[PM-22263] [PM-29849] Initial PoC of seeder API

[Hinton]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-22263
https://bitwarden.atlassian.net/browse/PM-29849

📔 Objective

We want to reduce the amount of business critical test data in the company. One way of doing that is to generate test data on demand prior to client side testing.

Clients will request a scene to be set up with a JSON body set of options, specific to a given scene. Successful seed requests will be responded to with a mangleMap which maps magic strings present in the request to the mangled, non-colliding versions inserted into the database. This way, the server is solely responsible for understanding uniqueness requirements in the database. scenes also are able to return custom data, depending on the scene. For example, user creation would benefit from a return value of the userId for further test setup on the client side.

Clients will indicate they are running tests by including a unique header, x-play-id which specifies a unique testing context. The server uses this PlayId as the seed for any mangling that occurs. This allows the client to decide it will reuse a given PlayId if the test context builds on top of previously executed tests. When a given context is no longer needed, the API user will delete all test data associated with the PlayId by calling a delete endpoint.

📸 Screenshots

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[codecov]

Codecov Report

❌ Patch coverage is 57.76892% with 106 lines in your changes missing coverage. Please review.
✅ Project coverage is 59.02%. Comparing base (62ae828) to head (6b38f61).
⚠️ Report is 13 commits behind head on main.

Files with missing lines	Patch %	Lines
...tructure.Dapper/Repositories/PlayItemRepository.cs	0.00%	22 Missing ⚠️
...SharedWeb/Utilities/ServiceCollectionExtensions.cs	20.83%	17 Missing and 2 partials ⚠️
...EntityFramework/Repositories/PlayItemRepository.cs	50.00%	11 Missing ⚠️
...rTestOrganizationTrackingOrganizationRepository.cs	0.00%	9 Missing ⚠️
...positories/DapperTestUserTrackingUserRepository.cs	0.00%	9 Missing ⚠️
...FTestOrganizationTrackingOrganizationRepository.cs	0.00%	9 Missing ⚠️
...y/Repositories/EFTestUserTrackingUserRepository.cs	0.00%	9 Missing ⚠️
.../SharedWeb/Play/PlayServiceCollectionExtensions.cs	0.00%	8 Missing ⚠️
src/Core/Entities/PlayItem.cs	83.33%	4 Missing ⚠️
.../Infrastructure.EntityFramework/Models/PlayItem.cs	66.66%	2 Missing ⚠️
... and 4 more

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6424      +/-   ##
==========================================
+ Coverage   55.06%   59.02%   +3.95%     
==========================================
  Files        1934     1949      +15     
  Lines       85777    86025     +248     
  Branches     7675     7687      +12     
==========================================
+ Hits        47235    50776    +3541     
+ Misses      36751    33373    -3378     
- Partials     1791     1876      +85     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

Checkmarx One – Scan Summary & Details – eac4fc9f-a304-418d-9d17-8b90c13f68b6

New Issues (2)

Checkmarx found the following issues in this Pull Request

#	Severity	Issue	Source File / Package	Checkmarx Insight
1		CSRF	/src/Api/Auth/Controllers/AccountsController.cs: 431	details Method at line 431 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
2		Use_Of_Hardcoded_Password	/util/Seeder/Factories/UserSeeder.cs: 61	details The application uses the hard-coded password MasterPassword for authentication purposes, either using it to verify users' identities, or to access... Attack Vector

Fixed Issues (4)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CSRF	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 145
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 511
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 732
	Use_Of_Hardcoded_Password	/util/Seeder/Factories/UserSeeder.cs: 16

[theMickster]

Small things that I recommend we change.
I think we also need a README.md & a simple CLAUDE.md