bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2025-12-24 12:13:17 +00:00
Code Issues Releases Wiki Activity

Create sponsorship offer (#1688)

Browse Source
This commit is contained in:
Matt Gibson
2021-11-04 08:25:40 -05:00
committed by Justin Baur
parent d7642d692b
commit 1b6d1b52a3
6 changed files with 351 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/Api/Controllers/OrganizationSponsorshipsController.cs
View File

@@ -8,6 +8,7 @@ using Bit.Core.Models.Api;
using Bit.Core.Models.Api.Request;
using Bit.Core.Repositories;
using Bit.Core.Services;
using Bit.Core.Utilities;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
@@ -36,6 +37,7 @@ namespace Bit.Api.Controllers
}
[HttpPost("{sponsoringOrgId}/families-for-enterprise")]
[SelfHosted(NotSelfHostedOnly = true)]
public async Task CreateSponsorship(string sponsoringOrgId, [FromBody] OrganizationSponsorshipRequestModel model)
{
// TODO: validate has right to sponsor, send sponsorship email
@@ -66,13 +68,18 @@ namespace Bit.Api.Controllers
}
[HttpPost("sponsored/redeem/families-for-enterprise")]
public async Task RedeemSponsorship([FromQuery] string sponsorshipInfo, [FromBody] OrganizationSponsorshipRedeemRequestModel model)
[SelfHosted(NotSelfHostedOnly = true)]
public async Task RedeemSponsorship([FromQuery] string sponsorshipToken, [FromBody] OrganizationSponsorshipRedeemRequestModel model)
{
// TODO: parse out sponsorshipInfo
if (!await _organizationsSponsorshipService.ValidateRedemptionTokenAsync(sponsorshipToken))
{
throw new BadRequestException("Failed to parse sponsorship token.");
}
if (!await _currentContext.OrganizationOwner(model.SponsoredOrganizationId))
{
throw new BadRequestException("Can only redeem sponsorship for an organization you own");
throw new BadRequestException("Can only redeem sponsorship for an organization you own.");
}
var existingSponsorshipOffer = await _organizationSponsorshipRepository
.GetByOfferedToEmailAsync(_currentContext.User.Email);
@@ -80,6 +87,10 @@ namespace Bit.Api.Controllers
{
throw new BadRequestException("No unredeemed sponsorship offer exists for you.");
}
if (_currentContext.User.Email != existingSponsorshipOffer.OfferedToEmail)
{
throw new BadRequestException("This sponsorship offer was issued to a different user email address.");
}
var existingOrgSponsorship = await _organizationSponsorshipRepository
.GetBySponsoredOrganizationIdAsync(model.SponsoredOrganizationId);
@@ -87,16 +98,12 @@ namespace Bit.Api.Controllers
{
throw new BadRequestException("Cannot redeem a sponsorship offer for an organization that is already sponsored. Revoke existing sponsorship first.");
}
if (_currentContext.User.Email != existingOrgSponsorship.OfferedToEmail)
{
throw new BadRequestException("This sponsorship offer was issued to a different user email address.");
}
var organizationToSponsor = await _organizationRepository.GetByIdAsync(model.SponsoredOrganizationId);
// TODO: only current families plan?
if (organizationToSponsor == null || !PlanTypeHelper.HasFamiliesPlan(organizationToSponsor))
{
throw new BadRequestException("Can only redeem sponsorship offer on families organizations");
throw new BadRequestException("Can only redeem sponsorship offer on families organizations.");
}
await _organizationsSponsorshipService.SetUpSponsorshipAsync(existingSponsorshipOffer, organizationToSponsor);
@@ -104,6 +111,7 @@ namespace Bit.Api.Controllers
[HttpDelete("{sponsoringOrgUserId}")]
[HttpPost("{sponsoringOrgUserId}/delete")]
[SelfHosted(NotSelfHostedOnly = true)]
public async Task RevokeSponsorship(string sponsoringOrgUserId)
{
var sponsoringOrgUserIdGuid = new Guid(sponsoringOrgUserId);
@@ -126,6 +134,7 @@ namespace Bit.Api.Controllers
[HttpDelete("sponsored/{sponsoredOrgId}")]
[HttpPost("sponsored/{sponsoredOrgId}/remove")]
[SelfHosted(NotSelfHostedOnly = true)]
public async Task RemoveSponsorship(string sponsoredOrgId)
{
var sponsoredOrgIdGuid = new Guid(sponsoredOrgId);

1
src/Core/Services/IOrganizationSponsorshipService.cs
View File

@@ -5,6 +5,7 @@ namespace Bit.Core.Services
{
public interface IOrganizationSponsorshipService
{
Task<bool> ValidateRedemptionTokenAsync(string encryptedToken);
Task OfferSponsorshipAsync(Organization sponsoringOrg, OrganizationUser sponsoringOrgUser, string sponsoredEmail);
Task SetUpSponsorshipAsync(OrganizationSponsorship sponsorship, Organization sponsoredOrganization);
Task RemoveSponsorshipAsync(OrganizationSponsorship sponsorship);

72
src/Core/Services/Implementations/OrganizationSponsorshipService.cs
View File

@@ -2,27 +2,89 @@ using System;
using System.Threading.Tasks;
using Bit.Core.Models.Table;
using Bit.Core.Repositories;
using Microsoft.AspNetCore.DataProtection;
namespace Bit.Core.Services
{
public class OrganizationSponsorshipService : IOrganizationSponsorshipService
{
private readonly IOrganizationSponsorshipRepository _organizationSponsorshipRepository;
private const string FamiliesForEnterpriseTokenName = "FamiliesForEnterpriseToken";
private const string TokenClearTextPrefix = "BWOrganizationSponsorship_";
public OrganizationSponsorshipService(IOrganizationSponsorshipRepository organizationSponsorshipRepository)
private readonly IOrganizationSponsorshipRepository _organizationSponsorshipRepository;
private readonly IDataProtector _dataProtector;
public OrganizationSponsorshipService(IOrganizationSponsorshipRepository organizationSponsorshipRepository,
IDataProtector dataProtector)
{
_organizationSponsorshipRepository = organizationSponsorshipRepository;
_dataProtector = dataProtector;
}
public async Task<bool> ValidateRedemptionTokenAsync(string encryptedToken)
{
if (!encryptedToken.StartsWith(TokenClearTextPrefix))
{
return false;
}
var decryptedToken = _dataProtector.Unprotect(encryptedToken);
var dataParts = decryptedToken.Split(' ');
if (dataParts.Length != 2)
{
return false;
}
if (dataParts[0].Equals(FamiliesForEnterpriseTokenName))
{
if (!Guid.TryParse(dataParts[1], out Guid sponsorshipId))
{
return false;
}
var sponsorship = await _organizationSponsorshipRepository.GetByIdAsync(sponsorshipId);
return sponsorship != null;
}
return false;
}
private string RedemptionToken(Guid sponsorshipId) =>
string.Concat(
TokenClearTextPrefix,
_dataProtector.Protect($"{FamiliesForEnterpriseTokenName} {sponsorshipId}")
);
public async Task OfferSponsorshipAsync(Organization sponsoringOrg, OrganizationUser sponsoringOrgUser, string sponsoredEmail)
{
// TODO: send sponsorship email, update sponsorship with offered email
throw new NotImplementedException();
var sponsorship = new OrganizationSponsorship
{
SponsoringOrganizationId = sponsoringOrg.Id,
SponsoringOrganizationUserId = sponsoringOrgUser.Id,
OfferedToEmail = sponsoredEmail,
CloudSponsor = true,
};
try
{
sponsorship = await _organizationSponsorshipRepository.CreateAsync(sponsorship);
// TODO: send email to sponsoredEmail w/ redemption token link
}
catch
{
if (sponsorship.Id != default)
{
await _organizationSponsorshipRepository.DeleteAsync(sponsorship);
}
throw;
}
}
public async Task SetUpSponsorshipAsync(OrganizationSponsorship sponsorship, Organization sponsoredOrganization)
{
// TODO: set up sponsorship
// TODO: set up sponsorship, remember remove offeredToEmail from sponsorship
throw new NotImplementedException();
}