[AC-1192] Create endpoints for new Device Approvals page (#2993)

* [AC-1192] Create new OrganizationAuthRequestsController.cs

* [AC-1192] Introduce OrganizationAdminAuthRequest model

* [AC-1192] Add GetManyPendingByOrganizationId method to AuthRequest repository

* [AC-1192] Add new list pending organization auth requests endpoint

* [AC-1192] Add new GetManyAdminApprovalsByManyIdsAsync method to the AuthRequestRepository

* [AC-1192] Make the response device identifier optional for admin approval requests

* [AC-1192] Add endpoint for bulk denying admin device auth requests

* [AC-1192] Add OrganizationUserId to PendingOrganizationAuthRequestResponseModel

* [AC-1192] Add UpdateAuthRequest endpoint and logic to OrganizationAuthRequestsController

* [AC-1192] Secure new endpoints behind TDE feature flag

* [AC-1192] Formatting

* [AC-1192] Add sql migration script

* [AC-1192] Add optional OrganizationId column to AuthRequest entity

- Rename migration script to match existing formatting
- Add new column
- Add migration scripts
- Update new sprocs to filter/join on OrganizationId
- Update old sprocs to include OrganizationId

* [AC-1192] Format migration scripts

* [AC-1192] Fix failing AuthRequest EF unit test

* [AC-1192] Make OrganizationId optional in updated AuthRequest sprocs for backwards compatability

* [AC-1192] Fix missing comma in migration file

* [AC-1192] Rename Key to EncryptedUserKey to be more descriptive

* [AC-1192] Move request validation into helper method to reduce repetition

* [AC-1192] Return UnauthorizedAccessException instead of NotFound when user is missing permission

* [AC-1192] Introduce FeatureUnavailableException

* [AC-1192] Introduce RequireFeatureAttribute

* [AC-1192] Utilize the new RequireFeatureAttribute in the OrganizationAuthRequestsController

* [AC-1192] Attempt to fix out of sync database migration by moving new OrganizationId column

* [AC-1192] More attempts to sync database migrations

* [AC-1192] Formatting

* [AC-1192] Remove unused reference to FeatureService

* [AC-1192] Change Id types from String to Guid

* [AC-1192] Add EncryptedString attribute

* [AC-1192] Remove redundant OrganizationId property

* [AC-1192] Switch to projection for OrganizationAdminAuthRequest mapping

- Add new OrganizationUser relationship to EF entity
- Replace AuthRequest DBContext config with new IEntityTypeConfiguration
- Add navigation property to AuthRequest entity configuration for OrganizationUser
- Update EF AuthRequestRepository to use new mapping and navigation properties

* [AC-1192] Remove OrganizationUser navigation property

util/Migrator/DbScripts/2023-06-01_00_TdeAdminApproval.sql

@@ -0,0 +1,193 @@
+--Add OrganizationId Column and Foreign Key
+IF COL_LENGTH('[dbo].[AuthRequest]', 'OrganizationId') IS NULL
+BEGIN
+ALTER TABLE
+    [dbo].[AuthRequest]
+    ADD [OrganizationId] UNIQUEIDENTIFIER NULL;
+    ALTER TABLE 
+    [dbo].[AuthRequest]
+    ADD CONSTRAINT [FK_AuthRequest_Organization] FOREIGN KEY ([OrganizationId]) REFERENCES [dbo].[Organization] ([Id])
+END
+GO
+
+-- Drop and recreate view
+IF EXISTS(SELECT * FROM sys.views WHERE [Name] = 'AuthRequestView')
+    BEGIN
+        DROP VIEW [dbo].[AuthRequestView]
+    END
+GO
+    
+CREATE VIEW [dbo].[AuthRequestView]
+AS
+SELECT
+    *
+FROM
+    [dbo].[AuthRequest]
+GO
+
+--Drop existing SPROC
+IF OBJECT_ID('[dbo].[AuthRequest_Update]') IS NOT NULL
+    BEGIN
+        DROP PROCEDURE [dbo].[AuthRequest_Update]
+    END
+GO
+
+--Create SPROC with OrganizationId column
+CREATE PROCEDURE [dbo].[AuthRequest_Update]
+    @Id UNIQUEIDENTIFIER OUTPUT,
+    @UserId UNIQUEIDENTIFIER,
+    @OrganizationId UNIQUEIDENTIFIER = NULL,
+    @Type SMALLINT, 
+    @RequestDeviceIdentifier NVARCHAR(50),
+    @RequestDeviceType SMALLINT,
+    @RequestIpAddress VARCHAR(50),
+    @ResponseDeviceId UNIQUEIDENTIFIER,
+    @AccessCode VARCHAR(25),
+    @PublicKey VARCHAR(MAX),
+    @Key VARCHAR(MAX),
+    @MasterPasswordHash VARCHAR(MAX),
+    @Approved BIT,
+    @CreationDate DATETIME2 (7),
+    @ResponseDate DATETIME2 (7),
+    @AuthenticationDate DATETIME2 (7)    
+AS
+BEGIN
+    SET NOCOUNT ON
+
+UPDATE
+    [dbo].[AuthRequest]
+SET
+    [UserId] = @UserId,
+    [Type] = @Type,
+    [OrganizationId] = @OrganizationId,
+    [RequestDeviceIdentifier] = @RequestDeviceIdentifier,
+    [RequestDeviceType] = @RequestDeviceType,
+    [RequestIpAddress] = @RequestIpAddress,
+    [ResponseDeviceId] = @ResponseDeviceId,
+    [AccessCode] = @AccessCode,
+    [PublicKey] = @PublicKey,
+    [Key] = @Key,
+    [MasterPasswordHash] = @MasterPasswordHash,
+    [Approved] = @Approved,
+    [CreationDate] = @CreationDate,
+    [ResponseDate] = @ResponseDate,
+    [AuthenticationDate] = @AuthenticationDate
+WHERE
+    [Id] = @Id
+END
+GO
+    
+--Drop existing SPROC
+IF OBJECT_ID('[dbo].[AuthRequest_Create]') IS NOT NULL
+BEGIN
+        DROP PROCEDURE [dbo].[AuthRequest_Create]
+END
+GO
+    
+--Create SPROC with OrganizationId column
+CREATE PROCEDURE [dbo].[AuthRequest_Create]
+    @Id UNIQUEIDENTIFIER OUTPUT,
+    @UserId UNIQUEIDENTIFIER,
+    @OrganizationId UNIQUEIDENTIFIER = NULL,
+    @Type TINYINT,
+    @RequestDeviceIdentifier NVARCHAR(50),
+    @RequestDeviceType TINYINT,
+    @RequestIpAddress VARCHAR(50),
+    @ResponseDeviceId UNIQUEIDENTIFIER,
+    @AccessCode VARCHAR(25),
+    @PublicKey VARCHAR(MAX),
+    @Key VARCHAR(MAX),
+    @MasterPasswordHash VARCHAR(MAX),
+    @Approved BIT,
+    @CreationDate DATETIME2(7),
+    @ResponseDate DATETIME2(7),
+    @AuthenticationDate DATETIME2(7)
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    INSERT INTO [dbo].[AuthRequest]
+    (
+        [Id],
+        [UserId],
+        [OrganizationId],
+        [Type],
+        [RequestDeviceIdentifier],
+        [RequestDeviceType],
+        [RequestIpAddress],
+        [ResponseDeviceId],
+        [AccessCode],
+        [PublicKey],
+        [Key],
+        [MasterPasswordHash],
+        [Approved],
+        [CreationDate],
+        [ResponseDate],
+        [AuthenticationDate]
+    )
+    VALUES
+    (
+        @Id,
+        @UserId,
+        @OrganizationId,
+        @Type,
+        @RequestDeviceIdentifier,
+        @RequestDeviceType,
+        @RequestIpAddress,
+        @ResponseDeviceId,
+        @AccessCode,
+        @PublicKey,
+        @Key,
+        @MasterPasswordHash,
+        @Approved,
+        @CreationDate,
+        @ResponseDate,
+        @AuthenticationDate
+    )
+END
+Go
+    
+-- New SPROC
+CREATE OR ALTER PROCEDURE [dbo].[AuthRequest_ReadAdminApprovalsByIds]
+	@OrganizationId UNIQUEIDENTIFIER,
+	@Ids AS [dbo].[GuidIdArray] READONLY
+AS
+BEGIN
+    SET NOCOUNT ON
+
+SELECT
+    ar.*, ou.[Email], ou.[Id] AS [OrganizationUserId]
+FROM
+    [dbo].[AuthRequestView] ar
+    INNER JOIN
+        [dbo].[OrganizationUser] ou ON ou.[UserId] = ar.[UserId] AND ou.[OrganizationId] = ar.[OrganizationId]
+    WHERE
+        ar.[OrganizationId] = @OrganizationId
+    AND
+        ar.[Type] = 2 -- AdminApproval
+    AND
+        ar.[Id] IN (SELECT [Id] FROM @Ids)
+END
+GO
+
+-- New SPROC
+CREATE OR ALTER PROCEDURE [dbo].[AuthRequest_ReadPendingByOrganizationId]
+    @OrganizationId UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+
+SELECT
+    ar.*, ou.[Email], ou.[OrganizationId], ou.[Id] AS [OrganizationUserId]
+FROM
+    [dbo].[AuthRequestView] ar
+    INNER JOIN
+        [dbo].[OrganizationUser] ou ON ou.[UserId] = ar.[UserId] AND ou.[OrganizationId] = ar.[OrganizationId]
+    WHERE
+        ar.[OrganizationId] = @OrganizationId
+    AND
+        ar.[ResponseDate] IS NULL
+    AND
+        ar.[Type] = 2 -- AdminApproval
+END
+GO