Feature/self f4e/api keys (#1896)

* Add in ApiKey

* Work on API Key table

* Work on apikey table

* Fix response model

* Work on information for UI

* Work on last sync date

* Work on sync status

* Work on auth

* Work on tokenable

* Work on merge

* Add custom requirement

* Add policy

* Run formatting

* Work on EF Migrations

* Work on OrganizationConnection

* Work on database

* Work on additional database table

* Run formatting

* Small fixes

* More cleanup

* Cleanup

* Add RevisionDate

* Add GO

* Finish Sql project

* Add newlines

* Fix stored proc file

* Fix sqlproj

* Add newlines

* Fix table

* Add navigation property

* Delete Connections when organization is deleted

* Add connection validation

* Start adding ID column

* Work on ID column

* Work on SQL migration

* Work on migrations

* Run formatting

* Fix test build

* Fix sprocs

* Work on migrations

* Fix Create table

* Fix sproc

* Add prints to migration

* Add default value

* Update EF migrations

* Formatting

* Add to integration tests

* Minor fixes

* Formatting

* Cleanup

* Address PR feedback

* Address more PR feedback

* Fix formatting

* Fix formatting

* Fix

* Address PR feedback

* Remove accidential change

* Fix SQL build

* Run formatting

* Address PR feedback

* Add sync data to OrganizationUserOrgDetails

* Add comments

* Remove OrganizationConnectionService interface

* Remove unused using

* Address PR feedback

* Formatting

Author: justindbaur

.config/dotnet-tools.json

@@ -27,4 +27,4 @@
       ]
     }
   }
-}
+}

bitwarden-server.sln

@@ -86,6 +86,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Billing.Test", "test\Billin
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Identity.Test", "test\Identity.Test\Identity.Test.csproj", "{310A1D8E-2D3F-4FA0-84D4-FFE31FCE193E}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Core.IntegrationTest", "test\Core.IntegrationTest\Core.IntegrationTest.csproj", "{EDEE89ED-89FA-4D3C-803C-AB59CE9CEBD7}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -202,6 +204,10 @@ Global
 		{310A1D8E-2D3F-4FA0-84D4-FFE31FCE193E}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{310A1D8E-2D3F-4FA0-84D4-FFE31FCE193E}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{310A1D8E-2D3F-4FA0-84D4-FFE31FCE193E}.Release|Any CPU.Build.0 = Release|Any CPU
+		{EDEE89ED-89FA-4D3C-803C-AB59CE9CEBD7}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{EDEE89ED-89FA-4D3C-803C-AB59CE9CEBD7}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{EDEE89ED-89FA-4D3C-803C-AB59CE9CEBD7}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{EDEE89ED-89FA-4D3C-803C-AB59CE9CEBD7}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -234,6 +240,7 @@ Global
 		{ED880735-0250-43C7-9662-FDC7C7416E7F} = {DD5BD056-4AAE-43EF-BBD2-0B569B8DA84D}
 		{B8639B10-2157-44BC-8CE1-D9EB4B50971F} = {DD5BD056-4AAE-43EF-BBD2-0B569B8DA84F}
 		{310A1D8E-2D3F-4FA0-84D4-FFE31FCE193E} = {DD5BD056-4AAE-43EF-BBD2-0B569B8DA84F}
+		{EDEE89ED-89FA-4D3C-803C-AB59CE9CEBD7} = {DD5BD056-4AAE-43EF-BBD2-0B569B8DA84F}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {E01CBF68-2E20-425F-9EDB-E0A6510CA92F}

src/Api/Controllers/OrganizationSponsorshipsController.cs

@@ -1,12 +1,18 @@
 using System;
+using System.Collections.Generic;
 using System.Threading.Tasks;
 using Bit.Api.Models.Request.Organizations;
+using Bit.Api.Models.Response;
+using Bit.Api.Utilities;
 using Bit.Core.Context;
 using Bit.Core.Entities;
+using Bit.Core.Enums;
 using Bit.Core.Exceptions;
+using Bit.Core.Models.Business.Tokenables;
 using Bit.Core.OrganizationFeatures.OrganizationSponsorships.FamiliesForEnterprise.Interfaces;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
+using Bit.Core.Tokens;
 using Bit.Core.Utilities;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
@@ -150,6 +156,20 @@ await _organizationRepository
                 existingOrgSponsorship);
         }
 
+        [HttpGet("{sponsoringOrgId}/sync-status")]
+        public async Task<object> GetSyncStatus(Guid sponsoringOrgId)
+        {
+            var sponsoringOrg = await _organizationRepository.GetByIdAsync(sponsoringOrgId);
+
+            if (!await _currentContext.OrganizationOwner(sponsoringOrg.Id))
+            {
+                throw new NotFoundException();
+            }
+
+            var lastSyncDate = await _organizationSponsorshipRepository.GetLatestSyncDateBySponsoringOrganizationIdAsync(sponsoringOrg.Id);
+            return new OrganizationSponsorshipSyncStatusResponseModel(lastSyncDate);
+        }
+
         private Task<User> CurrentUser => _userService.GetUserByIdAsync(_currentContext.UserId.Value);
     }
 }

src/Api/Controllers/OrganizationsController.cs

@@ -12,6 +12,7 @@
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Business;
 using Bit.Core.Models.Data;
+using Bit.Core.OrganizationFeatures.OrganizationApiKeys.Interfaces;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
 using Bit.Core.Settings;
@@ -34,6 +35,9 @@ public class OrganizationsController : Controller
         private readonly ICurrentContext _currentContext;
         private readonly ISsoConfigRepository _ssoConfigRepository;
         private readonly ISsoConfigService _ssoConfigService;
+        private readonly IGetOrganizationApiKeyCommand _getOrganizationApiKeyCommand;
+        private readonly IRotateOrganizationApiKeyCommand _rotateOrganizationApiKeyCommand;
+        private readonly IOrganizationApiKeyRepository _organizationApiKeyRepository;
         private readonly GlobalSettings _globalSettings;
 
         public OrganizationsController(
@@ -46,6 +50,9 @@ public OrganizationsController(
             ICurrentContext currentContext,
             ISsoConfigRepository ssoConfigRepository,
             ISsoConfigService ssoConfigService,
+            IGetOrganizationApiKeyCommand getOrganizationApiKeyCommand,
+            IRotateOrganizationApiKeyCommand rotateOrganizationApiKeyCommand,
+            IOrganizationApiKeyRepository organizationApiKeyRepository,
             GlobalSettings globalSettings)
         {
             _organizationRepository = organizationRepository;
@@ -57,6 +64,9 @@ public OrganizationsController(
             _currentContext = currentContext;
             _ssoConfigRepository = ssoConfigRepository;
             _ssoConfigService = ssoConfigService;
+            _getOrganizationApiKeyCommand = getOrganizationApiKeyCommand;
+            _rotateOrganizationApiKeyCommand = rotateOrganizationApiKeyCommand;
+            _organizationApiKeyRepository = organizationApiKeyRepository;
             _globalSettings = globalSettings;
         }
 
@@ -477,7 +487,7 @@ await _organizationService.ImportAsync(
         }
 
         [HttpPost("{id}/api-key")]
-        public async Task<ApiKeyResponseModel> ApiKey(string id, [FromBody] SecretVerificationRequestModel model)
+        public async Task<ApiKeyResponseModel> ApiKey(string id, [FromBody] OrganizationApiKeyRequestModel model)
         {
             var orgIdGuid = new Guid(id);
             if (!await _currentContext.OrganizationOwner(orgIdGuid))
@@ -491,6 +501,9 @@ public async Task<ApiKeyResponseModel> ApiKey(string id, [FromBody] SecretVerifi
                 throw new NotFoundException();
             }
 
+            var organizationApiKey = await _getOrganizationApiKeyCommand
+                .GetOrganizationApiKeyAsync(organization.Id, model.Type);
+
             var user = await _userService.GetUserByPrincipalAsync(User);
             if (user == null)
             {
@@ -504,13 +517,27 @@ public async Task<ApiKeyResponseModel> ApiKey(string id, [FromBody] SecretVerifi
             }
             else
             {
-                var response = new ApiKeyResponseModel(organization);
+                var response = new ApiKeyResponseModel(organizationApiKey);
                 return response;
             }
         }
 
+        [HttpGet("{id}/api-key-information")]
+        public async Task<ListResponseModel<OrganizationApiKeyInformation>> ApiKeyInformation(Guid id)
+        {
+            if (!await _currentContext.OrganizationOwner(id))
+            {
+                throw new NotFoundException();
+            }
+
+            var apiKeys = await _organizationApiKeyRepository.GetManyByOrganizationIdTypeAsync(id);
+
+            return new ListResponseModel<OrganizationApiKeyInformation>(
+                apiKeys.Select(k => new OrganizationApiKeyInformation(k)));
+        }
+
         [HttpPost("{id}/rotate-api-key")]
-        public async Task<ApiKeyResponseModel> RotateApiKey(string id, [FromBody] SecretVerificationRequestModel model)
+        public async Task<ApiKeyResponseModel> RotateApiKey(string id, [FromBody] OrganizationApiKeyRequestModel model)
         {
             var orgIdGuid = new Guid(id);
             if (!await _currentContext.OrganizationOwner(orgIdGuid))
@@ -524,6 +551,9 @@ public async Task<ApiKeyResponseModel> RotateApiKey(string id, [FromBody] Secret
                 throw new NotFoundException();
             }
 
+            var organizationApiKey = await _getOrganizationApiKeyCommand
+                .GetOrganizationApiKeyAsync(organization.Id, model.Type);
+
             var user = await _userService.GetUserByPrincipalAsync(User);
             if (user == null)
             {
@@ -537,8 +567,8 @@ public async Task<ApiKeyResponseModel> RotateApiKey(string id, [FromBody] Secret
             }
             else
             {
-                await _organizationService.RotateApiKeyAsync(organization);
-                var response = new ApiKeyResponseModel(organization);
+                await _rotateOrganizationApiKeyCommand.RotateApiKeyAsync(organizationApiKey);
+                var response = new ApiKeyResponseModel(organizationApiKey);
                 return response;
             }
         }

src/Api/Models/Request/Accounts/OrganizationApiKeyRequestModel.cs

@@ -0,0 +1,9 @@
+using Bit.Core.Enums;
+
+namespace Bit.Api.Models.Request.Accounts
+{
+    public class OrganizationApiKeyRequestModel : SecretVerificationRequestModel
+    {
+        public OrganizationApiKeyType Type { get; set; }
+    }
+}

src/Api/Models/Response/ApiKeyResponseModel.cs

@@ -6,14 +6,15 @@ namespace Bit.Api.Models.Response
 {
     public class ApiKeyResponseModel : ResponseModel
     {
-        public ApiKeyResponseModel(Organization organization, string obj = "apiKey")
+        public ApiKeyResponseModel(OrganizationApiKey organizationApiKey, string obj = "apiKey")
             : base(obj)
         {
-            if (organization == null)
+            if (organizationApiKey == null)
             {
-                throw new ArgumentNullException(nameof(organization));
+                throw new ArgumentNullException(nameof(organizationApiKey));
             }
-            ApiKey = organization.ApiKey;
+            ApiKey = organizationApiKey.ApiKey;
+            RevisionDate = organizationApiKey.RevisionDate;
         }
 
         public ApiKeyResponseModel(User user, string obj = "apiKey")
@@ -24,8 +25,10 @@ public ApiKeyResponseModel(User user, string obj = "apiKey")
                 throw new ArgumentNullException(nameof(user));
             }
             ApiKey = user.ApiKey;
+            RevisionDate = user.RevisionDate;
         }
 
         public string ApiKey { get; set; }
+        public DateTime RevisionDate { get; set; }
     }
 }

src/Api/Models/Response/OrganizationApiKeyInformationResponseModel.cs

@@ -0,0 +1,19 @@
+using System;
+using Bit.Core.Entities;
+using Bit.Core.Enums;
+using Bit.Core.Models.Api;
+
+namespace Bit.Api.Models.Response
+{
+    public class OrganizationApiKeyInformation : ResponseModel
+    {
+        public OrganizationApiKeyInformation(OrganizationApiKey key) : base("keyInformation")
+        {
+            KeyType = key.Type;
+            RevisionDate = key.RevisionDate;
+        }
+
+        public OrganizationApiKeyType KeyType { get; set; }
+        public DateTime RevisionDate { get; set; }
+    }
+}

src/Api/Models/Response/OrganizationSponsorshipSyncStatusResponseModel.cs

@@ -0,0 +1,16 @@
+using System;
+using Bit.Core.Models.Api;
+
+namespace Bit.Api.Models.Response
+{
+    public class OrganizationSponsorshipSyncStatusResponseModel : ResponseModel
+    {
+        public OrganizationSponsorshipSyncStatusResponseModel(DateTime? lastSyncDate)
+            : base("syncStatus")
+        {
+            LastSyncDate = lastSyncDate;
+        }
+
+        public DateTime? LastSyncDate { get; set; }
+    }
+}

src/Api/Models/Response/ProfileOrganizationResponseModel.cs

@@ -1,4 +1,5 @@
-using Bit.Core.Enums;
+using System;
+using Bit.Core.Enums;
 using Bit.Core.Models.Api;
 using Bit.Core.Models.Data;
 using Bit.Core.Utilities;
@@ -45,6 +46,10 @@ public ProfileOrganizationResponseModel(OrganizationUserOrganizationDetails orga
                 StaticStore.GetSponsoredPlan(PlanSponsorshipType.FamiliesForEnterprise)
                 .UsersCanSponsor(organization);
             PlanProductType = StaticStore.GetPlan(organization.PlanType).Product;
+            SponsorshipLastSyncDate = organization.FamilySponsorshipLastSyncDate;
+            FamilySponsorshipToDelete = organization.FamilySponsorshipToDelete;
+            FamilySponsorshipValidUntil = organization.FamilySponsorshipValidUntil;
+            FamilySponsorshipHasSponsoredOrg = organization.FamilySponsorshipHasSponsoredOrg;
 
             if (organization.SsoConfig != null)
             {
@@ -88,5 +93,10 @@ public ProfileOrganizationResponseModel(OrganizationUserOrganizationDetails orga
         public ProductType PlanProductType { get; set; }
         public bool KeyConnectorEnabled { get; set; }
         public string KeyConnectorUrl { get; set; }
+        public DateTime? SponsorshipLastSyncDate { get; set; }
+        public DateTime? FamilySponsorshipValidUntil { get; set; }
+        public bool? FamilySponsorshipToDelete { get; set; }
+        public bool FamilySponsorshipHasSponsoredOrg { get; set; }
+
     }
 }

src/Api/Startup.cs

@@ -114,6 +114,11 @@ public void ConfigureServices(IServiceCollection services)
                     policy.RequireAuthenticatedUser();
                     policy.RequireClaim(JwtClaimTypes.Scope, "api.organization");
                 });
+                config.AddPolicy("Installation", policy =>
+                {
+                    policy.RequireAuthenticatedUser();
+                    policy.RequireClaim(JwtClaimTypes.Scope, "api.installation");
+                });
             });
 
             services.AddScoped<AuthenticatorTokenProvider>();