Merge branch 'master' into feature/billing-obfuscation

src/Core/Models/Data/EventMessage.cs

@@ -32,4 +32,7 @@ public class EventMessage : IEvent
     public string IpAddress { get; set; }
     public Guid? IdempotencyId { get; private set; } = Guid.NewGuid();
     public EventSystemUser? SystemUser { get; set; }
+    public string DomainName { get; set; }
+    public Guid? SecretId { get; set; }
+    public Guid? ServiceAccountId { get; set; }
 }

src/Core/Models/Data/EventTableEntity.cs

@@ -27,6 +27,9 @@ public class EventTableEntity : TableEntity, IEvent
         IpAddress = e.IpAddress;
         ActingUserId = e.ActingUserId;
         SystemUser = e.SystemUser;
+        DomainName = e.DomainName;
+        SecretId = e.SecretId;
+        ServiceAccountId = e.ServiceAccountId;
     }
 
     public DateTime Date { get; set; }
@@ -46,6 +49,9 @@ public class EventTableEntity : TableEntity, IEvent
     public string IpAddress { get; set; }
     public Guid? ActingUserId { get; set; }
     public EventSystemUser? SystemUser { get; set; }
+    public string DomainName { get; set; }
+    public Guid? SecretId { get; set; }
+    public Guid? ServiceAccountId { get; set; }
 
     public override IDictionary<string, EntityProperty> WriteEntity(OperationContext operationContext)
     {
@@ -152,6 +158,24 @@ public class EventTableEntity : TableEntity, IEvent
             });
         }
 
+        if (e.OrganizationId.HasValue && e.ServiceAccountId.HasValue)
+        {
+            entities.Add(new EventTableEntity(e)
+            {
+                PartitionKey = pKey,
+                RowKey = $"ServiceAccountId={e.ServiceAccountId}__Date={dateKey}__Uniquifier={uniquifier}"
+            });
+        }
+
+        if (e.SecretId.HasValue)
+        {
+            entities.Add(new EventTableEntity(e)
+            {
+                PartitionKey = pKey,
+                RowKey = $"SecretId={e.CipherId}__Date={dateKey}__Uniquifier={uniquifier}"
+            });
+        }
+
         return entities;
     }
 

src/Core/Models/Data/IEvent.cs

@@ -21,4 +21,7 @@ public interface IEvent
     string IpAddress { get; set; }
     DateTime Date { get; set; }
     EventSystemUser? SystemUser { get; set; }
+    string DomainName { get; set; }
+    Guid? SecretId { get; set; }
+    Guid? ServiceAccountId { get; set; }
 }

src/Core/Models/Data/Organizations/OrganizationDomainSsoDetailsData.cs

@@ -0,0 +1,16 @@
+using Bit.Core.Enums;
+
+namespace Bit.Core.Models.Data.Organizations;
+
+public class OrganizationDomainSsoDetailsData
+{
+    public Guid OrganizationId { get; set; }
+    public string OrganizationName { get; set; }
+    public string DomainName { get; set; }
+    public bool SsoAvailable { get; set; }
+    public string OrganizationIdentifier { get; set; }
+    public bool SsoRequired { get; set; }
+    public PolicyType? PolicyType { get; set; }
+    public DateTime? VerifiedDate { get; set; }
+    public bool OrganizationEnabled { get; set; }
+}

src/Core/Models/Data/Organizations/OrganizationUsers/OrganizationUserUserDetails.cs

@@ -12,6 +12,7 @@ public class OrganizationUserUserDetails : IExternal, ITwoFactorProvidersUser
     public Guid? UserId { get; set; }
     public string Name { get; set; }
     public string Email { get; set; }
+    public string AvatarColor { get; set; }
     public string TwoFactorProviders { get; set; }
     public bool? Premium { get; set; }
     public OrganizationUserStatusType Status { get; set; }
@@ -61,11 +62,9 @@ public class OrganizationUserUserDetails : IExternal, ITwoFactorProvidersUser
         return Premium.GetValueOrDefault(false);
     }
 
-    public bool OccupiesOrganizationSeat
+    public Permissions GetPermissions()
     {
-        get
-        {
-            return Status != OrganizationUserStatusType.Revoked;
-        }
+        return string.IsNullOrWhiteSpace(Permissions) ? null
+            : CoreHelpers.LoadClassFromJsonData<Permissions>(Permissions);
     }
 }

src/Core/Models/Data/Organizations/SelfHostedOrganizationDetails.cs

@@ -0,0 +1,145 @@
+using Bit.Core.Entities;
+using Bit.Core.Enums;
+using Bit.Core.Models.Business;
+using Bit.Core.Models.OrganizationConnectionConfigs;
+
+namespace Bit.Core.Models.Data.Organizations;
+
+public class SelfHostedOrganizationDetails : Organization
+{
+    public int OccupiedSeatCount { get; set; }
+    public int CollectionCount { get; set; }
+    public int GroupCount { get; set; }
+    public IEnumerable<OrganizationUser> OrganizationUsers { get; set; }
+    public IEnumerable<Policy> Policies { get; set; }
+    public SsoConfig SsoConfig { get; set; }
+    public IEnumerable<OrganizationConnection> ScimConnections { get; set; }
+
+    public bool CanUseLicense(OrganizationLicense license, out string exception)
+    {
+        if (license.Seats.HasValue && OccupiedSeatCount > license.Seats.Value)
+        {
+            exception = $"Your organization currently has {OccupiedSeatCount} seats filled. " +
+                $"Your new license only has ({license.Seats.Value}) seats. Remove some users.";
+            return false;
+        }
+
+        if (license.MaxCollections.HasValue && CollectionCount > license.MaxCollections.Value)
+        {
+            exception = $"Your organization currently has {CollectionCount} collections. " +
+                $"Your new license allows for a maximum of ({license.MaxCollections.Value}) collections. " +
+                "Remove some collections.";
+            return false;
+        }
+
+        if (!license.UseGroups && UseGroups && GroupCount > 1)
+        {
+            exception = $"Your organization currently has {GroupCount} groups. " +
+                $"Your new license does not allow for the use of groups. Remove all groups.";
+            return false;
+        }
+
+        var enabledPolicyCount = Policies.Count(p => p.Enabled);
+        if (!license.UsePolicies && UsePolicies && enabledPolicyCount > 0)
+        {
+            exception = $"Your organization currently has {enabledPolicyCount} enabled " +
+                $"policies. Your new license does not allow for the use of policies. Disable all policies.";
+            return false;
+        }
+
+        if (!license.UseSso && UseSso && SsoConfig is { Enabled: true })
+        {
+            exception = $"Your organization currently has a SSO configuration. " +
+                $"Your new license does not allow for the use of SSO. Disable your SSO configuration.";
+            return false;
+        }
+
+        if (!license.UseKeyConnector && UseKeyConnector && SsoConfig?.Data != null &&
+            SsoConfig.GetData().KeyConnectorEnabled)
+        {
+            exception = $"Your organization currently has Key Connector enabled. " +
+                $"Your new license does not allow for the use of Key Connector. Disable your Key Connector.";
+            return false;
+        }
+
+        if (!license.UseScim && UseScim && ScimConnections != null &&
+            ScimConnections.Any(c => c.GetConfig<ScimConfig>() is { Enabled: true }))
+        {
+            exception = "Your new plan does not allow the SCIM feature. " +
+                "Disable your SCIM configuration.";
+            return false;
+        }
+
+        if (!license.UseCustomPermissions && UseCustomPermissions &&
+            OrganizationUsers.Any(ou => ou.Type == OrganizationUserType.Custom))
+        {
+            exception = "Your new plan does not allow the Custom Permissions feature. " +
+                "Disable your Custom Permissions configuration.";
+            return false;
+        }
+
+        if (!license.UseResetPassword && UseResetPassword &&
+            Policies.Any(p => p.Type == PolicyType.ResetPassword && p.Enabled))
+        {
+            exception = "Your new license does not allow the Password Reset feature. "
+                + "Disable your Password Reset policy.";
+            return false;
+        }
+
+        exception = "";
+        return true;
+    }
+
+    public Organization ToOrganization()
+    {
+        // Any new Organization properties must be added here for them to flow through to self-hosted organizations
+        return new Organization
+        {
+            Id = Id,
+            Identifier = Identifier,
+            Name = Name,
+            BusinessName = BusinessName,
+            BusinessAddress1 = BusinessAddress1,
+            BusinessAddress2 = BusinessAddress2,
+            BusinessAddress3 = BusinessAddress3,
+            BusinessCountry = BusinessCountry,
+            BusinessTaxNumber = BusinessTaxNumber,
+            BillingEmail = BillingEmail,
+            Plan = Plan,
+            PlanType = PlanType,
+            Seats = Seats,
+            MaxCollections = MaxCollections,
+            UsePolicies = UsePolicies,
+            UseSso = UseSso,
+            UseKeyConnector = UseKeyConnector,
+            UseScim = UseScim,
+            UseGroups = UseGroups,
+            UseDirectory = UseDirectory,
+            UseEvents = UseEvents,
+            UseTotp = UseTotp,
+            Use2fa = Use2fa,
+            UseApi = UseApi,
+            UseResetPassword = UseResetPassword,
+            UseSecretsManager = UseSecretsManager,
+            SelfHost = SelfHost,
+            UsersGetPremium = UsersGetPremium,
+            UseCustomPermissions = UseCustomPermissions,
+            Storage = Storage,
+            MaxStorageGb = MaxStorageGb,
+            Gateway = Gateway,
+            GatewayCustomerId = GatewayCustomerId,
+            GatewaySubscriptionId = GatewaySubscriptionId,
+            ReferenceData = ReferenceData,
+            Enabled = Enabled,
+            LicenseKey = LicenseKey,
+            PublicKey = PublicKey,
+            PrivateKey = PrivateKey,
+            TwoFactorProviders = TwoFactorProviders,
+            ExpirationDate = ExpirationDate,
+            CreationDate = CreationDate,
+            RevisionDate = RevisionDate,
+            MaxAutoscaleSeats = MaxAutoscaleSeats,
+            OwnersNotifiedOfAutoscaling = OwnersNotifiedOfAutoscaling,
+        };
+    }
+}