From 8480379e327481450aba567b83d60569a4b4bdfd Mon Sep 17 00:00:00 2001
From: Matt Gibson <mgibson@bitwarden.com>
Date: Tue, 9 Nov 2021 10:40:31 -0500
Subject: [PATCH] Use userId to find org users

---
 .../OrganizationSponsorshipsController.cs     |  8 +---
 .../OrganizationSponsorshipRequestModel.cs    |  3 --
 .../OrganizationSponsorshipService.cs         |  2 +-
 ...OrganizationSponsorshipsControllerTests.cs | 38 ++++---------------
 .../OrganizationSponsorshipServiceTests.cs    |  1 +
 5 files changed, 11 insertions(+), 41 deletions(-)

diff --git a/src/Api/Controllers/OrganizationSponsorshipsController.cs b/src/Api/Controllers/OrganizationSponsorshipsController.cs
index d8707960d3..9cded94a6d 100644
--- a/src/Api/Controllers/OrganizationSponsorshipsController.cs
+++ b/src/Api/Controllers/OrganizationSponsorshipsController.cs
@@ -51,14 +51,10 @@ namespace Bit.Api.Controllers
                 throw new BadRequestException("Specified Organization cannot sponsor other organizations.");
             }
 
-            var sponsoringOrgUser = await _organizationUserRepository.GetByIdAsync(model.OrganizationUserId);
+            var sponsoringOrgUser = await _organizationUserRepository.GetByOrganizationAsync(sponsoringOrgIdGuid, _currentContext.UserId ?? default);
             if (sponsoringOrgUser == null || sponsoringOrgUser.Status != OrganizationUserStatusType.Confirmed)
             {
-                throw new BadRequestException("Only confirm users can sponsor other organizations.");
-            }
-            if (sponsoringOrgUser.UserId != _currentContext.UserId)
-            {
-                throw new BadRequestException("Can only create organization sponsorships for yourself.");
+                throw new BadRequestException("Only confirmed users can sponsor other organizations.");
             }
 
             var existingOrgSponsorship = await _organizationSponsorshipRepository.GetBySponsoringOrganizationUserIdAsync(sponsoringOrgUser.Id);
diff --git a/src/Core/Models/Api/Request/Organizations/OrganizationSponsorshipRequestModel.cs b/src/Core/Models/Api/Request/Organizations/OrganizationSponsorshipRequestModel.cs
index e04e47bc84..deb8d07f3f 100644
--- a/src/Core/Models/Api/Request/Organizations/OrganizationSponsorshipRequestModel.cs
+++ b/src/Core/Models/Api/Request/Organizations/OrganizationSponsorshipRequestModel.cs
@@ -10,9 +10,6 @@ namespace Bit.Core.Models.Api.Request
         [Required]
         public PlanSponsorshipType PlanSponsorshipType { get; set; }
 
-        [Required]
-        public Guid OrganizationUserId { get; set; }
-
         [Required]
         [StringLength(256)]
         [StrictEmailAddress]
diff --git a/src/Core/Services/Implementations/OrganizationSponsorshipService.cs b/src/Core/Services/Implementations/OrganizationSponsorshipService.cs
index 78c6a84bb1..72128389a1 100644
--- a/src/Core/Services/Implementations/OrganizationSponsorshipService.cs
+++ b/src/Core/Services/Implementations/OrganizationSponsorshipService.cs
@@ -88,7 +88,7 @@ namespace Bit.Core.Services
                 sponsorship = await _organizationSponsorshipRepository.CreateAsync(sponsorship);
 
                 // TODO: send email to sponsoredEmail w/ redemption token link
-                var _ = RedemptionToken(sponsorship.Id, sponsorshipType);
+                // var _ = RedemptionToken(sponsorship.Id, sponsorshipType);
             }
             catch
             {
diff --git a/test/Api.Test/Controllers/OrganizationSponsorshipsControllerTests.cs b/test/Api.Test/Controllers/OrganizationSponsorshipsControllerTests.cs
index f019ade201..a944c56f20 100644
--- a/test/Api.Test/Controllers/OrganizationSponsorshipsControllerTests.cs
+++ b/test/Api.Test/Controllers/OrganizationSponsorshipsControllerTests.cs
@@ -58,45 +58,21 @@ namespace Bit.Api.Test.Controllers
         [Theory]
         [BitMemberAutoData(nameof(NonConfirmedOrganizationUsersStatuses))]
         public async Task CreateSponsorship_BadSponsoringUserStatus_ThrowsBadRequest(
-            OrganizationUserStatusType statusType, Guid userId, Organization org, OrganizationUser orgUser,
+            OrganizationUserStatusType statusType, Organization org, OrganizationUser orgUser,
             OrganizationSponsorshipRequestModel model, SutProvider<OrganizationSponsorshipsController> sutProvider)
         {
             org.PlanType = PlanType.EnterpriseAnnually;
             orgUser.Status = statusType;
-            orgUser.UserId = userId;
-            model.OrganizationUserId = orgUser.Id;
 
             sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(org.Id).Returns(org);
-            sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
-            sutProvider.GetDependency<IOrganizationUserRepository>().GetByIdAsync(orgUser.Id).Returns(orgUser);
+            sutProvider.GetDependency<ICurrentContext>().UserId.Returns(orgUser.UserId);
+            sutProvider.GetDependency<IOrganizationUserRepository>().GetByOrganizationAsync(org.Id, orgUser.UserId.Value)
+                .Returns(orgUser);
 
             var exception = await Assert.ThrowsAsync<BadRequestException>(() =>
                 sutProvider.Sut.CreateSponsorship(org.Id.ToString(), model));
 
-            Assert.Contains("Only confirm users can sponsor other organizations.", exception.Message);
-            await sutProvider.GetDependency<IOrganizationSponsorshipService>()
-                .DidNotReceiveWithAnyArgs()
-                .OfferSponsorshipAsync(default, default, default, default, default);
-        }
-
-        [Theory]
-        [BitAutoData("c56c7ab4-a174-412a-a822-abe53ea71d50")]
-        public async Task CreateSponsorship_CreateSponsorshipAsDifferentUser_ThrowsBadRequest(Guid userId,
-            Organization org, OrganizationUser orgUser, OrganizationSponsorshipRequestModel model,
-            SutProvider<OrganizationSponsorshipsController> sutProvider)
-        {
-            org.PlanType = PlanType.EnterpriseAnnually;
-            orgUser.Status = OrganizationUserStatusType.Confirmed;
-            model.OrganizationUserId = orgUser.Id;
-
-            sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(org.Id).Returns(org);
-            sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
-            sutProvider.GetDependency<IOrganizationUserRepository>().GetByIdAsync(orgUser.Id).Returns(orgUser);
-
-            var exception = await Assert.ThrowsAsync<BadRequestException>(() =>
-                sutProvider.Sut.CreateSponsorship(org.Id.ToString(), model));
-
-            Assert.Contains("Can only create organization sponsorships for yourself.", exception.Message);
+            Assert.Contains("Only confirmed users can sponsor other organizations.", exception.Message);
             await sutProvider.GetDependency<IOrganizationSponsorshipService>()
                 .DidNotReceiveWithAnyArgs()
                 .OfferSponsorshipAsync(default, default, default, default, default);
@@ -110,11 +86,11 @@ namespace Bit.Api.Test.Controllers
         {
             org.PlanType = PlanType.EnterpriseAnnually;
             orgUser.Status = OrganizationUserStatusType.Confirmed;
-            model.OrganizationUserId = orgUser.Id;
 
             sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(org.Id).Returns(org);
             sutProvider.GetDependency<ICurrentContext>().UserId.Returns(orgUser.UserId);
-            sutProvider.GetDependency<IOrganizationUserRepository>().GetByIdAsync(orgUser.Id).Returns(orgUser);
+            sutProvider.GetDependency<IOrganizationUserRepository>().GetByOrganizationAsync(org.Id, orgUser.UserId.Value)
+                .Returns(orgUser);
             sutProvider.GetDependency<IOrganizationSponsorshipRepository>()
                 .GetBySponsoringOrganizationUserIdAsync(orgUser.Id).Returns(sponsorship);
 
diff --git a/test/Core.Test/Services/OrganizationSponsorshipServiceTests.cs b/test/Core.Test/Services/OrganizationSponsorshipServiceTests.cs
index 4fc25b7f8c..2b0af9b7c8 100644
--- a/test/Core.Test/Services/OrganizationSponsorshipServiceTests.cs
+++ b/test/Core.Test/Services/OrganizationSponsorshipServiceTests.cs
@@ -45,6 +45,7 @@ namespace Bit.Core.Test.Services
                 SponsoringOrganizationUserId = sponsoringOrgUser.Id,
                 FriendlyName = friendlyName,
                 OfferedToEmail = sponsoredEmail,
+                PlanSponsorshipType = PlanSponsorshipType.FamiliesForEnterprise,
                 CloudSponsor = true,
             };