From 00332e72e4273a3d30add1adea8ac8f8650fd8b0 Mon Sep 17 00:00:00 2001
From: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com>
Date: Wed, 15 Sep 2021 12:23:47 -0500
Subject: [PATCH] [SSO Auto Enroll] Add API for auto enroll status retrieval
 (#1583)

* [SSO Auto Enroll] Add API for auto enroll status retrieval

* Add another user check to API

* Updated vague boolean name
---
 .../Controllers/OrganizationsController.cs    | 37 +++++++++++++++++++
 ...ganizationAutoEnrollStatusResponseModel.cs | 16 ++++++++
 2 files changed, 53 insertions(+)
 create mode 100644 src/Core/Models/Api/Response/OrganizationAutoEnrollStatusResponseModel.cs

diff --git a/src/Api/Controllers/OrganizationsController.cs b/src/Api/Controllers/OrganizationsController.cs
index 341de6141c..5f555735ba 100644
--- a/src/Api/Controllers/OrganizationsController.cs
+++ b/src/Api/Controllers/OrganizationsController.cs
@@ -10,10 +10,12 @@ using Bit.Core.Exceptions;
 using Bit.Core.Services;
 using Bit.Core.Context;
 using Bit.Api.Utilities;
+using Bit.Core.Models.Api.Response;
 using Bit.Core.Models.Business;
 using Bit.Core.Models.Data;
 using Bit.Core.Utilities;
 using Bit.Core.Settings;
+using Newtonsoft.Json;
 
 namespace Bit.Api.Controllers
 {
@@ -23,6 +25,7 @@ namespace Bit.Api.Controllers
     {
         private readonly IOrganizationRepository _organizationRepository;
         private readonly IOrganizationUserRepository _organizationUserRepository;
+        private readonly IPolicyRepository _policyRepository;
         private readonly IOrganizationService _organizationService;
         private readonly IUserService _userService;
         private readonly IPaymentService _paymentService;
@@ -32,6 +35,7 @@ namespace Bit.Api.Controllers
         public OrganizationsController(
             IOrganizationRepository organizationRepository,
             IOrganizationUserRepository organizationUserRepository,
+            IPolicyRepository policyRepository,
             IOrganizationService organizationService,
             IUserService userService,
             IPaymentService paymentService,
@@ -40,6 +44,7 @@ namespace Bit.Api.Controllers
         {
             _organizationRepository = organizationRepository;
             _organizationUserRepository = organizationUserRepository;
+            _policyRepository = policyRepository;
             _organizationService = organizationService;
             _userService = userService;
             _paymentService = paymentService;
@@ -143,6 +148,38 @@ namespace Bit.Api.Controllers
             var responses = organizations.Select(o => new ProfileOrganizationResponseModel(o));
             return new ListResponseModel<ProfileOrganizationResponseModel>(responses);
         }
+        
+        [HttpGet("{identifier}/auto-enroll-status")]
+        public async Task<OrganizationAutoEnrollStatusResponseModel> GetAutoEnrollStatus(string identifier)
+        {
+            var user = await _userService.GetUserByPrincipalAsync(User);
+            if (user == null)
+            {
+                throw new UnauthorizedAccessException();
+            }
+            
+            var organization = await _organizationRepository.GetByIdentifierAsync(identifier);
+            if (organization == null)
+            {
+                throw new NotFoundException();
+            }
+
+            var organizationUser = await _organizationUserRepository.GetByOrganizationAsync(organization.Id, user.Id);
+            if (organizationUser == null)
+            {
+                throw new NotFoundException();
+            }
+
+            var resetPasswordPolicy =
+                await _policyRepository.GetByOrganizationIdTypeAsync(organization.Id, PolicyType.ResetPassword);
+            if (resetPasswordPolicy == null || !resetPasswordPolicy.Enabled || resetPasswordPolicy.Data == null)
+            {
+                return new OrganizationAutoEnrollStatusResponseModel(organization.Id, false);
+            }
+            
+            var data = JsonConvert.DeserializeObject<ResetPasswordDataModel>(resetPasswordPolicy.Data);
+            return new OrganizationAutoEnrollStatusResponseModel(organization.Id, data?.AutoEnrollEnabled ?? false);
+        }
 
         [HttpPost("")]
         [SelfHosted(NotSelfHostedOnly = true)]
diff --git a/src/Core/Models/Api/Response/OrganizationAutoEnrollStatusResponseModel.cs b/src/Core/Models/Api/Response/OrganizationAutoEnrollStatusResponseModel.cs
new file mode 100644
index 0000000000..9bb14032d8
--- /dev/null
+++ b/src/Core/Models/Api/Response/OrganizationAutoEnrollStatusResponseModel.cs
@@ -0,0 +1,16 @@
+using System;
+
+namespace Bit.Core.Models.Api.Response
+{
+    public class OrganizationAutoEnrollStatusResponseModel : ResponseModel
+    {
+        public OrganizationAutoEnrollStatusResponseModel(Guid orgId, bool resetPasswordEnabled) : base("organizationAutoEnrollStatus")
+        {
+            Id = orgId.ToString();
+            ResetPasswordEnabled = resetPasswordEnabled;
+        }
+        
+        public string Id { get; set; }
+        public bool ResetPasswordEnabled { get; set; }
+    }
+}