chore/SRE-583 Deprecate usage of Auth-Email Header #5709

bitwarden-charlie · 2025-04-25T02:51:01Z

🎟️ Tracking

Deprecate usage of Auth-Email Header

Contributor guidelines followed
All formatters and local linters executed and passed
Written new unit and / or integration tests where applicable
Protected functional changes with optionality (feature flags)
Used internationalization (i18n) for all UI strings
CI builds passed
Communicated to DevOps any deployment requirements
Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

👍 (:+1:) or similar for great changes
📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
❓ (:question:) for questions
🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
🎨 (:art:) for suggestions / improvements
❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
⛏ (:pick:) for minor or nitpick changes

sonarqubecloud · 2025-04-25T02:55:11Z

github-actions · 2025-04-25T02:58:56Z

Checkmarx One – Scan Summary & Details – 72825bf7-aeea-4936-964d-853bb5ab860a

New Issues (1)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	SSL_Verification_Bypass	/src/Core/Services/Implementations/MailKitSmtpMailDeliveryService.cs: 73	details /src/Core/Services/Implementations/MailKitSmtpMailDeliveryService.cs relies HTTPS requests, in SendEmailAsync. The ServerCertificateValidationCallb... `ID: %2BW1e%2BIF8kfVWMXgFu59dGPq6MAI%3D` Attack Vector

Fixed Issues (14)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	~~CSRF~~	/src/Api/AdminConsole/Controllers/OrganizationIntegrationConfigurationController.cs: 19
	~~CSRF~~	/src/Api/AdminConsole/Controllers/OrganizationIntegrationConfigurationController.cs: 78
	~~CSRF~~	/src/Api/AdminConsole/Controllers/OrganizationIntegrationController.cs: 20
	~~CSRF~~	/src/Api/AdminConsole/Controllers/SlackIntegrationController.cs: 44
	~~CSRF~~	/src/Api/AdminConsole/Controllers/OrganizationIntegrationController.cs: 51
	~~CSRF~~	/src/Admin/Billing/Controllers/BusinessUnitConversionController.cs: 70
	~~CSRF~~	/src/Api/Billing/Controllers/AccountsController.cs: 142
	~~CSRF~~	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 97
	~~CSRF~~	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 97
	~~CSRF~~	/src/Api/AdminConsole/Controllers/GroupsController.cs: 164
	~~CSRF~~	/src/Api/AdminConsole/Public/Controllers/GroupsController.cs: 133
	~~CSRF~~	/bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: 96
	~~CSRF~~	/bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: 86
	~~SSL_Verification_Bypass~~	/src/Core/Services/Implementations/MailKitSmtpMailDeliveryService.cs: 87

chore/SRE-583 Deprecate usage of Auth-Email Header

8b490bf

bitwarden-charlie requested a review from a team as a code owner April 25, 2025 02:51

bitwarden-charlie requested a review from Patrick-Pimentel-Bitwarden April 25, 2025 02:51