Delayed the hasSecretsManagerStandalone call as long as possible.

2025-04-04 20:50:21 -05:00 · 2025-04-01 14:35:04 -05:00 · 2025-04-01 14:35:04 -05:00 · 739bc65e87
commit 739bc65e87
parent 2656ccf314
5 changed files with 45 additions and 13 deletions
--- a/bitwarden_license/src/Scim/Models/ScimUserRequestModel.cs
+++ b/bitwarden_license/src/Scim/Models/ScimUserRequestModel.cs
@ -32,8 +32,7 @@ public class ScimUserRequestModel : BaseScimUserModel
    public InviteOrganizationUsersRequest ToRequest(
        ScimProviderType scimProvider,
        InviteOrganization inviteOrganization,
-        DateTimeOffset performedAt,
-        bool hasSecretsManagerStandalone)
+        DateTimeOffset performedAt)
    {
        var email = EmailForInvite(scimProvider);

@ -47,8 +46,7 @@ public class ScimUserRequestModel : BaseScimUserModel
            [
                new Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Models.OrganizationUserInvite(
                        email: email,
-                        externalId: ExternalIdForInvite(),
-                        accessSecretsManager: hasSecretsManagerStandalone
+                        externalId: ExternalIdForInvite()
                    )
            ],
            inviteOrganization: inviteOrganization,
--- a/bitwarden_license/src/Scim/Users/PostUserCommand.cs
+++ b/bitwarden_license/src/Scim/Users/PostUserCommand.cs
@ -56,13 +56,10 @@ public class PostUserCommand(

        var plan = await pricingClient.GetPlanOrThrow(organization.PlanType);

-        var hasSecretsManagerStandalone = await paymentService.HasSecretsManagerStandalone(organization);
-
        var request = model.ToRequest(
            scimProvider: scimProvider,
            inviteOrganization: new InviteOrganization(organization, plan),
-            performedAt: timeProvider.GetUtcNow(),
-            hasSecretsManagerStandalone);
+            performedAt: timeProvider.GetUtcNow());

        var orgUsers = await organizationUserRepository
            .GetManyDetailsByOrganizationAsync(request.InviteOrganization.OrganizationId);
--- a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/Models/InviteUserOrganizationValidationRequest.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/Models/InviteUserOrganizationValidationRequest.cs
@ -6,9 +6,11 @@ namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUse

 public class InviteUserOrganizationValidationRequest
 {
-    public InviteUserOrganizationValidationRequest() { }
+    public InviteUserOrganizationValidationRequest()
+    {
+    }

-    public InviteUserOrganizationValidationRequest(InviteUserOrganizationValidationRequest request, PasswordManagerSubscriptionUpdate subscriptionUpdate, SecretsManagerSubscriptionUpdate smSubscriptionUpdate)
+    public InviteUserOrganizationValidationRequest(InviteUserOrganizationValidationRequest request)
    {
        Invites = request.Invites;
        InviteOrganization = request.InviteOrganization;
@ -16,6 +18,13 @@ public class InviteUserOrganizationValidationRequest
        PerformedAt = request.PerformedAt;
        OccupiedPmSeats = request.OccupiedPmSeats;
        OccupiedSmSeats = request.OccupiedSmSeats;
+    }
+
+    public InviteUserOrganizationValidationRequest(InviteUserOrganizationValidationRequest request,
+        PasswordManagerSubscriptionUpdate subscriptionUpdate,
+        SecretsManagerSubscriptionUpdate smSubscriptionUpdate)
+        : this(request)
+    {
        PasswordManagerSubscriptionUpdate = subscriptionUpdate;
        SecretsManagerSubscriptionUpdate = smSubscriptionUpdate;
    }
--- a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/Models/OrganizationUserInvite.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/Models/OrganizationUserInvite.cs
@ -17,7 +17,7 @@ public class OrganizationUserInvite
    public bool AccessSecretsManager { get; private init; }
    public Guid[] Groups { get; private init; }

-    public OrganizationUserInvite(string email, string externalId, bool accessSecretsManager) :
+    public OrganizationUserInvite(string email, string externalId) :
        this(
            email: email,
            assignedCollections: [],
@ -25,10 +25,22 @@ public class OrganizationUserInvite
            type: OrganizationUserType.User,
            permissions: new Permissions(),
            externalId: externalId,
-            accessSecretsManager: accessSecretsManager)
+            false)
    {
    }

+    public OrganizationUserInvite(OrganizationUserInvite invite, bool accessSecretsManager) :
+        this(invite.Email,
+            invite.AssignedCollections,
+            invite.Groups,
+            invite.Type,
+            invite.Permissions,
+            invite.ExternalId,
+            accessSecretsManager)
+    {
+
+    }
+
    public OrganizationUserInvite(string email,
        IEnumerable<CollectionAccessSelection> assignedCollections,
        IEnumerable<Guid> groups,
--- a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/Validation/InviteOrganizationUserValidator.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/Validation/InviteOrganizationUserValidator.cs
@ -6,6 +6,9 @@ using Bit.Core.AdminConsole.Shared.Validation;
 using Bit.Core.Models.Business;
 using Bit.Core.OrganizationFeatures.OrganizationSubscriptions.Interface;
 using Bit.Core.Repositories;
+using Bit.Core.Services;
+using OrganizationUserInvite = Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Models.OrganizationUserInvite;
+
 namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Validation;

 public interface IInviteUsersValidator : IValidator<InviteUserOrganizationValidationRequest>;
@ -13,7 +16,8 @@ public interface IInviteUsersValidator : IValidator<InviteUserOrganizationValida
 public class InviteUsersValidator(
    IOrganizationRepository organizationRepository,
    IInviteUsersPasswordManagerValidator inviteUsersPasswordManagerValidator,
-    IUpdateSecretsManagerSubscriptionCommand secretsManagerSubscriptionCommand) : IInviteUsersValidator
+    IUpdateSecretsManagerSubscriptionCommand secretsManagerSubscriptionCommand,
+    IPaymentService paymentService) : IInviteUsersValidator
 {
    public async Task<ValidationResult<InviteUserOrganizationValidationRequest>> ValidateAsync(InviteUserOrganizationValidationRequest request)
    {
@ -26,6 +30,18 @@ public class InviteUsersValidator(
            return invalidSubscriptionUpdate.Map(request);
        }

+        // If the organization has the Secrets Manager Standalone Discount, all users are added to secrets manager.
+        // This is an expensive call, so we're doing it now to delay the check as long as possible.
+        if (await paymentService.HasSecretsManagerStandalone(request.InviteOrganization))
+        {
+            request = new InviteUserOrganizationValidationRequest(request)
+            {
+                Invites = request.Invites
+                    .Select(x => new OrganizationUserInvite(x, accessSecretsManager: true))
+                    .ToArray()
+            };
+        }
+
        if (request.InviteOrganization.UseSecretsManager && request.Invites.Any(x => x.AccessSecretsManager))
        {
            return await ValidateSecretsManagerSubscriptionUpdateAsync(request, subscriptionUpdate);