Refactor IUserService methods GetOrganizationsManagingUserAsync and I…

…sManagedByAnyOrganizationAsync to not return nullable objects. Update ProfileOrganizationResponseModel.UserIsManagedByOrganization to not be nullable

src/Api/AdminConsole/Controllers/OrganizationsController.cs

@@ -121,10 +121,8 @@ public async Task<ListResponseModel<ProfileOrganizationResponseModel>> GetUser()
  var organizations = await _organizationUserRepository.GetManyDetailsByUserAsync(userId,
  OrganizationUserStatusType.Confirmed);
 
-#nullable enable
  var organizationManagingActiveUser = await _userService.GetOrganizationsManagingUserAsync(userId);
- var organizationIdsManagingActiveUser = organizationManagingActiveUser?.Select(o => o.Id);
-#nullable disable
+ var organizationIdsManagingActiveUser = organizationManagingActiveUser.Select(o => o.Id);
 
  var responses = organizations.Select(o => new ProfileOrganizationResponseModel(o, organizationIdsManagingActiveUser));
  return new ListResponseModel<ProfileOrganizationResponseModel>(responses);

src/Api/AdminConsole/Models/Response/ProfileOrganizationResponseModel.cs

@@ -17,10 +17,7 @@ public ProfileOrganizationResponseModel(string str) : base(str) { }
 
  public ProfileOrganizationResponseModel(
  OrganizationUserOrganizationDetails organization,
-#nullable enable
- IEnumerable<Guid>? organizationIdsManagingUser
-#nullable disable
- )
+ IEnumerable<Guid> organizationIdsManagingUser)
  : this("profileOrganization")
  {
  Id = organization.OrganizationId;
@@ -70,7 +67,7 @@ public ProfileOrganizationResponseModel(
  AccessSecretsManager = organization.AccessSecretsManager;
  LimitCollectionCreationDeletion = organization.LimitCollectionCreationDeletion;
  AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems;
- UserIsManagedByOrganization = organizationIdsManagingUser?.Contains(organization.OrganizationId);
+ UserIsManagedByOrganization = organizationIdsManagingUser.Contains(organization.OrganizationId);
 
  if (organization.SsoConfig != null)
  {
@@ -135,7 +132,9 @@ public ProfileOrganizationResponseModel(
  /// <remarks>
  /// An organization manages a user if the user's email domain is verified by the organization and the user is a member of it.
  /// The organization must be enabled and able to have verified domains.
- /// This property is null if the Account Deprovisioning feature flag is disabled.
  /// </remarks>
- public bool? UserIsManagedByOrganization { get; set; }
+ /// <returns>
+ /// False if the Account Deprovisioning feature flag is disabled.
+ /// </returns>
+ public bool UserIsManagedByOrganization { get; set; }
 }

src/Api/Auth/Controllers/AccountsController.cs

@@ -443,10 +443,7 @@ await _providerUserRepository.GetManyOrganizationDetailsByUserAsync(user.Id,
 
  var twoFactorEnabled = await _userService.TwoFactorIsEnabledAsync(user);
  var hasPremiumFromOrg = await _userService.HasPremiumFromOrganization(user);
-
-#nullable enable
  var organizationIdsManagingActiveUser = await GetOrganizationIdsManagingUserAsync(user.Id);
-#nullable disable
 
  var response = new ProfileResponseModel(user, organizationUserDetails, providerUserDetails,
  providerUserOrganizationDetails, twoFactorEnabled,
@@ -460,10 +457,7 @@ public async Task<ListResponseModel<ProfileOrganizationResponseModel>> GetOrgani
  var userId = _userService.GetProperUserId(User);
  var organizationUserDetails = await _organizationUserRepository.GetManyDetailsByUserAsync(userId.Value,
  OrganizationUserStatusType.Confirmed);
-
-#nullable enable
  var organizationIdsManagingActiveUser = await GetOrganizationIdsManagingUserAsync(userId.Value);
-#nullable disable
 
  var responseData = organizationUserDetails.Select(o => new ProfileOrganizationResponseModel(o, organizationIdsManagingActiveUser));
  return new ListResponseModel<ProfileOrganizationResponseModel>(responseData);
@@ -483,10 +477,7 @@ public async Task<ProfileResponseModel> PutProfile([FromBody] UpdateProfileReque
 
  var twoFactorEnabled = await _userService.TwoFactorIsEnabledAsync(user);
  var hasPremiumFromOrg = await _userService.HasPremiumFromOrganization(user);
-
-#nullable enable
  var organizationIdsManagingActiveUser = await GetOrganizationIdsManagingUserAsync(user.Id);
-#nullable disable
 
  var response = new ProfileResponseModel(user, null, null, null, twoFactorEnabled, hasPremiumFromOrg, organizationIdsManagingActiveUser);
  return response;
@@ -505,10 +496,7 @@ public async Task<ProfileResponseModel> PutAvatar([FromBody] UpdateAvatarRequest
 
  var userTwoFactorEnabled = await _userService.TwoFactorIsEnabledAsync(user);
  var userHasPremiumFromOrganization = await _userService.HasPremiumFromOrganization(user);
-
-#nullable enable
  var organizationIdsManagingActiveUser = await GetOrganizationIdsManagingUserAsync(user.Id);
-#nullable disable
 
  var response = new ProfileResponseModel(user, null, null, null, userTwoFactorEnabled, userHasPremiumFromOrganization, organizationIdsManagingActiveUser);
  return response;
@@ -661,10 +649,7 @@ public async Task<PaymentResponseModel> PostPremium(PremiumRequestModel model)
 
  var userTwoFactorEnabled = await _userService.TwoFactorIsEnabledAsync(user);
  var userHasPremiumFromOrganization = await _userService.HasPremiumFromOrganization(user);
-
-#nullable enable
  var organizationIdsManagingActiveUser = await GetOrganizationIdsManagingUserAsync(user.Id);
-#nullable disable
 
  var profile = new ProfileResponseModel(user, null, null, null, userTwoFactorEnabled, userHasPremiumFromOrganization, organizationIdsManagingActiveUser);
  return new PaymentResponseModel
@@ -954,11 +939,9 @@ public async Task VerifyOTP([FromBody] VerifyOTPRequestModel model)
  }
  }
 
-#nullable enable
- private async Task<IEnumerable<Guid>?> GetOrganizationIdsManagingUserAsync(Guid userId)
+ private async Task<IEnumerable<Guid>> GetOrganizationIdsManagingUserAsync(Guid userId)
  {
  var organizationManagingUser = await _userService.GetOrganizationsManagingUserAsync(userId);
- return organizationManagingUser?.Select(o => o.Id);
+ return organizationManagingUser.Select(o => o.Id);
  }
-#nullable disable
 }

src/Api/Billing/Controllers/OrganizationsController.cs

@@ -201,10 +201,8 @@ await addSecretsManagerSubscriptionCommand.SignUpAsync(organization, model.Addit
  var organizationDetails = await organizationUserRepository.GetDetailsByUserAsync(userId, organization.Id,
  OrganizationUserStatusType.Confirmed);
 
-#nullable enable
  var organizationManagingActiveUser = await userService.GetOrganizationsManagingUserAsync(userId);
- var organizationIdsManagingActiveUser = organizationManagingActiveUser?.Select(o => o.Id);
-#nullable disable
+ var organizationIdsManagingActiveUser = organizationManagingActiveUser.Select(o => o.Id);
 
  return new ProfileOrganizationResponseModel(organizationDetails, organizationIdsManagingActiveUser);
  }

src/Api/Models/Response/ProfileResponseModel.cs

@@ -15,10 +15,7 @@ public ProfileResponseModel(User user,
  IEnumerable<ProviderUserOrganizationDetails> providerUserOrganizationDetails,
  bool twoFactorEnabled,
  bool premiumFromOrganization,
-#nullable enable
- IEnumerable<Guid>? organizationIdsManagingUser
-#nullable disable
- ) : base("profile")
+ IEnumerable<Guid> organizationIdsManagingUser) : base("profile")
  {
  if (user == null)
  {

src/Api/Vault/Controllers/CiphersController.cs

@@ -912,7 +912,7 @@ public async Task PostPurge([FromBody] SecretVerificationRequestModel model, str
 
  // If Account Deprovisioning is enabled, we need to check if the user is managed by any organization.
  if (_featureService.IsEnabled(FeatureFlagKeys.AccountDeprovisioning)
- && await _userService.IsManagedByAnyOrganizationAsync(user.Id) == true)
+ && await _userService.IsManagedByAnyOrganizationAsync(user.Id))
  {
  throw new BadRequestException("Accounts managed by an organization cannot be purged.");
  }

src/Api/Vault/Controllers/SyncController.cs

@@ -1,13 +1,11 @@
 using Bit.Api.Vault.Models.Response;
-using Bit.Core;
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Enums.Provider;
 using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Data;
-using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
 using Bit.Core.Settings;
@@ -95,37 +93,12 @@ await _providerUserRepository.GetManyOrganizationDetailsByUserAsync(user.Id,
 
  var userTwoFactorEnabled = await _userService.TwoFactorIsEnabledAsync(user);
  var userHasPremiumFromOrganization = await _userService.HasPremiumFromOrganization(user);
-
-#nullable enable
- var organizationIdsManagingActiveUser = await GetOrganizationIdsManagingUserAsync(user, organizationUserDetails);
-#nullable disable
+ var organizationManagingActiveUser = await _userService.GetOrganizationsManagingUserAsync(user.Id);
+ var organizationIdsManagingActiveUser = organizationManagingActiveUser.Select(o => o.Id);
 
  var response = new SyncResponseModel(_globalSettings, user, userTwoFactorEnabled, userHasPremiumFromOrganization,
  organizationIdsManagingActiveUser, organizationUserDetails, providerUserDetails, providerUserOrganizationDetails,
  folders, collections, ciphers, collectionCiphersGroupDict, excludeDomains, policies, sends);
  return response;
  }
-
-#nullable enable
- /// <summary>
- /// Gets the IDs of the organizations that manage a user.
- /// </summary>
- /// <remarks>
- /// Organizations are considered to manage a user if the user's email domain is verified by the organization and the user is a member of it.
- /// The organization must be enabled and able to have verified domains.
- /// </remarks>
- private async Task<IEnumerable<Guid>?> GetOrganizationIdsManagingUserAsync(User user, IEnumerable<OrganizationUserOrganizationDetails> organizationUserDetails)
- {
- // Account deprovisioning must be enabled and organizations must be enabled and able to have verified domains.
- // TODO: Replace "UseSso" with a new organization ability like "UseOrganizationDomains" (PM-11622).
- if (!_featureService.IsEnabled(FeatureFlagKeys.AccountDeprovisioning)
- || !organizationUserDetails.Any(o => o is { Enabled: true, UseSso: true }))
- {
- return null;
- }
-
- var organizationsManagingUser = await _userService.GetOrganizationsManagingUserAsync(user.Id);
- return organizationsManagingUser?.Select(o => o.Id);
- }
-#nullable disable
 }

src/Api/Vault/Models/Response/SyncResponseModel.cs

@@ -21,9 +21,7 @@ public SyncResponseModel(
  User user,
  bool userTwoFactorEnabled,
  bool userHasPremiumFromOrganization,
-#nullable enable
- IEnumerable<Guid>? organizationIdsManagingUser,
-#nullable disable
+ IEnumerable<Guid> organizationIdsManagingUser,
  IEnumerable<OrganizationUserOrganizationDetails> organizationUserDetails,
  IEnumerable<ProviderUserProviderDetails> providerUserDetails,
  IEnumerable<ProviderUserOrganizationDetails> providerUserOrganizationDetails,

src/Core/Services/IUserService.cs

@@ -88,7 +88,6 @@ Task<IdentityResult> UpdatePasswordHash(User user, string newPassword,
  /// </summary>
  Task<bool> IsLegacyUser(string userId);
 
-#nullable enable
  /// <summary>
  /// Indicates if the user is managed by any organization.
  /// </summary>
@@ -97,14 +96,16 @@ Task<IdentityResult> UpdatePasswordHash(User user, string newPassword,
  /// The organization must be enabled and able to have verified domains.
  /// </remarks>
  /// <returns>
- /// This returns a nullable object because if the Account Deprovisioning feature flag is disabled, we should return null.
+ /// False if the Account Deprovisioning feature flag is disabled.
  /// </returns>
- Task<bool?> IsManagedByAnyOrganizationAsync(Guid userId);
+ Task<bool> IsManagedByAnyOrganizationAsync(Guid userId);
 
  /// <summary>
  /// Gets the organizations that manage the user.
  /// </summary>
+ /// <returns>
+ /// An empty collection if the Account Deprovisioning feature flag is disabled.
+ /// </returns>
  /// <inheritdoc cref="IsManagedByAnyOrganizationAsync(Guid)"/>
- Task<IEnumerable<Organization>?> GetOrganizationsManagingUserAsync(Guid userId);
-#nullable disable
+ Task<IEnumerable<Organization>> GetOrganizationsManagingUserAsync(Guid userId);
 }

src/Core/Services/Implementations/UserService.cs

@@ -1263,18 +1263,17 @@ public async Task<bool> IsLegacyUser(string userId)
  return IsLegacyUser(user);
  }
 
-#nullable enable
- public async Task<bool?> IsManagedByAnyOrganizationAsync(Guid userId)
+ public async Task<bool> IsManagedByAnyOrganizationAsync(Guid userId)
  {
  var managingOrganizations = await GetOrganizationsManagingUserAsync(userId);
- return managingOrganizations?.Any();
+ return managingOrganizations.Any();
  }
 
- public async Task<IEnumerable<Organization>?> GetOrganizationsManagingUserAsync(Guid userId)
+ public async Task<IEnumerable<Organization>> GetOrganizationsManagingUserAsync(Guid userId)
  {
  if (!_featureService.IsEnabled(FeatureFlagKeys.AccountDeprovisioning))
  {
- return null;
+ return Enumerable.Empty<Organization>();
  }
 
  // Get all organizations that have verified the user's email domain.
@@ -1285,7 +1284,6 @@ public async Task<bool> IsLegacyUser(string userId)
  // Verified domains were tied to SSO, so we currently check the "UseSso" organization ability.
  return organizationsWithVerifiedUserEmailDomain.Where(organization => organization is { Enabled: true, UseSso: true });
  }
-#nullable disable
 
  /// <inheritdoc cref="IsLegacyUser(string)"/>
  public static bool IsLegacyUser(User user)

test/Core.Test/Services/UserServiceTests.cs

@@ -279,18 +279,17 @@ await tokenProvider
  }
 
  [Theory, BitAutoData]
- public async Task IsManagedByAnyOrganizationAsync_WithAccountDeprovisioningDisabled_ReturnsNull(
+ public async Task IsManagedByAnyOrganizationAsync_WithAccountDeprovisioningDisabled_ReturnsFalse(
  SutProvider<UserService> sutProvider, Guid userId)
  {
  sutProvider.GetDependency<IFeatureService>()
  .IsEnabled(FeatureFlagKeys.AccountDeprovisioning)
  .Returns(false);
 
  var result = await sutProvider.Sut.IsManagedByAnyOrganizationAsync(userId);
- Assert.Null(result);
+ Assert.False(result);
  }
 
-
  [Theory, BitAutoData]
  public async Task IsManagedByAnyOrganizationAsync_WithAccountDeprovisioningEnabled_WithManagingEnabledOrganization_ReturnsTrue(
  SutProvider<UserService> sutProvider, Guid userId, Organization organization)