[SM-891] Include Secrets Manager in organization license for self-hosting (#3222)

* Remove self-hosted restrictions from SM endpoints

* Add SM properties to organization license

src/Api/SecretsManager/Controllers/AccessPoliciesController.cs

@@ -10,14 +10,12 @@ using Bit.Core.SecretsManager.Commands.AccessPolicies.Interfaces;
 using Bit.Core.SecretsManager.Entities;
 using Bit.Core.SecretsManager.Repositories;
 using Bit.Core.Services;
-using Bit.Core.Utilities;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
 namespace Bit.Api.SecretsManager.Controllers;
 
 [Authorize("secrets")]
-[SelfHosted(NotSelfHostedOnly = true)]
 [Route("access-policies")]
 public class AccessPoliciesController : Controller
 {

src/Api/SecretsManager/Controllers/ProjectsController.cs

@@ -10,14 +10,12 @@ using Bit.Core.SecretsManager.Entities;
 using Bit.Core.SecretsManager.Queries.Projects.Interfaces;
 using Bit.Core.SecretsManager.Repositories;
 using Bit.Core.Services;
-using Bit.Core.Utilities;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
 namespace Bit.Api.SecretsManager.Controllers;
 
 [Authorize("secrets")]
-[SelfHosted(NotSelfHostedOnly = true)]
 public class ProjectsController : Controller
 {
     private readonly ICurrentContext _currentContext;

src/Api/SecretsManager/Controllers/SecretsController.cs

@@ -14,14 +14,12 @@ using Bit.Core.Services;
 using Bit.Core.Tools.Enums;
 using Bit.Core.Tools.Models.Business;
 using Bit.Core.Tools.Services;
-using Bit.Core.Utilities;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
 namespace Bit.Api.SecretsManager.Controllers;
 
 [Authorize("secrets")]
-[SelfHosted(NotSelfHostedOnly = true)]
 public class SecretsController : Controller
 {
     private readonly ICurrentContext _currentContext;

src/Api/SecretsManager/Controllers/SecretsManagerPortingController.cs

@@ -7,14 +7,12 @@ using Bit.Core.SecretsManager.Commands.Porting.Interfaces;
 using Bit.Core.SecretsManager.Queries.Projects.Interfaces;
 using Bit.Core.SecretsManager.Repositories;
 using Bit.Core.Services;
-using Bit.Core.Utilities;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
 namespace Bit.Api.SecretsManager.Controllers;
 
 [Authorize("secrets")]
-[SelfHosted(NotSelfHostedOnly = true)]
 public class SecretsManagerPortingController : Controller
 {
     private readonly ISecretRepository _secretRepository;

src/Api/SecretsManager/Controllers/SecretsTrashController.cs

@@ -3,14 +3,12 @@ using Bit.Core.Context;
 using Bit.Core.Exceptions;
 using Bit.Core.SecretsManager.Commands.Trash.Interfaces;
 using Bit.Core.SecretsManager.Repositories;
-using Bit.Core.Utilities;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
 namespace Bit.Api.SecretsManager.Controllers;
 
 [Authorize("secrets")]
-[SelfHosted(NotSelfHostedOnly = true)]
 public class TrashController : Controller
 {
     private readonly ICurrentContext _currentContext;

src/Api/SecretsManager/Controllers/ServiceAccountsController.cs

@@ -14,14 +14,12 @@ using Bit.Core.SecretsManager.Entities;
 using Bit.Core.SecretsManager.Queries.ServiceAccounts.Interfaces;
 using Bit.Core.SecretsManager.Repositories;
 using Bit.Core.Services;
-using Bit.Core.Utilities;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
 namespace Bit.Api.SecretsManager.Controllers;
 
 [Authorize("secrets")]
-[SelfHosted(NotSelfHostedOnly = true)]
 [Route("service-accounts")]
 public class ServiceAccountsController : Controller
 {

src/Core/Entities/Organization.cs

@@ -250,5 +250,9 @@ public class Organization : ITableObject<Guid>, ISubscriber, IStorable, IStorabl
         ExpirationDate = license.Expires;
         LicenseKey = license.LicenseKey;
         RevisionDate = DateTime.UtcNow;
+        UsePasswordManager = license.UsePasswordManager;
+        UseSecretsManager = license.UseSecretsManager;
+        SmSeats = license.SmSeats;
+        SmServiceAccounts = license.SmServiceAccounts;
     }
 }

src/Core/Models/Business/OrganizationLicense.cs

@@ -47,6 +47,10 @@ public class OrganizationLicense : ILicense
         UsersGetPremium = org.UsersGetPremium;
         UseCustomPermissions = org.UseCustomPermissions;
         Issued = DateTime.UtcNow;
+        UsePasswordManager = org.UsePasswordManager;
+        UseSecretsManager = org.UseSecretsManager;
+        SmSeats = org.SmSeats;
+        SmServiceAccounts = org.SmServiceAccounts;
 
         if (subscriptionInfo?.Subscription == null)
         {
@@ -125,6 +129,10 @@ public class OrganizationLicense : ILicense
     public DateTime? Refresh { get; set; }
     public DateTime? Expires { get; set; }
     public DateTime? ExpirationWithoutGracePeriod { get; set; }
+    public bool UsePasswordManager { get; set; }
+    public bool UseSecretsManager { get; set; }
+    public int? SmSeats { get; set; }
+    public int? SmServiceAccounts { get; set; }
     public bool Trial { get; set; }
     public LicenseType? LicenseType { get; set; }
     public string Hash { get; set; }
@@ -137,10 +145,10 @@ public class OrganizationLicense : ILicense
     /// </summary>
     /// <remarks>Intentionally set one version behind to allow self hosted users some time to update before
     /// getting out of date license errors</remarks>
-    private const int CURRENT_LICENSE_FILE_VERSION = 11;
+    private const int CURRENT_LICENSE_FILE_VERSION = 12;
     private bool ValidLicenseVersion
     {
-        get => Version is >= 1 and <= 12;
+        get => Version is >= 1 and <= 13;
     }
 
     public byte[] GetDataBytes(bool forHash = false)
@@ -176,6 +184,8 @@ public class OrganizationLicense : ILicense
                     (Version >= 11 || !p.Name.Equals(nameof(UseCustomPermissions))) &&
                     // ExpirationWithoutGracePeriod was added in Version 12
                     (Version >= 12 || !p.Name.Equals(nameof(ExpirationWithoutGracePeriod))) &&
+                    // UseSecretsManager was added in Version 13
+                    (Version >= 13 || !p.Name.Equals(nameof(UseSecretsManager))) &&
                     (
                         !forHash ||
                         (
@@ -315,6 +325,14 @@ public class OrganizationLicense : ILicense
                 valid = organization.UseCustomPermissions == UseCustomPermissions;
             }
 
+            if (valid && Version >= 13)
+            {
+                valid = organization.UseSecretsManager == UseSecretsManager &&
+                organization.UsePasswordManager == UsePasswordManager &&
+                organization.SmSeats == SmSeats &&
+                organization.SmServiceAccounts == SmServiceAccounts;
+            }
+
             return valid;
         }
         else

src/Core/Services/Implementations/OrganizationService.cs

@@ -573,7 +573,11 @@ public class OrganizationService : IOrganizationService
             PrivateKey = privateKey,
             CreationDate = DateTime.UtcNow,
             RevisionDate = DateTime.UtcNow,
-            Status = OrganizationStatusType.Created
+            Status = OrganizationStatusType.Created,
+            UsePasswordManager = license.UsePasswordManager,
+            UseSecretsManager = license.UseSecretsManager,
+            SmSeats = license.SmSeats,
+            SmServiceAccounts = license.SmServiceAccounts
         };
 
         var result = await SignUpAsync(organization, owner.Id, ownerKey, collectionName, false);