[SM-1211] Adding API endpoint to send out Access Request for SM to Admins, addi… (#4155)

* Adding API endpoint to send out Access Request for SM to Admins, adding email template

* Fixing email template HTML, adding tests

* fixing tests

* fixing lint

* Moving files to proper locations

* fixing build error relating to not removing some old code

* Updating namespaces and removing unused using statements

* Dependency injection fix

* Fixing tests and moving them to proper files

* lint

* format fixes

* dotnet format fix

* small fixes

* removing using directive's that aren't needed

* Update bitwarden_license/test/Commercial.Core.Test/SecretsManager/Commands/PasswordManager/RequestSMAccessCommandTests.cs

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Update src/Core/MailTemplates/Handlebars/SecretsManagerAccessRequest.text.hbs

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Update bitwarden_license/src/Commercial.Core/SecretsManager/Commands/PasswordManager/RequestSMAccessCommand.cs

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Changes requested by Thomas

* Lint fixes

* Suggested changes from Maceij

* Current state of tests

* Fixing tests and getting the core.csproj file from main

* Reverting csproj file change

* Removing usings directory

* dotnet format

* Fixing test

* Update bitwarden_license/test/Commercial.Core.Test/SecretsManager/Commands/Requests/RequestSMAccessCommandTests.cs

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Update test/Api.Test/SecretsManager/Controllers/RequestSMAccessControllerTests.cs

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Thomas requested changes

* Fixing 500 error when user name is null

* Prettier error message if user sends over an whitespace string

* Fixing word wrapping issue in email contents

---------

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

src/Api/SecretsManager/Controllers/RequestSMAccessController.cs

@@ -0,0 +1,55 @@
+using Bit.Api.SecretsManager.Models.Request;
+using Bit.Core.Context;
+using Bit.Core.Exceptions;
+using Bit.Core.Repositories;
+using Bit.Core.SecretsManager.Commands.Requests.Interfaces;
+using Bit.Core.Services;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+
+namespace Bit.Api.SecretsManager.Controllers;
+
+[Route("request-access")]
+[Authorize("Web")]
+public class RequestSMAccessController : Controller
+{
+    private readonly IRequestSMAccessCommand _requestSMAccessCommand;
+    private readonly IUserService _userService;
+    private readonly IOrganizationRepository _organizationRepository;
+    private readonly IOrganizationUserRepository _organizationUserRepository;
+    private readonly ICurrentContext _currentContext;
+
+    public RequestSMAccessController(
+        IRequestSMAccessCommand requestSMAccessCommand, IUserService userService, IOrganizationRepository organizationRepository, IOrganizationUserRepository organizationUserRepository, ICurrentContext currentContext)
+    {
+        _requestSMAccessCommand = requestSMAccessCommand;
+        _userService = userService;
+        _organizationRepository = organizationRepository;
+        _organizationUserRepository = organizationUserRepository;
+        _currentContext = currentContext;
+    }
+
+    [HttpPost("request-sm-access")]
+    public async Task RequestSMAccessFromAdmins([FromBody] RequestSMAccessRequestModel model)
+    {
+        var user = await _userService.GetUserByPrincipalAsync(User);
+        if (user == null)
+        {
+            throw new UnauthorizedAccessException();
+        }
+
+        if (!await _currentContext.OrganizationUser(model.OrganizationId))
+        {
+            throw new NotFoundException();
+        }
+
+        var organization = await _organizationRepository.GetByIdAsync(model.OrganizationId);
+        if (organization == null)
+        {
+            throw new NotFoundException();
+        }
+
+        var orgUsers = await _organizationUserRepository.GetManyDetailsByOrganizationAsync(organization.Id);
+        await _requestSMAccessCommand.SendRequestAccessToSM(organization, orgUsers, user, model.EmailContent);
+    }
+}

src/Api/SecretsManager/Models/Request/RequestSMAccessRequestModel.cs

@@ -0,0 +1,11 @@
+using System.ComponentModel.DataAnnotations;
+
+namespace Bit.Api.SecretsManager.Models.Request;
+
+public class RequestSMAccessRequestModel
+{
+    [Required]
+    public Guid OrganizationId { get; set; }
+    [Required(ErrorMessage = "Add a note is a required field")]
+    public string EmailContent { get; set; }
+}

src/Core/MailTemplates/Handlebars/SecretsManagerAccessRequest.html.hbs

@@ -0,0 +1,27 @@
+{{#>FullHtmlLayout}}
+
+<table width="100%" cellpadding="0" cellspacing="0" style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
+    <tr style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
+        <td class="content-block" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; padding: 0; -webkit-text-size-adjust: none;" valign="top">
+            {{UserNameRequestingAccess}} has requested access to secrets manager for {{OrgName}}: <br /><br />
+            <pre style="white-space: pre-wrap; word-wrap: break-word; background-color: #ECECEC; max-width: 700px; border-radius: 10px; padding: 1em; margin-bottom: 2em;">{{EmailContent}} - {{UserNameRequestingAccess}}</pre>
+        </td>
+        <br/>
+    </tr>
+    <tr style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
+        <td class="content-block" style="margin-bottom:1em; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; padding: 0; -webkit-text-size-adjust: none;" valign="top" align="left">
+            <a href="https://bitwarden.com/contact-sales/?utm_source=sm_request_access_email&utm_medium=email" clicktracking=off target="_blank" rel="noopener" style="color: #ffffff; text-decoration: none; text-align: center; cursor: pointer; display: inline-block; border-radius: 5px; background-color: #175DDC; border-color: #175DDC; border-style: solid; border-width: 10px 20px; margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
+                Contact Bitwarden
+            </a>
+            <br/>
+        </td>
+    </tr>
+    <tr style="margin-top:1em; margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
+        <td class="content-block last" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; padding: 0; -webkit-text-size-adjust: none; font-weight: bold;" valign="top">
+            <br/> Stay safe and secure,<br style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;" />
+            The Bitwarden Team
+        </td>
+    </tr>
+</table>
+
+{{/FullHtmlLayout}}

src/Core/MailTemplates/Handlebars/SecretsManagerAccessRequest.text.hbs

@@ -0,0 +1,17 @@
+{{#>FullTextLayout}}
+
+{{UserNameRequestingAccess}} has requested access to secrets manager for {{OrgName}}:
+
+============
+
+{{EmailContent}} - {{UserNameRequestingAccess}}
+
+============
+
+Contact Bitwarden (https://bitwarden.com/contact-sales/?utm_source=sm_request_access_email&utm_medium=email)
+
+============
+
+Stay safe and secure,
+The Bitwarden Team
+{{/FullTextLayout}}

src/Core/SecretsManager/Commands/Requests/Interfaces/IRequestSMAccessCommand.cs

@@ -0,0 +1,10 @@
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.Entities;
+using Bit.Core.Models.Data.Organizations.OrganizationUsers;
+
+namespace Bit.Core.SecretsManager.Commands.Requests.Interfaces;
+
+public interface IRequestSMAccessCommand
+{
+    Task SendRequestAccessToSM(Organization organization, ICollection<OrganizationUserUserDetails> orgUsers, User user, string emailContent);
+}

src/Core/SecretsManager/Models/Mail/RequestSecretsManagerAccessViewModel.cs

@@ -0,0 +1,10 @@
+using Bit.Core.Models.Mail;
+
+namespace Bit.Core.SecretsManager.Models.Mail;
+
+public class RequestSecretsManagerAccessViewModel : BaseMailModel
+{
+    public string UserNameRequestingAccess { get; set; }
+    public string OrgName { get; set; }
+    public string EmailContent { get; set; }
+}

src/Core/Services/IMailService.cs

@@ -81,5 +81,6 @@ public interface IMailService
     Task SendTrialInitiationEmailAsync(string email);
     Task SendInitiateDeletProviderEmailAsync(string email, Provider provider, string token);
     Task SendInitiateDeleteOrganzationEmailAsync(string email, Organization organization, string token);
+    Task SendRequestSMAccessToAdminEmailAsync(IEnumerable<string> adminEmails, string organizationName, string userRequestingAccess, string emailContent);
 }
 

src/Core/Services/Implementations/HandlebarsMailService.cs

@@ -8,6 +8,7 @@ using Bit.Core.Entities;
 using Bit.Core.Models.Mail;
 using Bit.Core.Models.Mail.FamiliesForEnterprise;
 using Bit.Core.Models.Mail.Provider;
+using Bit.Core.SecretsManager.Models.Mail;
 using Bit.Core.Settings;
 using Bit.Core.Utilities;
 using HandlebarsDotNet;
@@ -395,6 +396,20 @@ public class HandlebarsMailService : IMailService
         await _mailDeliveryService.SendEmailAsync(message);
     }
 
+    public async Task SendRequestSMAccessToAdminEmailAsync(IEnumerable<string> emails, string organizationName, string requestingUserName, string emailContent)
+    {
+        var message = CreateDefaultMessage("Access Requested for Secrets Manager", emails);
+        var model = new RequestSecretsManagerAccessViewModel
+        {
+            OrgName = CoreHelpers.SanitizeForEmail(organizationName, false),
+            UserNameRequestingAccess = CoreHelpers.SanitizeForEmail(requestingUserName, false),
+            EmailContent = CoreHelpers.SanitizeForEmail(emailContent, false),
+        };
+        await AddMessageContentAsync(message, "SecretsManagerAccessRequest", model);
+        message.Category = "SecretsManagerAccessRequest";
+        await _mailDeliveryService.SendEmailAsync(message);
+    }
+
     public async Task SendNewDeviceLoggedInEmail(string email, string deviceType, DateTime timestamp, string ip)
     {
         var message = CreateDefaultMessage($"New Device Logged In From {deviceType}", email);

src/Core/Services/NoopImplementations/NoopMailService.cs

@@ -280,5 +280,6 @@ public class NoopMailService : IMailService
     {
         return Task.FromResult(0);
     }
+    public Task SendRequestSMAccessToAdminEmailAsync(IEnumerable<string> adminEmails, string organizationName, string userRequestingAccess, string emailContent) => throw new NotImplementedException();
 }