[AC-1192] Create endpoints for new Device Approvals page (#2993)

* [AC-1192] Create new OrganizationAuthRequestsController.cs

* [AC-1192] Introduce OrganizationAdminAuthRequest model

* [AC-1192] Add GetManyPendingByOrganizationId method to AuthRequest repository

* [AC-1192] Add new list pending organization auth requests endpoint

* [AC-1192] Add new GetManyAdminApprovalsByManyIdsAsync method to the AuthRequestRepository

* [AC-1192] Make the response device identifier optional for admin approval requests

* [AC-1192] Add endpoint for bulk denying admin device auth requests

* [AC-1192] Add OrganizationUserId to PendingOrganizationAuthRequestResponseModel

* [AC-1192] Add UpdateAuthRequest endpoint and logic to OrganizationAuthRequestsController

* [AC-1192] Secure new endpoints behind TDE feature flag

* [AC-1192] Formatting

* [AC-1192] Add sql migration script

* [AC-1192] Add optional OrganizationId column to AuthRequest entity

- Rename migration script to match existing formatting
- Add new column
- Add migration scripts
- Update new sprocs to filter/join on OrganizationId
- Update old sprocs to include OrganizationId

* [AC-1192] Format migration scripts

* [AC-1192] Fix failing AuthRequest EF unit test

* [AC-1192] Make OrganizationId optional in updated AuthRequest sprocs for backwards compatability

* [AC-1192] Fix missing comma in migration file

* [AC-1192] Rename Key to EncryptedUserKey to be more descriptive

* [AC-1192] Move request validation into helper method to reduce repetition

* [AC-1192] Return UnauthorizedAccessException instead of NotFound when user is missing permission

* [AC-1192] Introduce FeatureUnavailableException

* [AC-1192] Introduce RequireFeatureAttribute

* [AC-1192] Utilize the new RequireFeatureAttribute in the OrganizationAuthRequestsController

* [AC-1192] Attempt to fix out of sync database migration by moving new OrganizationId column

* [AC-1192] More attempts to sync database migrations

* [AC-1192] Formatting

* [AC-1192] Remove unused reference to FeatureService

* [AC-1192] Change Id types from String to Guid

* [AC-1192] Add EncryptedString attribute

* [AC-1192] Remove redundant OrganizationId property

* [AC-1192] Switch to projection for OrganizationAdminAuthRequest mapping

- Add new OrganizationUser relationship to EF entity
- Replace AuthRequest DBContext config with new IEntityTypeConfiguration
- Add navigation property to AuthRequest entity configuration for OrganizationUser
- Update EF AuthRequestRepository to use new mapping and navigation properties

* [AC-1192] Remove OrganizationUser navigation property

src/Infrastructure.EntityFramework/Auth/Configurations/AuthRequestConfiguration.cs

@@ -0,0 +1,14 @@
+using Bit.Infrastructure.EntityFramework.Auth.Models;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Metadata.Builders;
+
+namespace Bit.Infrastructure.EntityFramework.Auth.Configurations;
+
+public class AuthRequestConfiguration : IEntityTypeConfiguration<AuthRequest>
+{
+    public void Configure(EntityTypeBuilder<AuthRequest> builder)
+    {
+        builder.Property(ar => ar.Id).ValueGeneratedNever();
+        builder.ToTable(nameof(AuthRequest));
+    }
+}

src/Infrastructure.EntityFramework/Auth/Models/AuthRequest.cs

@@ -1,4 +1,5 @@
 using AutoMapper;
+using Bit.Core.Auth.Models.Data;
 using Bit.Infrastructure.EntityFramework.Models;
 
 namespace Bit.Infrastructure.EntityFramework.Auth.Models;
@@ -7,6 +8,7 @@ public class AuthRequest : Core.Auth.Entities.AuthRequest
 {
     public virtual User User { get; set; }
     public virtual Device ResponseDevice { get; set; }
+    public virtual Organization Organization { get; set; }
 }
 
 public class AuthRequestMapperProfile : Profile
@@ -14,5 +16,9 @@ public class AuthRequestMapperProfile : Profile
     public AuthRequestMapperProfile()
     {
         CreateMap<Core.Auth.Entities.AuthRequest, AuthRequest>().ReverseMap();
+        CreateProjection<AuthRequest, OrganizationAdminAuthRequest>()
+            .ForMember(m => m.Email, opt => opt.MapFrom(t => t.User.Email))
+            .ForMember(m => m.OrganizationUserId, opt => opt.MapFrom(
+                t => t.User.OrganizationUsers.FirstOrDefault(ou => ou.OrganizationId == t.OrganizationId && ou.UserId == t.UserId).Id));
     }
 }

src/Infrastructure.EntityFramework/Auth/Repositories/AuthRequestRepository.cs

@@ -1,4 +1,7 @@
 using AutoMapper;
+using AutoMapper.QueryableExtensions;
+using Bit.Core.Auth.Enums;
+using Bit.Core.Auth.Models.Data;
 using Bit.Core.Repositories;
 using Bit.Infrastructure.EntityFramework.Auth.Models;
 using Bit.Infrastructure.EntityFramework.Repositories;
@@ -33,4 +36,32 @@ public class AuthRequestRepository : Repository<Core.Auth.Entities.AuthRequest,
             return Mapper.Map<List<Core.Auth.Entities.AuthRequest>>(userAuthRequests);
         }
     }
+
+    public async Task<ICollection<OrganizationAdminAuthRequest>> GetManyPendingByOrganizationIdAsync(Guid organizationId)
+    {
+        using (var scope = ServiceScopeFactory.CreateScope())
+        {
+            var dbContext = GetDatabaseContext(scope);
+            var orgUserAuthRequests = await (from ar in dbContext.AuthRequests
+                                             where ar.OrganizationId.Equals(organizationId) && ar.ResponseDate == null && ar.Type == AuthRequestType.AdminApproval
+                                             select ar).ProjectTo<OrganizationAdminAuthRequest>(Mapper.ConfigurationProvider).ToListAsync();
+
+            return orgUserAuthRequests;
+        }
+    }
+
+    public async Task<ICollection<OrganizationAdminAuthRequest>> GetManyAdminApprovalRequestsByManyIdsAsync(
+        Guid organizationId,
+        IEnumerable<Guid> ids)
+    {
+        using (var scope = ServiceScopeFactory.CreateScope())
+        {
+            var dbContext = GetDatabaseContext(scope);
+            var orgUserAuthRequests = await (from ar in dbContext.AuthRequests
+                                             where ar.OrganizationId.Equals(organizationId) && ids.Contains(ar.Id) && ar.Type == AuthRequestType.AdminApproval
+                                             select ar).ProjectTo<OrganizationAdminAuthRequest>(Mapper.ConfigurationProvider).ToListAsync();
+
+            return orgUserAuthRequests;
+        }
+    }
 }

src/Infrastructure.EntityFramework/Repositories/DatabaseContext.cs

@@ -97,7 +97,6 @@ public class DatabaseContext : DbContext
         var eUser = builder.Entity<User>();
         var eOrganizationApiKey = builder.Entity<OrganizationApiKey>();
         var eOrganizationConnection = builder.Entity<OrganizationConnection>();
-        var eAuthRequest = builder.Entity<AuthRequest>();
         var eOrganizationDomain = builder.Entity<OrganizationDomain>();
 
         eCipher.Property(c => c.Id).ValueGeneratedNever();
@@ -119,7 +118,6 @@ public class DatabaseContext : DbContext
         eUser.Property(c => c.Id).ValueGeneratedNever();
         eOrganizationApiKey.Property(c => c.Id).ValueGeneratedNever();
         eOrganizationConnection.Property(c => c.Id).ValueGeneratedNever();
-        eAuthRequest.Property(ar => ar.Id).ValueGeneratedNever();
         eOrganizationDomain.Property(ar => ar.Id).ValueGeneratedNever();
 
         eCollectionCipher.HasKey(cc => new { cc.CollectionId, cc.CipherId });
@@ -171,7 +169,6 @@ public class DatabaseContext : DbContext
         eUser.ToTable(nameof(User));
         eOrganizationApiKey.ToTable(nameof(OrganizationApiKey));
         eOrganizationConnection.ToTable(nameof(OrganizationConnection));
-        eAuthRequest.ToTable(nameof(AuthRequest));
         eOrganizationDomain.ToTable(nameof(OrganizationDomain));
 
         ConfigureDateTimeUtcQueries(builder);