[PM-19883] Add untrust devices endpoint

[quexten]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-19883

📔 Objective

Adds an endpoint to untrust a list of the users devices, removing their encryption keys. The untrusting operation has a separate command with provided unit tests.

📸 Screenshots

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[codecov]

Codecov Report

Attention: Patch coverage is 78.37838% with 8 lines in your changes missing coverage. Please review.

Project coverage is 45.74%. Comparing base (0f0c3a4) to head (40cc9d6).
Report is 30 commits behind head on main.

Files with missing lines	Patch %	Lines
src/Api/Controllers/DevicesController.cs	22.22%	7 Missing ⚠️
src/Api/Auth/Models/Request/UntrustDevicesModel.cs	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5619      +/-   ##
==========================================
- Coverage   48.08%   45.74%   -2.34%     
==========================================
  Files        1563     1602      +39     
  Lines       71602    72650    +1048     
  Branches     6415     6508      +93     
==========================================
- Hits        34430    33235    -1195     
- Misses      35747    37998    +2251     
+ Partials     1425     1417       -8     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

Checkmarx One – Scan Summary & Details – f1214913-b541-4f7c-9ec1-9dbef530df01

New Issues (5)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: 164	details Method Put at line 164 of /src/Api/AdminConsole/Controllers/GroupsController.cs gets a parameter from a user request from model. This parameter val... Attack Vector
	CSRF	/bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: 86	details Method Put at line 86 of /bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs gets a parameter from a user request from model. This param... Attack Vector
	CSRF	/src/Api/AdminConsole/Public/Controllers/GroupsController.cs: 133	details Method Put at line 133 of /src/Api/AdminConsole/Public/Controllers/GroupsController.cs gets a parameter from a user request from model. This parame... Attack Vector
	CSRF	/bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: 96	details Method Patch at line 96 of /bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs gets a parameter from a user request from model. This par... Attack Vector
	SSL_Verification_Bypass	/src/Core/Services/Implementations/MailKitSmtpMailDeliveryService.cs: 73	details /src/Core/Services/Implementations/MailKitSmtpMailDeliveryService.cs relies HTTPS requests, in SendEmailAsync. The ServerCertificateValidationCallb... Attack Vector

Fixed Issues (1)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	SSL_Verification_Bypass	/src/Core/Services/Implementations/MailKitSmtpMailDeliveryService.cs: 76

[ike-kottlowski]

🎨 : Non-blocking, but adding integration tests for the Device controller would be a nice addition here, but I understand that's a large ask.

I have tracked this request internally and we don't need to address it here.

[JaredSnider-Bitwarden]

Tiny bit of optimization and I'm good to approve! Tyvm for tackling this for us!

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[JaredSnider-Bitwarden]

Appreciate this work!

[quexten]

Merging since the code using this is featureflagged behind userkey-rotation-v2.