[PM-13013] add delete many async method to i user repository and i user service for bulk user deletion (#5035)

* Add DeleteManyAsync method and stored procedure

* Add DeleteManyAsync and tests

* removed stored procedure, refactor User_DeleteById to accept multiple Ids

* add sproc, refactor tests

* revert existing sproc

* add bulk delete to IUserService

* fix sproc

* fix and add tests

* add migration script, fix test

* Add feature flag

* add feature flag to tests for deleteManyAsync

* enable nullable, delete only user that pass validation

* revert changes to DeleteAsync

* Cleanup whitespace

* remove redundant feature flag

* fix tests

* move DeleteManyAsync from UserService into DeleteManagedOrganizationUserAccountCommand

* refactor validation, remove unneeded tasks

* refactor tests, remove unused service

Author: BTreston

src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteManagedOrganizationUserAccountCommand.cs

@@ -1,10 +1,14 @@
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
+using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Context;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
+using Bit.Core.Tools.Enums;
+using Bit.Core.Tools.Models.Business;
+using Bit.Core.Tools.Services;
 
 #nullable enable
 
@@ -19,15 +23,22 @@ public class DeleteManagedOrganizationUserAccountCommand : IDeleteManagedOrganiz
     private readonly IUserRepository _userRepository;
     private readonly ICurrentContext _currentContext;
     private readonly IHasConfirmedOwnersExceptQuery _hasConfirmedOwnersExceptQuery;
-
+    private readonly IReferenceEventService _referenceEventService;
+    private readonly IPushNotificationService _pushService;
+    private readonly IOrganizationRepository _organizationRepository;
+    private readonly IProviderUserRepository _providerUserRepository;
     public DeleteManagedOrganizationUserAccountCommand(
         IUserService userService,
         IEventService eventService,
         IGetOrganizationUsersManagementStatusQuery getOrganizationUsersManagementStatusQuery,
         IOrganizationUserRepository organizationUserRepository,
         IUserRepository userRepository,
         ICurrentContext currentContext,
-        IHasConfirmedOwnersExceptQuery hasConfirmedOwnersExceptQuery)
+        IHasConfirmedOwnersExceptQuery hasConfirmedOwnersExceptQuery,
+        IReferenceEventService referenceEventService,
+        IPushNotificationService pushService,
+        IOrganizationRepository organizationRepository,
+        IProviderUserRepository providerUserRepository)
     {
         _userService = userService;
         _eventService = eventService;
@@ -36,6 +47,10 @@ public DeleteManagedOrganizationUserAccountCommand(
         _userRepository = userRepository;
         _currentContext = currentContext;
         _hasConfirmedOwnersExceptQuery = hasConfirmedOwnersExceptQuery;
+        _referenceEventService = referenceEventService;
+        _pushService = pushService;
+        _organizationRepository = organizationRepository;
+        _providerUserRepository = providerUserRepository;
     }
 
     public async Task DeleteUserAsync(Guid organizationId, Guid organizationUserId, Guid? deletingUserId)
@@ -89,7 +104,8 @@ public async Task DeleteUserAsync(Guid organizationId, Guid organizationUserId,
                     throw new NotFoundException("Member not found.");
                 }
 
-                await _userService.DeleteAsync(user);
+                await ValidateUserMembershipAndPremiumAsync(user);
+
                 results.Add((orgUserId, string.Empty));
             }
             catch (Exception ex)
@@ -98,6 +114,15 @@ public async Task DeleteUserAsync(Guid organizationId, Guid organizationUserId,
             }
         }
 
+        var orgUserResultsToDelete = results.Where(result => string.IsNullOrEmpty(result.ErrorMessage));
+        var orgUsersToDelete = orgUsers.Where(orgUser => orgUserResultsToDelete.Any(result => orgUser.Id == result.OrganizationUserId));
+        var usersToDelete = users.Where(user => orgUsersToDelete.Any(orgUser => orgUser.UserId == user.Id));
+
+        if (usersToDelete.Any())
+        {
+            await DeleteManyAsync(usersToDelete);
+        }
+
         await LogDeletedOrganizationUsersAsync(orgUsers, results);
 
         return results;
@@ -158,4 +183,59 @@ private async Task LogDeletedOrganizationUsersAsync(
             await _eventService.LogOrganizationUserEventsAsync(events);
         }
     }
+    private async Task DeleteManyAsync(IEnumerable<User> users)
+    {
+
+        await _userRepository.DeleteManyAsync(users);
+        foreach (var user in users)
+        {
+            await _referenceEventService.RaiseEventAsync(
+                new ReferenceEvent(ReferenceEventType.DeleteAccount, user, _currentContext));
+            await _pushService.PushLogOutAsync(user.Id);
+        }
+
+    }
+
+    private async Task ValidateUserMembershipAndPremiumAsync(User user)
+    {
+        // Check if user is the only owner of any organizations.
+        var onlyOwnerCount = await _organizationUserRepository.GetCountByOnlyOwnerAsync(user.Id);
+        if (onlyOwnerCount > 0)
+        {
+            throw new BadRequestException("Cannot delete this user because it is the sole owner of at least one organization. Please delete these organizations or upgrade another user.");
+        }
+
+        var orgs = await _organizationUserRepository.GetManyDetailsByUserAsync(user.Id, OrganizationUserStatusType.Confirmed);
+        if (orgs.Count == 1)
+        {
+            var org = await _organizationRepository.GetByIdAsync(orgs.First().OrganizationId);
+            if (org != null && (!org.Enabled || string.IsNullOrWhiteSpace(org.GatewaySubscriptionId)))
+            {
+                var orgCount = await _organizationUserRepository.GetCountByOrganizationIdAsync(org.Id);
+                if (orgCount <= 1)
+                {
+                    await _organizationRepository.DeleteAsync(org);
+                }
+                else
+                {
+                    throw new BadRequestException("Cannot delete this user because it is the sole owner of at least one organization. Please delete these organizations or upgrade another user.");
+                }
+            }
+        }
+
+        var onlyOwnerProviderCount = await _providerUserRepository.GetCountByOnlyOwnerAsync(user.Id);
+        if (onlyOwnerProviderCount > 0)
+        {
+            throw new BadRequestException("Cannot delete this user because it is the sole owner of at least one provider. Please delete these providers or upgrade another user.");
+        }
+
+        if (!string.IsNullOrWhiteSpace(user.GatewaySubscriptionId))
+        {
+            try
+            {
+                await _userService.CancelPremiumAsync(user);
+            }
+            catch (GatewayException) { }
+        }
+    }
 }

src/Core/Repositories/IUserRepository.cs

@@ -32,4 +32,5 @@ public interface IUserRepository : IRepository<User, Guid>
     /// <param name="updateDataActions">Registered database calls to update re-encrypted data.</param>
     Task UpdateUserKeyAndEncryptedDataAsync(User user,
         IEnumerable<UpdateEncryptedDataForKeyRotation> updateDataActions);
+    Task DeleteManyAsync(IEnumerable<User> users);
 }

src/Infrastructure.Dapper/Repositories/UserRepository.cs

@@ -172,6 +172,18 @@ await connection.ExecuteAsync(
                 commandTimeout: 180);
         }
     }
+    public async Task DeleteManyAsync(IEnumerable<User> users)
+    {
+        var ids = users.Select(user => user.Id);
+        using (var connection = new SqlConnection(ConnectionString))
+        {
+            await connection.ExecuteAsync(
+                $"[{Schema}].[{Table}_DeleteByIds]",
+                new { Ids = JsonSerializer.Serialize(ids) },
+                commandType: CommandType.StoredProcedure,
+                commandTimeout: 180);
+        }
+    }
 
     public async Task UpdateStorageAsync(Guid id)
     {

src/Infrastructure.EntityFramework/Repositories/UserRepository.cs

@@ -261,6 +261,53 @@ join ou in dbContext.OrganizationUsers on gu.OrganizationUserId equals ou.Id
             var mappedUser = Mapper.Map<User>(user);
             dbContext.Users.Remove(mappedUser);
 
+            await transaction.CommitAsync();
+            await dbContext.SaveChangesAsync();
+        }
+    }
+
+    public async Task DeleteManyAsync(IEnumerable<Core.Entities.User> users)
+    {
+        using (var scope = ServiceScopeFactory.CreateScope())
+        {
+            var dbContext = GetDatabaseContext(scope);
+
+            var transaction = await dbContext.Database.BeginTransactionAsync();
+
+            var targetIds = users.Select(u => u.Id).ToList();
+
+            await dbContext.WebAuthnCredentials.Where(wa => targetIds.Contains(wa.UserId)).ExecuteDeleteAsync();
+            await dbContext.Ciphers.Where(c => targetIds.Contains(c.UserId ?? default)).ExecuteDeleteAsync();
+            await dbContext.Folders.Where(f => targetIds.Contains(f.UserId)).ExecuteDeleteAsync();
+            await dbContext.AuthRequests.Where(a => targetIds.Contains(a.UserId)).ExecuteDeleteAsync();
+            await dbContext.Devices.Where(d => targetIds.Contains(d.UserId)).ExecuteDeleteAsync();
+            var collectionUsers = from cu in dbContext.CollectionUsers
+                                  join ou in dbContext.OrganizationUsers on cu.OrganizationUserId equals ou.Id
+                                  where targetIds.Contains(ou.UserId ?? default)
+                                  select cu;
+            dbContext.CollectionUsers.RemoveRange(collectionUsers);
+            var groupUsers = from gu in dbContext.GroupUsers
+                             join ou in dbContext.OrganizationUsers on gu.OrganizationUserId equals ou.Id
+                             where targetIds.Contains(ou.UserId ?? default)
+                             select gu;
+            dbContext.GroupUsers.RemoveRange(groupUsers);
+            await dbContext.UserProjectAccessPolicy.Where(ap => targetIds.Contains(ap.OrganizationUser.UserId ?? default)).ExecuteDeleteAsync();
+            await dbContext.UserServiceAccountAccessPolicy.Where(ap => targetIds.Contains(ap.OrganizationUser.UserId ?? default)).ExecuteDeleteAsync();
+            await dbContext.OrganizationUsers.Where(ou => targetIds.Contains(ou.UserId ?? default)).ExecuteDeleteAsync();
+            await dbContext.ProviderUsers.Where(pu => targetIds.Contains(pu.UserId ?? default)).ExecuteDeleteAsync();
+            await dbContext.SsoUsers.Where(su => targetIds.Contains(su.UserId)).ExecuteDeleteAsync();
+            await dbContext.EmergencyAccesses.Where(ea => targetIds.Contains(ea.GrantorId) || targetIds.Contains(ea.GranteeId ?? default)).ExecuteDeleteAsync();
+            await dbContext.Sends.Where(s => targetIds.Contains(s.UserId ?? default)).ExecuteDeleteAsync();
+            await dbContext.NotificationStatuses.Where(ns => targetIds.Contains(ns.UserId)).ExecuteDeleteAsync();
+            await dbContext.Notifications.Where(n => targetIds.Contains(n.UserId ?? default)).ExecuteDeleteAsync();
+
+            foreach (var u in users)
+            {
+                var mappedUser = Mapper.Map<User>(u);
+                dbContext.Users.Remove(mappedUser);
+            }
+
+
             await transaction.CommitAsync();
             await dbContext.SaveChangesAsync();
         }

src/Sql/dbo/Stored Procedures/User_DeleteByIds.sql

@@ -0,0 +1,158 @@
+CREATE PROCEDURE [dbo].[User_DeleteByIds]
+    @Ids NVARCHAR(MAX)
+WITH RECOMPILE
+AS
+BEGIN
+    SET NOCOUNT ON
+    -- Declare a table variable to hold the parsed JSON data
+    DECLARE @ParsedIds TABLE (Id UNIQUEIDENTIFIER);
+
+    -- Parse the JSON input into the table variable
+    INSERT INTO @ParsedIds (Id)
+    SELECT value
+    FROM OPENJSON(@Ids);
+
+    -- Check if the input table is empty
+    IF (SELECT COUNT(1) FROM @ParsedIds) < 1
+    BEGIN
+        RETURN(-1);
+    END
+
+    DECLARE @BatchSize INT = 100
+
+    -- Delete ciphers
+    WHILE @BatchSize > 0
+    BEGIN
+        BEGIN TRANSACTION User_DeleteById_Ciphers
+
+        DELETE TOP(@BatchSize)
+        FROM
+            [dbo].[Cipher]
+        WHERE
+            [UserId] IN (SELECT * FROM @ParsedIds)
+
+        SET @BatchSize = @@ROWCOUNT
+
+        COMMIT TRANSACTION User_DeleteById_Ciphers
+    END
+
+    BEGIN TRANSACTION User_DeleteById
+
+    -- Delete WebAuthnCredentials
+    DELETE
+    FROM
+        [dbo].[WebAuthnCredential]
+    WHERE
+        [UserId] IN (SELECT * FROM @ParsedIds)
+
+    -- Delete folders
+    DELETE
+    FROM
+        [dbo].[Folder]
+    WHERE
+        [UserId] IN (SELECT * FROM @ParsedIds)
+
+    -- Delete AuthRequest, must be before Device
+    DELETE
+    FROM
+        [dbo].[AuthRequest]
+    WHERE 
+        [UserId] IN (SELECT * FROM @ParsedIds)
+
+    -- Delete devices
+    DELETE
+    FROM
+        [dbo].[Device]
+    WHERE
+        [UserId] IN (SELECT * FROM @ParsedIds)
+
+    -- Delete collection users
+    DELETE
+        CU
+    FROM
+        [dbo].[CollectionUser] CU
+        INNER JOIN
+        [dbo].[OrganizationUser] OU ON OU.[Id] = CU.[OrganizationUserId]
+    WHERE
+        OU.[UserId] IN (SELECT * FROM @ParsedIds)
+
+    -- Delete group users
+    DELETE
+        GU
+    FROM
+        [dbo].[GroupUser] GU
+        INNER JOIN
+        [dbo].[OrganizationUser] OU ON OU.[Id] = GU.[OrganizationUserId]
+    WHERE
+        OU.[UserId] IN (SELECT * FROM @ParsedIds)
+
+    -- Delete AccessPolicy
+    DELETE
+        AP
+    FROM
+        [dbo].[AccessPolicy] AP
+        INNER JOIN
+        [dbo].[OrganizationUser] OU ON OU.[Id] = AP.[OrganizationUserId]
+    WHERE
+        [UserId] IN (SELECT * FROM @ParsedIds)
+
+    -- Delete organization users
+    DELETE
+    FROM
+        [dbo].[OrganizationUser]
+    WHERE
+        [UserId] IN (SELECT * FROM @ParsedIds)
+
+    -- Delete provider users
+    DELETE
+    FROM
+        [dbo].[ProviderUser]
+    WHERE
+        [UserId] IN (SELECT * FROM @ParsedIds)
+
+    -- Delete SSO Users
+    DELETE
+    FROM
+        [dbo].[SsoUser]
+    WHERE
+        [UserId] IN (SELECT * FROM @ParsedIds)
+
+    -- Delete Emergency Accesses
+    DELETE
+    FROM
+        [dbo].[EmergencyAccess]
+    WHERE
+        [GrantorId] IN (SELECT * FROM @ParsedIds)
+        OR
+        [GranteeId] IN (SELECT * FROM @ParsedIds)
+
+    -- Delete Sends
+    DELETE
+    FROM
+        [dbo].[Send]
+    WHERE 
+        [UserId] IN (SELECT * FROM @ParsedIds)
+
+    -- Delete Notification Status
+    DELETE
+    FROM
+        [dbo].[NotificationStatus]
+    WHERE
+        [UserId] IN (SELECT * FROM @ParsedIds)
+
+    -- Delete Notification
+    DELETE
+    FROM
+        [dbo].[Notification]
+    WHERE
+        [UserId] IN (SELECT * FROM @ParsedIds)
+    
+    -- Finally, delete the user
+    DELETE
+    FROM
+        [dbo].[User]
+    WHERE
+        [Id] IN (SELECT * FROM @ParsedIds)
+
+    COMMIT TRANSACTION User_DeleteById
+END