[SM-396] Self-enroll Secrets Manager (#2671)

* Add endpoint for self enrolling in secrets manager * Add SecretsManager attribute * Mark endpoint as only cloud, enable secrets manager for the current user * Remove response
2025-01-12 20:20:37 +01:00 · 2023-02-21 18:24:49 +01:00 · 2023-02-21 18:24:49 +01:00 · 146d5b1984
commit 146d5b1984
parent 16bdd67cad
2 changed files with 37 additions and 0 deletions
--- a/src/Api/Controllers/OrganizationsController.cs
+++ b/src/Api/Controllers/OrganizationsController.cs
@ -4,6 +4,7 @@ using Bit.Api.Models.Request.Accounts;
 using Bit.Api.Models.Request.Organizations;
 using Bit.Api.Models.Response;
 using Bit.Api.Models.Response.Organizations;
+using Bit.Api.SecretsManager;
 using Bit.Api.Utilities;
 using Bit.Core.Context;
 using Bit.Core.Enums;
@ -716,4 +717,34 @@ public class OrganizationsController : Controller

        return new OrganizationSsoResponseModel(organization, _globalSettings, ssoConfig);
    }
+
+    // This is a temporary endpoint to self-enroll in secrets manager
+    [SecretsManager]
+    [SelfHosted(NotSelfHostedOnly = true)]
+    [HttpPost("{id}/enroll-secrets-manager")]
+    public async Task EnrollSecretsManager(Guid id, [FromBody] OrganizationEnrollSecretsManagerRequestModel model)
+    {
+        var userId = _userService.GetProperUserId(User).Value;
+        if (!await _currentContext.OrganizationAdmin(id))
+        {
+            throw new NotFoundException();
+        }
+
+        var organization = await _organizationRepository.GetByIdAsync(id);
+        if (organization == null)
+        {
+            throw new NotFoundException();
+        }
+
+        organization.UseSecretsManager = model.Enabled;
+        await _organizationService.UpdateAsync(organization);
+
+        // Turn on Secrets Manager for the user
+        if (model.Enabled)
+        {
+            var orgUser = await _organizationUserRepository.GetByOrganizationAsync(id, userId);
+            orgUser.AccessSecretsManager = true;
+            await _organizationUserRepository.ReplaceAsync(orgUser);
+        }
+    }
 }
--- a/src/Api/Models/Request/Organizations/OrganizationEnrollSecretsManagerRequestModel.cs
+++ b/src/Api/Models/Request/Organizations/OrganizationEnrollSecretsManagerRequestModel.cs
@ -0,0 +1,6 @@
+namespace Bit.Api.Models.Request.Organizations;
+
+public class OrganizationEnrollSecretsManagerRequestModel
+{
+    public bool Enabled { get; set; }
+}