Skip to content

Add validation to URI Match Default Policy for Single Org prerequisite #6454

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 12 commits into
base: main
Choose a base branch
from
Open

Add validation to URI Match Default Policy for Single Org prerequisite #6454

wants to merge 12 commits into from
+42 −1

Conversation

bensbits91
Copy link
Contributor

@bensbits91 bensbits91 commented Oct 14, 2025
edited
Loading

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-25570

📔 Objective

Adds the prerequisite that the Single Organization policy must be enabled before the URI Match Defaults policy can be enabled.

📸 Screenshots

image

⏰ Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Protected functional changes with optionality (feature flags)
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • ❓ (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

@bensbits91 bensbits91 self-assigned this Oct 14, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Oct 14, 2025
edited
Loading

Logo
Checkmarx One – Scan Summary & Details8f8a6003-a3f3-426f-993c-5d0e03dba07c

New Issues (3)

Checkmarx found the following issues in this Pull Request

Severity Issue Source File / Package Checkmarx Insight
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 427
detailsMethod at line 427 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from model. This parameter value flow...
ID: qB2Oh4bvPkc2tAsuqY%2B%2FiPKPcCE%3D
Attack Vector
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1537
detailsMethod at line 1537 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ...
ID: oS5I%2FDxqQus8L80ybnB6qqHIyTo%3D
Attack Vector
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1408
detailsMethod at line 1408 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ...
ID: siIZQHKaoXC15rRHhlVxewk6xUo%3D
Attack Vector
Fixed Issues (1)

Great job! The following issues were fixed in this Pull Request

Severity Issue Source File / Package
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 300

@codecov
Copy link

codecov bot commented Oct 14, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 51.84%. Comparing base (f82125f) to head (43a95eb).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #6454      +/-   ##
==========================================
- Coverage   55.89%   51.84%   -4.06%     
==========================================
  Files        1870     1871       +1     
  Lines       82369    82374       +5     
  Branches     7272     7272              
==========================================
- Hits        46037    42703    -3334     
- Misses      34626    38042    +3416     
+ Partials     1706     1629      -77

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@bensbits91 bensbits91 marked this pull request as ready for review October 21, 2025 15:31
@bensbits91 bensbits91 requested a review from a team as a code owner October 21, 2025 15:31
@bensbits91 bensbits91 requested a review from jrmccannon October 21, 2025 15:31
jrmccannon
jrmccannon requested changes Oct 22, 2025
View reviewed changes
Copy link
Contributor

@jrmccannon jrmccannon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please also provide unit tests for the required policy logic for this validator.

@bensbits91 bensbits91 requested a review from jrmccannon October 22, 2025 15:50
@bensbits91
Copy link
Contributor Author

I just noticed this comment too: "Please also provide unit tests for the required policy logic for this validator."

I'll work on that now...

@bensbits91
Copy link
Contributor Author

I just noticed this comment too: "Please also provide unit tests for the required policy logic for this validator."

I'll work on that now...

@jrmccannon I took a stab at the unit tests. Thanks again for your help!

@bensbits91
Remove unneccessary unit tets
c47d125 
Signed-off-by: Ben Brooks <[email protected]>
@bensbits91
Merge branch 'main' of https://github.com/bitwarden/server into pm-25…
7f79042 
…570-uri-match-policy-validation

Signed-off-by: Ben Brooks <[email protected]>
jrmccannon
jrmccannon previously approved these changes Oct 23, 2025
View reviewed changes
@jrmccannon jrmccannon self-requested a review October 23, 2025 14:26
@jrmccannon jrmccannon dismissed their stale review October 23, 2025 14:26

Whoops. Looks like tests are failing from main :(

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jrmccannon jrmccannon Awaiting requested review from jrmccannon

At least 1 approving review is required to merge this pull request.

Assignees

@bensbits91 bensbits91

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bensbits91 @jrmccannon