Merge branch 'main' into ac/pm-27882/add-sendorganizationconfirmationcommand

Author: JimmyVo16

src/Api/AdminConsole/Authorization/Requirements/MemberRequirement.cs

@@ -0,0 +1,14 @@
+using Bit.Core.Context;
+
+namespace Bit.Api.AdminConsole.Authorization.Requirements;
+
+/// <summary>
+/// Requires that the user is a member of the organization.
+/// </summary>
+public class MemberRequirement : IOrganizationRequirement
+{
+    public Task<bool> AuthorizeAsync(
+        CurrentContextOrganization? organizationClaims,
+        Func<Task<bool>> isProviderUserForOrg)
+        => Task.FromResult(organizationClaims is not null);
+}

src/Api/AdminConsole/Controllers/OrganizationUsersController.cs

@@ -19,6 +19,7 @@
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.RestoreUser.v1;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.SelfRevokeUser;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
 using Bit.Core.AdminConsole.Repositories;
@@ -81,6 +82,7 @@ public class OrganizationUsersController : BaseAdminConsoleController
     private readonly IInitPendingOrganizationCommand _initPendingOrganizationCommand;
     private readonly V1_RevokeOrganizationUserCommand _revokeOrganizationUserCommand;
     private readonly IAdminRecoverAccountCommand _adminRecoverAccountCommand;
+    private readonly ISelfRevokeOrganizationUserCommand _selfRevokeOrganizationUserCommand;
 
     public OrganizationUsersController(IOrganizationRepository organizationRepository,
         IOrganizationUserRepository organizationUserRepository,
@@ -112,7 +114,8 @@ public OrganizationUsersController(IOrganizationRepository organizationRepositor
         IBulkResendOrganizationInvitesCommand bulkResendOrganizationInvitesCommand,
         IAdminRecoverAccountCommand adminRecoverAccountCommand,
         IAutomaticallyConfirmOrganizationUserCommand automaticallyConfirmOrganizationUserCommand,
-        V2_RevokeOrganizationUserCommand.IRevokeOrganizationUserCommand revokeOrganizationUserCommandVNext)
+        V2_RevokeOrganizationUserCommand.IRevokeOrganizationUserCommand revokeOrganizationUserCommandVNext,
+        ISelfRevokeOrganizationUserCommand selfRevokeOrganizationUserCommand)
     {
         _organizationRepository = organizationRepository;
         _organizationUserRepository = organizationUserRepository;
@@ -145,6 +148,7 @@ public OrganizationUsersController(IOrganizationRepository organizationRepositor
         _initPendingOrganizationCommand = initPendingOrganizationCommand;
         _revokeOrganizationUserCommand = revokeOrganizationUserCommand;
         _adminRecoverAccountCommand = adminRecoverAccountCommand;
+        _selfRevokeOrganizationUserCommand = selfRevokeOrganizationUserCommand;
     }
 
     [HttpGet("{id}")]
@@ -635,6 +639,20 @@ public async Task RevokeAsync(Guid orgId, Guid id)
         await RestoreOrRevokeUserAsync(orgId, id, _revokeOrganizationUserCommand.RevokeUserAsync);
     }
 
+    [HttpPut("revoke-self")]
+    [Authorize<MemberRequirement>]
+    public async Task<IResult> RevokeSelfAsync(Guid orgId)
+    {
+        var userId = _userService.GetProperUserId(User);
+        if (!userId.HasValue)
+        {
+            throw new UnauthorizedAccessException();
+        }
+
+        var result = await _selfRevokeOrganizationUserCommand.SelfRevokeUserAsync(orgId, userId.Value);
+        return Handle(result);
+    }
+
     [HttpPatch("{id}/revoke")]
     [Obsolete("This endpoint is deprecated. Use PUT method instead")]
     [Authorize<ManageUsersRequirement>]

src/Api/AdminConsole/Controllers/PoliciesController.cs

@@ -7,7 +7,6 @@
 using Bit.Api.AdminConsole.Models.Response.Helpers;
 using Bit.Api.AdminConsole.Models.Response.Organizations;
 using Bit.Api.Models.Response;
-using Bit.Core;
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Enums;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationDomains.Interfaces;
@@ -212,7 +211,6 @@ public async Task<PolicyResponseModel> Put(Guid orgId, PolicyType type, [FromBod
     }
 
     [HttpPut("{type}/vnext")]
-    [RequireFeatureAttribute(FeatureFlagKeys.CreateDefaultLocation)]
     [Authorize<ManagePoliciesRequirement>]
     public async Task<PolicyResponseModel> PutVNext(Guid orgId, PolicyType type, [FromBody] SavePolicyRequest model)
     {

src/Api/Tools/Controllers/OrganizationExportController.cs

@@ -1,6 +1,5 @@
 using Bit.Api.Tools.Authorization;
 using Bit.Api.Tools.Models.Response;
-using Bit.Core;
 using Bit.Core.AdminConsole.OrganizationFeatures.Shared.Authorization;
 using Bit.Core.Exceptions;
 using Bit.Core.Repositories;
@@ -21,7 +20,6 @@ public class OrganizationExportController : Controller
     private readonly IAuthorizationService _authorizationService;
     private readonly IOrganizationCiphersQuery _organizationCiphersQuery;
     private readonly ICollectionRepository _collectionRepository;
-    private readonly IFeatureService _featureService;
 
     public OrganizationExportController(
         IUserService userService,
@@ -36,7 +34,6 @@ public OrganizationExportController(
         _authorizationService = authorizationService;
         _organizationCiphersQuery = organizationCiphersQuery;
         _collectionRepository = collectionRepository;
-        _featureService = featureService;
     }
 
     [HttpGet("export")]
@@ -46,33 +43,20 @@ public async Task<IActionResult> Export(Guid organizationId)
             VaultExportOperations.ExportWholeVault);
         var canExportManaged = await _authorizationService.AuthorizeAsync(User, new OrganizationScope(organizationId),
             VaultExportOperations.ExportManagedCollections);
-        var createDefaultLocationEnabled = _featureService.IsEnabled(FeatureFlagKeys.CreateDefaultLocation);
 
         if (canExportAll.Succeeded)
         {
-            if (createDefaultLocationEnabled)
-            {
-                var allOrganizationCiphers =
-                    await _organizationCiphersQuery.GetAllOrganizationCiphersExcludingDefaultUserCollections(
-                        organizationId);
+            var allOrganizationCiphers =
+                await _organizationCiphersQuery.GetAllOrganizationCiphersExcludingDefaultUserCollections(
+                    organizationId);
 
-                var allCollections = await _collectionRepository
-                    .GetManySharedCollectionsByOrganizationIdAsync(
-                        organizationId);
+            var allCollections = await _collectionRepository
+                .GetManySharedCollectionsByOrganizationIdAsync(
+                    organizationId);
 
 
-                return Ok(new OrganizationExportResponseModel(allOrganizationCiphers, allCollections,
-                    _globalSettings));
-            }
-            else
-            {
-                var allOrganizationCiphers = await _organizationCiphersQuery.GetAllOrganizationCiphers(organizationId);
-
-                var allCollections = await _collectionRepository.GetManyByOrganizationIdAsync(organizationId);
-
-                return Ok(new OrganizationExportResponseModel(allOrganizationCiphers, allCollections,
-                    _globalSettings));
-            }
+            return Ok(new OrganizationExportResponseModel(allOrganizationCiphers, allCollections,
+                _globalSettings));
         }
 
         if (canExportManaged.Succeeded)

src/Api/Vault/Controllers/CiphersController.cs

@@ -10,7 +10,6 @@
 using Bit.Api.Vault.Models.Request;
 using Bit.Api.Vault.Models.Response;
 using Bit.Core;
-using Bit.Core.AdminConsole.Services;
 using Bit.Core.Context;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
@@ -43,7 +42,6 @@ public class CiphersController : Controller
     private readonly ICipherService _cipherService;
     private readonly IUserService _userService;
     private readonly IAttachmentStorageService _attachmentStorageService;
-    private readonly IProviderService _providerService;
     private readonly ICurrentContext _currentContext;
     private readonly ILogger<CiphersController> _logger;
     private readonly GlobalSettings _globalSettings;
@@ -52,31 +50,27 @@ public class CiphersController : Controller
     private readonly ICollectionRepository _collectionRepository;
     private readonly IArchiveCiphersCommand _archiveCiphersCommand;
     private readonly IUnarchiveCiphersCommand _unarchiveCiphersCommand;
-    private readonly IFeatureService _featureService;
 
     public CiphersController(
         ICipherRepository cipherRepository,
         ICollectionCipherRepository collectionCipherRepository,
         ICipherService cipherService,
         IUserService userService,
         IAttachmentStorageService attachmentStorageService,
-        IProviderService providerService,
         ICurrentContext currentContext,
         ILogger<CiphersController> logger,
         GlobalSettings globalSettings,
         IOrganizationCiphersQuery organizationCiphersQuery,
         IApplicationCacheService applicationCacheService,
         ICollectionRepository collectionRepository,
         IArchiveCiphersCommand archiveCiphersCommand,
-        IUnarchiveCiphersCommand unarchiveCiphersCommand,
-        IFeatureService featureService)
+        IUnarchiveCiphersCommand unarchiveCiphersCommand)
     {
         _cipherRepository = cipherRepository;
         _collectionCipherRepository = collectionCipherRepository;
         _cipherService = cipherService;
         _userService = userService;
         _attachmentStorageService = attachmentStorageService;
-        _providerService = providerService;
         _currentContext = currentContext;
         _logger = logger;
         _globalSettings = globalSettings;
@@ -85,7 +79,6 @@ public CiphersController(
         _collectionRepository = collectionRepository;
         _archiveCiphersCommand = archiveCiphersCommand;
         _unarchiveCiphersCommand = unarchiveCiphersCommand;
-        _featureService = featureService;
     }
 
     [HttpGet("{id}")]
@@ -344,8 +337,7 @@ public async Task<ListResponseModel<CipherMiniDetailsResponseModel>> GetOrganiza
             throw new NotFoundException();
         }
 
-        bool excludeDefaultUserCollections = _featureService.IsEnabled(FeatureFlagKeys.CreateDefaultLocation) && !includeMemberItems;
-        var allOrganizationCiphers = excludeDefaultUserCollections
+        var allOrganizationCiphers = !includeMemberItems
         ?
             await _organizationCiphersQuery.GetAllOrganizationCiphersExcludingDefaultUserCollections(organizationId)
         :

src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/ConfirmOrganizationUserCommand.cs

@@ -282,11 +282,6 @@ private async Task<IEnumerable<string>> GetUserDeviceIdsAsync(Guid userId)
     /// <param name="defaultUserCollectionName">The encrypted default user collection name.</param>
     private async Task CreateDefaultCollectionAsync(OrganizationUser organizationUser, string defaultUserCollectionName)
     {
-        if (!_featureService.IsEnabled(FeatureFlagKeys.CreateDefaultLocation))
-        {
-            return;
-        }
-
         // Skip if no collection name provided (backwards compatibility)
         if (string.IsNullOrWhiteSpace(defaultUserCollectionName))
         {
@@ -325,11 +320,6 @@ private async Task CreateDefaultCollectionAsync(OrganizationUser organizationUse
     private async Task CreateManyDefaultCollectionsAsync(Guid organizationId,
         IEnumerable<OrganizationUser> confirmedOrganizationUsers, string defaultUserCollectionName)
     {
-        if (!_featureService.IsEnabled(FeatureFlagKeys.CreateDefaultLocation))
-        {
-            return;
-        }
-
         // Skip if no collection name provided (backwards compatibility)
         if (string.IsNullOrWhiteSpace(defaultUserCollectionName))
         {

src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/SelfRevokeUser/Errors.cs

@@ -0,0 +1,7 @@
+using Bit.Core.AdminConsole.Utilities.v2;
+
+namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.SelfRevokeUser;
+
+public record OrganizationUserNotFound() : NotFoundError("Organization user not found.");
+public record NotEligibleForSelfRevoke() : BadRequestError("User is not eligible for self-revocation. The organization data ownership policy must be enabled and the user must be a confirmed member.");
+public record LastOwnerCannotSelfRevoke() : BadRequestError("The last owner cannot revoke themselves.");

src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/SelfRevokeUser/ISelfRevokeOrganizationUserCommand.cs

@@ -0,0 +1,22 @@
+using Bit.Core.AdminConsole.Utilities.v2.Results;
+
+namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.SelfRevokeUser;
+
+/// <summary>
+/// Allows users to revoke themselves from an organization when declining to migrate personal items
+/// under the OrganizationDataOwnership policy.
+/// </summary>
+public interface ISelfRevokeOrganizationUserCommand
+{
+    /// <summary>
+    /// Revokes a user from an organization.
+    /// </summary>
+    /// <param name="organizationId">The organization ID.</param>
+    /// <param name="userId">The user ID to revoke.</param>
+    /// <returns>A <see cref="CommandResult"/> indicating success or containing an error.</returns>
+    /// <remarks>
+    /// Validates the OrganizationDataOwnership policy is enabled and applies to the user (currently Owners/Admins are exempt),
+    /// the user is a confirmed member, and prevents the last owner from revoking themselves.
+    /// </remarks>
+    Task<CommandResult> SelfRevokeUserAsync(Guid organizationId, Guid userId);
+}

src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/SelfRevokeUser/SelfRevokeOrganizationUserCommand.cs

@@ -0,0 +1,56 @@
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
+using Bit.Core.AdminConsole.Utilities.v2.Results;
+using Bit.Core.Enums;
+using Bit.Core.Platform.Push;
+using Bit.Core.Repositories;
+using Bit.Core.Services;
+using OneOf.Types;
+
+namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.SelfRevokeUser;
+
+public class SelfRevokeOrganizationUserCommand(
+    IOrganizationUserRepository organizationUserRepository,
+    IPolicyRequirementQuery policyRequirementQuery,
+    IHasConfirmedOwnersExceptQuery hasConfirmedOwnersExceptQuery,
+    IEventService eventService,
+    IPushNotificationService pushNotificationService)
+    : ISelfRevokeOrganizationUserCommand
+{
+    public async Task<CommandResult> SelfRevokeUserAsync(Guid organizationId, Guid userId)
+    {
+        var organizationUser = await organizationUserRepository.GetByOrganizationAsync(organizationId, userId);
+        if (organizationUser == null)
+        {
+            return new OrganizationUserNotFound();
+        }
+
+        var policyRequirement = await policyRequirementQuery.GetAsync<OrganizationDataOwnershipPolicyRequirement>(userId);
+
+        if (!policyRequirement.EligibleForSelfRevoke(organizationId))
+        {
+            return new NotEligibleForSelfRevoke();
+        }
+
+        // Prevent the last owner from revoking themselves, which would brick the organization
+        if (organizationUser.Type == OrganizationUserType.Owner)
+        {
+            var hasOtherOwner = await hasConfirmedOwnersExceptQuery.HasConfirmedOwnersExceptAsync(
+                organizationId,
+                [organizationUser.Id],
+                includeProvider: true);
+
+            if (!hasOtherOwner)
+            {
+                return new LastOwnerCannotSelfRevoke();
+            }
+        }
+
+        await organizationUserRepository.RevokeAsync(organizationUser.Id);
+        await eventService.LogOrganizationUserEventAsync(organizationUser, EventType.OrganizationUser_SelfRevoked);
+        await pushNotificationService.PushSyncOrgKeysAsync(organizationUser.UserId!.Value);
+
+        return new None();
+    }
+}

src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/OrganizationDataOwnershipPolicyRequirement.cs

@@ -83,6 +83,24 @@ public bool IgnoreStorageLimitsOnMigration(Guid organizationId)
         return _policyDetails.Any(p => p.OrganizationId == organizationId &&
                                        p.OrganizationUserStatus == OrganizationUserStatusType.Confirmed);
     }
+
+    /// <summary>
+    /// Determines if a user is eligible for self-revocation under the Organization Data Ownership policy.
+    /// A user is eligible if they are a confirmed member of the organization and the policy is enabled.
+    /// This also handles exempt roles (Owner/Admin) and policy disabled state via the factory's Enforce predicate.
+    /// </summary>
+    /// <param name="organizationId">The organization ID to check.</param>
+    /// <returns>True if the user is eligible for self-revocation (policy applies to them), false otherwise.</returns>
+    /// <remarks>
+    /// Self-revoke is used to opt out of migrating the user's personal vault to the organization as required by this policy.
+    /// </remarks>
+    public bool EligibleForSelfRevoke(Guid organizationId)
+    {
+        var policyDetail = _policyDetails
+            .FirstOrDefault(p => p.OrganizationId == organizationId);
+
+        return policyDetail?.HasStatus([OrganizationUserStatusType.Confirmed]) ?? false;
+    }
 }
 
 public record DefaultCollectionRequest(Guid OrganizationUserId, bool ShouldCreateDefaultCollection)