Merge branch 'main' into PM-11162-assign-to-collection-perm-update

.config/dotnet-tools.json

@@ -3,7 +3,7 @@
   "isRoot": true,
   "tools": {
     "swashbuckle.aspnetcore.cli": {
-      "version": "6.7.3",
+      "version": "6.8.0",
       "commands": ["swagger"]
     },
     "dotnet-ef": {

.github/workflows/_move_finalization_db_scripts.yml

@@ -30,7 +30,7 @@ jobs:
           secrets: "github-pat-bitwarden-devops-bot-repo-scope"
 
       - name: Check out branch
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
 
@@ -54,7 +54,7 @@ jobs:
     if: ${{ needs.setup.outputs.copy_finalization_scripts == 'true' }}
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           fetch-depth: 0
 

.github/workflows/build.yml

@@ -19,7 +19,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Check out repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       - name: Set up .NET
         uses: actions/setup-dotnet@6bd8b7f7774af54e05809fcc5431931b3eb1ddee # v4.0.1
@@ -68,7 +68,7 @@ jobs:
             node: true
     steps:
       - name: Check out repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       - name: Set up .NET
         uses: actions/setup-dotnet@6bd8b7f7774af54e05809fcc5431931b3eb1ddee # v4.0.1
@@ -173,7 +173,7 @@ jobs:
             dotnet: true
     steps:
       - name: Check out repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       - name: Check branch to publish
         env:
@@ -263,7 +263,7 @@ jobs:
             -d ${{ matrix.base_path }}/${{ matrix.project_name }}/obj/build-output/publish
 
       - name: Build Docker image
-        uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
+        uses: docker/build-push-action@32945a339266b759abcbdc89316275140b0fc960 # v6.8.0
         with:
           context: ${{ matrix.base_path }}/${{ matrix.project_name }}
           file: ${{ matrix.base_path }}/${{ matrix.project_name }}/Dockerfile
@@ -282,7 +282,7 @@ jobs:
           output-format: sarif
 
       - name: Upload Grype results to GitHub
-        uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
+        uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
         with:
           sarif_file: ${{ steps.container-scan.outputs.sarif }}
 
@@ -292,7 +292,7 @@ jobs:
     needs: build-docker
     steps:
       - name: Check out repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       - name: Set up .NET
         uses: actions/setup-dotnet@6bd8b7f7774af54e05809fcc5431931b3eb1ddee # v4.0.1
@@ -467,7 +467,7 @@ jobs:
           - win-x64
     steps:
       - name: Check out repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       - name: Set up .NET
         uses: actions/setup-dotnet@6bd8b7f7774af54e05809fcc5431931b3eb1ddee # v4.0.1

.github/workflows/cleanup-rc-branch.yml

@@ -24,7 +24,7 @@ jobs:
           secrets: "github-pat-bitwarden-devops-bot-repo-scope"
 
       - name: Checkout main
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           ref: main
           token: ${{ steps.retrieve-bot-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}

.github/workflows/code-references.yml

@@ -33,7 +33,7 @@ jobs:
 
     steps:
       - name: Check out repository
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       - name: Collect
         id: collect

.github/workflows/protect-files.yml

@@ -29,7 +29,7 @@ jobs:
             label: "DB-migrations-changed"
     steps:
       - name: Check out repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           fetch-depth: 2
 

.github/workflows/publish.yml

@@ -99,7 +99,7 @@ jobs:
           echo "Github Release Option: $RELEASE_OPTION"
 
       - name: Check out repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       - name: Set up project name
         id: setup

.github/workflows/release.yml

@@ -37,7 +37,7 @@ jobs:
           fi
 
       - name: Check out repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       - name: Check release version
         id: version

.github/workflows/scan.yml

@@ -26,7 +26,7 @@ jobs:
 
     steps:
       - name: Check out repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           ref: ${{  github.event.pull_request.head.sha }}
 
@@ -46,7 +46,7 @@ jobs:
             --output-path . ${{ env.INCREMENTAL }}
 
       - name: Upload Checkmarx results to GitHub
-        uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
+        uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
         with:
           sarif_file: cx_result.sarif
 
@@ -66,7 +66,7 @@ jobs:
           distribution: "zulu"
 
       - name: Check out repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           fetch-depth: 0
           ref: ${{  github.event.pull_request.head.sha }}

.github/workflows/test-database.yml

@@ -36,7 +36,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Check out repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       - name: Set up .NET
         uses: actions/setup-dotnet@6bd8b7f7774af54e05809fcc5431931b3eb1ddee # v4.0.1
@@ -147,7 +147,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Check out repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       - name: Set up .NET
         uses: actions/setup-dotnet@6bd8b7f7774af54e05809fcc5431931b3eb1ddee # v4.0.1

.github/workflows/test.yml

@@ -46,7 +46,7 @@ jobs:
 
     steps:
       - name: Check out repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       - name: Set up .NET
         uses: actions/setup-dotnet@6bd8b7f7774af54e05809fcc5431931b3eb1ddee # v4.0.1

.github/workflows/version-bump.yml

@@ -39,7 +39,7 @@ jobs:
           fi
 
       - name: Check out branch
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       - name: Check if RC branch exists
         if: ${{ inputs.cut_rc_branch == true }}
@@ -230,7 +230,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Check out branch
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           ref: main
 

bitwarden_license/src/Scim/Context/ScimContext.cs

@@ -4,13 +4,40 @@
 using Bit.Core.Enums;
 using Bit.Core.Repositories;
 using Bit.Core.Settings;
+using Bit.Core.Utilities;
 
 namespace Bit.Scim.Context;
 
 public class ScimContext : IScimContext
 {
     private bool _builtHttpContext;
 
+    // See IP list from Ping in docs: https://support.pingidentity.com/s/article/PingOne-IP-Addresses
+    private static readonly HashSet<string> _pingIpAddresses =
+    [
+        "18.217.152.87",
+        "52.14.10.143",
+        "13.58.49.148",
+        "34.211.92.81",
+        "54.214.158.219",
+        "34.218.98.164",
+        "15.223.133.47",
+        "3.97.84.38",
+        "15.223.19.71",
+        "3.97.98.120",
+        "52.60.115.173",
+        "3.97.202.223",
+        "18.184.65.93",
+        "52.57.244.92",
+        "18.195.7.252",
+        "108.128.67.71",
+        "34.246.158.102",
+        "108.128.250.27",
+        "52.63.103.92",
+        "13.54.131.18",
+        "52.62.204.36"
+    ];
+
     public ScimProviderType RequestScimProvider { get; set; } = ScimProviderType.Default;
     public ScimConfig ScimConfiguration { get; set; }
     public Guid? OrganizationId { get; set; }
@@ -55,10 +82,18 @@ public async virtual Task BuildAsync(
                 RequestScimProvider = ScimProviderType.Okta;
             }
         }
+
         if (RequestScimProvider == ScimProviderType.Default &&
             httpContext.Request.Headers.ContainsKey("Adscimversion"))
         {
             RequestScimProvider = ScimProviderType.AzureAd;
         }
+
+        var ipAddress = CoreHelpers.GetIpAddress(httpContext, globalSettings);
+        if (RequestScimProvider == ScimProviderType.Default &&
+            _pingIpAddresses.Contains(ipAddress))
+        {
+            RequestScimProvider = ScimProviderType.Ping;
+        }
     }
 }

bitwarden_license/src/Scim/Groups/PutGroupCommand.cs

@@ -43,7 +43,8 @@ public async Task<Group> PutGroupAsync(Organization organization, Guid id, ScimG
 
     private async Task UpdateGroupMembersAsync(Group group, ScimGroupRequestModel model)
     {
-        if (_scimContext.RequestScimProvider != ScimProviderType.Okta)
+        if (_scimContext.RequestScimProvider != ScimProviderType.Okta &&
+            _scimContext.RequestScimProvider != ScimProviderType.Ping)
         {
             return;
         }

bitwarden_license/src/Scim/Users/GetUsersListQuery.cs

@@ -20,15 +20,16 @@ public GetUsersListQuery(IOrganizationUserRepository organizationUserRepository)
         string externalIdFilter = null;
         if (!string.IsNullOrWhiteSpace(filter))
         {
-            if (filter.StartsWith("userName eq "))
+            var filterLower = filter.ToLowerInvariant();
+            if (filterLower.StartsWith("username eq "))
             {
-                usernameFilter = filter.Substring(12).Trim('"').ToLowerInvariant();
+                usernameFilter = filterLower.Substring(12).Trim('"');
                 if (usernameFilter.Contains("@"))
                 {
                     emailFilter = usernameFilter;
                 }
             }
-            else if (filter.StartsWith("externalId eq "))
+            else if (filterLower.StartsWith("externalid eq "))
             {
                 externalIdFilter = filter.Substring(14).Trim('"');
             }