[PM-29555] Add self-revoke endpoint for declining organization data ownership policy (#6739)

* Add OrganizationUser_SelfRevoked event type to EventType enum * Add SelfRevokeOrganizationUserCommand implementation and interface for user self-revocation from organizations * Add unit tests for SelfRevokeOrganizationUserCommand to validate user self-revocation logic, including success scenarios and various failure conditions. * Add ISelfRevokeOrganizationUserCommand registration to OrganizationServiceCollectionExtensions for user self-revocation functionality * Add self-revoke user functionality to OrganizationUsersController with new endpoint for user-initiated revocation * Add integration tests for self-revoke functionality in OrganizationUsersController, covering scenarios for eligible users, non-members, and users with owner/admin roles. * Add unit test for SelfRevokeOrganizationUserCommand to validate behavior when a user attempts to self-revoke without confirmation. This test checks for a BadRequestException with an appropriate message. * Add MemberRequirement class for organization membership authorization - Implemented MemberRequirement to check if a user is a member of the organization. - Added unit tests for MemberRequirement to validate authorization logic for different user types. * Update authorization requirement for self-revoke endpoint and add integration test for provider users - Changed authorization attribute from MemberOrProviderRequirement to MemberRequirement in the RevokeSelfAsync method. - Added a new integration test to verify that provider users who are not members receive a forbidden response when attempting to revoke themselves. * Add EligibleForSelfRevoke method to OrganizationDataOwnershipPolicyRequirement - Implemented the EligibleForSelfRevoke method to determine if a user can self-revoke their data ownership based on their membership status and policy state. - Added unit tests to validate the eligibility logic for confirmed, invited, and non-policy users, as well as for different organization IDs. * Refactor self-revoke user command to enhance eligibility checks - Updated the SelfRevokeOrganizationUserCommand to utilize policy requirements for determining user eligibility for self-revocation. - Implemented checks to prevent the last owner from revoking themselves, ensuring organizational integrity. - Modified unit tests to reflect changes in eligibility logic and added scenarios for confirmed owners and admins. - Removed deprecated policy checks and streamlined the command's dependencies. * Use CommandResult pattern in self-revoke command * Clearer documentation
2026-01-18 16:33:29 +00:00 · 2026-01-06 11:25:14 +00:00
parent 35868c2a65
commit 1b17d99bfd
12 changed files with 660 additions and 1 deletions
--- a/src/Api/AdminConsole/Authorization/Requirements/MemberRequirement.cs
+++ b/src/Api/AdminConsole/Authorization/Requirements/MemberRequirement.cs
@@ -0,0 +1,14 @@
+using Bit.Core.Context;
+
+namespace Bit.Api.AdminConsole.Authorization.Requirements;
+
+/// <summary>
+/// Requires that the user is a member of the organization.
+/// </summary>
+public class MemberRequirement : IOrganizationRequirement
+{
+    public Task<bool> AuthorizeAsync(
+        CurrentContextOrganization? organizationClaims,
+        Func<Task<bool>> isProviderUserForOrg)
+        => Task.FromResult(organizationClaims is not null);
+}
--- a/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs
+++ b/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs
@@ -19,6 +19,7 @@ using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.DeleteClaimed
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.RestoreUser.v1;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.SelfRevokeUser;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
 using Bit.Core.AdminConsole.Repositories;
@@ -81,6 +82,7 @@ public class OrganizationUsersController : BaseAdminConsoleController
    private readonly IInitPendingOrganizationCommand _initPendingOrganizationCommand;
    private readonly V1_RevokeOrganizationUserCommand _revokeOrganizationUserCommand;
    private readonly IAdminRecoverAccountCommand _adminRecoverAccountCommand;
+    private readonly ISelfRevokeOrganizationUserCommand _selfRevokeOrganizationUserCommand;

    public OrganizationUsersController(IOrganizationRepository organizationRepository,
        IOrganizationUserRepository organizationUserRepository,
@@ -112,7 +114,8 @@ public class OrganizationUsersController : BaseAdminConsoleController
        IBulkResendOrganizationInvitesCommand bulkResendOrganizationInvitesCommand,
        IAdminRecoverAccountCommand adminRecoverAccountCommand,
        IAutomaticallyConfirmOrganizationUserCommand automaticallyConfirmOrganizationUserCommand,
-        V2_RevokeOrganizationUserCommand.IRevokeOrganizationUserCommand revokeOrganizationUserCommandVNext)
+        V2_RevokeOrganizationUserCommand.IRevokeOrganizationUserCommand revokeOrganizationUserCommandVNext,
+        ISelfRevokeOrganizationUserCommand selfRevokeOrganizationUserCommand)
    {
        _organizationRepository = organizationRepository;
        _organizationUserRepository = organizationUserRepository;
@@ -145,6 +148,7 @@ public class OrganizationUsersController : BaseAdminConsoleController
        _initPendingOrganizationCommand = initPendingOrganizationCommand;
        _revokeOrganizationUserCommand = revokeOrganizationUserCommand;
        _adminRecoverAccountCommand = adminRecoverAccountCommand;
+        _selfRevokeOrganizationUserCommand = selfRevokeOrganizationUserCommand;
    }

    [HttpGet("{id}")]
@@ -635,6 +639,20 @@ public class OrganizationUsersController : BaseAdminConsoleController
        await RestoreOrRevokeUserAsync(orgId, id, _revokeOrganizationUserCommand.RevokeUserAsync);
    }

+    [HttpPut("revoke-self")]
+    [Authorize<MemberRequirement>]
+    public async Task<IResult> RevokeSelfAsync(Guid orgId)
+    {
+        var userId = _userService.GetProperUserId(User);
+        if (!userId.HasValue)
+        {
+            throw new UnauthorizedAccessException();
+        }
+
+        var result = await _selfRevokeOrganizationUserCommand.SelfRevokeUserAsync(orgId, userId.Value);
+        return Handle(result);
+    }
+
    [HttpPatch("{id}/revoke")]
    [Obsolete("This endpoint is deprecated. Use PUT method instead")]
    [Authorize<ManageUsersRequirement>]