feat(innovation-archive): [PM-19151] Controller Work (#5496)

* feat(innovation-archive): Controller Work - Added bulk endpoints for archive and feature flagged them.

* feat(innovation-archive): Controller Work - Added in archive unarchive stored procedure.

* test(innovation-archive): Controller Work - Got test logic working.

---------

Co-authored-by: gbubemismith <gsmithwalter@gmail.com>

src/Api/Vault/Controllers/CiphersController.cs

@@ -16,6 +16,7 @@ using Bit.Core.Services;
 using Bit.Core.Settings;
 using Bit.Core.Tools.Services;
 using Bit.Core.Utilities;
+using Bit.Core.Vault.Commands.Interfaces;
 using Bit.Core.Vault.Entities;
 using Bit.Core.Vault.Models.Data;
 using Bit.Core.Vault.Queries;
@@ -45,6 +46,8 @@ public class CiphersController : Controller
     private readonly IOrganizationCiphersQuery _organizationCiphersQuery;
     private readonly IApplicationCacheService _applicationCacheService;
     private readonly ICollectionRepository _collectionRepository;
+    private readonly IArchiveCiphersCommand _archiveCiphersCommand;
+    private readonly IUnarchiveCiphersCommand _unarchiveCiphersCommand;
 
     public CiphersController(
         ICipherRepository cipherRepository,
@@ -59,7 +62,9 @@ public class CiphersController : Controller
         IFeatureService featureService,
         IOrganizationCiphersQuery organizationCiphersQuery,
         IApplicationCacheService applicationCacheService,
-        ICollectionRepository collectionRepository)
+        ICollectionRepository collectionRepository,
+        IArchiveCiphersCommand archiveCiphersCommand,
+        IUnarchiveCiphersCommand unarchiveCiphersCommand)
     {
         _cipherRepository = cipherRepository;
         _collectionCipherRepository = collectionCipherRepository;
@@ -74,6 +79,8 @@ public class CiphersController : Controller
         _organizationCiphersQuery = organizationCiphersQuery;
         _applicationCacheService = applicationCacheService;
         _collectionRepository = collectionRepository;
+        _archiveCiphersCommand = archiveCiphersCommand;
+        _unarchiveCiphersCommand = unarchiveCiphersCommand;
     }
 
     [HttpGet("{id}")]
@@ -747,6 +754,37 @@ public class CiphersController : Controller
         }
     }
 
+    [HttpPut("{id}/archive")]
+    [RequireFeature(FeatureFlagKeys.ArchiveVaultItems)]
+    public async Task<CipherMiniResponseModel> PutArchive(Guid id)
+    {
+        var userId = _userService.GetProperUserId(User).Value;
+
+        var archivedCipherOrganizationDetails = await _archiveCiphersCommand.ArchiveManyAsync([id], userId);
+
+        return new CipherMiniResponseModel(archivedCipherOrganizationDetails.First(), _globalSettings, archivedCipherOrganizationDetails.First().OrganizationUseTotp);
+    }
+
+    [HttpPut("archive")]
+    [RequireFeature(FeatureFlagKeys.ArchiveVaultItems)]
+    public async Task<ListResponseModel<CipherMiniResponseModel>> PutArchiveMany([FromBody] CipherBulkArchiveRequestModel model)
+    {
+        if (!_globalSettings.SelfHosted && model.Ids.Count() > 500)
+        {
+            throw new BadRequestException("You can only archive up to 500 items at a time.");
+        }
+
+        var userId = _userService.GetProperUserId(User).Value;
+
+        var cipherIdsToArchive = new HashSet<Guid>(model.Ids);
+
+        var archivedCiphers = await _archiveCiphersCommand.ArchiveManyAsync(cipherIdsToArchive, userId);
+
+        var responses = archivedCiphers.Select(c => new CipherMiniResponseModel(c, _globalSettings, c.OrganizationUseTotp));
+
+        return new ListResponseModel<CipherMiniResponseModel>(responses);
+    }
+
     [HttpDelete("{id}")]
     [HttpPost("{id}/delete")]
     public async Task Delete(Guid id)
@@ -880,6 +918,37 @@ public class CiphersController : Controller
         await _cipherService.SoftDeleteManyAsync(cipherIds, userId, new Guid(model.OrganizationId), true);
     }
 
+    [HttpPut("{id}/unarchive")]
+    [RequireFeature(FeatureFlagKeys.ArchiveVaultItems)]
+    public async Task<CipherMiniResponseModel> PutUnarchive(Guid id)
+    {
+        var userId = _userService.GetProperUserId(User).Value;
+
+        var unarchivedCipherDetails = await _unarchiveCiphersCommand.UnarchiveManyAsync([id], userId);
+
+        return new CipherMiniResponseModel(unarchivedCipherDetails.First(), _globalSettings, unarchivedCipherDetails.First().OrganizationUseTotp);
+    }
+
+    [HttpPut("unarchive")]
+    [RequireFeature(FeatureFlagKeys.ArchiveVaultItems)]
+    public async Task<ListResponseModel<CipherMiniResponseModel>> PutUnarchiveMany([FromBody] CipherBulkUnarchiveRequestModel model)
+    {
+        if (!_globalSettings.SelfHosted && model.Ids.Count() > 500)
+        {
+            throw new BadRequestException("You can only archive up to 500 items at a time.");
+        }
+
+        var userId = _userService.GetProperUserId(User).Value;
+
+        var cipherIdsToUnarchive = new HashSet<Guid>(model.Ids);
+
+        var unarchivedCipherOrganizationDetails = await _unarchiveCiphersCommand.UnarchiveManyAsync(cipherIdsToUnarchive, userId);
+
+        var responses = unarchivedCipherOrganizationDetails.Select(c => new CipherMiniResponseModel(c, _globalSettings, c.OrganizationUseTotp));
+
+        return new ListResponseModel<CipherMiniResponseModel>(responses);
+    }
+
     [HttpPut("{id}/restore")]
     public async Task<CipherResponseModel> PutRestore(Guid id)
     {

src/Api/Vault/Models/Request/CipherRequestModel.cs

@@ -39,6 +39,7 @@ public class CipherRequestModel
     public CipherSecureNoteModel SecureNote { get; set; }
     public CipherSSHKeyModel SSHKey { get; set; }
     public DateTime? LastKnownRevisionDate { get; set; } = null;
+    public DateTime? ArchivedDate { get; set; }
 
     public CipherDetails ToCipherDetails(Guid userId, bool allowOrgIdSet = true)
     {
@@ -92,6 +93,7 @@ public class CipherRequestModel
 
         existingCipher.Reprompt = Reprompt;
         existingCipher.Key = Key;
+        existingCipher.ArchivedDate = ArchivedDate;
 
         var hasAttachments2 = (Attachments2?.Count ?? 0) > 0;
         var hasAttachments = (Attachments?.Count ?? 0) > 0;
@@ -302,6 +304,12 @@ public class CipherCollectionsRequestModel
     public IEnumerable<string> CollectionIds { get; set; }
 }
 
+public class CipherBulkArchiveRequestModel
+{
+    [Required]
+    public IEnumerable<Guid> Ids { get; set; }
+}
+
 public class CipherBulkDeleteRequestModel
 {
     [Required]
@@ -309,6 +317,12 @@ public class CipherBulkDeleteRequestModel
     public string OrganizationId { get; set; }
 }
 
+public class CipherBulkUnarchiveRequestModel
+{
+    [Required]
+    public IEnumerable<Guid> Ids { get; set; }
+}
+
 public class CipherBulkRestoreRequestModel
 {
     [Required]

src/Core/AdminConsole/Enums/EventType.cs

@@ -34,6 +34,8 @@ public enum EventType : int
     Cipher_SoftDeleted = 1115,
     Cipher_Restored = 1116,
     Cipher_ClientToggledCardNumberVisible = 1117,
+    Cipher_Archived = 1118,
+    Cipher_Unarchived = 1119,
 
     Collection_Created = 1300,
     Collection_Updated = 1301,

src/Core/Vault/Commands/ArchiveCiphersCommand.cs

@@ -0,0 +1,60 @@
+using Bit.Core.Enums;
+using Bit.Core.Exceptions;
+using Bit.Core.Platform.Push;
+using Bit.Core.Services;
+using Bit.Core.Vault.Entities;
+using Bit.Core.Vault.Models.Data;
+using Bit.Core.Vault.Repositories;
+
+namespace Bit.Core.Vault.Commands.Interfaces;
+
+public class ArchiveCiphersCommand : IArchiveCiphersCommand
+{
+    private readonly ICipherRepository _cipherRepository;
+    private readonly IEventService _eventService;
+    private readonly IPushNotificationService _pushService;
+
+    public ArchiveCiphersCommand(
+        ICipherRepository cipherRepository,
+        IEventService eventService,
+        IPushNotificationService pushService
+        )
+    {
+        _cipherRepository = cipherRepository;
+        _eventService = eventService;
+        _pushService = pushService;
+    }
+
+    public async Task<ICollection<CipherOrganizationDetails>> ArchiveManyAsync(IEnumerable<Guid> cipherIds, Guid archivingUserId)
+    {
+        var cipherIdEnumerable = cipherIds as Guid[] ?? cipherIds.ToArray();
+        if (cipherIds == null || cipherIdEnumerable.Length == 0)
+        {
+            throw new BadRequestException("No cipher ids provided.");
+        }
+
+        var cipherIdsSet = new HashSet<Guid>(cipherIdEnumerable);
+
+        var ciphers = await _cipherRepository.GetManyByUserIdAsync(archivingUserId);
+        var archivingCiphers = ciphers
+            .Where(c => cipherIdsSet.Contains(c.Id) && c.Edit && !c.OrganizationId.HasValue)
+            .Select(CipherOrganizationDetails (c) => c).ToList();
+
+        var revisionDate = await _cipherRepository.ArchiveAsync(archivingCiphers.Select(c => c.Id), archivingUserId);
+
+        var events = archivingCiphers.Select(c =>
+        {
+            c.RevisionDate = revisionDate;
+            c.ArchivedDate = revisionDate;
+            return new Tuple<Cipher, EventType, DateTime?>(c, EventType.Cipher_Unarchived, null);
+        });
+        foreach (var eventsBatch in events.Chunk(100))
+        {
+            await _eventService.LogCipherEventsAsync(eventsBatch);
+        }
+
+        await _pushService.PushSyncCiphersAsync(archivingUserId);
+
+        return archivingCiphers;
+    }
+}

src/Core/Vault/Commands/Interfaces/IArchiveCiphersCommand.cs

@@ -0,0 +1,14 @@
+using Bit.Core.Vault.Models.Data;
+
+namespace Bit.Core.Vault.Commands.Interfaces;
+
+public interface IArchiveCiphersCommand
+{
+    /// <summary>
+    /// Archives a cipher. This fills in the ArchivedDate property on a Cipher.
+    /// </summary>
+    /// <param name="cipherIds">Cipher ID to archive.</param>
+    /// <param name="archivingUserId">User ID to check against the Ciphers that are trying to be archived.</param>
+    /// <returns></returns>
+    public Task<ICollection<CipherOrganizationDetails>> ArchiveManyAsync(IEnumerable<Guid> cipherIds, Guid archivingUserId);
+}

src/Core/Vault/Commands/Interfaces/IUnarchiveCiphersCommand.cs

@@ -0,0 +1,14 @@
+using Bit.Core.Vault.Models.Data;
+
+namespace Bit.Core.Vault.Commands.Interfaces;
+
+public interface IUnarchiveCiphersCommand
+{
+    /// <summary>
+    /// Unarchives a cipher. This nulls the ArchivedDate property on a Cipher.
+    /// </summary>
+    /// <param name="cipherIds">Cipher ID to unarchive.</param>
+    /// <param name="unarchivingUserId">User ID to check against the Ciphers that are trying to be unarchived.</param>
+    /// <returns></returns>
+    public Task<ICollection<CipherOrganizationDetails>> UnarchiveManyAsync(IEnumerable<Guid> cipherIds, Guid unarchivingUserId);
+}

src/Core/Vault/Commands/UnarchiveCiphersCommand.cs

@@ -0,0 +1,60 @@
+using Bit.Core.Enums;
+using Bit.Core.Exceptions;
+using Bit.Core.Platform.Push;
+using Bit.Core.Services;
+using Bit.Core.Vault.Entities;
+using Bit.Core.Vault.Models.Data;
+using Bit.Core.Vault.Repositories;
+
+namespace Bit.Core.Vault.Commands.Interfaces;
+
+public class UnarchiveCiphersCommand : IUnarchiveCiphersCommand
+{
+    private readonly ICipherRepository _cipherRepository;
+    private readonly IEventService _eventService;
+    private readonly IPushNotificationService _pushService;
+
+    public UnarchiveCiphersCommand(
+        ICipherRepository cipherRepository,
+        IEventService eventService,
+        IPushNotificationService pushService
+        )
+    {
+        _cipherRepository = cipherRepository;
+        _eventService = eventService;
+        _pushService = pushService;
+    }
+
+    public async Task<ICollection<CipherOrganizationDetails>> UnarchiveManyAsync(IEnumerable<Guid> cipherIds, Guid unarchivingUserId)
+    {
+        var cipherIdEnumerable = cipherIds as Guid[] ?? cipherIds.ToArray();
+        if (cipherIds == null || cipherIdEnumerable.Length == 0)
+        {
+            throw new BadRequestException("No cipher ids provided.");
+        }
+
+        var cipherIdsSet = new HashSet<Guid>(cipherIdEnumerable);
+
+        var ciphers = await _cipherRepository.GetManyByUserIdAsync(unarchivingUserId);
+        var unarchivingCiphers = ciphers
+            .Where(c => cipherIdsSet.Contains(c.Id) && c.Edit)
+            .Select(CipherOrganizationDetails (c) => c).ToList();
+
+        var revisionDate = await _cipherRepository.UnarchiveAsync(unarchivingCiphers.Select(c => c.Id), unarchivingUserId);
+
+        var events = unarchivingCiphers.Select(c =>
+        {
+            c.RevisionDate = revisionDate;
+            c.ArchivedDate = null;
+            return new Tuple<Cipher, EventType, DateTime?>(c, EventType.Cipher_Unarchived, null);
+        });
+        foreach (var eventsBatch in events.Chunk(100))
+        {
+            await _eventService.LogCipherEventsAsync(eventsBatch);
+        }
+
+        await _pushService.PushSyncCiphersAsync(unarchivingUserId);
+
+        return unarchivingCiphers;
+    }
+}

src/Core/Vault/Enums/CipherStateAction.cs

@@ -3,6 +3,8 @@
 public enum CipherStateAction
 {
     Restore,
+    Unarchive,
+    Archive,
     SoftDelete,
     HardDelete,
 }

src/Core/Vault/Repositories/ICipherRepository.cs

@@ -24,6 +24,7 @@ public interface ICipherRepository : IRepository<Cipher, Guid>
     Task<bool> ReplaceAsync(Cipher obj, IEnumerable<Guid> collectionIds);
     Task UpdatePartialAsync(Guid id, Guid userId, Guid? folderId, bool favorite);
     Task UpdateAttachmentAsync(CipherAttachment attachment);
+    Task<DateTime> ArchiveAsync(IEnumerable<Guid> ids, Guid userId);
     Task DeleteAttachmentAsync(Guid cipherId, string attachmentId);
     Task DeleteAsync(IEnumerable<Guid> ids, Guid userId);
     Task DeleteByIdsOrganizationIdAsync(IEnumerable<Guid> ids, Guid organizationId);
@@ -36,6 +37,7 @@ public interface ICipherRepository : IRepository<Cipher, Guid>
         IEnumerable<CollectionCipher> collectionCiphers, IEnumerable<CollectionUser> collectionUsers);
     Task SoftDeleteAsync(IEnumerable<Guid> ids, Guid userId);
     Task SoftDeleteByIdsOrganizationIdAsync(IEnumerable<Guid> ids, Guid organizationId);
+    Task<DateTime> UnarchiveAsync(IEnumerable<Guid> ids, Guid userId);
     Task<DateTime> RestoreAsync(IEnumerable<Guid> ids, Guid userId);
     Task<DateTime> RestoreByIdsOrganizationIdAsync(IEnumerable<Guid> ids, Guid organizationId);
     Task DeleteDeletedAsync(DateTime deletedDateBefore);

src/Core/Vault/Services/Implementations/CipherService.cs

@@ -480,7 +480,7 @@ public class CipherService : ICipherService
             throw new NotFoundException();
         }
         await _cipherRepository.DeleteByOrganizationIdAsync(organizationId);
-        await _eventService.LogOrganizationEventAsync(org, Bit.Core.Enums.EventType.Organization_PurgedVault);
+        await _eventService.LogOrganizationEventAsync(org, EventType.Organization_PurgedVault);
     }
 
     public async Task MoveManyAsync(IEnumerable<Guid> cipherIds, Guid? destinationFolderId, Guid movingUserId)
@@ -687,7 +687,7 @@ public class CipherService : ICipherService
             await _collectionCipherRepository.UpdateCollectionsAsync(cipher.Id, savingUserId, collectionIds);
         }
 
-        await _eventService.LogCipherEventAsync(cipher, Bit.Core.Enums.EventType.Cipher_UpdatedCollections);
+        await _eventService.LogCipherEventAsync(cipher, EventType.Cipher_UpdatedCollections);
 
         // push
         await _pushService.PushSyncCipherUpdateAsync(cipher, collectionIds);
@@ -790,8 +790,8 @@ public class CipherService : ICipherService
         }
 
         var cipherIdsSet = new HashSet<Guid>(cipherIds);
-        var restoringCiphers = new List<CipherOrganizationDetails>();
+        List<CipherOrganizationDetails> restoringCiphers;
-        DateTime? revisionDate;
+        DateTime? revisionDate; // TODO: Make this not nullable
 
         if (orgAdmin && organizationId.HasValue)
         {
@@ -950,6 +950,11 @@ public class CipherService : ICipherService
             throw new BadRequestException("One or more ciphers do not belong to you.");
         }
 
+        if (cipher.ArchivedDate.HasValue)
+        {
+            throw new BadRequestException("Cipher cannot be shared with organization because it is archived.");
+        }
+
         var attachments = cipher.GetAttachments();
         var hasAttachments = attachments?.Any() ?? false;
         var org = await _organizationRepository.GetByIdAsync(organizationId);

src/Core/Vault/VaultServiceCollectionExtensions.cs

@@ -24,5 +24,7 @@ public static class VaultServiceCollectionExtensions
         services.AddScoped<IGetSecurityTasksNotificationDetailsQuery, GetSecurityTasksNotificationDetailsQuery>();
         services.AddScoped<ICreateManyTaskNotificationsCommand, CreateManyTaskNotificationsCommand>();
         services.AddScoped<ICreateManyTasksCommand, CreateManyTasksCommand>();
+        services.AddScoped<IArchiveCiphersCommand, ArchiveCiphersCommand>();
+        services.AddScoped<IUnarchiveCiphersCommand, UnarchiveCiphersCommand>();
     }
 }

src/Infrastructure.Dapper/Vault/Repositories/CipherRepository.cs

@@ -232,11 +232,24 @@ public class CipherRepository : Repository<Cipher, Guid>, ICipherRepository
         }
     }
 
+    public async Task<DateTime> ArchiveAsync(IEnumerable<Guid> ids, Guid userId)
+    {
+        using (var connection = new SqlConnection(ConnectionString))
+        {
+            var results = await connection.ExecuteScalarAsync<DateTime>(
+                $"[{Schema}].[Cipher_Archive]",
+                new { Ids = ids.ToGuidIdArrayTVP(), UserId = userId },
+                commandType: CommandType.StoredProcedure);
+
+            return results;
+        }
+    }
+
     public async Task DeleteAttachmentAsync(Guid cipherId, string attachmentId)
     {
         using (var connection = new SqlConnection(ConnectionString))
         {
-            var results = await connection.ExecuteAsync(
+            await connection.ExecuteAsync(
                 $"[{Schema}].[Cipher_DeleteAttachment]",
                 new { Id = cipherId, AttachmentId = attachmentId },
                 commandType: CommandType.StoredProcedure);
@@ -612,6 +625,19 @@ public class CipherRepository : Repository<Cipher, Guid>, ICipherRepository
         }
     }
 
+    public async Task<DateTime> UnarchiveAsync(IEnumerable<Guid> ids, Guid userId)
+    {
+        using (var connection = new SqlConnection(ConnectionString))
+        {
+            var results = await connection.ExecuteScalarAsync<DateTime>(
+                $"[{Schema}].[Cipher_Unarchive]",
+                new { Ids = ids.ToGuidIdArrayTVP(), UserId = userId },
+                commandType: CommandType.StoredProcedure);
+
+            return results;
+        }
+    }
+
     public async Task<DateTime> RestoreAsync(IEnumerable<Guid> ids, Guid userId)
     {
         using (var connection = new SqlConnection(ConnectionString))

src/Infrastructure.EntityFramework/Vault/Repositories/CipherRepository.cs

@@ -201,7 +201,7 @@ public class CipherRepository : Repository<Core.Vault.Entities.Cipher, Cipher, G
 
     public async Task DeleteAsync(IEnumerable<Guid> ids, Guid userId)
     {
-        await ToggleCipherStates(ids, userId, CipherStateAction.HardDelete);
+        await ToggleDeleteCipherStatesAsync(ids, userId, CipherStateAction.HardDelete);
     }
 
     public async Task DeleteAttachmentAsync(Guid cipherId, string attachmentId)
@@ -714,9 +714,14 @@ public class CipherRepository : Repository<Core.Vault.Entities.Cipher, Cipher, G
         }
     }
 
+    public async Task<DateTime> UnarchiveAsync(IEnumerable<Guid> ids, Guid userId)
+    {
+        return await ToggleArchiveCipherStatesAsync(ids, userId, CipherStateAction.Unarchive);
+    }
+
     public async Task<DateTime> RestoreAsync(IEnumerable<Guid> ids, Guid userId)
     {
-        return await ToggleCipherStates(ids, userId, CipherStateAction.Restore);
+        return await ToggleDeleteCipherStatesAsync(ids, userId, CipherStateAction.Restore);
     }
 
     public async Task<DateTime> RestoreByIdsOrganizationIdAsync(IEnumerable<Guid> ids, Guid organizationId)
@@ -744,20 +749,25 @@ public class CipherRepository : Repository<Core.Vault.Entities.Cipher, Cipher, G
         }
     }
 
-    public async Task SoftDeleteAsync(IEnumerable<Guid> ids, Guid userId)
+    public async Task<DateTime> ArchiveAsync(IEnumerable<Guid> ids, Guid userId)
     {
-        await ToggleCipherStates(ids, userId, CipherStateAction.SoftDelete);
+        return await ToggleArchiveCipherStatesAsync(ids, userId, CipherStateAction.Archive);
     }
 
-    private async Task<DateTime> ToggleCipherStates(IEnumerable<Guid> ids, Guid userId, CipherStateAction action)
+    public async Task SoftDeleteAsync(IEnumerable<Guid> ids, Guid userId)
     {
-        static bool FilterDeletedDate(CipherStateAction action, CipherDetails ucd)
+        await ToggleDeleteCipherStatesAsync(ids, userId, CipherStateAction.SoftDelete);
+    }
+
+    private async Task<DateTime> ToggleArchiveCipherStatesAsync(IEnumerable<Guid> ids, Guid userId, CipherStateAction action)
+    {
+        static bool FilterArchivedDate(CipherStateAction action, CipherDetails ucd)
         {
             return action switch
             {
-                CipherStateAction.Restore => ucd.DeletedDate != null,
+                CipherStateAction.Unarchive => ucd.ArchivedDate != null,
-                CipherStateAction.SoftDelete => ucd.DeletedDate == null,
+                CipherStateAction.Archive => ucd.ArchivedDate == null,
-                _ => true,
+                _ => true
             };
         }
 
@@ -765,8 +775,49 @@ public class CipherRepository : Repository<Core.Vault.Entities.Cipher, Cipher, G
         {
             var dbContext = GetDatabaseContext(scope);
             var userCipherDetailsQuery = new UserCipherDetailsQuery(userId);
-            var cipherEntitiesToCheck = await (dbContext.Ciphers.Where(c => ids.Contains(c.Id))).ToListAsync();
+            var cipherEntitiesToCheck = await dbContext.Ciphers.Where(c => ids.Contains(c.Id)).ToListAsync();
-            var query = from ucd in await (userCipherDetailsQuery.Run(dbContext)).ToListAsync()
+            var query = from ucd in await userCipherDetailsQuery.Run(dbContext).ToListAsync()
+                        join c in cipherEntitiesToCheck
+                            on ucd.Id equals c.Id
+                        where ucd.Edit && FilterArchivedDate(action, ucd)
+                        select c;
+
+            var utcNow = DateTime.UtcNow;
+            var cipherIdsToModify = query.Select(c => c.Id);
+            var cipherEntitiesToModify = dbContext.Ciphers.Where(x => cipherIdsToModify.Contains(x.Id));
+
+            await cipherEntitiesToModify.ForEachAsync(cipher =>
+            {
+                dbContext.Attach(cipher);
+                cipher.ArchivedDate = action == CipherStateAction.Unarchive ? null : utcNow;
+                cipher.RevisionDate = utcNow;
+            });
+
+            await dbContext.UserBumpAccountRevisionDateAsync(userId);
+            await dbContext.SaveChangesAsync();
+
+            return utcNow;
+        }
+    }
+
+    private async Task<DateTime> ToggleDeleteCipherStatesAsync(IEnumerable<Guid> ids, Guid userId, CipherStateAction action)
+    {
+        static bool FilterDeletedDate(CipherStateAction action, CipherDetails ucd)
+        {
+            return action switch
+            {
+                CipherStateAction.Restore => ucd.DeletedDate != null,
+                CipherStateAction.SoftDelete => ucd.DeletedDate == null,
+                _ => true
+            };
+        }
+
+        using (var scope = ServiceScopeFactory.CreateScope())
+        {
+            var dbContext = GetDatabaseContext(scope);
+            var userCipherDetailsQuery = new UserCipherDetailsQuery(userId);
+            var cipherEntitiesToCheck = await dbContext.Ciphers.Where(c => ids.Contains(c.Id)).ToListAsync();
+            var query = from ucd in await userCipherDetailsQuery.Run(dbContext).ToListAsync()
                         join c in cipherEntitiesToCheck
                             on ucd.Id equals c.Id
                         where ucd.Edit && FilterDeletedDate(action, ucd)
@@ -804,6 +855,7 @@ public class CipherRepository : Repository<Core.Vault.Entities.Cipher, Cipher, G
             }
             await dbContext.UserBumpAccountRevisionDateAsync(userId);
             await dbContext.SaveChangesAsync();
+
             return utcNow;
         }
     }

src/Sql/Vault/dbo/Stored Procedures/Cipher/CipherDetails_ReadByIdUserId.sql

@@ -5,7 +5,7 @@ AS
 BEGIN
     SET NOCOUNT ON
 
-SELECT
+    SELECT
         [Id],
         [UserId],
         [OrganizationId],
@@ -20,6 +20,7 @@ SELECT
         [Reprompt],
         [Key],
         [OrganizationUseTotp],
+        [ArchivedDate],
         MAX ([Edit]) AS [Edit],
         MAX ([ViewPassword]) AS [ViewPassword],
         MAX ([Manage]) AS [Manage]
@@ -41,5 +42,6 @@ SELECT
         [DeletedDate],
         [Reprompt],
         [Key],
-        [OrganizationUseTotp]
+        [OrganizationUseTotp],
+        [ArchivedDate]
 END

src/Sql/Vault/dbo/Stored Procedures/Cipher/Cipher_Archive.sql

@@ -0,0 +1,39 @@
+CREATE PROCEDURE [dbo].[Cipher_Archive]
+    @Ids AS [dbo].[GuidIdArray] READONLY,
+    @UserId AS UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    CREATE TABLE #Temp
+    (
+        [Id] UNIQUEIDENTIFIER NOT NULL,
+        [UserId] UNIQUEIDENTIFIER NULL
+    )
+
+    INSERT INTO #Temp
+    SELECT
+        [Id],
+        [UserId]
+    FROM
+        [dbo].[UserCipherDetails](@UserId)
+    WHERE
+        [Edit] = 1
+      AND [ArchivedDate] IS NULL
+      AND [Id] IN (SELECT * FROM @Ids)
+
+    DECLARE @UtcNow DATETIME2(7) = GETUTCDATE();
+    UPDATE
+        [dbo].[Cipher]
+    SET
+        [ArchivedDate] = @UtcNow,
+        [RevisionDate] = @UtcNow
+    WHERE
+        [Id] IN (SELECT [Id] FROM #Temp)
+
+    EXEC [dbo].[User_BumpAccountRevisionDate] @UserId
+
+    DROP TABLE #Temp
+
+    SELECT @UtcNow
+END

src/Sql/Vault/dbo/Stored Procedures/Cipher/Cipher_Unarchive.sql

@@ -0,0 +1,39 @@
+CREATE PROCEDURE [dbo].[Cipher_Unarchive]
+    @Ids AS [dbo].[GuidIdArray] READONLY,
+    @UserId AS UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    CREATE TABLE #Temp
+    (
+        [Id] UNIQUEIDENTIFIER NOT NULL,
+        [UserId] UNIQUEIDENTIFIER NULL
+    )
+
+    INSERT INTO #Temp
+    SELECT
+        [Id],
+        [UserId]
+    FROM
+        [dbo].[UserCipherDetails](@UserId)
+    WHERE
+        [Edit] = 1
+      AND [ArchivedDate] IS NOT NULL
+      AND [Id] IN (SELECT * FROM @Ids)
+
+    DECLARE @UtcNow DATETIME2(7) = GETUTCDATE();
+    UPDATE
+        [dbo].[Cipher]
+    SET
+        [ArchivedDate] = NULL,
+        [RevisionDate] = @UtcNow
+    WHERE
+        [Id] IN (SELECT [Id] FROM #Temp)
+
+    EXEC [dbo].[User_BumpAccountRevisionDate] @UserId
+
+    DROP TABLE #Temp
+
+    SELECT @UtcNow
+END

test/Core.Test/Vault/AutoFixture/CipherFixtures.cs

@@ -12,9 +12,11 @@ internal class OrganizationCipher : ICustomization
     {
         fixture.Customize<Cipher>(composer => composer
             .With(c => c.OrganizationId, OrganizationId ?? Guid.NewGuid())
+            .Without(c => c.ArchivedDate)
             .Without(c => c.UserId));
         fixture.Customize<CipherDetails>(composer => composer
             .With(c => c.OrganizationId, Guid.NewGuid())
+            .Without(c => c.ArchivedDate)
             .Without(c => c.UserId));
     }
 }
@@ -26,9 +28,11 @@ internal class UserCipher : ICustomization
     {
         fixture.Customize<Cipher>(composer => composer
             .With(c => c.UserId, UserId ?? Guid.NewGuid())
+            .Without(c => c.ArchivedDate)
             .Without(c => c.OrganizationId));
         fixture.Customize<CipherDetails>(composer => composer
             .With(c => c.UserId, Guid.NewGuid())
+            .Without(c => c.ArchivedDate)
             .Without(c => c.OrganizationId));
     }
 }

test/Core.Test/Vault/Commands/ArchiveCiphersCommandTest.cs

@@ -0,0 +1,53 @@
+using Bit.Core.Entities;
+using Bit.Core.Enums;
+using Bit.Core.Platform.Push;
+using Bit.Core.Services;
+using Bit.Core.Test.AutoFixture.CipherFixtures;
+using Bit.Core.Vault.Commands.Interfaces;
+using Bit.Core.Vault.Entities;
+using Bit.Core.Vault.Models.Data;
+using Bit.Core.Vault.Repositories;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Core.Test.Vault.Commands;
+
+[UserCipherCustomize]
+[SutProviderCustomize]
+public class ArchiveCiphersCommandTest
+{
+    [Theory]
+    [BitAutoData(true, false, 1, 1, 1, 1)]
+    [BitAutoData(false, false, 1, 0, 0, 1)]
+    [BitAutoData(false, true, 1, 0, 0, 1)]
+    [BitAutoData(true, true, 1, 0, 0, 1)]
+    public async Task ArchiveAsync_Works(
+        bool isEditable, bool hasOrganizationId,
+        int cipherRepoCalls, int resultCountFromQuery, int eventServiceCalls, int pushNotificationsCalls,
+        SutProvider<ArchiveCiphersCommand> sutProvider, CipherDetails cipher, User user)
+    {
+        // Arrange
+        cipher.Edit = isEditable;
+        cipher.OrganizationId = hasOrganizationId ? Guid.NewGuid() : null;
+
+        var cipherList = new List<CipherDetails> { cipher };
+
+        sutProvider.GetDependency<ICipherRepository>()
+            .GetManyByUserIdAsync(user.Id).Returns(cipherList);
+
+        // Act
+        await sutProvider.Sut.ArchiveManyAsync([cipher.Id], user.Id);
+
+        // Assert
+        await sutProvider.GetDependency<ICipherRepository>().Received(cipherRepoCalls).ArchiveAsync(
+            Arg.Is<IEnumerable<Guid>>(ids => ids.Count() == resultCountFromQuery
+                                             && ids.Count() >= 1 ? true : ids.All(id => cipherList.Contains(cipher))),
+            user.Id);
+        await sutProvider.GetDependency<IEventService>().Received(eventServiceCalls)
+            .LogCipherEventsAsync(Arg.Any<IEnumerable<Tuple<Cipher, EventType, DateTime?>>>());
+        await sutProvider.GetDependency<IPushNotificationService>().Received(pushNotificationsCalls)
+            .PushSyncCiphersAsync(user.Id);
+    }
+}

test/Core.Test/Vault/Commands/UnarchiveCiphersCommandTest.cs

@@ -0,0 +1,53 @@
+using Bit.Core.Entities;
+using Bit.Core.Enums;
+using Bit.Core.Platform.Push;
+using Bit.Core.Services;
+using Bit.Core.Test.AutoFixture.CipherFixtures;
+using Bit.Core.Vault.Commands.Interfaces;
+using Bit.Core.Vault.Entities;
+using Bit.Core.Vault.Models.Data;
+using Bit.Core.Vault.Repositories;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Core.Test.Vault.Commands;
+
+[UserCipherCustomize]
+[SutProviderCustomize]
+public class UnarchiveCiphersCommandTest
+{
+    [Theory]
+    [BitAutoData(true, false, 1, 1, 1, 1)]
+    [BitAutoData(false, false, 1, 0, 0, 1)]
+    [BitAutoData(false, true, 1, 0, 0, 1)]
+    [BitAutoData(true, true, 1, 1, 1, 1)]
+    public async Task UnarchiveAsync_Works(
+        bool isEditable, bool hasOrganizationId,
+        int cipherRepoCalls, int resultCountFromQuery, int eventServiceCalls, int pushNotificationsCalls,
+        SutProvider<UnarchiveCiphersCommand> sutProvider, CipherDetails cipher, User user)
+    {
+        // Arrange
+        cipher.Edit = isEditable;
+        cipher.OrganizationId = hasOrganizationId ? Guid.NewGuid() : null;
+
+        var cipherList = new List<CipherDetails> { cipher };
+
+        sutProvider.GetDependency<ICipherRepository>()
+            .GetManyByUserIdAsync(user.Id).Returns(cipherList);
+
+        // Act
+        await sutProvider.Sut.UnarchiveManyAsync([cipher.Id], user.Id);
+
+        // Assert
+        await sutProvider.GetDependency<ICipherRepository>().Received(cipherRepoCalls).UnarchiveAsync(
+            Arg.Is<IEnumerable<Guid>>(ids => ids.Count() == resultCountFromQuery
+                                             && ids.Count() >= 1 ? true : ids.All(id => cipherList.Contains(cipher))),
+            user.Id);
+        await sutProvider.GetDependency<IEventService>().Received(eventServiceCalls)
+            .LogCipherEventsAsync(Arg.Any<IEnumerable<Tuple<Cipher, EventType, DateTime?>>>());
+        await sutProvider.GetDependency<IPushNotificationService>().Received(pushNotificationsCalls)
+            .PushSyncCiphersAsync(user.Id);
+    }
+}

test/Infrastructure.IntegrationTest/Vault/Repositories/CipherRepositoryTests.cs

@@ -883,4 +883,35 @@ public class CipherRepositoryTests
         Assert.Contains(user2TaskCiphers, t => t.CipherId == manageCipher1.Id && t.TaskId == securityTasks[0].Id);
         Assert.Contains(user2TaskCiphers, t => t.CipherId == manageCipher2.Id && t.TaskId == securityTasks[1].Id);
     }
+
+    [DatabaseTheory, DatabaseData]
+    public async Task ArchiveAsync_Works(
+        ICipherRepository sutRepository,
+        IUserRepository userRepository)
+    {
+        // Arrange
+        var user = await userRepository.CreateAsync(new User
+        {
+            Name = "Test User",
+            Email = $"test+{Guid.NewGuid()}@email.com",
+            ApiKey = "TEST",
+            SecurityStamp = "stamp",
+        });
+
+        // Ciphers
+        var cipher = await sutRepository.CreateAsync(new Cipher
+        {
+            Type = CipherType.Login,
+            Data = "",
+            UserId = user.Id
+        });
+
+        // Act
+        await sutRepository.ArchiveAsync(new List<Guid> { cipher.Id }, user.Id);
+
+        // Assert
+        var archivedCipher = await sutRepository.GetByIdAsync(cipher.Id, user.Id);
+        Assert.NotNull(archivedCipher);
+        Assert.NotNull(archivedCipher.ArchivedDate);
+    }
 }

util/Migrator/DbScripts/2025-03-20_00_Archive_Unarchive_Procedures.sql

@@ -0,0 +1,136 @@
+-- Cipher Archive
+
+CREATE OR ALTER PROCEDURE [dbo].[Cipher_Archive]
+    @Ids AS [dbo].[GuidIdArray] READONLY,
+    @UserId AS UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    CREATE TABLE #Temp
+    (
+        [Id] UNIQUEIDENTIFIER NOT NULL,
+        [UserId] UNIQUEIDENTIFIER NULL
+    )
+
+    INSERT INTO #Temp
+    SELECT
+        [Id],
+        [UserId]
+    FROM
+        [dbo].[UserCipherDetails](@UserId)
+    WHERE
+        [Edit] = 1
+      AND [ArchivedDate] IS NULL
+      AND [Id] IN (SELECT * FROM @Ids)
+
+    DECLARE @UtcNow DATETIME2(7) = GETUTCDATE();
+    UPDATE
+        [dbo].[Cipher]
+    SET
+        [ArchivedDate] = @UtcNow,
+        [RevisionDate] = @UtcNow
+    WHERE
+        [Id] IN (SELECT [Id] FROM #Temp)
+
+    EXEC [dbo].[User_BumpAccountRevisionDate] @UserId
+
+    DROP TABLE #Temp
+
+    SELECT @UtcNow
+END
+GO
+
+-- Unarchive Cipher
+
+
+CREATE OR ALTER PROCEDURE [dbo].[Cipher_Unarchive]
+    @Ids AS [dbo].[GuidIdArray] READONLY,
+    @UserId AS UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    CREATE TABLE #Temp
+    (
+        [Id] UNIQUEIDENTIFIER NOT NULL,
+        [UserId] UNIQUEIDENTIFIER NULL
+    )
+
+    INSERT INTO #Temp
+    SELECT
+        [Id],
+        [UserId]
+    FROM
+        [dbo].[UserCipherDetails](@UserId)
+    WHERE
+        [Edit] = 1
+      AND [ArchivedDate] IS NOT NULL
+      AND [Id] IN (SELECT * FROM @Ids)
+
+    DECLARE @UtcNow DATETIME2(7) = GETUTCDATE();
+    UPDATE
+        [dbo].[Cipher]
+    SET
+        [ArchivedDate] = NULL,
+        [RevisionDate] = @UtcNow
+    WHERE
+        [Id] IN (SELECT [Id] FROM #Temp)
+
+    EXEC [dbo].[User_BumpAccountRevisionDate] @UserId
+
+    DROP TABLE #Temp
+
+    SELECT @UtcNow
+END
+GO
+
+-- Update User Cipher Details With Archive
+
+CREATE OR ALTER PROCEDURE [dbo].[CipherDetails_ReadByIdUserId]
+    @Id UNIQUEIDENTIFIER,
+    @UserId UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    SELECT
+        [Id],
+        [UserId],
+        [OrganizationId],
+        [Type],
+        [Data],
+        [Attachments],
+        [CreationDate],
+        [RevisionDate],
+        [Favorite],
+        [FolderId],
+        [DeletedDate],
+        [Reprompt],
+        [Key],
+        [OrganizationUseTotp],
+        [ArchivedDate],
+        MAX ([Edit]) AS [Edit],
+        MAX ([ViewPassword]) AS [ViewPassword],
+        MAX ([Manage]) AS [Manage]
+    FROM
+        [dbo].[UserCipherDetails](@UserId)
+    WHERE
+        [Id] = @Id
+    GROUP BY
+        [Id],
+        [UserId],
+        [OrganizationId],
+        [Type],
+        [Data],
+        [Attachments],
+        [CreationDate],
+        [RevisionDate],
+        [Favorite],
+        [FolderId],
+        [DeletedDate],
+        [Reprompt],
+        [Key],
+        [OrganizationUseTotp],
+        [ArchivedDate]
+END