feat(innovation-archive): [PM-19151] Controller Work (#5496)

* feat(innovation-archive): Controller Work - Added bulk endpoints for archive and feature flagged them. * feat(innovation-archive): Controller Work - Added in archive unarchive stored procedure. * test(innovation-archive): Controller Work - Got test logic working. --------- Co-authored-by: gbubemismith <gsmithwalter@gmail.com>
2025-04-04 20:50:21 -05:00 · 2025-03-24 10:14:05 -04:00 · 2025-03-24 10:14:05 -04:00 · 5cbf4c5974
commit 5cbf4c5974
parent e4dc950966
21 changed files with 698 additions and 19 deletions
--- a/src/Api/Vault/Controllers/CiphersController.cs
+++ b/src/Api/Vault/Controllers/CiphersController.cs
@ -16,6 +16,7 @@ using Bit.Core.Services;
 using Bit.Core.Settings;
 using Bit.Core.Tools.Services;
 using Bit.Core.Utilities;
+using Bit.Core.Vault.Commands.Interfaces;
 using Bit.Core.Vault.Entities;
 using Bit.Core.Vault.Models.Data;
 using Bit.Core.Vault.Queries;
@ -45,6 +46,8 @@ public class CiphersController : Controller
    private readonly IOrganizationCiphersQuery _organizationCiphersQuery;
    private readonly IApplicationCacheService _applicationCacheService;
    private readonly ICollectionRepository _collectionRepository;
+    private readonly IArchiveCiphersCommand _archiveCiphersCommand;
+    private readonly IUnarchiveCiphersCommand _unarchiveCiphersCommand;

    public CiphersController(
        ICipherRepository cipherRepository,
@ -59,7 +62,9 @@ public class CiphersController : Controller
        IFeatureService featureService,
        IOrganizationCiphersQuery organizationCiphersQuery,
        IApplicationCacheService applicationCacheService,
-        ICollectionRepository collectionRepository)
+        ICollectionRepository collectionRepository,
+        IArchiveCiphersCommand archiveCiphersCommand,
+        IUnarchiveCiphersCommand unarchiveCiphersCommand)
    {
        _cipherRepository = cipherRepository;
        _collectionCipherRepository = collectionCipherRepository;
@ -74,6 +79,8 @@ public class CiphersController : Controller
        _organizationCiphersQuery = organizationCiphersQuery;
        _applicationCacheService = applicationCacheService;
        _collectionRepository = collectionRepository;
+        _archiveCiphersCommand = archiveCiphersCommand;
+        _unarchiveCiphersCommand = unarchiveCiphersCommand;
    }

    [HttpGet("{id}")]
@ -747,6 +754,37 @@ public class CiphersController : Controller
        }
    }

+    [HttpPut("{id}/archive")]
+    [RequireFeature(FeatureFlagKeys.ArchiveVaultItems)]
+    public async Task<CipherMiniResponseModel> PutArchive(Guid id)
+    {
+        var userId = _userService.GetProperUserId(User).Value;
+
+        var archivedCipherOrganizationDetails = await _archiveCiphersCommand.ArchiveManyAsync([id], userId);
+
+        return new CipherMiniResponseModel(archivedCipherOrganizationDetails.First(), _globalSettings, archivedCipherOrganizationDetails.First().OrganizationUseTotp);
+    }
+
+    [HttpPut("archive")]
+    [RequireFeature(FeatureFlagKeys.ArchiveVaultItems)]
+    public async Task<ListResponseModel<CipherMiniResponseModel>> PutArchiveMany([FromBody] CipherBulkArchiveRequestModel model)
+    {
+        if (!_globalSettings.SelfHosted && model.Ids.Count() > 500)
+        {
+            throw new BadRequestException("You can only archive up to 500 items at a time.");
+        }
+
+        var userId = _userService.GetProperUserId(User).Value;
+
+        var cipherIdsToArchive = new HashSet<Guid>(model.Ids);
+
+        var archivedCiphers = await _archiveCiphersCommand.ArchiveManyAsync(cipherIdsToArchive, userId);
+
+        var responses = archivedCiphers.Select(c => new CipherMiniResponseModel(c, _globalSettings, c.OrganizationUseTotp));
+
+        return new ListResponseModel<CipherMiniResponseModel>(responses);
+    }
+
    [HttpDelete("{id}")]
    [HttpPost("{id}/delete")]
    public async Task Delete(Guid id)
@ -880,6 +918,37 @@ public class CiphersController : Controller
        await _cipherService.SoftDeleteManyAsync(cipherIds, userId, new Guid(model.OrganizationId), true);
    }

+    [HttpPut("{id}/unarchive")]
+    [RequireFeature(FeatureFlagKeys.ArchiveVaultItems)]
+    public async Task<CipherMiniResponseModel> PutUnarchive(Guid id)
+    {
+        var userId = _userService.GetProperUserId(User).Value;
+
+        var unarchivedCipherDetails = await _unarchiveCiphersCommand.UnarchiveManyAsync([id], userId);
+
+        return new CipherMiniResponseModel(unarchivedCipherDetails.First(), _globalSettings, unarchivedCipherDetails.First().OrganizationUseTotp);
+    }
+
+    [HttpPut("unarchive")]
+    [RequireFeature(FeatureFlagKeys.ArchiveVaultItems)]
+    public async Task<ListResponseModel<CipherMiniResponseModel>> PutUnarchiveMany([FromBody] CipherBulkUnarchiveRequestModel model)
+    {
+        if (!_globalSettings.SelfHosted && model.Ids.Count() > 500)
+        {
+            throw new BadRequestException("You can only archive up to 500 items at a time.");
+        }
+
+        var userId = _userService.GetProperUserId(User).Value;
+
+        var cipherIdsToUnarchive = new HashSet<Guid>(model.Ids);
+
+        var unarchivedCipherOrganizationDetails = await _unarchiveCiphersCommand.UnarchiveManyAsync(cipherIdsToUnarchive, userId);
+
+        var responses = unarchivedCipherOrganizationDetails.Select(c => new CipherMiniResponseModel(c, _globalSettings, c.OrganizationUseTotp));
+
+        return new ListResponseModel<CipherMiniResponseModel>(responses);
+    }
+
    [HttpPut("{id}/restore")]
    public async Task<CipherResponseModel> PutRestore(Guid id)
    {
--- a/src/Api/Vault/Models/Request/CipherRequestModel.cs
+++ b/src/Api/Vault/Models/Request/CipherRequestModel.cs
@ -39,6 +39,7 @@ public class CipherRequestModel
    public CipherSecureNoteModel SecureNote { get; set; }
    public CipherSSHKeyModel SSHKey { get; set; }
    public DateTime? LastKnownRevisionDate { get; set; } = null;
+    public DateTime? ArchivedDate { get; set; }

    public CipherDetails ToCipherDetails(Guid userId, bool allowOrgIdSet = true)
    {
@ -92,6 +93,7 @@ public class CipherRequestModel

        existingCipher.Reprompt = Reprompt;
        existingCipher.Key = Key;
+        existingCipher.ArchivedDate = ArchivedDate;

        var hasAttachments2 = (Attachments2?.Count ?? 0) > 0;
        var hasAttachments = (Attachments?.Count ?? 0) > 0;
@ -302,6 +304,12 @@ public class CipherCollectionsRequestModel
    public IEnumerable<string> CollectionIds { get; set; }
 }

+public class CipherBulkArchiveRequestModel
+{
+    [Required]
+    public IEnumerable<Guid> Ids { get; set; }
+}
+
 public class CipherBulkDeleteRequestModel
 {
    [Required]
@ -309,6 +317,12 @@ public class CipherBulkDeleteRequestModel
    public string OrganizationId { get; set; }
 }

+public class CipherBulkUnarchiveRequestModel
+{
+    [Required]
+    public IEnumerable<Guid> Ids { get; set; }
+}
+
 public class CipherBulkRestoreRequestModel
 {
    [Required]
--- a/src/Core/AdminConsole/Enums/EventType.cs
+++ b/src/Core/AdminConsole/Enums/EventType.cs
@ -34,6 +34,8 @@ public enum EventType : int
    Cipher_SoftDeleted = 1115,
    Cipher_Restored = 1116,
    Cipher_ClientToggledCardNumberVisible = 1117,
+    Cipher_Archived = 1118,
+    Cipher_Unarchived = 1119,

    Collection_Created = 1300,
    Collection_Updated = 1301,
--- a/src/Core/Vault/Commands/ArchiveCiphersCommand.cs
+++ b/src/Core/Vault/Commands/ArchiveCiphersCommand.cs
@ -0,0 +1,60 @@
+using Bit.Core.Enums;
+using Bit.Core.Exceptions;
+using Bit.Core.Platform.Push;
+using Bit.Core.Services;
+using Bit.Core.Vault.Entities;
+using Bit.Core.Vault.Models.Data;
+using Bit.Core.Vault.Repositories;
+
+namespace Bit.Core.Vault.Commands.Interfaces;
+
+public class ArchiveCiphersCommand : IArchiveCiphersCommand
+{
+    private readonly ICipherRepository _cipherRepository;
+    private readonly IEventService _eventService;
+    private readonly IPushNotificationService _pushService;
+
+    public ArchiveCiphersCommand(
+        ICipherRepository cipherRepository,
+        IEventService eventService,
+        IPushNotificationService pushService
+        )
+    {
+        _cipherRepository = cipherRepository;
+        _eventService = eventService;
+        _pushService = pushService;
+    }
+
+    public async Task<ICollection<CipherOrganizationDetails>> ArchiveManyAsync(IEnumerable<Guid> cipherIds, Guid archivingUserId)
+    {
+        var cipherIdEnumerable = cipherIds as Guid[] ?? cipherIds.ToArray();
+        if (cipherIds == null || cipherIdEnumerable.Length == 0)
+        {
+            throw new BadRequestException("No cipher ids provided.");
+        }
+
+        var cipherIdsSet = new HashSet<Guid>(cipherIdEnumerable);
+
+        var ciphers = await _cipherRepository.GetManyByUserIdAsync(archivingUserId);
+        var archivingCiphers = ciphers
+            .Where(c => cipherIdsSet.Contains(c.Id) && c.Edit && !c.OrganizationId.HasValue)
+            .Select(CipherOrganizationDetails (c) => c).ToList();
+
+        var revisionDate = await _cipherRepository.ArchiveAsync(archivingCiphers.Select(c => c.Id), archivingUserId);
+
+        var events = archivingCiphers.Select(c =>
+        {
+            c.RevisionDate = revisionDate;
+            c.ArchivedDate = revisionDate;
+            return new Tuple<Cipher, EventType, DateTime?>(c, EventType.Cipher_Unarchived, null);
+        });
+        foreach (var eventsBatch in events.Chunk(100))
+        {
+            await _eventService.LogCipherEventsAsync(eventsBatch);
+        }
+
+        await _pushService.PushSyncCiphersAsync(archivingUserId);
+
+        return archivingCiphers;
+    }
+}
--- a/src/Core/Vault/Commands/Interfaces/IArchiveCiphersCommand.cs
+++ b/src/Core/Vault/Commands/Interfaces/IArchiveCiphersCommand.cs
@ -0,0 +1,14 @@
+using Bit.Core.Vault.Models.Data;
+
+namespace Bit.Core.Vault.Commands.Interfaces;
+
+public interface IArchiveCiphersCommand
+{
+    /// <summary>
+    /// Archives a cipher. This fills in the ArchivedDate property on a Cipher.
+    /// </summary>
+    /// <param name="cipherIds">Cipher ID to archive.</param>
+    /// <param name="archivingUserId">User ID to check against the Ciphers that are trying to be archived.</param>
+    /// <returns></returns>
+    public Task<ICollection<CipherOrganizationDetails>> ArchiveManyAsync(IEnumerable<Guid> cipherIds, Guid archivingUserId);
+}
--- a/src/Core/Vault/Commands/Interfaces/IUnarchiveCiphersCommand.cs
+++ b/src/Core/Vault/Commands/Interfaces/IUnarchiveCiphersCommand.cs
@ -0,0 +1,14 @@
+using Bit.Core.Vault.Models.Data;
+
+namespace Bit.Core.Vault.Commands.Interfaces;
+
+public interface IUnarchiveCiphersCommand
+{
+    /// <summary>
+    /// Unarchives a cipher. This nulls the ArchivedDate property on a Cipher.
+    /// </summary>
+    /// <param name="cipherIds">Cipher ID to unarchive.</param>
+    /// <param name="unarchivingUserId">User ID to check against the Ciphers that are trying to be unarchived.</param>
+    /// <returns></returns>
+    public Task<ICollection<CipherOrganizationDetails>> UnarchiveManyAsync(IEnumerable<Guid> cipherIds, Guid unarchivingUserId);
+}
--- a/src/Core/Vault/Commands/UnarchiveCiphersCommand.cs
+++ b/src/Core/Vault/Commands/UnarchiveCiphersCommand.cs
@ -0,0 +1,60 @@
+using Bit.Core.Enums;
+using Bit.Core.Exceptions;
+using Bit.Core.Platform.Push;
+using Bit.Core.Services;
+using Bit.Core.Vault.Entities;
+using Bit.Core.Vault.Models.Data;
+using Bit.Core.Vault.Repositories;
+
+namespace Bit.Core.Vault.Commands.Interfaces;
+
+public class UnarchiveCiphersCommand : IUnarchiveCiphersCommand
+{
+    private readonly ICipherRepository _cipherRepository;
+    private readonly IEventService _eventService;
+    private readonly IPushNotificationService _pushService;
+
+    public UnarchiveCiphersCommand(
+        ICipherRepository cipherRepository,
+        IEventService eventService,
+        IPushNotificationService pushService
+        )
+    {
+        _cipherRepository = cipherRepository;
+        _eventService = eventService;
+        _pushService = pushService;
+    }
+
+    public async Task<ICollection<CipherOrganizationDetails>> UnarchiveManyAsync(IEnumerable<Guid> cipherIds, Guid unarchivingUserId)
+    {
+        var cipherIdEnumerable = cipherIds as Guid[] ?? cipherIds.ToArray();
+        if (cipherIds == null || cipherIdEnumerable.Length == 0)
+        {
+            throw new BadRequestException("No cipher ids provided.");
+        }
+
+        var cipherIdsSet = new HashSet<Guid>(cipherIdEnumerable);
+
+        var ciphers = await _cipherRepository.GetManyByUserIdAsync(unarchivingUserId);
+        var unarchivingCiphers = ciphers
+            .Where(c => cipherIdsSet.Contains(c.Id) && c.Edit)
+            .Select(CipherOrganizationDetails (c) => c).ToList();
+
+        var revisionDate = await _cipherRepository.UnarchiveAsync(unarchivingCiphers.Select(c => c.Id), unarchivingUserId);
+
+        var events = unarchivingCiphers.Select(c =>
+        {
+            c.RevisionDate = revisionDate;
+            c.ArchivedDate = null;
+            return new Tuple<Cipher, EventType, DateTime?>(c, EventType.Cipher_Unarchived, null);
+        });
+        foreach (var eventsBatch in events.Chunk(100))
+        {
+            await _eventService.LogCipherEventsAsync(eventsBatch);
+        }
+
+        await _pushService.PushSyncCiphersAsync(unarchivingUserId);
+
+        return unarchivingCiphers;
+    }
+}
--- a/src/Core/Vault/Enums/CipherStateAction.cs
+++ b/src/Core/Vault/Enums/CipherStateAction.cs
@ -3,6 +3,8 @@
 public enum CipherStateAction
 {
    Restore,
+    Unarchive,
+    Archive,
    SoftDelete,
    HardDelete,
 }
--- a/src/Core/Vault/Repositories/ICipherRepository.cs
+++ b/src/Core/Vault/Repositories/ICipherRepository.cs
@ -24,6 +24,7 @@ public interface ICipherRepository : IRepository<Cipher, Guid>
    Task<bool> ReplaceAsync(Cipher obj, IEnumerable<Guid> collectionIds);
    Task UpdatePartialAsync(Guid id, Guid userId, Guid? folderId, bool favorite);
    Task UpdateAttachmentAsync(CipherAttachment attachment);
+    Task<DateTime> ArchiveAsync(IEnumerable<Guid> ids, Guid userId);
    Task DeleteAttachmentAsync(Guid cipherId, string attachmentId);
    Task DeleteAsync(IEnumerable<Guid> ids, Guid userId);
    Task DeleteByIdsOrganizationIdAsync(IEnumerable<Guid> ids, Guid organizationId);
@ -36,6 +37,7 @@ public interface ICipherRepository : IRepository<Cipher, Guid>
        IEnumerable<CollectionCipher> collectionCiphers, IEnumerable<CollectionUser> collectionUsers);
    Task SoftDeleteAsync(IEnumerable<Guid> ids, Guid userId);
    Task SoftDeleteByIdsOrganizationIdAsync(IEnumerable<Guid> ids, Guid organizationId);
+    Task<DateTime> UnarchiveAsync(IEnumerable<Guid> ids, Guid userId);
    Task<DateTime> RestoreAsync(IEnumerable<Guid> ids, Guid userId);
    Task<DateTime> RestoreByIdsOrganizationIdAsync(IEnumerable<Guid> ids, Guid organizationId);
    Task DeleteDeletedAsync(DateTime deletedDateBefore);
--- a/src/Core/Vault/Services/Implementations/CipherService.cs
+++ b/src/Core/Vault/Services/Implementations/CipherService.cs
@ -480,7 +480,7 @@ public class CipherService : ICipherService
            throw new NotFoundException();
        }
        await _cipherRepository.DeleteByOrganizationIdAsync(organizationId);
-        await _eventService.LogOrganizationEventAsync(org, Bit.Core.Enums.EventType.Organization_PurgedVault);
+        await _eventService.LogOrganizationEventAsync(org, EventType.Organization_PurgedVault);
    }

    public async Task MoveManyAsync(IEnumerable<Guid> cipherIds, Guid? destinationFolderId, Guid movingUserId)
@ -687,7 +687,7 @@ public class CipherService : ICipherService
            await _collectionCipherRepository.UpdateCollectionsAsync(cipher.Id, savingUserId, collectionIds);
        }

-        await _eventService.LogCipherEventAsync(cipher, Bit.Core.Enums.EventType.Cipher_UpdatedCollections);
+        await _eventService.LogCipherEventAsync(cipher, EventType.Cipher_UpdatedCollections);

        // push
        await _pushService.PushSyncCipherUpdateAsync(cipher, collectionIds);
@ -790,8 +790,8 @@ public class CipherService : ICipherService
        }

        var cipherIdsSet = new HashSet<Guid>(cipherIds);
-        var restoringCiphers = new List<CipherOrganizationDetails>();
-        DateTime? revisionDate;
+        List<CipherOrganizationDetails> restoringCiphers;
+        DateTime? revisionDate; // TODO: Make this not nullable

        if (orgAdmin && organizationId.HasValue)
        {
@ -950,6 +950,11 @@ public class CipherService : ICipherService
            throw new BadRequestException("One or more ciphers do not belong to you.");
        }

+        if (cipher.ArchivedDate.HasValue)
+        {
+            throw new BadRequestException("Cipher cannot be shared with organization because it is archived.");
+        }
+
        var attachments = cipher.GetAttachments();
        var hasAttachments = attachments?.Any() ?? false;
        var org = await _organizationRepository.GetByIdAsync(organizationId);
--- a/src/Core/Vault/VaultServiceCollectionExtensions.cs
+++ b/src/Core/Vault/VaultServiceCollectionExtensions.cs
@ -24,5 +24,7 @@ public static class VaultServiceCollectionExtensions
        services.AddScoped<IGetSecurityTasksNotificationDetailsQuery, GetSecurityTasksNotificationDetailsQuery>();
        services.AddScoped<ICreateManyTaskNotificationsCommand, CreateManyTaskNotificationsCommand>();
        services.AddScoped<ICreateManyTasksCommand, CreateManyTasksCommand>();
+        services.AddScoped<IArchiveCiphersCommand, ArchiveCiphersCommand>();
+        services.AddScoped<IUnarchiveCiphersCommand, UnarchiveCiphersCommand>();
    }
 }
--- a/src/Infrastructure.Dapper/Vault/Repositories/CipherRepository.cs
+++ b/src/Infrastructure.Dapper/Vault/Repositories/CipherRepository.cs
@ -232,11 +232,24 @@ public class CipherRepository : Repository<Cipher, Guid>, ICipherRepository
        }
    }

+    public async Task<DateTime> ArchiveAsync(IEnumerable<Guid> ids, Guid userId)
+    {
+        using (var connection = new SqlConnection(ConnectionString))
+        {
+            var results = await connection.ExecuteScalarAsync<DateTime>(
+                $"[{Schema}].[Cipher_Archive]",
+                new { Ids = ids.ToGuidIdArrayTVP(), UserId = userId },
+                commandType: CommandType.StoredProcedure);
+
+            return results;
+        }
+    }
+
    public async Task DeleteAttachmentAsync(Guid cipherId, string attachmentId)
    {
        using (var connection = new SqlConnection(ConnectionString))
        {
-            var results = await connection.ExecuteAsync(
+            await connection.ExecuteAsync(
                $"[{Schema}].[Cipher_DeleteAttachment]",
                new { Id = cipherId, AttachmentId = attachmentId },
                commandType: CommandType.StoredProcedure);
@ -612,6 +625,19 @@ public class CipherRepository : Repository<Cipher, Guid>, ICipherRepository
        }
    }

+    public async Task<DateTime> UnarchiveAsync(IEnumerable<Guid> ids, Guid userId)
+    {
+        using (var connection = new SqlConnection(ConnectionString))
+        {
+            var results = await connection.ExecuteScalarAsync<DateTime>(
+                $"[{Schema}].[Cipher_Unarchive]",
+                new { Ids = ids.ToGuidIdArrayTVP(), UserId = userId },
+                commandType: CommandType.StoredProcedure);
+
+            return results;
+        }
+    }
+
    public async Task<DateTime> RestoreAsync(IEnumerable<Guid> ids, Guid userId)
    {
        using (var connection = new SqlConnection(ConnectionString))
--- a/src/Infrastructure.EntityFramework/Vault/Repositories/CipherRepository.cs
+++ b/src/Infrastructure.EntityFramework/Vault/Repositories/CipherRepository.cs
@ -201,7 +201,7 @@ public class CipherRepository : Repository<Core.Vault.Entities.Cipher, Cipher, G

    public async Task DeleteAsync(IEnumerable<Guid> ids, Guid userId)
    {
-        await ToggleCipherStates(ids, userId, CipherStateAction.HardDelete);
+        await ToggleDeleteCipherStatesAsync(ids, userId, CipherStateAction.HardDelete);
    }

    public async Task DeleteAttachmentAsync(Guid cipherId, string attachmentId)
@ -714,9 +714,14 @@ public class CipherRepository : Repository<Core.Vault.Entities.Cipher, Cipher, G
        }
    }

+    public async Task<DateTime> UnarchiveAsync(IEnumerable<Guid> ids, Guid userId)
+    {
+        return await ToggleArchiveCipherStatesAsync(ids, userId, CipherStateAction.Unarchive);
+    }
+
    public async Task<DateTime> RestoreAsync(IEnumerable<Guid> ids, Guid userId)
    {
-        return await ToggleCipherStates(ids, userId, CipherStateAction.Restore);
+        return await ToggleDeleteCipherStatesAsync(ids, userId, CipherStateAction.Restore);
    }

    public async Task<DateTime> RestoreByIdsOrganizationIdAsync(IEnumerable<Guid> ids, Guid organizationId)
@ -744,20 +749,25 @@ public class CipherRepository : Repository<Core.Vault.Entities.Cipher, Cipher, G
        }
    }

-    public async Task SoftDeleteAsync(IEnumerable<Guid> ids, Guid userId)
+    public async Task<DateTime> ArchiveAsync(IEnumerable<Guid> ids, Guid userId)
    {
-        await ToggleCipherStates(ids, userId, CipherStateAction.SoftDelete);
+        return await ToggleArchiveCipherStatesAsync(ids, userId, CipherStateAction.Archive);
    }

-    private async Task<DateTime> ToggleCipherStates(IEnumerable<Guid> ids, Guid userId, CipherStateAction action)
+    public async Task SoftDeleteAsync(IEnumerable<Guid> ids, Guid userId)
    {
-        static bool FilterDeletedDate(CipherStateAction action, CipherDetails ucd)
+        await ToggleDeleteCipherStatesAsync(ids, userId, CipherStateAction.SoftDelete);
+    }
+
+    private async Task<DateTime> ToggleArchiveCipherStatesAsync(IEnumerable<Guid> ids, Guid userId, CipherStateAction action)
+    {
+        static bool FilterArchivedDate(CipherStateAction action, CipherDetails ucd)
        {
            return action switch
            {
-                CipherStateAction.Restore => ucd.DeletedDate != null,
-                CipherStateAction.SoftDelete => ucd.DeletedDate == null,
-                _ => true,
+                CipherStateAction.Unarchive => ucd.ArchivedDate != null,
+                CipherStateAction.Archive => ucd.ArchivedDate == null,
+                _ => true
            };
        }

@ -765,8 +775,49 @@ public class CipherRepository : Repository<Core.Vault.Entities.Cipher, Cipher, G
        {
            var dbContext = GetDatabaseContext(scope);
            var userCipherDetailsQuery = new UserCipherDetailsQuery(userId);
-            var cipherEntitiesToCheck = await (dbContext.Ciphers.Where(c => ids.Contains(c.Id))).ToListAsync();
-            var query = from ucd in await (userCipherDetailsQuery.Run(dbContext)).ToListAsync()
+            var cipherEntitiesToCheck = await dbContext.Ciphers.Where(c => ids.Contains(c.Id)).ToListAsync();
+            var query = from ucd in await userCipherDetailsQuery.Run(dbContext).ToListAsync()
+                        join c in cipherEntitiesToCheck
+                            on ucd.Id equals c.Id
+                        where ucd.Edit && FilterArchivedDate(action, ucd)
+                        select c;
+
+            var utcNow = DateTime.UtcNow;
+            var cipherIdsToModify = query.Select(c => c.Id);
+            var cipherEntitiesToModify = dbContext.Ciphers.Where(x => cipherIdsToModify.Contains(x.Id));
+
+            await cipherEntitiesToModify.ForEachAsync(cipher =>
+            {
+                dbContext.Attach(cipher);
+                cipher.ArchivedDate = action == CipherStateAction.Unarchive ? null : utcNow;
+                cipher.RevisionDate = utcNow;
+            });
+
+            await dbContext.UserBumpAccountRevisionDateAsync(userId);
+            await dbContext.SaveChangesAsync();
+
+            return utcNow;
+        }
+    }
+
+    private async Task<DateTime> ToggleDeleteCipherStatesAsync(IEnumerable<Guid> ids, Guid userId, CipherStateAction action)
+    {
+        static bool FilterDeletedDate(CipherStateAction action, CipherDetails ucd)
+        {
+            return action switch
+            {
+                CipherStateAction.Restore => ucd.DeletedDate != null,
+                CipherStateAction.SoftDelete => ucd.DeletedDate == null,
+                _ => true
+            };
+        }
+
+        using (var scope = ServiceScopeFactory.CreateScope())
+        {
+            var dbContext = GetDatabaseContext(scope);
+            var userCipherDetailsQuery = new UserCipherDetailsQuery(userId);
+            var cipherEntitiesToCheck = await dbContext.Ciphers.Where(c => ids.Contains(c.Id)).ToListAsync();
+            var query = from ucd in await userCipherDetailsQuery.Run(dbContext).ToListAsync()
                        join c in cipherEntitiesToCheck
                            on ucd.Id equals c.Id
                        where ucd.Edit && FilterDeletedDate(action, ucd)
@ -804,6 +855,7 @@ public class CipherRepository : Repository<Core.Vault.Entities.Cipher, Cipher, G
            }
            await dbContext.UserBumpAccountRevisionDateAsync(userId);
            await dbContext.SaveChangesAsync();
+
            return utcNow;
        }
    }
--- a/Procedures/Cipher/CipherDetails_ReadByIdUserId.sql
+++ b/Procedures/Cipher/CipherDetails_ReadByIdUserId.sql
@ -5,7 +5,7 @@ AS
 BEGIN
    SET NOCOUNT ON

-SELECT
+    SELECT
        [Id],
        [UserId],
        [OrganizationId],
@ -20,6 +20,7 @@ SELECT
        [Reprompt],
        [Key],
        [OrganizationUseTotp],
+        [ArchivedDate],
        MAX ([Edit]) AS [Edit],
        MAX ([ViewPassword]) AS [ViewPassword],
        MAX ([Manage]) AS [Manage]
@ -41,5 +42,6 @@ SELECT
        [DeletedDate],
        [Reprompt],
        [Key],
-        [OrganizationUseTotp]
+        [OrganizationUseTotp],
+        [ArchivedDate]
 END
--- a/Procedures/Cipher/Cipher_Archive.sql
+++ b/Procedures/Cipher/Cipher_Archive.sql
@ -0,0 +1,39 @@
+CREATE PROCEDURE [dbo].[Cipher_Archive]
+    @Ids AS [dbo].[GuidIdArray] READONLY,
+    @UserId AS UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    CREATE TABLE #Temp
+    (
+        [Id] UNIQUEIDENTIFIER NOT NULL,
+        [UserId] UNIQUEIDENTIFIER NULL
+    )
+
+    INSERT INTO #Temp
+    SELECT
+        [Id],
+        [UserId]
+    FROM
+        [dbo].[UserCipherDetails](@UserId)
+    WHERE
+        [Edit] = 1
+      AND [ArchivedDate] IS NULL
+      AND [Id] IN (SELECT * FROM @Ids)
+
+    DECLARE @UtcNow DATETIME2(7) = GETUTCDATE();
+    UPDATE
+        [dbo].[Cipher]
+    SET
+        [ArchivedDate] = @UtcNow,
+        [RevisionDate] = @UtcNow
+    WHERE
+        [Id] IN (SELECT [Id] FROM #Temp)
+
+    EXEC [dbo].[User_BumpAccountRevisionDate] @UserId
+
+    DROP TABLE #Temp
+
+    SELECT @UtcNow
+END
--- a/Procedures/Cipher/Cipher_Unarchive.sql
+++ b/Procedures/Cipher/Cipher_Unarchive.sql
@ -0,0 +1,39 @@
+CREATE PROCEDURE [dbo].[Cipher_Unarchive]
+    @Ids AS [dbo].[GuidIdArray] READONLY,
+    @UserId AS UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    CREATE TABLE #Temp
+    (
+        [Id] UNIQUEIDENTIFIER NOT NULL,
+        [UserId] UNIQUEIDENTIFIER NULL
+    )
+
+    INSERT INTO #Temp
+    SELECT
+        [Id],
+        [UserId]
+    FROM
+        [dbo].[UserCipherDetails](@UserId)
+    WHERE
+        [Edit] = 1
+      AND [ArchivedDate] IS NOT NULL
+      AND [Id] IN (SELECT * FROM @Ids)
+
+    DECLARE @UtcNow DATETIME2(7) = GETUTCDATE();
+    UPDATE
+        [dbo].[Cipher]
+    SET
+        [ArchivedDate] = NULL,
+        [RevisionDate] = @UtcNow
+    WHERE
+        [Id] IN (SELECT [Id] FROM #Temp)
+
+    EXEC [dbo].[User_BumpAccountRevisionDate] @UserId
+
+    DROP TABLE #Temp
+
+    SELECT @UtcNow
+END
--- a/test/Core.Test/Vault/AutoFixture/CipherFixtures.cs
+++ b/test/Core.Test/Vault/AutoFixture/CipherFixtures.cs
@ -12,9 +12,11 @@ internal class OrganizationCipher : ICustomization
    {
        fixture.Customize<Cipher>(composer => composer
            .With(c => c.OrganizationId, OrganizationId ?? Guid.NewGuid())
+            .Without(c => c.ArchivedDate)
            .Without(c => c.UserId));
        fixture.Customize<CipherDetails>(composer => composer
            .With(c => c.OrganizationId, Guid.NewGuid())
+            .Without(c => c.ArchivedDate)
            .Without(c => c.UserId));
    }
 }
@ -26,9 +28,11 @@ internal class UserCipher : ICustomization
    {
        fixture.Customize<Cipher>(composer => composer
            .With(c => c.UserId, UserId ?? Guid.NewGuid())
+            .Without(c => c.ArchivedDate)
            .Without(c => c.OrganizationId));
        fixture.Customize<CipherDetails>(composer => composer
            .With(c => c.UserId, Guid.NewGuid())
+            .Without(c => c.ArchivedDate)
            .Without(c => c.OrganizationId));
    }
 }
--- a/test/Core.Test/Vault/Commands/ArchiveCiphersCommandTest.cs
+++ b/test/Core.Test/Vault/Commands/ArchiveCiphersCommandTest.cs
@ -0,0 +1,53 @@
+using Bit.Core.Entities;
+using Bit.Core.Enums;
+using Bit.Core.Platform.Push;
+using Bit.Core.Services;
+using Bit.Core.Test.AutoFixture.CipherFixtures;
+using Bit.Core.Vault.Commands.Interfaces;
+using Bit.Core.Vault.Entities;
+using Bit.Core.Vault.Models.Data;
+using Bit.Core.Vault.Repositories;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Core.Test.Vault.Commands;
+
+[UserCipherCustomize]
+[SutProviderCustomize]
+public class ArchiveCiphersCommandTest
+{
+    [Theory]
+    [BitAutoData(true, false, 1, 1, 1, 1)]
+    [BitAutoData(false, false, 1, 0, 0, 1)]
+    [BitAutoData(false, true, 1, 0, 0, 1)]
+    [BitAutoData(true, true, 1, 0, 0, 1)]
+    public async Task ArchiveAsync_Works(
+        bool isEditable, bool hasOrganizationId,
+        int cipherRepoCalls, int resultCountFromQuery, int eventServiceCalls, int pushNotificationsCalls,
+        SutProvider<ArchiveCiphersCommand> sutProvider, CipherDetails cipher, User user)
+    {
+        // Arrange
+        cipher.Edit = isEditable;
+        cipher.OrganizationId = hasOrganizationId ? Guid.NewGuid() : null;
+
+        var cipherList = new List<CipherDetails> { cipher };
+
+        sutProvider.GetDependency<ICipherRepository>()
+            .GetManyByUserIdAsync(user.Id).Returns(cipherList);
+
+        // Act
+        await sutProvider.Sut.ArchiveManyAsync([cipher.Id], user.Id);
+
+        // Assert
+        await sutProvider.GetDependency<ICipherRepository>().Received(cipherRepoCalls).ArchiveAsync(
+            Arg.Is<IEnumerable<Guid>>(ids => ids.Count() == resultCountFromQuery
+                                             && ids.Count() >= 1 ? true : ids.All(id => cipherList.Contains(cipher))),
+            user.Id);
+        await sutProvider.GetDependency<IEventService>().Received(eventServiceCalls)
+            .LogCipherEventsAsync(Arg.Any<IEnumerable<Tuple<Cipher, EventType, DateTime?>>>());
+        await sutProvider.GetDependency<IPushNotificationService>().Received(pushNotificationsCalls)
+            .PushSyncCiphersAsync(user.Id);
+    }
+}
--- a/test/Core.Test/Vault/Commands/UnarchiveCiphersCommandTest.cs
+++ b/test/Core.Test/Vault/Commands/UnarchiveCiphersCommandTest.cs
@ -0,0 +1,53 @@
+using Bit.Core.Entities;
+using Bit.Core.Enums;
+using Bit.Core.Platform.Push;
+using Bit.Core.Services;
+using Bit.Core.Test.AutoFixture.CipherFixtures;
+using Bit.Core.Vault.Commands.Interfaces;
+using Bit.Core.Vault.Entities;
+using Bit.Core.Vault.Models.Data;
+using Bit.Core.Vault.Repositories;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Core.Test.Vault.Commands;
+
+[UserCipherCustomize]
+[SutProviderCustomize]
+public class UnarchiveCiphersCommandTest
+{
+    [Theory]
+    [BitAutoData(true, false, 1, 1, 1, 1)]
+    [BitAutoData(false, false, 1, 0, 0, 1)]
+    [BitAutoData(false, true, 1, 0, 0, 1)]
+    [BitAutoData(true, true, 1, 1, 1, 1)]
+    public async Task UnarchiveAsync_Works(
+        bool isEditable, bool hasOrganizationId,
+        int cipherRepoCalls, int resultCountFromQuery, int eventServiceCalls, int pushNotificationsCalls,
+        SutProvider<UnarchiveCiphersCommand> sutProvider, CipherDetails cipher, User user)
+    {
+        // Arrange
+        cipher.Edit = isEditable;
+        cipher.OrganizationId = hasOrganizationId ? Guid.NewGuid() : null;
+
+        var cipherList = new List<CipherDetails> { cipher };
+
+        sutProvider.GetDependency<ICipherRepository>()
+            .GetManyByUserIdAsync(user.Id).Returns(cipherList);
+
+        // Act
+        await sutProvider.Sut.UnarchiveManyAsync([cipher.Id], user.Id);
+
+        // Assert
+        await sutProvider.GetDependency<ICipherRepository>().Received(cipherRepoCalls).UnarchiveAsync(
+            Arg.Is<IEnumerable<Guid>>(ids => ids.Count() == resultCountFromQuery
+                                             && ids.Count() >= 1 ? true : ids.All(id => cipherList.Contains(cipher))),
+            user.Id);
+        await sutProvider.GetDependency<IEventService>().Received(eventServiceCalls)
+            .LogCipherEventsAsync(Arg.Any<IEnumerable<Tuple<Cipher, EventType, DateTime?>>>());
+        await sutProvider.GetDependency<IPushNotificationService>().Received(pushNotificationsCalls)
+            .PushSyncCiphersAsync(user.Id);
+    }
+}
--- a/test/Infrastructure.IntegrationTest/Vault/Repositories/CipherRepositoryTests.cs
+++ b/test/Infrastructure.IntegrationTest/Vault/Repositories/CipherRepositoryTests.cs
@ -883,4 +883,35 @@ public class CipherRepositoryTests
        Assert.Contains(user2TaskCiphers, t => t.CipherId == manageCipher1.Id && t.TaskId == securityTasks[0].Id);
        Assert.Contains(user2TaskCiphers, t => t.CipherId == manageCipher2.Id && t.TaskId == securityTasks[1].Id);
    }
+
+    [DatabaseTheory, DatabaseData]
+    public async Task ArchiveAsync_Works(
+        ICipherRepository sutRepository,
+        IUserRepository userRepository)
+    {
+        // Arrange
+        var user = await userRepository.CreateAsync(new User
+        {
+            Name = "Test User",
+            Email = $"test+{Guid.NewGuid()}@email.com",
+            ApiKey = "TEST",
+            SecurityStamp = "stamp",
+        });
+
+        // Ciphers
+        var cipher = await sutRepository.CreateAsync(new Cipher
+        {
+            Type = CipherType.Login,
+            Data = "",
+            UserId = user.Id
+        });
+
+        // Act
+        await sutRepository.ArchiveAsync(new List<Guid> { cipher.Id }, user.Id);
+
+        // Assert
+        var archivedCipher = await sutRepository.GetByIdAsync(cipher.Id, user.Id);
+        Assert.NotNull(archivedCipher);
+        Assert.NotNull(archivedCipher.ArchivedDate);
+    }
 }
--- a/util/Migrator/DbScripts/2025-03-20_00_Archive_Unarchive_Procedures.sql
+++ b/util/Migrator/DbScripts/2025-03-20_00_Archive_Unarchive_Procedures.sql
@ -0,0 +1,136 @@
+-- Cipher Archive
+
+CREATE OR ALTER PROCEDURE [dbo].[Cipher_Archive]
+    @Ids AS [dbo].[GuidIdArray] READONLY,
+    @UserId AS UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    CREATE TABLE #Temp
+    (
+        [Id] UNIQUEIDENTIFIER NOT NULL,
+        [UserId] UNIQUEIDENTIFIER NULL
+    )
+
+    INSERT INTO #Temp
+    SELECT
+        [Id],
+        [UserId]
+    FROM
+        [dbo].[UserCipherDetails](@UserId)
+    WHERE
+        [Edit] = 1
+      AND [ArchivedDate] IS NULL
+      AND [Id] IN (SELECT * FROM @Ids)
+
+    DECLARE @UtcNow DATETIME2(7) = GETUTCDATE();
+    UPDATE
+        [dbo].[Cipher]
+    SET
+        [ArchivedDate] = @UtcNow,
+        [RevisionDate] = @UtcNow
+    WHERE
+        [Id] IN (SELECT [Id] FROM #Temp)
+
+    EXEC [dbo].[User_BumpAccountRevisionDate] @UserId
+
+    DROP TABLE #Temp
+
+    SELECT @UtcNow
+END
+GO
+
+-- Unarchive Cipher
+
+
+CREATE OR ALTER PROCEDURE [dbo].[Cipher_Unarchive]
+    @Ids AS [dbo].[GuidIdArray] READONLY,
+    @UserId AS UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    CREATE TABLE #Temp
+    (
+        [Id] UNIQUEIDENTIFIER NOT NULL,
+        [UserId] UNIQUEIDENTIFIER NULL
+    )
+
+    INSERT INTO #Temp
+    SELECT
+        [Id],
+        [UserId]
+    FROM
+        [dbo].[UserCipherDetails](@UserId)
+    WHERE
+        [Edit] = 1
+      AND [ArchivedDate] IS NOT NULL
+      AND [Id] IN (SELECT * FROM @Ids)
+
+    DECLARE @UtcNow DATETIME2(7) = GETUTCDATE();
+    UPDATE
+        [dbo].[Cipher]
+    SET
+        [ArchivedDate] = NULL,
+        [RevisionDate] = @UtcNow
+    WHERE
+        [Id] IN (SELECT [Id] FROM #Temp)
+
+    EXEC [dbo].[User_BumpAccountRevisionDate] @UserId
+
+    DROP TABLE #Temp
+
+    SELECT @UtcNow
+END
+GO
+
+-- Update User Cipher Details With Archive
+
+CREATE OR ALTER PROCEDURE [dbo].[CipherDetails_ReadByIdUserId]
+    @Id UNIQUEIDENTIFIER,
+    @UserId UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    SELECT
+        [Id],
+        [UserId],
+        [OrganizationId],
+        [Type],
+        [Data],
+        [Attachments],
+        [CreationDate],
+        [RevisionDate],
+        [Favorite],
+        [FolderId],
+        [DeletedDate],
+        [Reprompt],
+        [Key],
+        [OrganizationUseTotp],
+        [ArchivedDate],
+        MAX ([Edit]) AS [Edit],
+        MAX ([ViewPassword]) AS [ViewPassword],
+        MAX ([Manage]) AS [Manage]
+    FROM
+        [dbo].[UserCipherDetails](@UserId)
+    WHERE
+        [Id] = @Id
+    GROUP BY
+        [Id],
+        [UserId],
+        [OrganizationId],
+        [Type],
+        [Data],
+        [Attachments],
+        [CreationDate],
+        [RevisionDate],
+        [Favorite],
+        [FolderId],
+        [DeletedDate],
+        [Reprompt],
+        [Key],
+        [OrganizationUseTotp],
+        [ArchivedDate]
+END