[EC-284] Prevent duplicate organization invites (#2113)

* prevent duplicate organization invites with test * formatting
2025-04-05 05:00:19 -05:00 · 2022-07-13 09:21:28 -04:00 · 2022-07-13 09:21:28 -04:00 · 54cf3de11b
commit 54cf3de11b
parent 62bf4c2385
3 changed files with 25 additions and 3 deletions
--- a/src/Api/Models/Request/Accounts/UpdateProfileRequestModel.cs
+++ b/src/Api/Models/Request/Accounts/UpdateProfileRequestModel.cs
@ -1,5 +1,4 @@
-using System;
-using System.ComponentModel.DataAnnotations;
+using System.ComponentModel.DataAnnotations;
 using Bit.Core.Entities;

 namespace Bit.Api.Models.Request.Accounts
--- a/src/Core/Services/Implementations/OrganizationService.cs
+++ b/src/Core/Services/Implementations/OrganizationService.cs
@ -1135,7 +1135,8 @@ namespace Bit.Core.Services
            var events = new List<(OrganizationUser, EventType, DateTime?)>();
            foreach (var (invite, externalId) in invites)
            {
-                foreach (var email in invite.Emails)
+                // Prevent duplicate invitations
+                foreach (var email in invite.Emails.Distinct())
                {
                    try
                    {
--- a/test/Core.Test/Services/OrganizationServiceTests.cs
+++ b/test/Core.Test/Services/OrganizationServiceTests.cs
@ -195,6 +195,28 @@ namespace Bit.Core.Test.Services
                () => sutProvider.Sut.InviteUsersAsync(organization.Id, invitor.UserId, new (OrganizationUserInvite, string)[] { (invite, null) }));
        }

+        [Theory]
+        [OrganizationInviteAutoData]
+        public async Task InviteUser_DuplicateEmails_PassesWithoutDuplicates(Organization organization, OrganizationUser invitor,
+                    [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.Owner)] OrganizationUser owner,
+            OrganizationUserInvite invite, SutProvider<OrganizationService> sutProvider)
+        {
+            invite.Emails = invite.Emails.Append(invite.Emails.First());
+
+            sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
+            sutProvider.GetDependency<ICurrentContext>().OrganizationOwner(organization.Id).Returns(true);
+            sutProvider.GetDependency<ICurrentContext>().ManageUsers(organization.Id).Returns(true);
+            var organizationUserRepository = sutProvider.GetDependency<IOrganizationUserRepository>();
+            organizationUserRepository.GetManyByOrganizationAsync(organization.Id, OrganizationUserType.Owner)
+                .Returns(new[] { owner });
+
+            await sutProvider.Sut.InviteUsersAsync(organization.Id, invitor.UserId, new (OrganizationUserInvite, string)[] { (invite, null) });
+
+            await sutProvider.GetDependency<IMailService>().Received(1)
+                .BulkSendOrganizationInviteEmailAsync(organization.Name,
+                    Arg.Is<IEnumerable<(OrganizationUser, ExpiringToken)>>(v => v.Count() == invite.Emails.Distinct().Count()));
+        }
+
        [Theory]
        [OrganizationInviteAutoData(
            inviteeUserType: (int)OrganizationUserType.Admin,