Remove stale SsoUser objects from database (#1560)

* Add SsoUser_ReadByUserIdOrganizationId

* Automatically reset stale/duplicate Sso links

* Fix typo

* Check for stale Sso link in existing user flow

* Delete any stale user record before provisioning new user

* Check for existing db query before creating

* PR feedback updates

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>

src/Core/Enums/EventType.cs

@@ -48,6 +48,7 @@
         OrganizationUser_ResetPassword_Enroll = 1506,
         OrganizationUser_ResetPassword_Withdraw = 1507,
         OrganizationUser_AdminResetPassword = 1508,
+        OrganizationUser_ResetSsoLink = 1509,
 
         Organization_Updated = 1600,
         Organization_PurgedVault = 1601,

src/Core/Repositories/EntityFramework/SsoUserRepository.cs

@@ -24,5 +24,16 @@ namespace Bit.Core.Repositories.EntityFramework
                 await dbContext.SaveChangesAsync();
             }
         }
+
+        public async Task<TableModel.SsoUser> GetByUserIdOrganizationIdAsync(Guid organizationId, Guid userId)
+        {
+            using (var scope = ServiceScopeFactory.CreateScope())
+            {
+                var dbContext = GetDatabaseContext(scope);
+                var entity = await GetDbSet(dbContext)
+                    .FirstOrDefaultAsync(e => e.OrganizationId == organizationId && e.UserId == userId);
+                return entity;
+            }
+        }
     }
 }

src/Core/Repositories/ISsoUserRepository.cs

@@ -1,11 +1,12 @@
-using Bit.Core.Models.Table;
-using System;
-using System.Threading.Tasks;
+using Bit.Core.Models.Table;
+using System;
+using System.Threading.Tasks;
 
 namespace Bit.Core.Repositories
 {
     public interface ISsoUserRepository : IRepository<SsoUser, long>
     {
         Task DeleteAsync(Guid userId, Guid? organizationId);
+        Task<SsoUser> GetByUserIdOrganizationIdAsync(Guid organizationId, Guid userId);
     }
 }

src/Core/Repositories/SqlServer/SsoUserRepository.cs

@@ -5,6 +5,7 @@ using System;
 using System.Threading.Tasks;
 using System.Data.SqlClient;
 using System.Data;
+using System.Linq;
 
 namespace Bit.Core.Repositories.SqlServer
 {
@@ -28,5 +29,18 @@ namespace Bit.Core.Repositories.SqlServer
                     commandType: CommandType.StoredProcedure);
             }
         }
+
+        public async Task<SsoUser> GetByUserIdOrganizationIdAsync(Guid organizationId, Guid userId)
+        {
+            using (var connection = new SqlConnection(ConnectionString))
+            {
+                var results = await connection.QueryAsync<SsoUser>(
+                    $"[{Schema}].[SsoUser_ReadByUserIdOrganizationId]",
+                    new { UserId = userId, OrganizationId = organizationId },
+                    commandType: CommandType.StoredProcedure);
+
+                return results.SingleOrDefault();
+            }
+        }
     }
 }

src/Sql/Sql.sqlproj

@@ -299,6 +299,7 @@
     <Build Include="dbo\Stored Procedures\User_ReadBySsoUserOrganizationIdExternalId.sql" />
     <Build Include="dbo\Stored Procedures\SsoUser_Update.sql" />
     <Build Include="dbo\Stored Procedures\SsoUser_ReadById.sql" />
+    <Build Include="dbo\Stored Procedures\SsoUser_ReadByUserIdOrganizationId.sql" />
     <Build Include="dbo\Stored Procedures\Cipher_DeleteByIdsOrganizationId.sql" />
     <Build Include="dbo\Stored Procedures\Cipher_SoftDeleteByIdsOrganizationId.sql" />
     <Build Include="dbo\Stored Procedures\Organization_ReadByIdentifier.sql" />

src/Sql/dbo/Stored Procedures/SsoUser_ReadByUserIdOrganizationId.sql

@@ -0,0 +1,15 @@
+CREATE PROCEDURE [dbo].[SsoUser_ReadByUserIdOrganizationId]
+    @UserId UNIQUEIDENTIFIER,
+    @OrganizationId UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    SELECT
+        *
+    FROM
+        [dbo].[SsoUserView]
+    WHERE
+        [UserId] = @UserId
+        AND [OrganizationId] = @OrganizationId
+END