Merge branch 'main' of https://github.com/bitwarden/server into vault/pm-20041/mark-task-complete

Author: nick-livefront

.github/workflows/build.yml

@@ -11,6 +11,9 @@ on:
     types: [opened, synchronize]
   workflow_call:
     inputs: {}
+  
+permissions:
+  contents: read
 
 env:
   _AZ_REGISTRY: "bitwardenprod.azurecr.io"
@@ -237,18 +240,10 @@ jobs:
           fi
           echo "tags=$TAGS" >> $GITHUB_OUTPUT
 
-      - name: Generate image full name
-        id: cache-name
-        env:
-          PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
-        run: echo "name=${_AZ_REGISTRY}/${PROJECT_NAME}:buildcache" >> $GITHUB_OUTPUT
-
       - name: Build Docker image
         id: build-artifacts
         uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0
         with:
-          cache-from: type=registry,ref=${{ steps.cache-name.outputs.name }}
-          cache-to: type=registry,ref=${{ steps.cache-name.outputs.name}},mode=max
           context: .
           file: ${{ matrix.base_path }}/${{ matrix.project_name }}/Dockerfile
           platforms: |
@@ -605,6 +600,7 @@ jobs:
       project: server
       pull_request_number: ${{ github.event.number }}
     secrets: inherit
+    permissions: read-all
 
   check-failures:
     name: Check for failures

Directory.Build.props

@@ -3,7 +3,7 @@
   <PropertyGroup>
     <TargetFramework>net8.0</TargetFramework>
 
-    <Version>2025.5.2</Version>
+    <Version>2025.6.0</Version>
 
     <RootNamespace>Bit.$(MSBuildProjectName)</RootNamespace>
     <ImplicitUsings>enable</ImplicitUsings>
@@ -69,4 +69,4 @@
       </AssemblyAttribute>
     </ItemGroup>
   </Target>
-</Project>
+</Project>

bitwarden_license/src/Commercial.Core/AdminConsole/Services/ProviderService.cs

@@ -287,11 +287,10 @@ public async Task<List<Tuple<ProviderUser, string>>> ConfirmUsersAsync(Guid prov
 
         foreach (var user in users)
         {
-            if (!keyedFilteredUsers.ContainsKey(user.Id))
+            if (!keyedFilteredUsers.TryGetValue(user.Id, out var providerUser))
             {
                 continue;
             }
-            var providerUser = keyedFilteredUsers[user.Id];
             try
             {
                 if (providerUser.Status != ProviderUserStatusType.Accepted || providerUser.ProviderId != providerId)

bitwarden_license/src/Scim/Program.cs

@@ -16,8 +16,8 @@ public static void Main(string[] args)
                     {
                         var context = e.Properties["SourceContext"].ToString();
 
-                        if (e.Properties.ContainsKey("RequestPath") &&
-                            !string.IsNullOrWhiteSpace(e.Properties["RequestPath"]?.ToString()) &&
+                        if (e.Properties.TryGetValue("RequestPath", out var requestPath) &&
+                            !string.IsNullOrWhiteSpace(requestPath?.ToString()) &&
                             (context.Contains(".Server.Kestrel") || context.Contains(".Core.IISHttpServer")))
                         {
                             return false;

bitwarden_license/src/Sso/Controllers/AccountController.cs

@@ -370,8 +370,8 @@ public async Task<IActionResult> Logout(string logoutId)
         //  for the user identifier.
         static bool nameIdIsNotTransient(Claim c) => c.Type == ClaimTypes.NameIdentifier
             && (c.Properties == null
-            || !c.Properties.ContainsKey(SamlPropertyKeys.ClaimFormat)
-            || c.Properties[SamlPropertyKeys.ClaimFormat] != SamlNameIdFormats.Transient);
+            || !c.Properties.TryGetValue(SamlPropertyKeys.ClaimFormat, out var claimFormat)
+            || claimFormat != SamlNameIdFormats.Transient);
 
         // Try to determine the unique id of the external user (issued by the provider)
         // the most common claim type for that are the sub claim and the NameIdentifier

bitwarden_license/src/Sso/Program.cs

@@ -17,8 +17,8 @@ public static void Main(string[] args)
                 logging.AddSerilog(hostingContext, (e, globalSettings) =>
                 {
                     var context = e.Properties["SourceContext"].ToString();
-                    if (e.Properties.ContainsKey("RequestPath") &&
-                        !string.IsNullOrWhiteSpace(e.Properties["RequestPath"]?.ToString()) &&
+                    if (e.Properties.TryGetValue("RequestPath", out var requestPath) &&
+                        !string.IsNullOrWhiteSpace(requestPath?.ToString()) &&
                         (context.Contains(".Server.Kestrel") || context.Contains(".Core.IISHttpServer")))
                     {
                         return false;

bitwarden_license/src/Sso/Utilities/OpenIdConnectOptionsExtensions.cs

@@ -46,9 +46,9 @@ public static async Task<bool> CouldHandleAsync(this OpenIdConnectOptions option
 
             // Handle State if we've gotten that back
             var decodedState = options.StateDataFormat.Unprotect(state);
-            if (decodedState != null && decodedState.Items.ContainsKey("scheme"))
+            if (decodedState != null && decodedState.Items.TryGetValue("scheme", out var stateScheme))
             {
-                return decodedState.Items["scheme"] == scheme;
+                return stateScheme == scheme;
             }
         }
         catch

dev/docker-compose.yml

@@ -99,7 +99,7 @@ services:
       - idp
 
   rabbitmq:
-    image: rabbitmq:management
+    image: rabbitmq:4.1.0-management
     container_name: rabbitmq
     ports:
       - "5672:5672"
@@ -108,7 +108,7 @@ services:
       RABBITMQ_DEFAULT_USER: ${RABBITMQ_DEFAULT_USER}
       RABBITMQ_DEFAULT_PASS: ${RABBITMQ_DEFAULT_PASS}
     volumes:
-      - rabbitmq_data:/var/lib/rabbitmq_data
+      - rabbitmq_data:/var/lib/rabbitmq
     profiles:
       - rabbitmq
 

global.json

@@ -5,6 +5,6 @@
   },
   "msbuild-sdks": {
     "Microsoft.Build.Traversal": "4.1.0",
-    "Microsoft.Build.Sql": "0.1.9-preview"
+    "Microsoft.Build.Sql": "1.0.0"
   }
 }

src/Admin/AdminConsole/Controllers/OrganizationsController.cs

@@ -12,17 +12,13 @@
 using Bit.Core.Billing.Extensions;
 using Bit.Core.Billing.Pricing;
 using Bit.Core.Billing.Providers.Services;
-using Bit.Core.Context;
 using Bit.Core.Enums;
 using Bit.Core.Models.OrganizationConnectionConfigs;
 using Bit.Core.OrganizationFeatures.OrganizationSponsorships.FamiliesForEnterprise.Interfaces;
 using Bit.Core.Repositories;
 using Bit.Core.SecretsManager.Repositories;
 using Bit.Core.Services;
 using Bit.Core.Settings;
-using Bit.Core.Tools.Enums;
-using Bit.Core.Tools.Models.Business;
-using Bit.Core.Tools.Services;
 using Bit.Core.Utilities;
 using Bit.Core.Vault.Repositories;
 using Microsoft.AspNetCore.Authorization;
@@ -45,12 +41,9 @@ public class OrganizationsController : Controller
     private readonly IPaymentService _paymentService;
     private readonly IApplicationCacheService _applicationCacheService;
     private readonly GlobalSettings _globalSettings;
-    private readonly IReferenceEventService _referenceEventService;
-    private readonly IUserService _userService;
     private readonly IProviderRepository _providerRepository;
     private readonly ILogger<OrganizationsController> _logger;
     private readonly IAccessControlService _accessControlService;
-    private readonly ICurrentContext _currentContext;
     private readonly ISecretRepository _secretRepository;
     private readonly IProjectRepository _projectRepository;
     private readonly IServiceAccountRepository _serviceAccountRepository;
@@ -73,12 +66,9 @@ public OrganizationsController(
         IPaymentService paymentService,
         IApplicationCacheService applicationCacheService,
         GlobalSettings globalSettings,
-        IReferenceEventService referenceEventService,
-        IUserService userService,
         IProviderRepository providerRepository,
         ILogger<OrganizationsController> logger,
         IAccessControlService accessControlService,
-        ICurrentContext currentContext,
         ISecretRepository secretRepository,
         IProjectRepository projectRepository,
         IServiceAccountRepository serviceAccountRepository,
@@ -100,12 +90,9 @@ public OrganizationsController(
         _paymentService = paymentService;
         _applicationCacheService = applicationCacheService;
         _globalSettings = globalSettings;
-        _referenceEventService = referenceEventService;
-        _userService = userService;
         _providerRepository = providerRepository;
         _logger = logger;
         _accessControlService = accessControlService;
-        _currentContext = currentContext;
         _secretRepository = secretRepository;
         _projectRepository = projectRepository;
         _serviceAccountRepository = serviceAccountRepository;
@@ -272,11 +259,6 @@ await HandlePotentialProviderSeatScalingAsync(
         await _organizationRepository.ReplaceAsync(organization);
 
         await _applicationCacheService.UpsertOrganizationAbilityAsync(organization);
-        await _referenceEventService.RaiseEventAsync(new ReferenceEvent(ReferenceEventType.OrganizationEditedByAdmin, organization, _currentContext)
-        {
-            EventRaisedByUser = _userService.GetUserName(User),
-            SalesAssistedTrialStarted = model.SalesAssistedTrialStarted,
-        });
 
         return RedirectToAction("Edit", new { id });
     }

src/Admin/IdentityServer/ReadOnlyEnvIdentityUserStore.cs

@@ -39,7 +39,7 @@ public override Task<IdentityUser> FindByEmailAsync(string normalizedEmail,
             }
         }
 
-        var userStamp = usersDict.ContainsKey(normalizedEmail) ? usersDict[normalizedEmail] : null;
+        var userStamp = usersDict.GetValueOrDefault(normalizedEmail);
         if (userStamp == null)
         {
             return Task.FromResult<IdentityUser>(null);

src/Admin/Program.cs

@@ -20,8 +20,8 @@ public static void Main(string[] args)
                 logging.AddSerilog(hostingContext, (e, globalSettings) =>
                 {
                     var context = e.Properties["SourceContext"].ToString();
-                    if (e.Properties.ContainsKey("RequestPath") &&
-                        !string.IsNullOrWhiteSpace(e.Properties["RequestPath"]?.ToString()) &&
+                    if (e.Properties.TryGetValue("RequestPath", out var requestPath) &&
+                        !string.IsNullOrWhiteSpace(requestPath?.ToString()) &&
                         (context.Contains(".Server.Kestrel") || context.Contains(".Core.IISHttpServer")))
                     {
                         return false;

src/Admin/Services/AccessControlService.cs

@@ -29,12 +29,12 @@ public bool UserHasPermission(Permission permission)
         }
 
         var userRole = GetUserRoleFromClaim();
-        if (string.IsNullOrEmpty(userRole) || !RolePermissionMapping.RolePermissions.ContainsKey(userRole))
+        if (string.IsNullOrEmpty(userRole) || !RolePermissionMapping.RolePermissions.TryGetValue(userRole, out var rolePermissions))
         {
             return false;
         }
 
-        return RolePermissionMapping.RolePermissions[userRole].Contains(permission);
+        return rolePermissions.Contains(permission);
     }
 
     public string GetUserRole(string userEmail)

src/Api/Auth/Models/Request/TwoFactorRequestModels.cs

@@ -25,7 +25,7 @@ public User ToUser(User existingUser)
         {
             providers = new Dictionary<TwoFactorProviderType, TwoFactorProvider>();
         }
-        else if (providers.ContainsKey(TwoFactorProviderType.Authenticator))
+        else
         {
             providers.Remove(TwoFactorProviderType.Authenticator);
         }
@@ -62,7 +62,7 @@ public User ToUser(User existingUser)
         {
             providers = [];
         }
-        else if (providers.ContainsKey(TwoFactorProviderType.Duo))
+        else
         {
             providers.Remove(TwoFactorProviderType.Duo);
         }
@@ -88,7 +88,7 @@ public Organization ToOrganization(Organization existingOrg)
         {
             providers = [];
         }
-        else if (providers.ContainsKey(TwoFactorProviderType.OrganizationDuo))
+        else
         {
             providers.Remove(TwoFactorProviderType.OrganizationDuo);
         }
@@ -145,7 +145,7 @@ public User ToUser(User existingUser)
         {
             providers = new Dictionary<TwoFactorProviderType, TwoFactorProvider>();
         }
-        else if (providers.ContainsKey(TwoFactorProviderType.YubiKey))
+        else
         {
             providers.Remove(TwoFactorProviderType.YubiKey);
         }
@@ -228,7 +228,7 @@ public User ToUser(User existingUser)
         {
             providers = new Dictionary<TwoFactorProviderType, TwoFactorProvider>();
         }
-        else if (providers.ContainsKey(TwoFactorProviderType.Email))
+        else
         {
             providers.Remove(TwoFactorProviderType.Email);
         }

src/Api/Auth/Models/Response/TwoFactor/TwoFactorAuthenticatorResponseModel.cs

@@ -13,9 +13,9 @@ public TwoFactorAuthenticatorResponseModel(User user)
         ArgumentNullException.ThrowIfNull(user);
 
         var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Authenticator);
-        if (provider?.MetaData?.ContainsKey("Key") ?? false)
+        if (provider?.MetaData?.TryGetValue("Key", out var keyValue) ?? false)
         {
-            Key = (string)provider.MetaData["Key"];
+            Key = (string)keyValue;
             Enabled = provider.Enabled;
         }
         else

src/Api/Auth/Models/Response/TwoFactor/TwoFactorEmailResponseModel.cs

@@ -15,9 +15,9 @@ public TwoFactorEmailResponseModel(User user)
         }
 
         var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Email);
-        if (provider?.MetaData?.ContainsKey("Email") ?? false)
+        if (provider?.MetaData?.TryGetValue("Email", out var email) ?? false)
         {
-            Email = (string)provider.MetaData["Email"];
+            Email = (string)email;
             Enabled = provider.Enabled;
         }
         else

src/Api/Auth/Models/Response/TwoFactor/TwoFactorYubiKeyResponseModel.cs

@@ -19,29 +19,29 @@ public TwoFactorYubiKeyResponseModel(User user)
         {
             Enabled = provider.Enabled;
 
-            if (provider.MetaData.ContainsKey("Key1"))
+            if (provider.MetaData.TryGetValue("Key1", out var key1))
             {
-                Key1 = (string)provider.MetaData["Key1"];
+                Key1 = (string)key1;
             }
-            if (provider.MetaData.ContainsKey("Key2"))
+            if (provider.MetaData.TryGetValue("Key2", out var key2))
             {
-                Key2 = (string)provider.MetaData["Key2"];
+                Key2 = (string)key2;
             }
-            if (provider.MetaData.ContainsKey("Key3"))
+            if (provider.MetaData.TryGetValue("Key3", out var key3))
             {
-                Key3 = (string)provider.MetaData["Key3"];
+                Key3 = (string)key3;
             }
-            if (provider.MetaData.ContainsKey("Key4"))
+            if (provider.MetaData.TryGetValue("Key4", out var key4))
             {
-                Key4 = (string)provider.MetaData["Key4"];
+                Key4 = (string)key4;
             }
-            if (provider.MetaData.ContainsKey("Key5"))
+            if (provider.MetaData.TryGetValue("Key5", out var key5))
             {
-                Key5 = (string)provider.MetaData["Key5"];
+                Key5 = (string)key5;
             }
-            if (provider.MetaData.ContainsKey("Nfc"))
+            if (provider.MetaData.TryGetValue("Nfc", out var nfc))
             {
-                Nfc = (bool)provider.MetaData["Nfc"];
+                Nfc = (bool)nfc;
             }
         }
         else

src/Api/Billing/Controllers/AccountsController.cs

@@ -6,14 +6,10 @@
 using Bit.Core.Auth.UserFeatures.TwoFactorAuth.Interfaces;
 using Bit.Core.Billing.Models;
 using Bit.Core.Billing.Services;
-using Bit.Core.Context;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Business;
 using Bit.Core.Services;
 using Bit.Core.Settings;
-using Bit.Core.Tools.Enums;
-using Bit.Core.Tools.Models.Business;
-using Bit.Core.Tools.Services;
 using Bit.Core.Utilities;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
@@ -161,8 +157,6 @@ public async Task PostLicenseAsync(LicenseRequestModel model)
     [HttpPost("cancel")]
     public async Task PostCancelAsync(
         [FromBody] SubscriptionCancellationRequestModel request,
-        [FromServices] ICurrentContext currentContext,
-        [FromServices] IReferenceEventService referenceEventService,
         [FromServices] ISubscriberService subscriberService)
     {
         var user = await userService.GetUserByPrincipalAsync(User);
@@ -175,12 +169,6 @@ public async Task PostCancelAsync(
         await subscriberService.CancelSubscription(user,
             new OffboardingSurveyResponse { UserId = user.Id, Reason = request.Reason, Feedback = request.Feedback },
             user.IsExpired());
-
-        await referenceEventService.RaiseEventAsync(new ReferenceEvent(
-            ReferenceEventType.CancelSubscription,
-            user,
-            currentContext)
-        { EndOfPeriod = user.IsExpired() });
     }
 
     [HttpPost("reinstate-premium")]