src/Core/MailTemplates/Handlebars/AdminConsole/DomainClaimedByOrganization.html.hbs: 5	Attack Vector

Fixed Issues

Severity	Issue	Source File / Package
	CSRF	/src/Api/AdminConsole/Controllers/PoliciesController.cs: 70
	CSRF	/src/Api/Controllers/LicensesController.cs: 44
	CSRF	/src/Api/Billing/Controllers/OrganizationsController.cs: 52
	CSRF	/src/Billing/Controllers/RecoveryController.cs: 38
	CSRF	/src/Billing/Controllers/StripeController.cs: 164
	CSRF	/src/Admin/AdminConsole/Controllers/OrganizationsController.cs: 372
	CSRF	/src/Api/AdminConsole/Controllers/PoliciesController.cs: 91
	CSRF	/src/Api/AdminConsole/Public/Controllers/PoliciesController.cs: 46
	CSRF	/src/Api/AdminConsole/Public/Controllers/PoliciesController.cs: 65
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: 470
	Privacy_Violation	/src/Core/Auth/Services/Implementations/AuthRequestService.cs: 208
	Log_Forging	/src/Billing/Controllers/RecoveryController.cs: 38
	Log_Forging	/src/Billing/Controllers/RecoveryController.cs: 38
	Log_Forging	/src/Billing/Controllers/StripeController.cs: 164
	Log_Forging	/src/Billing/Controllers/StripeController.cs: 164

[mzieniukbw]

I don't know why exactly we expose those methods, but non-selfhosted SignalR does not implement it https://github.com/bitwarden/server/blob/main/src/Core/Services/Implementations/AzureQueuePushNotificationService.cs#L211
In most cases we implement the method for specific notification type in IPushNotificationService and all it's implementations.

[mzieniukbw]

1. We need to use SendPayloadToOrganizationAsync when sending to organization
2. Last argument needs to be false, since we don't want to exclude current device.

Suggested change

	await SendPayloadToUserAsync(organization.Id, PushType.SyncOrganizationStatusChanged, message, true);
	await SendPayloadToOrganizationAsync(organization.Id, PushType.SyncOrganizationStatusChanged, message, false);

[mzieniukbw]

We don't need the private method. It does not have any benefit.

Suggested change

	await PushOrganizationStatusAsync(organization, PushType.SyncOrganizationStatusChanged);
	}
	private async Task PushOrganizationStatusAsync(Organization organization, PushType type)
	{

[mzieniukbw]

do we need this check ? I don't think we should expect this to be null.

[mzieniukbw]

Last argument needs to be false, since we don't want to exclude current device.

Suggested change

	await SendMessageAsync(type, message, true);
	await SendMessageAsync(type, message, false);

[mzieniukbw]

We don't need the private method. It does not have any benefit.

Suggested change

	await PushOrganizationStatusAsync(organization, PushType.SyncOrganizationStatusChanged);
	}
	private async Task PushOrganizationStatusAsync(Organization organization, PushType type)
	{

[mzieniukbw]

do we need this check ? I don't think we should expect this to be null.

[mzieniukbw]

Last argument needs to be false, since we don't want to exclude current device.

Suggested change

	await SendMessageAsync(type, message, true);
	await SendMessageAsync(type, message, false);

[mzieniukbw]

Last argument needs to be false, since we don't want to exclude current device.

Suggested change

	await SendPayloadToOrganizationAsync(organization.Id, PushType.SyncOrganizationStatusChanged, message, true);
	await SendPayloadToOrganizationAsync(organization.Id, PushType.SyncOrganizationStatusChanged, message, false);

[mzieniukbw]

LGTM