Merge branch 'main' into brant/PM-17562-feature-flag-for-event-integrations

Author: brant-livefront

bitwarden_license/src/Commercial.Core/AdminConsole/Providers/RemoveOrganizationFromProviderCommand.cs

@@ -110,9 +110,14 @@ private async Task ResetOrganizationBillingAsync(
         IEnumerable<string> organizationOwnerEmails)
     {
         if (provider.IsBillable() &&
-            organization.IsValidClient() &&
-            !string.IsNullOrEmpty(organization.GatewayCustomerId))
+            organization.IsValidClient())
         {
+            // An organization converted to a business unit will not have a Customer since it was given to the business unit.
+            if (string.IsNullOrEmpty(organization.GatewayCustomerId))
+            {
+                await _providerBillingService.CreateCustomerForClientOrganization(provider, organization);
+            }
+
             var customer = await _stripeAdapter.CustomerUpdateAsync(organization.GatewayCustomerId, new CustomerUpdateOptions
             {
                 Description = string.Empty,

src/Api/AdminConsole/Public/Controllers/MembersController.cs

@@ -221,8 +221,7 @@ public async Task<IActionResult> PutGroupIds(Guid id, [FromBody] UpdateGroupIdsR
     /// Remove a member.
     /// </summary>
     /// <remarks>
-    /// Permanently removes a member from the organization. This cannot be undone.
-    /// The user account will still remain. The user is only removed from the organization.
+    /// Removes a member from the organization. This cannot be undone. The user account will still remain.
     /// </remarks>
     /// <param name="id">The identifier of the member to be removed.</param>
     [HttpDelete("{id}")]

src/Api/Billing/Controllers/OrganizationSponsorshipsController.cs

@@ -86,9 +86,9 @@ public async Task CreateSponsorship(Guid sponsoringOrgId, [FromBody] Organizatio
 
         if (!_featureService.IsEnabled(Bit.Core.FeatureFlagKeys.PM17772_AdminInitiatedSponsorships))
         {
-            if (model.SponsoringUserId.HasValue)
+            if (model.IsAdminInitiated.GetValueOrDefault())
             {
-                throw new NotFoundException();
+                throw new BadRequestException();
             }
 
             if (!string.IsNullOrWhiteSpace(model.Notes))
@@ -97,13 +97,13 @@ public async Task CreateSponsorship(Guid sponsoringOrgId, [FromBody] Organizatio
             }
         }
 
-        var targetUser = model.SponsoringUserId ?? _currentContext.UserId!.Value;
         var sponsorship = await _createSponsorshipCommand.CreateSponsorshipAsync(
             sponsoringOrg,
-            await _organizationUserRepository.GetByOrganizationAsync(sponsoringOrgId, targetUser),
+            await _organizationUserRepository.GetByOrganizationAsync(sponsoringOrgId, _currentContext.UserId ?? default),
             model.PlanSponsorshipType,
             model.SponsoredEmail,
             model.FriendlyName,
+            model.IsAdminInitiated.GetValueOrDefault(),
             model.Notes);
         await _sendSponsorshipOfferCommand.SendSponsorshipOfferAsync(sponsorship, sponsoringOrg.Name);
     }

src/Api/Controllers/SelfHosted/SelfHostedOrganizationSponsorshipsController.cs

@@ -47,9 +47,9 @@ public async Task CreateSponsorship(Guid sponsoringOrgId, [FromBody] Organizatio
     {
         if (!_featureService.IsEnabled(Bit.Core.FeatureFlagKeys.PM17772_AdminInitiatedSponsorships))
         {
-            if (model.SponsoringUserId.HasValue)
+            if (model.IsAdminInitiated.GetValueOrDefault())
             {
-                throw new NotFoundException();
+                throw new BadRequestException();
             }
 
             if (!string.IsNullOrWhiteSpace(model.Notes))
@@ -60,8 +60,12 @@ public async Task CreateSponsorship(Guid sponsoringOrgId, [FromBody] Organizatio
 
         await _offerSponsorshipCommand.CreateSponsorshipAsync(
             await _organizationRepository.GetByIdAsync(sponsoringOrgId),
-            await _organizationUserRepository.GetByOrganizationAsync(sponsoringOrgId, model.SponsoringUserId ?? _currentContext.UserId ?? default),
-            model.PlanSponsorshipType, model.SponsoredEmail, model.FriendlyName, model.Notes);
+            await _organizationUserRepository.GetByOrganizationAsync(sponsoringOrgId, _currentContext.UserId ?? default),
+            model.PlanSponsorshipType,
+            model.SponsoredEmail,
+            model.FriendlyName,
+            model.IsAdminInitiated.GetValueOrDefault(),
+            model.Notes);
     }
 
     [HttpDelete("{sponsoringOrgId}")]

src/Api/Models/Request/Organizations/OrganizationSponsorshipCreateRequestModel.cs

@@ -17,11 +17,7 @@ public class OrganizationSponsorshipCreateRequestModel
     [StringLength(256)]
     public string FriendlyName { get; set; }
 
-    /// <summary>
-    /// (optional) The user to target for the sponsorship.
-    /// </summary>
-    /// <remarks>Left empty when creating a sponsorship for the authenticated user.</remarks>
-    public Guid? SponsoringUserId { get; set; }
+    public bool? IsAdminInitiated { get; set; }
 
     [EncryptedString]
     [EncryptedStringLength(512)]

src/Core/AdminConsole/Repositories/IOrganizationUserRepository.cs

@@ -18,6 +18,15 @@ public interface IOrganizationUserRepository : IRepository<OrganizationUser, Gui
     Task<ICollection<OrganizationUser>> GetManyByUserAsync(Guid userId);
     Task<ICollection<OrganizationUser>> GetManyByOrganizationAsync(Guid organizationId, OrganizationUserType? type);
     Task<int> GetCountByOrganizationAsync(Guid organizationId, string email, bool onlyRegisteredUsers);
+
+    /// <summary>
+    /// Returns the number of occupied seats for an organization.
+    /// Occupied seats are OrganizationUsers that have at least been invited.
+    /// As of https://bitwarden.atlassian.net/browse/PM-17772, a seat is also occupied by a Families for Enterprise sponsorship sent by an
+    /// organization admin, even if the user sent the invitation doesn't have a corresponding OrganizationUser in the Enterprise organization.
+    /// </summary>
+    /// <param name="organizationId">The ID of the organization to get the occupied seat count for.</param>
+    /// <returns>The number of occupied seats for the organization.</returns>
     Task<int> GetOccupiedSeatCountByOrganizationIdAsync(Guid organizationId);
     Task<ICollection<string>> SelectKnownEmailsAsync(Guid organizationId, IEnumerable<string> emails, bool onlyRegisteredUsers);
     Task<OrganizationUser?> GetByOrganizationAsync(Guid organizationId, Guid userId);

src/Core/Constants.cs

@@ -196,7 +196,6 @@ public static class FeatureFlagKeys
     public const string PM9111ExtensionPersistAddEditForm = "pm-9111-extension-persist-add-edit-form";
     public const string NewDeviceVerificationPermanentDismiss = "new-device-permanent-dismiss";
     public const string NewDeviceVerificationTemporaryDismiss = "new-device-temporary-dismiss";
-    public const string VaultBulkManagementAction = "vault-bulk-management-action";
     public const string RestrictProviderAccess = "restrict-provider-access";
     public const string SecurityTasks = "security-tasks";
     public const string CipherKeyEncryption = "cipher-key-encryption";

src/Core/Core.csproj

@@ -23,8 +23,8 @@
 
   <ItemGroup>
     <PackageReference Include="AspNetCoreRateLimit.Redis" Version="2.0.0" />
-    <PackageReference Include="AWSSDK.SimpleEmail" Version="3.7.402.61" />
-    <PackageReference Include="AWSSDK.SQS" Version="3.7.400.118" />
+    <PackageReference Include="AWSSDK.SimpleEmail" Version="3.7.402.79" />
+    <PackageReference Include="AWSSDK.SQS" Version="3.7.400.136" />
     <PackageReference Include="Azure.Data.Tables" Version="12.9.0" />
     <PackageReference Include="Azure.Extensions.AspNetCore.DataProtection.Blobs" Version="1.3.4" />
     <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="8.0.10" />

src/Core/OrganizationFeatures/OrganizationSponsorships/FamiliesForEnterprise/CreateSponsorshipCommand.cs

@@ -14,11 +14,17 @@ namespace Bit.Core.OrganizationFeatures.OrganizationSponsorships.FamiliesForEnte
 public class CreateSponsorshipCommand(
     ICurrentContext currentContext,
     IOrganizationSponsorshipRepository organizationSponsorshipRepository,
-    IUserService userService) : ICreateSponsorshipCommand
+    IUserService userService,
+    IOrganizationService organizationService) : ICreateSponsorshipCommand
 {
-    public async Task<OrganizationSponsorship> CreateSponsorshipAsync(Organization sponsoringOrganization,
-        OrganizationUser sponsoringMember, PlanSponsorshipType sponsorshipType, string sponsoredEmail,
-        string friendlyName, string notes)
+    public async Task<OrganizationSponsorship> CreateSponsorshipAsync(
+        Organization sponsoringOrganization,
+        OrganizationUser sponsoringMember,
+        PlanSponsorshipType sponsorshipType,
+        string sponsoredEmail,
+        string friendlyName,
+        bool isAdminInitiated,
+        string notes)
     {
         var sponsoringUser = await userService.GetUserByIdAsync(sponsoringMember.UserId!.Value);
 
@@ -48,48 +54,44 @@ public async Task<OrganizationSponsorship> CreateSponsorshipAsync(Organization s
             throw new BadRequestException("Can only sponsor one organization per Organization User.");
         }
 
-        var sponsorship = new OrganizationSponsorship();
-        sponsorship.SponsoringOrganizationId = sponsoringOrganization.Id;
-        sponsorship.SponsoringOrganizationUserId = sponsoringMember.Id;
-        sponsorship.FriendlyName = friendlyName;
-        sponsorship.OfferedToEmail = sponsoredEmail;
-        sponsorship.PlanSponsorshipType = sponsorshipType;
+        if (isAdminInitiated)
+        {
+            ValidateAdminInitiatedSponsorship(sponsoringOrganization);
+        }
+
+        var sponsorship = new OrganizationSponsorship
+        {
+            SponsoringOrganizationId = sponsoringOrganization.Id,
+            SponsoringOrganizationUserId = sponsoringMember.Id,
+            FriendlyName = friendlyName,
+            OfferedToEmail = sponsoredEmail,
+            PlanSponsorshipType = sponsorshipType,
+            IsAdminInitiated = isAdminInitiated,
+            Notes = notes
+        };
 
         if (existingOrgSponsorship != null)
         {
             // Replace existing invalid offer with our new sponsorship offer
             sponsorship.Id = existingOrgSponsorship.Id;
         }
 
-        var isAdminInitiated = false;
-        if (currentContext.UserId != sponsoringMember.UserId)
+        if (isAdminInitiated && sponsoringOrganization.Seats.HasValue)
+        {
+            await organizationService.AutoAddSeatsAsync(sponsoringOrganization, 1);
+        }
+
+        try
         {
-            var organization = currentContext.Organizations.First(x => x.Id == sponsoringOrganization.Id);
-            OrganizationUserType[] allowedUserTypes =
-            [
-                OrganizationUserType.Admin,
-                OrganizationUserType.Owner
-            ];
-
-            if (!organization.Permissions.ManageUsers && allowedUserTypes.All(x => x != organization.Type))
+            if (isAdminInitiated)
             {
-                throw new UnauthorizedAccessException("You do not have permissions to send sponsorships on behalf of the organization.");
+                await organizationSponsorshipRepository.CreateAsync(sponsorship);
             }
-
-            if (!sponsoringOrganization.UseAdminSponsoredFamilies)
+            else
             {
-                throw new BadRequestException("Sponsoring organization cannot sponsor other Family organizations.");
+                await organizationSponsorshipRepository.UpsertAsync(sponsorship);
             }
 
-            isAdminInitiated = true;
-        }
-
-        sponsorship.IsAdminInitiated = isAdminInitiated;
-        sponsorship.Notes = notes;
-
-        try
-        {
-            await organizationSponsorshipRepository.UpsertAsync(sponsorship);
             return sponsorship;
         }
         catch
@@ -101,4 +103,24 @@ public async Task<OrganizationSponsorship> CreateSponsorshipAsync(Organization s
             throw;
         }
     }
+
+    private void ValidateAdminInitiatedSponsorship(Organization sponsoringOrganization)
+    {
+        var organization = currentContext.Organizations.First(x => x.Id == sponsoringOrganization.Id);
+        OrganizationUserType[] allowedUserTypes =
+        [
+            OrganizationUserType.Admin,
+            OrganizationUserType.Owner
+        ];
+
+        if (!organization.Permissions.ManageUsers && allowedUserTypes.All(x => x != organization.Type))
+        {
+            throw new UnauthorizedAccessException("You do not have permissions to send sponsorships on behalf of the organization");
+        }
+
+        if (!sponsoringOrganization.UseAdminSponsoredFamilies)
+        {
+            throw new BadRequestException("Sponsoring organization cannot send admin-initiated sponsorship invitations");
+        }
+    }
 }

src/Core/OrganizationFeatures/OrganizationSponsorships/FamiliesForEnterprise/Interfaces/ICreateSponsorshipCommand.cs

@@ -6,6 +6,12 @@ namespace Bit.Core.OrganizationFeatures.OrganizationSponsorships.FamiliesForEnte
 
 public interface ICreateSponsorshipCommand
 {
-    Task<OrganizationSponsorship> CreateSponsorshipAsync(Organization sponsoringOrg, OrganizationUser sponsoringOrgUser,
-        PlanSponsorshipType sponsorshipType, string sponsoredEmail, string friendlyName, string notes);
+    Task<OrganizationSponsorship> CreateSponsorshipAsync(
+        Organization sponsoringOrg,
+        OrganizationUser sponsoringOrgUser,
+        PlanSponsorshipType sponsorshipType,
+        string sponsoredEmail,
+        string friendlyName,
+        bool isAdminInitiated,
+        string notes);
 }

src/Infrastructure.EntityFramework/AdminConsole/Repositories/Queries/OrganizationUserReadOccupiedSeatCountByOrganizationIdQuery.cs

@@ -14,9 +14,23 @@ public OrganizationUserReadOccupiedSeatCountByOrganizationIdQuery(Guid organizat
 
     public IQueryable<OrganizationUser> Run(DatabaseContext dbContext)
     {
-        var query = from ou in dbContext.OrganizationUsers
-                    where ou.OrganizationId == _organizationId && ou.Status >= OrganizationUserStatusType.Invited
-                    select ou;
-        return query;
+        var orgUsersQuery = from ou in dbContext.OrganizationUsers
+                            where ou.OrganizationId == _organizationId && ou.Status >= OrganizationUserStatusType.Invited
+                            select new OrganizationUser { Id = ou.Id, OrganizationId = ou.OrganizationId, Status = ou.Status };
+
+        // As of https://bitwarden.atlassian.net/browse/PM-17772, a seat is also occupied by a Families for Enterprise sponsorship sent by an
+        // organization admin, even if the user sent the invitation doesn't have a corresponding OrganizationUser in the Enterprise organization.
+        var sponsorshipsQuery = from os in dbContext.OrganizationSponsorships
+                                where os.SponsoringOrganizationId == _organizationId &&
+                                      os.IsAdminInitiated &&
+                                      !os.ToDelete
+                                select new OrganizationUser
+                                {
+                                    Id = os.Id,
+                                    OrganizationId = _organizationId,
+                                    Status = OrganizationUserStatusType.Invited
+                                };
+
+        return orgUsersQuery.Concat(sponsorshipsQuery);
     }
 }

src/Sql/dbo/Stored Procedures/OrganizationUser_ReadOccupiedSeatCountByOrganizationId.sql

@@ -5,10 +5,19 @@ BEGIN
     SET NOCOUNT ON
 
     SELECT
-        COUNT(1)
-    FROM
-        [dbo].[OrganizationUserView]
-    WHERE
-        OrganizationId = @OrganizationId
-        AND Status >= 0 --Invited
+        (
+            -- Count organization users
+            SELECT COUNT(1)
+            FROM [dbo].[OrganizationUserView]
+            WHERE OrganizationId = @OrganizationId
+            AND Status >= 0 --Invited
+        ) + 
+        (
+            -- Count admin-initiated sponsorships towards the seat count
+            -- Introduced in https://bitwarden.atlassian.net/browse/PM-17772
+            SELECT COUNT(1)
+            FROM [dbo].[OrganizationSponsorship]
+            WHERE SponsoringOrganizationId = @OrganizationId
+            AND IsAdminInitiated = 1
+        )
 END