feat(change-email): Added bulk edit.

Author: Patrick-Pimentel-Bitwarden

src/Api/AdminConsole/Controllers/OrganizationUsersController.cs

@@ -85,6 +85,7 @@ public class OrganizationUsersController : BaseAdminConsoleController
     private readonly AccountRecoveryV2.IAdminRecoverAccountCommand _adminRecoverAccountCommandV2;
     private readonly ISelfRevokeOrganizationUserCommand _selfRevokeOrganizationUserCommand;
     private readonly IChangeEmailForPasswordlessOrgUserCommand _changeEmailForPasswordlessOrgUserCommand;
+    private readonly IBulkChangeEmailForPasswordlessOrgUserCommand _bulkChangeEmailForPasswordlessOrgUserCommand;
 
     public OrganizationUsersController(IOrganizationRepository organizationRepository,
         IOrganizationUserRepository organizationUserRepository,
@@ -118,7 +119,8 @@ public OrganizationUsersController(IOrganizationRepository organizationRepositor
         IAutomaticallyConfirmOrganizationUserCommand automaticallyConfirmOrganizationUserCommand,
         V2_RevokeOrganizationUserCommand.IRevokeOrganizationUserCommand revokeOrganizationUserCommandVNext,
         ISelfRevokeOrganizationUserCommand selfRevokeOrganizationUserCommand,
-        IChangeEmailForPasswordlessOrgUserCommand changeEmailForPasswordlessOrgUserCommand)
+        IChangeEmailForPasswordlessOrgUserCommand changeEmailForPasswordlessOrgUserCommand,
+        IBulkChangeEmailForPasswordlessOrgUserCommand bulkChangeEmailForPasswordlessOrgUserCommand)
     {
         _organizationRepository = organizationRepository;
         _organizationUserRepository = organizationUserRepository;
@@ -153,6 +155,7 @@ public OrganizationUsersController(IOrganizationRepository organizationRepositor
         _adminRecoverAccountCommandV2 = adminRecoverAccountCommandV2;
         _selfRevokeOrganizationUserCommand = selfRevokeOrganizationUserCommand;
         _changeEmailForPasswordlessOrgUserCommand = changeEmailForPasswordlessOrgUserCommand;
+        _bulkChangeEmailForPasswordlessOrgUserCommand = bulkChangeEmailForPasswordlessOrgUserCommand;
     }
 
     [HttpGet("{id}")]
@@ -577,6 +580,20 @@ public async Task<IResult> ChangeEmailForPasswordlessUser(
         return TypedResults.NoContent();
     }
 
+    [HttpPost("bulk-change-email-for-passwordless-user")]
+    [Authorize<ManageUsersRequirement>]
+    public async Task<ListResponseModel<OrganizationUserBulkResponseModel>> BulkChangeEmailForPasswordlessUser(
+        Guid orgId,
+        [FromBody] OrganizationUserBulkChangeEmailRequestModel model)
+    {
+        var requests = model.Requests.Select(r => (r.Id, r.NewEmail));
+        var results = await _bulkChangeEmailForPasswordlessOrgUserCommand
+            .BulkChangeOrganizationUserEmailAsync(orgId, requests);
+
+        return new ListResponseModel<OrganizationUserBulkResponseModel>(
+            results.Select(r => new OrganizationUserBulkResponseModel(r.OrganizationUserId, r.ErrorMessage)));
+    }
+
     [HttpDelete("{id}")]
     [Authorize<ManageUsersRequirement>]
     public async Task Remove(Guid orgId, Guid id)

src/Api/AdminConsole/Models/Request/Organizations/OrganizationUserRequestModels.cs

@@ -141,3 +141,20 @@ public class OrganizationUserChangeEmailRequestModel
     [StringLength(256)]
     public string NewEmail { get; set; }
 }
+
+public class OrganizationUserBulkChangeEmailRequestModelEntry
+{
+    [Required]
+    public Guid Id { get; set; }
+
+    [Required]
+    [EmailAddress]
+    [StringLength(256)]
+    public string NewEmail { get; set; }
+}
+
+public class OrganizationUserBulkChangeEmailRequestModel
+{
+    [Required, MinLength(1)]
+    public IEnumerable<OrganizationUserBulkChangeEmailRequestModelEntry> Requests { get; set; }
+}

src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/BulkChangeEmailForPasswordlessOrgUserCommand.cs

@@ -0,0 +1,49 @@
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
+using Bit.Core.Exceptions;
+using Bit.Core.Repositories;
+
+namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers;
+
+public class BulkChangeEmailForPasswordlessOrgUserCommand : IBulkChangeEmailForPasswordlessOrgUserCommand
+{
+    private readonly IOrganizationUserRepository _organizationUserRepository;
+    private readonly IChangeEmailForPasswordlessOrgUserCommand _changeEmailForPasswordlessOrgUserCommand;
+
+    public BulkChangeEmailForPasswordlessOrgUserCommand(
+        IOrganizationUserRepository organizationUserRepository,
+        IChangeEmailForPasswordlessOrgUserCommand changeEmailForPasswordlessOrgUserCommand)
+    {
+        _organizationUserRepository = organizationUserRepository;
+        _changeEmailForPasswordlessOrgUserCommand = changeEmailForPasswordlessOrgUserCommand;
+    }
+
+    public async Task<IEnumerable<(Guid OrganizationUserId, string ErrorMessage)>> BulkChangeOrganizationUserEmailAsync(
+        Guid organizationId,
+        IEnumerable<(Guid OrganizationUserId, string NewEmail)> requests)
+    {
+        var results = new List<(Guid OrganizationUserId, string ErrorMessage)>();
+
+        foreach (var (organizationUserId, newEmail) in requests)
+        {
+            try
+            {
+                var organizationUser = await _organizationUserRepository.GetByIdAsync(organizationUserId);
+                if (organizationUser == null || organizationUser.OrganizationId != organizationId)
+                {
+                    throw new NotFoundException();
+                }
+
+                await _changeEmailForPasswordlessOrgUserCommand.ChangeOrganizationUserEmailAsync(
+                    organizationId, organizationUser, newEmail);
+
+                results.Add((organizationUserId, string.Empty));
+            }
+            catch (Exception e)
+            {
+                results.Add((organizationUserId, e.Message));
+            }
+        }
+
+        return results;
+    }
+}

src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/Interfaces/IBulkChangeEmailForPasswordlessOrgUserCommand.cs

@@ -0,0 +1,8 @@
+namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
+
+public interface IBulkChangeEmailForPasswordlessOrgUserCommand
+{
+    Task<IEnumerable<(Guid OrganizationUserId, string ErrorMessage)>> BulkChangeOrganizationUserEmailAsync(
+        Guid organizationId,
+        IEnumerable<(Guid OrganizationUserId, string NewEmail)> requests);
+}

src/Core/OrganizationFeatures/OrganizationServiceCollectionExtensions.cs

@@ -164,6 +164,7 @@ private static void AddOrganizationUserCommands(this IServiceCollection services
 
         services.AddScoped<ISelfRevokeOrganizationUserCommand, SelfRevokeOrganizationUserCommand>();
         services.AddScoped<IChangeEmailForPasswordlessOrgUserCommand, ChangeEmailForPasswordlessOrgUserCommand>();
+        services.AddScoped<IBulkChangeEmailForPasswordlessOrgUserCommand, BulkChangeEmailForPasswordlessOrgUserCommand>();
     }
 
     private static void AddOrganizationApiKeyCommandsQueries(this IServiceCollection services)

test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/BulkChangeEmailForPasswordlessOrgUserCommandTests.cs

@@ -0,0 +1,121 @@
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
+using Bit.Core.Entities;
+using Bit.Core.Exceptions;
+using Bit.Core.Repositories;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using NSubstitute.ExceptionExtensions;
+using Xunit;
+
+namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.OrganizationUsers;
+
+[SutProviderCustomize]
+public class BulkChangeEmailForPasswordlessOrgUserCommandTests
+{
+    [Theory, BitAutoData]
+    public async Task BulkChangeOrganizationUserEmailAsync_AllSucceed_ReturnsEmptyErrors(
+        Guid organizationId,
+        OrganizationUser orgUser1,
+        OrganizationUser orgUser2,
+        SutProvider<BulkChangeEmailForPasswordlessOrgUserCommand> sutProvider)
+    {
+        orgUser1.OrganizationId = organizationId;
+        orgUser2.OrganizationId = organizationId;
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetByIdAsync(orgUser1.Id).Returns(orgUser1);
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetByIdAsync(orgUser2.Id).Returns(orgUser2);
+
+        var requests = new[]
+        {
+            (orgUser1.Id, "user1@example.com"),
+            (orgUser2.Id, "user2@example.com"),
+        };
+
+        var results = (await sutProvider.Sut.BulkChangeOrganizationUserEmailAsync(organizationId, requests)).ToList();
+
+        Assert.Equal(2, results.Count);
+        Assert.All(results, r => Assert.Equal(string.Empty, r.ErrorMessage));
+        await sutProvider.GetDependency<IChangeEmailForPasswordlessOrgUserCommand>()
+            .Received(2)
+            .ChangeOrganizationUserEmailAsync(organizationId, Arg.Any<OrganizationUser>(), Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task BulkChangeOrganizationUserEmailAsync_PartialFailure_ReturnsPerItemErrors(
+        Guid organizationId,
+        OrganizationUser orgUser1,
+        OrganizationUser orgUser2,
+        SutProvider<BulkChangeEmailForPasswordlessOrgUserCommand> sutProvider)
+    {
+        orgUser1.OrganizationId = organizationId;
+        orgUser2.OrganizationId = organizationId;
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetByIdAsync(orgUser1.Id).Returns(orgUser1);
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetByIdAsync(orgUser2.Id).Returns(orgUser2);
+
+        sutProvider.GetDependency<IChangeEmailForPasswordlessOrgUserCommand>()
+            .ChangeOrganizationUserEmailAsync(organizationId, orgUser1, Arg.Any<string>())
+            .ThrowsAsync(new BadRequestException("User has a master password."));
+
+        var requests = new[]
+        {
+            (orgUser1.Id, "user1@example.com"),
+            (orgUser2.Id, "user2@example.com"),
+        };
+
+        var results = (await sutProvider.Sut.BulkChangeOrganizationUserEmailAsync(organizationId, requests)).ToList();
+
+        Assert.Equal(2, results.Count);
+        Assert.Equal("User has a master password.", results[0].ErrorMessage);
+        Assert.Equal(string.Empty, results[1].ErrorMessage);
+    }
+
+    [Theory, BitAutoData]
+    public async Task BulkChangeOrganizationUserEmailAsync_OrgUserNotFound_ReturnsError(
+        Guid organizationId,
+        Guid unknownOrgUserId,
+        SutProvider<BulkChangeEmailForPasswordlessOrgUserCommand> sutProvider)
+    {
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetByIdAsync(unknownOrgUserId).Returns((OrganizationUser)null);
+
+        var requests = new[] { (unknownOrgUserId, "user@example.com") };
+
+        var results = (await sutProvider.Sut.BulkChangeOrganizationUserEmailAsync(organizationId, requests)).ToList();
+
+        Assert.Single(results);
+        Assert.NotEmpty(results[0].ErrorMessage);
+        await sutProvider.GetDependency<IChangeEmailForPasswordlessOrgUserCommand>()
+            .DidNotReceive()
+            .ChangeOrganizationUserEmailAsync(Arg.Any<Guid>(), Arg.Any<OrganizationUser>(), Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task BulkChangeOrganizationUserEmailAsync_OrgUserBelongsToDifferentOrg_ReturnsError(
+        Guid organizationId,
+        OrganizationUser orgUserFromOtherOrg,
+        SutProvider<BulkChangeEmailForPasswordlessOrgUserCommand> sutProvider)
+    {
+        // OrganizationId on the fetched user does not match the requested org.
+        orgUserFromOtherOrg.OrganizationId = Guid.NewGuid();
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetByIdAsync(orgUserFromOtherOrg.Id).Returns(orgUserFromOtherOrg);
+
+        var requests = new[] { (orgUserFromOtherOrg.Id, "user@example.com") };
+
+        var results = (await sutProvider.Sut.BulkChangeOrganizationUserEmailAsync(organizationId, requests)).ToList();
+
+        Assert.Single(results);
+        Assert.NotEmpty(results[0].ErrorMessage);
+        await sutProvider.GetDependency<IChangeEmailForPasswordlessOrgUserCommand>()
+            .DidNotReceive()
+            .ChangeOrganizationUserEmailAsync(Arg.Any<Guid>(), Arg.Any<OrganizationUser>(), Arg.Any<string>());
+    }
+}