From cf16be16c6184b0ae773ffb77838eb315da7a7da Mon Sep 17 00:00:00 2001
From: Kyle Spearrin <kspearrin@users.noreply.github.com>
Date: Thu, 21 Jul 2022 13:44:27 -0400
Subject: [PATCH] SCIM: Associate users to group on PUT/POST (#2139)

* associate users to group on PUT/POST

* fix logic
---
 .../Scim/Controllers/v2/GroupsController.cs   | 32 +++++++++++++++++++
 .../src/Scim/Models/ScimGroupRequestModel.cs  |  8 +++++
 2 files changed, 40 insertions(+)

diff --git a/bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs b/bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs
index 46c25839ae..1423a2c72d 100644
--- a/bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs
+++ b/bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs
@@ -1,4 +1,5 @@
 using System.Text.Json;
+using Bit.Core.Entities;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
 using Bit.Scim.Context;
@@ -126,6 +127,7 @@ namespace Bit.Scim.Controllers.v2
 
             var group = model.ToGroup(organizationId);
             await _groupService.SaveAsync(group, null);
+            await UpdateGroupMembersAsync(group, model, true);
             var response = new ScimGroupResponseModel(group);
             return new CreatedResult(Url.Action(nameof(Get), new { group.OrganizationId, group.Id }), response);
         }
@@ -145,6 +147,7 @@ namespace Bit.Scim.Controllers.v2
 
             group.Name = model.DisplayName;
             await _groupService.SaveAsync(group);
+            await UpdateGroupMembersAsync(group, model, false);
             return new ObjectResult(new ScimGroupResponseModel(group));
         }
 
@@ -295,5 +298,34 @@ namespace Bit.Scim.Controllers.v2
             }
             return null;
         }
+
+        private async Task UpdateGroupMembersAsync(Group group, ScimGroupRequestModel model, bool skipIfEmpty)
+        {
+            if (_scimContext.RequestScimProvider != Core.Enums.ScimProviderType.Okta)
+            {
+                return;
+            }
+
+            if (model.Members == null)
+            {
+                return;
+            }
+
+            var memberIds = new List<Guid>();
+            foreach (var id in model.Members.Select(i => i.Value))
+            {
+                if (Guid.TryParse(id, out var guidId))
+                {
+                    memberIds.Add(guidId);
+                }
+            }
+
+            if (!memberIds.Any() && skipIfEmpty)
+            {
+                return;
+            }
+
+            await _groupRepository.UpdateUsersAsync(group.Id, memberIds);
+        }
     }
 }
diff --git a/bitwarden_license/src/Scim/Models/ScimGroupRequestModel.cs b/bitwarden_license/src/Scim/Models/ScimGroupRequestModel.cs
index 93361066c4..6de96655b0 100644
--- a/bitwarden_license/src/Scim/Models/ScimGroupRequestModel.cs
+++ b/bitwarden_license/src/Scim/Models/ScimGroupRequestModel.cs
@@ -19,5 +19,13 @@ namespace Bit.Scim.Models
                 OrganizationId = organizationId
             };
         }
+
+        public List<GroupMembersModel> Members { get; set; }
+
+        public class GroupMembersModel
+        {
+            public string Value { get; set; }
+            public string Display { get; set; }
+        }
     }
 }