Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PM-11404] Account Management: Prevent a verified user from purging their vault #4853

Merged
merged 11 commits into from
Oct 17, 2024
Merged

[PM-11404] Account Management: Prevent a verified user from purging their vault #4853

merged 11 commits into from
Oct 17, 2024
+269 −76

Conversation

r-tome
Copy link
Contributor

@r-tome r-tome commented Oct 4, 2024
edited
Loading

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-11404

📔 Objective

If the Account Deprovisioning feature flag is enabled then prevent organization managed users from purging their vault.

Clients PR: bitwarden/clients#11411

⏰ Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Protected functional changes with optionality (feature flags)
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • ❓ (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

@codecov Codecov
Copy link

codecov bot commented Oct 4, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 53.84615% with 18 lines in your changes missing coverage. Please review.

Project coverage is 41.75%. Comparing base (da04218) to head (684f7d5).
Report is 3 commits behind head on main.

Files with missing lines Patch % Lines
src/Api/Auth/Controllers/AccountsController.cs 33.33% 8 Missing ⚠️
src/Api/Vault/Controllers/CiphersController.cs 0.00% 4 Missing ⚠️
...dminConsole/Controllers/OrganizationsController.cs 0.00% 3 Missing ⚠️
src/Api/Models/Response/ProfileResponseModel.cs 50.00% 0 Missing and 1 partial ⚠️
...dminConsole/Repositories/OrganizationRepository.cs 0.00% 1 Missing ⚠️
...dminConsole/Repositories/OrganizationRepository.cs 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #4853   +/-   ##
=======================================
  Coverage   41.75%   41.75%           
=======================================
  Files        1363     1363           
  Lines       63914    63915    +1     
  Branches     5857     5853    -4     
=======================================
+ Hits        26685    26686    +1     
- Misses      36024    36026    +2     
+ Partials     1205     1203    -2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 4, 2024
edited
Loading

Logo
Checkmarx One – Scan Summary & Details0c35bf6c-73e5-4c66-9e0d-aee075f8c0d1

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Passwords And Secrets - Generic Password /test-database.yml: 189 Query to find passwords and secrets in infrastructure code.
HIGH Passwords And Secrets - Generic Password /test-database.yml: 182 Query to find passwords and secrets in infrastructure code.
HIGH Passwords And Secrets - Generic Password /test-database.yml: 185 Query to find passwords and secrets in infrastructure code.
HIGH Passwords And Secrets - Generic Password /test-database.yml: 111 Query to find passwords and secrets in infrastructure code.
HIGH Passwords And Secrets - Generic Password /test-database.yml: 105 Query to find passwords and secrets in infrastructure code.
HIGH Passwords And Secrets - Generic Password /test-database.yml: 80 Query to find passwords and secrets in infrastructure code.
HIGH Passwords And Secrets - Generic Password /test-database.yml: 69 Query to find passwords and secrets in infrastructure code.
HIGH Passwords And Secrets - Generic Password /test-database.yml: 92 Query to find passwords and secrets in infrastructure code.
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile-k8s: 8 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 1 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 1 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 1 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 7 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile-k8s: 8 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 7 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 247 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 238 Attack Vector
MEDIUM Image Version Using 'latest' /Dockerfile: 1 When building images, always tag them with useful tags which codify version information, intended destination (prod or test, for instance), stabili...
MEDIUM Privacy_Violation /src/Api/Vault/Models/Request/CipherRequestModel.cs: 169 Attack Vector
MEDIUM Privacy_Violation /src/Api/Vault/Models/Request/CipherRequestModel.cs: 198 Attack Vector
MEDIUM SSL_Verification_Bypass /src/Api/Auth/Models/Request/OrganizationSsoRequestModel.cs: 146 Attack Vector
MEDIUM SSL_Verification_Bypass /bitwarden_license/src/Sso/Utilities/DynamicAuthenticationSchemeProvider.cs: 405 Attack Vector
MEDIUM SSL_Verification_Bypass /src/Core/Utilities/CoreHelpers.cs: 140 Attack Vector
MEDIUM SSL_Verification_Bypass /src/Core/Utilities/CoreHelpers.cs: 105 Attack Vector
MEDIUM SSL_Verification_Bypass /src/Core/Utilities/CoreHelpers.cs: 93 Attack Vector
MEDIUM SSL_Verification_Bypass /src/Core/Utilities/CoreHelpers.cs: 115 Attack Vector
MEDIUM Unpinned Actions Full Length Commit SHA /release.yml: 63 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /build.yml: 548 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /build.yml: 515 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /repository-management.yml: 104 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /repository-management.yml: 111 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /build.yml: 207 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /release.yml: 44 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /_move_finalization_db_scripts.yml: 103 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /_move_finalization_db_scripts.yml: 27 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /cleanup-rc-branch.yml: 21 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /build.yml: 631 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /repository-management.yml: 119 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /build.yml: 582 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /repository-management.yml: 60 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
LOW Healthcheck Instruction Missing /Dockerfile: 1 Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
LOW Healthcheck Instruction Missing /Dockerfile: 1 Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
LOW Healthcheck Instruction Missing /Dockerfile: 1 Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
LOW Log_Forging /src/Notifications/Controllers/SendController.cs: 27 Attack Vector
LOW Log_Forging /src/Api/Vault/Controllers/CiphersController.cs: 217 Attack Vector
LOW Log_Forging /bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: 98 Attack Vector
LOW Multiple RUN, ADD, COPY, Instructions Listed /Dockerfile: 13 Multiple commands (RUN, COPY, ADD) should be grouped in order to reduce the number of layers.
LOW Multiple RUN, ADD, COPY, Instructions Listed /Dockerfile-k8s: 17 Multiple commands (RUN, COPY, ADD) should be grouped in order to reduce the number of layers.
LOW Multiple RUN, ADD, COPY, Instructions Listed /Dockerfile: 11 Multiple commands (RUN, COPY, ADD) should be grouped in order to reduce the number of layers.
LOW Open_Redirect /bitwarden_license/src/Sso/Controllers/AccountController.cs: 167 Attack Vector
LOW Open_Redirect /src/Admin/Controllers/ToolsController.cs: 490 Attack Vector
LOW Unpinned Actions Full Length Commit SHA /repository-management.yml: 111 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
LOW Unpinned Actions Full Length Commit SHA /build.yml: 631 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
LOW Unpinned Actions Full Length Commit SHA /repository-management.yml: 60 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
LOW Unpinned Actions Full Length Commit SHA /repository-management.yml: 119 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
LOW Unpinned Actions Full Length Commit SHA /build.yml: 515 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
LOW Unpinned Actions Full Length Commit SHA /build.yml: 582 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
LOW Unpinned Actions Full Length Commit SHA /repository-management.yml: 104 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
LOW Unpinned Actions Full Length Commit SHA /build.yml: 548 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...

Fixed Issues

Severity Issue Source File / Package
MEDIUM CSRF /src/Api/Billing/Controllers/OrganizationsController.cs: 49
MEDIUM CSRF /src/Billing/Controllers/RecoveryController.cs: 38
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 121
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 107
MEDIUM CSRF /src/Api/AdminConsole/Controllers/PoliciesController.cs: 78
MEDIUM CSRF /src/Api/AdminConsole/Controllers/PoliciesController.cs: 61
MEDIUM CSRF /src/Billing/Controllers/StripeController.cs: 164
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/MembersController.cs: 96
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 227
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 662
MEDIUM CSRF /src/Api/AdminConsole/Controllers/PoliciesController.cs: 78
MEDIUM CSRF /src/Api/AdminConsole/Controllers/PoliciesController.cs: 61
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/PoliciesController.cs: 46
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/PoliciesController.cs: 66
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 107
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 121
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 929
MEDIUM CSRF /src/Api/SecretsManager/Controllers/SecretsTrashController.cs: 32
MEDIUM CSRF /src/Api/SecretsManager/Controllers/SecretsController.cs: 79
MEDIUM CSRF /src/Api/SecretsManager/Controllers/SecretsController.cs: 128
LOW Heap_Inspection /src/Core/Vault/Services/Implementations/LocalAttachmentStorageService.cs: 34
LOW Log_Forging /src/Billing/Controllers/RecoveryController.cs: 38
LOW Log_Forging /src/Billing/Controllers/RecoveryController.cs: 38
LOW Log_Forging /src/Billing/Controllers/RecoveryController.cs: 38
LOW Log_Forging /src/Billing/Controllers/RecoveryController.cs: 38
LOW Log_Forging /src/Api/AdminConsole/Controllers/ProvidersController.cs: 72
LOW Log_Forging /src/Api/AdminConsole/Controllers/ProvidersController.cs: 72
LOW Log_Forging /src/Billing/Controllers/RecoveryController.cs: 38
LOW Log_Forging /src/Billing/Controllers/StripeController.cs: 164
LOW Log_Forging /src/Billing/Controllers/RecoveryController.cs: 38
LOW Log_Forging /src/Billing/Controllers/StripeController.cs: 164
LOW Log_Forging /src/Billing/Controllers/RecoveryController.cs: 38
LOW Log_Forging /src/Billing/Controllers/RecoveryController.cs: 38
LOW Log_Forging /src/Billing/Controllers/RecoveryController.cs: 38
LOW Log_Forging /src/Billing/Controllers/RecoveryController.cs: 38
LOW Log_Forging /src/Billing/Controllers/RecoveryController.cs: 38
LOW Log_Forging /src/Identity/Billing/Controller/AccountsController.cs: 23
LOW Log_Forging /src/Billing/Controllers/RecoveryController.cs: 38
LOW Log_Forging /src/Billing/Controllers/RecoveryController.cs: 38
LOW Log_Forging /src/Billing/Controllers/RecoveryController.cs: 38
LOW Log_Forging /src/Billing/Controllers/RecoveryController.cs: 38
LOW Log_Forging /src/Billing/Controllers/RecoveryController.cs: 38
LOW Log_Forging /src/Billing/Controllers/StripeController.cs: 164
LOW Log_Forging /src/Billing/Controllers/RecoveryController.cs: 38
LOW Log_Forging /src/Billing/Controllers/StripeController.cs: 164
LOW Log_Forging /src/Billing/Controllers/RecoveryController.cs: 38
LOW Log_Forging /src/Billing/Controllers/RecoveryController.cs: 38
LOW Log_Forging /src/Billing/Controllers/RecoveryController.cs: 38
LOW Log_Forging /src/Billing/Controllers/RecoveryController.cs: 38
LOW Log_Forging /src/Billing/Controllers/RecoveryController.cs: 38
LOW Log_Forging /src/Billing/Controllers/RecoveryController.cs: 38
LOW Log_Forging /src/Api/Billing/Controllers/ProviderBillingController.cs: 52

@r-tome r-tome marked this pull request as ready for review October 7, 2024 09:37
@r-tome r-tome requested a review from a team as a code owner October 7, 2024 09:37
@r-tome
Rename IOrganizationRepository.GetByClaimedUserDomainAsync to GetByVe…
fdb4a2c 
…rifiedUserEmailDomainAsync and refactor to return a list. Remove ManagedByOrganizationId from ProfileResponseMode. Add ManagesActiveUser to ProfileOrganizationResponseModel
@r-tome r-tome requested review from a team as code owners October 8, 2024 17:45
JaredSnider-Bitwarden
JaredSnider-Bitwarden previously approved these changes Oct 8, 2024
View reviewed changes
Copy link
Contributor

@JaredSnider-Bitwarden JaredSnider-Bitwarden left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auth changes LGTM!

@rr-bw rr-bw removed their request for review October 8, 2024 19:00
eliykat
eliykat requested changes Oct 9, 2024
View reviewed changes
Copy link
Member

@eliykat eliykat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have a couple of comments based on our recent discussions, but I'll still defer to @jrmccannon for the full review.

src/Core/Services/Implementations/UserService.cs Outdated
@@ -31,6 +31,8 @@
using File = System.IO.File;
using JsonSerializer = System.Text.Json.JsonSerializer;

#nullable enable
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please don't enable nullable unless you've reviewed the code to make sure its null handling is correct. In this case, you've enabled it on this entire class, but if you look at it in the Github diff, there are null warnings everywhere because the existing code doesn't handle nullable types properly.

You should enable it just for your new methods by putting #nullable enable immediately before the block of new code, and then #nullable disable immediately after. Then double check the Github diff to find and fix any null warnings.

Same for any other files here.

src/Api/AdminConsole/Models/Response/ProfileOrganizationResponseModel.cs Outdated
/// The organization must be enabled and able to have verified domains.
/// This property is null if the Account Deprovisioning feature flag is disabled.
/// </remarks>
public bool? ManagesActiveUser { get; set; }
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think "active" is confusing here. This class doesn't have any concept of whether the user it relates to is "active" in the client-side state or not.

This class (and Organization.cs on the client-side) already relates to a specific user - it has a UserId and an OrganizationUserId. So there is no need to qualify who the user is - it's not necessarily the "active" user, it's the user that matches the UserId in this class.

I suggest taking the "active" wording out of this. Maybe UserIsManagedByOrganization?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is fair, I'll rename it to UserIsManagedByOrganization, thanks for suggesting it.
I named it "active" because when we return this object its always in relation to the active user. You're right that it doesn't have to be though.

@r-tome r-tome requested a review from eliykat October 9, 2024 15:27
eliykat
eliykat reviewed Oct 10, 2024
View reviewed changes
Copy link
Member

@eliykat eliykat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My feedback has been resolved, thanks!

eliykat
eliykat previously approved these changes Oct 10, 2024
View reviewed changes
@eliykat eliykat dismissed their stale review October 10, 2024 00:12

Not a complete review

@r-tome r-tome mentioned this pull request Oct 10, 2024
Merged
jrmccannon
jrmccannon previously approved these changes Oct 10, 2024
View reviewed changes
Copy link
Contributor

@jrmccannon jrmccannon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall, I don't see any problems with this and it is consistent with the rest of the code base. I did have one ⛏️, but its a non-blocking change.

src/Core/Services/Implementations/UserService.cs Outdated Show resolved Hide resolved
jrmccannon
jrmccannon previously approved these changes Oct 10, 2024
View reviewed changes
@r-tome
Refactor IUserService methods GetOrganizationsManagingUserAsync and I…
ee24a91 
…sManagedByAnyOrganizationAsync to not return nullable objects. Update ProfileOrganizationResponseModel.UserIsManagedByOrganization to not be nullable
@r-tome r-tome changed the title [PM-11404] Account Deprovisioning: Prevent a verified user from purging their vault [PM-11404] Account Management: Prevent a verified user from purging their vault Oct 11, 2024
eliykat
eliykat previously approved these changes Oct 14, 2024
View reviewed changes
gbubemismith
gbubemismith previously approved these changes Oct 15, 2024
View reviewed changes
Copy link
Member

@gbubemismith gbubemismith left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Vault changes look good

@r-tome r-tome merged commit d6cd73c into main Oct 17, 2024
103 checks passed
@r-tome r-tome deleted the ac/pm-11404/prevent-a-verified-user-from-purging-their-vault branch October 17, 2024 15:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jrmccannon jrmccannon jrmccannon approved these changes

@gbubemismith gbubemismith gbubemismith approved these changes

@JaredSnider-Bitwarden JaredSnider-Bitwarden JaredSnider-Bitwarden approved these changes

@cturnbull-bitwarden cturnbull-bitwarden cturnbull-bitwarden approved these changes

@eliykat eliykat eliykat left review comments

@cd-bitwarden cd-bitwarden Awaiting requested review from cd-bitwarden cd-bitwarden is a code owner automatically assigned from bitwarden/team-vault-dev

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@r-tome @jrmccannon @gbubemismith @eliykat @JaredSnider-Bitwarden @cturnbull-bitwarden