server icon indicating copy to clipboard operation
server copied to clipboard
verified publisher icon bitwarden

feat(change-password-component): Change Password Update [18720]

Open Patrick-Pimentel-Bitwarden opened this issue 7 months ago â€ĸ 6 comments

🎟ī¸ Tracking

📔 Objective

  • Now sending back policies on base request validator
  • Added endpoint for fetching aggregated master password policies

TODO

  • Tests

📸 Screenshots

⏰ Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Protected functional changes with optionality (feature flags)
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

đŸĻŽ Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹī¸ (:information_source:) for notes or general info
  • ❓ (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • ❌ (:x:) or ⚠ī¸ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or â™ģī¸ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

Patrick-Pimentel-Bitwarden avatar Jun 06 '25 00:06 Patrick-Pimentel-Bitwarden

Codecov Report

:x: Patch coverage is 63.75000% with 29 lines in your changes missing coverage. Please review. :white_check_mark: Project coverage is 50.94%. Comparing base (f532236) to head (4678564). :warning: Report is 256 commits behind head on main.

Files with missing lines Patch % Lines
...work/AdminConsole/Repositories/PolicyRepository.cs 47.82% 12 Missing :warning:
...pper/AdminConsole/Repositories/PolicyRepository.cs 0.00% 9 Missing :warning:
...Api/AdminConsole/Controllers/PoliciesController.cs 42.85% 4 Missing :warning:
...nConsole/Services/Implementations/PolicyService.cs 60.00% 0 Missing and 2 partials :warning:
src/Api/Auth/Controllers/AccountsController.cs 0.00% 1 Missing :warning:
src/Core/Context/CurrentContext.cs 90.90% 0 Missing and 1 partial :warning:
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #5929      +/-   ##
==========================================
+ Coverage   47.65%   50.94%   +3.29%     
==========================================
  Files        1665     1666       +1     
  Lines       75099    75152      +53     
  Branches     6765     6770       +5     
==========================================
+ Hits        35786    38288    +2502     
+ Misses      37858    35347    -2511     
- Partials     1455     1517      +62

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:
  • :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

codecov[bot] avatar Jun 06 '25 00:06 codecov[bot]

Logo Checkmarx One – Scan Summary & Details – 900dcfdf-a1a4-462f-8e9c-5cf956f8e87d

Great job, no security vulnerabilities found in this Pull Request

github-actions[bot] avatar Jun 06 '25 00:06 github-actions[bot]

Quality Gate Passed Quality Gate passed

Issues
2 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

sonarqubecloud[bot] avatar Jun 10 '25 22:06 sonarqubecloud[bot]

I actually think we can solve this for you in #5936. We would keep your endpoint, but it would call the new PolicyRequirementQuery which we can configure to include accepted and confirmed users, rather than implementing a bespoke repository query. (No documentation around this query yet but I'll be sharing some soon.) I'll look at it all together next week and get back to you, I've also asked @BTreston to take a look.

@eliykat I think its possible to do it with a new PolicyRequirement, but it would mean we have 2 PolicyRequirements associated with 1 policy. If we're cool with that then 👍. Either that or we extend the capabilities of PolicyRequirementQuery to be able to specify somehow which factory we want to use and extend the MasterPasswordPolicyRequirementFactory with an override for ExemptStatuses to exempt the ones we don't care about (Invited and Revoked)? I am not sure if we are currently able to satisfy 2 different ExemptSatuses requirements in a single PolicyRequirementFactory (unless I am missing something) as that seems to be the requirement this functionality would support. Might require some thought on the approach and implementation, but regardless I think its possible.

BTreston avatar Jun 16 '25 20:06 BTreston

Just a heads up regarding this work. We have moved away from the server changes in favor of fixing the login flow in the clients. This pr will be closed by next week once we have all the other work in and confirmed to be working.

Patrick-Pimentel-Bitwarden avatar Jun 16 '25 20:06 Patrick-Pimentel-Bitwarden

OK - we'll hold off on doing anything here for now. Thanks for taking a look @BTreston .

eliykat avatar Jun 17 '25 03:06 eliykat