Skip to content

[PM-28555] Add idempotent sproc to create My Items collections #6801

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
eliykat wants to merge 5 commits into
base: main
Choose a base branch
from
Open

[PM-28555] Add idempotent sproc to create My Items collections #6801

eliykat wants to merge 5 commits into from
+449 −195

Conversation

@eliykat
Copy link
Member

@eliykat eliykat commented Jan 6, 2026

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-28555

📔 Objective

Add a sproc to:

  • allow for the creation of smaller numbers of My Items collections, without using SqlBulkCopy
  • ensure My Items collections are properly arranged, rather than relying on the caller
  • ensure that duplicate My Items collections are not created for a combination of user and organization.

After some iteration in #6791 , we are accepting some time-of-check time-of-use risk here. Architecture did not want to enforce uniqueness at the database level so we will keep it simple, filter out existing My Items collections in the sproc, and we can increase the isolation level later if it proves to be a problem.

📸 Screenshots

⏰ Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Protected functional changes with optionality (feature flags)
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • ❓ (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

@eliykat
Add sproc to create multiple default collections
eeadbde 
- DRY up collection arrangement
- DRY up tests because bulk and non-bulk share same behavior
- use EF native AddRange instead of bulk insert, because
  we expect smaller data sizes on self-host
@eliykat eliykat requested a review from withinfocus January 6, 2026 05:52
@eliykat eliykat requested review from a team as code owners January 6, 2026 05:52
@eliykat eliykat requested a review from BTreston January 6, 2026 05:52
@eliykat eliykat added the ai-review Request a Claude code review label Jan 6, 2026
@eliykat eliykat requested review from r-tome and removed request for BTreston January 6, 2026 05:53
@claude
Copy link
Contributor

claude bot commented Jan 6, 2026
edited
Loading

Claude finished @eliykat's task in 2m 4s —— View job

Code Review Summary

This PR adds a stored procedure to create My Items collections idempotently, replacing manual collection creation logic with a more robust approach. The implementation is generally solid with good test coverage.

Review Details

No critical issues found. The code is well-structured, properly tested, and follows established patterns in the codebase. The acknowledged TOCTOU risk is acceptable given the architectural decision to avoid database-level uniqueness constraints.

Architecture Notes

The implementation uses three different strategies depending on the scenario:

  1. Small batches (Dapper): Uses new sproc with database-level filtering
  2. Large batches (Dapper bulk): Application-level filtering + SqlBulkCopy for performance
  3. Entity Framework: Application-level filtering for both variants

This is intentional - the sproc provides idempotency for typical cases, while bulk operations optimize for throughput at the cost of slightly higher TOCTOU risk.

Code Quality

  • Clean refactoring with shared utility class CollectionUtils
  • Consistent error handling with try-catch and rollback
  • Comprehensive integration tests covering idempotency scenarios
  • Good separation of concerns

Approved - Ready to merge after passing CI checks.

@github-actions
Copy link
Contributor

github-actions bot commented Jan 6, 2026
edited
Loading

Logo
Checkmarx One – Scan Summary & Details3dc1806e-563d-4085-8d40-fb67065628f4

New Issues (2)

Checkmarx found the following issues in this Pull Request

# Severity Issue Source File / Package Checkmarx Insight
1 MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1527
detailsMethod at line 1527 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ...
Attack Vector
2 MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1403
detailsMethod at line 1403 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ...
Attack Vector
Fixed Issues (1)

Great job! The following issues were fixed in this Pull Request

Severity Issue Source File / Package
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 293

@codecov
Copy link

codecov bot commented Jan 6, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 91.11111% with 8 lines in your changes missing coverage. Please review.
✅ Project coverage is 59.63%. Comparing base (b9d1a35) to head (e623b18).

Files with missing lines Patch % Lines
...ucture.Dapper/Repositories/CollectionRepository.cs 75.75% 7 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #6801      +/-   ##
==========================================
+ Coverage   55.72%   59.63%   +3.90%     
==========================================
  Files        1949     1950       +1     
  Lines       86539    86536       -3     
  Branches     7725     7726       +1     
==========================================
+ Hits        48227    51605    +3378     
+ Misses      36506    33041    -3465     
- Partials     1806     1890      +84

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

mkincaid-bw
mkincaid-bw previously approved these changes Jan 12, 2026
View reviewed changes
Copy link
Contributor

@mkincaid-bw mkincaid-bw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@eliykat eliykat requested a review from mkincaid-bw January 12, 2026 23:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@r-tome r-tome r-tome approved these changes

@withinfocus withinfocus Awaiting requested review from withinfocus

@mkincaid-bw mkincaid-bw Awaiting requested review from mkincaid-bw

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

ai-review Request a Claude code review needs-qa

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@eliykat @r-tome @mkincaid-bw