From a605dc7286d21b1a18509eba2d260b8a09c57997 Mon Sep 17 00:00:00 2001
From: Matt Gibson <mgibson@bitwarden.com>
Date: Wed, 10 Nov 2021 15:39:39 -0500
Subject: [PATCH] Use organization and auth to find organization sponsorship

---
 .../OrganizationSponsorshipsController.cs            | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/Api/Controllers/OrganizationSponsorshipsController.cs b/src/Api/Controllers/OrganizationSponsorshipsController.cs
index 58759f4e8c..64964df13d 100644
--- a/src/Api/Controllers/OrganizationSponsorshipsController.cs
+++ b/src/Api/Controllers/OrganizationSponsorshipsController.cs
@@ -116,21 +116,21 @@ namespace Bit.Api.Controllers
             await _organizationsSponsorshipService.SetUpSponsorshipAsync(existingSponsorshipOffer, organizationToSponsor);
         }
 
-        [HttpDelete("{sponsoringOrgUserId}")]
-        [HttpPost("{sponsoringOrgUserId}/delete")]
+        [HttpDelete("{sponsoringOrganizationId}")]
+        [HttpPost("{sponsoringOrganizationId}/delete")]
         [SelfHosted(NotSelfHostedOnly = true)]
-        public async Task RevokeSponsorship(string sponsoringOrgUserId)
+        public async Task RevokeSponsorship(string sponsoringOrganizationId)
         {
-            var sponsoringOrgUserIdGuid = new Guid(sponsoringOrgUserId);
+            var sponsoringOrganizationIdGuid = new Guid(sponsoringOrganizationId);
 
-            var orgUser = await _organizationUserRepository.GetByIdAsync(sponsoringOrgUserIdGuid);
+            var orgUser = await _organizationUserRepository.GetByOrganizationAsync(sponsoringOrganizationIdGuid, _currentContext.UserId ?? default);
             if (_currentContext.UserId != orgUser?.UserId)
             {
                 throw new BadRequestException("Can only revoke a sponsorship you granted.");
             }
 
             var existingOrgSponsorship = await _organizationSponsorshipRepository
-                .GetBySponsoringOrganizationUserIdAsync(sponsoringOrgUserIdGuid);
+                .GetBySponsoringOrganizationUserIdAsync(orgUser.Id);
             if (existingOrgSponsorship == null || existingOrgSponsorship.SponsoredOrganizationId == null)
             {
                 throw new BadRequestException("You are not currently sponsoring an organization.");