From 146d5b19848603489127526e8a4180e62cbbbbe1 Mon Sep 17 00:00:00 2001
From: Oscar Hinton <Hinton@users.noreply.github.com>
Date: Tue, 21 Feb 2023 18:24:49 +0100
Subject: [PATCH] [SM-396] Self-enroll Secrets Manager (#2671)

* Add endpoint for self enrolling in secrets manager

* Add SecretsManager attribute

* Mark endpoint as only cloud, enable secrets manager for the current user

* Remove response
---
 .../Controllers/OrganizationsController.cs    | 31 +++++++++++++++++++
 ...izationEnrollSecretsManagerRequestModel.cs |  6 ++++
 2 files changed, 37 insertions(+)
 create mode 100644 src/Api/Models/Request/Organizations/OrganizationEnrollSecretsManagerRequestModel.cs

diff --git a/src/Api/Controllers/OrganizationsController.cs b/src/Api/Controllers/OrganizationsController.cs
index f616d65292..57c39359ba 100644
--- a/src/Api/Controllers/OrganizationsController.cs
+++ b/src/Api/Controllers/OrganizationsController.cs
@@ -4,6 +4,7 @@ using Bit.Api.Models.Request.Accounts;
 using Bit.Api.Models.Request.Organizations;
 using Bit.Api.Models.Response;
 using Bit.Api.Models.Response.Organizations;
+using Bit.Api.SecretsManager;
 using Bit.Api.Utilities;
 using Bit.Core.Context;
 using Bit.Core.Enums;
@@ -716,4 +717,34 @@ public class OrganizationsController : Controller
 
         return new OrganizationSsoResponseModel(organization, _globalSettings, ssoConfig);
     }
+
+    // This is a temporary endpoint to self-enroll in secrets manager
+    [SecretsManager]
+    [SelfHosted(NotSelfHostedOnly = true)]
+    [HttpPost("{id}/enroll-secrets-manager")]
+    public async Task EnrollSecretsManager(Guid id, [FromBody] OrganizationEnrollSecretsManagerRequestModel model)
+    {
+        var userId = _userService.GetProperUserId(User).Value;
+        if (!await _currentContext.OrganizationAdmin(id))
+        {
+            throw new NotFoundException();
+        }
+
+        var organization = await _organizationRepository.GetByIdAsync(id);
+        if (organization == null)
+        {
+            throw new NotFoundException();
+        }
+
+        organization.UseSecretsManager = model.Enabled;
+        await _organizationService.UpdateAsync(organization);
+
+        // Turn on Secrets Manager for the user
+        if (model.Enabled)
+        {
+            var orgUser = await _organizationUserRepository.GetByOrganizationAsync(id, userId);
+            orgUser.AccessSecretsManager = true;
+            await _organizationUserRepository.ReplaceAsync(orgUser);
+        }
+    }
 }
diff --git a/src/Api/Models/Request/Organizations/OrganizationEnrollSecretsManagerRequestModel.cs b/src/Api/Models/Request/Organizations/OrganizationEnrollSecretsManagerRequestModel.cs
new file mode 100644
index 0000000000..7befaa25c6
--- /dev/null
+++ b/src/Api/Models/Request/Organizations/OrganizationEnrollSecretsManagerRequestModel.cs
@@ -0,0 +1,6 @@
+namespace Bit.Api.Models.Request.Organizations;
+
+public class OrganizationEnrollSecretsManagerRequestModel
+{
+    public bool Enabled { get; set; }
+}