Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth/pm 2996/add auth request data to devices response model #5152

Open
wants to merge 19 commits into
base: main
Choose a base branch
from
Open

Auth/pm 2996/add auth request data to devices response model #5152

wants to merge 19 commits into from
+541 −22

Conversation

Patrick-Pimentel-Bitwarden
Copy link

@Patrick-Pimentel-Bitwarden Patrick-Pimentel-Bitwarden commented Dec 16, 2024
edited
Loading

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-2996

📔 Objective

This pr adds two new fields to the get devices response endpoint. Now we respond back with the pending auth requests that match a certain criteria when retrieving devices

📸 Screenshots

old_response.mov
new_response.mov

⏰ Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Protected functional changes with optionality (feature flags)
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • ❓ (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

@codecov Codecov
Copy link

codecov bot commented Dec 16, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 26.21359% with 76 lines in your changes missing coverage. Please review.

Project coverage is 43.35%. Comparing base (a3da5b2) to head (c5d8b4c).
Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
...ries/Queries/DeviceWithPendingAuthByUserIdQuery.cs 0.00% 28 Missing ⚠️
...els/Api/Response/DeviceAuthRequestResponseModel.cs 44.68% 24 Missing and 2 partials ⚠️
...astructure.Dapper/Repositories/DeviceRepository.cs 0.00% 13 Missing ⚠️
...e.EntityFramework/Repositories/DeviceRepository.cs 0.00% 7 Missing ⚠️
...c/Infrastructure.Dapper/Repositories/Repository.cs 0.00% 2 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #5152   +/-   ##
=======================================
  Coverage   43.35%   43.35%           
=======================================
  Files        1456     1458    +2     
  Lines       66468    66566   +98     
  Branches     6078     6081    +3     
=======================================
+ Hits        28817    28861   +44     
- Misses      36360    36412   +52     
- Partials     1291     1293    +2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Dec 16, 2024
edited
Loading

Logo
Checkmarx One – Scan Summary & Details83d71dc4-aa1c-469d-836e-44f5199de5a4

New Issues

Severity Issue Source File / Package Checkmarx Insight
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 967 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 381 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/EmergencyAccessController.cs: 159 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 922 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 261 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/TwoFactorController.cs: 108 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/TwoFactorController.cs: 406 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 639 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 749 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 163 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 310 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 236 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 899 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 482 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 356 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 503 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 535 Attack Vector
MEDIUM CSRF /src/Api/Controllers/SettingsController.cs: 36 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 483 Attack Vector
MEDIUM CSRF /src/Api/Controllers/DevicesController.cs: 76 Attack Vector
MEDIUM Privacy_Violation /src/Core/NotificationHub/NotificationHubPushNotificationService.cs: 195 Attack Vector
LOW Log_Forging /src/Api/Auth/Controllers/AccountsController.cs: 967 Attack Vector
LOW Log_Forging /src/Api/Auth/Controllers/AuthRequestsController.cs: 87 Attack Vector
LOW Log_Forging /src/Api/Auth/Controllers/AuthRequestsController.cs: 75 Attack Vector
LOW Log_Forging /src/Api/Auth/Controllers/TwoFactorController.cs: 406 Attack Vector
LOW Missing_CSP_Header /src/Core/MailTemplates/Handlebars/AdminConsole/DomainClaimedByOrganization.html.hbs: 5 Attack Vector

Fixed Issues

Severity Issue Source File / Package
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 967
MEDIUM CSRF /src/Api/AdminConsole/Controllers/PoliciesController.cs: 70
MEDIUM CSRF /src/Api/NotificationCenter/Controllers/NotificationsController.cs: 67
MEDIUM CSRF /src/Api/NotificationCenter/Controllers/NotificationsController.cs: 61
MEDIUM CSRF /src/Billing/Controllers/RecoveryController.cs: 38
MEDIUM CSRF /src/Api/Billing/Controllers/OrganizationsController.cs: 52
MEDIUM CSRF /src/Api/Auth/Controllers/TwoFactorController.cs: 108
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 922
MEDIUM CSRF /src/Billing/Controllers/StripeController.cs: 164
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 639
MEDIUM CSRF /src/Api/Controllers/DevicesController.cs: 73
MEDIUM CSRF /src/Api/AdminConsole/Controllers/PoliciesController.cs: 91
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 470
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 236
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 261
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 356
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 482
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 899
MEDIUM CSRF /src/Api/Auth/Controllers/EmergencyAccessController.cs: 159
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 310
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 483
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 503
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 535
MEDIUM CSRF /src/Api/Controllers/SettingsController.cs: 36
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 163
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 381
MEDIUM CSRF /src/Api/Auth/Controllers/TwoFactorController.cs: 406
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 749
LOW Log_Forging /src/Billing/Controllers/RecoveryController.cs: 38
LOW Log_Forging /src/Billing/Controllers/RecoveryController.cs: 38
LOW Log_Forging /src/Api/Vault/Controllers/CiphersController.cs: 173
LOW Log_Forging /src/Identity/Controllers/AccountsController.cs: 144
LOW Log_Forging /src/Identity/Controllers/AccountsController.cs: 144
LOW Log_Forging /src/Identity/Controllers/AccountsController.cs: 144
LOW Log_Forging /src/Billing/Controllers/StripeController.cs: 164
LOW Log_Forging /src/Billing/Controllers/StripeController.cs: 164
LOW Log_Forging /src/Identity/Controllers/AccountsController.cs: 76
LOW Log_Forging /src/Identity/Controllers/AccountsController.cs: 76
LOW Log_Forging /src/Identity/Controllers/AccountsController.cs: 76

@Patrick-Pimentel-Bitwarden Patrick-Pimentel-Bitwarden force-pushed the auth/pm-2996/add-auth-request-data-to-devices-response-model branch from d29e69d to 0562f76 Compare December 16, 2024 16:42
@Patrick-Pimentel-Bitwarden Patrick-Pimentel-Bitwarden force-pushed the auth/pm-2996/add-auth-request-data-to-devices-response-model branch from 0562f76 to 647fad8 Compare December 16, 2024 17:09
@ike-kottlowski ike-kottlowski self-requested a review December 16, 2024 17:40
@Patrick-Pimentel-Bitwarden Patrick-Pimentel-Bitwarden force-pushed the auth/pm-2996/add-auth-request-data-to-devices-response-model branch from bf3949d to 98434df Compare December 19, 2024 17:24
@Patrick-Pimentel-Bitwarden
feat(device): Devices with Auth Request
97fa55a 
Migrated tests to appropriate place. Fixed up some of the comments discussed with Ike.
@Patrick-Pimentel-Bitwarden Patrick-Pimentel-Bitwarden force-pushed the auth/pm-2996/add-auth-request-data-to-devices-response-model branch from 98434df to 97fa55a Compare December 19, 2024 17:26
@Patrick-Pimentel-Bitwarden
Merge remote-tracking branch 'origin' into auth/pm-2996/add-auth-requ…
092b83c 
…est-data-to-devices-response-model
@Patrick-Pimentel-Bitwarden
feat(device): Devices with Auth Request
c5d8b4c 
Added comment to describe thought process for response model being passed through by the repository.
@Patrick-Pimentel-Bitwarden Patrick-Pimentel-Bitwarden marked this pull request as ready for review December 19, 2024 18:47
ike-kottlowski
ike-kottlowski approved these changes Dec 20, 2024
View reviewed changes
Copy link
Contributor

@ike-kottlowski ike-kottlowski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall looks good, have some non-blocking comments.

src/Core/Auth/Models/Api/Response/DeviceAuthRequestResponseModel.cs Outdated Show resolved Hide resolved
util/Migrator/DbScripts/2024-12-04_00_AddActiveDeviceWithPendighAuth.sql Outdated Show resolved Hide resolved
src/Infrastructure.Dapper/Repositories/DeviceRepository.cs Outdated Show resolved Hide resolved
test/Infrastructure.IntegrationTest/Auth/Repositories/AuthRequestRepositoryTests.cs
var adminApprovalExpiredAuthRequest = await authRequestRepository.CreateAsync(
CreateAuthRequest(user.Id, AuthRequestType.AdminApproval, CreateExpiredDate(_adminRequestExpiration)));

// An AdminApproval request that was approved before it expired but the user has been approved for too long, should be deleted.
var adminApprovedExpiredAuthRequest = await authRequestRepository.CreateAsync(
CreateAuthRequest(user.Id, AuthRequestType.AdminApproval, DateTime.UtcNow.AddDays(-6), true, CreateExpiredDate(_afterAdminApprovalExpiration)));

// An AdminApproval request that was rejected within it's allowed lifetime but has no gone past it's expiration time, should be deleted.
// An AdminApproval request that was rejected within it's allowed lifetime but has not gone past its expiration time, should be deleted.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⛏️ : *it's

test/Infrastructure.IntegrationTest/Auth/Repositories/DeviceRepositoryTests.cs
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉 : nice tests!

ike-kottlowski
ike-kottlowski reviewed Dec 20, 2024
View reviewed changes
src/Api/Controllers/DevicesController.cs
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💭 : could we move the _globalSetting to the repository since it's already there?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rkac-bw rkac-bw rkac-bw left review comments

@ike-kottlowski ike-kottlowski ike-kottlowski approved these changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Patrick-Pimentel-Bitwarden @ike-kottlowski @rkac-bw