[PM-32424] Send Access Enumeration protection#7166
Merged
Conversation
ike-kottlowski
changed the title
Contributor
|
Great job! No new security vulnerabilities introduced in this pull request |
This was referenced Mar 6, 2026
Contributor
|
Claude finished @ike-kottlowski's task in 4m 13s —— View job Code Review: PM-32424 Send Access Enumeration protectionReviewed commits: SummaryThis PR improves enumeration protection for email-OTP-protected Sends by unifying all error responses to return the same Changes Assessed
Removed Constants
ResultNo issues found. This is a well-structured security improvement with good test coverage. Approving. |
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #7166 +/- ##
==========================================
- Coverage 56.87% 56.87% -0.01%
==========================================
Files 2028 2028
Lines 88827 88820 -7
Branches 7917 7918 +1
==========================================
- Hits 50523 50518 -5
+ Misses 36472 36471 -1
+ Partials 1832 1831 -1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
JaredSnider-Bitwarden
approved these changes
Mar 7, 2026
Contributor
JaredSnider-Bitwarden
left a comment
JaredSnider-Bitwarden
left a comment
There was a problem hiding this comment.
Excellent work!
prograhamming
pushed a commit
that referenced
this pull request
Mar 16, 2026
feat: add enumeration protection to email protected sends - Implement enumeration protection for email-based protected sends - Update SendAccess validator with new protection logic - Change OTP generation failure logging from warning to error level - Remove unused constants and update validator tests
prograhamming
added a commit
that referenced
this pull request
May 11, 2026
* PM-31923 adding the whole report endpoints v2 * PM-31923 changing approach to match others in codebase * 31923 updating code to now use the ReportFile field * add feature flag for welcome dialog no ext prompt (#7144) * [PM-32249] Allow custom desktop protocol in CORS (#7080) * Disabling Claude attribution (#7146) * [PM-33140] Correct Non-Seat Plan Intial Seat Setting for Upgrade (#7140) * refactor(billing): update seat logic * test(billing): update tests for seat logic * [PM-28531] Remove old proc and use new one (#7110) * Update PoliciesController.Put to forward all behavior to VNext (#7130) * PM-31923 adding request size attributes * [deps]: Update actions/checkout action to v6.0.2 (#6904) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Return WebAuthn credential record in create response (#7145) * Return WebAuthn credential record in create response * Make CreateWebAuthnLoginCredentialCommand null-safe * [PM-32594] Add authorization to admin-initiated sponsorship endpoints (#7095) * [PM-28519] Remove Emergency Access Contacts for AutoConfirm Org Flows (#7123) * Remove emergency access from all organization users on policy enable, or when accepted/restored * Use correct policy save system * Add additional tests * Implement both PreUpsert and OnSave side effects * Add coupon support to invoice preview and subscription creation (#6994) * Add coupon support to invoice preview and subscription creation * Fix the build lint error * Resolve the initial review comments * fix the failing test * fix the build lint error * Fix the failing test * Resolve the unaddressed issues * Fixed the deconstruction error * Fix the lint issue * Fix the lint error * Fix the lint error * Fix the build lint error * lint error resolved * remove the setting file * rename the variable name validatedCoupon * Remove the owner property * Update OrganizationBillingService tests to align with recent refactoring - Remove GetMetadata tests as method no longer exists - Remove Owner property references from OrganizationSale (removed in d761336) - Update coupon validation to use SubscriptionDiscountRepository instead of SubscriptionDiscountService - Add missing imports for SubscriptionDiscount entities - Rename test for clarity: Finalize_WithNullOwner_SkipsValidation → Finalize_WithCouponOutsideDateRange_IgnoresCouponAndProceeds All tests passing (14/14) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Fix the lint error * Making the owner non nullable * fix the failing unit test * Make the owner nullable * Fix the bug for coupon in Stripe with no audience restrictions(PM-32756) * Return validation message for invalid coupon * Update the valid token message * Fix the failing unit test * Remove the duplicate method * Fix the failing build and test * Resolve the failing test * Add delete of invalid coupon * Add the expired error message * Delete on invalid coupon in stripe * Fix the lint errors * return null if we get exception from stripe * remove the auto-delete change * fix the failing test * Fix the lint build error --------- Co-authored-by: Claude <noreply@anthropic.com> * [PM-21925] Add MasterPasswordSalt Column to User Table (#6950) feat: add MasterPasswordSalt column to User table - Add MasterPasswordSalt column to User table in both Dapper and EF implementations - Update User stored procedures (Create, Update, UpdateMasterPassword) to handle salt column - Add EF migrations and update UserView with dependent views - Set MaxLength constraint on MasterPasswordSalt column - Update UserRepository implementations to manage salt field - Add comprehensive test coverage for salt handling and normalization * PM-31923 fixing all the endpoints * PM-31923 remove claude change * PM-31923 fixing feature flag name * PM-21720 - RegisterFinishResponseModel - clean up deprecated CaptchaBypassToken (#7098) * chore(deps): Add Renovate ownership of MessagePack pinned transitive dependency * PM-31923 fixing path traversal vuln and cleaned up null references * PM-31923 fixing unit test * PM-31923 fixing issues found by reviewer * PM-31923 addressing pr comments * [PM-33219] Resolve silent auth removal on Sends (#7160) * remove null assignment to auth props and update tests * update PutRemoveAuth comment for clarity and assign null to empty email list allowing future client side changes to remove ALL emails * update test to match email removal expectation * implement expected behavior and update tests --------- Co-authored-by: Alex Dragovich <46065570+itsadrago@users.noreply.github.com> * PM-31923 fixing issues based on review * PM-31923 removing settings.json * Bumped version to 2026.3.0 * [PM-33091] Add optional Targeting Rules data resource configuration (#7137) * add fillAssistRules to environment URIs in config * add tests * do not include json file specification in path * fix warnings * fix(feature-flag): [PM-27085] Account Register Uses New Data Types - Removed unnneded feature flag. (#7127) * PM-31923 fixing unit tests * Auth/PM-32416 - Add MultiClientPasswordManagement feature flag (#7169) * chore(flags): [PM-32554] Remove pm-24579-prevent-sso-on-existing-non-compliant-users feature flag * Remove flag. * Removed unneccessary dependency * Remove unnecessary dependency. * Removed additional temporary test fixtures. --------- Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com> * [PM-25860] Rid of bulk delete error (#6925) * Rid of bulk delete error * Fix test * Fix for test * Update src/Core/Dirt/Services/Implementations/EventService.cs Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com> * Fix formatting issues in DeleteCollectionCommandTests.cs by removing hidden characters and ensuring proper using directives. * Update src/Core/Dirt/Services/Implementations/EventService.cs Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com> * Update src/Core/Dirt/Services/Implementations/EventService.cs Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com> * Refactor DeleteCollectionCommandTests.cs to remove hidden characters and improve argument matching for GetManyByManyIdsAsync method. * Fix deletion error happening in Postgres by utilizing OrganizationId which is always populated by the table row --------- Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com> * [deps]: Update MarkDig to 0.45.0 (#7117) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [PM-18236] - Use Single Org Requirement (#6999) * Added new methods and ff for single org req * Changed req messages and added new method for creating orgs * Updated Requirement and Tests. * Updated commands and requirement to take a list of org users * Updated xml docs and renamed to be consistent * Changes from Code Review * Removed feature flag check for policy requirements around single org. Aligned error message with what other commands were returning. * Fixed test names. Updated error messages to be specific for each caller. * Updated tests to clean up details consturction * Added test for confirmed accepted user in another org. * fixed tests to use new factory * Update test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/RestoreUser/RestoreOrganizationUserCommandTests.cs Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com> * Fixed tests by adding no op for req. --------- Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com> * Auth/PM-32487 - Emergency Access - invite or update - require min value of 1 for wait time in days. (#7168) * Auth/PM-32821 - Finish cleaning up old registration endpoint (#7097) * Revert "Revert "refactor(IdentityTokenResponse): [Auth/PM-3287] Remove deprec…" (#7152) This reverts commit e6c97bd. * [PM-32424] Send Access Enumeration protection (#7166) feat: add enumeration protection to email protected sends - Implement enumeration protection for email-based protected sends - Update SendAccess validator with new protection logic - Change OTP generation failure logging from warning to error level - Remove unused constants and update validator tests * [PM-27864] Add PQC TLS Support (#6547) * Add PQC TLS Support * Update util/Setup/NginxConfigBuilder.cs Co-authored-by: Addison Beck <github@addisonbeck.com> * Update util/Setup/NginxConfigBuilder.cs Co-authored-by: Addison Beck <github@addisonbeck.com> * Update util/Setup/NginxConfigBuilder.cs Co-authored-by: Addison Beck <github@addisonbeck.com> * Update util/Setup/NginxConfigBuilder.cs Co-authored-by: Addison Beck <github@addisonbeck.com> * Update util/Setup/Templates/NginxConfig.hbs Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> --------- Co-authored-by: Addison Beck <github@addisonbeck.com> Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> * [PM-33061] Tax Id Should Be Added When Upgrading to Teams or Enterprise (#7131) * refactor(billing): change billing address request type * feat(billing): add tax id support for international business plans * feat(billing): add billing address tax id handling * test: add tests for tax id handling during upgrade * fix(billing): run dotnet format * fix(billing): remove extra line * fix(billing): modify return type of HandleAsync * test(billing): update tests to reflect updated command signature * fix(billing): run dotnet format * tests(billing): fix tests * test(billing): format * [PM-32581] Refactor organization subscription update process (#7132) * chore: add CLAUDE.local.md and .worktrees to gitignore * feat(billing): add Stripe interval and payment behavior constants and feature flag * feat(billing): add OrganizationSubscriptionChangeSet model and unit tests * refactor(billing): rename UpdateOrganizationSubscriptionCommand to BulkUpdateOrganizationSubscriptionsCommand * feat(billing): add UpdateOrganizationSubscriptionCommand with tests * feat(billing): use UpdateOrganizationSubscriptionCommand in BulkUpdateOrganizationSubscriptions behind feature flag * feat(billing): use UpdateOrganizationSubscriptionCommand in SetUpSponsorshipCommand behind feature flag * feat(billing): add UpgradeOrganizationPlanVNextCommand with tests and feature flag gate * feat(billing): use UpdateOrganizationSubscriptionCommand in OrganizationService.AdjustSeatsAsync behind feature flag * feat(billing): use UpdateOrganizationSubscriptionCommand in UpdateSecretsManagerSubscriptionCommand behind feature flag * feat(billing): use UpdateOrganizationSubscriptionCommand in BillingHelpers.AdjustStorageAsync behind feature flag * chore: run dotnet format * fix(billing): missed optional owner in OrganizationBillingService.Finalize after merge * refactor(billing): address PR feedback on UpdateOrganizationSubscription * remove flagged logic (#7179) * Update UseMyItems to use dedicated plan feature (#7101) * Reorganize seeder presets into purpose-based folders and remove obsolete presets (#7176) * PM-31923 fixing architecture to make it clean * PM-31923 adding XML docs to controllers * Existing device scene (#7155) * Existing device scene * Prefer usings * Require namespaces * Return the device id that is created * [deps]: Update MarkDig to v1 (#7120) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com> * remove feature flag (#7180) * [PM-32666] Fixes endpoint issue where you can update another by providing a valid org ID (#7185) * fix(controller): add null check for provider organization ID in ProviderClientsController * feat(tests): add test for updating provider organization with different provider ID * fix(OrganizationsController): Remove unused GetPlanType method to streamline organization management (#7177) * added pm-31697-premium-upgrade-path feature flag (#7162) * Seeder - Adding density distributions (#7191) * chore(flags): Remove pm-19394-send-access-control feature flag * Remove feature flag. * Fixed import statements. * Fixed constructor. * [deps] Billing: Update coverlet.collector to v8 (#7118) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [PM-32597] - create short-lived signed attachment URL for self-hosted instances (#7100) * create short-lived signed attachment URL for self-hosted instances * move local attachment logic to service * remove comment * remove unusued var. add happy-path test for file download * [PM-30584] Add support for key-connector-migration setting key (#7136) * Add key-connector enrollment * Fix tests * Update src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Move validation to request model * Add tests * Fix build * Attempt to fix build * Attempt to fix remaining tests * Fix tests * Format --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * [PM-33040] Add new interface methods to IApplicationCacheService (#7187) * Refactor email confirmation logic to remove legacy mail service usage and streamline organization confirmation process (#7192) * Fixes swagger authentication (#7197) * Add 9 scale presets and consolidated seeder docs (#7193) * Add 9 scale presets and consolidated seeder docs * PM-31923 updated property names for metrics * Restrict users from sending altered project name/value and it being saved to the database as an invalid encrypted value. (#6853) * chore(flags): Remove obsolete client flags * Add density profiles to Seeder CLI (#7205) * feat(emergency-access): [PM-29585] Prevent New EA Invitations or Acceptance (#6940) * feat(emergency-access): [PM-29585] Prevent New EA Invitations or Acceptance - Initial implementation * fix(emergency-access): [PM-29585] Prevent New EA Invitations or Acceptance - Changes in a good place. Need to write tests. * test(emergency-access): [PM-29585] Prevent New EA Invitations or Acceptance - Service tests have been added. * fix(emergency-access): [PM-29585] Prevent New EA Invitations or Acceptance - Fixed comment. * [PM-31820] added a null check to the id/partial route (#7066) * PM-31923 removed the file size validation check * Fixed invalid syntax in OrganizationUser_UpdateMany (#6923) * [PM-32665] Fix Cross-Organization IDOR in Bulk User Revoke (#7206) * Decouple seeder cipher encryption from internal vault crates (#7211) * [deps] BRE: Update mariadb Docker tag to v12 (#7119) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [PM-19143] Refactor public API MembersController POST to use CommandResult pattern (#7182) * Add CommandResultRefactor constant to FeatureFlagKeys in Constants.cs * Add method to convert MemberCreateRequestModel to InviteOrganizationUsersRequest - Introduced ToInviteRequest method for transforming MemberCreateRequestModel into InviteOrganizationUsersRequest. - Enhanced model with additional using directives for improved functionality. * Update GetInviterEmailAsync method to include a check for Guid.Empty to prevent unnecessary DB lookups * Feature flag MembersController POST to use InviteOrganizationUsersCommand Add a new code path behind the CommandResultRefactor feature flag that replaces the legacy InviteUserAsync call with the InviteOrganizationUsersCommand. Integration tests verify both paths produce identical results. * Refactor feature flag for member invites from CommandResultRefactor to PublicMembersInviteRefactor in MembersController and update related tests. * [PM-31657] Address Overwriting Attachments (#7053) * check permissions when uploading attachment for self hosted users to remove possibility of overwriting an existing attachment. * expose `ValidateCipherEditForAttachmentAsync` * add additional logic to support admin users * add unit tests for new edit checks * SHOT-71: Migrate self-host ownership over to SHOT (#7213) * Migrate self-host ownership over to SHOT * Set devcontainers to multi owner * Update CODEOWNERS for docker-compose.yml * We already have a multiple owner section * create new dockerfile for SeederApi (#7072) * create new dockerfile for SeederApi * troubleshoot cargo issues * troubleshoot cargo issues * Ensure Rustup run on build env for appropriate target * Musl targets do not support cdylibs * Ensure default triple set to target * Set target triple rather than update default host * Change build platforms per project * Switch to debian since we can't use musl * Debian build for seeder should work with arm targets * Move app stage to distroless * remove SeederApi from server publish section * suppress unrelated warnings" * ruling out builds as error source * override platforms for SeederApi * troubleshoot matrix * add extra step for evaluating platforms * fix syntax error * exclude unrelated error * exclude unrelated error * exclude unrelated error * exclude unrelated error * exclude unrelated error * temporarily reduce number of builds * exclude unrelated error * remove temporary block on other builds * remove unused builds from dockerfile * add nginx location for seeder, wrap it behind an if check defaulting to false. This was discuss with Matt G, as this will enable QA usage of it without repetitive intervention with config files and reloading the nginx service etc. Handlebars will continously overwrite the nginx conf file on update * opted to remove conditional location to seederApi, instead include additional conf files in the same directory allowing for extensibility and not directly placing the non-prod seeder location in the config builder --------- Co-authored-by: Matt Gibson <mgibson@bitwarden.com> Co-authored-by: AJ Mabry <81774843+aj-bw@users.noreply.github.com> * introduce feature flag pm-31885-send-controls (#7134) * chore(flags:): [PM-30245] Remove locked and inactive notifications feature flags from server * pin image to sha (#7215) * PM-33591 - Parallelize CreateUsersStep and GeneratePersonalCiphersStep (#7226) * [PM-31923] Remove Unused Sprocs (#7060) * Remove old/unused sprocs * Consistency * PM-31923 fixing fileData validation check * PM-31923 fixing summaryData by date range to include all data points * PM-31923 adding download report route for organization report self-hosted verison * PM-31923 fixing security issues from pr review * PM-31923 updating GET methods to fit migration logic on front end * PM-31923 fixing unit test * 31923 fixing redudnant code, unit tests, and creating documentation * 31923 remove unused endpoints, fix unit tests, and create documentation * PM-31923 adding renew and delete endpoints * PM-31923 fixing code based on PR comments * PM-31923 fixing delete scenario with orphaned db record * PM-31923 fixing IDOR issue, adding unit tests, and making code more DRY * PM-31923 making update endpoint required * PM-31923 add FileUploadType to GET endpoints * PM-31923 fixing dead code --------- Co-authored-by: Jordan Aasen <166539328+jaasen-livefront@users.noreply.github.com> Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com> Co-authored-by: Mick Letofsky <mletofsky@bitwarden.com> Co-authored-by: Stephon Brown <sbrown@livefront.com> Co-authored-by: Vijay Oommen <voommen@livefront.com> Co-authored-by: sven-bitwarden <svernyi@bitwarden.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Isaiah Inuwa <iinuwa@bitwarden.com> Co-authored-by: Conner Turnbull <133619638+cturnbull-bitwarden@users.noreply.github.com> Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Ike <137194738+ike-kottlowski@users.noreply.github.com> Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com> Co-authored-by: Todd Martin <106564991+trmartin4@users.noreply.github.com> Co-authored-by: John Harrington <84741727+harr1424@users.noreply.github.com> Co-authored-by: Alex Dragovich <46065570+itsadrago@users.noreply.github.com> Co-authored-by: Github Actions <actions@github.com> Co-authored-by: Jonathan Prusik <jprusik@users.noreply.github.com> Co-authored-by: Patrick-Pimentel-Bitwarden <ppimentel@bitwarden.com> Co-authored-by: Jared <TheWolfBadger@gmail.com> Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com> Co-authored-by: Jared McCannon <jmccannon@bitwarden.com> Co-authored-by: Samuel Warfield <samuel.warfield2@gmail.com> Co-authored-by: Addison Beck <github@addisonbeck.com> Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> Co-authored-by: Alex Morask <144709477+amorask-bitwarden@users.noreply.github.com> Co-authored-by: Brandon Treston <btreston@bitwarden.com> Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> Co-authored-by: Matt Gibson <mgibson@bitwarden.com> Co-authored-by: mpbw2 <59324545+mpbw2@users.noreply.github.com> Co-authored-by: Bernd Schoolmann <mail@quexten.com> Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: Jimmy Vo <huynhmaivo82@gmail.com> Co-authored-by: cd-bitwarden <106776772+cd-bitwarden@users.noreply.github.com> Co-authored-by: Jason Ng <jcory.ng@gmail.com> Co-authored-by: mkincaid-bw <mkincaid@bitwarden.com> Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com> Co-authored-by: Nick Krantz <125900171+nick-livefront@users.noreply.github.com> Co-authored-by: MtnBurrit0 <77340197+mimartin12@users.noreply.github.com> Co-authored-by: Amy Galles <9685081+AmyLGalles@users.noreply.github.com> Co-authored-by: AJ Mabry <81774843+aj-bw@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🎟️ Tracking
PM-32424
Client PR: bitwarden/clients#19422
SDK PR: bitwarden/sdk-internal#821
📔 Objective
Improve enumeration protection of Sends
📸 Screenshots