[PM-10317] Email Users For Org Claiming Domain (#5094)

* Revoking users when enabling single org and 2fa policies. Fixing tests. * Added migration. * Wrote tests and fixed bugs found. * Patch build process * Fixing tests. * Added unit test around disabling the feature flag. * Updated error message to be public and added test for validating the request. * formatting * Added some tests for single org policy validator. * Fix issues from merge. * Added sending emails to revoked non-compliant users. * Fixing name. Adding two factor policy email. * Send email when user has been revoked. * Correcting migration name. * Fixing templates and logic issue in Revoke command. * Moving interface into its own file. * Correcting namespaces for email templates. * correcting logic that would not allow normal users to revoke non owners. * Actually correcting the test and logic. * dotnet format. Added exec to bottom of bulk sproc * Update src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/RevokeNonCompliantOrganizationUserCommand.cs Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com> * Updated OrgIds to be a json string * Fixing errors. * Updating test * Moving command result. * Formatting and request rename * Realized this would throw a null error from the system domain verification. Adding unknown type to event system user. Adding optional parameter to SaveAsync in policy service in order to pass in event system user. * Code review changes * Removing todos * Corrected test name. * Syncing filename to record name. * Fixing up the tests. * Added happy path test * Naming corrections. And corrected EF query. * added check against event service * Code review changes. * Fixing tests. * splitting up tests * Added templates and email side effect for claiming a domain. * bringing changes from nc user changes. * Switched to enqueue mail message. * Filled in DomainClaimedByOrganization.html.hbs * Added text document for domain claiming * Fixing migration script. * Remove old sproc * Limiting sending of the email down to users who are a part of the domain being claimed. * Added test for change * Renames and fixed up email. * Fixing up CSS --------- Co-authored-by: Matt Bishop <mbishop@bitwarden.com> Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com> Co-authored-by: Rui Tome <rtome@bitwarden.com>
2025-07-01 08:02:49 -05:00 · 2024-12-05 08:59:35 -06:00
parent 04f9d7dd8e
commit f471fffe42
9 changed files with 145 additions and 9 deletions
--- a/src/Core/AdminConsole/OrganizationFeatures/OrganizationDomains/VerifyOrganizationDomainCommand.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationDomains/VerifyOrganizationDomainCommand.cs
@ -7,6 +7,7 @@ using Bit.Core.Context;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
+using Bit.Core.Models.Data.Organizations;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
 using Bit.Core.Settings;
@ -22,11 +23,12 @@ public class VerifyOrganizationDomainCommand(
    IFeatureService featureService,
    ICurrentContext currentContext,
    ISavePolicyCommand savePolicyCommand,
+    IMailService mailService,
+    IOrganizationUserRepository organizationUserRepository,
+    IOrganizationRepository organizationRepository,
    ILogger<VerifyOrganizationDomainCommand> logger)
    : IVerifyOrganizationDomainCommand
 {
-
-
    public async Task<OrganizationDomain> UserVerifyOrganizationDomainAsync(OrganizationDomain organizationDomain)
    {
        if (currentContext.UserId is null)
@ -109,7 +111,7 @@ public class VerifyOrganizationDomainCommand(
            {
                domain.SetVerifiedDate();

-                await EnableSingleOrganizationPolicyAsync(domain.OrganizationId, actingUser);
+                await DomainVerificationSideEffectsAsync(domain, actingUser);
            }
        }
        catch (Exception e)
@ -121,19 +123,37 @@ public class VerifyOrganizationDomainCommand(
        return domain;
    }

-    private async Task EnableSingleOrganizationPolicyAsync(Guid organizationId, IActingUser actingUser)
+    private async Task DomainVerificationSideEffectsAsync(OrganizationDomain domain, IActingUser actingUser)
    {
        if (featureService.IsEnabled(FeatureFlagKeys.AccountDeprovisioning))
        {
-            var policyUpdate = new PolicyUpdate
+            await EnableSingleOrganizationPolicyAsync(domain.OrganizationId, actingUser);
+            await SendVerifiedDomainUserEmailAsync(domain);
+        }
+    }
+
+    private async Task EnableSingleOrganizationPolicyAsync(Guid organizationId, IActingUser actingUser) =>
+        await savePolicyCommand.SaveAsync(
+            new PolicyUpdate
            {
                OrganizationId = organizationId,
                Type = PolicyType.SingleOrg,
                Enabled = true,
                PerformedBy = actingUser
-            };
+            });

-            await savePolicyCommand.SaveAsync(policyUpdate);
-        }
+    private async Task SendVerifiedDomainUserEmailAsync(OrganizationDomain domain)
+    {
+        var orgUserUsers = await organizationUserRepository.GetManyDetailsByOrganizationAsync(domain.OrganizationId);
+
+        var domainUserEmails = orgUserUsers
+            .Where(ou => ou.Email.ToLower().EndsWith($"@{domain.DomainName.ToLower()}") &&
+                         ou.Status != OrganizationUserStatusType.Revoked &&
+                         ou.Status != OrganizationUserStatusType.Invited)
+            .Select(ou => ou.Email);
+
+        var organization = await organizationRepository.GetByIdAsync(domain.OrganizationId);
+
+        await mailService.SendClaimedDomainUserEmailAsync(new ManagedUserDomainClaimedEmails(domainUserEmails, organization));
    }
 }