2017-03-03 00:07:11 -05:00
|
|
|
|
using System;
|
2017-03-09 23:58:43 -05:00
|
|
|
|
using System.Collections.Generic;
|
2017-08-14 21:25:06 -04:00
|
|
|
|
using System.IO;
|
2017-03-03 00:07:11 -05:00
|
|
|
|
using System.Linq;
|
2021-01-12 11:02:39 -05:00
|
|
|
|
using System.Text.Json;
|
2017-03-03 00:07:11 -05:00
|
|
|
|
using System.Threading.Tasks;
|
|
|
|
|
|
using Bit.Core.Context;
|
2022-01-11 10:40:51 +01:00
|
|
|
|
using Bit.Core.Entities;
|
2017-04-10 10:44:27 -04:00
|
|
|
|
using Bit.Core.Enums;
|
2017-03-03 00:07:11 -05:00
|
|
|
|
using Bit.Core.Exceptions;
|
|
|
|
|
|
using Bit.Core.Models.Business;
|
2017-05-11 14:52:35 -04:00
|
|
|
|
using Bit.Core.Models.Data;
|
2017-03-03 00:07:11 -05:00
|
|
|
|
using Bit.Core.Repositories;
|
2021-02-22 15:35:16 -06:00
|
|
|
|
using Bit.Core.Settings;
|
2017-03-03 00:07:11 -05:00
|
|
|
|
using Bit.Core.Utilities;
|
2017-03-23 00:17:34 -04:00
|
|
|
|
using Microsoft.AspNetCore.DataProtection;
|
2021-09-23 06:36:08 -04:00
|
|
|
|
using Microsoft.Extensions.Logging;
|
2017-04-04 10:13:16 -04:00
|
|
|
|
using Stripe;
|
2017-03-03 00:07:11 -05:00
|
|
|
|
|
|
|
|
|
|
namespace Bit.Core.Services
|
|
|
|
|
|
{
|
|
|
|
|
|
public class OrganizationService : IOrganizationService
|
|
|
|
|
|
{
|
|
|
|
|
|
private readonly IOrganizationRepository _organizationRepository;
|
|
|
|
|
|
private readonly IOrganizationUserRepository _organizationUserRepository;
|
2017-04-27 09:19:30 -04:00
|
|
|
|
private readonly ICollectionRepository _collectionRepository;
|
2017-03-04 21:28:41 -05:00
|
|
|
|
private readonly IUserRepository _userRepository;
|
2017-05-13 12:00:40 -04:00
|
|
|
|
private readonly IGroupRepository _groupRepository;
|
2017-03-23 00:17:34 -04:00
|
|
|
|
private readonly IDataProtector _dataProtector;
|
|
|
|
|
|
private readonly IMailService _mailService;
|
2017-05-26 22:52:50 -04:00
|
|
|
|
private readonly IPushNotificationService _pushNotificationService;
|
|
|
|
|
|
private readonly IPushRegistrationService _pushRegistrationService;
|
2017-08-11 08:57:31 -04:00
|
|
|
|
private readonly IDeviceRepository _deviceRepository;
|
2017-08-14 20:57:45 -04:00
|
|
|
|
private readonly ILicensingService _licensingService;
|
2017-12-01 16:00:30 -05:00
|
|
|
|
private readonly IEventService _eventService;
|
2017-08-15 16:11:08 -04:00
|
|
|
|
private readonly IInstallationRepository _installationRepository;
|
2017-12-19 16:02:39 -05:00
|
|
|
|
private readonly IApplicationCacheService _applicationCacheService;
|
2019-02-08 23:53:09 -05:00
|
|
|
|
private readonly IPaymentService _paymentService;
|
2020-01-15 15:00:54 -05:00
|
|
|
|
private readonly IPolicyRepository _policyRepository;
|
2020-07-22 09:38:39 -04:00
|
|
|
|
private readonly ISsoConfigRepository _ssoConfigRepository;
|
2020-08-26 14:12:04 -04:00
|
|
|
|
private readonly ISsoUserRepository _ssoUserRepository;
|
2020-07-07 12:01:34 -04:00
|
|
|
|
private readonly IReferenceEventService _referenceEventService;
|
2021-09-23 06:36:08 -04:00
|
|
|
|
private readonly IGlobalSettings _globalSettings;
|
2020-12-09 14:04:46 -05:00
|
|
|
|
private readonly ITaxRateRepository _taxRateRepository;
|
2021-07-01 14:31:05 +02:00
|
|
|
|
private readonly ICurrentContext _currentContext;
|
2021-09-23 06:36:08 -04:00
|
|
|
|
private readonly ILogger<OrganizationService> _logger;
|
|
|
|
|
|
|
2017-03-03 00:07:11 -05:00
|
|
|
|
|
|
|
|
|
|
public OrganizationService(
|
|
|
|
|
|
IOrganizationRepository organizationRepository,
|
2017-03-04 21:28:41 -05:00
|
|
|
|
IOrganizationUserRepository organizationUserRepository,
|
2017-04-27 09:19:30 -04:00
|
|
|
|
ICollectionRepository collectionRepository,
|
2017-03-23 00:17:34 -04:00
|
|
|
|
IUserRepository userRepository,
|
2017-05-13 12:00:40 -04:00
|
|
|
|
IGroupRepository groupRepository,
|
2017-03-23 00:17:34 -04:00
|
|
|
|
IDataProtectionProvider dataProtectionProvider,
|
2017-04-21 14:22:32 -04:00
|
|
|
|
IMailService mailService,
|
2017-05-26 22:52:50 -04:00
|
|
|
|
IPushNotificationService pushNotificationService,
|
2017-08-11 08:57:31 -04:00
|
|
|
|
IPushRegistrationService pushRegistrationService,
|
2017-08-14 20:57:45 -04:00
|
|
|
|
IDeviceRepository deviceRepository,
|
|
|
|
|
|
ILicensingService licensingService,
|
2017-12-01 16:00:30 -05:00
|
|
|
|
IEventService eventService,
|
2017-08-15 16:11:08 -04:00
|
|
|
|
IInstallationRepository installationRepository,
|
2017-12-19 16:02:39 -05:00
|
|
|
|
IApplicationCacheService applicationCacheService,
|
2019-02-08 23:53:09 -05:00
|
|
|
|
IPaymentService paymentService,
|
2020-01-15 15:00:54 -05:00
|
|
|
|
IPolicyRepository policyRepository,
|
2020-07-22 09:38:39 -04:00
|
|
|
|
ISsoConfigRepository ssoConfigRepository,
|
2020-08-26 14:12:04 -04:00
|
|
|
|
ISsoUserRepository ssoUserRepository,
|
2020-07-07 12:01:34 -04:00
|
|
|
|
IReferenceEventService referenceEventService,
|
2021-09-23 06:36:08 -04:00
|
|
|
|
IGlobalSettings globalSettings,
|
2021-07-01 14:31:05 +02:00
|
|
|
|
ITaxRateRepository taxRateRepository,
|
2021-09-23 06:36:08 -04:00
|
|
|
|
ICurrentContext currentContext,
|
|
|
|
|
|
ILogger<OrganizationService> logger)
|
2017-03-03 00:07:11 -05:00
|
|
|
|
{
|
|
|
|
|
|
_organizationRepository = organizationRepository;
|
|
|
|
|
|
_organizationUserRepository = organizationUserRepository;
|
2017-04-27 09:19:30 -04:00
|
|
|
|
_collectionRepository = collectionRepository;
|
2017-03-04 21:28:41 -05:00
|
|
|
|
_userRepository = userRepository;
|
2017-05-13 12:00:40 -04:00
|
|
|
|
_groupRepository = groupRepository;
|
2017-03-23 00:17:34 -04:00
|
|
|
|
_dataProtector = dataProtectionProvider.CreateProtector("OrganizationServiceDataProtector");
|
|
|
|
|
|
_mailService = mailService;
|
2017-05-26 22:52:50 -04:00
|
|
|
|
_pushNotificationService = pushNotificationService;
|
|
|
|
|
|
_pushRegistrationService = pushRegistrationService;
|
2017-08-11 08:57:31 -04:00
|
|
|
|
_deviceRepository = deviceRepository;
|
2017-08-14 20:57:45 -04:00
|
|
|
|
_licensingService = licensingService;
|
2017-12-01 16:00:30 -05:00
|
|
|
|
_eventService = eventService;
|
2017-08-15 16:11:08 -04:00
|
|
|
|
_installationRepository = installationRepository;
|
2017-12-19 16:02:39 -05:00
|
|
|
|
_applicationCacheService = applicationCacheService;
|
2019-02-08 23:53:09 -05:00
|
|
|
|
_paymentService = paymentService;
|
2020-01-15 15:00:54 -05:00
|
|
|
|
_policyRepository = policyRepository;
|
2020-07-22 09:38:39 -04:00
|
|
|
|
_ssoConfigRepository = ssoConfigRepository;
|
2020-08-26 14:12:04 -04:00
|
|
|
|
_ssoUserRepository = ssoUserRepository;
|
2020-07-07 12:01:34 -04:00
|
|
|
|
_referenceEventService = referenceEventService;
|
2017-08-14 20:57:45 -04:00
|
|
|
|
_globalSettings = globalSettings;
|
2020-12-09 14:04:46 -05:00
|
|
|
|
_taxRateRepository = taxRateRepository;
|
2021-07-01 14:31:05 +02:00
|
|
|
|
_currentContext = currentContext;
|
2021-09-23 06:36:08 -04:00
|
|
|
|
_logger = logger;
|
2017-03-03 00:07:11 -05:00
|
|
|
|
}
|
|
|
|
|
|
|
2019-02-19 17:13:21 -05:00
|
|
|
|
public async Task ReplacePaymentMethodAsync(Guid organizationId, string paymentToken,
|
2020-06-17 19:49:27 -04:00
|
|
|
|
PaymentMethodType paymentMethodType, TaxInfo taxInfo)
|
2017-04-08 16:41:40 -04:00
|
|
|
|
{
|
2017-12-19 16:02:39 -05:00
|
|
|
|
var organization = await GetOrgById(organizationId);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (organization == null)
|
2017-04-08 16:41:40 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-06-17 19:49:27 -04:00
|
|
|
|
await _paymentService.SaveTaxInfoAsync(organization, taxInfo);
|
2019-02-08 23:53:09 -05:00
|
|
|
|
var updated = await _paymentService.UpdatePaymentMethodAsync(organization,
|
2019-02-26 12:45:34 -05:00
|
|
|
|
paymentMethodType, paymentToken);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (updated)
|
2017-04-08 16:41:40 -04:00
|
|
|
|
{
|
2017-12-19 16:02:39 -05:00
|
|
|
|
await ReplaceAndUpdateCache(organization);
|
2017-04-08 16:41:40 -04:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2018-12-31 13:34:02 -05:00
|
|
|
|
public async Task CancelSubscriptionAsync(Guid organizationId, bool? endOfPeriod = null)
|
2017-04-08 18:15:20 -04:00
|
|
|
|
{
|
2017-12-19 16:02:39 -05:00
|
|
|
|
var organization = await GetOrgById(organizationId);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (organization == null)
|
2017-04-08 18:15:20 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2018-12-31 13:34:02 -05:00
|
|
|
|
var eop = endOfPeriod.GetValueOrDefault(true);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (!endOfPeriod.HasValue && organization.ExpirationDate.HasValue &&
|
2018-12-31 13:34:02 -05:00
|
|
|
|
organization.ExpirationDate.Value < DateTime.UtcNow)
|
|
|
|
|
|
{
|
|
|
|
|
|
eop = false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2019-02-08 23:53:09 -05:00
|
|
|
|
await _paymentService.CancelSubscriptionAsync(organization, eop);
|
2020-07-07 12:01:34 -04:00
|
|
|
|
await _referenceEventService.RaiseEventAsync(
|
|
|
|
|
|
new ReferenceEvent(ReferenceEventType.CancelSubscription, organization)
|
|
|
|
|
|
{
|
|
|
|
|
|
EndOfPeriod = endOfPeriod,
|
|
|
|
|
|
});
|
2017-04-08 18:15:20 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-04-10 18:20:21 -04:00
|
|
|
|
public async Task ReinstateSubscriptionAsync(Guid organizationId)
|
2017-04-10 16:42:53 -04:00
|
|
|
|
{
|
2017-12-19 16:02:39 -05:00
|
|
|
|
var organization = await GetOrgById(organizationId);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (organization == null)
|
2017-04-10 16:42:53 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2019-02-08 23:53:09 -05:00
|
|
|
|
await _paymentService.ReinstateSubscriptionAsync(organization);
|
2020-07-07 12:01:34 -04:00
|
|
|
|
await _referenceEventService.RaiseEventAsync(
|
|
|
|
|
|
new ReferenceEvent(ReferenceEventType.ReinstateSubscription, organization));
|
2017-04-10 16:42:53 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2019-08-09 23:56:26 -04:00
|
|
|
|
public async Task<Tuple<bool, string>> UpgradePlanAsync(Guid organizationId, OrganizationUpgrade upgrade)
|
2017-04-10 09:36:21 -04:00
|
|
|
|
{
|
2017-12-19 16:02:39 -05:00
|
|
|
|
var organization = await GetOrgById(organizationId);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (organization == null)
|
2017-04-10 09:36:21 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (string.IsNullOrWhiteSpace(organization.GatewayCustomerId))
|
2017-04-10 09:36:21 -04:00
|
|
|
|
{
|
2019-03-21 21:36:03 -04:00
|
|
|
|
throw new BadRequestException("Your account has no payment method available.");
|
2017-04-10 09:36:21 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var existingPlan = StaticStore.Plans.FirstOrDefault(p => p.Type == organization.PlanType);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (existingPlan == null)
|
2017-04-10 09:36:21 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Existing plan not found.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2019-03-21 21:36:03 -04:00
|
|
|
|
var newPlan = StaticStore.Plans.FirstOrDefault(p => p.Type == upgrade.Plan && !p.Disabled);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (newPlan == null)
|
2017-04-10 09:36:21 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Plan not found.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (existingPlan.Type == newPlan.Type)
|
2017-04-10 09:36:21 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Organization is already on this plan.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (existingPlan.UpgradeSortOrder >= newPlan.UpgradeSortOrder)
|
2017-04-10 09:36:21 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("You cannot upgrade to this plan.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (existingPlan.Type != PlanType.Free)
|
2017-04-10 09:36:21 -04:00
|
|
|
|
{
|
2019-03-21 21:36:03 -04:00
|
|
|
|
throw new BadRequestException("You can only upgrade from the free plan. Contact support.");
|
2017-04-10 09:36:21 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2019-03-21 21:36:03 -04:00
|
|
|
|
ValidateOrganizationUpgradeParameters(newPlan, upgrade);
|
2017-04-10 09:36:21 -04:00
|
|
|
|
|
2019-03-21 21:36:03 -04:00
|
|
|
|
var newPlanSeats = (short)(newPlan.BaseSeats +
|
2020-08-11 14:19:56 -04:00
|
|
|
|
(newPlan.HasAdditionalSeatsOption ? upgrade.AdditionalSeats : 0));
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (!organization.Seats.HasValue || organization.Seats.Value > newPlanSeats)
|
2017-04-10 09:36:21 -04:00
|
|
|
|
{
|
|
|
|
|
|
var userCount = await _organizationUserRepository.GetCountByOrganizationIdAsync(organization.Id);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (userCount > newPlanSeats)
|
2017-04-10 09:36:21 -04:00
|
|
|
|
{
|
2019-03-21 21:36:03 -04:00
|
|
|
|
throw new BadRequestException($"Your organization currently has {userCount} seats filled. " +
|
|
|
|
|
|
$"Your new plan only has ({newPlanSeats}) seats. Remove some users.");
|
2017-04-10 09:36:21 -04:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (newPlan.MaxCollections.HasValue && (!organization.MaxCollections.HasValue ||
|
2019-03-21 21:36:03 -04:00
|
|
|
|
organization.MaxCollections.Value > newPlan.MaxCollections.Value))
|
2017-04-10 09:36:21 -04:00
|
|
|
|
{
|
2017-04-27 09:19:30 -04:00
|
|
|
|
var collectionCount = await _collectionRepository.GetCountByOrganizationIdAsync(organization.Id);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (collectionCount > newPlan.MaxCollections.Value)
|
2017-04-10 09:36:21 -04:00
|
|
|
|
{
|
2017-04-27 09:19:30 -04:00
|
|
|
|
throw new BadRequestException($"Your organization currently has {collectionCount} collections. " +
|
|
|
|
|
|
$"Your new plan allows for a maximum of ({newPlan.MaxCollections.Value}) collections. " +
|
|
|
|
|
|
"Remove some collections.");
|
2017-04-10 09:36:21 -04:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-08-11 14:19:56 -04:00
|
|
|
|
if (!newPlan.HasGroups && organization.UseGroups)
|
2017-04-10 09:36:21 -04:00
|
|
|
|
{
|
2019-03-21 21:36:03 -04:00
|
|
|
|
var groups = await _groupRepository.GetManyByOrganizationIdAsync(organization.Id);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (groups.Any())
|
2017-05-08 14:40:04 -04:00
|
|
|
|
{
|
2019-03-21 21:36:03 -04:00
|
|
|
|
throw new BadRequestException($"Your new plan does not allow the groups feature. " +
|
|
|
|
|
|
$"Remove your groups.");
|
2017-05-08 14:40:04 -04:00
|
|
|
|
}
|
2019-03-21 21:36:03 -04:00
|
|
|
|
}
|
2017-05-08 14:40:04 -04:00
|
|
|
|
|
2020-08-11 14:19:56 -04:00
|
|
|
|
if (!newPlan.HasPolicies && organization.UsePolicies)
|
2020-01-15 15:00:54 -05:00
|
|
|
|
{
|
|
|
|
|
|
var policies = await _policyRepository.GetManyByOrganizationIdAsync(organization.Id);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (policies.Any(p => p.Enabled))
|
2020-01-15 15:00:54 -05:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException($"Your new plan does not allow the policies feature. " +
|
|
|
|
|
|
$"Disable your policies.");
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2020-08-11 14:19:56 -04:00
|
|
|
|
|
|
|
|
|
|
if (!newPlan.HasSso && organization.UseSso)
|
2020-07-22 09:38:39 -04:00
|
|
|
|
{
|
|
|
|
|
|
var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(organization.Id);
|
|
|
|
|
|
if (ssoConfig != null && ssoConfig.Enabled)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException($"Your new plan does not allow the SSO feature. " +
|
|
|
|
|
|
$"Disable your SSO configuration.");
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2021-09-23 06:36:08 -04:00
|
|
|
|
|
2021-11-17 11:46:35 +01:00
|
|
|
|
if (!newPlan.HasKeyConnector && organization.UseKeyConnector)
|
|
|
|
|
|
{
|
|
|
|
|
|
var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(organization.Id);
|
|
|
|
|
|
if (ssoConfig != null && ssoConfig.GetData().KeyConnectorEnabled)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Your new plan does not allow the Key Connector feature. " +
|
|
|
|
|
|
"Disable your Key Connector.");
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-05-12 14:47:00 -05:00
|
|
|
|
if (!newPlan.HasResetPassword && organization.UseResetPassword)
|
|
|
|
|
|
{
|
|
|
|
|
|
var resetPasswordPolicy =
|
|
|
|
|
|
await _policyRepository.GetByOrganizationIdTypeAsync(organization.Id, PolicyType.ResetPassword);
|
|
|
|
|
|
if (resetPasswordPolicy != null && resetPasswordPolicy.Enabled)
|
|
|
|
|
|
{
|
2021-09-23 06:36:08 -04:00
|
|
|
|
throw new BadRequestException("Your new plan does not allow the Password Reset feature. " +
|
2021-05-12 14:47:00 -05:00
|
|
|
|
"Disable your Password Reset policy.");
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2020-01-15 15:00:54 -05:00
|
|
|
|
|
2019-03-21 21:36:03 -04:00
|
|
|
|
// TODO: Check storage?
|
2017-04-10 09:36:21 -04:00
|
|
|
|
|
2019-08-09 23:56:26 -04:00
|
|
|
|
string paymentIntentClientSecret = null;
|
|
|
|
|
|
var success = true;
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (string.IsNullOrWhiteSpace(organization.GatewaySubscriptionId))
|
2019-03-21 21:36:03 -04:00
|
|
|
|
{
|
2019-08-09 23:56:26 -04:00
|
|
|
|
paymentIntentClientSecret = await _paymentService.UpgradeFreeOrganizationAsync(organization, newPlan,
|
2020-12-04 12:05:16 -05:00
|
|
|
|
upgrade.AdditionalStorageGb, upgrade.AdditionalSeats, upgrade.PremiumAccessAddon, upgrade.TaxInfo);
|
2019-08-09 23:56:26 -04:00
|
|
|
|
success = string.IsNullOrWhiteSpace(paymentIntentClientSecret);
|
2017-04-10 09:36:21 -04:00
|
|
|
|
}
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
2019-03-21 21:36:03 -04:00
|
|
|
|
// TODO: Update existing sub
|
|
|
|
|
|
throw new BadRequestException("You can only upgrade from the free plan. Contact support.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
organization.BusinessName = upgrade.BusinessName;
|
|
|
|
|
|
organization.PlanType = newPlan.Type;
|
|
|
|
|
|
organization.Seats = (short)(newPlan.BaseSeats + upgrade.AdditionalSeats);
|
|
|
|
|
|
organization.MaxCollections = newPlan.MaxCollections;
|
2020-08-11 14:19:56 -04:00
|
|
|
|
organization.UseGroups = newPlan.HasGroups;
|
|
|
|
|
|
organization.UseDirectory = newPlan.HasDirectory;
|
|
|
|
|
|
organization.UseEvents = newPlan.HasEvents;
|
|
|
|
|
|
organization.UseTotp = newPlan.HasTotp;
|
|
|
|
|
|
organization.Use2fa = newPlan.Has2fa;
|
|
|
|
|
|
organization.UseApi = newPlan.HasApi;
|
|
|
|
|
|
organization.SelfHost = newPlan.HasSelfHost;
|
|
|
|
|
|
organization.UsePolicies = newPlan.HasPolicies;
|
2020-09-18 14:10:30 -04:00
|
|
|
|
organization.MaxStorageGb = !newPlan.BaseStorageGb.HasValue ?
|
|
|
|
|
|
(short?)null : (short)(newPlan.BaseStorageGb.Value + upgrade.AdditionalStorageGb);
|
2020-08-11 14:19:56 -04:00
|
|
|
|
organization.UseGroups = newPlan.HasGroups;
|
|
|
|
|
|
organization.UseDirectory = newPlan.HasDirectory;
|
|
|
|
|
|
organization.UseEvents = newPlan.HasEvents;
|
|
|
|
|
|
organization.UseTotp = newPlan.HasTotp;
|
|
|
|
|
|
organization.Use2fa = newPlan.Has2fa;
|
|
|
|
|
|
organization.UseApi = newPlan.HasApi;
|
2020-10-07 15:03:47 -04:00
|
|
|
|
organization.UseSso = newPlan.HasSso;
|
2021-11-17 11:46:35 +01:00
|
|
|
|
organization.UseKeyConnector = newPlan.HasKeyConnector;
|
2021-05-06 14:53:12 -05:00
|
|
|
|
organization.UseResetPassword = newPlan.HasResetPassword;
|
2020-08-11 14:19:56 -04:00
|
|
|
|
organization.SelfHost = newPlan.HasSelfHost;
|
2019-03-21 21:36:03 -04:00
|
|
|
|
organization.UsersGetPremium = newPlan.UsersGetPremium || upgrade.PremiumAccessAddon;
|
|
|
|
|
|
organization.Plan = newPlan.Name;
|
2019-08-09 23:56:26 -04:00
|
|
|
|
organization.Enabled = success;
|
2021-05-06 14:53:12 -05:00
|
|
|
|
organization.PublicKey = upgrade.PublicKey;
|
|
|
|
|
|
organization.PrivateKey = upgrade.PrivateKey;
|
2019-03-21 21:36:03 -04:00
|
|
|
|
await ReplaceAndUpdateCache(organization);
|
2020-07-07 12:01:34 -04:00
|
|
|
|
if (success)
|
|
|
|
|
|
{
|
|
|
|
|
|
await _referenceEventService.RaiseEventAsync(
|
|
|
|
|
|
new ReferenceEvent(ReferenceEventType.UpgradePlan, organization)
|
|
|
|
|
|
{
|
|
|
|
|
|
PlanName = newPlan.Name,
|
|
|
|
|
|
PlanType = newPlan.Type,
|
2021-08-10 14:38:58 -04:00
|
|
|
|
OldPlanName = existingPlan.Name,
|
|
|
|
|
|
OldPlanType = existingPlan.Type,
|
2020-07-07 12:01:34 -04:00
|
|
|
|
Seats = organization.Seats,
|
|
|
|
|
|
Storage = organization.MaxStorageGb,
|
|
|
|
|
|
});
|
|
|
|
|
|
}
|
2019-08-09 23:56:26 -04:00
|
|
|
|
|
|
|
|
|
|
return new Tuple<bool, string>(success, paymentIntentClientSecret);
|
2017-04-10 09:36:21 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2019-08-10 12:59:32 -04:00
|
|
|
|
public async Task<string> AdjustStorageAsync(Guid organizationId, short storageAdjustmentGb)
|
2017-07-11 10:59:59 -04:00
|
|
|
|
{
|
2017-12-19 16:02:39 -05:00
|
|
|
|
var organization = await GetOrgById(organizationId);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (organization == null)
|
2017-07-11 10:59:59 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var plan = StaticStore.Plans.FirstOrDefault(p => p.Type == organization.PlanType);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (plan == null)
|
2017-07-11 10:59:59 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Existing plan not found.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-08-11 14:19:56 -04:00
|
|
|
|
if (!plan.HasAdditionalStorageOption)
|
2017-07-11 10:59:59 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Plan does not allow additional storage.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2019-08-10 12:59:32 -04:00
|
|
|
|
var secret = await BillingHelpers.AdjustStorageAsync(_paymentService, organization, storageAdjustmentGb,
|
2018-11-20 22:02:09 -05:00
|
|
|
|
plan.StripeStoragePlanId);
|
2020-07-07 12:01:34 -04:00
|
|
|
|
await _referenceEventService.RaiseEventAsync(
|
|
|
|
|
|
new ReferenceEvent(ReferenceEventType.AdjustStorage, organization)
|
|
|
|
|
|
{
|
|
|
|
|
|
PlanName = plan.Name,
|
|
|
|
|
|
PlanType = plan.Type,
|
|
|
|
|
|
Storage = storageAdjustmentGb,
|
|
|
|
|
|
});
|
2017-12-19 16:02:39 -05:00
|
|
|
|
await ReplaceAndUpdateCache(organization);
|
2019-08-10 12:59:32 -04:00
|
|
|
|
return secret;
|
2017-07-11 10:59:59 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-09-23 06:36:08 -04:00
|
|
|
|
public async Task UpdateSubscription(Guid organizationId, int seatAdjustment, int? maxAutoscaleSeats)
|
|
|
|
|
|
{
|
|
|
|
|
|
var organization = await GetOrgById(organizationId);
|
|
|
|
|
|
if (organization == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var newSeatCount = organization.Seats + seatAdjustment;
|
|
|
|
|
|
if (maxAutoscaleSeats.HasValue && newSeatCount > maxAutoscaleSeats.Value)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Cannot set max seat autoscaling below seat count.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (seatAdjustment != 0)
|
|
|
|
|
|
{
|
|
|
|
|
|
await AdjustSeatsAsync(organization, seatAdjustment);
|
|
|
|
|
|
}
|
|
|
|
|
|
if (maxAutoscaleSeats != organization.MaxAutoscaleSeats)
|
|
|
|
|
|
{
|
|
|
|
|
|
await UpdateAutoscalingAsync(organization, maxAutoscaleSeats);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private async Task UpdateAutoscalingAsync(Organization organization, int? maxAutoscaleSeats)
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
|
|
if (maxAutoscaleSeats.HasValue &&
|
|
|
|
|
|
organization.Seats.HasValue &&
|
|
|
|
|
|
maxAutoscaleSeats.Value < organization.Seats.Value)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException($"Cannot set max seat autoscaling below current seat count.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var plan = StaticStore.Plans.FirstOrDefault(p => p.Type == organization.PlanType);
|
|
|
|
|
|
if (plan == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Existing plan not found.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (!plan.AllowSeatAutoscale)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Your plan does not allow seat autoscaling.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (plan.MaxUsers.HasValue && maxAutoscaleSeats.HasValue &&
|
|
|
|
|
|
maxAutoscaleSeats > plan.MaxUsers)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException(string.Concat($"Your plan has a seat limit of {plan.MaxUsers}, ",
|
|
|
|
|
|
$"but you have specified a max autoscale count of {maxAutoscaleSeats}.",
|
|
|
|
|
|
"Reduce your max autoscale seat count."));
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
organization.MaxAutoscaleSeats = maxAutoscaleSeats;
|
|
|
|
|
|
|
|
|
|
|
|
await ReplaceAndUpdateCache(organization);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public async Task<string> AdjustSeatsAsync(Guid organizationId, int seatAdjustment, DateTime? prorationDate = null)
|
2017-04-10 09:36:21 -04:00
|
|
|
|
{
|
2017-12-19 16:02:39 -05:00
|
|
|
|
var organization = await GetOrgById(organizationId);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (organization == null)
|
2017-04-10 09:36:21 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-09-23 06:36:08 -04:00
|
|
|
|
return await AdjustSeatsAsync(organization, seatAdjustment, prorationDate);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private async Task<string> AdjustSeatsAsync(Organization organization, int seatAdjustment, DateTime? prorationDate = null, IEnumerable<string> ownerEmails = null)
|
|
|
|
|
|
{
|
2021-09-14 09:18:06 -04:00
|
|
|
|
if (organization.Seats == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Organization has no seat limit, no need to adjust seats");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (string.IsNullOrWhiteSpace(organization.GatewayCustomerId))
|
2017-04-10 09:36:21 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("No payment method found.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (string.IsNullOrWhiteSpace(organization.GatewaySubscriptionId))
|
2017-04-10 09:36:21 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("No subscription found.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var plan = StaticStore.Plans.FirstOrDefault(p => p.Type == organization.PlanType);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (plan == null)
|
2017-04-10 09:36:21 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Existing plan not found.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-08-11 14:19:56 -04:00
|
|
|
|
if (!plan.HasAdditionalSeatsOption)
|
2017-04-10 09:36:21 -04:00
|
|
|
|
{
|
2017-04-10 10:44:27 -04:00
|
|
|
|
throw new BadRequestException("Plan does not allow additional seats.");
|
2017-04-10 09:36:21 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-09-14 09:18:06 -04:00
|
|
|
|
var newSeatTotal = organization.Seats.Value + seatAdjustment;
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (plan.BaseSeats > newSeatTotal)
|
2017-04-10 11:49:53 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException($"Plan has a minimum of {plan.BaseSeats} seats.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (newSeatTotal <= 0)
|
2017-05-20 15:33:17 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("You must have at least 1 seat.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-04-10 11:49:53 -04:00
|
|
|
|
var additionalSeats = newSeatTotal - plan.BaseSeats;
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (plan.MaxAdditionalSeats.HasValue && additionalSeats > plan.MaxAdditionalSeats.Value)
|
2017-04-10 09:36:21 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException($"Organization plan allows a maximum of " +
|
2017-04-10 10:44:27 -04:00
|
|
|
|
$"{plan.MaxAdditionalSeats.Value} additional seats.");
|
2017-04-10 09:36:21 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (!organization.Seats.HasValue || organization.Seats.Value > newSeatTotal)
|
2017-04-10 09:36:21 -04:00
|
|
|
|
{
|
|
|
|
|
|
var userCount = await _organizationUserRepository.GetCountByOrganizationIdAsync(organization.Id);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (userCount > newSeatTotal)
|
2017-04-10 09:36:21 -04:00
|
|
|
|
{
|
2019-05-14 11:16:30 -04:00
|
|
|
|
throw new BadRequestException($"Your organization currently has {userCount} seats filled. " +
|
|
|
|
|
|
$"Your new plan only has ({newSeatTotal}) seats. Remove some users.");
|
2017-04-10 09:36:21 -04:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-10-19 07:00:44 -05:00
|
|
|
|
var paymentIntentClientSecret = await _paymentService.AdjustSeatsAsync(organization, plan, additionalSeats, prorationDate);
|
2020-07-07 12:01:34 -04:00
|
|
|
|
await _referenceEventService.RaiseEventAsync(
|
|
|
|
|
|
new ReferenceEvent(ReferenceEventType.AdjustSeats, organization)
|
|
|
|
|
|
{
|
|
|
|
|
|
PlanName = plan.Name,
|
|
|
|
|
|
PlanType = plan.Type,
|
2021-08-10 14:38:58 -04:00
|
|
|
|
Seats = newSeatTotal,
|
|
|
|
|
|
PreviousSeats = organization.Seats
|
2020-07-07 12:01:34 -04:00
|
|
|
|
});
|
2021-08-10 14:38:58 -04:00
|
|
|
|
organization.Seats = (short?)newSeatTotal;
|
2017-12-19 16:02:39 -05:00
|
|
|
|
await ReplaceAndUpdateCache(organization);
|
2021-09-23 06:36:08 -04:00
|
|
|
|
|
|
|
|
|
|
if (organization.Seats.HasValue && organization.MaxAutoscaleSeats.HasValue && organization.Seats == organization.MaxAutoscaleSeats)
|
|
|
|
|
|
{
|
|
|
|
|
|
try
|
|
|
|
|
|
{
|
|
|
|
|
|
if (ownerEmails == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
ownerEmails = (await _organizationUserRepository.GetManyByMinimumRoleAsync(organization.Id,
|
|
|
|
|
|
OrganizationUserType.Owner)).Select(u => u.Email).Distinct();
|
|
|
|
|
|
}
|
|
|
|
|
|
await _mailService.SendOrganizationMaxSeatLimitReachedEmailAsync(organization, organization.MaxAutoscaleSeats.Value, ownerEmails);
|
|
|
|
|
|
}
|
|
|
|
|
|
catch (Exception e)
|
|
|
|
|
|
{
|
|
|
|
|
|
_logger.LogError(e, "Error encountered notifying organization owners of seat limit reached.");
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2019-08-12 10:03:50 -04:00
|
|
|
|
return paymentIntentClientSecret;
|
2017-04-11 10:00:36 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-08-14 09:23:54 -04:00
|
|
|
|
public async Task VerifyBankAsync(Guid organizationId, int amount1, int amount2)
|
|
|
|
|
|
{
|
2017-12-19 16:02:39 -05:00
|
|
|
|
var organization = await GetOrgById(organizationId);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (organization == null)
|
2017-08-14 09:23:54 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (string.IsNullOrWhiteSpace(organization.GatewayCustomerId))
|
2017-08-14 09:23:54 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new GatewayException("Not a gateway customer.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var bankService = new BankAccountService();
|
2019-01-29 14:41:37 -05:00
|
|
|
|
var customerService = new CustomerService();
|
2017-08-14 09:23:54 -04:00
|
|
|
|
var customer = await customerService.GetAsync(organization.GatewayCustomerId);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (customer == null)
|
2017-08-14 09:23:54 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new GatewayException("Cannot find customer.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var bankAccount = customer.Sources
|
2019-01-29 14:41:37 -05:00
|
|
|
|
.FirstOrDefault(s => s is BankAccount && ((BankAccount)s).Status != "verified") as BankAccount;
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (bankAccount == null)
|
2017-08-14 09:23:54 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new GatewayException("Cannot find an unverified bank account.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
try
|
|
|
|
|
|
{
|
|
|
|
|
|
var result = await bankService.VerifyAsync(organization.GatewayCustomerId, bankAccount.Id,
|
2019-01-29 14:41:37 -05:00
|
|
|
|
new BankAccountVerifyOptions { Amounts = new List<long> { amount1, amount2 } });
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (result.Status != "verified")
|
2017-08-14 09:23:54 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new GatewayException("Unable to verify account.");
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2020-03-27 14:36:37 -04:00
|
|
|
|
catch (StripeException e)
|
2017-08-14 09:23:54 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new GatewayException(e.Message);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-07-08 17:05:32 +02:00
|
|
|
|
public async Task<Tuple<Organization, OrganizationUser>> SignUpAsync(OrganizationSignup signup,
|
|
|
|
|
|
bool provider = false)
|
2017-03-03 00:07:11 -05:00
|
|
|
|
{
|
2021-07-08 17:05:32 +02:00
|
|
|
|
var plan = StaticStore.Plans.FirstOrDefault(p => p.Type == signup.Plan);
|
2021-09-23 06:36:08 -04:00
|
|
|
|
if (!(plan is { LegacyYear: null }))
|
2021-07-08 17:05:32 +02:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Invalid plan selected.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (plan.Disabled)
|
2017-03-03 00:07:11 -05:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Plan not found.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-07-08 17:05:32 +02:00
|
|
|
|
if (!provider)
|
|
|
|
|
|
{
|
|
|
|
|
|
await ValidateSignUpPoliciesAsync(signup.Owner.Id);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2019-03-21 21:36:03 -04:00
|
|
|
|
ValidateOrganizationUpgradeParameters(plan, signup);
|
2017-04-08 10:52:10 -04:00
|
|
|
|
|
2017-03-03 00:07:11 -05:00
|
|
|
|
var organization = new Organization
|
|
|
|
|
|
{
|
2019-01-31 14:25:46 -05:00
|
|
|
|
// Pre-generate the org id so that we can save it with the Stripe subscription..
|
|
|
|
|
|
Id = CoreHelpers.GenerateComb(),
|
2017-03-04 21:28:41 -05:00
|
|
|
|
Name = signup.Name,
|
2017-04-04 12:57:50 -04:00
|
|
|
|
BillingEmail = signup.BillingEmail,
|
|
|
|
|
|
BusinessName = signup.BusinessName,
|
2017-03-03 00:07:11 -05:00
|
|
|
|
PlanType = plan.Type,
|
2017-04-10 10:44:27 -04:00
|
|
|
|
Seats = (short)(plan.BaseSeats + signup.AdditionalSeats),
|
2017-04-27 09:19:30 -04:00
|
|
|
|
MaxCollections = plan.MaxCollections,
|
2020-08-11 14:19:56 -04:00
|
|
|
|
MaxStorageGb = !plan.BaseStorageGb.HasValue ?
|
|
|
|
|
|
(short?)null : (short)(plan.BaseStorageGb.Value + signup.AdditionalStorageGb),
|
|
|
|
|
|
UsePolicies = plan.HasPolicies,
|
|
|
|
|
|
UseSso = plan.HasSso,
|
|
|
|
|
|
UseGroups = plan.HasGroups,
|
|
|
|
|
|
UseEvents = plan.HasEvents,
|
|
|
|
|
|
UseDirectory = plan.HasDirectory,
|
|
|
|
|
|
UseTotp = plan.HasTotp,
|
|
|
|
|
|
Use2fa = plan.Has2fa,
|
|
|
|
|
|
UseApi = plan.HasApi,
|
2021-05-06 14:53:12 -05:00
|
|
|
|
UseResetPassword = plan.HasResetPassword,
|
2020-08-11 14:19:56 -04:00
|
|
|
|
SelfHost = plan.HasSelfHost,
|
2018-11-20 22:02:09 -05:00
|
|
|
|
UsersGetPremium = plan.UsersGetPremium || signup.PremiumAccessAddon,
|
2017-04-08 16:41:40 -04:00
|
|
|
|
Plan = plan.Name,
|
2019-01-31 14:25:46 -05:00
|
|
|
|
Gateway = null,
|
2020-07-20 15:19:46 -04:00
|
|
|
|
ReferenceData = signup.Owner.ReferenceData,
|
2017-05-20 15:31:16 -04:00
|
|
|
|
Enabled = true,
|
2017-08-14 10:20:25 -04:00
|
|
|
|
LicenseKey = CoreHelpers.SecureRandomString(20),
|
2019-03-02 15:09:33 -05:00
|
|
|
|
ApiKey = CoreHelpers.SecureRandomString(30),
|
2021-05-06 14:53:12 -05:00
|
|
|
|
PublicKey = signup.PublicKey,
|
|
|
|
|
|
PrivateKey = signup.PrivateKey,
|
2017-03-03 00:07:11 -05:00
|
|
|
|
CreationDate = DateTime.UtcNow,
|
2020-06-25 12:28:22 -04:00
|
|
|
|
RevisionDate = DateTime.UtcNow,
|
2017-03-03 00:07:11 -05:00
|
|
|
|
};
|
|
|
|
|
|
|
2021-07-08 17:05:32 +02:00
|
|
|
|
if (plan.Type == PlanType.Free && !provider)
|
2019-01-31 14:25:46 -05:00
|
|
|
|
{
|
|
|
|
|
|
var adminCount =
|
|
|
|
|
|
await _organizationUserRepository.GetCountByFreeOrganizationAdminUserAsync(signup.Owner.Id);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (adminCount > 0)
|
2019-01-31 14:25:46 -05:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("You can only be an admin of one free organization.");
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2021-07-08 17:05:32 +02:00
|
|
|
|
else if (plan.Type != PlanType.Free)
|
2019-01-31 14:25:46 -05:00
|
|
|
|
{
|
2019-02-19 17:13:21 -05:00
|
|
|
|
await _paymentService.PurchaseOrganizationAsync(organization, signup.PaymentMethodType.Value,
|
2019-01-31 14:25:46 -05:00
|
|
|
|
signup.PaymentToken, plan, signup.AdditionalStorageGb, signup.AdditionalSeats,
|
2020-06-08 17:40:18 -04:00
|
|
|
|
signup.PremiumAccessAddon, signup.TaxInfo);
|
2019-01-31 14:25:46 -05:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-07-08 17:05:32 +02:00
|
|
|
|
var ownerId = provider ? default : signup.Owner.Id;
|
|
|
|
|
|
var returnValue = await SignUpAsync(organization, ownerId, signup.OwnerKey, signup.CollectionName, true);
|
2020-07-07 12:01:34 -04:00
|
|
|
|
await _referenceEventService.RaiseEventAsync(
|
|
|
|
|
|
new ReferenceEvent(ReferenceEventType.Signup, organization)
|
|
|
|
|
|
{
|
|
|
|
|
|
PlanName = plan.Name,
|
|
|
|
|
|
PlanType = plan.Type,
|
|
|
|
|
|
Seats = returnValue.Item1.Seats,
|
|
|
|
|
|
Storage = returnValue.Item1.MaxStorageGb,
|
|
|
|
|
|
});
|
|
|
|
|
|
return returnValue;
|
2017-08-14 20:57:45 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-06-30 09:21:41 +02:00
|
|
|
|
private async Task ValidateSignUpPoliciesAsync(Guid ownerId)
|
|
|
|
|
|
{
|
2021-09-28 06:54:28 +10:00
|
|
|
|
var singleOrgPolicyCount = await _policyRepository.GetCountByTypeApplicableToUserIdAsync(ownerId, PolicyType.SingleOrg);
|
|
|
|
|
|
if (singleOrgPolicyCount > 0)
|
2021-06-30 09:21:41 +02:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("You may not create an organization. You belong to an organization " +
|
|
|
|
|
|
"which has a policy that prohibits you from being a member of any other organization.");
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-08-14 20:57:45 -04:00
|
|
|
|
public async Task<Tuple<Organization, OrganizationUser>> SignUpAsync(
|
2021-05-06 14:53:12 -05:00
|
|
|
|
OrganizationLicense license, User owner, string ownerKey, string collectionName, string publicKey,
|
|
|
|
|
|
string privateKey)
|
2017-08-14 20:57:45 -04:00
|
|
|
|
{
|
2022-02-07 09:43:00 +01:00
|
|
|
|
if (license?.LicenseType != null && license.LicenseType != LicenseType.Organization)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Premium licenses cannot be applied to an organization. "
|
|
|
|
|
|
+ "Upload this license from your personal account settings page.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (license == null || !_licensingService.VerifyLicense(license))
|
2017-08-14 20:57:45 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Invalid license.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (!license.CanUse(_globalSettings))
|
2017-08-16 15:43:11 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Invalid license. Make sure your license allows for on-premise " +
|
2017-08-16 15:45:38 -04:00
|
|
|
|
"hosting of organizations and that the installation id matches your current installation.");
|
2017-08-16 15:43:11 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (license.PlanType != PlanType.Custom &&
|
2017-10-04 16:07:34 -04:00
|
|
|
|
StaticStore.Plans.FirstOrDefault(p => p.Type == license.PlanType && !p.Disabled) == null)
|
2017-08-14 20:57:45 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Plan not found.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-11-06 08:12:36 -05:00
|
|
|
|
var enabledOrgs = await _organizationRepository.GetManyByEnabledAsync();
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (enabledOrgs.Any(o => o.LicenseKey.Equals(license.LicenseKey)))
|
2017-11-06 08:12:36 -05:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("License is already in use by another organization.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-06-30 09:21:41 +02:00
|
|
|
|
await ValidateSignUpPoliciesAsync(owner.Id);
|
|
|
|
|
|
|
2017-08-14 20:57:45 -04:00
|
|
|
|
var organization = new Organization
|
|
|
|
|
|
{
|
|
|
|
|
|
Name = license.Name,
|
2017-08-16 13:58:52 -04:00
|
|
|
|
BillingEmail = license.BillingEmail,
|
|
|
|
|
|
BusinessName = license.BusinessName,
|
2017-08-14 20:57:45 -04:00
|
|
|
|
PlanType = license.PlanType,
|
|
|
|
|
|
Seats = license.Seats,
|
|
|
|
|
|
MaxCollections = license.MaxCollections,
|
2017-08-16 13:58:52 -04:00
|
|
|
|
MaxStorageGb = _globalSettings.SelfHosted ? 10240 : license.MaxStorageGb, // 10 TB
|
2020-01-15 15:00:54 -05:00
|
|
|
|
UsePolicies = license.UsePolicies,
|
2020-07-22 09:38:39 -04:00
|
|
|
|
UseSso = license.UseSso,
|
2021-11-17 11:46:35 +01:00
|
|
|
|
UseKeyConnector = license.UseKeyConnector,
|
2017-08-14 20:57:45 -04:00
|
|
|
|
UseGroups = license.UseGroups,
|
|
|
|
|
|
UseDirectory = license.UseDirectory,
|
2017-12-14 15:48:44 -05:00
|
|
|
|
UseEvents = license.UseEvents,
|
2017-08-14 20:57:45 -04:00
|
|
|
|
UseTotp = license.UseTotp,
|
2018-04-02 14:53:19 -04:00
|
|
|
|
Use2fa = license.Use2fa,
|
2019-03-02 15:09:33 -05:00
|
|
|
|
UseApi = license.UseApi,
|
2021-05-06 14:53:12 -05:00
|
|
|
|
UseResetPassword = license.UseResetPassword,
|
2017-08-14 20:57:45 -04:00
|
|
|
|
Plan = license.Plan,
|
2017-08-15 16:11:08 -04:00
|
|
|
|
SelfHost = license.SelfHost,
|
2017-11-06 16:01:58 -05:00
|
|
|
|
UsersGetPremium = license.UsersGetPremium,
|
2017-08-14 20:57:45 -04:00
|
|
|
|
Gateway = null,
|
|
|
|
|
|
GatewayCustomerId = null,
|
|
|
|
|
|
GatewaySubscriptionId = null,
|
2020-07-20 15:19:46 -04:00
|
|
|
|
ReferenceData = owner.ReferenceData,
|
2017-08-16 13:58:52 -04:00
|
|
|
|
Enabled = license.Enabled,
|
2017-08-14 20:57:45 -04:00
|
|
|
|
ExpirationDate = license.Expires,
|
|
|
|
|
|
LicenseKey = license.LicenseKey,
|
2019-03-02 15:09:33 -05:00
|
|
|
|
ApiKey = CoreHelpers.SecureRandomString(30),
|
2021-05-06 14:53:12 -05:00
|
|
|
|
PublicKey = publicKey,
|
|
|
|
|
|
PrivateKey = privateKey,
|
2017-08-14 20:57:45 -04:00
|
|
|
|
CreationDate = DateTime.UtcNow,
|
|
|
|
|
|
RevisionDate = DateTime.UtcNow
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2017-08-30 21:25:46 -04:00
|
|
|
|
var result = await SignUpAsync(organization, owner.Id, ownerKey, collectionName, false);
|
2017-08-16 15:43:11 -04:00
|
|
|
|
|
|
|
|
|
|
var dir = $"{_globalSettings.LicenseDirectory}/organization";
|
|
|
|
|
|
Directory.CreateDirectory(dir);
|
2022-01-21 09:36:25 -05:00
|
|
|
|
using var fs = System.IO.File.OpenWrite(Path.Combine(dir, $"{organization.Id}.json"));
|
|
|
|
|
|
await JsonSerializer.SerializeAsync(fs, license, JsonHelpers.Indented);
|
2017-08-16 15:43:11 -04:00
|
|
|
|
return result;
|
2017-08-14 20:57:45 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private async Task<Tuple<Organization, OrganizationUser>> SignUpAsync(Organization organization,
|
2017-08-30 21:25:46 -04:00
|
|
|
|
Guid ownerId, string ownerKey, string collectionName, bool withPayment)
|
2017-08-14 20:57:45 -04:00
|
|
|
|
{
|
2017-03-03 00:07:11 -05:00
|
|
|
|
try
|
|
|
|
|
|
{
|
2017-04-04 12:57:50 -04:00
|
|
|
|
await _organizationRepository.CreateAsync(organization);
|
2017-12-19 16:02:39 -05:00
|
|
|
|
await _applicationCacheService.UpsertOrganizationAbilityAsync(organization);
|
2017-04-04 12:57:50 -04:00
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (!string.IsNullOrWhiteSpace(collectionName))
|
2017-08-30 21:08:05 -04:00
|
|
|
|
{
|
2017-08-30 21:25:46 -04:00
|
|
|
|
var defaultCollection = new Collection
|
|
|
|
|
|
{
|
|
|
|
|
|
Name = collectionName,
|
|
|
|
|
|
OrganizationId = organization.Id,
|
|
|
|
|
|
CreationDate = organization.CreationDate,
|
|
|
|
|
|
RevisionDate = organization.CreationDate
|
|
|
|
|
|
};
|
|
|
|
|
|
await _collectionRepository.CreateAsync(defaultCollection);
|
|
|
|
|
|
}
|
2017-08-30 21:08:05 -04:00
|
|
|
|
|
2021-07-08 17:05:32 +02:00
|
|
|
|
OrganizationUser orgUser = null;
|
|
|
|
|
|
if (ownerId != default)
|
|
|
|
|
|
{
|
|
|
|
|
|
orgUser = new OrganizationUser
|
|
|
|
|
|
{
|
|
|
|
|
|
OrganizationId = organization.Id,
|
|
|
|
|
|
UserId = ownerId,
|
|
|
|
|
|
Key = ownerKey,
|
|
|
|
|
|
Type = OrganizationUserType.Owner,
|
|
|
|
|
|
Status = OrganizationUserStatusType.Confirmed,
|
|
|
|
|
|
AccessAll = true,
|
|
|
|
|
|
CreationDate = organization.CreationDate,
|
|
|
|
|
|
RevisionDate = organization.CreationDate
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
await _organizationUserRepository.CreateAsync(orgUser);
|
|
|
|
|
|
|
|
|
|
|
|
var deviceIds = await GetUserDeviceIdsAsync(orgUser.UserId.Value);
|
|
|
|
|
|
await _pushRegistrationService.AddUserRegistrationOrganizationAsync(deviceIds,
|
|
|
|
|
|
organization.Id.ToString());
|
|
|
|
|
|
await _pushNotificationService.PushSyncOrgKeysAsync(ownerId);
|
|
|
|
|
|
}
|
2017-04-21 22:39:46 -04:00
|
|
|
|
|
2017-03-03 00:07:11 -05:00
|
|
|
|
return new Tuple<Organization, OrganizationUser>(organization, orgUser);
|
|
|
|
|
|
}
|
|
|
|
|
|
catch
|
|
|
|
|
|
{
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (withPayment)
|
2017-08-14 20:57:45 -04:00
|
|
|
|
{
|
2019-02-08 23:53:09 -05:00
|
|
|
|
await _paymentService.CancelAndRecoverChargesAsync(organization);
|
2017-08-14 20:57:45 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (organization.Id != default(Guid))
|
2017-04-04 12:57:50 -04:00
|
|
|
|
{
|
|
|
|
|
|
await _organizationRepository.DeleteAsync(organization);
|
2017-12-19 16:02:39 -05:00
|
|
|
|
await _applicationCacheService.DeleteOrganizationAbilityAsync(organization.Id);
|
2017-04-04 12:57:50 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-03-03 00:07:11 -05:00
|
|
|
|
throw;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2017-03-04 21:28:41 -05:00
|
|
|
|
|
2017-08-14 21:25:06 -04:00
|
|
|
|
public async Task UpdateLicenseAsync(Guid organizationId, OrganizationLicense license)
|
|
|
|
|
|
{
|
2017-12-19 16:02:39 -05:00
|
|
|
|
var organization = await GetOrgById(organizationId);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (organization == null)
|
2017-08-14 21:25:06 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (!_globalSettings.SelfHosted)
|
2017-08-14 21:25:06 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new InvalidOperationException("Licenses require self hosting.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-02-07 09:43:00 +01:00
|
|
|
|
if (license?.LicenseType != null && license.LicenseType != LicenseType.Organization)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Premium licenses cannot be applied to an organization. "
|
|
|
|
|
|
+ "Upload this license from your personal account settings page.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (license == null || !_licensingService.VerifyLicense(license))
|
2017-08-14 21:25:06 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Invalid license.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (!license.CanUse(_globalSettings))
|
2017-08-14 21:25:06 -04:00
|
|
|
|
{
|
2017-08-16 15:43:11 -04:00
|
|
|
|
throw new BadRequestException("Invalid license. Make sure your license allows for on-premise " +
|
2017-08-16 15:45:38 -04:00
|
|
|
|
"hosting of organizations and that the installation id matches your current installation.");
|
2017-08-14 21:25:06 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-11-06 08:12:36 -05:00
|
|
|
|
var enabledOrgs = await _organizationRepository.GetManyByEnabledAsync();
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (enabledOrgs.Any(o => o.LicenseKey.Equals(license.LicenseKey) && o.Id != organizationId))
|
2017-11-06 08:12:36 -05:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("License is already in use by another organization.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (license.Seats.HasValue &&
|
2019-05-14 11:16:30 -04:00
|
|
|
|
(!organization.Seats.HasValue || organization.Seats.Value > license.Seats.Value))
|
2017-08-14 21:25:06 -04:00
|
|
|
|
{
|
|
|
|
|
|
var userCount = await _organizationUserRepository.GetCountByOrganizationIdAsync(organization.Id);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (userCount > license.Seats.Value)
|
2017-08-14 21:25:06 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException($"Your organization currently has {userCount} seats filled. " +
|
|
|
|
|
|
$"Your new license only has ({ license.Seats.Value}) seats. Remove some users.");
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (license.MaxCollections.HasValue && (!organization.MaxCollections.HasValue ||
|
2019-05-14 11:16:30 -04:00
|
|
|
|
organization.MaxCollections.Value > license.MaxCollections.Value))
|
2017-08-14 21:25:06 -04:00
|
|
|
|
{
|
|
|
|
|
|
var collectionCount = await _collectionRepository.GetCountByOrganizationIdAsync(organization.Id);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (collectionCount > license.MaxCollections.Value)
|
2017-08-14 21:25:06 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException($"Your organization currently has {collectionCount} collections. " +
|
|
|
|
|
|
$"Your new license allows for a maximum of ({license.MaxCollections.Value}) collections. " +
|
|
|
|
|
|
"Remove some collections.");
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (!license.UseGroups && organization.UseGroups)
|
2017-08-16 15:43:11 -04:00
|
|
|
|
{
|
|
|
|
|
|
var groups = await _groupRepository.GetManyByOrganizationIdAsync(organization.Id);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (groups.Count > 0)
|
2017-08-16 15:43:11 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException($"Your organization currently has {groups.Count} groups. " +
|
|
|
|
|
|
$"Your new license does not allow for the use of groups. Remove all groups.");
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2017-08-14 21:25:06 -04:00
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (!license.UsePolicies && organization.UsePolicies)
|
2020-01-15 15:00:54 -05:00
|
|
|
|
{
|
|
|
|
|
|
var policies = await _policyRepository.GetManyByOrganizationIdAsync(organization.Id);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (policies.Any(p => p.Enabled))
|
2020-01-15 15:00:54 -05:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException($"Your organization currently has {policies.Count} enabled " +
|
|
|
|
|
|
$"policies. Your new license does not allow for the use of policies. Disable all policies.");
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2020-08-11 14:19:56 -04:00
|
|
|
|
|
2020-07-22 09:38:39 -04:00
|
|
|
|
if (!license.UseSso && organization.UseSso)
|
|
|
|
|
|
{
|
|
|
|
|
|
var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(organization.Id);
|
|
|
|
|
|
if (ssoConfig != null && ssoConfig.Enabled)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException($"Your organization currently has a SSO configuration. " +
|
|
|
|
|
|
$"Your new license does not allow for the use of SSO. Disable your SSO configuration.");
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2021-09-23 06:36:08 -04:00
|
|
|
|
|
2021-11-17 11:46:35 +01:00
|
|
|
|
if (!license.UseKeyConnector && organization.UseKeyConnector)
|
|
|
|
|
|
{
|
|
|
|
|
|
var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(organization.Id);
|
|
|
|
|
|
if (ssoConfig != null && ssoConfig.GetData().KeyConnectorEnabled)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException($"Your organization currently has Key Connector enabled. " +
|
|
|
|
|
|
$"Your new license does not allow for the use of Key Connector. Disable your Key Connector.");
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-05-12 14:47:00 -05:00
|
|
|
|
if (!license.UseResetPassword && organization.UseResetPassword)
|
|
|
|
|
|
{
|
|
|
|
|
|
var resetPasswordPolicy =
|
|
|
|
|
|
await _policyRepository.GetByOrganizationIdTypeAsync(organization.Id, PolicyType.ResetPassword);
|
|
|
|
|
|
if (resetPasswordPolicy != null && resetPasswordPolicy.Enabled)
|
|
|
|
|
|
{
|
2021-09-23 06:36:08 -04:00
|
|
|
|
throw new BadRequestException("Your new license does not allow the Password Reset feature. "
|
2021-05-12 14:47:00 -05:00
|
|
|
|
+ "Disable your Password Reset policy.");
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2020-01-15 15:00:54 -05:00
|
|
|
|
|
2017-08-14 21:25:06 -04:00
|
|
|
|
var dir = $"{_globalSettings.LicenseDirectory}/organization";
|
|
|
|
|
|
Directory.CreateDirectory(dir);
|
2022-01-21 09:36:25 -05:00
|
|
|
|
using var fs = System.IO.File.OpenWrite(Path.Combine(dir, $"{organization.Id}.json"));
|
|
|
|
|
|
await JsonSerializer.SerializeAsync(fs, license, JsonHelpers.Indented);
|
2017-08-14 21:25:06 -04:00
|
|
|
|
|
|
|
|
|
|
organization.Name = license.Name;
|
2017-08-16 13:58:52 -04:00
|
|
|
|
organization.BusinessName = license.BusinessName;
|
|
|
|
|
|
organization.BillingEmail = license.BillingEmail;
|
2017-08-14 21:25:06 -04:00
|
|
|
|
organization.PlanType = license.PlanType;
|
|
|
|
|
|
organization.Seats = license.Seats;
|
|
|
|
|
|
organization.MaxCollections = license.MaxCollections;
|
|
|
|
|
|
organization.UseGroups = license.UseGroups;
|
|
|
|
|
|
organization.UseDirectory = license.UseDirectory;
|
2017-12-14 15:48:44 -05:00
|
|
|
|
organization.UseEvents = license.UseEvents;
|
2017-08-14 21:25:06 -04:00
|
|
|
|
organization.UseTotp = license.UseTotp;
|
2018-04-02 14:53:19 -04:00
|
|
|
|
organization.Use2fa = license.Use2fa;
|
2019-03-02 15:09:33 -05:00
|
|
|
|
organization.UseApi = license.UseApi;
|
2020-03-03 22:32:59 -05:00
|
|
|
|
organization.UsePolicies = license.UsePolicies;
|
2020-07-22 09:38:39 -04:00
|
|
|
|
organization.UseSso = license.UseSso;
|
2021-11-17 11:46:35 +01:00
|
|
|
|
organization.UseKeyConnector = license.UseKeyConnector;
|
2021-05-06 14:53:12 -05:00
|
|
|
|
organization.UseResetPassword = license.UseResetPassword;
|
2018-04-02 14:53:19 -04:00
|
|
|
|
organization.SelfHost = license.SelfHost;
|
|
|
|
|
|
organization.UsersGetPremium = license.UsersGetPremium;
|
2017-08-14 21:25:06 -04:00
|
|
|
|
organization.Plan = license.Plan;
|
2017-08-16 13:58:52 -04:00
|
|
|
|
organization.Enabled = license.Enabled;
|
2017-08-14 21:25:06 -04:00
|
|
|
|
organization.ExpirationDate = license.Expires;
|
|
|
|
|
|
organization.LicenseKey = license.LicenseKey;
|
|
|
|
|
|
organization.RevisionDate = DateTime.UtcNow;
|
2017-12-19 16:02:39 -05:00
|
|
|
|
await ReplaceAndUpdateCache(organization);
|
2017-08-14 21:25:06 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-04-11 10:52:28 -04:00
|
|
|
|
public async Task DeleteAsync(Organization organization)
|
|
|
|
|
|
{
|
2021-11-09 16:37:32 +01:00
|
|
|
|
await ValidateDeleteOrganizationAsync(organization);
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (!string.IsNullOrWhiteSpace(organization.GatewaySubscriptionId))
|
2017-04-11 10:52:28 -04:00
|
|
|
|
{
|
2018-09-07 14:00:56 -04:00
|
|
|
|
try
|
|
|
|
|
|
{
|
2018-12-31 14:07:19 -05:00
|
|
|
|
var eop = !organization.ExpirationDate.HasValue ||
|
|
|
|
|
|
organization.ExpirationDate.Value >= DateTime.UtcNow;
|
2019-02-08 23:53:09 -05:00
|
|
|
|
await _paymentService.CancelSubscriptionAsync(organization, eop);
|
2020-07-07 12:01:34 -04:00
|
|
|
|
await _referenceEventService.RaiseEventAsync(
|
|
|
|
|
|
new ReferenceEvent(ReferenceEventType.DeleteAccount, organization));
|
2018-09-07 14:00:56 -04:00
|
|
|
|
}
|
2020-03-27 14:36:37 -04:00
|
|
|
|
catch (GatewayException) { }
|
2017-04-11 10:52:28 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
await _organizationRepository.DeleteAsync(organization);
|
2017-12-19 16:02:39 -05:00
|
|
|
|
await _applicationCacheService.DeleteOrganizationAbilityAsync(organization.Id);
|
2017-04-11 10:52:28 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2019-08-09 23:56:26 -04:00
|
|
|
|
public async Task EnableAsync(Guid organizationId, DateTime? expirationDate)
|
|
|
|
|
|
{
|
|
|
|
|
|
var org = await GetOrgById(organizationId);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (org != null && !org.Enabled && org.Gateway.HasValue)
|
2019-08-09 23:56:26 -04:00
|
|
|
|
{
|
|
|
|
|
|
org.Enabled = true;
|
|
|
|
|
|
org.ExpirationDate = expirationDate;
|
|
|
|
|
|
org.RevisionDate = DateTime.UtcNow;
|
|
|
|
|
|
await ReplaceAndUpdateCache(org);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-08-12 22:16:42 -04:00
|
|
|
|
public async Task DisableAsync(Guid organizationId, DateTime? expirationDate)
|
2017-04-26 16:14:15 -04:00
|
|
|
|
{
|
2017-12-19 16:02:39 -05:00
|
|
|
|
var org = await GetOrgById(organizationId);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (org != null && org.Enabled)
|
2017-04-26 16:14:15 -04:00
|
|
|
|
{
|
|
|
|
|
|
org.Enabled = false;
|
2017-08-12 22:16:42 -04:00
|
|
|
|
org.ExpirationDate = expirationDate;
|
|
|
|
|
|
org.RevisionDate = DateTime.UtcNow;
|
2017-12-19 16:02:39 -05:00
|
|
|
|
await ReplaceAndUpdateCache(org);
|
2017-04-26 16:14:15 -04:00
|
|
|
|
|
|
|
|
|
|
// TODO: send email to owners?
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-08-12 22:16:42 -04:00
|
|
|
|
public async Task UpdateExpirationDateAsync(Guid organizationId, DateTime? expirationDate)
|
|
|
|
|
|
{
|
2017-12-19 16:02:39 -05:00
|
|
|
|
var org = await GetOrgById(organizationId);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (org != null)
|
2017-08-12 22:16:42 -04:00
|
|
|
|
{
|
|
|
|
|
|
org.ExpirationDate = expirationDate;
|
|
|
|
|
|
org.RevisionDate = DateTime.UtcNow;
|
2017-12-19 16:02:39 -05:00
|
|
|
|
await ReplaceAndUpdateCache(org);
|
2017-08-12 22:16:42 -04:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-04-26 16:14:15 -04:00
|
|
|
|
public async Task EnableAsync(Guid organizationId)
|
|
|
|
|
|
{
|
2017-12-19 16:02:39 -05:00
|
|
|
|
var org = await GetOrgById(organizationId);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (org != null && !org.Enabled)
|
2017-04-26 16:14:15 -04:00
|
|
|
|
{
|
|
|
|
|
|
org.Enabled = true;
|
2017-12-19 16:02:39 -05:00
|
|
|
|
await ReplaceAndUpdateCache(org);
|
2017-04-26 16:14:15 -04:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-04-10 19:07:38 -04:00
|
|
|
|
public async Task UpdateAsync(Organization organization, bool updateBilling = false)
|
|
|
|
|
|
{
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (organization.Id == default(Guid))
|
2017-04-10 19:07:38 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new ApplicationException("Cannot create org this way. Call SignUpAsync.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-08-12 16:38:22 -04:00
|
|
|
|
if (!string.IsNullOrWhiteSpace(organization.Identifier))
|
|
|
|
|
|
{
|
|
|
|
|
|
var orgById = await _organizationRepository.GetByIdentifierAsync(organization.Identifier);
|
|
|
|
|
|
if (orgById != null && orgById.Id != organization.Id)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Identifier already in use by another organization.");
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-12-19 16:02:39 -05:00
|
|
|
|
await ReplaceAndUpdateCache(organization, EventType.Organization_Updated);
|
2017-04-10 19:07:38 -04:00
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (updateBilling && !string.IsNullOrWhiteSpace(organization.GatewayCustomerId))
|
2017-04-10 19:07:38 -04:00
|
|
|
|
{
|
2019-01-29 14:41:37 -05:00
|
|
|
|
var customerService = new CustomerService();
|
|
|
|
|
|
await customerService.UpdateAsync(organization.GatewayCustomerId, new CustomerUpdateOptions
|
2017-04-10 19:07:38 -04:00
|
|
|
|
{
|
|
|
|
|
|
Email = organization.BillingEmail,
|
|
|
|
|
|
Description = organization.BusinessName
|
|
|
|
|
|
});
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2018-04-02 23:18:26 -04:00
|
|
|
|
public async Task UpdateTwoFactorProviderAsync(Organization organization, TwoFactorProviderType type)
|
|
|
|
|
|
{
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (!type.ToString().Contains("Organization"))
|
2018-04-02 23:18:26 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new ArgumentException("Not an organization provider type.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (!organization.Use2fa)
|
2018-04-02 23:18:26 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Organization cannot use 2FA.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var providers = organization.GetTwoFactorProviders();
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (!providers?.ContainsKey(type) ?? true)
|
2018-04-02 23:18:26 -04:00
|
|
|
|
{
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
providers[type].Enabled = true;
|
|
|
|
|
|
organization.SetTwoFactorProviders(providers);
|
|
|
|
|
|
await UpdateAsync(organization);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public async Task DisableTwoFactorProviderAsync(Organization organization, TwoFactorProviderType type)
|
|
|
|
|
|
{
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (!type.ToString().Contains("Organization"))
|
2018-04-02 23:18:26 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new ArgumentException("Not an organization provider type.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var providers = organization.GetTwoFactorProviders();
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (!providers?.ContainsKey(type) ?? true)
|
2018-04-02 23:18:26 -04:00
|
|
|
|
{
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
providers.Remove(type);
|
|
|
|
|
|
organization.SetTwoFactorProviders(providers);
|
|
|
|
|
|
await UpdateAsync(organization);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-09-23 06:36:08 -04:00
|
|
|
|
public async Task<List<OrganizationUser>> InviteUsersAsync(Guid organizationId, Guid? invitingUserId,
|
2021-05-17 09:43:02 -05:00
|
|
|
|
IEnumerable<(OrganizationUserInvite invite, string externalId)> invites)
|
|
|
|
|
|
{
|
|
|
|
|
|
var organization = await GetOrgById(organizationId);
|
2021-09-23 06:36:08 -04:00
|
|
|
|
var initialSeatCount = organization.Seats;
|
|
|
|
|
|
if (organization == null || invites.Any(i => i.invite.Emails == null))
|
2021-05-17 09:43:02 -05:00
|
|
|
|
{
|
|
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var inviteTypes = new HashSet<OrganizationUserType>(invites.Where(i => i.invite.Type.HasValue)
|
|
|
|
|
|
.Select(i => i.invite.Type.Value));
|
|
|
|
|
|
if (invitingUserId.HasValue && inviteTypes.Count > 0)
|
|
|
|
|
|
{
|
|
|
|
|
|
foreach (var type in inviteTypes)
|
|
|
|
|
|
{
|
2021-07-08 17:05:32 +02:00
|
|
|
|
await ValidateOrganizationUserUpdatePermissions(organizationId, type, null);
|
2021-05-17 09:43:02 -05:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-09-23 06:36:08 -04:00
|
|
|
|
var newSeatsRequired = 0;
|
|
|
|
|
|
var existingEmails = new HashSet<string>(await _organizationUserRepository.SelectKnownEmailsAsync(
|
|
|
|
|
|
organizationId, invites.SelectMany(i => i.invite.Emails), false), StringComparer.InvariantCultureIgnoreCase);
|
2021-05-17 09:43:02 -05:00
|
|
|
|
if (organization.Seats.HasValue)
|
|
|
|
|
|
{
|
|
|
|
|
|
var userCount = await _organizationUserRepository.GetCountByOrganizationIdAsync(organizationId);
|
|
|
|
|
|
var availableSeats = organization.Seats.Value - userCount;
|
2021-09-23 06:36:08 -04:00
|
|
|
|
newSeatsRequired = invites.Sum(i => i.invite.Emails.Count()) - existingEmails.Count() - availableSeats;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-09-28 16:18:44 -04:00
|
|
|
|
if (newSeatsRequired > 0)
|
2021-09-23 06:36:08 -04:00
|
|
|
|
{
|
2021-10-25 10:19:37 -05:00
|
|
|
|
var (canScale, failureReason) = CanScale(organization, newSeatsRequired);
|
2021-09-28 16:18:44 -04:00
|
|
|
|
if (!canScale)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException(failureReason);
|
|
|
|
|
|
}
|
2021-09-23 06:36:08 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var invitedAreAllOwners = invites.All(i => i.invite.Type == OrganizationUserType.Owner);
|
|
|
|
|
|
if (!invitedAreAllOwners && !await HasConfirmedOwnersExceptAsync(organizationId, new Guid[] { }))
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Organization must have at least one confirmed owner.");
|
2021-05-17 09:43:02 -05:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-09-23 06:36:08 -04:00
|
|
|
|
|
2021-05-17 09:43:02 -05:00
|
|
|
|
var orgUsers = new List<OrganizationUser>();
|
2021-09-23 06:36:08 -04:00
|
|
|
|
var limitedCollectionOrgUsers = new List<(OrganizationUser, IEnumerable<SelectionReadOnly>)>();
|
2021-05-17 09:43:02 -05:00
|
|
|
|
var orgUserInvitedCount = 0;
|
|
|
|
|
|
var exceptions = new List<Exception>();
|
|
|
|
|
|
var events = new List<(OrganizationUser, EventType, DateTime?)>();
|
|
|
|
|
|
foreach (var (invite, externalId) in invites)
|
|
|
|
|
|
{
|
|
|
|
|
|
foreach (var email in invite.Emails)
|
|
|
|
|
|
{
|
|
|
|
|
|
try
|
|
|
|
|
|
{
|
|
|
|
|
|
// Make sure user is not already invited
|
|
|
|
|
|
if (existingEmails.Contains(email))
|
|
|
|
|
|
{
|
|
|
|
|
|
continue;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var orgUser = new OrganizationUser
|
|
|
|
|
|
{
|
|
|
|
|
|
OrganizationId = organizationId,
|
|
|
|
|
|
UserId = null,
|
|
|
|
|
|
Email = email.ToLowerInvariant(),
|
|
|
|
|
|
Key = null,
|
|
|
|
|
|
Type = invite.Type.Value,
|
|
|
|
|
|
Status = OrganizationUserStatusType.Invited,
|
|
|
|
|
|
AccessAll = invite.AccessAll,
|
|
|
|
|
|
ExternalId = externalId,
|
|
|
|
|
|
CreationDate = DateTime.UtcNow,
|
|
|
|
|
|
RevisionDate = DateTime.UtcNow,
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
if (invite.Permissions != null)
|
|
|
|
|
|
{
|
2022-01-21 09:36:25 -05:00
|
|
|
|
orgUser.Permissions = JsonSerializer.Serialize(invite.Permissions, JsonHelpers.CamelCase);
|
2021-05-17 09:43:02 -05:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (!orgUser.AccessAll && invite.Collections.Any())
|
|
|
|
|
|
{
|
2021-09-23 06:36:08 -04:00
|
|
|
|
limitedCollectionOrgUsers.Add((orgUser, invite.Collections));
|
|
|
|
|
|
}
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
|
|
|
|
|
orgUsers.Add(orgUser);
|
2021-05-17 09:43:02 -05:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
events.Add((orgUser, EventType.OrganizationUser_Invited, DateTime.UtcNow));
|
|
|
|
|
|
orgUserInvitedCount++;
|
|
|
|
|
|
}
|
|
|
|
|
|
catch (Exception e)
|
|
|
|
|
|
{
|
|
|
|
|
|
exceptions.Add(e);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-09-23 06:36:08 -04:00
|
|
|
|
if (exceptions.Any())
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new AggregateException("One or more errors occurred while inviting users.", exceptions);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var prorationDate = DateTime.UtcNow;
|
2021-05-17 09:43:02 -05:00
|
|
|
|
try
|
|
|
|
|
|
{
|
|
|
|
|
|
await _organizationUserRepository.CreateManyAsync(orgUsers);
|
2021-09-23 06:36:08 -04:00
|
|
|
|
foreach (var (orgUser, collections) in limitedCollectionOrgUsers)
|
|
|
|
|
|
{
|
|
|
|
|
|
await _organizationUserRepository.CreateAsync(orgUser, collections);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-10-25 10:19:37 -05:00
|
|
|
|
if (!await _currentContext.ManageUsers(organization.Id))
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Cannot add seats. Cannot manage organization users.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-09-23 06:36:08 -04:00
|
|
|
|
await AutoAddSeatsAsync(organization, newSeatsRequired, prorationDate);
|
2021-12-14 10:29:31 -06:00
|
|
|
|
await SendInvitesAsync(orgUsers.Concat(limitedCollectionOrgUsers.Select(u => u.Item1)), organization);
|
2021-05-17 09:43:02 -05:00
|
|
|
|
await _eventService.LogOrganizationUserEventsAsync(events);
|
|
|
|
|
|
|
|
|
|
|
|
await _referenceEventService.RaiseEventAsync(
|
|
|
|
|
|
new ReferenceEvent(ReferenceEventType.InvitedUsers, organization)
|
|
|
|
|
|
{
|
|
|
|
|
|
Users = orgUserInvitedCount
|
|
|
|
|
|
});
|
|
|
|
|
|
}
|
|
|
|
|
|
catch (Exception e)
|
|
|
|
|
|
{
|
2021-09-23 06:36:08 -04:00
|
|
|
|
// Revert any added users.
|
|
|
|
|
|
var invitedOrgUserIds = orgUsers.Select(u => u.Id).Concat(limitedCollectionOrgUsers.Select(u => u.Item1.Id));
|
|
|
|
|
|
await _organizationUserRepository.DeleteManyAsync(invitedOrgUserIds);
|
|
|
|
|
|
var currentSeatCount = (await _organizationRepository.GetByIdAsync(organization.Id)).Seats;
|
2017-04-07 16:41:04 -04:00
|
|
|
|
|
2021-09-23 06:36:08 -04:00
|
|
|
|
if (initialSeatCount.HasValue && currentSeatCount.HasValue && currentSeatCount.Value != initialSeatCount.Value)
|
2017-04-07 16:41:04 -04:00
|
|
|
|
{
|
2021-09-23 06:36:08 -04:00
|
|
|
|
await AdjustSeatsAsync(organization, initialSeatCount.Value - currentSeatCount.Value, prorationDate);
|
2017-04-07 16:41:04 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-09-23 06:36:08 -04:00
|
|
|
|
exceptions.Add(e);
|
2021-07-08 17:05:32 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-09-23 06:36:08 -04:00
|
|
|
|
if (exceptions.Any())
|
2017-03-28 21:16:19 -04:00
|
|
|
|
{
|
2021-09-23 06:36:08 -04:00
|
|
|
|
throw new AggregateException("One or more errors occurred while inviting users.", exceptions);
|
2017-04-20 23:50:12 -04:00
|
|
|
|
}
|
2017-03-04 21:28:41 -05:00
|
|
|
|
|
2017-05-18 12:04:27 -04:00
|
|
|
|
return orgUsers;
|
2017-03-04 21:28:41 -05:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-05-25 19:23:47 +02:00
|
|
|
|
public async Task<IEnumerable<Tuple<OrganizationUser, string>>> ResendInvitesAsync(Guid organizationId, Guid? invitingUserId,
|
2021-05-12 11:18:25 +02:00
|
|
|
|
IEnumerable<Guid> organizationUsersId)
|
|
|
|
|
|
{
|
|
|
|
|
|
var orgUsers = await _organizationUserRepository.GetManyAsync(organizationUsersId);
|
|
|
|
|
|
var org = await GetOrgById(organizationId);
|
2021-05-25 19:23:47 +02:00
|
|
|
|
|
|
|
|
|
|
var result = new List<Tuple<OrganizationUser, string>>();
|
|
|
|
|
|
foreach (var orgUser in orgUsers)
|
2021-05-12 11:18:25 +02:00
|
|
|
|
{
|
2021-05-25 19:23:47 +02:00
|
|
|
|
if (orgUser.Status != OrganizationUserStatusType.Invited || orgUser.OrganizationId != organizationId)
|
|
|
|
|
|
{
|
|
|
|
|
|
result.Add(Tuple.Create(orgUser, "User invalid."));
|
|
|
|
|
|
continue;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-05-12 11:18:25 +02:00
|
|
|
|
await SendInviteAsync(orgUser, org);
|
2021-05-25 19:23:47 +02:00
|
|
|
|
result.Add(Tuple.Create(orgUser, ""));
|
2021-05-12 11:18:25 +02:00
|
|
|
|
}
|
2021-05-25 19:23:47 +02:00
|
|
|
|
|
|
|
|
|
|
return result;
|
2021-05-12 11:18:25 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
2019-10-07 16:23:38 -04:00
|
|
|
|
public async Task ResendInviteAsync(Guid organizationId, Guid? invitingUserId, Guid organizationUserId)
|
2017-03-23 00:17:34 -04:00
|
|
|
|
{
|
|
|
|
|
|
var orgUser = await _organizationUserRepository.GetByIdAsync(organizationUserId);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (orgUser == null || orgUser.OrganizationId != organizationId ||
|
2017-04-12 11:00:40 -04:00
|
|
|
|
orgUser.Status != OrganizationUserStatusType.Invited)
|
2017-03-23 00:17:34 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("User invalid.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-07-15 12:38:45 -04:00
|
|
|
|
var org = await GetOrgById(orgUser.OrganizationId);
|
|
|
|
|
|
await SendInviteAsync(orgUser, org);
|
2017-03-23 00:17:34 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-05-17 09:43:02 -05:00
|
|
|
|
private async Task SendInvitesAsync(IEnumerable<OrganizationUser> orgUsers, Organization organization)
|
|
|
|
|
|
{
|
|
|
|
|
|
string MakeToken(OrganizationUser orgUser) =>
|
|
|
|
|
|
_dataProtector.Protect($"OrganizationUserInvite {orgUser.Id} {orgUser.Email} {CoreHelpers.ToEpocMilliseconds(DateTime.UtcNow)}");
|
2021-12-16 15:35:09 +01:00
|
|
|
|
|
Families for Enterprise (#1714)
* Create common test infrastructure project
* Add helpers to further type PlanTypes
* Enable testing of ASP.net MVC controllers
Controller properties have all kinds of validations in the background.
In general, we don't user properties on our Controllers, so the easiest
way to allow for Autofixture-based testing of our Controllers is to just
omit setting all properties on them.
* Workaround for broken MemberAutoDataAttribute
https://github.com/AutoFixture/AutoFixture/pull/1164 shows that only
the first test case is pulled for this attribute.
This is a workaround that populates the provided parameters, left to
right, using AutoFixture to populate any remaining.
* WIP: Organization sponsorship flow
* Add Attribute to use the Bit Autodata dependency chain
BitAutoDataAttribute is used to mark a Theory as autopopulating
parameters.
Extract common attribute methods to to a helper class. Cannot
inherit a common base, since both require inheriting from different
Xunit base classes to work.
* WIP: scaffolding for families for enterprise sponsorship flow
* Fix broken tests
* Create sponsorship offer (#1688)
* Initial db work (#1687)
* Add organization sponsorship databases to all providers
* Generalize create and update for database, specialize in code
* Add PlanSponsorshipType to db model
* Write valid json for test entries
* Initial scaffolding of emails (#1686)
* Initial scaffolding of emails
* Work on adding models for FamilyForEnterprise emails
* Switch verbage
* Put preliminary copy in emails
* Skip test
* Families for enterprise/stripe integrations (#1699)
* Add PlanSponsorshipType to static store
* Add sponsorship type to token and creates sponsorship
* PascalCase properties
* Require sponsorship for remove
* Create subscription sponsorship helper class
* Handle Sponsored subscription changes
* Add sponsorship id to subscription metadata
* Make sponsoring references nullable
This state indicates that a sponsorship has lapsed, but was not able to
be reverted for billing reasons
* WIP: Validate and remove subscriptions
* Update sponsorships on organization and org user delete
* Add friendly name to organization sponsorship
* Add sponsorship available boolean to orgDetails
* Add sponsorship service to DI
* Use userId to find org users
* Send f4e offer email
* Simplify names of f4e mail messages
* Fix Stripe org default tax rates
* Universal sponsorship redeem api
* Populate user in current context
* Add product type to organization details
* Use upgrade path to change sponsorship
Sponsorships need to be annual to match the GB add-on charge rate
* Use organization and auth to find organization sponsorship
* Add resend sponsorship offer api endpoint
* Fix double email send
* Fix sponsorship upgrade options
* Add is sponsored item to subscription response
* Add sponsorship validation to upcoming invoice webhook
* Add sponsorship validation to upcoming invoice webhook
* Fix organization delete sponsorship hooks
* Test org sponsorship service
* Fix sproc
* Create common test infrastructure project
* Add helpers to further type PlanTypes
* Enable testing of ASP.net MVC controllers
Controller properties have all kinds of validations in the background.
In general, we don't user properties on our Controllers, so the easiest
way to allow for Autofixture-based testing of our Controllers is to just
omit setting all properties on them.
* Workaround for broken MemberAutoDataAttribute
https://github.com/AutoFixture/AutoFixture/pull/1164 shows that only
the first test case is pulled for this attribute.
This is a workaround that populates the provided parameters, left to
right, using AutoFixture to populate any remaining.
* WIP: Organization sponsorship flow
* Add Attribute to use the Bit Autodata dependency chain
BitAutoDataAttribute is used to mark a Theory as autopopulating
parameters.
Extract common attribute methods to to a helper class. Cannot
inherit a common base, since both require inheriting from different
Xunit base classes to work.
* WIP: scaffolding for families for enterprise sponsorship flow
* Fix broken tests
* Create sponsorship offer (#1688)
* Initial db work (#1687)
* Add organization sponsorship databases to all providers
* Generalize create and update for database, specialize in code
* Add PlanSponsorshipType to db model
* Write valid json for test entries
* Initial scaffolding of emails (#1686)
* Initial scaffolding of emails
* Work on adding models for FamilyForEnterprise emails
* Switch verbage
* Put preliminary copy in emails
* Skip test
* Families for enterprise/stripe integrations (#1699)
* Add PlanSponsorshipType to static store
* Add sponsorship type to token and creates sponsorship
* PascalCase properties
* Require sponsorship for remove
* Create subscription sponsorship helper class
* Handle Sponsored subscription changes
* Add sponsorship id to subscription metadata
* Make sponsoring references nullable
This state indicates that a sponsorship has lapsed, but was not able to
be reverted for billing reasons
* WIP: Validate and remove subscriptions
* Update sponsorships on organization and org user delete
* Add friendly name to organization sponsorship
* Add sponsorship available boolean to orgDetails
* Add sponsorship service to DI
* Use userId to find org users
* Send f4e offer email
* Simplify names of f4e mail messages
* Fix Stripe org default tax rates
* Universal sponsorship redeem api
* Populate user in current context
* Add product type to organization details
* Use upgrade path to change sponsorship
Sponsorships need to be annual to match the GB add-on charge rate
* Use organization and auth to find organization sponsorship
* Add resend sponsorship offer api endpoint
* Fix double email send
* Fix sponsorship upgrade options
* Add is sponsored item to subscription response
* Add sponsorship validation to upcoming invoice webhook
* Add sponsorship validation to upcoming invoice webhook
* Fix organization delete sponsorship hooks
* Test org sponsorship service
* Fix sproc
* Fix build error
* Update emails
* Fix tests
* Skip local test
* Add newline
* Fix stripe subscription update
* Finish emails
* Skip test
* Fix unit tests
* Remove unused variable
* Fix unit tests
* Switch to handlebars ifs
* Remove ending email
* Remove reconfirmation template
* Switch naming convention
* Switch naming convention
* Fix migration
* Update copy and links
* Switch to using Guid in the method
* Remove unneeded css styles
* Add sql files to Sql.sqlproj
* Removed old comments
* Made name more verbose
* Fix SQL error
* Move unit tests to service
* Fix sp
* Revert "Move unit tests to service"
This reverts commit 1185bf3ec8ca36ccd75717ed2463adf8885159a6.
* Do repository validation in service layer
* Fix tests
* Fix merge conflicts and remove TODO
* Remove unneeded models
* Fix spacing and formatting
* Switch Org -> Organization
* Remove single use variables
* Switch method name
* Fix Controller
* Switch to obfuscating email
* Fix unit tests
Co-authored-by: Justin Baur <admin@justinbaur.com>
2021-11-19 16:25:06 -06:00
|
|
|
|
await _mailService.BulkSendOrganizationInviteEmailAsync(organization.Name, CheckOrganizationCanSponsor(organization),
|
2021-07-16 14:17:24 -04:00
|
|
|
|
orgUsers.Select(o => (o, new ExpiringToken(MakeToken(o), DateTime.UtcNow.AddDays(5)))));
|
2021-05-17 09:43:02 -05:00
|
|
|
|
}
|
|
|
|
|
|
|
2020-07-15 12:38:45 -04:00
|
|
|
|
private async Task SendInviteAsync(OrganizationUser orgUser, Organization organization)
|
2017-03-23 00:17:34 -04:00
|
|
|
|
{
|
2021-07-16 14:17:24 -04:00
|
|
|
|
var now = DateTime.UtcNow;
|
|
|
|
|
|
var nowMillis = CoreHelpers.ToEpocMilliseconds(now);
|
2017-03-23 00:17:34 -04:00
|
|
|
|
var token = _dataProtector.Protect(
|
2017-03-23 11:51:37 -04:00
|
|
|
|
$"OrganizationUserInvite {orgUser.Id} {orgUser.Email} {nowMillis}");
|
2021-12-16 15:35:09 +01:00
|
|
|
|
|
Families for Enterprise (#1714)
* Create common test infrastructure project
* Add helpers to further type PlanTypes
* Enable testing of ASP.net MVC controllers
Controller properties have all kinds of validations in the background.
In general, we don't user properties on our Controllers, so the easiest
way to allow for Autofixture-based testing of our Controllers is to just
omit setting all properties on them.
* Workaround for broken MemberAutoDataAttribute
https://github.com/AutoFixture/AutoFixture/pull/1164 shows that only
the first test case is pulled for this attribute.
This is a workaround that populates the provided parameters, left to
right, using AutoFixture to populate any remaining.
* WIP: Organization sponsorship flow
* Add Attribute to use the Bit Autodata dependency chain
BitAutoDataAttribute is used to mark a Theory as autopopulating
parameters.
Extract common attribute methods to to a helper class. Cannot
inherit a common base, since both require inheriting from different
Xunit base classes to work.
* WIP: scaffolding for families for enterprise sponsorship flow
* Fix broken tests
* Create sponsorship offer (#1688)
* Initial db work (#1687)
* Add organization sponsorship databases to all providers
* Generalize create and update for database, specialize in code
* Add PlanSponsorshipType to db model
* Write valid json for test entries
* Initial scaffolding of emails (#1686)
* Initial scaffolding of emails
* Work on adding models for FamilyForEnterprise emails
* Switch verbage
* Put preliminary copy in emails
* Skip test
* Families for enterprise/stripe integrations (#1699)
* Add PlanSponsorshipType to static store
* Add sponsorship type to token and creates sponsorship
* PascalCase properties
* Require sponsorship for remove
* Create subscription sponsorship helper class
* Handle Sponsored subscription changes
* Add sponsorship id to subscription metadata
* Make sponsoring references nullable
This state indicates that a sponsorship has lapsed, but was not able to
be reverted for billing reasons
* WIP: Validate and remove subscriptions
* Update sponsorships on organization and org user delete
* Add friendly name to organization sponsorship
* Add sponsorship available boolean to orgDetails
* Add sponsorship service to DI
* Use userId to find org users
* Send f4e offer email
* Simplify names of f4e mail messages
* Fix Stripe org default tax rates
* Universal sponsorship redeem api
* Populate user in current context
* Add product type to organization details
* Use upgrade path to change sponsorship
Sponsorships need to be annual to match the GB add-on charge rate
* Use organization and auth to find organization sponsorship
* Add resend sponsorship offer api endpoint
* Fix double email send
* Fix sponsorship upgrade options
* Add is sponsored item to subscription response
* Add sponsorship validation to upcoming invoice webhook
* Add sponsorship validation to upcoming invoice webhook
* Fix organization delete sponsorship hooks
* Test org sponsorship service
* Fix sproc
* Create common test infrastructure project
* Add helpers to further type PlanTypes
* Enable testing of ASP.net MVC controllers
Controller properties have all kinds of validations in the background.
In general, we don't user properties on our Controllers, so the easiest
way to allow for Autofixture-based testing of our Controllers is to just
omit setting all properties on them.
* Workaround for broken MemberAutoDataAttribute
https://github.com/AutoFixture/AutoFixture/pull/1164 shows that only
the first test case is pulled for this attribute.
This is a workaround that populates the provided parameters, left to
right, using AutoFixture to populate any remaining.
* WIP: Organization sponsorship flow
* Add Attribute to use the Bit Autodata dependency chain
BitAutoDataAttribute is used to mark a Theory as autopopulating
parameters.
Extract common attribute methods to to a helper class. Cannot
inherit a common base, since both require inheriting from different
Xunit base classes to work.
* WIP: scaffolding for families for enterprise sponsorship flow
* Fix broken tests
* Create sponsorship offer (#1688)
* Initial db work (#1687)
* Add organization sponsorship databases to all providers
* Generalize create and update for database, specialize in code
* Add PlanSponsorshipType to db model
* Write valid json for test entries
* Initial scaffolding of emails (#1686)
* Initial scaffolding of emails
* Work on adding models for FamilyForEnterprise emails
* Switch verbage
* Put preliminary copy in emails
* Skip test
* Families for enterprise/stripe integrations (#1699)
* Add PlanSponsorshipType to static store
* Add sponsorship type to token and creates sponsorship
* PascalCase properties
* Require sponsorship for remove
* Create subscription sponsorship helper class
* Handle Sponsored subscription changes
* Add sponsorship id to subscription metadata
* Make sponsoring references nullable
This state indicates that a sponsorship has lapsed, but was not able to
be reverted for billing reasons
* WIP: Validate and remove subscriptions
* Update sponsorships on organization and org user delete
* Add friendly name to organization sponsorship
* Add sponsorship available boolean to orgDetails
* Add sponsorship service to DI
* Use userId to find org users
* Send f4e offer email
* Simplify names of f4e mail messages
* Fix Stripe org default tax rates
* Universal sponsorship redeem api
* Populate user in current context
* Add product type to organization details
* Use upgrade path to change sponsorship
Sponsorships need to be annual to match the GB add-on charge rate
* Use organization and auth to find organization sponsorship
* Add resend sponsorship offer api endpoint
* Fix double email send
* Fix sponsorship upgrade options
* Add is sponsored item to subscription response
* Add sponsorship validation to upcoming invoice webhook
* Add sponsorship validation to upcoming invoice webhook
* Fix organization delete sponsorship hooks
* Test org sponsorship service
* Fix sproc
* Fix build error
* Update emails
* Fix tests
* Skip local test
* Add newline
* Fix stripe subscription update
* Finish emails
* Skip test
* Fix unit tests
* Remove unused variable
* Fix unit tests
* Switch to handlebars ifs
* Remove ending email
* Remove reconfirmation template
* Switch naming convention
* Switch naming convention
* Fix migration
* Update copy and links
* Switch to using Guid in the method
* Remove unneeded css styles
* Add sql files to Sql.sqlproj
* Removed old comments
* Made name more verbose
* Fix SQL error
* Move unit tests to service
* Fix sp
* Revert "Move unit tests to service"
This reverts commit 1185bf3ec8ca36ccd75717ed2463adf8885159a6.
* Do repository validation in service layer
* Fix tests
* Fix merge conflicts and remove TODO
* Remove unneeded models
* Fix spacing and formatting
* Switch Org -> Organization
* Remove single use variables
* Switch method name
* Fix Controller
* Switch to obfuscating email
* Fix unit tests
Co-authored-by: Justin Baur <admin@justinbaur.com>
2021-11-19 16:25:06 -06:00
|
|
|
|
await _mailService.SendOrganizationInviteEmailAsync(organization.Name, CheckOrganizationCanSponsor(organization), orgUser, new ExpiringToken(token, now.AddDays(5)));
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2021-12-07 10:52:36 -06:00
|
|
|
|
private bool CheckOrganizationCanSponsor(Organization organization)
|
Families for Enterprise (#1714)
* Create common test infrastructure project
* Add helpers to further type PlanTypes
* Enable testing of ASP.net MVC controllers
Controller properties have all kinds of validations in the background.
In general, we don't user properties on our Controllers, so the easiest
way to allow for Autofixture-based testing of our Controllers is to just
omit setting all properties on them.
* Workaround for broken MemberAutoDataAttribute
https://github.com/AutoFixture/AutoFixture/pull/1164 shows that only
the first test case is pulled for this attribute.
This is a workaround that populates the provided parameters, left to
right, using AutoFixture to populate any remaining.
* WIP: Organization sponsorship flow
* Add Attribute to use the Bit Autodata dependency chain
BitAutoDataAttribute is used to mark a Theory as autopopulating
parameters.
Extract common attribute methods to to a helper class. Cannot
inherit a common base, since both require inheriting from different
Xunit base classes to work.
* WIP: scaffolding for families for enterprise sponsorship flow
* Fix broken tests
* Create sponsorship offer (#1688)
* Initial db work (#1687)
* Add organization sponsorship databases to all providers
* Generalize create and update for database, specialize in code
* Add PlanSponsorshipType to db model
* Write valid json for test entries
* Initial scaffolding of emails (#1686)
* Initial scaffolding of emails
* Work on adding models for FamilyForEnterprise emails
* Switch verbage
* Put preliminary copy in emails
* Skip test
* Families for enterprise/stripe integrations (#1699)
* Add PlanSponsorshipType to static store
* Add sponsorship type to token and creates sponsorship
* PascalCase properties
* Require sponsorship for remove
* Create subscription sponsorship helper class
* Handle Sponsored subscription changes
* Add sponsorship id to subscription metadata
* Make sponsoring references nullable
This state indicates that a sponsorship has lapsed, but was not able to
be reverted for billing reasons
* WIP: Validate and remove subscriptions
* Update sponsorships on organization and org user delete
* Add friendly name to organization sponsorship
* Add sponsorship available boolean to orgDetails
* Add sponsorship service to DI
* Use userId to find org users
* Send f4e offer email
* Simplify names of f4e mail messages
* Fix Stripe org default tax rates
* Universal sponsorship redeem api
* Populate user in current context
* Add product type to organization details
* Use upgrade path to change sponsorship
Sponsorships need to be annual to match the GB add-on charge rate
* Use organization and auth to find organization sponsorship
* Add resend sponsorship offer api endpoint
* Fix double email send
* Fix sponsorship upgrade options
* Add is sponsored item to subscription response
* Add sponsorship validation to upcoming invoice webhook
* Add sponsorship validation to upcoming invoice webhook
* Fix organization delete sponsorship hooks
* Test org sponsorship service
* Fix sproc
* Create common test infrastructure project
* Add helpers to further type PlanTypes
* Enable testing of ASP.net MVC controllers
Controller properties have all kinds of validations in the background.
In general, we don't user properties on our Controllers, so the easiest
way to allow for Autofixture-based testing of our Controllers is to just
omit setting all properties on them.
* Workaround for broken MemberAutoDataAttribute
https://github.com/AutoFixture/AutoFixture/pull/1164 shows that only
the first test case is pulled for this attribute.
This is a workaround that populates the provided parameters, left to
right, using AutoFixture to populate any remaining.
* WIP: Organization sponsorship flow
* Add Attribute to use the Bit Autodata dependency chain
BitAutoDataAttribute is used to mark a Theory as autopopulating
parameters.
Extract common attribute methods to to a helper class. Cannot
inherit a common base, since both require inheriting from different
Xunit base classes to work.
* WIP: scaffolding for families for enterprise sponsorship flow
* Fix broken tests
* Create sponsorship offer (#1688)
* Initial db work (#1687)
* Add organization sponsorship databases to all providers
* Generalize create and update for database, specialize in code
* Add PlanSponsorshipType to db model
* Write valid json for test entries
* Initial scaffolding of emails (#1686)
* Initial scaffolding of emails
* Work on adding models for FamilyForEnterprise emails
* Switch verbage
* Put preliminary copy in emails
* Skip test
* Families for enterprise/stripe integrations (#1699)
* Add PlanSponsorshipType to static store
* Add sponsorship type to token and creates sponsorship
* PascalCase properties
* Require sponsorship for remove
* Create subscription sponsorship helper class
* Handle Sponsored subscription changes
* Add sponsorship id to subscription metadata
* Make sponsoring references nullable
This state indicates that a sponsorship has lapsed, but was not able to
be reverted for billing reasons
* WIP: Validate and remove subscriptions
* Update sponsorships on organization and org user delete
* Add friendly name to organization sponsorship
* Add sponsorship available boolean to orgDetails
* Add sponsorship service to DI
* Use userId to find org users
* Send f4e offer email
* Simplify names of f4e mail messages
* Fix Stripe org default tax rates
* Universal sponsorship redeem api
* Populate user in current context
* Add product type to organization details
* Use upgrade path to change sponsorship
Sponsorships need to be annual to match the GB add-on charge rate
* Use organization and auth to find organization sponsorship
* Add resend sponsorship offer api endpoint
* Fix double email send
* Fix sponsorship upgrade options
* Add is sponsored item to subscription response
* Add sponsorship validation to upcoming invoice webhook
* Add sponsorship validation to upcoming invoice webhook
* Fix organization delete sponsorship hooks
* Test org sponsorship service
* Fix sproc
* Fix build error
* Update emails
* Fix tests
* Skip local test
* Add newline
* Fix stripe subscription update
* Finish emails
* Skip test
* Fix unit tests
* Remove unused variable
* Fix unit tests
* Switch to handlebars ifs
* Remove ending email
* Remove reconfirmation template
* Switch naming convention
* Switch naming convention
* Fix migration
* Update copy and links
* Switch to using Guid in the method
* Remove unneeded css styles
* Add sql files to Sql.sqlproj
* Removed old comments
* Made name more verbose
* Fix SQL error
* Move unit tests to service
* Fix sp
* Revert "Move unit tests to service"
This reverts commit 1185bf3ec8ca36ccd75717ed2463adf8885159a6.
* Do repository validation in service layer
* Fix tests
* Fix merge conflicts and remove TODO
* Remove unneeded models
* Fix spacing and formatting
* Switch Org -> Organization
* Remove single use variables
* Switch method name
* Fix Controller
* Switch to obfuscating email
* Fix unit tests
Co-authored-by: Justin Baur <admin@justinbaur.com>
2021-11-19 16:25:06 -06:00
|
|
|
|
{
|
|
|
|
|
|
return StaticStore.GetPlan(organization.PlanType).Product == ProductType.Enterprise
|
2021-12-07 10:52:36 -06:00
|
|
|
|
&& !_globalSettings.SelfHosted;
|
2017-03-23 00:17:34 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2020-02-19 14:56:16 -05:00
|
|
|
|
public async Task<OrganizationUser> AcceptUserAsync(Guid organizationUserId, User user, string token,
|
|
|
|
|
|
IUserService userService)
|
2017-03-04 21:28:41 -05:00
|
|
|
|
{
|
|
|
|
|
|
var orgUser = await _organizationUserRepository.GetByIdAsync(organizationUserId);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (orgUser == null)
|
2017-03-04 21:28:41 -05:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("User invalid.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-10-13 15:00:33 -05:00
|
|
|
|
if (!CoreHelpers.UserInviteTokenIsValid(_dataProtector, token, user.Email, orgUser.Id, _globalSettings))
|
2017-03-23 00:17:34 -04:00
|
|
|
|
{
|
2020-10-13 15:00:33 -05:00
|
|
|
|
throw new BadRequestException("Invalid token.");
|
2017-03-23 00:17:34 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2020-10-13 15:00:33 -05:00
|
|
|
|
var existingOrgUserCount = await _organizationUserRepository.GetCountByOrganizationAsync(
|
|
|
|
|
|
orgUser.OrganizationId, user.Email, true);
|
|
|
|
|
|
if (existingOrgUserCount > 0)
|
|
|
|
|
|
{
|
2021-02-17 10:28:49 +11:00
|
|
|
|
if (orgUser.Status == OrganizationUserStatusType.Accepted)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Invitation already accepted. You will receive an email when your organization membership is confirmed.");
|
|
|
|
|
|
}
|
2020-10-13 15:00:33 -05:00
|
|
|
|
throw new BadRequestException("You are already part of this organization.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-02-17 10:28:49 +11:00
|
|
|
|
if (string.IsNullOrWhiteSpace(orgUser.Email) ||
|
|
|
|
|
|
!orgUser.Email.Equals(user.Email, StringComparison.InvariantCultureIgnoreCase))
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("User email does not match invite.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-10-13 15:00:33 -05:00
|
|
|
|
return await AcceptUserAsync(orgUser, user, userService);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public async Task<OrganizationUser> AcceptUserAsync(string orgIdentifier, User user, IUserService userService)
|
|
|
|
|
|
{
|
|
|
|
|
|
var org = await _organizationRepository.GetByIdentifierAsync(orgIdentifier);
|
|
|
|
|
|
if (org == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Organization invalid.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var usersOrgs = await _organizationUserRepository.GetManyByUserAsync(user.Id);
|
|
|
|
|
|
var orgUser = usersOrgs.FirstOrDefault(u => u.OrganizationId == org.Id);
|
|
|
|
|
|
if (orgUser == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("User not found within organization.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return await AcceptUserAsync(orgUser, user, userService);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-05-17 09:43:02 -05:00
|
|
|
|
private async Task<OrganizationUser> AcceptUserAsync(OrganizationUser orgUser, User user,
|
2020-10-13 15:00:33 -05:00
|
|
|
|
IUserService userService)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (orgUser.Status != OrganizationUserStatusType.Invited)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Already accepted.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (orgUser.Type == OrganizationUserType.Owner || orgUser.Type == OrganizationUserType.Admin)
|
2017-04-07 14:03:36 -04:00
|
|
|
|
{
|
2017-12-19 16:02:39 -05:00
|
|
|
|
var org = await GetOrgById(orgUser.OrganizationId);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (org.PlanType == PlanType.Free)
|
2017-09-08 17:14:15 -04:00
|
|
|
|
{
|
2019-05-14 11:16:30 -04:00
|
|
|
|
var adminCount = await _organizationUserRepository.GetCountByFreeOrganizationAdminUserAsync(
|
|
|
|
|
|
user.Id);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (adminCount > 0)
|
2017-09-08 17:14:15 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("You can only be an admin of one free organization.");
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2017-04-07 14:03:36 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-09-28 06:54:28 +10:00
|
|
|
|
// Enforce Single Organization Policy of organization user is trying to join
|
2021-03-03 08:15:42 +10:00
|
|
|
|
var allOrgUsers = await _organizationUserRepository.GetManyByUserAsync(user.Id);
|
2021-09-28 06:54:28 +10:00
|
|
|
|
var hasOtherOrgs = allOrgUsers.Any(ou => ou.OrganizationId != orgUser.OrganizationId);
|
|
|
|
|
|
var invitedSingleOrgPolicies = await _policyRepository.GetManyByTypeApplicableToUserIdAsync(user.Id,
|
|
|
|
|
|
PolicyType.SingleOrg, OrganizationUserStatusType.Invited);
|
2021-03-03 08:15:42 +10:00
|
|
|
|
|
2021-09-28 06:54:28 +10:00
|
|
|
|
if (hasOtherOrgs && invitedSingleOrgPolicies.Any(p => p.OrganizationId == orgUser.OrganizationId))
|
2020-02-19 14:56:16 -05:00
|
|
|
|
{
|
2021-03-03 08:15:42 +10:00
|
|
|
|
throw new BadRequestException("You may not join this organization until you leave or remove " +
|
|
|
|
|
|
"all other organizations.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Enforce Single Organization Policy of other organizations user is a member of
|
2021-09-28 06:54:28 +10:00
|
|
|
|
var singleOrgPolicyCount = await _policyRepository.GetCountByTypeApplicableToUserIdAsync(user.Id,
|
|
|
|
|
|
PolicyType.SingleOrg);
|
|
|
|
|
|
if (singleOrgPolicyCount > 0)
|
2021-03-03 08:15:42 +10:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("You cannot join this organization because you are a member of " +
|
2021-09-28 06:54:28 +10:00
|
|
|
|
"another organization which forbids it");
|
2021-03-03 08:15:42 +10:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-09-28 06:54:28 +10:00
|
|
|
|
// Enforce Two Factor Authentication Policy of organization user is trying to join
|
|
|
|
|
|
if (!await userService.TwoFactorIsEnabledAsync(user))
|
2021-03-03 08:15:42 +10:00
|
|
|
|
{
|
2021-09-28 06:54:28 +10:00
|
|
|
|
var invitedTwoFactorPolicies = await _policyRepository.GetManyByTypeApplicableToUserIdAsync(user.Id,
|
|
|
|
|
|
PolicyType.TwoFactorAuthentication, OrganizationUserStatusType.Invited);
|
|
|
|
|
|
if (invitedTwoFactorPolicies.Any(p => p.OrganizationId == orgUser.OrganizationId))
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("You cannot join this organization until you enable " +
|
|
|
|
|
|
"two-step login on your user account.");
|
|
|
|
|
|
}
|
2020-02-19 14:56:16 -05:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-04-12 11:00:40 -04:00
|
|
|
|
orgUser.Status = OrganizationUserStatusType.Accepted;
|
2017-03-23 16:56:25 -04:00
|
|
|
|
orgUser.UserId = user.Id;
|
2017-03-04 21:28:41 -05:00
|
|
|
|
orgUser.Email = null;
|
2020-10-13 15:00:33 -05:00
|
|
|
|
|
2017-03-04 21:28:41 -05:00
|
|
|
|
await _organizationUserRepository.ReplaceAsync(orgUser);
|
|
|
|
|
|
|
2022-04-20 21:05:21 +02:00
|
|
|
|
var admins = await _organizationUserRepository.GetManyByMinimumRoleAsync(orgUser.OrganizationId, OrganizationUserType.Admin);
|
|
|
|
|
|
var adminEmails = admins.Select(a => a.Email).Distinct().ToList();
|
|
|
|
|
|
|
|
|
|
|
|
if (adminEmails.Count > 0)
|
|
|
|
|
|
{
|
|
|
|
|
|
var organization = await _organizationRepository.GetByIdAsync(orgUser.OrganizationId);
|
|
|
|
|
|
await _mailService.SendOrganizationAcceptedEmailAsync(organization, user.Email, adminEmails);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-03-04 21:28:41 -05:00
|
|
|
|
return orgUser;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-03-23 00:17:34 -04:00
|
|
|
|
public async Task<OrganizationUser> ConfirmUserAsync(Guid organizationId, Guid organizationUserId, string key,
|
2020-03-09 15:13:40 -04:00
|
|
|
|
Guid confirmingUserId, IUserService userService)
|
2017-03-04 21:28:41 -05:00
|
|
|
|
{
|
2021-09-23 06:36:08 -04:00
|
|
|
|
var result = await ConfirmUsersAsync(organizationId, new Dictionary<Guid, string>() { { organizationUserId, key } },
|
2021-05-25 19:23:47 +02:00
|
|
|
|
confirmingUserId, userService);
|
|
|
|
|
|
|
|
|
|
|
|
if (!result.Any())
|
2017-03-04 21:28:41 -05:00
|
|
|
|
{
|
2017-03-23 00:17:34 -04:00
|
|
|
|
throw new BadRequestException("User not valid.");
|
2017-03-04 21:28:41 -05:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-05-25 19:23:47 +02:00
|
|
|
|
var (orgUser, error) = result[0];
|
|
|
|
|
|
if (error != "")
|
2017-09-08 17:14:15 -04:00
|
|
|
|
{
|
2021-05-25 19:23:47 +02:00
|
|
|
|
throw new BadRequestException(error);
|
|
|
|
|
|
}
|
|
|
|
|
|
return orgUser;
|
|
|
|
|
|
}
|
2021-09-23 06:36:08 -04:00
|
|
|
|
|
2021-05-25 19:23:47 +02:00
|
|
|
|
public async Task<List<Tuple<OrganizationUser, string>>> ConfirmUsersAsync(Guid organizationId, Dictionary<Guid, string> keys,
|
|
|
|
|
|
Guid confirmingUserId, IUserService userService)
|
|
|
|
|
|
{
|
|
|
|
|
|
var organizationUsers = await _organizationUserRepository.GetManyAsync(keys.Keys);
|
|
|
|
|
|
var validOrganizationUsers = organizationUsers
|
|
|
|
|
|
.Where(u => u.Status == OrganizationUserStatusType.Accepted && u.OrganizationId == organizationId && u.UserId != null)
|
|
|
|
|
|
.ToList();
|
|
|
|
|
|
|
|
|
|
|
|
if (!validOrganizationUsers.Any())
|
|
|
|
|
|
{
|
|
|
|
|
|
return new List<Tuple<OrganizationUser, string>>();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var validOrganizationUserIds = validOrganizationUsers.Select(u => u.UserId.Value).ToList();
|
2021-09-23 06:36:08 -04:00
|
|
|
|
|
2021-05-25 19:23:47 +02:00
|
|
|
|
var organization = await GetOrgById(organizationId);
|
|
|
|
|
|
var policies = await _policyRepository.GetManyByOrganizationIdAsync(organizationId);
|
|
|
|
|
|
var usersOrgs = await _organizationUserRepository.GetManyByManyUsersAsync(validOrganizationUserIds);
|
|
|
|
|
|
var users = await _userRepository.GetManyAsync(validOrganizationUserIds);
|
|
|
|
|
|
|
|
|
|
|
|
var keyedFilteredUsers = validOrganizationUsers.ToDictionary(u => u.UserId.Value, u => u);
|
|
|
|
|
|
var keyedOrganizationUsers = usersOrgs.GroupBy(u => u.UserId.Value)
|
|
|
|
|
|
.ToDictionary(u => u.Key, u => u.ToList());
|
|
|
|
|
|
|
|
|
|
|
|
var succeededUsers = new List<OrganizationUser>();
|
|
|
|
|
|
var result = new List<Tuple<OrganizationUser, string>>();
|
|
|
|
|
|
|
|
|
|
|
|
foreach (var user in users)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (!keyedFilteredUsers.ContainsKey(user.Id))
|
2017-09-08 17:14:15 -04:00
|
|
|
|
{
|
2021-05-25 19:23:47 +02:00
|
|
|
|
continue;
|
|
|
|
|
|
}
|
|
|
|
|
|
var orgUser = keyedFilteredUsers[user.Id];
|
|
|
|
|
|
var orgUsers = keyedOrganizationUsers.GetValueOrDefault(user.Id, new List<OrganizationUser>());
|
|
|
|
|
|
try
|
|
|
|
|
|
{
|
2021-08-10 12:16:10 -04:00
|
|
|
|
if (organization.PlanType == PlanType.Free && (orgUser.Type == OrganizationUserType.Admin
|
|
|
|
|
|
|| orgUser.Type == OrganizationUserType.Owner))
|
2021-05-25 19:23:47 +02:00
|
|
|
|
{
|
|
|
|
|
|
// Since free organizations only supports a few users there is not much point in avoiding N+1 queries for this.
|
|
|
|
|
|
var adminCount = await _organizationUserRepository.GetCountByFreeOrganizationAdminUserAsync(user.Id);
|
|
|
|
|
|
if (adminCount > 0)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("User can only be an admin of one free organization.");
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
await CheckPolicies(policies, organizationId, user, orgUsers, userService);
|
|
|
|
|
|
orgUser.Status = OrganizationUserStatusType.Confirmed;
|
|
|
|
|
|
orgUser.Key = keys[orgUser.Id];
|
|
|
|
|
|
orgUser.Email = null;
|
2021-09-23 06:36:08 -04:00
|
|
|
|
|
2021-05-25 19:23:47 +02:00
|
|
|
|
await _eventService.LogOrganizationUserEventAsync(orgUser, EventType.OrganizationUser_Confirmed);
|
|
|
|
|
|
await _mailService.SendOrganizationConfirmedEmailAsync(organization.Name, user.Email);
|
|
|
|
|
|
await DeleteAndPushUserRegistrationAsync(organizationId, user.Id);
|
|
|
|
|
|
succeededUsers.Add(orgUser);
|
|
|
|
|
|
result.Add(Tuple.Create(orgUser, ""));
|
|
|
|
|
|
}
|
|
|
|
|
|
catch (BadRequestException e)
|
|
|
|
|
|
{
|
|
|
|
|
|
result.Add(Tuple.Create(orgUser, e.Message));
|
2017-09-08 17:14:15 -04:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-05-25 19:23:47 +02:00
|
|
|
|
await _organizationUserRepository.ReplaceManyAsync(succeededUsers);
|
|
|
|
|
|
|
|
|
|
|
|
return result;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-10-25 10:19:37 -05:00
|
|
|
|
internal (bool canScale, string failureReason) CanScale(Organization organization,
|
|
|
|
|
|
int seatsToAdd)
|
2021-09-23 06:36:08 -04:00
|
|
|
|
{
|
|
|
|
|
|
var failureReason = "";
|
|
|
|
|
|
if (_globalSettings.SelfHosted)
|
|
|
|
|
|
{
|
|
|
|
|
|
failureReason = "Cannot autoscale on self-hosted instance.";
|
|
|
|
|
|
return (false, failureReason);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (seatsToAdd < 1)
|
|
|
|
|
|
{
|
|
|
|
|
|
return (true, failureReason);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (organization.Seats.HasValue &&
|
|
|
|
|
|
organization.MaxAutoscaleSeats.HasValue &&
|
|
|
|
|
|
organization.MaxAutoscaleSeats.Value < organization.Seats.Value + seatsToAdd)
|
|
|
|
|
|
{
|
|
|
|
|
|
return (false, $"Cannot invite new users. Seat limit has been reached.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return (true, failureReason);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-10-25 10:19:37 -05:00
|
|
|
|
public async Task AutoAddSeatsAsync(Organization organization, int seatsToAdd, DateTime? prorationDate = null)
|
2021-09-23 06:36:08 -04:00
|
|
|
|
{
|
|
|
|
|
|
if (seatsToAdd < 1 || !organization.Seats.HasValue)
|
|
|
|
|
|
{
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-10-25 10:19:37 -05:00
|
|
|
|
var (canScale, failureMessage) = CanScale(organization, seatsToAdd);
|
2021-09-23 06:36:08 -04:00
|
|
|
|
if (!canScale)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException(failureMessage);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var ownerEmails = (await _organizationUserRepository.GetManyByMinimumRoleAsync(organization.Id,
|
|
|
|
|
|
OrganizationUserType.Owner)).Select(u => u.Email).Distinct();
|
2021-10-07 08:05:02 -05:00
|
|
|
|
var initialSeatCount = organization.Seats.Value;
|
2021-09-23 06:36:08 -04:00
|
|
|
|
|
|
|
|
|
|
await AdjustSeatsAsync(organization, seatsToAdd, prorationDate, ownerEmails);
|
|
|
|
|
|
|
|
|
|
|
|
if (!organization.OwnersNotifiedOfAutoscaling.HasValue)
|
|
|
|
|
|
{
|
2021-10-07 08:05:02 -05:00
|
|
|
|
await _mailService.SendOrganizationAutoscaledEmailAsync(organization, initialSeatCount,
|
2021-09-23 06:36:08 -04:00
|
|
|
|
ownerEmails);
|
|
|
|
|
|
organization.OwnersNotifiedOfAutoscaling = DateTime.UtcNow;
|
|
|
|
|
|
await _organizationRepository.UpsertAsync(organization);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-05-25 19:23:47 +02:00
|
|
|
|
private async Task CheckPolicies(ICollection<Policy> policies, Guid organizationId, User user,
|
|
|
|
|
|
ICollection<OrganizationUser> userOrgs, IUserService userService)
|
|
|
|
|
|
{
|
2020-03-09 15:13:40 -04:00
|
|
|
|
var usingTwoFactorPolicy = policies.Any(p => p.Type == PolicyType.TwoFactorAuthentication && p.Enabled);
|
2021-05-25 19:23:47 +02:00
|
|
|
|
if (usingTwoFactorPolicy && !await userService.TwoFactorIsEnabledAsync(user))
|
2020-03-09 15:13:40 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("User does not have two-step login enabled.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-10-27 10:28:41 -04:00
|
|
|
|
var usingSingleOrgPolicy = policies.Any(p => p.Type == PolicyType.SingleOrg && p.Enabled);
|
|
|
|
|
|
if (usingSingleOrgPolicy)
|
2020-10-20 02:48:10 -04:00
|
|
|
|
{
|
|
|
|
|
|
if (userOrgs.Any(ou => ou.OrganizationId != organizationId && ou.Status != OrganizationUserStatusType.Invited))
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("User is a member of another organization.");
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2017-03-04 21:28:41 -05:00
|
|
|
|
}
|
2017-03-09 23:58:43 -05:00
|
|
|
|
|
2019-03-05 23:24:14 -05:00
|
|
|
|
public async Task SaveUserAsync(OrganizationUser user, Guid? savingUserId,
|
|
|
|
|
|
IEnumerable<SelectionReadOnly> collections)
|
2017-03-09 23:58:43 -05:00
|
|
|
|
{
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (user.Id.Equals(default(Guid)))
|
2017-03-09 23:58:43 -05:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Invite the user first.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-01-12 11:02:39 -05:00
|
|
|
|
var originalUser = await _organizationUserRepository.GetByIdAsync(user.Id);
|
2021-05-17 09:43:02 -05:00
|
|
|
|
if (user.Equals(originalUser))
|
|
|
|
|
|
{
|
2021-01-12 11:02:39 -05:00
|
|
|
|
throw new BadRequestException("Please make changes before saving.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (savingUserId.HasValue)
|
2017-09-27 22:37:13 -04:00
|
|
|
|
{
|
2021-07-08 17:05:32 +02:00
|
|
|
|
await ValidateOrganizationUserUpdatePermissions(user.OrganizationId, user.Type, originalUser.Type);
|
2017-09-27 22:37:13 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (user.Type != OrganizationUserType.Owner &&
|
2021-09-23 06:36:08 -04:00
|
|
|
|
!await HasConfirmedOwnersExceptAsync(user.OrganizationId, new[] { user.Id }))
|
2017-03-29 21:26:19 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Organization must have at least one confirmed owner.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (user.AccessAll)
|
2017-04-20 23:50:12 -04:00
|
|
|
|
{
|
2017-04-27 09:19:30 -04:00
|
|
|
|
// We don't need any collections if we're flagged to have all access.
|
2017-05-11 14:52:35 -04:00
|
|
|
|
collections = new List<SelectionReadOnly>();
|
2017-04-20 23:50:12 -04:00
|
|
|
|
}
|
2017-05-11 14:52:35 -04:00
|
|
|
|
await _organizationUserRepository.ReplaceAsync(user, collections);
|
2017-12-01 16:00:30 -05:00
|
|
|
|
await _eventService.LogOrganizationUserEventAsync(user, EventType.OrganizationUser_Updated);
|
2017-03-11 22:42:27 -05:00
|
|
|
|
}
|
2017-03-09 23:58:43 -05:00
|
|
|
|
|
2017-12-12 13:21:15 -05:00
|
|
|
|
public async Task DeleteUserAsync(Guid organizationId, Guid organizationUserId, Guid? deletingUserId)
|
2017-03-23 00:17:34 -04:00
|
|
|
|
{
|
|
|
|
|
|
var orgUser = await _organizationUserRepository.GetByIdAsync(organizationUserId);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (orgUser == null || orgUser.OrganizationId != organizationId)
|
2017-03-23 00:17:34 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("User not valid.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (deletingUserId.HasValue && orgUser.UserId == deletingUserId.Value)
|
2017-04-18 15:27:54 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("You cannot remove yourself.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-05-17 10:10:44 +02:00
|
|
|
|
if (orgUser.Type == OrganizationUserType.Owner && deletingUserId.HasValue &&
|
2021-07-08 17:05:32 +02:00
|
|
|
|
!await _currentContext.OrganizationOwner(organizationId))
|
2017-09-27 22:37:13 -04:00
|
|
|
|
{
|
2021-05-17 10:10:44 +02:00
|
|
|
|
throw new BadRequestException("Only owners can delete other owners.");
|
2017-09-27 22:37:13 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-09-23 06:36:08 -04:00
|
|
|
|
if (!await HasConfirmedOwnersExceptAsync(organizationId, new[] { organizationUserId }))
|
2017-03-29 21:26:19 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Organization must have at least one confirmed owner.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-04-12 10:07:27 -04:00
|
|
|
|
await _organizationUserRepository.DeleteAsync(orgUser);
|
2017-12-01 16:00:30 -05:00
|
|
|
|
await _eventService.LogOrganizationUserEventAsync(orgUser, EventType.OrganizationUser_Removed);
|
2017-05-26 22:52:50 -04:00
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (orgUser.UserId.HasValue)
|
2017-07-10 16:38:18 -04:00
|
|
|
|
{
|
2021-05-17 10:10:44 +02:00
|
|
|
|
await DeleteAndPushUserRegistrationAsync(organizationId, orgUser.UserId.Value);
|
2017-07-10 16:38:18 -04:00
|
|
|
|
}
|
2017-04-12 10:07:27 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public async Task DeleteUserAsync(Guid organizationId, Guid userId)
|
|
|
|
|
|
{
|
|
|
|
|
|
var orgUser = await _organizationUserRepository.GetByOrganizationAsync(organizationId, userId);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (orgUser == null)
|
2017-04-12 10:07:27 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-09-23 06:36:08 -04:00
|
|
|
|
if (!await HasConfirmedOwnersExceptAsync(organizationId, new[] { orgUser.Id }))
|
2017-04-12 10:07:27 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Organization must have at least one confirmed owner.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-03-23 00:17:34 -04:00
|
|
|
|
await _organizationUserRepository.DeleteAsync(orgUser);
|
2017-12-01 16:00:30 -05:00
|
|
|
|
await _eventService.LogOrganizationUserEventAsync(orgUser, EventType.OrganizationUser_Removed);
|
2017-05-26 22:52:50 -04:00
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (orgUser.UserId.HasValue)
|
2017-07-10 16:38:18 -04:00
|
|
|
|
{
|
2021-05-17 10:10:44 +02:00
|
|
|
|
await DeleteAndPushUserRegistrationAsync(organizationId, orgUser.UserId.Value);
|
2017-07-10 16:38:18 -04:00
|
|
|
|
}
|
2017-03-23 00:17:34 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-05-25 19:23:47 +02:00
|
|
|
|
public async Task<List<Tuple<OrganizationUser, string>>> DeleteUsersAsync(Guid organizationId,
|
|
|
|
|
|
IEnumerable<Guid> organizationUsersId,
|
2021-05-17 10:10:44 +02:00
|
|
|
|
Guid? deletingUserId)
|
|
|
|
|
|
{
|
|
|
|
|
|
var orgUsers = await _organizationUserRepository.GetManyAsync(organizationUsersId);
|
|
|
|
|
|
var filteredUsers = orgUsers.Where(u => u.OrganizationId == organizationId)
|
|
|
|
|
|
.ToList();
|
|
|
|
|
|
|
|
|
|
|
|
if (!filteredUsers.Any())
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Users invalid.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-05-25 19:23:47 +02:00
|
|
|
|
if (!await HasConfirmedOwnersExceptAsync(organizationId, organizationUsersId))
|
2021-05-17 10:10:44 +02:00
|
|
|
|
{
|
2021-05-25 19:23:47 +02:00
|
|
|
|
throw new BadRequestException("Organization must have at least one confirmed owner.");
|
2021-05-17 10:10:44 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-05-25 19:23:47 +02:00
|
|
|
|
var deletingUserIsOwner = false;
|
|
|
|
|
|
if (deletingUserId.HasValue)
|
2021-05-17 10:10:44 +02:00
|
|
|
|
{
|
2021-07-08 17:05:32 +02:00
|
|
|
|
deletingUserIsOwner = await _currentContext.OrganizationOwner(organizationId);
|
2021-05-17 10:10:44 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-05-25 19:23:47 +02:00
|
|
|
|
var result = new List<Tuple<OrganizationUser, string>>();
|
|
|
|
|
|
var deletedUserIds = new List<Guid>();
|
2021-05-17 10:10:44 +02:00
|
|
|
|
foreach (var orgUser in filteredUsers)
|
|
|
|
|
|
{
|
2021-05-25 19:23:47 +02:00
|
|
|
|
try
|
|
|
|
|
|
{
|
|
|
|
|
|
if (deletingUserId.HasValue && orgUser.UserId == deletingUserId)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("You cannot remove yourself.");
|
|
|
|
|
|
}
|
2021-05-17 10:10:44 +02:00
|
|
|
|
|
2021-05-25 19:23:47 +02:00
|
|
|
|
if (orgUser.Type == OrganizationUserType.Owner && deletingUserId.HasValue && !deletingUserIsOwner)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Only owners can delete other owners.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
await _eventService.LogOrganizationUserEventAsync(orgUser, EventType.OrganizationUser_Removed);
|
|
|
|
|
|
|
|
|
|
|
|
if (orgUser.UserId.HasValue)
|
|
|
|
|
|
{
|
|
|
|
|
|
await DeleteAndPushUserRegistrationAsync(organizationId, orgUser.UserId.Value);
|
|
|
|
|
|
}
|
|
|
|
|
|
result.Add(Tuple.Create(orgUser, ""));
|
|
|
|
|
|
deletedUserIds.Add(orgUser.Id);
|
|
|
|
|
|
}
|
|
|
|
|
|
catch (BadRequestException e)
|
2021-05-17 10:10:44 +02:00
|
|
|
|
{
|
2021-05-25 19:23:47 +02:00
|
|
|
|
result.Add(Tuple.Create(orgUser, e.Message));
|
2021-05-17 10:10:44 +02:00
|
|
|
|
}
|
2021-05-25 19:23:47 +02:00
|
|
|
|
|
|
|
|
|
|
await _organizationUserRepository.DeleteManyAsync(deletedUserIds);
|
2021-05-17 10:10:44 +02:00
|
|
|
|
}
|
2021-05-25 19:23:47 +02:00
|
|
|
|
|
|
|
|
|
|
return result;
|
2021-05-17 10:10:44 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-08-05 08:50:41 -04:00
|
|
|
|
public async Task<bool> HasConfirmedOwnersExceptAsync(Guid organizationId, IEnumerable<Guid> organizationUsersId, bool includeProvider = true)
|
2021-05-17 10:10:44 +02:00
|
|
|
|
{
|
|
|
|
|
|
var confirmedOwners = await GetConfirmedOwnersAsync(organizationId);
|
|
|
|
|
|
var confirmedOwnersIds = confirmedOwners.Select(u => u.Id);
|
2021-08-05 08:50:41 -04:00
|
|
|
|
bool hasOtherOwner = confirmedOwnersIds.Except(organizationUsersId).Any();
|
|
|
|
|
|
if (!hasOtherOwner && includeProvider)
|
|
|
|
|
|
{
|
|
|
|
|
|
return (await _currentContext.ProviderIdForOrg(organizationId)).HasValue;
|
|
|
|
|
|
}
|
|
|
|
|
|
return hasOtherOwner;
|
2021-05-17 10:10:44 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-01-12 11:02:39 -05:00
|
|
|
|
public async Task UpdateUserGroupsAsync(OrganizationUser organizationUser, IEnumerable<Guid> groupIds, Guid? loggedInUserId)
|
2017-12-01 16:00:30 -05:00
|
|
|
|
{
|
2021-01-12 11:02:39 -05:00
|
|
|
|
if (loggedInUserId.HasValue)
|
|
|
|
|
|
{
|
2021-07-08 17:05:32 +02:00
|
|
|
|
await ValidateOrganizationUserUpdatePermissions(organizationUser.OrganizationId, organizationUser.Type, null);
|
2021-01-12 11:02:39 -05:00
|
|
|
|
}
|
2017-12-01 16:00:30 -05:00
|
|
|
|
await _organizationUserRepository.UpdateGroupsAsync(organizationUser.Id, groupIds);
|
2019-05-14 11:16:30 -04:00
|
|
|
|
await _eventService.LogOrganizationUserEventAsync(organizationUser,
|
|
|
|
|
|
EventType.OrganizationUser_UpdatedGroups);
|
2017-12-01 16:00:30 -05:00
|
|
|
|
}
|
2021-05-17 09:43:02 -05:00
|
|
|
|
|
2021-03-30 09:48:52 -05:00
|
|
|
|
public async Task UpdateUserResetPasswordEnrollmentAsync(Guid organizationId, Guid organizationUserId, string resetPasswordKey, Guid? callingUserId)
|
|
|
|
|
|
{
|
2021-05-19 09:40:32 -05:00
|
|
|
|
// Org User must be the same as the calling user and the organization ID associated with the user must match passed org ID
|
2021-03-30 09:48:52 -05:00
|
|
|
|
var orgUser = await _organizationUserRepository.GetByOrganizationAsync(organizationId, organizationUserId);
|
2021-09-23 06:36:08 -04:00
|
|
|
|
if (!callingUserId.HasValue || orgUser == null || orgUser.UserId != callingUserId.Value ||
|
2021-03-30 09:48:52 -05:00
|
|
|
|
orgUser.OrganizationId != organizationId)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("User not valid.");
|
|
|
|
|
|
}
|
2021-09-23 06:36:08 -04:00
|
|
|
|
|
2021-05-19 09:40:32 -05:00
|
|
|
|
// Make sure the organization has the ability to use password reset
|
|
|
|
|
|
var org = await _organizationRepository.GetByIdAsync(organizationId);
|
|
|
|
|
|
if (org == null || !org.UseResetPassword)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Organization does not allow password reset enrollment.");
|
|
|
|
|
|
}
|
2021-03-30 09:48:52 -05:00
|
|
|
|
|
2021-05-19 09:40:32 -05:00
|
|
|
|
// Make sure the organization has the policy enabled
|
|
|
|
|
|
var resetPasswordPolicy =
|
|
|
|
|
|
await _policyRepository.GetByOrganizationIdTypeAsync(organizationId, PolicyType.ResetPassword);
|
|
|
|
|
|
if (resetPasswordPolicy == null || !resetPasswordPolicy.Enabled)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Organization does not have the password reset policy enabled.");
|
|
|
|
|
|
}
|
2021-09-23 06:36:08 -04:00
|
|
|
|
|
2021-07-08 10:48:43 -05:00
|
|
|
|
// Block the user from withdrawal if auto enrollment is enabled
|
|
|
|
|
|
if (resetPasswordKey == null && resetPasswordPolicy.Data != null)
|
|
|
|
|
|
{
|
2022-03-07 16:53:30 -05:00
|
|
|
|
var data = JsonSerializer.Deserialize<ResetPasswordDataModel>(resetPasswordPolicy.Data, JsonHelpers.IgnoreCase);
|
2021-07-08 10:48:43 -05:00
|
|
|
|
|
|
|
|
|
|
if (data?.AutoEnrollEnabled ?? false)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Due to an Enterprise Policy, you are not allowed to withdraw from Password Reset.");
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2021-09-23 06:36:08 -04:00
|
|
|
|
|
2021-03-30 09:48:52 -05:00
|
|
|
|
orgUser.ResetPasswordKey = resetPasswordKey;
|
|
|
|
|
|
await _organizationUserRepository.ReplaceAsync(orgUser);
|
2021-05-17 09:43:02 -05:00
|
|
|
|
await _eventService.LogOrganizationUserEventAsync(orgUser, resetPasswordKey != null ?
|
2021-03-30 09:48:52 -05:00
|
|
|
|
EventType.OrganizationUser_ResetPassword_Enroll : EventType.OrganizationUser_ResetPassword_Withdraw);
|
|
|
|
|
|
}
|
2017-12-01 16:00:30 -05:00
|
|
|
|
|
2017-08-15 16:11:08 -04:00
|
|
|
|
public async Task<OrganizationLicense> GenerateLicenseAsync(Guid organizationId, Guid installationId)
|
|
|
|
|
|
{
|
2017-12-19 16:02:39 -05:00
|
|
|
|
var organization = await GetOrgById(organizationId);
|
2017-08-30 11:23:55 -04:00
|
|
|
|
return await GenerateLicenseAsync(organization, installationId);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-08-18 17:00:21 -04:00
|
|
|
|
public async Task<OrganizationLicense> GenerateLicenseAsync(Organization organization, Guid installationId,
|
|
|
|
|
|
int? version = null)
|
2017-08-30 11:23:55 -04:00
|
|
|
|
{
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (organization == null)
|
2017-08-15 16:11:08 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var installation = await _installationRepository.GetByIdAsync(installationId);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (installation == null || !installation.Enabled)
|
2017-08-15 16:11:08 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Invalid installation id");
|
|
|
|
|
|
}
|
2019-02-19 17:13:21 -05:00
|
|
|
|
|
2019-02-18 15:40:47 -05:00
|
|
|
|
var subInfo = await _paymentService.GetSubscriptionAsync(organization);
|
2020-08-20 10:12:27 -04:00
|
|
|
|
return new OrganizationLicense(organization, subInfo, installationId, _licensingService, version);
|
2017-08-15 16:11:08 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-01-30 17:56:37 -05:00
|
|
|
|
public async Task<OrganizationUser> InviteUserAsync(Guid organizationId, Guid? invitingUserId, string email,
|
|
|
|
|
|
OrganizationUserType type, bool accessAll, string externalId, IEnumerable<SelectionReadOnly> collections)
|
|
|
|
|
|
{
|
|
|
|
|
|
var invite = new OrganizationUserInvite()
|
|
|
|
|
|
{
|
|
|
|
|
|
Emails = new List<string> { email },
|
|
|
|
|
|
Type = type,
|
|
|
|
|
|
AccessAll = accessAll,
|
|
|
|
|
|
Collections = collections,
|
|
|
|
|
|
};
|
2021-09-23 06:36:08 -04:00
|
|
|
|
var results = await InviteUsersAsync(organizationId, invitingUserId,
|
|
|
|
|
|
new (OrganizationUserInvite, string)[] { (invite, externalId) });
|
2021-01-30 17:56:37 -05:00
|
|
|
|
var result = results.FirstOrDefault();
|
|
|
|
|
|
if (result == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("This user has already been invited.");
|
|
|
|
|
|
}
|
|
|
|
|
|
return result;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-05-15 14:41:20 -04:00
|
|
|
|
public async Task ImportAsync(Guid organizationId,
|
2020-04-23 11:29:19 -04:00
|
|
|
|
Guid? importingUserId,
|
2017-05-16 00:11:21 -04:00
|
|
|
|
IEnumerable<ImportedGroup> groups,
|
|
|
|
|
|
IEnumerable<ImportedOrganizationUser> newUsers,
|
2019-05-06 21:31:20 -04:00
|
|
|
|
IEnumerable<string> removeUserExternalIds,
|
|
|
|
|
|
bool overwriteExisting)
|
2017-05-13 12:00:40 -04:00
|
|
|
|
{
|
2017-12-19 16:02:39 -05:00
|
|
|
|
var organization = await GetOrgById(organizationId);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (organization == null)
|
2017-05-13 12:00:40 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (!organization.UseDirectory)
|
2017-05-13 12:00:40 -04:00
|
|
|
|
{
|
2017-05-20 15:31:16 -04:00
|
|
|
|
throw new BadRequestException("Organization cannot use directory syncing.");
|
2017-05-13 12:00:40 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-05-20 15:31:16 -04:00
|
|
|
|
var newUsersSet = new HashSet<string>(newUsers?.Select(u => u.ExternalId) ?? new List<string>());
|
2017-05-18 10:41:47 -04:00
|
|
|
|
var existingUsers = await _organizationUserRepository.GetManyDetailsByOrganizationAsync(organizationId);
|
|
|
|
|
|
var existingExternalUsers = existingUsers.Where(u => !string.IsNullOrWhiteSpace(u.ExternalId)).ToList();
|
|
|
|
|
|
var existingExternalUsersIdDict = existingExternalUsers.ToDictionary(u => u.ExternalId, u => u.Id);
|
2017-05-13 12:00:40 -04:00
|
|
|
|
|
2017-05-15 14:41:20 -04:00
|
|
|
|
// Users
|
2017-11-13 12:09:39 -05:00
|
|
|
|
|
2017-05-15 14:41:20 -04:00
|
|
|
|
// Remove Users
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (removeUserExternalIds?.Any() ?? false)
|
2017-05-13 12:00:40 -04:00
|
|
|
|
{
|
2017-05-16 00:11:21 -04:00
|
|
|
|
var removeUsersSet = new HashSet<string>(removeUserExternalIds);
|
2017-05-18 10:41:47 -04:00
|
|
|
|
var existingUsersDict = existingExternalUsers.ToDictionary(u => u.ExternalId);
|
2017-05-13 14:14:20 -04:00
|
|
|
|
|
2021-05-17 09:43:02 -05:00
|
|
|
|
await _organizationUserRepository.DeleteManyAsync(removeUsersSet
|
2017-05-15 14:41:20 -04:00
|
|
|
|
.Except(newUsersSet)
|
2021-05-17 09:43:02 -05:00
|
|
|
|
.Where(u => existingUsersDict.ContainsKey(u) && existingUsersDict[u].Type != OrganizationUserType.Owner)
|
|
|
|
|
|
.Select(u => existingUsersDict[u].Id));
|
2017-05-13 12:00:40 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (overwriteExisting)
|
2019-05-06 21:31:20 -04:00
|
|
|
|
{
|
|
|
|
|
|
// Remove existing external users that are not in new user set
|
2021-05-17 09:43:02 -05:00
|
|
|
|
var usersToDelete = existingExternalUsers.Where(u =>
|
|
|
|
|
|
u.Type != OrganizationUserType.Owner &&
|
|
|
|
|
|
!newUsersSet.Contains(u.ExternalId) &&
|
|
|
|
|
|
existingExternalUsersIdDict.ContainsKey(u.ExternalId));
|
|
|
|
|
|
await _organizationUserRepository.DeleteManyAsync(usersToDelete.Select(u => u.Id));
|
|
|
|
|
|
foreach (var deletedUser in usersToDelete)
|
2019-05-06 21:31:20 -04:00
|
|
|
|
{
|
2021-05-17 09:43:02 -05:00
|
|
|
|
existingExternalUsersIdDict.Remove(deletedUser.ExternalId);
|
2019-05-06 21:31:20 -04:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (newUsers?.Any() ?? false)
|
2017-05-13 12:00:40 -04:00
|
|
|
|
{
|
2017-11-10 15:22:19 -05:00
|
|
|
|
// Marry existing users
|
|
|
|
|
|
var existingUsersEmailsDict = existingUsers
|
|
|
|
|
|
.Where(u => string.IsNullOrWhiteSpace(u.ExternalId))
|
|
|
|
|
|
.ToDictionary(u => u.Email);
|
|
|
|
|
|
var newUsersEmailsDict = newUsers.ToDictionary(u => u.Email);
|
|
|
|
|
|
var usersToAttach = existingUsersEmailsDict.Keys.Intersect(newUsersEmailsDict.Keys).ToList();
|
2021-05-17 09:43:02 -05:00
|
|
|
|
var usersToUpsert = new List<OrganizationUser>();
|
2020-03-27 14:36:37 -04:00
|
|
|
|
foreach (var user in usersToAttach)
|
2017-11-10 15:22:19 -05:00
|
|
|
|
{
|
|
|
|
|
|
var orgUserDetails = existingUsersEmailsDict[user];
|
|
|
|
|
|
var orgUser = await _organizationUserRepository.GetByIdAsync(orgUserDetails.Id);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (orgUser != null)
|
2017-11-10 15:22:19 -05:00
|
|
|
|
{
|
|
|
|
|
|
orgUser.ExternalId = newUsersEmailsDict[user].ExternalId;
|
2021-05-17 09:43:02 -05:00
|
|
|
|
usersToUpsert.Add(orgUser);
|
2017-11-10 15:22:19 -05:00
|
|
|
|
existingExternalUsersIdDict.Add(orgUser.ExternalId, orgUser.Id);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2021-05-17 09:43:02 -05:00
|
|
|
|
await _organizationUserRepository.UpsertManyAsync(usersToUpsert);
|
2017-11-10 15:22:19 -05:00
|
|
|
|
|
|
|
|
|
|
// Add new users
|
|
|
|
|
|
var existingUsersSet = new HashSet<string>(existingExternalUsersIdDict.Keys);
|
2017-05-15 14:41:20 -04:00
|
|
|
|
var usersToAdd = newUsersSet.Except(existingUsersSet).ToList();
|
2017-05-13 12:00:40 -04:00
|
|
|
|
|
2017-05-15 14:41:20 -04:00
|
|
|
|
var seatsAvailable = int.MaxValue;
|
2017-05-18 08:58:08 -04:00
|
|
|
|
var enoughSeatsAvailable = true;
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (organization.Seats.HasValue)
|
2017-05-13 12:00:40 -04:00
|
|
|
|
{
|
2017-05-15 14:41:20 -04:00
|
|
|
|
var userCount = await _organizationUserRepository.GetCountByOrganizationIdAsync(organizationId);
|
|
|
|
|
|
seatsAvailable = organization.Seats.Value - userCount;
|
2017-05-18 08:58:08 -04:00
|
|
|
|
enoughSeatsAvailable = seatsAvailable >= usersToAdd.Count;
|
2017-05-13 12:00:40 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-05-17 09:43:02 -05:00
|
|
|
|
var userInvites = new List<(OrganizationUserInvite, string)>();
|
2021-03-25 08:42:04 -05:00
|
|
|
|
foreach (var user in newUsers)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (!usersToAdd.Contains(user.ExternalId) || string.IsNullOrWhiteSpace(user.Email))
|
2017-05-16 00:11:21 -04:00
|
|
|
|
{
|
2021-03-25 08:42:04 -05:00
|
|
|
|
continue;
|
|
|
|
|
|
}
|
2017-05-16 00:11:21 -04:00
|
|
|
|
|
2021-03-25 08:42:04 -05:00
|
|
|
|
try
|
|
|
|
|
|
{
|
|
|
|
|
|
var invite = new OrganizationUserInvite
|
2017-05-18 08:58:08 -04:00
|
|
|
|
{
|
2021-03-25 08:42:04 -05:00
|
|
|
|
Emails = new List<string> { user.Email },
|
|
|
|
|
|
Type = OrganizationUserType.User,
|
|
|
|
|
|
AccessAll = false,
|
|
|
|
|
|
Collections = new List<SelectionReadOnly>(),
|
|
|
|
|
|
};
|
2021-05-17 09:43:02 -05:00
|
|
|
|
userInvites.Add((invite, user.ExternalId));
|
2021-03-25 08:42:04 -05:00
|
|
|
|
}
|
|
|
|
|
|
catch (BadRequestException)
|
|
|
|
|
|
{
|
|
|
|
|
|
// Thrown when the user is already invited to the organization
|
|
|
|
|
|
continue;
|
2017-05-13 12:00:40 -04:00
|
|
|
|
}
|
|
|
|
|
|
}
|
2021-05-17 09:43:02 -05:00
|
|
|
|
|
|
|
|
|
|
var invitedUsers = await InviteUsersAsync(organizationId, importingUserId, userInvites);
|
|
|
|
|
|
foreach (var invitedUser in invitedUsers)
|
|
|
|
|
|
{
|
|
|
|
|
|
existingExternalUsersIdDict.Add(invitedUser.ExternalId, invitedUser.Id);
|
|
|
|
|
|
}
|
2017-05-13 12:00:40 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-11-13 12:09:39 -05:00
|
|
|
|
|
2021-05-17 09:43:02 -05:00
|
|
|
|
// Groups
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (groups?.Any() ?? false)
|
2017-05-13 12:00:40 -04:00
|
|
|
|
{
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (!organization.UseGroups)
|
2017-05-20 15:31:16 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Organization cannot use groups.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-05-16 00:11:21 -04:00
|
|
|
|
var groupsDict = groups.ToDictionary(g => g.Group.ExternalId);
|
2017-05-18 10:41:47 -04:00
|
|
|
|
var existingGroups = await _groupRepository.GetManyByOrganizationIdAsync(organizationId);
|
2019-05-14 11:16:30 -04:00
|
|
|
|
var existingExternalGroups = existingGroups
|
|
|
|
|
|
.Where(u => !string.IsNullOrWhiteSpace(u.ExternalId)).ToList();
|
2017-05-18 10:41:47 -04:00
|
|
|
|
var existingExternalGroupsDict = existingExternalGroups.ToDictionary(g => g.ExternalId);
|
2017-05-15 14:41:20 -04:00
|
|
|
|
|
|
|
|
|
|
var newGroups = groups
|
2017-05-18 10:41:47 -04:00
|
|
|
|
.Where(g => !existingExternalGroupsDict.ContainsKey(g.Group.ExternalId))
|
2017-05-16 00:11:21 -04:00
|
|
|
|
.Select(g => g.Group);
|
2017-05-15 14:41:20 -04:00
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
foreach (var group in newGroups)
|
2017-05-13 12:00:40 -04:00
|
|
|
|
{
|
2017-05-15 14:41:20 -04:00
|
|
|
|
group.CreationDate = group.RevisionDate = DateTime.UtcNow;
|
2017-05-13 12:00:40 -04:00
|
|
|
|
|
2017-05-15 14:41:20 -04:00
|
|
|
|
await _groupRepository.CreateAsync(group);
|
2019-05-14 11:16:30 -04:00
|
|
|
|
await UpdateUsersAsync(group, groupsDict[group.ExternalId].ExternalUserIds,
|
|
|
|
|
|
existingExternalUsersIdDict);
|
2017-05-15 14:41:20 -04:00
|
|
|
|
}
|
2017-05-13 14:14:20 -04:00
|
|
|
|
|
2017-05-18 10:41:47 -04:00
|
|
|
|
var updateGroups = existingExternalGroups
|
2017-05-15 16:37:56 -04:00
|
|
|
|
.Where(g => groupsDict.ContainsKey(g.ExternalId))
|
|
|
|
|
|
.ToList();
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (updateGroups.Any())
|
2017-05-13 12:00:40 -04:00
|
|
|
|
{
|
2017-05-15 16:37:56 -04:00
|
|
|
|
var groupUsers = await _groupRepository.GetManyGroupUsersByOrganizationIdAsync(organizationId);
|
|
|
|
|
|
var existingGroupUsers = groupUsers
|
2017-05-15 15:01:16 -04:00
|
|
|
|
.GroupBy(gu => gu.GroupId)
|
2017-05-15 16:37:56 -04:00
|
|
|
|
.ToDictionary(g => g.Key, g => new HashSet<Guid>(g.Select(gr => gr.OrganizationUserId)));
|
2017-05-15 14:41:20 -04:00
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
foreach (var group in updateGroups)
|
2017-05-15 15:01:16 -04:00
|
|
|
|
{
|
2017-05-16 00:11:21 -04:00
|
|
|
|
var updatedGroup = groupsDict[group.ExternalId].Group;
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (group.Name != updatedGroup.Name)
|
2017-05-15 16:37:56 -04:00
|
|
|
|
{
|
|
|
|
|
|
group.RevisionDate = DateTime.UtcNow;
|
|
|
|
|
|
group.Name = updatedGroup.Name;
|
|
|
|
|
|
|
|
|
|
|
|
await _groupRepository.ReplaceAsync(group);
|
|
|
|
|
|
}
|
2017-05-15 15:01:16 -04:00
|
|
|
|
|
2019-05-14 11:16:30 -04:00
|
|
|
|
await UpdateUsersAsync(group, groupsDict[group.ExternalId].ExternalUserIds,
|
|
|
|
|
|
existingExternalUsersIdDict,
|
2017-05-15 16:37:56 -04:00
|
|
|
|
existingGroupUsers.ContainsKey(group.Id) ? existingGroupUsers[group.Id] : null);
|
2017-05-15 15:01:16 -04:00
|
|
|
|
}
|
2017-05-13 12:00:40 -04:00
|
|
|
|
}
|
|
|
|
|
|
}
|
2021-09-23 06:36:08 -04:00
|
|
|
|
|
2021-08-17 13:12:55 -04:00
|
|
|
|
await _referenceEventService.RaiseEventAsync(
|
|
|
|
|
|
new ReferenceEvent(ReferenceEventType.DirectorySynced, organization));
|
2017-05-13 12:00:40 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2019-03-04 09:52:43 -05:00
|
|
|
|
public async Task RotateApiKeyAsync(Organization organization)
|
|
|
|
|
|
{
|
|
|
|
|
|
organization.ApiKey = CoreHelpers.SecureRandomString(30);
|
|
|
|
|
|
organization.RevisionDate = DateTime.UtcNow;
|
|
|
|
|
|
await ReplaceAndUpdateCache(organization);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-08-26 14:12:04 -04:00
|
|
|
|
public async Task DeleteSsoUserAsync(Guid userId, Guid? organizationId)
|
|
|
|
|
|
{
|
|
|
|
|
|
await _ssoUserRepository.DeleteAsync(userId, organizationId);
|
|
|
|
|
|
if (organizationId.HasValue)
|
|
|
|
|
|
{
|
|
|
|
|
|
var organizationUser = await _organizationUserRepository.GetByOrganizationAsync(organizationId.Value, userId);
|
|
|
|
|
|
if (organizationUser != null)
|
|
|
|
|
|
{
|
|
|
|
|
|
await _eventService.LogOrganizationUserEventAsync(organizationUser, EventType.OrganizationUser_UnlinkedSso);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-07-01 14:31:05 +02:00
|
|
|
|
public async Task<Organization> UpdateOrganizationKeysAsync(Guid orgId, string publicKey, string privateKey)
|
2021-05-19 09:40:32 -05:00
|
|
|
|
{
|
2021-07-08 17:05:32 +02:00
|
|
|
|
if (!await _currentContext.ManageResetPassword(orgId))
|
2021-05-19 09:40:32 -05:00
|
|
|
|
{
|
|
|
|
|
|
throw new UnauthorizedAccessException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// If the keys already exist, error out
|
|
|
|
|
|
var org = await _organizationRepository.GetByIdAsync(orgId);
|
|
|
|
|
|
if (org.PublicKey != null && org.PrivateKey != null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Organization Keys already exist");
|
|
|
|
|
|
}
|
2021-07-08 17:05:32 +02:00
|
|
|
|
|
2021-05-19 09:40:32 -05:00
|
|
|
|
// Update org with generated public/private key
|
|
|
|
|
|
org.PublicKey = publicKey;
|
|
|
|
|
|
org.PrivateKey = privateKey;
|
|
|
|
|
|
await UpdateAsync(org);
|
2021-09-23 06:36:08 -04:00
|
|
|
|
|
2021-05-19 09:40:32 -05:00
|
|
|
|
return org;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-05-15 14:41:20 -04:00
|
|
|
|
private async Task UpdateUsersAsync(Group group, HashSet<string> groupUsers,
|
2017-05-15 15:01:16 -04:00
|
|
|
|
Dictionary<string, Guid> existingUsersIdDict, HashSet<Guid> existingUsers = null)
|
2017-05-15 14:41:20 -04:00
|
|
|
|
{
|
2017-05-15 16:37:56 -04:00
|
|
|
|
var availableUsers = groupUsers.Intersect(existingUsersIdDict.Keys);
|
|
|
|
|
|
var users = new HashSet<Guid>(availableUsers.Select(u => existingUsersIdDict[u]));
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (existingUsers != null && existingUsers.Count == users.Count && users.SetEquals(existingUsers))
|
2017-05-15 15:01:16 -04:00
|
|
|
|
{
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-05-15 14:41:20 -04:00
|
|
|
|
await _groupRepository.UpdateUsersAsync(group.Id, users);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-03-29 21:26:19 -04:00
|
|
|
|
private async Task<IEnumerable<OrganizationUser>> GetConfirmedOwnersAsync(Guid organizationId)
|
|
|
|
|
|
{
|
|
|
|
|
|
var owners = await _organizationUserRepository.GetManyByOrganizationAsync(organizationId,
|
2017-05-13 12:00:40 -04:00
|
|
|
|
OrganizationUserType.Owner);
|
|
|
|
|
|
return owners.Where(o => o.Status == OrganizationUserStatusType.Confirmed);
|
2017-03-29 21:26:19 -04:00
|
|
|
|
}
|
2017-08-11 08:57:31 -04:00
|
|
|
|
|
2021-05-17 10:10:44 +02:00
|
|
|
|
private async Task DeleteAndPushUserRegistrationAsync(Guid organizationId, Guid userId)
|
|
|
|
|
|
{
|
|
|
|
|
|
var deviceIds = await GetUserDeviceIdsAsync(userId);
|
|
|
|
|
|
await _pushRegistrationService.DeleteUserRegistrationOrganizationAsync(deviceIds,
|
|
|
|
|
|
organizationId.ToString());
|
|
|
|
|
|
await _pushNotificationService.PushSyncOrgKeysAsync(userId);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2017-08-11 08:57:31 -04:00
|
|
|
|
private async Task<IEnumerable<string>> GetUserDeviceIdsAsync(Guid userId)
|
|
|
|
|
|
{
|
|
|
|
|
|
var devices = await _deviceRepository.GetManyByUserIdAsync(userId);
|
2017-11-14 08:39:16 -05:00
|
|
|
|
return devices.Where(d => !string.IsNullOrWhiteSpace(d.PushToken)).Select(d => d.Id.ToString());
|
2017-08-11 08:57:31 -04:00
|
|
|
|
}
|
2017-12-19 16:02:39 -05:00
|
|
|
|
|
|
|
|
|
|
private async Task ReplaceAndUpdateCache(Organization org, EventType? orgEvent = null)
|
|
|
|
|
|
{
|
|
|
|
|
|
await _organizationRepository.ReplaceAsync(org);
|
|
|
|
|
|
await _applicationCacheService.UpsertOrganizationAbilityAsync(org);
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (orgEvent.HasValue)
|
2017-12-19 16:02:39 -05:00
|
|
|
|
{
|
|
|
|
|
|
await _eventService.LogOrganizationEventAsync(org, orgEvent.Value);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private async Task<Organization> GetOrgById(Guid id)
|
|
|
|
|
|
{
|
|
|
|
|
|
return await _organizationRepository.GetByIdAsync(id);
|
|
|
|
|
|
}
|
2019-03-21 21:36:03 -04:00
|
|
|
|
|
|
|
|
|
|
private void ValidateOrganizationUpgradeParameters(Models.StaticStore.Plan plan, OrganizationUpgrade upgrade)
|
|
|
|
|
|
{
|
2020-08-11 14:19:56 -04:00
|
|
|
|
if (!plan.HasAdditionalStorageOption && upgrade.AdditionalStorageGb > 0)
|
2019-03-21 21:36:03 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Plan does not allow additional storage.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (upgrade.AdditionalStorageGb < 0)
|
2019-03-21 21:36:03 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("You can't subtract storage!");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-08-11 14:19:56 -04:00
|
|
|
|
if (!plan.HasPremiumAccessOption && upgrade.PremiumAccessAddon)
|
2019-03-21 21:36:03 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("This plan does not allow you to buy the premium access addon.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (plan.BaseSeats + upgrade.AdditionalSeats <= 0)
|
2019-03-21 21:36:03 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("You do not have any seats!");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (upgrade.AdditionalSeats < 0)
|
2019-03-21 21:36:03 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("You can't subtract seats!");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-08-11 14:19:56 -04:00
|
|
|
|
if (!plan.HasAdditionalSeatsOption && upgrade.AdditionalSeats > 0)
|
2019-03-21 21:36:03 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Plan does not allow additional users.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-08-11 14:19:56 -04:00
|
|
|
|
if (plan.HasAdditionalSeatsOption && plan.MaxAdditionalSeats.HasValue &&
|
2019-03-21 21:36:03 -04:00
|
|
|
|
upgrade.AdditionalSeats > plan.MaxAdditionalSeats.Value)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException($"Selected plan allows a maximum of " +
|
|
|
|
|
|
$"{plan.MaxAdditionalSeats.GetValueOrDefault(0)} additional users.");
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2021-01-12 11:02:39 -05:00
|
|
|
|
|
2021-07-08 17:05:32 +02:00
|
|
|
|
private async Task ValidateOrganizationUserUpdatePermissions(Guid organizationId, OrganizationUserType newType,
|
2021-07-01 14:31:05 +02:00
|
|
|
|
OrganizationUserType? oldType)
|
2021-01-12 11:02:39 -05:00
|
|
|
|
{
|
2021-07-08 17:05:32 +02:00
|
|
|
|
if (await _currentContext.OrganizationOwner(organizationId))
|
2021-01-12 11:02:39 -05:00
|
|
|
|
{
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-07-01 14:31:05 +02:00
|
|
|
|
if (oldType == OrganizationUserType.Owner || newType == OrganizationUserType.Owner)
|
2021-01-12 11:02:39 -05:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Only an Owner can configure another Owner's account.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-07-08 17:05:32 +02:00
|
|
|
|
if (await _currentContext.OrganizationAdmin(organizationId))
|
2021-01-12 11:02:39 -05:00
|
|
|
|
{
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-07-01 14:31:05 +02:00
|
|
|
|
if (oldType == OrganizationUserType.Custom || newType == OrganizationUserType.Custom)
|
2021-01-12 11:02:39 -05:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Only Owners and Admins can configure Custom accounts.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-07-08 17:05:32 +02:00
|
|
|
|
if (!await _currentContext.ManageUsers(organizationId))
|
2021-01-12 11:02:39 -05:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Your account does not have permission to manage users.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-07-01 14:31:05 +02:00
|
|
|
|
if (oldType == OrganizationUserType.Admin || newType == OrganizationUserType.Admin)
|
2021-01-12 11:02:39 -05:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Custom users can not manage Admins or Owners.");
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2021-11-09 16:37:32 +01:00
|
|
|
|
|
|
|
|
|
|
private async Task ValidateDeleteOrganizationAsync(Organization organization)
|
|
|
|
|
|
{
|
|
|
|
|
|
var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(organization.Id);
|
2021-11-17 11:46:35 +01:00
|
|
|
|
if (ssoConfig?.GetData()?.KeyConnectorEnabled == true)
|
2021-11-09 16:37:32 +01:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("You cannot delete an Organization that is using Key Connector.");
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2017-03-03 00:07:11 -05:00
|
|
|
|
}
|
|
|
|
|
|
}
|