user premium validation job

src/Billing/Controllers/JobsController.cs

@@ -1,38 +0,0 @@
-using Bit.Core.Services;
-using Microsoft.AspNetCore.Mvc;
-using Microsoft.Extensions.Options;
-using System.Threading.Tasks;
-
-namespace Bit.Billing.Controllers
-{
-    [Route("jobs")]
-    public class JobsController : Controller
-    {
-        private readonly BillingSettings _billingSettings;
-        private readonly IOrganizationService _organizationService;
-        private readonly IUserService _userService;
-
-        public JobsController(
-            IOptions<BillingSettings> billingSettings,
-            IOrganizationService organizationService,
-            IUserService userService)
-        {
-            _billingSettings = billingSettings?.Value;
-            _organizationService = organizationService;
-            _userService = userService;
-        }
-
-        [HttpPost("expirations")]
-        public async Task<IActionResult> PostExpirations([FromQuery] string key)
-        {
-            if(key != _billingSettings.JobsKey)
-            {
-                return new BadRequestResult();
-            }
-
-            // TODO check for all users/orgs that are expired and disable them
-
-            return new OkResult();
-        }
-    }
-}

src/Core/Repositories/IOrganizationRepository.cs

@@ -7,7 +7,7 @@ namespace Bit.Core.Repositories
 {
     public interface IOrganizationRepository : IRepository<Organization, Guid>
     {
-        Task<ICollection<Organization>> GetManyAsync();
+        Task<ICollection<Organization>> GetManyByEnabledAsync();
         Task<ICollection<Organization>> GetManyByUserIdAsync(Guid userId);
         Task UpdateStorageAsync(Guid id);
     }

src/Core/Repositories/IUserRepository.cs

@@ -1,4 +1,5 @@
 using System;
+using System.Collections.Generic;
 using System.Threading.Tasks;
 using Bit.Core.Models.Table;
 
@@ -7,6 +8,7 @@ namespace Bit.Core.Repositories
     public interface IUserRepository : IRepository<User, Guid>
     {
         Task<User> GetByEmailAsync(string email);
+        Task<ICollection<User>> GetManyByPremiumAsync(bool premium);
         Task<string> GetPublicKeyAsync(Guid id);
         Task<DateTime> GetAccountRevisionDateAsync(Guid id);
         Task UpdateStorageAsync(Guid id);

src/Core/Repositories/SqlServer/OrganizationRepository.cs

@@ -19,12 +19,12 @@ namespace Bit.Core.Repositories.SqlServer
             : base(connectionString)
         { }
 
-        public async Task<ICollection<Organization>> GetManyAsync()
+        public async Task<ICollection<Organization>> GetManyByEnabledAsync()
         {
             using(var connection = new SqlConnection(ConnectionString))
             {
                 var results = await connection.QueryAsync<Organization>(
-                    "[dbo].[Organization_Read]",
+                    "[dbo].[Organization_ReadByEnabled]",
                     commandType: CommandType.StoredProcedure);
 
                 return results.ToList();

src/Core/Repositories/SqlServer/UserRepository.cs

@@ -1,4 +1,5 @@
 using System;
+using System.Collections.Generic;
 using System.Data;
 using System.Data.SqlClient;
 using System.Linq;
@@ -36,6 +37,19 @@ namespace Bit.Core.Repositories.SqlServer
             }
         }
 
+        public async Task<ICollection<User>> GetManyByPremiumAsync(bool premium)
+        {
+            using(var connection = new SqlConnection(ConnectionString))
+            {
+                var results = await connection.QueryAsync<User>(
+                    "[dbo].[User_ReadByPremium]",
+                    new { Premium = premium },
+                    commandType: CommandType.StoredProcedure);
+
+                return results.ToList();
+            }
+        }
+
         public async Task<string> GetPublicKeyAsync(Guid id)
         {
             using(var connection = new SqlConnection(ConnectionString))

src/Core/Services/ILicensingService.cs

@@ -7,6 +7,7 @@ namespace Bit.Core.Services
     public interface ILicensingService
     {
         Task ValidateOrganizationsAsync();
+        Task ValidateUsersAsync();
         Task<bool> ValidateUserPremiumAsync(User user);
         bool VerifyLicense(ILicense license);
         byte[] SignLicense(ILicense license);

src/Core/Services/Implementations/LicensingService.cs

@@ -15,25 +15,28 @@ using System.Threading.Tasks;
 
 namespace Bit.Core.Services
 {
-    public class RsaLicensingService : ILicensingService
+    public class LicensingService : ILicensingService
     {
         private readonly X509Certificate2 _certificate;
         private readonly GlobalSettings _globalSettings;
         private readonly IUserRepository _userRepository;
         private readonly IOrganizationRepository _organizationRepository;
-        private readonly ILogger<RsaLicensingService> _logger;
+        private readonly IOrganizationUserRepository _organizationUserRepository;
+        private readonly ILogger<LicensingService> _logger;
 
         private IDictionary<Guid, DateTime> _userCheckCache = new Dictionary<Guid, DateTime>();
 
-        public RsaLicensingService(
+        public LicensingService(
             IUserRepository userRepository,
             IOrganizationRepository organizationRepository,
+            IOrganizationUserRepository organizationUserRepository,
             IHostingEnvironment environment,
-            ILogger<RsaLicensingService> logger,
+            ILogger<LicensingService> logger,
             GlobalSettings globalSettings)
         {
             _userRepository = userRepository;
             _organizationRepository = organizationRepository;
+            _organizationUserRepository = organizationUserRepository;
             _logger = logger;
 
             var certThumbprint = "‎207e64a231e8aa32aaf68a61037c075ebebd553f";
@@ -59,10 +62,10 @@ namespace Bit.Core.Services
                 return;
             }
 
-            var orgs = await _organizationRepository.GetManyAsync();
+            var orgs = await _organizationRepository.GetManyByEnabledAsync();
             _logger.LogInformation("Validating licenses for {0} organizations.", orgs.Count);
 
-            foreach(var org in orgs.Where(o => o.Enabled))
+            foreach(var org in orgs)
             {
                 var license = ReadOrganiztionLicense(org);
                 if(license == null || !license.VerifyData(org, _globalSettings) || !license.VerifySignature(_certificate))
@@ -78,6 +81,42 @@ namespace Bit.Core.Services
             }
         }
 
+        public async Task ValidateUsersAsync()
+        {
+            if(!_globalSettings.SelfHosted)
+            {
+                return;
+            }
+
+            var premiumUsers = await _userRepository.GetManyByPremiumAsync(true);
+            _logger.LogInformation("Validating premium for {0} users.", premiumUsers.Count);
+
+            foreach(var user in premiumUsers)
+            {
+                await ProcessUserValidationAsync(user);
+            }
+
+            var nonPremiumUsers = await _userRepository.GetManyByPremiumAsync(false);
+            _logger.LogInformation("Checking to restore premium for {0} users.", nonPremiumUsers.Count);
+
+            foreach(var user in nonPremiumUsers)
+            {
+                var details = await _organizationUserRepository.GetManyDetailsByUserAsync(user.Id);
+                if(details.Any(d => d.Enabled))
+                {
+                    _logger.LogInformation("Granting premium to user {0}({1}) because they are in an active organization.",
+                        user.Id, user.Email);
+
+                    user.Premium = true;
+                    user.MaxStorageGb = 10240; // 10 TB
+                    user.RevisionDate = DateTime.UtcNow;
+                    user.PremiumExpirationDate = null;
+                    user.LicenseKey = null;
+                    await _userRepository.ReplaceAsync(user);
+                }
+            }
+        }
+
         public async Task<bool> ValidateUserPremiumAsync(User user)
         {
             if(!_globalSettings.SelfHosted)
@@ -110,10 +149,30 @@ namespace Bit.Core.Services
             }
 
             _logger.LogInformation("Validating premium license for user {0}({1}).", user.Id, user.Email);
+            return await ProcessUserValidationAsync(user);
+        }
 
+        private async Task<bool> ProcessUserValidationAsync(User user)
+        {
             var license = ReadUserLicense(user);
-            var licensedForPremium = license != null && license.VerifyData(user) && license.VerifySignature(_certificate);
-            if(!licensedForPremium)
+            var valid = license != null && license.VerifyData(user) && license.VerifySignature(_certificate);
+
+            if(!valid)
+            {
+                var details = await _organizationUserRepository.GetManyDetailsByUserAsync(user.Id);
+                valid = details.Any(d => d.Enabled);
+
+                if(valid && (!string.IsNullOrWhiteSpace(user.LicenseKey) || user.PremiumExpirationDate.HasValue))
+                {
+                    // user used to be on a license but is now part of a organization that gives them premium.
+                    // update the record.
+                    user.PremiumExpirationDate = null;
+                    user.LicenseKey = null;
+                    await _userRepository.ReplaceAsync(user);
+                }
+            }
+
+            if(!valid)
             {
                 _logger.LogInformation("User {0}({1}) has an invalid license and premium is being disabled.",
                     user.Id, user.Email);
@@ -124,7 +183,7 @@ namespace Bit.Core.Services
                 await _userRepository.ReplaceAsync(user);
             }
 
-            return licensedForPremium;
+            return valid;
         }
 
         public bool VerifyLicense(ILicense license)

src/Core/Services/NoopImplementations/NoopLicensingService.cs

@@ -23,6 +23,11 @@ namespace Bit.Core.Services
             return Task.FromResult(0);
         }
 
+        public Task ValidateUsersAsync()
+        {
+            return Task.FromResult(0);
+        }
+
         public Task<bool> ValidateUserPremiumAsync(User user)
         {
             return Task.FromResult(user.Premium);

src/Core/Utilities/ServiceCollectionExtensions.cs

@@ -63,7 +63,7 @@ namespace Bit.Core.Utilities
                 services.AddSingleton<IMailService, RazorMailService>();
             }
 
-            services.AddSingleton<ILicensingService, RsaLicensingService>();
+            services.AddSingleton<ILicensingService, LicensingService>();
 
             if(CoreHelpers.SettingHasValue(globalSettings.Mail.SendGridApiKey))
             {

src/Jobs/Program.cs

@@ -56,8 +56,8 @@ namespace Bit.Jobs
                     case "validate-organizations":
                         await _licensingService.ValidateOrganizationsAsync();
                         break;
-                    case "validate-users":
-                        // TODO
+                    case "validate-users-premium":
+                        await _licensingService.ValidateUsersAsync();
                         break;
                     case "refresh-licenses":
                         // TODO

src/Jobs/crontab

@@ -1,4 +1,5 @@
 0 * * * * root dotnet /jobs/Jobs.dll -d /jobs -j alive >> /var/log/cron.log 2>&1
 0 */6 * * * root dotnet /jobs/Jobs.dll -d /jobs -j validate-organizations >> /var/log/cron.log 2>&1
+30 */12 * * * root dotnet /jobs/Jobs.dll -d /jobs -j validate-users-premium >> /var/log/cron.log 2>&1
 
 # An empty line is required at the end of this file for a valid cron file.

src/Sql/Sql.sqlproj

@@ -210,6 +210,7 @@
     <Build Include="dbo\Stored Procedures\Installation_ReadById.sql" />
     <Build Include="dbo\Stored Procedures\Installation_Update.sql" />
     <Build Include="dbo\Views\InstallationView.sql" />
-    <Build Include="dbo\Stored Procedures\Organization_Read.sql" />
+    <Build Include="dbo\Stored Procedures\Organization_ReadByEnabled.sql" />
+    <Build Include="dbo\Stored Procedures\User_ReadByPremium.sql" />
   </ItemGroup>
 </Project>

src/Sql/dbo/Stored Procedures/Organization_ReadByEnabled.sql

@@ -1,5 +1,4 @@
-CREATE PROCEDURE [dbo].[Organization_Read]
-    @Id UNIQUEIDENTIFIER
+CREATE PROCEDURE [dbo].[Organization_ReadByEnabled]
 AS
 BEGIN
     SET NOCOUNT ON
@@ -8,4 +7,6 @@ BEGIN
         *
     FROM
         [dbo].[OrganizationView]
+    WHERE
+        [Enabled] = 1
 END

src/Sql/dbo/Stored Procedures/User_ReadByPremium.sql

@@ -0,0 +1,13 @@
+CREATE PROCEDURE [dbo].[User_ReadByPremium]
+    @Premium BIT
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    SELECT
+        *
+    FROM
+        [dbo].[UserView]
+    WHERE
+        [Premium] = @Premium
+END

util/Setup/DbScripts/2017-08-22_00_LicenseCheckScripts.sql

@@ -0,0 +1,46 @@
+IF OBJECT_ID('[dbo].[Organization_Read]') IS NOT NULL
+BEGIN
+    DROP PROCEDURE [dbo].[Organization_Read]
+END
+GO
+
+IF OBJECT_ID('[dbo].[Organization_ReadByEnabled]') IS NOT NULL
+BEGIN
+    DROP PROCEDURE [dbo].[Organization_ReadByEnabled]
+END
+GO
+
+CREATE PROCEDURE [dbo].[Organization_ReadByEnabled]
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    SELECT
+        *
+    FROM
+        [dbo].[OrganizationView]
+    WHERE
+        [Enabled] = 1
+END
+GO
+
+IF OBJECT_ID('[dbo].[User_ReadByPremium]') IS NOT NULL
+BEGIN
+    DROP PROCEDURE [dbo].[User_ReadByPremium]
+END
+GO
+
+CREATE PROCEDURE [dbo].[User_ReadByPremium]
+    @Premium BIT
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    SELECT
+        *
+    FROM
+        [dbo].[UserView]
+    WHERE
+        [Premium] = @Premium
+END
+GO

util/Setup/Setup.csproj

@@ -7,6 +7,7 @@
   </PropertyGroup>
 
   <ItemGroup>
+    <EmbeddedResource Include="DbScripts\2017-08-22_00_LicenseCheckScripts.sql" />
     <EmbeddedResource Include="DbScripts\2017-08-19_00_InitialSetup.sql" />
   </ItemGroup>