Skip to content

Comments

[PM-15456] Update AzureDirectoryService to dynamically select Graph API endpoint based on identity authority (public or government)#777

Merged
r-tome merged 6 commits intomainfrom
ac/pm-15456/azure-government-cloud-graph-api
Jun 2, 2025
Merged

[PM-15456] Update AzureDirectoryService to dynamically select Graph API endpoint based on identity authority (public or government)#777
r-tome merged 6 commits intomainfrom
ac/pm-15456/azure-government-cloud-graph-api

Conversation

@r-tome
Copy link
Contributor

@r-tome r-tome commented Apr 29, 2025

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-15456

📔 Objective

This PR updates the Graph API URL to use the appropriate endpoint based on the selected Identity Authority. If Azure AD Government is selected, the URL now points to the government-specific endpoint (https://graph.microsoft.us) instead of the default public one (https://graph.microsoft.com).

⏰ Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • ❓ (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

@r-tome
[PM-15456] Update AzureDirectoryService to dynamically select Graph A…
384b2a9 
…PI endpoint based on identity authority (public or government)
@codecov
Copy link

codecov bot commented Apr 29, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 0% with 3 lines in your changes missing coverage. Please review.

Project coverage is 7.73%. Comparing base (1deb22a) to head (9985e82).
Report is 2 commits behind head on main.

✅ All tests successful. No failed tests found.

Files with missing lines Patch % Lines
src/services/azure-directory.service.ts 0.00% 3 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff            @@
##            main    #777      +/-   ##
========================================
- Coverage   7.74%   7.73%   -0.01%     
========================================
  Files         68      68              
  Lines       2751    2754       +3     
  Branches     473     474       +1     
========================================
  Hits         213     213              
- Misses      2523    2526       +3     
  Partials      15      15

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@github-actions
Copy link
Contributor

github-actions bot commented Apr 29, 2025
edited
Loading

Logo
Checkmarx One – Scan Summary & Detailscdba838d-40c4-4f80-bf4c-3cba1d54f82b

New Issues (8)

Checkmarx found the following issues in this Pull Request

Severity Issue Source File / Package Checkmarx Insight
CRITICAL CVE-2025-5280 Npm-electron-34.1.1
detailsRecommended version: 36.3.2
Description: Out of bounds write in V8 in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HT...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: ENiejUKbPhPpqFirWicdEHOzhptrkGk6AnFajN%2FmbeY%3D
Vulnerable Package
HIGH CVE-2025-5063 Npm-electron-34.1.1
detailsRecommended version: 36.3.2
Description: Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafte...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: rCYfhTedCsPWieE7Yqlbo0BYD3kSSjPoozgmm%2FSPHMs%3D
Vulnerable Package
HIGH CVE-2025-5283 Npm-electron-34.1.1
detailsRecommended version: 36.3.2
Description: Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTM...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: yLUWmtBmWNmm4Su3%2F4rj9e6Uu%2BguypUlFUGf2RSetNk%3D
Vulnerable Package
MEDIUM CVE-2025-5064 Npm-electron-34.1.1
detailsRecommended version: 36.3.2
Description: Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data vi...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: GyBAvd0IMVUw8xBDTZw1gGoiaaJakLQBvUFBZU9sgdo%3D
Vulnerable Package
MEDIUM CVE-2025-5065 Npm-electron-34.1.1
detailsRecommended version: 36.3.2
Description: Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: mUZbzpH26qYnmDKvmruIdV5szIBfJJS0TTto9%2Bi4rpo%3D
Vulnerable Package
MEDIUM CVE-2025-5066 Npm-electron-34.1.1
detailsRecommended version: 36.3.2
Description: Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed a remote attacker who convinced a user to engag...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: BakeGOODHA7SmSjYLaRZ%2Fsl2HGwelKffPzPUWvsQotw%3D
Vulnerable Package
MEDIUM CVE-2025-5067 Npm-electron-34.1.1
detailsRecommended version: 36.3.2
Description: Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HT...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: IGvJ1ns3ZsunAEpRbOBmOiZLKR0MEoP4yz7JuuUCUjk%3D
Vulnerable Package
MEDIUM CVE-2025-5281 Npm-electron-34.1.1
detailsRecommended version: 36.3.2
Description: Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information vi...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: A5EteaGoUqU39eK%2BVppDX65CIsgSZXxl%2FY83Ehl0cAk%3D
Vulnerable Package

@r-tome r-tome marked this pull request as ready for review April 29, 2025 14:34
@r-tome r-tome requested a review from a team as a code owner April 29, 2025 14:34
@r-tome r-tome requested a review from BTreston April 29, 2025 14:34
@sonarqubecloud
Copy link

sonarqubecloud bot commented May 29, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@r-tome r-tome merged commit 3b3ea8a into main Jun 2, 2025
20 checks passed
@r-tome r-tome deleted the ac/pm-15456/azure-government-cloud-graph-api branch June 2, 2025 13:00
sso-bitwarden pushed a commit to sso-bitwarden/directory-connector that referenced this pull request Aug 28, 2025
@r-tome @bnagawiecki
[PM-15456] Update AzureDirectoryService to dynamically select Graph A…
281b975 
…PI endpoint based on identity authority (public or government) (bitwarden#777)

Co-authored-by: bnagawiecki <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BTreston BTreston BTreston approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@r-tome @BTreston @bnagawiecki