Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth/pm 2996/add auth request data to devices response model #5152

Merged
merged 28 commits into from
Jan 7, 2025
Merged

Auth/pm 2996/add auth request data to devices response model #5152

merged 28 commits into from
Jan 7, 2025

Conversation

Patrick-Pimentel-Bitwarden
Copy link
Contributor

@Patrick-Pimentel-Bitwarden Patrick-Pimentel-Bitwarden commented Dec 16, 2024
edited
Loading

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-2996

📔 Objective

This pr adds two new fields to the get devices response endpoint. Now we respond back with the pending auth requests that match a certain criteria when retrieving devices.

A details object was used to separate the response from the controller from the data coming back from the database.

Also updated .github/workflows/test-database.yml with a more descriptive error message to assist in debugging.

📸 Screenshots

old_response.mov
new_response.mov

⏰ Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Protected functional changes with optionality (feature flags)
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • ❓ (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

@codecov Codecov
Copy link

codecov bot commented Dec 16, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 36.91275% with 94 lines in your changes missing coverage. Please review.

Project coverage is 43.85%. Comparing base (1062c6d) to head (474bdee).
Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
src/Core/Auth/Models/Data/DeviceAuthDetails.cs 28.81% 41 Missing and 1 partial ⚠️
...ries/Queries/DeviceWithPendingAuthByUserIdQuery.cs 0.00% 24 Missing ⚠️
...astructure.Dapper/Repositories/DeviceRepository.cs 0.00% 17 Missing ⚠️
...e.EntityFramework/Repositories/DeviceRepository.cs 27.27% 8 Missing ⚠️
...c/Infrastructure.Dapper/Repositories/Repository.cs 0.00% 2 Missing ⚠️
...els/Api/Response/DeviceAuthRequestResponseModel.cs 96.66% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #5152      +/-   ##
==========================================
+ Coverage   43.34%   43.85%   +0.50%     
==========================================
  Files        1458     1470      +12     
  Lines       66517    67763    +1246     
  Branches     6081     6117      +36     
==========================================
+ Hits        28835    29720     +885     
- Misses      36390    36748     +358     
- Partials     1292     1295       +3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Dec 16, 2024
edited
Loading

Logo
Checkmarx One – Scan Summary & Details0a578e05-084d-4663-9f08-ec4484c6bd77

New Issues

Severity Issue Source File / Package Checkmarx Insight
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 967 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 381 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/EmergencyAccessController.cs: 159 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 922 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 261 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 749 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/TwoFactorController.cs: 406 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 639 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/TwoFactorController.cs: 108 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 163 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 503 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 236 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 356 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 482 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 899 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 310 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 483 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 535 Attack Vector
MEDIUM CSRF /src/Api/Controllers/SettingsController.cs: 36 Attack Vector
MEDIUM CSRF /src/Api/Controllers/DevicesController.cs: 72 Attack Vector
MEDIUM Privacy_Violation /src/Core/NotificationHub/NotificationHubPushNotificationService.cs: 195 Attack Vector
MEDIUM Privacy_Violation /src/Api/Vault/Models/Request/CipherRequestModel.cs: 173 Attack Vector
MEDIUM Privacy_Violation /src/Api/Vault/Models/Request/CipherRequestModel.cs: 202 Attack Vector
LOW Log_Forging /src/Api/Auth/Controllers/AccountsController.cs: 967 Attack Vector
LOW Log_Forging /src/Api/Vault/Controllers/CiphersController.cs: 220 Attack Vector
LOW Log_Forging /src/Api/Auth/Controllers/AuthRequestsController.cs: 87 Attack Vector
LOW Log_Forging /src/Api/Auth/Controllers/AuthRequestsController.cs: 75 Attack Vector
LOW Log_Forging /src/Api/Auth/Controllers/TwoFactorController.cs: 406 Attack Vector
LOW Missing_CSP_Header /src/Core/MailTemplates/Handlebars/AdminConsole/DomainClaimedByOrganization.html.hbs: 5 Attack Vector

Fixed Issues

Severity Issue Source File / Package
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 967
MEDIUM CSRF /src/Api/AdminConsole/Controllers/PoliciesController.cs: 70
MEDIUM CSRF /src/Api/NotificationCenter/Controllers/NotificationsController.cs: 67
MEDIUM CSRF /src/Api/NotificationCenter/Controllers/NotificationsController.cs: 61
MEDIUM CSRF /src/Api/Billing/Controllers/OrganizationsController.cs: 52
MEDIUM CSRF /src/Billing/Controllers/RecoveryController.cs: 38
MEDIUM CSRF /src/Api/Auth/Controllers/TwoFactorController.cs: 108
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 922
MEDIUM CSRF /src/Billing/Controllers/StripeController.cs: 164
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 639
MEDIUM CSRF /src/Api/Controllers/DevicesController.cs: 73
MEDIUM CSRF /src/Api/AdminConsole/Controllers/PoliciesController.cs: 91
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 470
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 236
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 261
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 356
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 482
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 899
MEDIUM CSRF /src/Api/Auth/Controllers/EmergencyAccessController.cs: 159
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 310
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 483
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 503
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 535
MEDIUM CSRF /src/Api/Controllers/SettingsController.cs: 36
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 163
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 381
MEDIUM CSRF /src/Api/Auth/Controllers/TwoFactorController.cs: 406
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 749
LOW Log_Forging /src/Billing/Controllers/RecoveryController.cs: 38
LOW Log_Forging /src/Billing/Controllers/RecoveryController.cs: 38
LOW Log_Forging /src/Billing/Controllers/StripeController.cs: 164
LOW Log_Forging /src/Billing/Controllers/StripeController.cs: 164

@Patrick-Pimentel-Bitwarden Patrick-Pimentel-Bitwarden force-pushed the auth/pm-2996/add-auth-request-data-to-devices-response-model branch from d29e69d to 0562f76 Compare December 16, 2024 16:42
@Patrick-Pimentel-Bitwarden Patrick-Pimentel-Bitwarden force-pushed the auth/pm-2996/add-auth-request-data-to-devices-response-model branch from 0562f76 to 647fad8 Compare December 16, 2024 17:09
@ike-kottlowski ike-kottlowski self-requested a review December 16, 2024 17:40
@Patrick-Pimentel-Bitwarden Patrick-Pimentel-Bitwarden force-pushed the auth/pm-2996/add-auth-request-data-to-devices-response-model branch from bf3949d to 98434df Compare December 19, 2024 17:24
@Patrick-Pimentel-Bitwarden
feat(device): Devices with Auth Request
97fa55a 
Migrated tests to appropriate place. Fixed up some of the comments discussed with Ike.
@Patrick-Pimentel-Bitwarden Patrick-Pimentel-Bitwarden force-pushed the auth/pm-2996/add-auth-request-data-to-devices-response-model branch from 98434df to 97fa55a Compare December 19, 2024 17:26
@Patrick-Pimentel-Bitwarden
Merge remote-tracking branch 'origin' into auth/pm-2996/add-auth-requ…
092b83c 
…est-data-to-devices-response-model
@Patrick-Pimentel-Bitwarden
feat(device): Devices with Auth Request
c5d8b4c 
Added comment to describe thought process for response model being passed through by the repository.
@Patrick-Pimentel-Bitwarden Patrick-Pimentel-Bitwarden marked this pull request as ready for review December 19, 2024 18:47
@Patrick-Pimentel-Bitwarden
fix(device): [PM-2996] Devices with Auth Request
a5eaa6a 
Tiny fix to remove the settings out of the controller.
@Patrick-Pimentel-Bitwarden
Merge remote-tracking branch 'origin' into auth/pm-2996/add-auth-requ…
e19b761 
…est-data-to-devices-response-model
@Patrick-Pimentel-Bitwarden
fix(device): [PM-2996] Devices with Auth Request
040d0c6 
Tiny fix to remove the settings out of the controller test.
@Patrick-Pimentel-Bitwarden Patrick-Pimentel-Bitwarden force-pushed the auth/pm-2996/add-auth-request-data-to-devices-response-model branch from 153616a to 040d0c6 Compare December 27, 2024 22:57
ike-kottlowski
ike-kottlowski previously approved these changes Dec 30, 2024
View reviewed changes
Copy link
Contributor

@ike-kottlowski ike-kottlowski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks boss.

ike-kottlowski
ike-kottlowski previously approved these changes Dec 30, 2024
View reviewed changes
rkac-bw
rkac-bw previously approved these changes Dec 30, 2024
View reviewed changes
Copy link
Contributor

@rkac-bw rkac-bw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@Patrick-Pimentel-Bitwarden
fix(device): [PM-2996] Devices with Auth Request - Updated a comment …
7035779 
…in build to make it more clear what could be the culprit of the issue.
@Patrick-Pimentel-Bitwarden Patrick-Pimentel-Bitwarden requested a review from a team as a code owner January 2, 2025 20:20
addisonbeck
addisonbeck approved these changes Jan 2, 2025
View reviewed changes
Copy link
Contributor

@addisonbeck addisonbeck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The workflow change looks fine. I didn't review much else because it seems like that's been covered.

rkac-bw
rkac-bw approved these changes Jan 3, 2025
View reviewed changes
Copy link
Contributor

@rkac-bw rkac-bw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@JaredSnider-Bitwarden JaredSnider-Bitwarden removed their request for review January 6, 2025 17:49
@Patrick-Pimentel-Bitwarden Patrick-Pimentel-Bitwarden merged commit cc96e35 into main Jan 7, 2025
54 checks passed
@Patrick-Pimentel-Bitwarden Patrick-Pimentel-Bitwarden deleted the auth/pm-2996/add-auth-request-data-to-devices-response-model branch January 7, 2025 20:52
@trmartin4 trmartin4 mentioned this pull request Jan 29, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JaredSnider-Bitwarden JaredSnider-Bitwarden JaredSnider-Bitwarden left review comments

@addisonbeck addisonbeck addisonbeck approved these changes

@ike-kottlowski ike-kottlowski ike-kottlowski approved these changes

@rkac-bw rkac-bw rkac-bw approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Patrick-Pimentel-Bitwarden @addisonbeck @JaredSnider-Bitwarden @ike-kottlowski @rkac-bw