Merge branch 'main' into ac/pm-15621/refactor-delete-command

Author: JimmyVo16

Directory.Build.props

@@ -3,7 +3,7 @@
   <PropertyGroup>
     <TargetFramework>net8.0</TargetFramework>
 
-    <Version>2025.4.0</Version>
+    <Version>2025.4.1</Version>
 
     <RootNamespace>Bit.$(MSBuildProjectName)</RootNamespace>
     <ImplicitUsings>enable</ImplicitUsings>

bitwarden_license/src/Scim/Models/ScimUserRequestModel.cs

@@ -1,16 +1,20 @@
 using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.Models.Business;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Models;
 using Bit.Core.Enums;
-using Bit.Core.Models.Business;
+using Bit.Core.Exceptions;
 using Bit.Core.Models.Data;
 using Bit.Core.Utilities;
+using OrganizationUserInvite = Bit.Core.Models.Business.OrganizationUserInvite;
 
 namespace Bit.Scim.Models;
 
 public class ScimUserRequestModel : BaseScimUserModel
 {
     public ScimUserRequestModel()
         : base(false)
-    { }
+    {
+    }
 
     public OrganizationUserInvite ToOrganizationUserInvite(ScimProviderType scimProvider)
     {
@@ -25,6 +29,31 @@ public OrganizationUserInvite ToOrganizationUserInvite(ScimProviderType scimProv
         };
     }
 
+    public InviteOrganizationUsersRequest ToRequest(
+        ScimProviderType scimProvider,
+        InviteOrganization inviteOrganization,
+        DateTimeOffset performedAt)
+    {
+        var email = EmailForInvite(scimProvider);
+
+        if (string.IsNullOrWhiteSpace(email) || !Active)
+        {
+            throw new BadRequestException();
+        }
+
+        return new InviteOrganizationUsersRequest(
+            invites:
+            [
+                new Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Models.OrganizationUserInvite(
+                        email: email,
+                        externalId: ExternalIdForInvite()
+                    )
+            ],
+            inviteOrganization: inviteOrganization,
+            performedBy: Guid.Empty, // SCIM does not have a user id
+            performedAt: performedAt);
+    }
+
     private string EmailForInvite(ScimProviderType scimProvider)
     {
         var email = PrimaryEmail?.ToLowerInvariant();

bitwarden_license/src/Scim/Users/PostUserCommand.cs

@@ -1,39 +1,99 @@
-using Bit.Core.Enums;
+#nullable enable
+
+using Bit.Core;
+using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.Models.Business;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Errors;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Models;
+using Bit.Core.Billing.Pricing;
+using Bit.Core.Enums;
 using Bit.Core.Exceptions;
+using Bit.Core.Models.Commands;
 using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
 using Bit.Scim.Context;
 using Bit.Scim.Models;
 using Bit.Scim.Users.Interfaces;
+using static Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Errors.ErrorMapper;
 
 namespace Bit.Scim.Users;
 
-public class PostUserCommand : IPostUserCommand
+public class PostUserCommand(
+    IOrganizationRepository organizationRepository,
+    IOrganizationUserRepository organizationUserRepository,
+    IOrganizationService organizationService,
+    IPaymentService paymentService,
+    IScimContext scimContext,
+    IFeatureService featureService,
+    IInviteOrganizationUsersCommand inviteOrganizationUsersCommand,
+    TimeProvider timeProvider,
+    IPricingClient pricingClient)
+    : IPostUserCommand
 {
-    private readonly IOrganizationRepository _organizationRepository;
-    private readonly IOrganizationUserRepository _organizationUserRepository;
-    private readonly IOrganizationService _organizationService;
-    private readonly IPaymentService _paymentService;
-    private readonly IScimContext _scimContext;
-
-    public PostUserCommand(
-        IOrganizationRepository organizationRepository,
-        IOrganizationUserRepository organizationUserRepository,
-        IOrganizationService organizationService,
-        IPaymentService paymentService,
-        IScimContext scimContext)
+    public async Task<OrganizationUserUserDetails?> PostUserAsync(Guid organizationId, ScimUserRequestModel model)
     {
-        _organizationRepository = organizationRepository;
-        _organizationUserRepository = organizationUserRepository;
-        _organizationService = organizationService;
-        _paymentService = paymentService;
-        _scimContext = scimContext;
+        if (featureService.IsEnabled(FeatureFlagKeys.ScimInviteUserOptimization) is false)
+        {
+            return await InviteScimOrganizationUserAsync(model, organizationId, scimContext.RequestScimProvider);
+        }
+
+        return await InviteScimOrganizationUserAsync_vNext(model, organizationId, scimContext.RequestScimProvider);
     }
 
-    public async Task<OrganizationUserUserDetails> PostUserAsync(Guid organizationId, ScimUserRequestModel model)
+    private async Task<OrganizationUserUserDetails?> InviteScimOrganizationUserAsync_vNext(
+        ScimUserRequestModel model,
+        Guid organizationId,
+        ScimProviderType scimProvider)
+    {
+        var organization = await organizationRepository.GetByIdAsync(organizationId);
+
+        if (organization is null)
+        {
+            throw new NotFoundException();
+        }
+
+        var plan = await pricingClient.GetPlanOrThrow(organization.PlanType);
+
+        var request = model.ToRequest(
+            scimProvider: scimProvider,
+            inviteOrganization: new InviteOrganization(organization, plan),
+            performedAt: timeProvider.GetUtcNow());
+
+        var orgUsers = await organizationUserRepository
+            .GetManyDetailsByOrganizationAsync(request.InviteOrganization.OrganizationId);
+
+        if (orgUsers.Any(existingUser =>
+                request.Invites.First().Email.Equals(existingUser.Email, StringComparison.OrdinalIgnoreCase) ||
+                request.Invites.First().ExternalId.Equals(existingUser.ExternalId, StringComparison.OrdinalIgnoreCase)))
+        {
+            throw new ConflictException("User already exists.");
+        }
+
+        var result = await inviteOrganizationUsersCommand.InviteScimOrganizationUserAsync(request);
+
+        var invitedOrganizationUserId = result switch
+        {
+            Success<ScimInviteOrganizationUsersResponse> success => success.Value.InvitedUser.Id,
+            Failure<ScimInviteOrganizationUsersResponse> failure when failure.Errors
+                    .Any(x => x.Message == NoUsersToInviteError.Code) => (Guid?)null,
+            Failure<ScimInviteOrganizationUsersResponse> failure when failure.Errors.Length != 0 => throw MapToBitException(failure.Errors),
+            _ => throw new InvalidOperationException()
+        };
+
+        var organizationUser = invitedOrganizationUserId.HasValue
+            ? await organizationUserRepository.GetDetailsByIdAsync(invitedOrganizationUserId.Value)
+            : null;
+
+        return organizationUser;
+    }
+
+    private async Task<OrganizationUserUserDetails?> InviteScimOrganizationUserAsync(
+        ScimUserRequestModel model,
+        Guid organizationId,
+        ScimProviderType scimProvider)
     {
-        var scimProvider = _scimContext.RequestScimProvider;
         var invite = model.ToOrganizationUserInvite(scimProvider);
 
         var email = invite.Emails.Single();
@@ -44,7 +104,7 @@ public async Task<OrganizationUserUserDetails> PostUserAsync(Guid organizationId
             throw new BadRequestException();
         }
 
-        var orgUsers = await _organizationUserRepository.GetManyDetailsByOrganizationAsync(organizationId);
+        var orgUsers = await organizationUserRepository.GetManyDetailsByOrganizationAsync(organizationId);
         var orgUserByEmail = orgUsers.FirstOrDefault(ou => ou.Email?.ToLowerInvariant() == email);
         if (orgUserByEmail != null)
         {
@@ -57,13 +117,21 @@ public async Task<OrganizationUserUserDetails> PostUserAsync(Guid organizationId
             throw new ConflictException();
         }
 
-        var organization = await _organizationRepository.GetByIdAsync(organizationId);
-        var hasStandaloneSecretsManager = await _paymentService.HasSecretsManagerStandalone(organization);
+        var organization = await organizationRepository.GetByIdAsync(organizationId);
+
+        if (organization == null)
+        {
+            throw new NotFoundException();
+        }
+
+        var hasStandaloneSecretsManager = await paymentService.HasSecretsManagerStandalone(organization);
         invite.AccessSecretsManager = hasStandaloneSecretsManager;
 
-        var invitedOrgUser = await _organizationService.InviteUserAsync(organizationId, invitingUserId: null, EventSystemUser.SCIM,
-            invite, externalId);
-        var orgUser = await _organizationUserRepository.GetDetailsByIdAsync(invitedOrgUser.Id);
+        var invitedOrgUser = await organizationService.InviteUserAsync(organizationId, invitingUserId: null,
+            EventSystemUser.SCIM,
+            invite,
+            externalId);
+        var orgUser = await organizationUserRepository.GetDetailsByIdAsync(invitedOrgUser.Id);
 
         return orgUser;
     }

bitwarden_license/test/Scim.IntegrationTest/Controllers/v2/UsersControllerTests.cs

@@ -1,9 +1,12 @@
 using System.Text.Json;
+using Bit.Core;
 using Bit.Core.Enums;
+using Bit.Core.Services;
 using Bit.Scim.IntegrationTest.Factories;
 using Bit.Scim.Models;
 using Bit.Scim.Utilities;
 using Bit.Test.Common.Helpers;
+using NSubstitute;
 using Xunit;
 
 namespace Bit.Scim.IntegrationTest.Controllers.v2;
@@ -276,9 +279,18 @@ public async Task GetList_SearchUserNameWithoutOptionalParameters_Success()
         AssertHelper.AssertPropertyEqual(expectedResponse, responseModel);
     }
 
-    [Fact]
-    public async Task Post_Success()
+    [Theory]
+    [InlineData(true)]
+    [InlineData(false)]
+    public async Task Post_Success(bool isScimInviteUserOptimizationEnabled)
     {
+        var localFactory = new ScimApplicationFactory();
+        localFactory.SubstituteService((IFeatureService featureService)
+            => featureService.IsEnabled(FeatureFlagKeys.ScimInviteUserOptimization)
+                .Returns(isScimInviteUserOptimizationEnabled));
+
+        localFactory.ReinitializeDbForTests(localFactory.GetDatabaseContext());
+
         var email = "[email protected]";
         var displayName = "Test User 5";
         var externalId = "UE";
@@ -306,7 +318,7 @@ public async Task Post_Success()
             Schemas = new List<string> { ScimConstants.Scim2SchemaUser }
         };
 
-        var context = await _factory.UsersPostAsync(ScimApplicationFactory.TestOrganizationId1, inputModel);
+        var context = await localFactory.UsersPostAsync(ScimApplicationFactory.TestOrganizationId1, inputModel);
 
         Assert.Equal(StatusCodes.Status201Created, context.Response.StatusCode);
 
@@ -316,7 +328,7 @@ public async Task Post_Success()
         var responseModel = JsonSerializer.Deserialize<ScimUserResponseModel>(context.Response.Body, new JsonSerializerOptions { PropertyNamingPolicy = JsonNamingPolicy.CamelCase });
         AssertHelper.AssertPropertyEqual(expectedResponse, responseModel, "Id");
 
-        var databaseContext = _factory.GetDatabaseContext();
+        var databaseContext = localFactory.GetDatabaseContext();
         Assert.Equal(_initialUserCount + 1, databaseContext.OrganizationUsers.Count());
     }
 

bitwarden_license/test/Scim.Test/Users/PostUserCommandTests.cs

@@ -27,7 +27,7 @@ public async Task PostUser_Success(SutProvider<PostUserCommand> sutProvider, str
             ExternalId = externalId,
             Emails = emails,
             Active = true,
-            Schemas = new List<string> { ScimConstants.Scim2SchemaUser }
+            Schemas = [ScimConstants.Scim2SchemaUser]
         };
 
         sutProvider.GetDependency<IOrganizationUserRepository>()
@@ -39,13 +39,16 @@ public async Task PostUser_Success(SutProvider<PostUserCommand> sutProvider, str
         sutProvider.GetDependency<IPaymentService>().HasSecretsManagerStandalone(organization).Returns(true);
 
         sutProvider.GetDependency<IOrganizationService>()
-            .InviteUserAsync(organizationId, invitingUserId: null, EventSystemUser.SCIM,
+            .InviteUserAsync(organizationId,
+                invitingUserId: null,
+                EventSystemUser.SCIM,
                 Arg.Is<OrganizationUserInvite>(i =>
                     i.Emails.Single().Equals(scimUserRequestModel.PrimaryEmail.ToLowerInvariant()) &&
                     i.Type == OrganizationUserType.User &&
                     !i.Collections.Any() &&
                     !i.Groups.Any() &&
-                    i.AccessSecretsManager), externalId)
+                    i.AccessSecretsManager),
+                externalId)
             .Returns(newUser);
 
         var user = await sutProvider.Sut.PostUserAsync(organizationId, scimUserRequestModel);

src/Core/AdminConsole/Errors/InvalidResultTypeError.cs

@@ -0,0 +1,6 @@
+namespace Bit.Core.AdminConsole.Errors;
+
+public record InvalidResultTypeError<T>(T Value) : Error<T>(Code, Value)
+{
+    public const string Code = "Invalid result type.";
+};

src/Core/AdminConsole/Models/Business/InviteOrganization.cs

@@ -0,0 +1,35 @@
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.Models.StaticStore;
+
+namespace Bit.Core.AdminConsole.Models.Business;
+
+public record InviteOrganization
+{
+    public Guid OrganizationId { get; init; }
+    public int? Seats { get; init; }
+    public int? MaxAutoScaleSeats { get; init; }
+    public int? SmSeats { get; init; }
+    public int? SmMaxAutoScaleSeats { get; init; }
+    public Plan Plan { get; init; }
+    public string GatewayCustomerId { get; init; }
+    public string GatewaySubscriptionId { get; init; }
+    public bool UseSecretsManager { get; init; }
+
+    public InviteOrganization()
+    {
+
+    }
+
+    public InviteOrganization(Organization organization, Plan plan)
+    {
+        OrganizationId = organization.Id;
+        Seats = organization.Seats;
+        MaxAutoScaleSeats = organization.MaxAutoscaleSeats;
+        SmSeats = organization.SmSeats;
+        SmMaxAutoScaleSeats = organization.MaxAutoscaleSmSeats;
+        Plan = plan;
+        GatewayCustomerId = organization.GatewayCustomerId;
+        GatewaySubscriptionId = organization.GatewaySubscriptionId;
+        UseSecretsManager = organization.UseSecretsManager;
+    }
+}

src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/Errors/ErrorMapper.cs

@@ -0,0 +1,37 @@
+using Bit.Core.AdminConsole.Errors;
+using Bit.Core.Exceptions;
+
+namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Errors;
+
+public static class ErrorMapper
+{
+
+    /// <summary>
+    /// Maps the ErrorT to a Bit.Exception class.
+    /// </summary>
+    /// <param name="error"></param>
+    /// <typeparam name="T"></typeparam>
+    /// <returns></returns>
+    public static Exception MapToBitException<T>(Error<T> error) =>
+        error switch
+        {
+            UserAlreadyExistsError alreadyExistsError => new ConflictException(alreadyExistsError.Message),
+            _ => new BadRequestException(error.Message)
+        };
+
+    /// <summary>
+    /// This maps the ErrorT object to the Bit.Exception class.
+    ///
+    /// This should be replaced by an IActionResult mapper when possible.
+    /// </summary>
+    /// <param name="errors"></param>
+    /// <typeparam name="T"></typeparam>
+    /// <returns></returns>
+    public static Exception MapToBitException<T>(ICollection<Error<T>> errors) =>
+        errors switch
+        {
+            not null when errors.Count == 1 => MapToBitException(errors.First()),
+            not null when errors.Count > 1 => new BadRequestException(string.Join(' ', errors.Select(e => e.Message))),
+            _ => new BadRequestException()
+        };
+}

src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/Errors/FailedToInviteUsersError.cs

@@ -0,0 +1,9 @@
+using Bit.Core.AdminConsole.Errors;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Models;
+
+namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Errors;
+
+public record FailedToInviteUsersError(InviteOrganizationUsersResponse Response) : Error<InviteOrganizationUsersResponse>(Code, Response)
+{
+    public const string Code = "Failed to invite users";
+}