[PM-22405] Add debugging instrument for finding invalid OrganizationUser state. (#5955)

2026-01-03 00:53:37 +00:00 · 2025-06-30 09:45:15 -04:00
parent 4eb2134e10
commit 1da39aa2b8
4 changed files with 198 additions and 1 deletions
--- a/src/Core/AdminConsole/Services/Implementations/OrganizationService.cs
+++ b/src/Core/AdminConsole/Services/Implementations/OrganizationService.cs
@@ -11,6 +11,7 @@ using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
 using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.AdminConsole.Services;
+using Bit.Core.AdminConsole.Utilities.DebuggingInstruments;
 using Bit.Core.Auth.Enums;
 using Bit.Core.Auth.Repositories;
 using Bit.Core.Billing.Constants;
@@ -900,6 +901,8 @@ public class OrganizationService : IOrganizationService
        IEnumerable<Guid> organizationUsersId)
    {
        var orgUsers = await _organizationUserRepository.GetManyAsync(organizationUsersId);
+        _logger.LogUserInviteStateDiagnostics(orgUsers);
+
        var org = await GetOrgById(organizationId);

        var result = new List<Tuple<OrganizationUser, string>>();
@@ -928,6 +931,8 @@ public class OrganizationService : IOrganizationService
            throw new BadRequestException("User invalid.");
        }

+        _logger.LogUserInviteStateDiagnostics(orgUser);
+
        var org = await GetOrgById(orgUser.OrganizationId);
        await SendInviteAsync(orgUser, org, initOrganization);
    }
--- a/src/Core/AdminConsole/Utilities/DebuggingInstruments/UserInviteDebuggingLogger.cs
+++ b/src/Core/AdminConsole/Utilities/DebuggingInstruments/UserInviteDebuggingLogger.cs
@@ -0,0 +1,67 @@
+using System.Text.Json;
+using Bit.Core.Entities;
+using Bit.Core.Enums;
+using Microsoft.Extensions.Logging;
+using Quartz.Util;
+
+namespace Bit.Core.AdminConsole.Utilities.DebuggingInstruments;
+
+/// <summary>
+/// Temporary code: Log warning when OrganizationUser is in an invalid state,
+/// so we can identify which flow is causing the issue through Datadog.
+/// </summary>
+public static class UserInviteDebuggingLogger
+{
+    public static void LogUserInviteStateDiagnostics(this ILogger logger, OrganizationUser orgUser)
+    {
+        LogUserInviteStateDiagnostics(logger, [orgUser]);
+    }
+
+    public static void LogUserInviteStateDiagnostics(this ILogger logger, IEnumerable<OrganizationUser> allOrgUsers)
+    {
+        try
+        {
+            var invalidInviteState = allOrgUsers.Any(user => user.Status == OrganizationUserStatusType.Invited && user.Email.IsNullOrWhiteSpace());
+
+            if (invalidInviteState)
+            {
+                var logData = MapObjectDataToLog(allOrgUsers);
+                logger.LogWarning("Warning invalid invited state. {logData}", logData);
+            }
+
+            var invalidConfirmedOrAcceptedState = allOrgUsers.Any(user => (user.Status == OrganizationUserStatusType.Confirmed || user.Status == OrganizationUserStatusType.Accepted) && !user.Email.IsNullOrWhiteSpace());
+
+            if (invalidConfirmedOrAcceptedState)
+            {
+                var logData = MapObjectDataToLog(allOrgUsers);
+                logger.LogWarning("Warning invalid confirmed or accepted state. {logData}", logData);
+            }
+        }
+        catch (Exception exception)
+        {
+
+            // Ensure that this debugging instrument does not interfere with the current flow.
+            logger.LogWarning(exception, "Unexpected exception from UserInviteDebuggingLogger");
+        }
+    }
+
+    private static string MapObjectDataToLog(IEnumerable<OrganizationUser> allOrgUsers)
+    {
+        var log = allOrgUsers.Select(allOrgUser => new
+        {
+            allOrgUser.OrganizationId,
+            allOrgUser.Status,
+            hasEmail = !allOrgUser.Email.IsNullOrWhiteSpace(),
+            userId = allOrgUser.UserId,
+            allOrgUserId = allOrgUser.Id
+        });
+
+        var options = new JsonSerializerOptions
+        {
+            PropertyNamingPolicy = JsonNamingPolicy.CamelCase,
+            WriteIndented = true
+        };
+
+        return JsonSerializer.Serialize(log, options);
+    }
+}
--- a/src/Infrastructure.Dapper/AdminConsole/Repositories/OrganizationUserRepository.cs
+++ b/src/Infrastructure.Dapper/AdminConsole/Repositories/OrganizationUserRepository.cs
@@ -3,6 +3,7 @@ using System.Text.Json;
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Enums;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Models;
+using Bit.Core.AdminConsole.Utilities.DebuggingInstruments;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.KeyManagement.UserKey;
@@ -12,6 +13,7 @@ using Bit.Core.Repositories;
 using Bit.Core.Settings;
 using Dapper;
 using Microsoft.Data.SqlClient;
+using Microsoft.Extensions.Logging;

 #nullable enable

@@ -25,8 +27,9 @@ public class OrganizationUserRepository : Repository<OrganizationUser, Guid>, IO
    /// https://github.com/dotnet/SqlClient/issues/54
    /// </summary>
    private string _marsConnectionString;
+    private readonly ILogger<OrganizationUserRepository> _logger;

-    public OrganizationUserRepository(GlobalSettings globalSettings)
+    public OrganizationUserRepository(GlobalSettings globalSettings, ILogger<OrganizationUserRepository> logger)
        : base(globalSettings.SqlServer.ConnectionString, globalSettings.SqlServer.ReadOnlyConnectionString)
    {
        var builder = new SqlConnectionStringBuilder(ConnectionString)
@@ -34,6 +37,7 @@ public class OrganizationUserRepository : Repository<OrganizationUser, Guid>, IO
            MultipleActiveResultSets = true,
        };
        _marsConnectionString = builder.ToString();
+        _logger = logger;
    }

    public async Task<int> GetCountByOrganizationIdAsync(Guid organizationId)
@@ -305,6 +309,8 @@ public class OrganizationUserRepository : Repository<OrganizationUser, Guid>, IO

    public async Task<Guid> CreateAsync(OrganizationUser obj, IEnumerable<CollectionAccessSelection> collections)
    {
+        _logger.LogUserInviteStateDiagnostics(obj);
+
        obj.SetNewId();
        var objWithCollections = JsonSerializer.Deserialize<OrganizationUserWithCollections>(
            JsonSerializer.Serialize(obj))!;
@@ -323,6 +329,8 @@ public class OrganizationUserRepository : Repository<OrganizationUser, Guid>, IO

    public async Task ReplaceAsync(OrganizationUser obj, IEnumerable<CollectionAccessSelection> collections)
    {
+        _logger.LogUserInviteStateDiagnostics(obj);
+
        var objWithCollections = JsonSerializer.Deserialize<OrganizationUserWithCollections>(
            JsonSerializer.Serialize(obj))!;
        objWithCollections.Collections = collections.ToArrayTVP();
@@ -406,6 +414,8 @@ public class OrganizationUserRepository : Repository<OrganizationUser, Guid>, IO

    public async Task<ICollection<Guid>?> CreateManyAsync(IEnumerable<OrganizationUser> organizationUsers)
    {
+        _logger.LogUserInviteStateDiagnostics(organizationUsers);
+
        organizationUsers = organizationUsers.ToList();
        if (!organizationUsers.Any())
        {
@@ -430,6 +440,8 @@ public class OrganizationUserRepository : Repository<OrganizationUser, Guid>, IO

    public async Task ReplaceManyAsync(IEnumerable<OrganizationUser> organizationUsers)
    {
+        _logger.LogUserInviteStateDiagnostics(organizationUsers);
+
        organizationUsers = organizationUsers.ToList();
        if (!organizationUsers.Any())
        {