[PM-34883] - Add InjectOrganizationUserAttribute (#7536)

* Added InjectOrganizationUserAttribute and updated account-recovery put to use it.

* Changes from code review

Author: jrmccannon

src/Api/AdminConsole/Attributes/InjectOrganizationUserAttribute.cs

@@ -0,0 +1,89 @@
+using Bit.Api.AdminConsole.Authorization;
+using Bit.Core.Exceptions;
+using Bit.Core.Repositories;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.ModelBinding;
+using Microsoft.AspNetCore.Mvc.ModelBinding.Metadata;
+
+namespace Bit.Api.AdminConsole.Attributes;
+
+/// <summary>
+/// Binds a <see cref="Bit.Core.Entities.OrganizationUser"/> parameter by loading it from the database
+/// and validating that it belongs to the organization identified by the <c>orgId</c> or
+/// <c>organizationId</c> route parameter.
+/// </summary>
+/// <remarks>
+/// The organization user is resolved from the route parameter named by
+/// <see cref="OrganizationUserIdRouteParam"/> (default <c>"id"</c>). If the user is not found or
+/// does not belong to the organization, a <see cref="Bit.Core.Exceptions.NotFoundException"/> is thrown.
+/// </remarks>
+/// <example>
+/// <code><![CDATA[
+/// [HttpPut("{id}/recover-account")]
+/// [Authorize<ManageAccountRecoveryRequirement>]
+/// public async Task<IResult> PutRecoverAccount(Guid orgId, Guid id,
+///     [FromBody] OrganizationUserResetPasswordRequestModel model,
+///     [InjectOrganizationUser] OrganizationUser targetOrganizationUser)
+///
+/// [HttpPost("{organizationUserId}/accept")]
+/// public async Task<IResult> AcceptAsync(Guid organizationUserId,
+///     [InjectOrganizationUser("organizationUserId")] OrganizationUser organizationUser)
+/// ]]></code>
+/// </example>
+[AttributeUsage(AttributeTargets.Parameter)]
+public sealed class InjectOrganizationUserAttribute(string organizationUserIdRouteParam = "id")
+    : ModelBinderAttribute(typeof(OrganizationUserModelBinder))
+{
+    /// <summary>
+    /// Name of the route parameter containing the organization user ID. Defaults to <c>"id"</c>.
+    /// </summary>
+    public string OrganizationUserIdRouteParam { get; } = organizationUserIdRouteParam;
+}
+
+/// <summary>
+/// Custom model binder that loads an <see cref="Bit.Core.Entities.OrganizationUser"/> from the database,
+/// validates that it belongs to the organization identified by the route, and binds it to the parameter.
+/// </summary>
+/// <remarks>
+/// This binder is used via the <see cref="InjectOrganizationUserAttribute"/>.
+/// </remarks>
+public class OrganizationUserModelBinder : IModelBinder
+{
+    public async Task BindModelAsync(ModelBindingContext bindingContext)
+    {
+        var defaultMetadata = bindingContext.ModelMetadata as DefaultModelMetadata;
+        var attr = defaultMetadata?.Attributes.ParameterAttributes
+            ?.OfType<InjectOrganizationUserAttribute>()
+            .FirstOrDefault()
+            ?? new InjectOrganizationUserAttribute();
+
+        Guid orgId;
+        try
+        {
+            orgId = bindingContext.HttpContext.GetOrganizationId();
+        }
+        catch (InvalidOperationException)
+        {
+            throw new BadRequestException("Route parameter 'orgId' or 'organizationId' is missing or invalid.");
+        }
+
+        var routeValues = bindingContext.ActionContext.RouteData.Values;
+        if (!routeValues.TryGetValue(attr.OrganizationUserIdRouteParam, out var idValue)
+            || !Guid.TryParse(idValue?.ToString(), out var orgUserId))
+        {
+            throw new BadRequestException(
+                $"Route parameter '{attr.OrganizationUserIdRouteParam}' is missing or invalid.");
+        }
+
+        var repo = bindingContext.HttpContext.RequestServices
+            .GetRequiredService<IOrganizationUserRepository>();
+
+        var organizationUser = await repo.GetByIdAsync(orgUserId);
+        if (organizationUser is null || organizationUser.OrganizationId != orgId)
+        {
+            throw new NotFoundException();
+        }
+
+        bindingContext.Result = ModelBindingResult.Success(organizationUser);
+    }
+}

src/Api/AdminConsole/Controllers/OrganizationUsersController.cs

@@ -2,6 +2,7 @@
 // NOTE: This file is partially migrated to nullable reference types. Remove inline #nullable directives when addressing the FIXME.
 #nullable disable
 
+using Bit.Api.AdminConsole.Attributes;
 using Bit.Api.AdminConsole.Authorization;
 using Bit.Api.AdminConsole.Authorization.Collections;
 using Bit.Api.AdminConsole.Authorization.Requirements;
@@ -504,18 +505,15 @@ await _organizationService.UpdateUserResetPasswordEnrollmentAsync(
     /// </summary>
     [HttpPut("{id}/reset-password")]
     [Authorize<ManageAccountRecoveryRequirement>]
-    public Task<IResult> PutResetPassword(Guid orgId, Guid id, [FromBody] OrganizationUserResetPasswordRequestModel model)
-        => PutRecoverAccount(orgId, id, model);
+    public Task<IResult> PutResetPassword(Guid orgId, Guid id, [FromBody] OrganizationUserResetPasswordRequestModel model,
+        [InjectOrganizationUser] OrganizationUser targetOrganizationUser)
+        => PutRecoverAccount(orgId, id, model, targetOrganizationUser);
 
     [HttpPut("{id}/recover-account")]
     [Authorize<ManageAccountRecoveryRequirement>]
-    public async Task<IResult> PutRecoverAccount(Guid orgId, Guid id, [FromBody] OrganizationUserResetPasswordRequestModel model)
+    public async Task<IResult> PutRecoverAccount(Guid orgId, Guid id, [FromBody] OrganizationUserResetPasswordRequestModel model,
+        [InjectOrganizationUser] OrganizationUser targetOrganizationUser)
     {
-        var targetOrganizationUser = await _organizationUserRepository.GetByIdAsync(id);
-        if (targetOrganizationUser == null || targetOrganizationUser.OrganizationId != orgId)
-        {
-            return TypedResults.NotFound();
-        }
 
         var authorizationResult = await _authorizationService.AuthorizeAsync(User, targetOrganizationUser, new RecoverAccountAuthorizationRequirement());
         if (!authorizationResult.Succeeded)

test/Api.Test/AdminConsole/Attributes/OrganizationUserModelBinderTests.cs

@@ -0,0 +1,202 @@
+using System.Reflection;
+using Bit.Api.AdminConsole.Attributes;
+using Bit.Core.Entities;
+using Bit.Core.Exceptions;
+using Bit.Core.Repositories;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.ModelBinding;
+using Microsoft.AspNetCore.Routing;
+using Microsoft.Extensions.DependencyInjection;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Api.Test.AdminConsole.Attributes;
+
+public class OrganizationUserModelBinderTests
+{
+    private readonly IOrganizationUserRepository _organizationUserRepository;
+    private readonly OrganizationUser _organizationUser;
+    private readonly Guid _orgId;
+    private readonly Guid _orgUserId;
+
+    public OrganizationUserModelBinderTests()
+    {
+        _organizationUserRepository = Substitute.For<IOrganizationUserRepository>();
+        _orgId = Guid.NewGuid();
+        _orgUserId = Guid.NewGuid();
+        _organizationUser = new OrganizationUser { Id = _orgUserId, OrganizationId = _orgId };
+    }
+
+    [Fact]
+    public async Task BindModelAsync_OrgUserExistsAndBelongsToOrg_BindsSuccessfully()
+    {
+        var binder = new OrganizationUserModelBinder();
+        _organizationUserRepository.GetByIdAsync(_orgUserId).Returns(_organizationUser);
+
+        var context = CreateBindingContext();
+
+        await binder.BindModelAsync(context);
+
+        Assert.True(context.Result.IsModelSet);
+        Assert.Equal(_organizationUser, context.Result.Model);
+    }
+
+    [Fact]
+    public async Task BindModelAsync_OrgUserNotFound_ThrowsNotFoundException()
+    {
+        var binder = new OrganizationUserModelBinder();
+        _organizationUserRepository.GetByIdAsync(_orgUserId).Returns((OrganizationUser)null);
+
+        var context = CreateBindingContext();
+
+        await Assert.ThrowsAsync<NotFoundException>(() => binder.BindModelAsync(context));
+    }
+
+    [Fact]
+    public async Task BindModelAsync_OrgUserBelongsToDifferentOrg_ThrowsNotFoundException()
+    {
+        var binder = new OrganizationUserModelBinder();
+        var wrongOrgUser = new OrganizationUser { Id = _orgUserId, OrganizationId = Guid.NewGuid() };
+        _organizationUserRepository.GetByIdAsync(_orgUserId).Returns(wrongOrgUser);
+
+        var context = CreateBindingContext();
+
+        await Assert.ThrowsAsync<NotFoundException>(() => binder.BindModelAsync(context));
+    }
+
+    [Fact]
+    public async Task BindModelAsync_InvalidOrgId_ThrowsBadRequestException()
+    {
+        var binder = new OrganizationUserModelBinder();
+        var context = CreateBindingContext(orgIdRouteValue: "not-a-guid");
+
+        var exception = await Assert.ThrowsAsync<BadRequestException>(() => binder.BindModelAsync(context));
+        Assert.Equal("Route parameter 'orgId' or 'organizationId' is missing or invalid.", exception.Message);
+    }
+
+    [Fact]
+    public async Task BindModelAsync_MissingOrgId_ThrowsBadRequestException()
+    {
+        var binder = new OrganizationUserModelBinder();
+        var context = CreateBindingContext(includeOrgId: false);
+
+        var exception = await Assert.ThrowsAsync<BadRequestException>(() => binder.BindModelAsync(context));
+        Assert.Equal("Route parameter 'orgId' or 'organizationId' is missing or invalid.", exception.Message);
+    }
+
+    [Fact]
+    public async Task BindModelAsync_InvalidOrgUserId_ThrowsBadRequestException()
+    {
+        var binder = new OrganizationUserModelBinder();
+        var context = CreateBindingContext(orgUserIdRouteValue: "not-a-guid");
+
+        var exception = await Assert.ThrowsAsync<BadRequestException>(() => binder.BindModelAsync(context));
+        Assert.Equal("Route parameter 'id' is missing or invalid.", exception.Message);
+    }
+
+    [Fact]
+    public async Task BindModelAsync_MissingOrgUserId_ThrowsBadRequestException()
+    {
+        var binder = new OrganizationUserModelBinder();
+        var context = CreateBindingContext(includeOrgUserId: false);
+
+        var exception = await Assert.ThrowsAsync<BadRequestException>(() => binder.BindModelAsync(context));
+        Assert.Equal("Route parameter 'id' is missing or invalid.", exception.Message);
+    }
+
+    [Fact]
+    public async Task BindModelAsync_OrganizationIdRouteParam_ResolvesOrgId()
+    {
+        var binder = new OrganizationUserModelBinder();
+        _organizationUserRepository.GetByIdAsync(_orgUserId).Returns(_organizationUser);
+
+        var context = CreateBindingContext(useOrganizationIdRoute: true);
+
+        await binder.BindModelAsync(context);
+
+        Assert.True(context.Result.IsModelSet);
+        Assert.Equal(_organizationUser, context.Result.Model);
+    }
+
+    [Fact]
+    public async Task BindModelAsync_CustomRouteParamName_ReadsCorrectRouteValue()
+    {
+        var binder = new OrganizationUserModelBinder();
+        _organizationUserRepository.GetByIdAsync(_orgUserId).Returns(_organizationUser);
+
+        var parameterInfo = typeof(OrganizationUserModelBinderTests)
+            .GetMethod(nameof(DummyMethodWithCustomRouteParam), BindingFlags.NonPublic | BindingFlags.Static)!
+            .GetParameters()[0];
+
+        var context = CreateBindingContext(
+            orgUserIdRouteKey: "organizationUserId",
+            parameterInfo: parameterInfo);
+
+        await binder.BindModelAsync(context);
+
+        Assert.True(context.Result.IsModelSet);
+        Assert.Equal(_organizationUser, context.Result.Model);
+    }
+
+    /// <summary>
+    /// Dummy method used to produce a <see cref="ParameterInfo"/> carrying a custom
+    /// <see cref="InjectOrganizationUserAttribute"/> for the custom route param test.
+    /// </summary>
+    private static void DummyMethodWithCustomRouteParam(
+        [InjectOrganizationUser("organizationUserId")] OrganizationUser user)
+    { }
+
+    private DefaultModelBindingContext CreateBindingContext(
+        string orgIdRouteValue = null,
+        string orgUserIdRouteValue = null,
+        string orgUserIdRouteKey = "id",
+        bool includeOrgId = true,
+        bool includeOrgUserId = true,
+        bool useOrganizationIdRoute = false,
+        ParameterInfo parameterInfo = null)
+    {
+        var httpContext = new DefaultHttpContext();
+        var services = new ServiceCollection();
+        services.AddScoped(_ => _organizationUserRepository);
+        httpContext.RequestServices = services.BuildServiceProvider();
+
+        var routeData = new RouteData();
+        if (includeOrgId)
+        {
+            var key = useOrganizationIdRoute ? "organizationId" : "orgId";
+            routeData.Values[key] = orgIdRouteValue ?? _orgId.ToString();
+        }
+        if (includeOrgUserId)
+        {
+            routeData.Values[orgUserIdRouteKey] = orgUserIdRouteValue ?? _orgUserId.ToString();
+        }
+
+        httpContext.Request.RouteValues = routeData.Values;
+
+        var actionContext = new ActionContext(
+            httpContext,
+            routeData,
+            new Microsoft.AspNetCore.Mvc.Abstractions.ActionDescriptor(),
+            new ModelStateDictionary());
+
+        var metadataProvider = new EmptyModelMetadataProvider();
+        ModelMetadata metadata;
+
+        if (parameterInfo != null)
+        {
+            metadata = metadataProvider.GetMetadataForParameter(parameterInfo);
+        }
+        else
+        {
+            metadata = metadataProvider.GetMetadataForType(typeof(OrganizationUser));
+        }
+
+        return new DefaultModelBindingContext
+        {
+            ActionContext = actionContext,
+            ModelMetadata = metadata,
+            ModelName = "organizationUser"
+        };
+    }
+}