[PM-22236] Fix invited accounts stuck in intermediate claimed status (#6810)

* Exclude invited users from claimed domain checks.
  These users should be excluded by the JOIN on
  UserId, but it's a known issue that some invited
  users have this FK set.

Author: eliykat

src/Core/AdminConsole/Repositories/IOrganizationRepository.cs

@@ -21,7 +21,9 @@ public interface IOrganizationRepository : IRepository<Organization, Guid>
     Task<IEnumerable<string>> GetOwnerEmailAddressesById(Guid organizationId);
 
     /// <summary>
-    /// Gets the organizations that have a verified domain matching the user's email domain.
+    /// Gets the organizations that have claimed the user's account. Currently, only one organization may claim a user.
+    /// This requires that the organization has claimed the user's domain and the user is an organization member.
+    /// It excludes invited members.
     /// </summary>
     Task<ICollection<Organization>> GetByVerifiedUserEmailDomainAsync(Guid userId);
 

src/Infrastructure.EntityFramework/AdminConsole/Repositories/OrganizationRepository.cs

@@ -325,7 +325,8 @@ join od in dbContext.OrganizationDomains on ou.OrganizationId equals od.Organiza
                     where ou.UserId == userWithDomain.UserId &&
                           od.DomainName == userWithDomain.EmailDomain &&
                           od.VerifiedDate != null &&
-                          o.Enabled == true
+                          o.Enabled == true &&
+                          ou.Status != OrganizationUserStatusType.Invited
                     select o;
 
         return await query.ToArrayAsync();

src/Infrastructure.EntityFramework/AdminConsole/Repositories/Queries/OrganizationUserReadByClaimedOrganizationDomainsQuery.cs

@@ -1,4 +1,5 @@
 using Bit.Core.Entities;
+using Bit.Core.Enums;
 
 namespace Bit.Infrastructure.EntityFramework.Repositories.Queries;
 
@@ -16,6 +17,7 @@ public IQueryable<OrganizationUser> Run(DatabaseContext dbContext)
         var query = from ou in dbContext.OrganizationUsers
                     join u in dbContext.Users on ou.UserId equals u.Id
                     where ou.OrganizationId == _organizationId
+                          && ou.Status != OrganizationUserStatusType.Invited
                           && dbContext.OrganizationDomains
                               .Any(od => od.OrganizationId == _organizationId &&
                                          od.VerifiedDate != null &&

src/Sql/dbo/Stored Procedures/OrganizationUser_ReadByOrganizationIdWithClaimedDomains_V2.sql

@@ -8,13 +8,14 @@ BEGIN
         SELECT *
         FROM [dbo].[OrganizationUserView]
         WHERE [OrganizationId] = @OrganizationId
+            AND [Status] != 0   -- Exclude invited users
     ),
     UserDomains AS (
         SELECT U.[Id], U.[EmailDomain]
         FROM [dbo].[UserEmailDomainView] U
         WHERE EXISTS (
             SELECT 1
-            FROM [dbo].[OrganizationDomainView] OD 
+            FROM [dbo].[OrganizationDomainView] OD
             WHERE OD.[OrganizationId] = @OrganizationId
             AND OD.[VerifiedDate] IS NOT NULL
             AND OD.[DomainName] = U.[EmailDomain]

src/Sql/dbo/Stored Procedures/Organization_ReadByClaimedUserEmailDomain.sql

@@ -6,7 +6,7 @@ BEGIN
 
     WITH CTE_User AS (
         SELECT
-            U.*,
+            U.[Id],
             SUBSTRING(U.Email, CHARINDEX('@', U.Email) + 1, LEN(U.Email)) AS EmailDomain
         FROM dbo.[UserView] U
         WHERE U.[Id] = @UserId
@@ -19,4 +19,5 @@ BEGIN
     WHERE OD.[VerifiedDate] IS NOT NULL
       AND CU.EmailDomain = OD.[DomainName]
       AND O.[Enabled] = 1
+      AND OU.[Status] != 0 -- Exclude invited users
 END