properly handle patch operations with path values (#2190)

2025-12-20 10:13:39 +00:00 · 2022-08-15 12:08:55 -04:00
parent a89bfdfe2b
commit 62f29efb00
2 changed files with 96 additions and 78 deletions
--- a/bitwarden_license/src/Scim/Controllers/v2/UsersController.cs
+++ b/bitwarden_license/src/Scim/Controllers/v2/UsersController.cs
@@ -224,23 +224,29 @@ namespace Bit.Scim.Controllers.v2
            }

            var operationHandled = false;
-
-            var replaceOp = model.Operations?.FirstOrDefault(o =>
-                o.Op?.ToLowerInvariant() == "replace");
-            if (replaceOp != null)
+            foreach (var operation in model.Operations)
            {
-                if (replaceOp.Value.TryGetProperty("active", out var activeProperty))
+                // Replace operations
+                if (operation.Op?.ToLowerInvariant() == "replace")
                {
-                    var active = activeProperty.GetBoolean();
-                    if (active && orgUser.Status == OrganizationUserStatusType.Revoked)
+                    // Active from path
+                    if (operation.Path?.ToLowerInvariant() == "active")
                    {
-                        await _organizationService.RestoreUserAsync(orgUser, null, _userService);
-                        operationHandled = true;
+                        var handled = await HandleActiveOperationAsync(orgUser, operation.Value.GetBoolean());
+                        if (!operationHandled)
+                        {
+                            operationHandled = handled;
+                        }
                    }
-                    else if (!active && orgUser.Status != OrganizationUserStatusType.Revoked)
+                    // Active from value object
+                    else if (string.IsNullOrWhiteSpace(operation.Path) &&
+                        operation.Value.TryGetProperty("active", out var activeProperty))
                    {
-                        await _organizationService.RevokeUserAsync(orgUser, null);
-                        operationHandled = true;
+                        var handled = await HandleActiveOperationAsync(orgUser, activeProperty.GetBoolean());
+                        if (!operationHandled)
+                        {
+                            operationHandled = handled;
+                        }
                    }
                }
            }
@@ -269,5 +275,20 @@ namespace Bit.Scim.Controllers.v2
            await _organizationService.DeleteUserAsync(organizationId, id, null);
            return new NoContentResult();
        }
+
+        private async Task<bool> HandleActiveOperationAsync(Core.Entities.OrganizationUser orgUser, bool active)
+        {
+            if (active && orgUser.Status == OrganizationUserStatusType.Revoked)
+            {
+                await _organizationService.RestoreUserAsync(orgUser, null, _userService);
+                return true;
+            }
+            else if (!active && orgUser.Status != OrganizationUserStatusType.Revoked)
+            {
+                await _organizationService.RevokeUserAsync(orgUser, null);
+                return true;
+            }
+            return false;
+        }
    }
 }