[PM-19332] Create InitPendingOrganizationCommand

src/Api/AdminConsole/Controllers/OrganizationUsersController.cs

@@ -63,6 +63,7 @@
     private readonly IPricingClient _pricingClient;
     private readonly IConfirmOrganizationUserCommand _confirmOrganizationUserCommand;
     private readonly IRestoreOrganizationUserCommand _restoreOrganizationUserCommand;
+    private readonly IInitPendingOrganizationCommand _initPendingOrganizationCommand;
 
     public OrganizationUsersController(
         IOrganizationRepository organizationRepository,
@@ -89,7 +90,8 @@
         IFeatureService featureService,
         IPricingClient pricingClient,
         IConfirmOrganizationUserCommand confirmOrganizationUserCommand,
-        IRestoreOrganizationUserCommand restoreOrganizationUserCommand)
+        IRestoreOrganizationUserCommand restoreOrganizationUserCommand,
+        IInitPendingOrganizationCommand initPendingOrganizationCommand)
     {
         _organizationRepository = organizationRepository;
         _organizationUserRepository = organizationUserRepository;
@@ -116,6 +118,7 @@
         _pricingClient = pricingClient;
         _confirmOrganizationUserCommand = confirmOrganizationUserCommand;
         _restoreOrganizationUserCommand = restoreOrganizationUserCommand;
+        _initPendingOrganizationCommand = initPendingOrganizationCommand;
     }
 
     [HttpGet("{id}")]
@@ -313,7 +316,7 @@
             throw new UnauthorizedAccessException();
         }
 
-        await _organizationService.InitPendingOrganization(user.Id, orgId, organizationUserId, model.Keys.PublicKey, model.Keys.EncryptedPrivateKey, model.CollectionName);
+        await _initPendingOrganizationCommand.InitPendingOrganizationAsync(user.Id, orgId, organizationUserId, model.Keys.PublicKey, model.Keys.EncryptedPrivateKey, model.CollectionName);
         await _acceptOrgUserCommand.AcceptOrgUserByEmailTokenAsync(organizationUserId, user, model.Token, _userService);
         await _confirmOrganizationUserCommand.ConfirmUserAsync(orgId, organizationUserId, model.Key, user.Id);
     }

src/Core/AdminConsole/OrganizationFeatures/Organizations/InitPendingOrganizationCommand.cs

@@ -0,0 +1,79 @@
+using Bit.Core.Entities;
+using Bit.Core.Enums;
+using Bit.Core.Exceptions;
+using Bit.Core.Models.Commands;
+using Bit.Core.Models.Data;
+using Bit.Core.OrganizationFeatures.OrganizationUsers.Interfaces;
+using Bit.Core.Repositories;
+using Bit.Core.Services;
+
+namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers;
+
+public class InitPendingOrganizationCommand : IInitPendingOrganizationCommand
+{
+
+    private readonly IOrganizationService _organizationService;
+    private readonly ICollectionRepository _collectionRepository;
+    private readonly IOrganizationRepository _organizationRepository;
+
+    public InitPendingOrganizationCommand(
+            IOrganizationService organizationService,
+            ICollectionRepository collectionRepository,
+            IOrganizationRepository organizationRepository
+            )
+    {
+        _organizationService = organizationService;
+        _collectionRepository = collectionRepository;
+        _organizationRepository = organizationRepository;
+    }
+
+    public async Task<CommandResult> InitPendingOrganizationAsync(Guid userId, Guid organizationId, Guid organizationUserId, string publicKey, string privateKey, string collectionName)
+    {
+        await _organizationService.ValidateSignUpPoliciesAsync(userId);
+
+        var org = await _organizationRepository.GetByIdAsync(organizationId);
+
+        if (org.Enabled)
+        {
+            throw new BadRequestException("Organization is already enabled.");
+        }
+
+        if (org.Status != OrganizationStatusType.Pending)
+        {
+            throw new BadRequestException("Organization is not on a Pending status.");
+        }
+
+        if (!string.IsNullOrEmpty(org.PublicKey))
+        {
+            throw new BadRequestException("Organization already has a Public Key.");
+        }
+
+        if (!string.IsNullOrEmpty(org.PrivateKey))
+        {
+            throw new BadRequestException("Organization already has a Private Key.");
+        }
+
+        org.Enabled = true;
+        org.Status = OrganizationStatusType.Created;
+        org.PublicKey = publicKey;
+        org.PrivateKey = privateKey;
+
+        await _organizationService.UpdateAsync(org);
+
+        if (!string.IsNullOrWhiteSpace(collectionName))
+        {
+            // give the owner Can Manage access over the default collection
+            List<CollectionAccessSelection> defaultOwnerAccess =
+                [new CollectionAccessSelection { Id = organizationUserId, HidePasswords = false, ReadOnly = false, Manage = true }];
+
+            var defaultCollection = new Collection
+            {
+                Name = collectionName,
+                OrganizationId = org.Id
+            };
+            await _collectionRepository.CreateAsync(defaultCollection, null, defaultOwnerAccess);
+        }
+
+        return new CommandResult();
+    }
+}

src/Core/AdminConsole/OrganizationFeatures/Organizations/Interfaces/IInitPendingOrganizationCommand.cs

@@ -0,0 +1,10 @@
+using Bit.Core.Models.Commands;
+namespace Bit.Core.OrganizationFeatures.OrganizationUsers.Interfaces;
+
+public interface IInitPendingOrganizationCommand
+{
+    /// <summary>
+    /// Accept an invitation to initialize and join an organization created via the Admin Portal
+    /// </summary>
+    Task<CommandResult> InitPendingOrganizationAsync(Guid userId, Guid organizationId, Guid organizationUserId, string publicKey, string privateKey, string collectionName);
+}

src/Core/AdminConsole/Services/IOrganizationService.cs

@@ -63,4 +63,5 @@ Task<List<Tuple<OrganizationUser, string>>> RevokeUsersAsync(Guid organizationId
     Task ValidateOrganizationUserUpdatePermissions(Guid organizationId, OrganizationUserType newType,
         OrganizationUserType? oldType, Permissions permissions);
     Task ValidateOrganizationCustomPermissionsEnabledAsync(Guid organizationId, OrganizationUserType newType);
+    Task ValidateSignUpPoliciesAsync(Guid ownerId);
 }

src/Core/AdminConsole/Services/Implementations/OrganizationService.cs

@@ -496,7 +496,7 @@ await _referenceEventService.RaiseEventAsync(
         return returnValue;
     }
 
-    private async Task ValidateSignUpPoliciesAsync(Guid ownerId)
+    public async Task ValidateSignUpPoliciesAsync(Guid ownerId)
     {
         var anySingleOrgPolicies = await _policyService.AnyPoliciesApplicableToUserAsync(ownerId, PolicyType.SingleOrg);
         if (anySingleOrgPolicies)