server/src/Api/AdminConsole/Controllers/OrganizationDomainController.cs at 0fbd9b4b92d5ddefe2a5855022c9fe00a3f04e58 · bitwarden/server · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
using Bit.Api.AdminConsole.Models.Request;
using Bit.Api.AdminConsole.Models.Request.Organizations;
using Bit.Api.AdminConsole.Models.Response.Organizations;
using Bit.Api.Models.Response;
using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationDomains.Interfaces;
using Bit.Core.Context;
using Bit.Core.Entities;
using Bit.Core.Exceptions;
using Bit.Core.Repositories;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;

namespace Bit.Api.AdminConsole.Controllers;

[Route("organizations")]
[Authorize("Application")]
public class OrganizationDomainController : Controller
{
    private readonly ICreateOrganizationDomainCommand _createOrganizationDomainCommand;
    private readonly IVerifyOrganizationDomainCommand _verifyOrganizationDomainCommand;
    private readonly IDeleteOrganizationDomainCommand _deleteOrganizationDomainCommand;
    private readonly IGetOrganizationDomainByIdOrganizationIdQuery _getOrganizationDomainByIdAndOrganizationIdQuery;
    private readonly IGetOrganizationDomainByOrganizationIdQuery _getOrganizationDomainByOrganizationIdQuery;
    private readonly ICurrentContext _currentContext;
    private readonly IOrganizationRepository _organizationRepository;
    private readonly IOrganizationDomainRepository _organizationDomainRepository;

    public OrganizationDomainController(
        ICreateOrganizationDomainCommand createOrganizationDomainCommand,
        IVerifyOrganizationDomainCommand verifyOrganizationDomainCommand,
        IDeleteOrganizationDomainCommand deleteOrganizationDomainCommand,
        IGetOrganizationDomainByIdOrganizationIdQuery getOrganizationDomainByIdAndOrganizationIdQuery,
        IGetOrganizationDomainByOrganizationIdQuery getOrganizationDomainByOrganizationIdQuery,
        ICurrentContext currentContext,
        IOrganizationRepository organizationRepository,
        IOrganizationDomainRepository organizationDomainRepository)
    {
        _createOrganizationDomainCommand = createOrganizationDomainCommand;
        _verifyOrganizationDomainCommand = verifyOrganizationDomainCommand;
        _deleteOrganizationDomainCommand = deleteOrganizationDomainCommand;
        _getOrganizationDomainByIdAndOrganizationIdQuery = getOrganizationDomainByIdAndOrganizationIdQuery;
        _getOrganizationDomainByOrganizationIdQuery = getOrganizationDomainByOrganizationIdQuery;
        _currentContext = currentContext;
        _organizationRepository = organizationRepository;
        _organizationDomainRepository = organizationDomainRepository;
    }

    [HttpGet("{orgId}/domain")]
    public async Task<ListResponseModel<OrganizationDomainResponseModel>> GetAll(Guid orgId)
    {
        await ValidateOrganizationAccessAsync(orgId);

        var domains = await _getOrganizationDomainByOrganizationIdQuery
            .GetDomainsByOrganizationIdAsync(orgId);
        var response = domains.Select(x => new OrganizationDomainResponseModel(x)).ToList();
        return new ListResponseModel<OrganizationDomainResponseModel>(response);
    }

    [HttpGet("{orgId}/domain/{id}")]
    public async Task<OrganizationDomainResponseModel> Get(Guid orgId, Guid id)
    {
        await ValidateOrganizationAccessAsync(orgId);

        var organizationDomain = await _getOrganizationDomainByIdAndOrganizationIdQuery
            .GetOrganizationDomainByIdOrganizationIdAsync(id, orgId);
        if (organizationDomain is null)
        {
            throw new NotFoundException();
        }

        return new OrganizationDomainResponseModel(organizationDomain);
    }

    [HttpPost("{orgId}/domain")]
    public async Task<OrganizationDomainResponseModel> Post(Guid orgId,
        [FromBody] OrganizationDomainRequestModel model)
    {
        await ValidateOrganizationAccessAsync(orgId);

        var organizationDomain = new OrganizationDomain
        {
            OrganizationId = orgId,
            DomainName = model.DomainName.ToLower()
        };

        organizationDomain = await _createOrganizationDomainCommand.CreateAsync(organizationDomain);

        return new OrganizationDomainResponseModel(organizationDomain);
    }

    [HttpPost("{orgId}/domain/{id}/verify")]
    public async Task<OrganizationDomainResponseModel> Verify(Guid orgId, Guid id)
    {
        await ValidateOrganizationAccessAsync(orgId);

        var organizationDomain = await _organizationDomainRepository.GetDomainByIdOrganizationIdAsync(id, orgId);
        if (organizationDomain is null)
        {
            throw new NotFoundException();
        }

        organizationDomain = await _verifyOrganizationDomainCommand.UserVerifyOrganizationDomainAsync(organizationDomain);

        return new OrganizationDomainResponseModel(organizationDomain);
    }

    [HttpDelete("{orgId}/domain/{id}")]
    public async Task RemoveDomain(Guid orgId, Guid id)
    {
        await ValidateOrganizationAccessAsync(orgId);

        var domain = await _organizationDomainRepository.GetDomainByIdOrganizationIdAsync(id, orgId);
        if (domain is null)
        {
            throw new NotFoundException();
        }

        await _deleteOrganizationDomainCommand.DeleteAsync(domain);
    }

    [HttpPost("{orgId}/domain/{id}/remove")]
    [Obsolete("This endpoint is deprecated. Use DELETE method instead")]
    public async Task PostRemoveDomain(Guid orgId, Guid id)
    {
        await RemoveDomain(orgId, id);
    }

    [AllowAnonymous]
    [HttpPost("domain/sso/verified")]
    public async Task<VerifiedOrganizationDomainSsoDetailsResponseModel> GetVerifiedOrgDomainSsoDetailsAsync(
        [FromBody] OrganizationDomainSsoDetailsRequestModel model)
    {
        var ssoResults = (await _organizationDomainRepository
            .GetVerifiedOrganizationDomainSsoDetailsAsync(model.Email))
            .ToList();

        return new VerifiedOrganizationDomainSsoDetailsResponseModel(
            ssoResults.Select(ssoResult => new VerifiedOrganizationDomainSsoDetailResponseModel(ssoResult)));
    }

    private async Task ValidateOrganizationAccessAsync(Guid orgIdGuid)
    {
        if (!await _currentContext.ManageSso(orgIdGuid))
        {
            throw new UnauthorizedAccessException();
        }

        var organization = await _organizationRepository.GetByIdAsync(orgIdGuid);
        if (organization == null)
        {
            throw new NotFoundException();
        }
    }
}