[PM-6794] block legacy users from authN #4088

jlf0dev · 2024-05-15T18:28:34Z

Type of change

- [ ] Bug fix
- [x] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

Blocks legacy users (users who use their master key as their encryption key) from logging in. Directing them to the web vault for migration.

Code changes

file.ext: Description of what was changed and why

Before you submit

Please check for formatting errors (dotnet format --verify-no-changes) (required)
If making database changes - make sure you also update Entity Framework queries and/or migrations
Please add unit tests where it makes sense to do so (encouraged but not required)
If this change requires a documentation update - notify the documentation team
If this change has particular deployment requirements - notify the DevOps team

github-actions · 2024-05-15T19:07:05Z

Checkmarx One – Scan Summary & Details – 223b5a8f-234b-4fab-929e-d3daac3a9f82

New Issues

Issue	Source File / Package	Checkmarx Insight
CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [641](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Auth/Controllers/AccountsController.cs# L641)	Attack Vector
Path_Traversal	/src/Api/Tools/Controllers/SendsController.cs: [193](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Tools/Controllers/SendsController.cs# L193)	Attack Vector
Path_Traversal	/src/Api/Tools/Controllers/SendsController.cs: [193](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Tools/Controllers/SendsController.cs# L193)	Attack Vector
Privacy_Violation	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: [428](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/OrganizationsController.cs# L428)	Attack Vector
Privacy_Violation	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: [375](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/OrganizationsController.cs# L375)	Attack Vector
SSRF	/src/Billing/Controllers/FreshsalesController.cs: [50](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Billing/Controllers/FreshsalesController.cs# L50)	Attack Vector
SSRF	/src/Billing/Controllers/FreshsalesController.cs: [50](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Billing/Controllers/FreshsalesController.cs# L50)	Attack Vector
Log_Forging	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: [403](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/OrganizationsController.cs# L403)	Attack Vector
Log_Forging	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: [340](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/OrganizationsController.cs# L340)	Attack Vector
Missing_CSP_Header	/src/Core/MailTemplates/Handlebars/InitiateDeleteOrganzation.html.hbs: [10](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Core/MailTemplates/Handlebars/InitiateDeleteOrganzation.html.hbs# L10)	Attack Vector

Fixed Issues

Severity	Issue	Source File / Package
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [628](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L628)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [628](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L628)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [628](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L628)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [628](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L628)
	CSRF	/src/Api/AdminConsole/Controllers/ProvidersController.cs: [82](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/ProvidersController.cs# L82)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [607](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L607)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [607](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L607)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [607](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L607)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [607](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L607)
	CSRF	/src/Api/Public/Controllers/CollectionsController.cs: [87](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Public/Controllers/CollectionsController.cs# L87)
	CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: [132](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/GroupsController.cs# L132)
	CSRF	/src/Api/AdminConsole/Controllers/ProvidersController.cs: [143](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/ProvidersController.cs# L143)
	CSRF	/src/Api/SecretsManager/Controllers/AccessPoliciesController.cs: [229](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/SecretsManager/Controllers/AccessPoliciesController.cs# L229)
	CSRF	/src/Admin/AdminConsole/Controllers/ProvidersController.cs: [319](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Admin/AdminConsole/Controllers/ProvidersController.cs# L319)
	CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: [163](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/GroupsController.cs# L163)
	CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: [163](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/GroupsController.cs# L163)
	CSRF	/src/Api/Billing/Controllers/ProviderClientsController.cs: [28](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Billing/Controllers/ProviderClientsController.cs# L28)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [205](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L205)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [348](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L348)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [348](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L348)
	CSRF	/src/Api/Controllers/CollectionsController.cs: [270](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Controllers/CollectionsController.cs# L270)
	CSRF	/src/Api/Controllers/CollectionsController.cs: [270](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Controllers/CollectionsController.cs# L270)
	CSRF	/src/Api/Controllers/CollectionsController.cs: [212](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Controllers/CollectionsController.cs# L212)
	CSRF	/src/Api/Controllers/CollectionsController.cs: [212](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Controllers/CollectionsController.cs# L212)
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [665](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Auth/Controllers/AccountsController.cs# L665)
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [707](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Auth/Controllers/AccountsController.cs# L707)
	CSRF	/src/Api/Vault/Controllers/FoldersController.cs: [45](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/FoldersController.cs# L45)
	CSRF	/src/Api/Controllers/SelfHosted/SelfHostedOrganizationLicensesController.cs: [51](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Controllers/SelfHosted/SelfHostedOrganizationLicensesController.cs# L51)
	CSRF	/src/Api/Controllers/UsersController.cs: [22](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Controllers/UsersController.cs# L22)
	CSRF	/src/Api/Controllers/DevicesController.cs: [70](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Controllers/DevicesController.cs# L70)
	CSRF	/src/Api/Controllers/DevicesController.cs: [57](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Controllers/DevicesController.cs# L57)
	CSRF	/src/Api/AdminConsole/Public/Controllers/PoliciesController.cs: [69](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Public/Controllers/PoliciesController.cs# L69)
	CSRF	/src/Api/AdminConsole/Public/Controllers/PoliciesController.cs: [49](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Public/Controllers/PoliciesController.cs# L49)
	CSRF	/src/Api/AdminConsole/Public/Controllers/OrganizationController.cs: [42](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Public/Controllers/OrganizationController.cs# L42)
	CSRF	/src/Api/AdminConsole/Public/Controllers/GroupsController.cs: [92](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Public/Controllers/GroupsController.cs# L92)
	CSRF	/src/Api/AdminConsole/Public/Controllers/GroupsController.cs: [49](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Public/Controllers/GroupsController.cs# L49)
	CSRF	/src/Api/AdminConsole/Controllers/ProviderUsersController.cs: [142](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/ProviderUsersController.cs# L142)
	CSRF	/src/Api/AdminConsole/Controllers/PoliciesController.cs: [148](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/PoliciesController.cs# L148)
	CSRF	/src/Api/AdminConsole/Controllers/PoliciesController.cs: [78](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/PoliciesController.cs# L78)
	CSRF	/src/Api/AdminConsole/Controllers/PoliciesController.cs: [61](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/PoliciesController.cs# L61)
	CSRF	/bitwarden_license/src/Sso/Controllers/AccountController.cs: [163](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//bitwarden_license/src/Sso/Controllers/AccountController.cs# L163)
	CSRF	/bitwarden_license/src/Sso/Controllers/AccountController.cs: [96](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//bitwarden_license/src/Sso/Controllers/AccountController.cs# L96)
	CSRF	/bitwarden_license/src/Scim/Controllers/v2/UsersController.cs: [50](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//bitwarden_license/src/Scim/Controllers/v2/UsersController.cs# L50)
	CSRF	/src/Api/AdminConsole/Public/Controllers/GroupsController.cs: [161](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Public/Controllers/GroupsController.cs# L161)
	CSRF	/src/Api/Auth/Controllers/EmergencyAccessController.cs: [159](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Auth/Controllers/EmergencyAccessController.cs# L159)
	CSRF	/bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: [98](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs# L98)
	CSRF	/bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: [88](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs# L88)
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [308](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Auth/Controllers/AccountsController.cs# L308)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [87](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L87)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [233](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L233)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [315](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L315)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [333](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L333)
	CSRF	/src/Api/AdminConsole/Public/Controllers/OrganizationController.cs: [42](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Public/Controllers/OrganizationController.cs# L42)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [778](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L778)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [1130](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L1130)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [301](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L301)
	CSRF	/src/Api/Controllers/CollectionsController.cs: [411](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Controllers/CollectionsController.cs# L411)
	CSRF	/src/Api/Public/Controllers/CollectionsController.cs: [64](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Public/Controllers/CollectionsController.cs# L64)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [261](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L261)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [657](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L657)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [657](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L657)
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [428](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Auth/Controllers/AccountsController.cs# L428)
	CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: [277](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/GroupsController.cs# L277)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [961](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L961)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [1047](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L1047)
	CSRF	/src/Api/Tools/Controllers/ImportCiphersController.cs: [48](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Tools/Controllers/ImportCiphersController.cs# L48)
	CSRF	/src/Api/Tools/Controllers/ImportCiphersController.cs: [64](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Tools/Controllers/ImportCiphersController.cs# L64)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [111](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L111)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [125](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L125)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [1047](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L1047)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [464](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L464)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [316](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L316)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [992](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L992)
	CSRF	/src/Identity/Controllers/AccountsController.cs: [72](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Identity/Controllers/AccountsController.cs# L72)
	CSRF	/src/Identity/Controllers/AccountsController.cs: [50](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Identity/Controllers/AccountsController.cs# L50)
	CSRF	/src/Api/Controllers/CollectionsController.cs: [375](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Controllers/CollectionsController.cs# L375)
	CSRF	/src/Api/AdminConsole/Public/Controllers/MembersController.cs: [150](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Public/Controllers/MembersController.cs# L150)
	CSRF	/src/Api/AdminConsole/Public/Controllers/MembersController.cs: [150](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Public/Controllers/MembersController.cs# L150)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [144](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L144)
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [217](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Auth/Controllers/AccountsController.cs# L217)
	CSRF	/src/Api/Controllers/CollectionsController.cs: [303](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Controllers/CollectionsController.cs# L303)
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [283](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Auth/Controllers/AccountsController.cs# L283)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [816](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L816)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: [315](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/OrganizationsController.cs# L315)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: [315](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/OrganizationsController.cs# L315)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: [315](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/OrganizationsController.cs# L315)
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [568](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Auth/Controllers/AccountsController.cs# L568)
	CSRF	/src/Api/AdminConsole/Public/Controllers/OrganizationController.cs: [42](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Public/Controllers/OrganizationController.cs# L42)
	CSRF	/src/Api/AdminConsole/Public/Controllers/OrganizationController.cs: [42](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Public/Controllers/OrganizationController.cs# L42)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [1150](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L1150)
	CSRF	/src/Api/AdminConsole/Controllers/ProviderUsersController.cs: [188](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/ProviderUsersController.cs# L188)
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [357](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Auth/Controllers/AccountsController.cs# L357)
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [526](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Auth/Controllers/AccountsController.cs# L526)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [222](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L222)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [570](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L570)
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [770](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Auth/Controllers/AccountsController.cs# L770)
	CSRF	/src/Api/AdminConsole/Public/Controllers/GroupsController.cs: [133](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Public/Controllers/GroupsController.cs# L133)
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [403](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Auth/Controllers/AccountsController.cs# L403)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [193](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L193)
	CSRF	/src/Api/Controllers/SettingsController.cs: [36](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Controllers/SettingsController.cs# L36)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [583](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L583)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [583](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L583)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [261](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L261)
	CSRF	/src/Api/Auth/Controllers/TwoFactorController.cs: [403](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Auth/Controllers/TwoFactorController.cs# L403)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [752](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L752)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [301](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L301)
	CSRF	/src/Api/Controllers/CollectionsController.cs: [303](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Controllers/CollectionsController.cs# L303)
	CSRF	/src/Api/Controllers/CollectionsController.cs: [411](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Controllers/CollectionsController.cs# L411)
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [541](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Auth/Controllers/AccountsController.cs# L541)
	CSRF	/src/Api/Controllers/CollectionsController.cs: [323](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Controllers/CollectionsController.cs# L323)
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [920](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Auth/Controllers/AccountsController.cs# L920)
	CSRF	/src/Api/Controllers/CollectionsController.cs: [375](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Controllers/CollectionsController.cs# L375)
	CSRF	/src/Admin/AdminConsole/Controllers/OrganizationsController.cs: [334](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Admin/AdminConsole/Controllers/OrganizationsController.cs# L334)
	CSRF	/src/Admin/AdminConsole/Controllers/ProvidersController.cs: [243](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Admin/AdminConsole/Controllers/ProvidersController.cs# L243)
	CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: [81](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/GroupsController.cs# L81)
	CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: [118](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/GroupsController.cs# L118)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: [118](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/OrganizationsController.cs# L118)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: [315](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/OrganizationsController.cs# L315)
	CSRF	/src/Api/AdminConsole/Controllers/ProviderOrganizationsController.cs: [48](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/ProviderOrganizationsController.cs# L48)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [1073](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L1073)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [1073](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L1073)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [159](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L159)
	CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: [260](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/GroupsController.cs# L260)
	CSRF	/src/Api/AdminConsole/Controllers/ProviderUsersController.cs: [175](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Controllers/ProviderUsersController.cs# L175)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [855](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L855)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [222](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L222)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [570](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L570)
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [861](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Auth/Controllers/AccountsController.cs# L861)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [841](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L841)
	CSRF	/src/Api/AdminConsole/Public/Controllers/MembersController.cs: [59](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Public/Controllers/MembersController.cs# L59)
	CSRF	/src/Api/AdminConsole/Public/Controllers/MembersController.cs: [127](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Public/Controllers/MembersController.cs# L127)
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [515](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Auth/Controllers/AccountsController.cs# L515)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [193](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L193)
	CSRF	/src/Api/AdminConsole/Public/Controllers/MembersController.cs: [187](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/AdminConsole/Public/Controllers/MembersController.cs# L187)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [928](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L928)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [1096](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L1096)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [1096](https://github.com/bitwarden/server/blob/auth/pm-6794/block-legacy-users//src/Api/Vault/Controllers/CiphersController.cs# L1096)

More results are available on AST platform

codecov · 2024-05-16T19:33:18Z

Codecov Report

Attention: Patch coverage is 60.60606% with 13 lines in your changes are missing coverage. Please review.

Project coverage is 39.36%. Comparing base (9da75fc) to head (a5b6b7f).

Files	Patch %	Lines
src/Core/Services/Implementations/UserService.cs	46.15%	4 Missing and 3 partials ⚠️
...tity/IdentityServer/CustomTokenRequestValidator.cs	50.00%	3 Missing and 1 partial ⚠️
...rc/Identity/IdentityServer/BaseRequestValidator.cs	83.33%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4088      +/-   ##
==========================================
+ Coverage   39.31%   39.36%   +0.04%     
==========================================
  Files        1210     1210              
  Lines       58335    58368      +33     
  Branches     5369     5376       +7     
==========================================
+ Hits        22934    22974      +40     
+ Misses      34320    34306      -14     
- Partials     1081     1088       +7

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

ike-kottlowski

Looks good just one question.

test/Identity.IntegrationTest/Endpoints/IdentityServerTests.cs

github-actions · 2024-05-20T19:00:53Z

LaunchDarkly flag references

🔍 1 flag added or modified

Name	Key	Aliases found	Info
Block Legacy Users	`block-legacy-users`

# Conflicts: # src/Core/Constants.cs

jlf0dev added 2 commits May 15, 2024 14:25

block legacy users from authN

86af7da

undo change to GetDeviceFromRequest

017303f

jlf0dev requested a review from a team as a code owner May 15, 2024 18:28

jlf0dev requested a review from rr-bw May 15, 2024 18:28

lint

1e2b6e3

jlf0dev marked this pull request as draft May 16, 2024 13:30

rr-bw requested review from ike-kottlowski and removed request for rr-bw May 16, 2024 16:09

add feature flag

a429dd4

ike-kottlowski reviewed May 16, 2024

View reviewed changes

test/Identity.IntegrationTest/Endpoints/IdentityServerTests.cs Show resolved Hide resolved

format

4f46dee

jlf0dev marked this pull request as ready for review May 20, 2024 18:56

github-actions bot added the feature-flag label May 20, 2024

ike-kottlowski previously approved these changes May 20, 2024

View reviewed changes

jlf0dev added 3 commits May 28, 2024 09:06

Merge branch 'refs/heads/main' into auth/pm-6794/block-legacy-users

e695dca

add web vault url to error message

34aff3f

fix test

ea66033

jlf0dev dismissed ike-kottlowski’s stale review via ea66033 May 28, 2024 17:10

jlf0dev added 2 commits May 28, 2024 17:32

Merge branch 'refs/heads/main' into auth/pm-6794/block-legacy-users

83bd18f

# Conflicts: # src/Core/Constants.cs

format

a5b6b7f

jlf0dev requested a review from ike-kottlowski May 29, 2024 12:51

ike-kottlowski approved these changes May 29, 2024

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[PM-6794] block legacy users from authN #4088

[PM-6794] block legacy users from authN #4088

jlf0dev commented May 15, 2024

github-actions bot commented May 15, 2024 •

edited

codecov bot commented May 16, 2024 •

edited

ike-kottlowski left a comment

github-actions bot commented May 20, 2024

[PM-6794] block legacy users from authN #4088

Are you sure you want to change the base?

[PM-6794] block legacy users from authN #4088

Conversation

jlf0dev commented May 15, 2024

Type of change

Objective

Code changes

Before you submit

github-actions bot commented May 15, 2024 • edited

New Issues

Fixed Issues

codecov bot commented May 16, 2024 • edited

Codecov Report

ike-kottlowski left a comment

Choose a reason for hiding this comment

github-actions bot commented May 20, 2024

LaunchDarkly flag references

🔍 1 flag added or modified

github-actions bot commented May 15, 2024 •

edited

codecov bot commented May 16, 2024 •

edited