[EC-449] Event log user for SCIM events

bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs

@@ -1,4 +1,5 @@
-using Bit.Core.Exceptions;
+using Bit.Core.Enums;
+using Bit.Core.Exceptions;
 using Bit.Core.OrganizationFeatures.Groups.Interfaces;
 using Bit.Core.Repositories;
 using Bit.Scim.Groups.Interfaces;
@@ -96,7 +97,7 @@ public async Task<IActionResult> Patch(Guid organizationId, Guid id, [FromBody]
     [HttpDelete("{id}")]
     public async Task<IActionResult> Delete(Guid organizationId, Guid id)
     {
-        await _deleteGroupCommand.DeleteGroupAsync(organizationId, id);
+        await _deleteGroupCommand.DeleteGroupAsync(organizationId, id, EventSystemUser.SCIM);
         return new NoContentResult();
     }
 }

bitwarden_license/src/Scim/Controllers/v2/UsersController.cs

@@ -119,7 +119,7 @@ public async Task<IActionResult> Patch(Guid organizationId, Guid id, [FromBody]
     [HttpDelete("{id}")]
     public async Task<IActionResult> Delete(Guid organizationId, Guid id)
     {
-        await _deleteOrganizationUserCommand.DeleteUserAsync(organizationId, id, null);
+        await _deleteOrganizationUserCommand.DeleteUserAsync(organizationId, id, EventSystemUser.SCIM);
         return new NoContentResult();
     }
 }

bitwarden_license/src/Scim/Groups/PatchGroupCommand.cs

@@ -1,4 +1,5 @@
 using System.Text.Json;
+using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
@@ -48,15 +49,15 @@ public async Task PatchGroupAsync(Guid organizationId, Guid id, ScimPatchModel m
                 else if (operation.Path?.ToLowerInvariant() == "displayname")
                 {
                     group.Name = operation.Value.GetString();
-                    await _groupService.SaveAsync(group);
+                    await _groupService.SaveAsync(group, EventSystemUser.SCIM);
                     operationHandled = true;
                 }
                 // Replace group name from value object
                 else if (string.IsNullOrWhiteSpace(operation.Path) &&
                     operation.Value.TryGetProperty("displayName", out var displayNameProperty))
                 {
                     group.Name = displayNameProperty.GetString();
-                    await _groupService.SaveAsync(group);
+                    await _groupService.SaveAsync(group, EventSystemUser.SCIM);
                     operationHandled = true;
                 }
             }
@@ -94,7 +95,7 @@ public async Task PatchGroupAsync(Guid organizationId, Guid id, ScimPatchModel m
                 var removeId = GetOperationPathId(operation.Path);
                 if (removeId.HasValue)
                 {
-                    await _groupService.DeleteUserAsync(group, removeId.Value);
+                    await _groupService.DeleteUserAsync(group, removeId.Value, EventSystemUser.SCIM);
                     operationHandled = true;
                 }
             }

bitwarden_license/src/Scim/Groups/PostGroupCommand.cs

@@ -1,4 +1,5 @@
 using Bit.Core.Entities;
+using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
@@ -38,7 +39,7 @@ public async Task<Group> PostGroupAsync(Guid organizationId, ScimGroupRequestMod
         }
 
         var group = model.ToGroup(organizationId);
-        await _groupService.SaveAsync(group, null);
+        await _groupService.SaveAsync(group, EventSystemUser.SCIM, null);
         await UpdateGroupMembersAsync(group, model);
 
         return group;

bitwarden_license/src/Scim/Groups/PutGroupCommand.cs

@@ -1,4 +1,5 @@
 using Bit.Core.Entities;
+using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
@@ -33,7 +34,7 @@ public async Task<Group> PutGroupAsync(Guid organizationId, Guid id, ScimGroupRe
         }
 
         group.Name = model.DisplayName;
-        await _groupService.SaveAsync(group);
+        await _groupService.SaveAsync(group, EventSystemUser.SCIM);
         await UpdateGroupMembersAsync(group, model);
 
         return group;

bitwarden_license/src/Scim/Users/PatchUserCommand.cs

@@ -74,12 +74,12 @@ private async Task<bool> HandleActiveOperationAsync(Core.Entities.OrganizationUs
     {
         if (active && orgUser.Status == OrganizationUserStatusType.Revoked)
         {
-            await _organizationService.RestoreUserAsync(orgUser, null, _userService);
+            await _organizationService.RestoreUserAsync(orgUser, EventSystemUser.SCIM, _userService);
             return true;
         }
         else if (!active && orgUser.Status != OrganizationUserStatusType.Revoked)
         {
-            await _organizationService.RevokeUserAsync(orgUser, null);
+            await _organizationService.RevokeUserAsync(orgUser, EventSystemUser.SCIM);
             return true;
         }
         return false;

bitwarden_license/src/Scim/Users/PostUserCommand.cs

@@ -79,7 +79,7 @@ public async Task<OrganizationUserUserDetails> PostUserAsync(Guid organizationId
             throw new ConflictException();
         }
 
-        var invitedOrgUser = await _organizationService.InviteUserAsync(organizationId, null, email,
+        var invitedOrgUser = await _organizationService.InviteUserAsync(organizationId, EventSystemUser.SCIM, email,
             OrganizationUserType.User, false, externalId, new List<SelectionReadOnly>());
         var orgUser = await _organizationUserRepository.GetDetailsByIdAsync(invitedOrgUser.Id);
 

bitwarden_license/test/Scim.Test/Groups/PatchGroupCommandTests.cs

@@ -1,5 +1,6 @@
 using System.Text.Json;
 using Bit.Core.Entities;
+using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
@@ -67,7 +68,7 @@ public async Task PatchGroup_ReplaceDisplayNameFromPath_Success(SutProvider<Patc
 
         await sutProvider.Sut.PatchGroupAsync(group.OrganizationId, group.Id, scimPatchModel);
 
-        await sutProvider.GetDependency<IGroupService>().Received(1).SaveAsync(group);
+        await sutProvider.GetDependency<IGroupService>().Received(1).SaveAsync(group, EventSystemUser.SCIM);
         Assert.Equal(displayName, group.Name);
     }
 
@@ -94,7 +95,7 @@ public async Task PatchGroup_ReplaceDisplayNameFromValueObject_Success(SutProvid
 
         await sutProvider.Sut.PatchGroupAsync(group.OrganizationId, group.Id, scimPatchModel);
 
-        await sutProvider.GetDependency<IGroupService>().Received(1).SaveAsync(group);
+        await sutProvider.GetDependency<IGroupService>().Received(1).SaveAsync(group, EventSystemUser.SCIM);
         Assert.Equal(displayName, group.Name);
     }
 
@@ -182,7 +183,7 @@ public async Task PatchGroup_RemoveSingleMember_Success(SutProvider<PatchGroupCo
 
         await sutProvider.Sut.PatchGroupAsync(group.OrganizationId, group.Id, scimPatchModel);
 
-        await sutProvider.GetDependency<IGroupService>().Received(1).DeleteUserAsync(group, userId);
+        await sutProvider.GetDependency<IGroupService>().Received(1).DeleteUserAsync(group, userId, EventSystemUser.SCIM);
     }
 
     [Theory]

bitwarden_license/test/Scim.Test/Groups/PostGroupCommandTests.cs

@@ -1,4 +1,5 @@
 using Bit.Core.Entities;
+using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
@@ -42,7 +43,7 @@ public async Task PostGroup_Success(SutProvider<PostGroupCommand> sutProvider, s
 
         var group = await sutProvider.Sut.PostGroupAsync(organizationId, scimGroupRequestModel);
 
-        await sutProvider.GetDependency<IGroupService>().Received(1).SaveAsync(group, null);
+        await sutProvider.GetDependency<IGroupService>().Received(1).SaveAsync(group, EventSystemUser.SCIM, null);
         await sutProvider.GetDependency<IGroupRepository>().Received(0).UpdateUsersAsync(Arg.Any<Guid>(), Arg.Any<IEnumerable<Guid>>());
 
         AssertHelper.AssertPropertyEqual(expectedResult, group, "Id", "CreationDate", "RevisionDate");
@@ -77,7 +78,7 @@ public async Task PostGroup_WithMembers_Success(SutProvider<PostGroupCommand> su
 
         var group = await sutProvider.Sut.PostGroupAsync(organizationId, scimGroupRequestModel);
 
-        await sutProvider.GetDependency<IGroupService>().Received(1).SaveAsync(group, null);
+        await sutProvider.GetDependency<IGroupService>().Received(1).SaveAsync(group, EventSystemUser.SCIM, null);
         await sutProvider.GetDependency<IGroupRepository>().Received(1).UpdateUsersAsync(Arg.Any<Guid>(), Arg.Is<IEnumerable<Guid>>(arg => arg.All(id => membersUserIds.Contains(id))));
 
         AssertHelper.AssertPropertyEqual(expectedResult, group, "Id", "CreationDate", "RevisionDate");

bitwarden_license/test/Scim.Test/Groups/PutGroupCommandTests.cs

@@ -1,4 +1,5 @@
 using Bit.Core.Entities;
+using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
@@ -45,7 +46,7 @@ public async Task PutGroup_Success(SutProvider<PutGroupCommand> sutProvider, Gro
         AssertHelper.AssertPropertyEqual(expectedResult, result, "CreationDate", "RevisionDate");
         Assert.Equal(displayName, group.Name);
 
-        await sutProvider.GetDependency<IGroupService>().Received(1).SaveAsync(group);
+        await sutProvider.GetDependency<IGroupService>().Received(1).SaveAsync(group, EventSystemUser.SCIM);
         await sutProvider.GetDependency<IGroupRepository>().Received(0).UpdateUsersAsync(group.Id, Arg.Any<IEnumerable<Guid>>());
     }
 
@@ -82,7 +83,7 @@ public async Task PutGroup_ChangeMembers_Success(SutProvider<PutGroupCommand> su
         AssertHelper.AssertPropertyEqual(expectedResult, result, "CreationDate", "RevisionDate");
         Assert.Equal(displayName, group.Name);
 
-        await sutProvider.GetDependency<IGroupService>().Received(1).SaveAsync(group);
+        await sutProvider.GetDependency<IGroupService>().Received(1).SaveAsync(group, EventSystemUser.SCIM);
         await sutProvider.GetDependency<IGroupRepository>().Received(1).UpdateUsersAsync(group.Id, Arg.Is<IEnumerable<Guid>>(arg => arg.All(id => membersUserIds.Contains(id))));
     }
 

bitwarden_license/test/Scim.Test/Users/PatchUserCommandTests.cs

@@ -1,5 +1,6 @@
 using System.Text.Json;
 using Bit.Core.Entities;
+using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
@@ -42,7 +43,7 @@ public async Task PatchUser_RestorePath_Success(SutProvider<PatchUserCommand> su
 
         await sutProvider.Sut.PatchUserAsync(organizationUser.OrganizationId, organizationUser.Id, scimPatchModel);
 
-        await sutProvider.GetDependency<IOrganizationService>().Received(1).RestoreUserAsync(organizationUser, null, Arg.Any<IUserService>());
+        await sutProvider.GetDependency<IOrganizationService>().Received(1).RestoreUserAsync(organizationUser, EventSystemUser.SCIM, Arg.Any<IUserService>());
     }
 
     [Theory]
@@ -70,7 +71,7 @@ public async Task PatchUser_RestoreValue_Success(SutProvider<PatchUserCommand> s
 
         await sutProvider.Sut.PatchUserAsync(organizationUser.OrganizationId, organizationUser.Id, scimPatchModel);
 
-        await sutProvider.GetDependency<IOrganizationService>().Received(1).RestoreUserAsync(organizationUser, null, Arg.Any<IUserService>());
+        await sutProvider.GetDependency<IOrganizationService>().Received(1).RestoreUserAsync(organizationUser, EventSystemUser.SCIM, Arg.Any<IUserService>());
     }
 
     [Theory]
@@ -99,7 +100,7 @@ public async Task PatchUser_RevokePath_Success(SutProvider<PatchUserCommand> sut
 
         await sutProvider.Sut.PatchUserAsync(organizationUser.OrganizationId, organizationUser.Id, scimPatchModel);
 
-        await sutProvider.GetDependency<IOrganizationService>().Received(1).RevokeUserAsync(organizationUser, null);
+        await sutProvider.GetDependency<IOrganizationService>().Received(1).RevokeUserAsync(organizationUser, EventSystemUser.SCIM);
     }
 
     [Theory]
@@ -127,7 +128,7 @@ public async Task PatchUser_RevokeValue_Success(SutProvider<PatchUserCommand> su
 
         await sutProvider.Sut.PatchUserAsync(organizationUser.OrganizationId, organizationUser.Id, scimPatchModel);
 
-        await sutProvider.GetDependency<IOrganizationService>().Received(1).RevokeUserAsync(organizationUser, null);
+        await sutProvider.GetDependency<IOrganizationService>().Received(1).RevokeUserAsync(organizationUser, EventSystemUser.SCIM);
     }
 
     [Theory]
@@ -146,8 +147,8 @@ public async Task PatchUser_NoAction_Success(SutProvider<PatchUserCommand> sutPr
 
         await sutProvider.Sut.PatchUserAsync(organizationUser.OrganizationId, organizationUser.Id, scimPatchModel);
 
-        await sutProvider.GetDependency<IOrganizationService>().Received(0).RestoreUserAsync(organizationUser, null, Arg.Any<IUserService>());
-        await sutProvider.GetDependency<IOrganizationService>().Received(0).RevokeUserAsync(organizationUser, null);
+        await sutProvider.GetDependency<IOrganizationService>().Received(0).RestoreUserAsync(organizationUser, EventSystemUser.SCIM, Arg.Any<IUserService>());
+        await sutProvider.GetDependency<IOrganizationService>().Received(0).RevokeUserAsync(organizationUser, EventSystemUser.SCIM);
     }
 
     [Theory]

bitwarden_license/test/Scim.Test/Users/PostUserCommandTests.cs

@@ -34,12 +34,12 @@ public async Task PostUser_Success(SutProvider<PostUserCommand> sutProvider, str
             .Returns(organizationUsers);
 
         sutProvider.GetDependency<IOrganizationService>()
-            .InviteUserAsync(organizationId, null, scimUserRequestModel.PrimaryEmail.ToLowerInvariant(), OrganizationUserType.User, false, externalId, Arg.Any<List<SelectionReadOnly>>())
+            .InviteUserAsync(organizationId, EventSystemUser.SCIM, scimUserRequestModel.PrimaryEmail.ToLowerInvariant(), OrganizationUserType.User, false, externalId, Arg.Any<List<SelectionReadOnly>>())
             .Returns(newUser);
 
         var user = await sutProvider.Sut.PostUserAsync(organizationId, scimUserRequestModel);
 
-        await sutProvider.GetDependency<IOrganizationService>().Received(1).InviteUserAsync(organizationId, null, scimUserRequestModel.PrimaryEmail.ToLowerInvariant(),
+        await sutProvider.GetDependency<IOrganizationService>().Received(1).InviteUserAsync(organizationId, EventSystemUser.SCIM, scimUserRequestModel.PrimaryEmail.ToLowerInvariant(),
             OrganizationUserType.User, false, scimUserRequestModel.ExternalId, Arg.Any<List<SelectionReadOnly>>());
         await sutProvider.GetDependency<IOrganizationUserRepository>().Received(1).GetDetailsByIdAsync(newUser.Id);
     }

src/Api/Models/Response/EventResponseModel.cs

@@ -30,6 +30,7 @@ public EventResponseModel(IEvent ev)
         DeviceType = ev.DeviceType;
         IpAddress = ev.IpAddress;
         InstallationId = ev.InstallationId;
+        SystemUser = ev.SystemUser;
     }
 
     public EventType Type { get; set; }
@@ -48,4 +49,5 @@ public EventResponseModel(IEvent ev)
     public DateTime Date { get; set; }
     public DeviceType? DeviceType { get; set; }
     public string IpAddress { get; set; }
+    public EventSystemUser? SystemUser { get; set; }
 }

src/Core/Entities/Event.cs

@@ -27,6 +27,7 @@ public Event(IEvent e)
         DeviceType = e.DeviceType;
         IpAddress = e.IpAddress;
         ActingUserId = e.ActingUserId;
+        SystemUser = e.SystemUser;
     }
 
     public Guid Id { get; set; }
@@ -47,6 +48,7 @@ public Event(IEvent e)
     [MaxLength(50)]
     public string IpAddress { get; set; }
     public Guid? ActingUserId { get; set; }
+    public EventSystemUser? SystemUser { get; set; }
 
     public void SetNewId()
     {

src/Core/Enums/EventSystemUser.cs

@@ -0,0 +1,6 @@
+namespace Bit.Core.Enums;
+
+public enum EventSystemUser : byte
+{
+    SCIM = 1
+}

src/Core/Models/Data/EventMessage.cs

@@ -31,4 +31,5 @@ public EventMessage(ICurrentContext currentContext)
     public DeviceType? DeviceType { get; set; }
     public string IpAddress { get; set; }
     public Guid? IdempotencyId { get; private set; } = Guid.NewGuid();
+    public EventSystemUser? SystemUser { get; set; }
 }

src/Core/Models/Data/EventTableEntity.cs

@@ -26,6 +26,7 @@ private EventTableEntity(IEvent e)
         DeviceType = e.DeviceType;
         IpAddress = e.IpAddress;
         ActingUserId = e.ActingUserId;
+        SystemUser = e.SystemUser;
     }
 
     public DateTime Date { get; set; }
@@ -44,6 +45,7 @@ private EventTableEntity(IEvent e)
     public DeviceType? DeviceType { get; set; }
     public string IpAddress { get; set; }
     public Guid? ActingUserId { get; set; }
+    public EventSystemUser? SystemUser { get; set; }
 
     public override IDictionary<string, EntityProperty> WriteEntity(OperationContext operationContext)
     {
@@ -69,6 +71,16 @@ public override IDictionary<string, EntityProperty> WriteEntity(OperationContext
             result.Add(deviceTypeName, new EntityProperty((int?)DeviceType));
         }
 
+        var systemUserTypeName = nameof(SystemUser);
+        if (result.ContainsKey(systemUserTypeName))
+        {
+            result[systemUserTypeName] = new EntityProperty((int?)SystemUser);
+        }
+        else
+        {
+            result.Add(systemUserTypeName, new EntityProperty((int?)SystemUser));
+        }
+
         return result;
     }
 
@@ -88,6 +100,12 @@ public override void ReadEntity(IDictionary<string, EntityProperty> properties,
         {
             DeviceType = (DeviceType)properties[deviceTypeName].Int32Value.Value;
         }
+
+        var systemUserTypeName = nameof(SystemUser);
+        if (properties.ContainsKey(systemUserTypeName) && properties[systemUserTypeName].Int32Value.HasValue)
+        {
+            SystemUser = (EventSystemUser)properties[systemUserTypeName].Int32Value.Value;
+        }
     }
 
     public static List<EventTableEntity> IndexEvent(EventMessage e)

src/Core/Models/Data/IEvent.cs

@@ -20,4 +20,5 @@ public interface IEvent
     DeviceType? DeviceType { get; set; }
     string IpAddress { get; set; }
     DateTime Date { get; set; }
+    EventSystemUser? SystemUser { get; set; }
 }

src/Core/OrganizationFeatures/Groups/DeleteGroupCommand.cs

@@ -1,4 +1,6 @@
-using Bit.Core.Exceptions;
+using Bit.Core.Entities;
+using Bit.Core.Enums;
+using Bit.Core.Exceptions;
 using Bit.Core.OrganizationFeatures.Groups.Interfaces;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
@@ -17,6 +19,18 @@ public DeleteGroupCommand(IEventService eventService, IGroupRepository groupRepo
     }
 
     public async Task DeleteGroupAsync(Guid organizationId, Guid id)
+    {
+        var group = await GroupRepositoryDeleteGroupAsync(organizationId, id);
+        await _eventService.LogGroupEventAsync(group, Core.Enums.EventType.Group_Deleted);
+    }
+
+    public async Task DeleteGroupAsync(Guid organizationId, Guid id, EventSystemUser eventSystemUser)
+    {
+        var group = await GroupRepositoryDeleteGroupAsync(organizationId, id);
+        await _eventService.LogGroupEventAsync(group, Core.Enums.EventType.Group_Deleted, eventSystemUser);
+    }
+
+    private async Task<Group> GroupRepositoryDeleteGroupAsync(Guid organizationId, Guid id)
     {
         var group = await _groupRepository.GetByIdAsync(id);
         if (group == null || group.OrganizationId != organizationId)
@@ -25,6 +39,7 @@ public async Task DeleteGroupAsync(Guid organizationId, Guid id)
         }
 
         await _groupRepository.DeleteAsync(group);
-        await _eventService.LogGroupEventAsync(group, Core.Enums.EventType.Group_Deleted);
+
+        return group;
     }
 }