server

server copied to clipboard

🎟️ Tracking

https://bitwarden.atlassian.net/browse/AC-2820

📔 Objective

This PR addresses an issue where organizations created via the Bitwarden Portal for a Reseller Provider were being set to have a MaxStorageGb of 0 instead of the default 1. When investigating this issue, I found the same was true when setting Model.Seats, so I addressed this as well.

Instead of hardcoding these values as seen with the other form fields being set, I updated the function not to use a switch-case approach on the plan type and setting hard-coded values, but instead to get the selected plan type from the StaticStore, then set the relevant fields based on the default values on the given plan. Feel free to disagree with this approach if you prefer the former!

📸 Screenshots

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

Jun 28 '24 15:06 cturnbull-bitwarden

Codecov Report

Attention: Patch coverage is 0% with 59 lines in your changes missing coverage. Please review.

Project coverage is 41.61%. Comparing base (54bd5fa) to head (bba7b0d).

@@            Coverage Diff             @@
##             main    #4439      +/-   ##
==========================================
- Coverage   41.65%   41.61%   -0.04%     
==========================================
  Files        1276     1276              
  Lines       60302    60358      +56     
  Branches     5543     5544       +1     
==========================================
  Hits        25118    25118              
- Misses      34013    34069      +56     
  Partials     1171     1171              

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

Jun 28 '24 15:06 codecov[bot]

Checkmarx One – Scan Summary & Details – cc191fae-f40b-4fa4-991a-75369f5ece87

New Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	CSRF	/src/Billing/Controllers/PayPalController.cs: 66	Attack Vector
	Privacy_Violation	/src/Api/Auth/Controllers/TwoFactorController.cs: 488	Attack Vector
	Privacy_Violation	/src/Api/Auth/Controllers/WebAuthnController.cs: 178	Attack Vector
	Privacy_Violation	/src/Api/Controllers/DevicesController.cs: 133	Attack Vector
	Privacy_Violation	/src/Api/Auth/Controllers/AccountsController.cs: 829	Attack Vector
	Privacy_Violation	/src/Api/Auth/Controllers/AccountsController.cs: 847	Attack Vector
	Privacy_Violation	/src/Api/Auth/Controllers/AccountsController.cs: 412	Attack Vector
	Privacy_Violation	/src/Api/Vault/Controllers/CiphersController.cs: 953	Attack Vector
	Privacy_Violation	/src/Api/Auth/Controllers/AccountsController.cs: 549	Attack Vector
	Privacy_Violation	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: 260	Attack Vector
	Privacy_Violation	/src/Api/Controllers/DevicesController.cs: 159	Attack Vector
	Privacy_Violation	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: 429	Attack Vector
	Privacy_Violation	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: 376	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/WebAuthnController.cs: 153	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/WebAuthnController.cs: 85	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/WebAuthnController.cs: 68	Attack Vector
	Log_Forging	/src/Api/Vault/Controllers/CiphersController.cs: 217	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/AccountsController.cs: 404	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/AccountsController.cs: 541	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/AccountsController.cs: 839	Attack Vector
	Log_Forging	/src/Api/Controllers/DevicesController.cs: 124	Attack Vector
	Log_Forging	/src/Api/Vault/Controllers/CiphersController.cs: 945	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/AccountsController.cs: 821	Attack Vector
	Log_Forging	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: 240	Attack Vector
	Log_Forging	/src/Api/Controllers/DevicesController.cs: 150	Attack Vector
	Log_Forging	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: 404	Attack Vector
	Log_Forging	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: 341	Attack Vector
	Missing_CSP_Header	/src/Core/MailTemplates/Handlebars/SecretsManagerAccessRequest.html.hbs: 6	Attack Vector

Fixed Issues

Severity	Issue	Source File / Package
	CSRF	/src/Api/Controllers/CollectionsController.cs: 171
	CSRF	/src/Api/Public/Controllers/CollectionsController.cs: 87
	CSRF	/src/Billing/Controllers/StripeController.cs: 130
	CSRF	/src/Billing/Controllers/StripeController.cs: 117
	CSRF	/src/Api/AdminConsole/Public/Controllers/MembersController.cs: 89
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 577
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 577
	CSRF	/bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: 98
	CSRF	/bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: 88
	CSRF	/src/Identity/Controllers/AccountsController.cs: 75
	Log_Forging	/src/Api/Vault/Controllers/CiphersController.cs: 577

Jun 28 '24 16:06 github-actions[bot]