fix(refactor): [PM-34246] Rename Set Password to Finalize Onboarding - Initial set of renames take two.

Author: Patrick-Pimentel-Bitwarden

src/Api/Auth/Controllers/AccountsController.cs

@@ -39,7 +39,7 @@ public class AccountsController : Controller
     private readonly IUserService _userService;
     private readonly IPolicyService _policyService;
     private readonly ISetInitialMasterPasswordCommandV1 _setInitialMasterPasswordCommandV1;
-    private readonly ISetInitialMasterPasswordCommand _setInitialMasterPasswordCommand;
+    private readonly IFinishSsoJitProvisionMasterPasswordCommand _finishSsoJitProvisionMasterPasswordCommand;
     private readonly ITdeSetPasswordCommand _tdeSetPasswordCommand;
     private readonly ITdeOffboardingPasswordCommand _tdeOffboardingPasswordCommand;
     private readonly ITwoFactorIsEnabledQuery _twoFactorIsEnabledQuery;
@@ -55,7 +55,7 @@ public AccountsController(
         IProviderUserRepository providerUserRepository,
         IUserService userService,
         IPolicyService policyService,
-        ISetInitialMasterPasswordCommand setInitialMasterPasswordCommand,
+        IFinishSsoJitProvisionMasterPasswordCommand finishSsoJitProvisionMasterPasswordCommand,
         ISetInitialMasterPasswordCommandV1 setInitialMasterPasswordCommandV1,
         ITdeSetPasswordCommand tdeSetPasswordCommand,
         ITdeOffboardingPasswordCommand tdeOffboardingPasswordCommand,
@@ -72,7 +72,7 @@ IUserRepository userRepository
         _providerUserRepository = providerUserRepository;
         _userService = userService;
         _policyService = policyService;
-        _setInitialMasterPasswordCommand = setInitialMasterPasswordCommand;
+        _finishSsoJitProvisionMasterPasswordCommand = finishSsoJitProvisionMasterPasswordCommand;
         _setInitialMasterPasswordCommandV1 = setInitialMasterPasswordCommandV1;
         _tdeSetPasswordCommand = tdeSetPasswordCommand;
         _tdeOffboardingPasswordCommand = tdeOffboardingPasswordCommand;
@@ -230,7 +230,7 @@ public async Task PostSetPasswordAsync([FromBody] SetInitialPasswordRequestModel
             }
             else
             {
-                await _setInitialMasterPasswordCommand.SetInitialMasterPasswordAsync(user, model.ToData());
+                await _finishSsoJitProvisionMasterPasswordCommand.FinishSsoJitProvisionMasterPasswordAsync(user, model.ToData());
             }
         }
         else

…sword/SetInitialMasterPasswordCommand.cs …ProvisionMasterPasswordCommandCommand.cssrc/Core/Auth/UserFeatures/UserMasterPassword/SetInitialMasterPasswordCommand.cs renamed to src/Core/Auth/UserFeatures/UserMasterPassword/FinishSsoJitProvisionMasterPasswordCommandCommand.cs src/Core/Auth/UserFeatures/UserMasterPassword/SetInitialMasterPasswordCommand.cs renamed to src/Core/Auth/UserFeatures/UserMasterPassword/FinishSsoJitProvisionMasterPasswordCommandCommand.cs

@@ -10,7 +10,7 @@
 
 namespace Bit.Core.Auth.UserFeatures.UserMasterPassword;
 
-public class SetInitialMasterPasswordCommand : ISetInitialMasterPasswordCommand
+public class FinishSsoJitProvisionMasterPasswordCommandCommand : IFinishSsoJitProvisionMasterPasswordCommand
 {
     private readonly IUserService _userService;
     private readonly IUserRepository _userRepository;
@@ -20,7 +20,7 @@ public class SetInitialMasterPasswordCommand : ISetInitialMasterPasswordCommand
     private readonly IPasswordHasher<User> _passwordHasher;
     private readonly IEventService _eventService;
 
-    public SetInitialMasterPasswordCommand(IUserService userService, IUserRepository userRepository,
+    public FinishSsoJitProvisionMasterPasswordCommandCommand(IUserService userService, IUserRepository userRepository,
         IAcceptOrgUserCommand acceptOrgUserCommand, IOrganizationUserRepository organizationUserRepository,
         IOrganizationRepository organizationRepository, IPasswordHasher<User> passwordHasher,
         IEventService eventService)
@@ -34,7 +34,7 @@ public SetInitialMasterPasswordCommand(IUserService userService, IUserRepository
         _eventService = eventService;
     }
 
-    public async Task SetInitialMasterPasswordAsync(User user,
+    public async Task FinishSsoJitProvisionMasterPasswordAsync(User user,
         SetInitialMasterPasswordDataModel masterPasswordDataModel)
     {
         if (user.Key != null)

src/Core/Auth/UserFeatures/UserMasterPassword/Interfaces/IFinishSsoJitProvisionMasterPasswordCommand.cs

@@ -0,0 +1,27 @@
+using Bit.Core.Auth.Models.Data;
+using Bit.Core.Entities;
+using Bit.Core.Exceptions;
+
+namespace Bit.Core.Auth.UserFeatures.UserMasterPassword.Interfaces;
+
+/// <summary>
+/// <para>Finalizes onboarding for an organization user by setting their initial master password and account keys,
+/// then accepting their organization membership.</para>
+/// <para>Applies to organizations configured with Single Sign-On (SSO) and master password decryption,
+/// where just-in-time (JIT) provisioned users are required to establish a master password upon first SSO login.</para>
+/// </summary>
+public interface IFinishSsoJitProvisionMasterPasswordCommand
+{
+    /// <summary>
+    /// Sets the initial master password and account keys for the specified user and accepts their pending
+    /// organization membership.
+    /// </summary>
+    /// <param name="user">User to finalize onboarding for. Must not already have a master password set.</param>
+    /// <param name="masterPasswordDataModel">Master password, account keys, and org SSO identifier</param>
+    /// <returns>A task that completes when the operation succeeds</returns>
+    /// <exception cref="BadRequestException">
+    /// Thrown if the user's master password is already set, account keys are missing, the organization
+    /// SSO identifier is invalid, or the user is not a member of the organization.
+    /// </exception>
+    public Task FinishSsoJitProvisionMasterPasswordAsync(User user, SetInitialMasterPasswordDataModel masterPasswordDataModel);
+}

src/Core/Auth/UserFeatures/UserMasterPassword/Interfaces/ISetInitialMasterPasswordCommand.cs

@@ -52,7 +52,7 @@ public static void AddUserKeyCommands(this IServiceCollection services, IGlobalS
 
     private static void AddUserPasswordCommands(this IServiceCollection services)
     {
-        services.AddScoped<ISetInitialMasterPasswordCommand, SetInitialMasterPasswordCommand>();
+        services.AddScoped<IFinishSsoJitProvisionMasterPasswordCommand, FinishSsoJitProvisionMasterPasswordCommandCommand>();
         services.AddScoped<ISetInitialMasterPasswordCommandV1, SetInitialMasterPasswordCommandV1>();
         services.AddScoped<ITdeSetPasswordCommand, TdeSetPasswordCommand>();
     }

src/Core/Auth/UserFeatures/UserServiceCollectionExtensions.cs

@@ -34,7 +34,7 @@ public class AccountsControllerTests : IDisposable
     private readonly IUserService _userService;
     private readonly IProviderUserRepository _providerUserRepository;
     private readonly IPolicyService _policyService;
-    private readonly ISetInitialMasterPasswordCommand _setInitialMasterPasswordCommand;
+    private readonly IFinishSsoJitProvisionMasterPasswordCommand _finishSsoJitProvisionMasterPasswordCommand;
     private readonly ISetInitialMasterPasswordCommandV1 _setInitialMasterPasswordCommandV1;
     private readonly ITwoFactorIsEnabledQuery _twoFactorIsEnabledQuery;
     private readonly ITdeSetPasswordCommand _tdeSetPasswordCommand;
@@ -52,7 +52,7 @@ public AccountsControllerTests()
         _organizationUserRepository = Substitute.For<IOrganizationUserRepository>();
         _providerUserRepository = Substitute.For<IProviderUserRepository>();
         _policyService = Substitute.For<IPolicyService>();
-        _setInitialMasterPasswordCommand = Substitute.For<ISetInitialMasterPasswordCommand>();
+        _finishSsoJitProvisionMasterPasswordCommand = Substitute.For<IFinishSsoJitProvisionMasterPasswordCommand>();
         _setInitialMasterPasswordCommandV1 = Substitute.For<ISetInitialMasterPasswordCommandV1>();
         _twoFactorIsEnabledQuery = Substitute.For<ITwoFactorIsEnabledQuery>();
         _tdeSetPasswordCommand = Substitute.For<ITdeSetPasswordCommand>();
@@ -69,7 +69,7 @@ public AccountsControllerTests()
             _providerUserRepository,
             _userService,
             _policyService,
-            _setInitialMasterPasswordCommand,
+            _finishSsoJitProvisionMasterPasswordCommand,
             _setInitialMasterPasswordCommandV1,
             _tdeSetPasswordCommand,
             _tdeOffboardingPasswordCommand,
@@ -870,15 +870,15 @@ public async Task PostSetPasswordAsync_V2_WhenUserExistsAndSettingPasswordSuccee
         // Arrange
         UpdateSetInitialPasswordRequestModelToV2(setInitialPasswordRequestModel);
         _userService.GetUserByPrincipalAsync(Arg.Any<ClaimsPrincipal>()).Returns(Task.FromResult(user));
-        _setInitialMasterPasswordCommand.SetInitialMasterPasswordAsync(user, Arg.Any<SetInitialMasterPasswordDataModel>())
+        _finishSsoJitProvisionMasterPasswordCommand.FinishSsoJitProvisionMasterPasswordAsync(user, Arg.Any<SetInitialMasterPasswordDataModel>())
             .Returns(Task.CompletedTask);
 
         // Act
         await _sut.PostSetPasswordAsync(setInitialPasswordRequestModel);
 
         // Assert
-        await _setInitialMasterPasswordCommand.Received(1)
-            .SetInitialMasterPasswordAsync(
+        await _finishSsoJitProvisionMasterPasswordCommand.Received(1)
+            .FinishSsoJitProvisionMasterPasswordAsync(
                 Arg.Is<User>(u => u == user),
                 Arg.Is<SetInitialMasterPasswordDataModel>(d =>
                     d.MasterPasswordAuthentication != null &&
@@ -935,7 +935,7 @@ public async Task PostSetPasswordAsync_V2_WhenSettingPasswordFails_ShouldThrowEx
         // Arrange
         UpdateSetInitialPasswordRequestModelToV2(setInitialPasswordRequestModel);
         _userService.GetUserByPrincipalAsync(Arg.Any<ClaimsPrincipal>()).Returns(Task.FromResult(user));
-        _setInitialMasterPasswordCommand.SetInitialMasterPasswordAsync(user, Arg.Any<SetInitialMasterPasswordDataModel>())
+        _finishSsoJitProvisionMasterPasswordCommand.FinishSsoJitProvisionMasterPasswordAsync(user, Arg.Any<SetInitialMasterPasswordDataModel>())
             .Returns(Task.FromException(new Exception("Setting password failed")));
 
         // Act & Assert

test/Api.Test/Auth/Controllers/AccountsControllerTests.cs

@@ -18,11 +18,11 @@
 namespace Bit.Core.Test.Auth.UserFeatures.UserMasterPassword;
 
 [SutProviderCustomize]
-public class SetInitialMasterPasswordCommandTests
+public class FinishSsoJitProvisionMasterPasswordCommandCommandTests
 {
     [Theory]
     [BitAutoData]
-    public async Task SetInitialMasterPassword_Success(SutProvider<SetInitialMasterPasswordCommand> sutProvider,
+    public async Task SetInitialMasterPassword_Success(SutProvider<FinishSsoJitProvisionMasterPasswordCommandCommand> sutProvider,
         User user, UserAccountKeysData accountKeys, KdfSettings kdfSettings,
         Organization org, OrganizationUser orgUser, string serverSideHash, string masterPasswordHint)
     {
@@ -49,7 +49,7 @@ public async Task SetInitialMasterPassword_Success(SutProvider<SetInitialMasterP
             .Returns(mockUpdateUserData);
 
         // Act
-        await sutProvider.Sut.SetInitialMasterPasswordAsync(user, model);
+        await sutProvider.Sut.FinishSsoJitProvisionMasterPasswordAsync(user, model);
 
         // Assert
         await sutProvider.GetDependency<IUserRepository>().Received(1)
@@ -73,7 +73,7 @@ await sutProvider.GetDependency<IAcceptOrgUserCommand>().Received(1)
     [Theory]
     [BitAutoData]
     public async Task SetInitialMasterPassword_UserAlreadyHasPassword_ThrowsBadRequestException(
-        SutProvider<SetInitialMasterPasswordCommand> sutProvider,
+        SutProvider<FinishSsoJitProvisionMasterPasswordCommandCommand> sutProvider,
         User user, UserAccountKeysData accountKeys, KdfSettings kdfSettings, string orgSsoIdentifier, string masterPasswordHint)
     {
         // Arrange
@@ -82,14 +82,14 @@ public async Task SetInitialMasterPassword_UserAlreadyHasPassword_ThrowsBadReque
 
         // Act & Assert
         var exception = await Assert.ThrowsAsync<BadRequestException>(
-            async () => await sutProvider.Sut.SetInitialMasterPasswordAsync(user, model));
+            async () => await sutProvider.Sut.FinishSsoJitProvisionMasterPasswordAsync(user, model));
         Assert.Equal("User already has a master password set.", exception.Message);
     }
 
     [Theory]
     [BitAutoData]
     public async Task SetInitialMasterPassword_AccountKeysNull_ThrowsBadRequestException(
-        SutProvider<SetInitialMasterPasswordCommand> sutProvider,
+        SutProvider<FinishSsoJitProvisionMasterPasswordCommandCommand> sutProvider,
         User user, KdfSettings kdfSettings, string orgSsoIdentifier, string masterPasswordHint)
     {
         // Arrange
@@ -98,7 +98,7 @@ public async Task SetInitialMasterPassword_AccountKeysNull_ThrowsBadRequestExcep
 
         // Act & Assert
         var exception = await Assert.ThrowsAsync<BadRequestException>(
-            async () => await sutProvider.Sut.SetInitialMasterPasswordAsync(user, model));
+            async () => await sutProvider.Sut.FinishSsoJitProvisionMasterPasswordAsync(user, model));
         Assert.Equal("Account keys are required.", exception.Message);
     }
 
@@ -108,7 +108,7 @@ public async Task SetInitialMasterPassword_AccountKeysNull_ThrowsBadRequestExcep
     [BitAutoData("wrong-salt", "different-wrong-salt")]
     public async Task SetInitialMasterPassword_InvalidSalt_ThrowsBadRequestException(
         string? authSaltOverride, string? unlockSaltOverride,
-        SutProvider<SetInitialMasterPasswordCommand> sutProvider,
+        SutProvider<FinishSsoJitProvisionMasterPasswordCommandCommand> sutProvider,
         User user, UserAccountKeysData accountKeys, KdfSettings kdfSettings, string orgSsoIdentifier, string masterPasswordHint)
     {
         // Arrange
@@ -135,14 +135,14 @@ public async Task SetInitialMasterPassword_InvalidSalt_ThrowsBadRequestException
 
         // Act & Assert
         var exception = await Assert.ThrowsAsync<BadRequestException>(
-            async () => await sutProvider.Sut.SetInitialMasterPasswordAsync(user, model));
+            async () => await sutProvider.Sut.FinishSsoJitProvisionMasterPasswordAsync(user, model));
         Assert.Equal("Invalid master password salt.", exception.Message);
     }
 
     [Theory]
     [BitAutoData]
     public async Task SetInitialMasterPassword_InvalidOrgSsoIdentifier_ThrowsBadRequestException(
-        SutProvider<SetInitialMasterPasswordCommand> sutProvider,
+        SutProvider<FinishSsoJitProvisionMasterPasswordCommandCommand> sutProvider,
         User user, UserAccountKeysData accountKeys, KdfSettings kdfSettings, string orgSsoIdentifier, string masterPasswordHint)
     {
         // Arrange
@@ -155,14 +155,14 @@ public async Task SetInitialMasterPassword_InvalidOrgSsoIdentifier_ThrowsBadRequ
 
         // Act & Assert
         var exception = await Assert.ThrowsAsync<BadRequestException>(
-            async () => await sutProvider.Sut.SetInitialMasterPasswordAsync(user, model));
+            async () => await sutProvider.Sut.FinishSsoJitProvisionMasterPasswordAsync(user, model));
         Assert.Equal("Organization SSO identifier is invalid.", exception.Message);
     }
 
     [Theory]
     [BitAutoData]
     public async Task SetInitialMasterPassword_UserNotFoundInOrganization_ThrowsBadRequestException(
-        SutProvider<SetInitialMasterPasswordCommand> sutProvider,
+        SutProvider<FinishSsoJitProvisionMasterPasswordCommandCommand> sutProvider,
         User user, UserAccountKeysData accountKeys, KdfSettings kdfSettings, Organization org, string masterPasswordHint)
     {
         // Arrange
@@ -179,7 +179,7 @@ public async Task SetInitialMasterPassword_UserNotFoundInOrganization_ThrowsBadR
 
         // Act & Assert
         var exception = await Assert.ThrowsAsync<BadRequestException>(
-            async () => await sutProvider.Sut.SetInitialMasterPasswordAsync(user, model));
+            async () => await sutProvider.Sut.FinishSsoJitProvisionMasterPasswordAsync(user, model));
         Assert.Equal("User not found within organization.", exception.Message);
     }
 

…/SetInitialMasterPasswordCommandTests.cs …sionMasterPasswordCommandCommandTests.cstest/Core.Test/Auth/UserFeatures/UserMasterPassword/SetInitialMasterPasswordCommandTests.cs renamed to test/Core.Test/Auth/UserFeatures/UserMasterPassword/FinishSsoJitProvisionMasterPasswordCommandCommandTests.cs test/Core.Test/Auth/UserFeatures/UserMasterPassword/SetInitialMasterPasswordCommandTests.cs renamed to test/Core.Test/Auth/UserFeatures/UserMasterPassword/FinishSsoJitProvisionMasterPasswordCommandCommandTests.cs

@@ -627,7 +627,7 @@ public async Task CreateAsync_ShouldSetMasterPasswordSaltToNullWhenNoMasterPassw
     /// <summary>
     /// In this test we are testing that the MasterPasswordUnlockData set's the password data correctly.
     /// including setting the masterPasswordSalt.
-    /// <see cref="TdeSetPasswordCommand.SetMasterPasswordAsync"/> and <see cref="SetInitialMasterPasswordCommand.SetInitialMasterPasswordAsync"/> for reference.
+    /// <see cref="TdeSetPasswordCommand.SetMasterPasswordAsync"/> and <see cref="FinishSsoJitProvisionMasterPasswordCommandCommand.FinishSsoJitProvisionMasterPasswordAsync"/> for reference.
     /// </summary>
     [Theory, DatabaseData]
     public async Task UpdateMasterPassword_MasterPasswordSaltIsUpdated(