Merge branch 'main' into billing/PM-19566/invoice-approved-provider

Author: amorask-bitwarden

bitwarden_license/src/Commercial.Core/SecretsManager/Queries/Projects/MaxProjectsQuery.cs

@@ -1,23 +1,26 @@
 using Bit.Core.Billing.Enums;
+using Bit.Core.Billing.Pricing;
 using Bit.Core.Exceptions;
 using Bit.Core.Repositories;
 using Bit.Core.SecretsManager.Queries.Projects.Interfaces;
 using Bit.Core.SecretsManager.Repositories;
-using Bit.Core.Utilities;
 
 namespace Bit.Commercial.Core.SecretsManager.Queries.Projects;
 
 public class MaxProjectsQuery : IMaxProjectsQuery
 {
     private readonly IOrganizationRepository _organizationRepository;
     private readonly IProjectRepository _projectRepository;
+    private readonly IPricingClient _pricingClient;
 
     public MaxProjectsQuery(
         IOrganizationRepository organizationRepository,
-        IProjectRepository projectRepository)
+        IProjectRepository projectRepository,
+        IPricingClient pricingClient)
     {
         _organizationRepository = organizationRepository;
         _projectRepository = projectRepository;
+        _pricingClient = pricingClient;
     }
 
     public async Task<(short? max, bool? overMax)> GetByOrgIdAsync(Guid organizationId, int projectsToAdd)
@@ -28,8 +31,7 @@ public MaxProjectsQuery(
             throw new NotFoundException();
         }
 
-        // TODO: PRICING -> https://bitwarden.atlassian.net/browse/PM-17122
-        var plan = StaticStore.GetPlan(org.PlanType);
+        var plan = await _pricingClient.GetPlan(org.PlanType);
         if (plan?.SecretsManager == null)
         {
             throw new BadRequestException("Existing plan not found.");

bitwarden_license/test/Commercial.Core.Test/SecretsManager/Queries/Projects/MaxProjectsQueryTests.cs

@@ -1,9 +1,11 @@
 using Bit.Commercial.Core.SecretsManager.Queries.Projects;
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.Billing.Enums;
+using Bit.Core.Billing.Pricing;
 using Bit.Core.Exceptions;
 using Bit.Core.Repositories;
 using Bit.Core.SecretsManager.Repositories;
+using Bit.Core.Utilities;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
 using NSubstitute;
@@ -66,6 +68,9 @@ public async Task GetByOrgIdAsync_SmNoneFreePlans_ReturnsNull(PlanType planType,
         SutProvider<MaxProjectsQuery> sutProvider, Organization organization)
     {
         organization.PlanType = planType;
+
+        sutProvider.GetDependency<IPricingClient>().GetPlan(planType).Returns(StaticStore.GetPlan(planType));
+
         sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
 
         var (limit, overLimit) = await sutProvider.Sut.GetByOrgIdAsync(organization.Id, 1);
@@ -106,6 +111,9 @@ public async Task GetByOrgIdAsync_SmFreePlan__Success(PlanType planType, int pro
         SutProvider<MaxProjectsQuery> sutProvider, Organization organization)
     {
         organization.PlanType = planType;
+
+        sutProvider.GetDependency<IPricingClient>().GetPlan(planType).Returns(StaticStore.GetPlan(planType));
+
         sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
         sutProvider.GetDependency<IProjectRepository>().GetProjectCountByOrganizationIdAsync(organization.Id)
             .Returns(projects);

src/Admin/AdminConsole/Models/OrganizationEditModel.cs

@@ -86,6 +86,7 @@ public OrganizationEditModel(
         UseApi = org.UseApi;
         UseSecretsManager = org.UseSecretsManager;
         UseRiskInsights = org.UseRiskInsights;
+        UseAdminSponsoredFamilies = org.UseAdminSponsoredFamilies;
         UseResetPassword = org.UseResetPassword;
         SelfHost = org.SelfHost;
         UsersGetPremium = org.UsersGetPremium;
@@ -154,6 +155,8 @@ public OrganizationEditModel(
     public new bool UseSecretsManager { get; set; }
     [Display(Name = "Risk Insights")]
     public new bool UseRiskInsights { get; set; }
+    [Display(Name = "Admin Sponsored Families")]
+    public bool UseAdminSponsoredFamilies { get; set; }
     [Display(Name = "Self Host")]
     public bool SelfHost { get; set; }
     [Display(Name = "Users Get Premium")]
@@ -295,6 +298,7 @@ public Organization ToOrganization(Organization existingOrganization)
         existingOrganization.UseApi = UseApi;
         existingOrganization.UseSecretsManager = UseSecretsManager;
         existingOrganization.UseRiskInsights = UseRiskInsights;
+        existingOrganization.UseAdminSponsoredFamilies = UseAdminSponsoredFamilies;
         existingOrganization.UseResetPassword = UseResetPassword;
         existingOrganization.SelfHost = SelfHost;
         existingOrganization.UsersGetPremium = UsersGetPremium;

src/Api/AdminConsole/Models/Response/Organizations/OrganizationResponseModel.cs

@@ -64,6 +64,7 @@ public OrganizationResponseModel(
         LimitItemDeletion = organization.LimitItemDeletion;
         AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems;
         UseRiskInsights = organization.UseRiskInsights;
+        UseAdminSponsoredFamilies = organization.UseAdminSponsoredFamilies;
     }
 
     public Guid Id { get; set; }
@@ -110,6 +111,7 @@ public OrganizationResponseModel(
     public bool LimitItemDeletion { get; set; }
     public bool AllowAdminAccessToAllCollectionItems { get; set; }
     public bool UseRiskInsights { get; set; }
+    public bool UseAdminSponsoredFamilies { get; set; }
 }
 
 public class OrganizationSubscriptionResponseModel : OrganizationResponseModel

src/Api/AdminConsole/Models/Response/ProfileOrganizationResponseModel.cs

@@ -72,6 +72,7 @@ public ProfileOrganizationResponseModel(
         AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems;
         UserIsClaimedByOrganization = organizationIdsClaimingUser.Contains(organization.OrganizationId);
         UseRiskInsights = organization.UseRiskInsights;
+        UseAdminSponsoredFamilies = organization.UseAdminSponsoredFamilies;
 
         if (organization.SsoConfig != null)
         {
@@ -155,4 +156,5 @@ public bool UserIsManagedByOrganization
     /// </returns>
     public bool UserIsClaimedByOrganization { get; set; }
     public bool UseRiskInsights { get; set; }
+    public bool UseAdminSponsoredFamilies { get; set; }
 }

src/Api/AdminConsole/Models/Response/ProfileProviderOrganizationResponseModel.cs

@@ -50,5 +50,6 @@ public ProfileProviderOrganizationResponseModel(ProviderUserOrganizationDetails
         LimitItemDeletion = organization.LimitItemDeletion;
         AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems;
         UseRiskInsights = organization.UseRiskInsights;
+        UseAdminSponsoredFamilies = organization.UseAdminSponsoredFamilies;
     }
 }

src/Api/Billing/Controllers/OrganizationSponsorshipsController.cs

@@ -84,10 +84,27 @@ public async Task CreateSponsorship(Guid sponsoringOrgId, [FromBody] Organizatio
             throw new BadRequestException("Free Bitwarden Families sponsorship has been disabled by your organization administrator.");
         }
 
+        if (!_featureService.IsEnabled(Bit.Core.FeatureFlagKeys.PM17772_AdminInitiatedSponsorships))
+        {
+            if (model.SponsoringUserId.HasValue)
+            {
+                throw new NotFoundException();
+            }
+
+            if (!string.IsNullOrWhiteSpace(model.Notes))
+            {
+                model.Notes = null;
+            }
+        }
+
+        var targetUser = model.SponsoringUserId ?? _currentContext.UserId!.Value;
         var sponsorship = await _createSponsorshipCommand.CreateSponsorshipAsync(
             sponsoringOrg,
-            await _organizationUserRepository.GetByOrganizationAsync(sponsoringOrgId, _currentContext.UserId ?? default),
-            model.PlanSponsorshipType, model.SponsoredEmail, model.FriendlyName);
+            await _organizationUserRepository.GetByOrganizationAsync(sponsoringOrgId, targetUser),
+            model.PlanSponsorshipType,
+            model.SponsoredEmail,
+            model.FriendlyName,
+            model.Notes);
         await _sendSponsorshipOfferCommand.SendSponsorshipOfferAsync(sponsorship, sponsoringOrg.Name);
     }
 

src/Api/Controllers/SelfHosted/SelfHostedOrganizationSponsorshipsController.cs

@@ -3,6 +3,7 @@
 using Bit.Core.Exceptions;
 using Bit.Core.OrganizationFeatures.OrganizationSponsorships.FamiliesForEnterprise.Interfaces;
 using Bit.Core.Repositories;
+using Bit.Core.Services;
 using Bit.Core.Utilities;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
@@ -20,14 +21,16 @@ public class SelfHostedOrganizationSponsorshipsController : Controller
     private readonly ICreateSponsorshipCommand _offerSponsorshipCommand;
     private readonly IRevokeSponsorshipCommand _revokeSponsorshipCommand;
     private readonly ICurrentContext _currentContext;
+    private readonly IFeatureService _featureService;
 
     public SelfHostedOrganizationSponsorshipsController(
         ICreateSponsorshipCommand offerSponsorshipCommand,
         IRevokeSponsorshipCommand revokeSponsorshipCommand,
         IOrganizationRepository organizationRepository,
         IOrganizationSponsorshipRepository organizationSponsorshipRepository,
         IOrganizationUserRepository organizationUserRepository,
-        ICurrentContext currentContext
+        ICurrentContext currentContext,
+        IFeatureService featureService
     )
     {
         _offerSponsorshipCommand = offerSponsorshipCommand;
@@ -36,15 +39,29 @@ ICurrentContext currentContext
         _organizationSponsorshipRepository = organizationSponsorshipRepository;
         _organizationUserRepository = organizationUserRepository;
         _currentContext = currentContext;
+        _featureService = featureService;
     }
 
     [HttpPost("{sponsoringOrgId}/families-for-enterprise")]
     public async Task CreateSponsorship(Guid sponsoringOrgId, [FromBody] OrganizationSponsorshipCreateRequestModel model)
     {
+        if (!_featureService.IsEnabled(Bit.Core.FeatureFlagKeys.PM17772_AdminInitiatedSponsorships))
+        {
+            if (model.SponsoringUserId.HasValue)
+            {
+                throw new NotFoundException();
+            }
+
+            if (!string.IsNullOrWhiteSpace(model.Notes))
+            {
+                model.Notes = null;
+            }
+        }
+
         await _offerSponsorshipCommand.CreateSponsorshipAsync(
             await _organizationRepository.GetByIdAsync(sponsoringOrgId),
-            await _organizationUserRepository.GetByOrganizationAsync(sponsoringOrgId, _currentContext.UserId ?? default),
-            model.PlanSponsorshipType, model.SponsoredEmail, model.FriendlyName);
+            await _organizationUserRepository.GetByOrganizationAsync(sponsoringOrgId, model.SponsoringUserId ?? _currentContext.UserId ?? default),
+            model.PlanSponsorshipType, model.SponsoredEmail, model.FriendlyName, model.Notes);
     }
 
     [HttpDelete("{sponsoringOrgId}")]

src/Api/Models/Request/Organizations/OrganizationSponsorshipCreateRequestModel.cs

@@ -16,4 +16,14 @@ public class OrganizationSponsorshipCreateRequestModel
 
     [StringLength(256)]
     public string FriendlyName { get; set; }
+
+    /// <summary>
+    /// (optional) The user to target for the sponsorship.
+    /// </summary>
+    /// <remarks>Left empty when creating a sponsorship for the authenticated user.</remarks>
+    public Guid? SponsoringUserId { get; set; }
+
+    [EncryptedString]
+    [EncryptedStringLength(512)]
+    public string Notes { get; set; }
 }

src/Core/AdminConsole/Entities/Organization.cs

@@ -114,6 +114,11 @@ public class Organization : ITableObject<Guid>, IStorableSubscriber, IRevisable,
     /// </summary>
     public bool UseRiskInsights { get; set; }
 
+    /// <summary>
+    /// If set to true, admins can initiate organization-issued sponsorships.
+    /// </summary>
+    public bool UseAdminSponsoredFamilies { get; set; }
+
     public void SetNewId()
     {
         if (Id == default(Guid))

src/Core/AdminConsole/Models/Data/Organizations/OrganizationAbility.cs

@@ -26,6 +26,7 @@ public OrganizationAbility(Organization organization)
         LimitItemDeletion = organization.LimitItemDeletion;
         AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems;
         UseRiskInsights = organization.UseRiskInsights;
+        UseAdminSponsoredFamilies = organization.UseAdminSponsoredFamilies;
     }
 
     public Guid Id { get; set; }
@@ -45,4 +46,5 @@ public OrganizationAbility(Organization organization)
     public bool LimitItemDeletion { get; set; }
     public bool AllowAdminAccessToAllCollectionItems { get; set; }
     public bool UseRiskInsights { get; set; }
+    public bool UseAdminSponsoredFamilies { get; set; }
 }

src/Core/AdminConsole/Models/Data/Organizations/OrganizationUsers/OrganizationUserOrganizationDetails.cs

@@ -59,4 +59,5 @@ public class OrganizationUserOrganizationDetails
     public bool LimitItemDeletion { get; set; }
     public bool AllowAdminAccessToAllCollectionItems { get; set; }
     public bool UseRiskInsights { get; set; }
+    public bool UseAdminSponsoredFamilies { get; set; }
 }

src/Core/AdminConsole/Models/Data/Provider/ProviderUserOrganizationDetails.cs

@@ -45,5 +45,6 @@ public class ProviderUserOrganizationDetails
     public bool LimitItemDeletion { get; set; }
     public bool AllowAdminAccessToAllCollectionItems { get; set; }
     public bool UseRiskInsights { get; set; }
+    public bool UseAdminSponsoredFamilies { get; set; }
     public ProviderType ProviderType { get; set; }
 }

src/Core/Billing/Services/Implementations/OrganizationBillingService.cs

@@ -91,6 +91,15 @@ public async Task Finalize(OrganizationSale sale)
 
         var subscription = await subscriberService.GetSubscription(organization);
 
+        if (customer == null || subscription == null)
+        {
+            return OrganizationMetadata.Default with
+            {
+                IsEligibleForSelfHost = isEligibleForSelfHost,
+                IsManaged = isManaged
+            };
+        }
+
         var isOnSecretsManagerStandalone = await IsOnSecretsManagerStandalone(organization, customer, subscription);
 
         var invoice = !string.IsNullOrEmpty(subscription.LatestInvoiceId)

src/Core/Constants.cs

@@ -141,6 +141,7 @@ public static class FeatureFlagKeys
     /* Billing Team */
     public const string AC2101UpdateTrialInitiationEmail = "AC-2101-update-trial-initiation-email";
     public const string TrialPayment = "PM-8163-trial-payment";
+    public const string PM17772_AdminInitiatedSponsorships = "pm-17772-admin-initiated-sponsorships";
     public const string UsePricingService = "use-pricing-service";
     public const string P15179_AddExistingOrgsFromProviderPortal = "pm-15179-add-existing-orgs-from-provider-portal";
     public const string PM12276Breadcrumbing = "pm-12276-breadcrumbing-for-business-features";

src/Core/Entities/OrganizationSponsorship.cs

@@ -20,6 +20,8 @@ public class OrganizationSponsorship : ITableObject<Guid>
     public DateTime? LastSyncDate { get; set; }
     public DateTime? ValidUntil { get; set; }
     public bool ToDelete { get; set; }
+    public bool IsAdminInitiated { get; set; }
+    public string? Notes { get; set; }
 
     public void SetNewId()
     {

src/Core/Models/Data/Organizations/OrganizationSponsorships/OrganizationSponsorshipData.cs

@@ -16,6 +16,8 @@ public OrganizationSponsorshipData(OrganizationSponsorship sponsorship)
         LastSyncDate = sponsorship.LastSyncDate;
         ValidUntil = sponsorship.ValidUntil;
         ToDelete = sponsorship.ToDelete;
+        IsAdminInitiated = sponsorship.IsAdminInitiated;
+        Notes = sponsorship.Notes;
     }
     public Guid SponsoringOrganizationUserId { get; set; }
     public Guid? SponsoredOrganizationId { get; set; }
@@ -25,6 +27,8 @@ public OrganizationSponsorshipData(OrganizationSponsorship sponsorship)
     public DateTime? LastSyncDate { get; set; }
     public DateTime? ValidUntil { get; set; }
     public bool ToDelete { get; set; }
+    public bool IsAdminInitiated { get; set; }
+    public string Notes { get; set; }
 
     public bool CloudSponsorshipRemoved { get; set; }
 }

src/Core/OrganizationFeatures/OrganizationSponsorships/FamiliesForEnterprise/Cloud/ValidateSponsorshipCommand.cs

@@ -112,6 +112,13 @@ public async Task<bool> ValidateSponsorshipAsync(Guid sponsoredOrganizationId)
             return false;
         }
 
+        if (existingSponsorship.IsAdminInitiated && !sponsoringOrganization.UseAdminSponsoredFamilies)
+        {
+            _logger.LogWarning("Admin initiated sponsorship for sponsored Organization {SponsoredOrganizationId} is not allowed because sponsoring organization does not have UseAdminSponsoredFamilies enabled", sponsoredOrganizationId);
+            await CancelSponsorshipAsync(sponsoredOrganization, existingSponsorship);
+            return false;
+        }
+
         var sponsoringOrgProductTier = sponsoringOrganization.PlanType.GetProductTier();
 
         if (sponsoredPlan.SponsoringProductTierType != sponsoringOrgProductTier)