* Refactor: Update metadata in OrganizationSignup and OrganizationUpgrade
This commit moves the IsFromSecretsManagerTrial flag from the OrganizationUpgrade to the OrganizationSignup because it will only be passed in on organization creation. Additionally, it removes the nullable boolean 'provider' flag passed to OrganizationService.SignUpAsync and instead adds that boolean flag to the OrganizationSignup which seems more appropriate.
* Introduce OrganizationSale
While I'm trying to ingrain a singular model that can be used to purchase or upgrade organizations, I disliked my previously implemented OrganizationSubscriptionPurchase for being a little too wordy and specific. This sale class aligns more closely with the work we need to complete against Stripe and also uses a private constructor so that it can only be created and utilized via an Organiztion and either OrganizationSignup or OrganizationUpgrade object.
* Use OrganizationSale in OrganizationBillingService
This commit renames the OrganizationBillingService.PurchaseSubscription to Finalize and passes it the OrganizationSale object. It also updates the method so that, if the organization already has a customer, it retrieves that customer instead of automatically trying to create one which we'll need for upgraded free organizations.
* Add functionality for free organization upgrade
This commit adds an UpdatePaymentMethod to the OrganizationBillingService that will check if a customer exists for the organization and if not, creates one with the updated payment source and tax information. Then, in the UpgradeOrganizationPlanCommand, we can use the OrganizationUpgrade to get an OrganizationSale and finalize it, which will create a subscription using the customer created as part of the payment method update that takes place right before it on the client-side. Additionally, it adds some tax ID backfill logic to SubscriberService.UpdateTaxInformation
* (No Logic) Re-order OrganizationBillingService methods alphabetically
* (No Logic) Run dotnet format
* Add HasVerifiedDomainsAsync method to IOrganizationDomainService
* Add GetManagedUserIdsByOrganizationIdAsync method to IOrganizationUserRepository and the corresponding queries
* Fix case on the sproc OrganizationUser_ReadManagedIdsByOrganizationId parameter
* Update the EF query to use the Email from the User table
* dotnet format
* Fix IOrganizationDomainService.HasVerifiedDomainsAsync by checking that domains have been Verified and add unit tests
* Rename IOrganizationUserRepository.GetManagedUserIdsByOrganizationAsync
* Fix domain queries
* Add OrganizationUserRepository integration tests
* Add summary to IOrganizationDomainService.HasVerifiedDomainsAsync
* chore: Rename IOrganizationUserRepository.GetManagedUserIdsByOrganizationAsync to GetManyIdsManagedByOrganizationIdAsync
* Add IsManagedByAnyOrganizationAsync method to IUserRepository
* Add integration tests for UserRepository.IsManagedByAnyOrganizationAsync
* Refactor to IUserService.IsManagedByAnyOrganizationAsync and IOrganizationService.GetUsersOrganizationManagementStatusAsync
* chore: Refactor IsManagedByAnyOrganizationAsync method in UserService
* Refactor IOrganizationService.GetUsersOrganizationManagementStatusAsync to return IDictionary<Guid, bool>
* Extract IOrganizationService.GetUsersOrganizationManagementStatusAsync into a query
* Update comments in OrganizationDomainService to use proper capitalization
* Move OrganizationDomainService to AdminConsole ownership and update namespace
* feat: Add support for organization domains in enterprise plans
* feat: Add HasOrganizationDomains property to OrganizationAbility class
* refactor: Update GetOrganizationUsersManagementStatusQuery to use IApplicationCacheService
* Remove HasOrganizationDomains and use UseSso to check if Organization can have Verified Domains
* Refactor UserService.IsManagedByAnyOrganizationAsync to simply check the UseSso flag
* Add TODO comment for replacing 'UseSso' organization ability on user verified domain checks
* Bump date on migration script
* Add indexes to OrganizationDomain table
* Bump script migration date; Remove WITH ONLINE = ON from data migration.
* Added invoices and transaction history endpoints. Added cursor paging for each
* Removed try/catch since it's handled by middleware. Updated condition to use pattern matching
* Added unit tests for PaymentHistoryService
* Removed organizationId from account billing controller endpoints
* Initial draft of moving the org user controller details method into a query
* Removing comments and addressing pr items
* Adding the org users query to core
* Adding the member access report
* Addressing some pr concerns and refactoring to be more efficient
* Some minor changes to the way properties are spelled
* Setting authorization to organization
* Adding the permissions check for reports and comments
* removing unnecessary usings
* Removing ciphers controller change that was a mistake
* There was a duplication issue in getting collections for users grabbing groups
* Adding comments to the CreateReport method
* Only get the user collections by userId
* Some finaly refactoring
* Adding the no group, no collection, and no perms local strings
* Modifying and adding query test cases
* Removing unnecessary permissions code in query
* Added mapping for id and UsesKeyConnector to MemberAccessReportModel (#4681)
* Moving test cases from controller fully into the query.
---------
Co-authored-by: Daniel James Smith <2670567+djsmith85@users.noreply.github.com>
Co-authored-by: aj-rosado <109146700+aj-rosado@users.noreply.github.com>
* Rename IDeleteOrganizationUserCommand to IRemoveOrganizationUserCommand
* Rename IOrganizationService DeleteUser methods to RemoveUser
* Rename API endpoints for deleting organization users to "Remove"
* chore: Rename Delete method to Remove in MembersController
* Refactor: Rename some methods and models for consistency
This commit contains no logic changes at all. It's entirely comprised of renames of existing models and methods to bring our codebase more in line with our app's functionality and terminology.
* Add feature flag: AC-2476-deprecate-stripe-sources-api
* Standardize error responses from applicable billing controllers
During my work on CB, I found that just using the built-in TypedResults errors results in the client choking on the response because it's looking for the ErrroResponseModel. The new BaseBillingController provides Error utilities to return TypedResults wrapping that model so the client can process it.
* Add feature flagged payment method endoints to OrganizationBillingController
* Run dotnet format
* Log events from the import organization flow
* Use an interface for the `OrganizationUser` object used to log events
* Log import events as being from the public api if they are
* Add logging for created groups
* Log proper group ids
* Fix tests
* Also log update events for groups
* Remove private API `import` endpoint
* Make `eventSystemUser` non-nullable for `ImportAsync`
* Fix tests
* Delete `ImportOrganizationUsersRequestModel`
* Fix tests
* chore: remove fc v1 from groups controller, refs PM-10291
* chore: remove fc v1 from organization users controller, refs PM-10291
* chore: remove fc v1 from organizations controller and clean up unsused imports, refs PM-10291
* chore: remove fc v1 from BulkCollectionAuthorizationHandler, refs PM-10291
* chore: remove fc v1 from CiphersCollections, refs PM-10291
* fix: unit tests related to fc v1 flag removal, refs PM-10291
* chore: update AllowAdminAccessToAllCollectionItems to take optional params, increase usage, refs PM-10291
* fix: format files, refs PM-10291
* chore: revert change to helper method, ignore double cache call, refs PM-10291
* feat: Add stored procedure for reading organization user details with premium access by organization ID
The code changes include:
- Addition of a new stored procedure [dbo].[OrganizationUserUserDetailsWithPremiumAccess_ReadByOrganizationId] to read organization user details with premium access by organization ID
- Modification of the IUserService interface to include an optional parameter for checking two-factor authentication with premium access
- Modification of the UserService class to handle the new optional parameter in the TwoFactorIsEnabledAsync method
- Addition of a new method GetManyDetailsWithPremiumAccessByOrganizationAsync in the IOrganizationUserRepository interface to retrieve organization user details with premium access by organization ID
- Addition of a new view [dbo].[OrganizationUserUserDetailsWithPremiumAccessView] to retrieve organization user details with premium access
* Add IUserRepository.SearchDetailsAsync that includes the field HasPremiumAccess
* Check the feature flag on Admin.UsersController to see if the optimization runs
* Modify PolicyService to run query optimization if the feature flag is enabled
* Refactor the parameter check on UserService.TwoFactorIsEnabledAsync
* Run query optimization on public MembersController if feature flag is enabled
* Restore refactor
* Reverted change used for development
* Add unit tests for OrganizationService.RestoreUser
* Separate new CheckPoliciesBeforeRestoreAsync optimization into new method
* Add more unit tests
* Apply refactor to bulk restore
* Add GetManyDetailsAsync method to IUserRepository. Add ConfirmUsersAsync_vNext method to IOrganizationService
* Add unit tests for ConfirmUser_vNext
* Refactor the optimization to use the new TwoFactorIsEnabledAsync method instead of changing the existing one
* Removed unused sql scripts and added migration script
* Remove unnecessary view
* chore: Remove unused SearchDetailsAsync method from IUserRepository and UserRepository
* refactor: Use UserDetails constructor in UserRepository
* Add summary to IUserRepository.GetManyDetailsAsync
* Add summary descriptions to IUserService.TwoFactorIsEnabledAsync
* Remove obsolete annotation from IUserRepository.UpdateUserKeyAndEncryptedDataAsync
* refactor: Rename UserDetails to UserWithCalculatedPremium across the codebase
* Extract IUserService.TwoFactorIsEnabledAsync into a new TwoFactorIsEnabledQuery class
* Add unit tests for TwoFactorIsEnabledQuery
* Update TwoFactorIsEnabledQueryTests to include additional provider types
* Refactor TwoFactorIsEnabledQuery
* Refactor TwoFactorIsEnabledQuery and update tests
* refactor: Update TwoFactorIsEnabledQueryTests to include test for null TwoFactorProviders
* refactor: Improve TwoFactorIsEnabledQuery and update tests
* refactor: Improve TwoFactorIsEnabledQuery and update tests
* Remove empty <returns> from summary
* Update User_ReadByIdsWithCalculatedPremium stored procedure to accept JSON array of IDs
* SM-1146: SM Organization Counts for Projects, Secrets, Machine Accounts
* SM-1146: Project total counts
* SM-1146: models object renames
* SM-1146: Service Account total counts
* SM-1146: Unit test coverage for counts controller
* SM-1146: Counts controller simplification, UT update
* SM-1146: Service Account total counts from Service Account auth user
* SM-1146: Integration Tests for total counts controller
* SM-1146: Explicitly denying access for Service Accounts
* SM-1146: Fix broken ProjectsController integration test
* SM-1146: Integration tests for counts controller
* SM-1146: Explicitly denying access for Service Accounts cleanup
* SM-1146: Test cleanup
* SM-1146: PR review comments fix
* SM-1146: People, Service Accounts positive count on write access
* Update bitwarden_license/src/Commercial.Infrastructure.EntityFramework/SecretsManager/Repositories/ProjectRepository.cs
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
---------
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
* Fix error handling in provider setup process
This update ensures that when 'enable-consolidated-billing' is on, any exception thrown during the Stripe customer or subscription setup process for the provider will block the remainder of the setup process so the provider does not enter an invalid state
* Refactor the way BillingException is thrown
Made it simpler to just use the exception constructor and also ensured it was added to the exception handling middleware so it could provide a simple response to the client
* Handle all Stripe exceptions in exception handling middleware
* Fixed error response output for billing's provider controllers
* Cleaned up billing owned provider controllers
Changes were made based on feature updates by product and stuff that's no longer needed. No need to expose sensitive endpoints when they're not being used.
* Reafctored get invoices
Removed unnecssarily bloated method from SubscriberService
* Updated error handling for generating the client invoice report
* Moved get provider subscription to controller
This is only used once and the service layer doesn't seem like the correct choice anymore when thinking about error handling with retrieval
* Handled bad request for update tax information
* Split out Stripe configuration from unauthorization
* Run dotnet format
* Addison's feedback
* Adding API endpoint to send out Access Request for SM to Admins, adding email template
* Fixing email template HTML, adding tests
* fixing tests
* fixing lint
* Moving files to proper locations
* fixing build error relating to not removing some old code
* Updating namespaces and removing unused using statements
* Dependency injection fix
* Fixing tests and moving them to proper files
* lint
* format fixes
* dotnet format fix
* small fixes
* removing using directive's that aren't needed
* Update bitwarden_license/test/Commercial.Core.Test/SecretsManager/Commands/PasswordManager/RequestSMAccessCommandTests.cs
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
* Update src/Core/MailTemplates/Handlebars/SecretsManagerAccessRequest.text.hbs
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
* Update bitwarden_license/src/Commercial.Core/SecretsManager/Commands/PasswordManager/RequestSMAccessCommand.cs
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
* Changes requested by Thomas
* Lint fixes
* Suggested changes from Maceij
* Current state of tests
* Fixing tests and getting the core.csproj file from main
* Reverting csproj file change
* Removing usings directory
* dotnet format
* Fixing test
* Update bitwarden_license/test/Commercial.Core.Test/SecretsManager/Commands/Requests/RequestSMAccessCommandTests.cs
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
* Update test/Api.Test/SecretsManager/Controllers/RequestSMAccessControllerTests.cs
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
* Thomas requested changes
* Fixing 500 error when user name is null
* Prettier error message if user sends over an whitespace string
* Fixing word wrapping issue in email contents
---------
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
* initial changes
* Fixing some bits
* fixing issue when feature flag is `false`; also names;
* consume OTP on read if FF true
* comment typo
* fix formatting
* check access code first to not consume token
* add docs
* revert checking access code first
* update error messages
* remove line number from comment
---------
Co-authored-by: Jake Fink <jfink@bitwarden.com>
* Attempt to fix tde to mp flow
* Move tde offboarding to dedicated flag
* Add tde offboarding password request
* Validate tde offboarding input
* Correctly check whether tde is active when building trusted device options
* Refactor Tde offboarding into a separate command
* Add unit tests for tde offboarding
* Update tde offboarding request model
* Fix tests
* Fix further tests
* Fix documentation
* Add validation for updatetdepasswordasync key/newmasterpassword
* Add comment explaining test
* Remove unrelated changes
* remove validation from 2fa GET and mask sensitive data
* skip verification check on put email
* disable verification on send-email and reenable on put email
* validate authenticator on set instead of get
* Revert "validate authenticator on set instead of get"
This reverts commit 7bf2084531e811656c0d0b177554e3863399e8fc.
* fix tests
* fix more tests
* Narrow scope of verify bypass
* Defaulted to false on VerifySecretAsync
* fix default param value
---------
Co-authored-by: Ike Kottlowski <ikottlowski@bitwarden.com>
Co-authored-by: Todd Martin <tmartin@bitwarden.com>
* Added missing authorization validation to OrganizationBillingController endpoints
* Moved authorization validation to top of each method
* Resolved broken unit tests and added some new ones
