diff --git a/bitwarden_license/src/Scim/Models/ScimUserRequestModel.cs b/bitwarden_license/src/Scim/Models/ScimUserRequestModel.cs index 6446af81de..9e17890365 100644 --- a/bitwarden_license/src/Scim/Models/ScimUserRequestModel.cs +++ b/bitwarden_license/src/Scim/Models/ScimUserRequestModel.cs @@ -32,7 +32,8 @@ public class ScimUserRequestModel : BaseScimUserModel public InviteOrganizationUsersRequest ToRequest( ScimProviderType scimProvider, InviteOrganization inviteOrganization, - DateTimeOffset performedAt) + DateTimeOffset performedAt, + bool hasSecretsManagerStandalone) { var email = EmailForInvite(scimProvider); @@ -47,7 +48,7 @@ public class ScimUserRequestModel : BaseScimUserModel new Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Models.OrganizationUserInvite( email: email, externalId: ExternalIdForInvite(), - accessSecretsManager: false // TODO do something about this + accessSecretsManager: hasSecretsManagerStandalone ) ], inviteOrganization: inviteOrganization, diff --git a/bitwarden_license/src/Scim/Users/PostUserCommand.cs b/bitwarden_license/src/Scim/Users/PostUserCommand.cs index 7faf7096c9..cb5f9a2efe 100644 --- a/bitwarden_license/src/Scim/Users/PostUserCommand.cs +++ b/bitwarden_license/src/Scim/Users/PostUserCommand.cs @@ -63,10 +63,24 @@ public class PostUserCommand( return null; } + var hasSecretsManagerStandalone = await paymentService.HasSecretsManagerStandalone(organization); + var request = model.ToRequest( scimProvider: scimProvider, inviteOrganization: new InviteOrganization(organization, plan), - performedAt: timeProvider.GetUtcNow()); + performedAt: timeProvider.GetUtcNow(), + hasSecretsManagerStandalone); + + var orgUsers = + await organizationUserRepository.GetManyDetailsByOrganizationAsync( + request.InviteOrganization.OrganizationId); + + if (orgUsers.Any(existingUser => + request.Invites.First().Email.Equals(existingUser.Email, StringComparison.OrdinalIgnoreCase) || + request.Invites.First().ExternalId.Equals(existingUser.ExternalId, StringComparison.OrdinalIgnoreCase))) + { + throw new ConflictException("User already exists."); + } var result = await inviteOrganizationUsersCommand.InviteScimOrganizationUserAsync(request); diff --git a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/InviteOrganizationUsersCommand.cs b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/InviteOrganizationUsersCommand.cs index 6831baca97..d6fe2bb56b 100644 --- a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/InviteOrganizationUsersCommand.cs +++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/InviteOrganizationUsersCommand.cs @@ -1,6 +1,5 @@ using Bit.Core.AdminConsole.Entities; using Bit.Core.AdminConsole.Interfaces; -using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Errors; using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Models; using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Validation; using Bit.Core.AdminConsole.Shared.Validation; @@ -44,20 +43,6 @@ public class InviteOrganizationUsersCommand(IEventService eventService, public async Task> InviteScimOrganizationUserAsync(InviteOrganizationUsersRequest request) { - var hasSecretsManagerStandalone = await paymentService.HasSecretsManagerStandalone(request.InviteOrganization); - - // Maybe move this all back up - var orgUsers = await organizationUserRepository.GetManyDetailsByOrganizationAsync(request.InviteOrganization.OrganizationId); - - if (orgUsers.Any(existingUser => - request.Invites.First().Email.Equals(existingUser.Email, StringComparison.InvariantCultureIgnoreCase) || - request.Invites.First().ExternalId.Equals(existingUser.ExternalId, StringComparison.InvariantCultureIgnoreCase))) - { - return new Failure( - new UserAlreadyExistsError(new ScimInviteOrganizationUsersResponse(request))); - } - // end of move - var result = await InviteOrganizationUsersAsync(request); switch (result)