[PM-3797 Part 5] Add reset password keys to key rotation (#3445)

* Add reset password validator with tests

* add organization user rotation methods to repository
- move organization user TVP helper to admin console ownership

* rename account recovery to reset password

* formatting

* move registration of RotateUserKeyCommand to Core and make internal

* add admin console ValidatorServiceCollectionExtensions

src/Infrastructure.Dapper/AdminConsole/Helpers/OrganizationUserHelpers.cs

@@ -0,0 +1,34 @@
+using System.Data;
+using Bit.Core.Entities;
+using Dapper;
+
+namespace Bit.Infrastructure.Dapper.AdminConsole.Helpers;
+
+public static class OrganizationUserHelpers
+{
+    public static DataTable ToTvp(this IEnumerable<OrganizationUser> orgUsers)
+    {
+        var table = new DataTable();
+        table.SetTypeName("[dbo].[OrganizationUserType2]");
+
+        var columnData = new List<(string name, Type type, Func<OrganizationUser, object> getter)>
+        {
+            (nameof(OrganizationUser.Id), typeof(Guid), ou => ou.Id),
+            (nameof(OrganizationUser.OrganizationId), typeof(Guid), ou => ou.OrganizationId),
+            (nameof(OrganizationUser.UserId), typeof(Guid), ou => ou.UserId),
+            (nameof(OrganizationUser.Email), typeof(string), ou => ou.Email),
+            (nameof(OrganizationUser.Key), typeof(string), ou => ou.Key),
+            (nameof(OrganizationUser.Status), typeof(byte), ou => ou.Status),
+            (nameof(OrganizationUser.Type), typeof(byte), ou => ou.Type),
+            (nameof(OrganizationUser.AccessAll), typeof(bool), ou => ou.AccessAll),
+            (nameof(OrganizationUser.ExternalId), typeof(string), ou => ou.ExternalId),
+            (nameof(OrganizationUser.CreationDate), typeof(DateTime), ou => ou.CreationDate),
+            (nameof(OrganizationUser.RevisionDate), typeof(DateTime), ou => ou.RevisionDate),
+            (nameof(OrganizationUser.Permissions), typeof(string), ou => ou.Permissions),
+            (nameof(OrganizationUser.ResetPasswordKey), typeof(string), ou => ou.ResetPasswordKey),
+            (nameof(OrganizationUser.AccessSecretsManager), typeof(bool), ou => ou.AccessSecretsManager),
+        };
+
+        return orgUsers.BuildTable(table, columnData);
+    }
+}

src/Infrastructure.Dapper/AdminConsole/Repositories/OrganizationUserRepository.cs

@@ -2,12 +2,14 @@
 using System.Text.Json;
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Enums;
+using Bit.Core.Auth.UserFeatures.UserKey;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Models.Data;
 using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 using Bit.Core.Repositories;
 using Bit.Core.Settings;
+using Bit.Infrastructure.Dapper.AdminConsole.Helpers;
 using Dapper;
 using Microsoft.Data.SqlClient;
 
@@ -520,4 +522,32 @@ public class OrganizationUserRepository : Repository<OrganizationUser, Guid>, IO
             return results.ToList();
         }
     }
+
+    /// <inheritdoc />
+    public UpdateEncryptedDataForKeyRotation UpdateForKeyRotation(
+        Guid userId, IEnumerable<OrganizationUser> resetPasswordKeys)
+    {
+        return async (SqlConnection connection, SqlTransaction transaction) =>
+        {
+            const string sql = @"
+                            UPDATE
+                                [dbo].[OrganizationUser]
+                            SET
+                                [ResetPasswordKey] = AR.[ResetPasswordKey]
+                            FROM
+                                [dbo].[OrganizationUser] OU
+                            INNER JOIN
+                                @ResetPasswordKeys AR ON OU.Id = AR.Id
+                            WHERE
+                                OU.[UserId] = @UserId";
+
+            var organizationUsersTVP = resetPasswordKeys.ToTvp();
+
+            await connection.ExecuteAsync(
+                sql,
+                new { UserId = userId, resetPasswordKeys = organizationUsersTVP },
+                transaction: transaction,
+                commandType: CommandType.Text);
+        };
+    }
 }

src/Infrastructure.Dapper/DapperHelpers.cs

@@ -59,32 +59,6 @@ public static class DapperHelpers
         return table;
     }
 
-    public static DataTable ToTvp(this IEnumerable<OrganizationUser> orgUsers)
-    {
-        var table = new DataTable();
-        table.SetTypeName("[dbo].[OrganizationUserType2]");
-
-        var columnData = new List<(string name, Type type, Func<OrganizationUser, object> getter)>
-        {
-            (nameof(OrganizationUser.Id), typeof(Guid), ou => ou.Id),
-            (nameof(OrganizationUser.OrganizationId), typeof(Guid), ou => ou.OrganizationId),
-            (nameof(OrganizationUser.UserId), typeof(Guid), ou => ou.UserId),
-            (nameof(OrganizationUser.Email), typeof(string), ou => ou.Email),
-            (nameof(OrganizationUser.Key), typeof(string), ou => ou.Key),
-            (nameof(OrganizationUser.Status), typeof(byte), ou => ou.Status),
-            (nameof(OrganizationUser.Type), typeof(byte), ou => ou.Type),
-            (nameof(OrganizationUser.AccessAll), typeof(bool), ou => ou.AccessAll),
-            (nameof(OrganizationUser.ExternalId), typeof(string), ou => ou.ExternalId),
-            (nameof(OrganizationUser.CreationDate), typeof(DateTime), ou => ou.CreationDate),
-            (nameof(OrganizationUser.RevisionDate), typeof(DateTime), ou => ou.RevisionDate),
-            (nameof(OrganizationUser.Permissions), typeof(string), ou => ou.Permissions),
-            (nameof(OrganizationUser.ResetPasswordKey), typeof(string), ou => ou.ResetPasswordKey),
-            (nameof(OrganizationUser.AccessSecretsManager), typeof(bool), ou => ou.AccessSecretsManager),
-        };
-
-        return orgUsers.BuildTable(table, columnData);
-    }
-
     public static DataTable ToTvp(this IEnumerable<OrganizationSponsorship> organizationSponsorships)
     {
         var table = new DataTable();