server PM-21024 ChangePasswordUri controller + service

🎟️ Tracking

PM-21024 Client PR: https://github.com/bitwarden/clients/pull/14912

📔 Objective

Retrieving a password change url for a website is not possible on the web because the requests are blocked by the CSP policy. This moves the same logic from the client to the server.

Contained within the existing IconsService as they have similar use cases - logic performed on decrypted cipher data.
Follows the same patterns for caching/logging as the IconsController
Checks for an invalid response and a valid response from /.well-known/change-password
Added new Policy so organizations can enable/disable usage of this endpoint.
❓ I added a separate settings for caching so the values can be distinguished between icon controller. Not necessary if these values rarely change.

📸 Screenshots

🦮 Reviewer guidelines

👍 (:+1:) or similar for great changes
📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
❓ (:question:) for questions
🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
🎨 (:art:) for suggestions / improvements
❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
⛏ (:pick:) for minor or nitpick changes

May 20 '25 18:05 nick-livefront

Checkmarx One – Scan Summary & Details – 5b9039fb-56e2-40fd-a9cc-0c738b9eac1c

Great job! No new security vulnerabilities introduced in this pull request

May 20 '25 18:05 github-actions[bot]

Codecov Report

:x: Patch coverage is 32.55814% with 87 lines in your changes missing coverage. Please review. :white_check_mark: Project coverage is 48.48%. Comparing base (db4beb4) to head (b289b57). :warning: Report is 75 commits behind head on main.

Files with missing lines	Patch %	Lines
...c/Icons/Controllers/ChangePasswordUriController.cs	0.00%	57 Missing :warning:
src/Icons/Util/ServiceCollectionExtension.cs	43.75%	9 Missing :warning:
src/Icons/Startup.cs	0.00%	7 Missing :warning:
src/Icons/Services/ChangePasswordUriService.cs	85.36%	6 Missing :warning:
src/Icons/Models/ChangePasswordUriResponse.cs	0.00%	5 Missing :warning:
src/Icons/Models/ChangePasswordUriSettings.cs	0.00%	3 Missing :warning:

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5845      +/-   ##
==========================================
- Coverage   48.51%   48.48%   -0.03%     
==========================================
  Files        1740     1744       +4     
  Lines       77299    77428     +129     
  Branches     6913     6924      +11     
==========================================
+ Hits        37499    37541      +42     
- Misses      38283    38370      +87     
  Partials     1517     1517

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:

:snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
:package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.