[PM-34429] Create an endpoint to retrieve the Invite#7994
Conversation
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## pm-40216/data-protect-invite-link-codes #7994 +/- ##
===========================================================================
- Coverage 14.98% 14.97% -0.01%
===========================================================================
Files 1387 1389 +2
Lines 60261 60287 +26
Branches 4789 4793 +4
===========================================================================
Hits 9030 9030
- Misses 51076 51102 +26
Partials 155 155 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
🤖 Bitwarden Claude Code ReviewOverall Assessment: APPROVE This PR adds a Code Review DetailsNo blocking findings. Notes considered and cleared during review:
Previously raised threads (dangling doc comment, integration test scope) were already resolved by the author and a human reviewer. |
|
Hey @bitwarden/team-appsec , I know this PR is still in draft since it's branched off a feature branch instead of main, but could you take a look at it now? I'll need another review once the feature branch is merged. |
There was a problem hiding this comment.
Re: the AppSec review - I'm not sure what the specific question is for them, but they don't review implementation code, so if you need their input make sure to message them via another channel.
Re: this PR - I thought we were going to check policies and all pre-join requirements before handing over the blob, since - in the context of milestone 3 - it contains the encrypted org key?
I tried to find this in the tech breakdown, but found only oblique references - it may have gotten dropped somewhere:
The main goal of enforcement before the confirm is to ensure the user qualifies as much as possible before giving them more data, aka the org key.
I don't think it's a blocker for the milestone 1 implementation (because the blob only contains the encrypted link key, which they already have, and a public fingerprint, which is public). But if we intend to reuse this for milestone 3 we'll need a follow up ticket to strengthen it.
🎟️ Tracking
https://bitwarden.atlassian.net/browse/PM-38794
📔 Objective