Merge branch 'update-send-openapi-to-work-for-sdk' of github.com:bitwarden/server into update-send-openapi-to-work-for-sdk

Author: adudek-bw

bitwarden_license/src/Scim/Controllers/v2/UsersController.cs

@@ -106,7 +106,8 @@ public async Task<IActionResult> Put(Guid organizationId, Guid id, [FromBody] Sc
                 new RevokeOrganizationUsersRequest(
                     organizationId,
                     [id],
-                    new SystemUser(EventSystemUser.SCIM)));
+                    new SystemUser(EventSystemUser.SCIM),
+                    RevocationReason.Manual));
 
             var errors = results.Select(x => x.Result.Match(
                 y => $"{y.Message} for user {x.Id}",

bitwarden_license/src/Scim/Users/PatchUserCommand.cs

@@ -107,7 +107,7 @@ private async Task<bool> HandleActiveOperationAsync(Core.Entities.OrganizationUs
         }
         else if (!active && orgUser.Status != OrganizationUserStatusType.Revoked)
         {
-            await _revokeOrganizationUserCommand.RevokeUserAsync(orgUser, EventSystemUser.SCIM);
+            await _revokeOrganizationUserCommand.RevokeUserAsync(orgUser, EventSystemUser.SCIM, RevocationReason.Manual);
             return true;
         }
         return false;

bitwarden_license/test/Scim.Test/Users/PatchUserCommandTests.cs

@@ -102,7 +102,7 @@ public async Task PatchUser_RevokePath_Success(SutProvider<PatchUserCommand> sut
 
         await sutProvider.Sut.PatchUserAsync(organizationUser.OrganizationId, organizationUser.Id, scimPatchModel);
 
-        await sutProvider.GetDependency<IRevokeOrganizationUserCommand>().Received(1).RevokeUserAsync(organizationUser, EventSystemUser.SCIM);
+        await sutProvider.GetDependency<IRevokeOrganizationUserCommand>().Received(1).RevokeUserAsync(organizationUser, EventSystemUser.SCIM, RevocationReason.Manual);
     }
 
     [Theory]
@@ -130,7 +130,7 @@ public async Task PatchUser_RevokeValue_Success(SutProvider<PatchUserCommand> su
 
         await sutProvider.Sut.PatchUserAsync(organizationUser.OrganizationId, organizationUser.Id, scimPatchModel);
 
-        await sutProvider.GetDependency<IRevokeOrganizationUserCommand>().Received(1).RevokeUserAsync(organizationUser, EventSystemUser.SCIM);
+        await sutProvider.GetDependency<IRevokeOrganizationUserCommand>().Received(1).RevokeUserAsync(organizationUser, EventSystemUser.SCIM, RevocationReason.Manual);
     }
 
     [Theory]
@@ -150,7 +150,7 @@ public async Task PatchUser_NoAction_Success(SutProvider<PatchUserCommand> sutPr
         await sutProvider.Sut.PatchUserAsync(organizationUser.OrganizationId, organizationUser.Id, scimPatchModel);
 
         await sutProvider.GetDependency<IRestoreOrganizationUserCommand>().DidNotReceiveWithAnyArgs().RestoreUserAsync(default, EventSystemUser.SCIM);
-        await sutProvider.GetDependency<IRevokeOrganizationUserCommand>().DidNotReceiveWithAnyArgs().RevokeUserAsync(default, EventSystemUser.SCIM);
+        await sutProvider.GetDependency<IRevokeOrganizationUserCommand>().DidNotReceiveWithAnyArgs().RevokeUserAsync(default, EventSystemUser.SCIM, default);
     }
 
     [Theory]
@@ -380,7 +380,7 @@ public async Task PatchUser_UnsupportedOperation_LogsWarningAndSucceeds(SutProvi
 
         // Verify no restore or revoke operations were called
         await sutProvider.GetDependency<IRestoreOrganizationUserCommand>().DidNotReceiveWithAnyArgs().RestoreUserAsync(default, EventSystemUser.SCIM);
-        await sutProvider.GetDependency<IRevokeOrganizationUserCommand>().DidNotReceiveWithAnyArgs().RevokeUserAsync(default, EventSystemUser.SCIM);
+        await sutProvider.GetDependency<IRevokeOrganizationUserCommand>().DidNotReceiveWithAnyArgs().RevokeUserAsync(default, EventSystemUser.SCIM, default);
     }
 
     [Theory]
@@ -415,7 +415,7 @@ public async Task PatchUser_ActiveAndExternalIdFromValue_Success(SutProvider<Pat
         await sutProvider.Sut.PatchUserAsync(organizationUser.OrganizationId, organizationUser.Id, scimPatchModel);
 
         // Verify both operations were processed
-        await sutProvider.GetDependency<IRevokeOrganizationUserCommand>().Received(1).RevokeUserAsync(organizationUser, EventSystemUser.SCIM);
+        await sutProvider.GetDependency<IRevokeOrganizationUserCommand>().Received(1).RevokeUserAsync(organizationUser, EventSystemUser.SCIM, RevocationReason.Manual);
         await sutProvider.GetDependency<IOrganizationUserRepository>().Received(1).ReplaceAsync(
             Arg.Is<OrganizationUser>(ou => ou.ExternalId == newExternalId));
     }

src/Api/AdminConsole/Controllers/OrganizationUsersController.cs

@@ -644,7 +644,7 @@ public async Task<ListResponseModel<OrganizationUserBulkResponseModel>> PostBulk
     [Authorize<ManageUsersRequirement>]
     public async Task RevokeAsync(Guid orgId, Guid id)
     {
-        await RestoreOrRevokeUserAsync(orgId, id, _revokeOrganizationUserCommand.RevokeUserAsync);
+        await RestoreOrRevokeUserAsync(orgId, id, (orgUser, userId) => _revokeOrganizationUserCommand.RevokeUserAsync(orgUser, userId, RevocationReason.Manual));
     }
 
     [HttpPut("revoke-self")]
@@ -683,7 +683,8 @@ public async Task<ListResponseModel<OrganizationUserBulkResponseModel>> BulkRevo
             new V2_RevokeOrganizationUserCommand.RevokeOrganizationUsersRequest(
                 orgId,
                 model.Ids.ToArray(),
-                new StandardUser(currentUserId.Value, await _currentContext.OrganizationOwner(orgId))));
+                new StandardUser(currentUserId.Value, await _currentContext.OrganizationOwner(orgId)),
+                RevocationReason.Manual));
 
         return new ListResponseModel<OrganizationUserBulkResponseModel>(results
             .Select(result => new OrganizationUserBulkResponseModel(result.Id,

src/Api/AdminConsole/Models/Request/Organizations/OrganizationCreateRequestModel.cs

@@ -33,6 +33,7 @@ public class OrganizationCreateRequestModel : IValidatableObject
     [Required]
     public string Key { get; set; }
 
+    [Required]
     public OrganizationKeysRequestModel Keys { get; set; }
     public PaymentMethodType? PaymentMethodType { get; set; }
     public string PaymentToken { get; set; }
@@ -117,7 +118,7 @@ public virtual OrganizationSignup ToOrganizationSignup(User user)
             InitiationPath = InitiationPath,
             SkipTrial = SkipTrial,
             Coupons = Coupons,
-            Keys = Keys?.ToPublicKeyEncryptionKeyPairData()
+            Keys = Keys.ToPublicKeyEncryptionKeyPairData()
         };
 
         return orgSignup;

src/Api/AdminConsole/Models/Request/Organizations/OrganizationNoPaymentCreateRequest.cs

@@ -32,6 +32,7 @@ public class OrganizationNoPaymentCreateRequest
     [Required]
     public string Key { get; set; }
 
+    [Required]
     public OrganizationKeysRequestModel Keys { get; set; }
     public PaymentMethodType? PaymentMethodType { get; set; }
     public string PaymentToken { get; set; }
@@ -110,7 +111,7 @@ public virtual OrganizationSignup ToOrganizationSignup(User user)
                 BillingAddressCountry = BillingAddressCountry,
             },
             InitiationPath = InitiationPath,
-            Keys = Keys?.ToPublicKeyEncryptionKeyPairData()
+            Keys = Keys.ToPublicKeyEncryptionKeyPairData()
         };
 
         return orgSignup;

src/Api/AdminConsole/Public/Controllers/MembersController.cs

@@ -339,7 +339,8 @@ public async Task<IActionResult> Revoke(Guid id)
         var request = new RevokeOrganizationUsersRequest(
             _currentContext.OrganizationId!.Value,
             [id],
-            new SystemUser(EventSystemUser.PublicApi)
+            new SystemUser(EventSystemUser.PublicApi),
+            RevocationReason.Manual
         );
 
         var results = await _revokeOrganizationUserCommandV2.RevokeUsersAsync(request);

src/Api/Dirt/Controllers/OrganizationIntegrationController.cs

@@ -2,7 +2,6 @@
 using Bit.Api.Dirt.Models.Response;
 using Bit.Core.Context;
 using Bit.Core.Dirt.EventIntegrations.OrganizationIntegrations.Interfaces;
-using Bit.Core.Exceptions;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
@@ -18,17 +17,17 @@ public class OrganizationIntegrationController(
     IGetOrganizationIntegrationsQuery getQuery) : Controller
 {
     [HttpGet("")]
-    public async Task<List<OrganizationIntegrationResponseModel>> GetAsync(Guid organizationId)
+    public async Task<ActionResult<List<OrganizationIntegrationResponseModel>>> GetAsync(Guid organizationId)
     {
         if (!await HasPermission(organizationId))
         {
-            throw new NotFoundException();
+            return NotFound();
         }
 
         var integrations = await getQuery.GetManyByOrganizationAsync(organizationId);
-        return integrations
+        return Ok(integrations
             .Select(integration => new OrganizationIntegrationResponseModel(integration))
-            .ToList();
+            .ToList());
     }
 
     /// <summary>
@@ -38,7 +37,7 @@ public async Task<List<OrganizationIntegrationResponseModel>> GetAsync(Guid orga
     /// <param name="organizationId"></param>
     /// <param name="model"></param>
     /// <returns></returns>
-    /// <exception cref="NotFoundException">Not enough permissions to access the organization.</exception>
+    /// <exception cref="NotFoundResult">Not enough permissions to access the organization.</exception>
     /// <exception cref="ConflictResult">When an integration of the same type already exists for the organization.</exception>
     [HttpPost("")]
     public async Task<ActionResult<OrganizationIntegrationResponseModel>> CreateAsync(Guid organizationId, [FromBody] OrganizationIntegrationRequestModel model)
@@ -50,7 +49,7 @@ public async Task<ActionResult<OrganizationIntegrationResponseModel>> CreateAsyn
 
         if (!await HasPermission(organizationId))
         {
-            throw new NotFoundException();
+            return NotFound();
         }
 
         var integration = model.ToOrganizationIntegration(organizationId);
@@ -62,40 +61,40 @@ public async Task<ActionResult<OrganizationIntegrationResponseModel>> CreateAsyn
         }
 
         var created = await createCommand.CreateAsync(integration);
-
         return Ok(new OrganizationIntegrationResponseModel(created));
+
     }
 
     [HttpPut("{integrationId:guid}")]
-    public async Task<OrganizationIntegrationResponseModel> UpdateAsync(Guid organizationId, Guid integrationId, [FromBody] OrganizationIntegrationRequestModel model)
+    public async Task<ActionResult<OrganizationIntegrationResponseModel>> UpdateAsync(Guid organizationId, Guid integrationId, [FromBody] OrganizationIntegrationRequestModel model)
     {
         if (!await HasPermission(organizationId))
         {
-            throw new NotFoundException();
+            return NotFound();
         }
 
         var integration = model.ToOrganizationIntegration(organizationId);
         var updated = await updateCommand.UpdateAsync(organizationId, integrationId, integration);
-
-        return new OrganizationIntegrationResponseModel(updated);
+        return Ok(new OrganizationIntegrationResponseModel(updated));
     }
 
     [HttpDelete("{integrationId:guid}")]
-    public async Task DeleteAsync(Guid organizationId, Guid integrationId)
+    public async Task<IActionResult> DeleteAsync(Guid organizationId, Guid integrationId)
     {
         if (!await HasPermission(organizationId))
         {
-            throw new NotFoundException();
+            return NotFound();
         }
 
         await deleteCommand.DeleteAsync(organizationId, integrationId);
+        return NoContent();
     }
 
     [HttpPost("{integrationId:guid}/delete")]
     [Obsolete("This endpoint is deprecated. Use DELETE method instead")]
-    public async Task PostDeleteAsync(Guid organizationId, Guid integrationId)
+    public async Task<IActionResult> PostDeleteAsync(Guid organizationId, Guid integrationId)
     {
-        await DeleteAsync(organizationId, integrationId);
+        return await DeleteAsync(organizationId, integrationId);
     }
 
     private async Task<bool> HasPermission(Guid organizationId)

src/Core/AdminConsole/OrganizationFeatures/AccountRecovery/v2/AdminRecoverAccountCommand.cs

@@ -125,7 +125,8 @@ await revokeNonCompliantOrganizationUserCommand.RevokeNonCompliantOrganizationUs
                     new RevokeOrganizationUsersRequest(
                         o.OrganizationId,
                         [new OrganizationUserUserDetails { Id = o.OrganizationUserId, OrganizationId = o.OrganizationId }],
-                        new SystemUser(EventSystemUser.TwoFactorDisabled)));
+                        new SystemUser(EventSystemUser.TwoFactorDisabled),
+                        RevocationReason.TwoFactorPolicyNonCompliance));
                 await mailService.SendOrganizationUserRevokedForTwoFactorPolicyEmailAsync(organization.DisplayName(), user.Email);
             }).ToArray();
 

src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/RemoveOrganizationUserCommand.cs

@@ -212,9 +212,11 @@ await _pushRegistrationService.DeleteUserRegistrationOrganizationAsync(devices,
         }
 
         var deletingUserIsOwner = false;
+        var deletingUserIsCustom = false;
         if (deletingUserId.HasValue)
         {
             deletingUserIsOwner = await _currentContext.OrganizationOwner(organizationId);
+            deletingUserIsCustom = await _currentContext.OrganizationCustom(organizationId);
         }
 
         var claimedStatus = deletingUserId.HasValue && eventSystemUser == null
@@ -235,6 +237,11 @@ await _pushRegistrationService.DeleteUserRegistrationOrganizationAsync(devices,
                     throw new BadRequestException(RemoveOwnerByNonOwnerErrorMessage);
                 }
 
+                if (orgUser.Type == OrganizationUserType.Admin && deletingUserIsCustom)
+                {
+                    throw new BadRequestException(RemoveAdminByCustomUserErrorMessage);
+                }
+
                 if (claimedStatus.TryGetValue(orgUser.Id, out var isClaimed) && isClaimed)
                 {
                     throw new BadRequestException(RemoveClaimedAccountErrorMessage);