bitwarden · JimmyVo16 · Jan 29, 2025 · Feb 4, 2025 · Feb 4, 2025 · Feb 4, 2025
@@ -11,6 +11,7 @@
 using Bit.Core.Tools.Models.Business;
 using Bit.Core.Tools.Services;
 
+
 #nullable enable
 
 namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers;
@@ -26,7 +27,6 @@
     private readonly IHasConfirmedOwnersExceptQuery _hasConfirmedOwnersExceptQuery;
     private readonly IReferenceEventService _referenceEventService;
     private readonly IPushNotificationService _pushService;
-    private readonly IOrganizationRepository _organizationRepository;
     private readonly IProviderUserRepository _providerUserRepository;
     public DeleteManagedOrganizationUserAccountCommand(
         IUserService userService,
@@ -38,8 +38,8 @@
         IHasConfirmedOwnersExceptQuery hasConfirmedOwnersExceptQuery,
         IReferenceEventService referenceEventService,
         IPushNotificationService pushService,
-        IOrganizationRepository organizationRepository,
-        IProviderUserRepository providerUserRepository)
+        IProviderUserRepository providerUserRepository
+        )
     {
         _userService = userService;
         _eventService = eventService;
@@ -50,143 +50,172 @@
         _hasConfirmedOwnersExceptQuery = hasConfirmedOwnersExceptQuery;
         _referenceEventService = referenceEventService;
         _pushService = pushService;
-        _organizationRepository = organizationRepository;
         _providerUserRepository = providerUserRepository;
     }
 
     public async Task DeleteUserAsync(Guid organizationId, Guid organizationUserId, Guid? deletingUserId)
     {
-        var organizationUser = await _organizationUserRepository.GetByIdAsync(organizationUserId);
-        if (organizationUser == null || organizationUser.OrganizationId != organizationId)
-        {
-            throw new NotFoundException("Member not found.");
-        }
-
-        var managementStatus = await _getOrganizationUsersManagementStatusQuery.GetUsersOrganizationManagementStatusAsync(organizationId, new[] { organizationUserId });
-        var hasOtherConfirmedOwners = await _hasConfirmedOwnersExceptQuery.HasConfirmedOwnersExceptAsync(organizationId, new[] { organizationUserId }, includeProvider: true);
-
-        await ValidateDeleteUserAsync(organizationId, organizationUser, deletingUserId, managementStatus, hasOtherConfirmedOwners);
-
-        var user = await _userRepository.GetByIdAsync(organizationUser.UserId!.Value);
-        if (user == null)
-        {
-            throw new NotFoundException("Member not found.");
-        }
-
-        await _userService.DeleteAsync(user);
-        await _eventService.LogOrganizationUserEventAsync(organizationUser, EventType.OrganizationUser_Deleted);
+        await DeleteManyUsersAsync(organizationId, new[] { organizationUserId }, deletingUserId);
     }
 
     public async Task<IEnumerable<(Guid OrganizationUserId, string? ErrorMessage)>> DeleteManyUsersAsync(Guid organizationId, IEnumerable<Guid> orgUserIds, Guid? deletingUserId)
     {
         var orgUsers = await _organizationUserRepository.GetManyAsync(orgUserIds);
-        var userIds = orgUsers.Where(ou => ou.UserId.HasValue).Select(ou => ou.UserId!.Value).ToList();
-        var users = await _userRepository.GetManyAsync(userIds);
-
+        var users = await GetUsersAsync(orgUsers);
         var managementStatus = await _getOrganizationUsersManagementStatusQuery.GetUsersOrganizationManagementStatusAsync(organizationId, orgUserIds);
-        var hasOtherConfirmedOwners = await _hasConfirmedOwnersExceptQuery.HasConfirmedOwnersExceptAsync(organizationId, orgUserIds, includeProvider: true);
+        var userDeletionResults = new List<(Guid OrganizationUserId, OrganizationUser? orgUser, User? user, string? ErrorMessage)>();
 
-        var results = new List<(Guid OrganizationUserId, string? ErrorMessage)>();
         foreach (var orgUserId in orgUserIds)
         {
+            OrganizationUser? orgUser = null;
+            User? user = null;
+
             try
             {
-                var orgUser = orgUsers.FirstOrDefault(ou => ou.Id == orgUserId);
+                orgUser = orgUsers.FirstOrDefault(ou => ou.Id == orgUserId);
                 if (orgUser == null || orgUser.OrganizationId != organizationId)
                 {
                     throw new NotFoundException("Member not found.");
                 }
 
-                await ValidateDeleteUserAsync(organizationId, orgUser, deletingUserId, managementStatus, hasOtherConfirmedOwners);
+                user = users.FirstOrDefault(u => u.Id == orgUser.UserId);
 
-                var user = users.FirstOrDefault(u => u.Id == orgUser.UserId);
                 if (user == null)
                 {
                     throw new NotFoundException("Member not found.");
                 }
 
-                await ValidateUserMembershipAndPremiumAsync(user);
+                await ValidateAsync(organizationId, orgUser, user, deletingUserId, managementStatus);
+
+                await CancelPremiumAsync(user);
 
-                results.Add((orgUserId, string.Empty));
+                userDeletionResults.Add((orgUserId, orgUser, user, string.Empty));
             }
             catch (Exception ex)
             {
-                results.Add((orgUserId, ex.Message));
+                userDeletionResults.Add((orgUserId, orgUser, user, ex.Message));
             }
         }
 
-        var orgUserResultsToDelete = results.Where(result => string.IsNullOrEmpty(result.ErrorMessage));
-        var orgUsersToDelete = orgUsers.Where(orgUser => orgUserResultsToDelete.Any(result => orgUser.Id == result.OrganizationUserId));
-        var usersToDelete = users.Where(user => orgUsersToDelete.Any(orgUser => orgUser.UserId == user.Id));
+        await HandleUserDeletionsAsync(userDeletionResults);
 
-        if (usersToDelete.Any())
-        {
-            await DeleteManyAsync(usersToDelete);
-        }
+        await LogDeletedOrganizationUsersAsync(userDeletionResults);
 
-        await LogDeletedOrganizationUsersAsync(orgUsers, results);
+        return userDeletionResults
+            .Select(i => (i.OrganizationUserId, i.ErrorMessage))
+            .ToList();
+    }
 
-        return results;
+    private async Task<IEnumerable<User>> GetUsersAsync(ICollection<OrganizationUser> orgUsers)
+    {
+        var userIds = orgUsers
+         .Where(orgUser => orgUser.UserId.HasValue)
+         .Select(orgUser => orgUser.UserId!.Value)
+         .ToList();
+
+        return await _userRepository.GetManyAsync(userIds);
     }
 
-    private async Task ValidateDeleteUserAsync(Guid organizationId, OrganizationUser orgUser, Guid? deletingUserId, IDictionary<Guid, bool> managementStatus, bool hasOtherConfirmedOwners)
+    private async Task ValidateAsync(Guid organizationId, OrganizationUser orgUser, User user, Guid? deletingUserId, IDictionary<Guid, bool> managementStatus)
+    {
+        EnsureUserStatusIsNotInvited(orgUser);
+        PreventSelfDeletion(orgUser, deletingUserId);
+        EnsureUserIsManagedByOrganization(orgUser, managementStatus);
+
+        await EnsureOnlyOwnersCanDeleteOwnersAsync(organizationId, orgUser, deletingUserId);
+        await EnsureUserIsNotSoleOrganizationOwnerAsync(user);
+        await EnsureUserIsNotSoleProviderOwnerAsync(user);
+    }
+    private static void EnsureUserStatusIsNotInvited(OrganizationUser orgUser)
     {
         if (!orgUser.UserId.HasValue || orgUser.Status == OrganizationUserStatusType.Invited)
         {
             throw new BadRequestException("You cannot delete a member with Invited status.");
         }
-
-        if (deletingUserId.HasValue && orgUser.UserId.Value == deletingUserId.Value)
+    }
+    private static void PreventSelfDeletion(OrganizationUser orgUser, Guid? deletingUserId)
+    {
+        if (!orgUser.UserId.HasValue || !deletingUserId.HasValue)
+        {
+            return;
+        }
+        if (orgUser.UserId.Value == deletingUserId.Value)
         {
             throw new BadRequestException("You cannot delete yourself.");
         }
+    }
 
-        if (orgUser.Type == OrganizationUserType.Owner)
+    private async Task EnsureOnlyOwnersCanDeleteOwnersAsync(Guid organizationId, OrganizationUser orgUser, Guid? deletingUserId)
+    {
+        if (orgUser.Type != OrganizationUserType.Owner)
         {
-            if (deletingUserId.HasValue && !await _currentContext.OrganizationOwner(organizationId))
-            {
-                throw new BadRequestException("Only owners can delete other owners.");
-            }
+            return;
+        }
 
-            if (!hasOtherConfirmedOwners)
-            {
-                throw new BadRequestException("Organization must have at least one confirmed owner.");
-            }
+        if (deletingUserId.HasValue && !await _currentContext.OrganizationOwner(organizationId))
+        {
+            throw new BadRequestException("Only owners can delete other owners.");
         }
+    }
 
+    private static void EnsureUserIsManagedByOrganization(OrganizationUser orgUser, IDictionary<Guid, bool> managementStatus)
+    {
         if (!managementStatus.TryGetValue(orgUser.Id, out var isManaged) || !isManaged)
         {
             throw new BadRequestException("Member is not managed by the organization.");
         }
     }
 
-    private async Task LogDeletedOrganizationUsersAsync(
-        IEnumerable<OrganizationUser> orgUsers,
-        IEnumerable<(Guid OrgUserId, string? ErrorMessage)> results)
+    private async Task EnsureUserIsNotSoleOrganizationOwnerAsync(User user)
     {
-        var eventDate = DateTime.UtcNow;
-        var events = new List<(OrganizationUser OrgUser, EventType Event, DateTime? EventDate)>();
-
-        foreach (var (orgUserId, errorMessage) in results)
+        var onlyOwnerCount = await _organizationUserRepository.GetCountByOnlyOwnerAsync(user.Id);
+        if (onlyOwnerCount > 0)
         {
-            var orgUser = orgUsers.FirstOrDefault(ou => ou.Id == orgUserId);
-            // If the user was not found or there was an error, we skip logging the event
-            if (orgUser == null || !string.IsNullOrEmpty(errorMessage))
-            {
-                continue;
-            }
+            throw new BadRequestException("Cannot delete this user because it is the sole owner of at least one organization. Please delete these organizations or upgrade another user.");
+        }
+    }
 
-            events.Add((orgUser, EventType.OrganizationUser_Deleted, eventDate));
+    private async Task EnsureUserIsNotSoleProviderOwnerAsync(User user)
+    {
+        var onlyOwnerProviderCount = await _providerUserRepository.GetCountByOnlyOwnerAsync(user.Id);
+        if (onlyOwnerProviderCount > 0)
+        {
+            throw new BadRequestException("Cannot delete this user because it is the sole owner of at least one provider. Please delete these providers or upgrade another user.");
         }
+    }
+
+    private async Task LogDeletedOrganizationUsersAsync(
+        List<(Guid OrganizationUserId, OrganizationUser? orgUser, User? user, string? ErrorMessage)> results)
+    {
+        var eventDate = DateTime.UtcNow;
+
+        var events = results
+            .Where(result => string.IsNullOrEmpty(result.ErrorMessage)
+                && result.orgUser != null)
+            .Select(result => (result.orgUser!, (EventType)EventType.OrganizationUser_Deleted, (DateTime?)eventDate))
+            .ToList();
 
         if (events.Any())
         {
             await _eventService.LogOrganizationUserEventsAsync(events);
         }
     }
-    private async Task DeleteManyAsync(IEnumerable<User> users)
+    private async Task HandleUserDeletionsAsync(List<(Guid OrganizationUserId, OrganizationUser? orgUser, User? user, string? ErrorMessage)> userDeletionResults)
     {
+        var usersToDelete = userDeletionResults
+            .Where(result =>
+                string.IsNullOrEmpty(result.ErrorMessage)
+                && result.user != null)
+            .Select(i => i.user!);
 
+        if (usersToDelete.Any())
+        {
+            await DeleteManyAsync(usersToDelete);
+        }
+    }
+
+    private async Task DeleteManyAsync(IEnumerable<User> users)
+    {
         await _userRepository.DeleteManyAsync(users);
         foreach (var user in users)
         {
@@ -197,46 +226,16 @@
 
     }
 
-    private async Task ValidateUserMembershipAndPremiumAsync(User user)
+    private async Task CancelPremiumAsync(User user)
     {
-        // Check if user is the only owner of any organizations.
-        var onlyOwnerCount = await _organizationUserRepository.GetCountByOnlyOwnerAsync(user.Id);
-        if (onlyOwnerCount > 0)
-        {
-            throw new BadRequestException("Cannot delete this user because it is the sole owner of at least one organization. Please delete these organizations or upgrade another user.");
-        }
-
-        var orgs = await _organizationUserRepository.GetManyDetailsByUserAsync(user.Id, OrganizationUserStatusType.Confirmed);
-        if (orgs.Count == 1)
-        {
-            var org = await _organizationRepository.GetByIdAsync(orgs.First().OrganizationId);
-            if (org != null && (!org.Enabled || string.IsNullOrWhiteSpace(org.GatewaySubscriptionId)))
-            {
-                var orgCount = await _organizationUserRepository.GetCountByOrganizationIdAsync(org.Id);
-                if (orgCount <= 1)
-                {
-                    await _organizationRepository.DeleteAsync(org);
-                }
-                else
-                {
-                    throw new BadRequestException("Cannot delete this user because it is the sole owner of at least one organization. Please delete these organizations or upgrade another user.");
-                }
-            }
-        }
-
-        var onlyOwnerProviderCount = await _providerUserRepository.GetCountByOnlyOwnerAsync(user.Id);
-        if (onlyOwnerProviderCount > 0)
+        if (string.IsNullOrWhiteSpace(user.GatewaySubscriptionId))
         {
-            throw new BadRequestException("Cannot delete this user because it is the sole owner of at least one provider. Please delete these providers or upgrade another user.");
+            return;
         }
-
-        if (!string.IsNullOrWhiteSpace(user.GatewaySubscriptionId))
+        try
         {
-            try
-            {
-                await _userService.CancelPremiumAsync(user);
-            }
-            catch (GatewayException) { }
+            await _userService.CancelPremiumAsync(user);
         }
+        catch (GatewayException) { }
     }
 }