[PM-25520] - Adding a transaction for mutliple repo calls

[jrmccannon]

🎟️ Tracking

PM-25520

📔 Objective

Adding a transaction around subsequent repo calls.

📸 Screenshots

[codecov]

Codecov Report

❌ Patch coverage is 72.36025% with 89 lines in your changes missing coverage. Please review.
✅ Project coverage is 64.16%. Comparing base (d9149c0) to head (ffde772).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
src/Core/Platform/Data/NestedTransactionScope.cs	0.00%	18 Missing ⚠️
src/Core/Platform/Data/TransactionState.cs	56.66%	11 Missing and 2 partials ⚠️
...ructure.EntityFramework/Repositories/Repository.cs	38.09%	13 Missing ⚠️
...astructure.Dapper/Data/DapperTransactionManager.cs	0.00%	12 Missing ⚠️
src/Core/Platform/Data/RootTransactionScope.cs	54.16%	9 Missing and 2 partials ⚠️
...work/Repositories/BaseEntityFrameworkRepository.cs	80.76%	2 Missing and 3 partials ⚠️
src/Core/Platform/Data/TransactionManagerBase.cs	60.00%	3 Missing and 1 partial ⚠️
...Console/Repositories/OrganizationUserRepository.cs	88.88%	4 Missing ⚠️
...frastructure.Dapper/Repositories/BaseRepository.cs	89.47%	2 Missing and 2 partials ⚠️
...er/AdminConsole/Repositories/ProviderRepository.cs	0.00%	3 Missing ⚠️
... and 2 more

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7555      +/-   ##
==========================================
+ Coverage   59.73%   64.16%   +4.43%     
==========================================
  Files        2109     2115       +6     
  Lines       92752    92981     +229     
  Branches     8246     8261      +15     
==========================================
+ Hits        55402    59658    +4256     
+ Misses      35385    31261    -4124     
- Partials     1965     2062      +97     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

Checkmarx One – Scan Summary & Details – 6c8e5418-0c83-477c-9bb1-014fe400bb43

---

New Issues (2)

Checkmarx found the following issues in this Pull Request

#	Severity	Issue	Source File / Package	Checkmarx Insight
1		CSRF	src/Api/Vault/Controllers/CiphersController.cs: 1558	details Method at line 1558 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
2		CSRF	src/Api/Vault/Controllers/CiphersController.cs: 1385	details Method at line 1385 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector

---

Fixed Issues (27)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CSRF	src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 514
	CSRF	src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs: 55
	CSRF	src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 145
	CSRF	src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 97
	CSRF	src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 229
	CSRF	src/Api/Tools/Controllers/SendsController.cs: 73
	CSRF	src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs: 145
	CSRF	src/Identity/Controllers/AccountsController.cs: 138
	CSRF	src/Api/Auth/Controllers/AccountsController.cs: 217
	CSRF	src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 173
	CSRF	src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs: 104
	CSRF	src/Api/Billing/Controllers/VNext/OrganizationBillingVNextController.cs: 107
	CSRF	src/Api/Billing/Controllers/VNext/OrganizationBillingVNextController.cs: 95
	CSRF	src/Api/Billing/Controllers/VNext/ProviderBillingVNextController.cs: 82
	CSRF	src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs: 93
	CSRF	src/Api/Billing/Controllers/VNext/OrganizationBillingVNextController.cs: 49
	CSRF	src/Api/Billing/Controllers/VNext/ProviderBillingVNextController.cs: 40
	CSRF	src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 173
	CSRF	src/Api/Auth/Controllers/AccountsController.cs: 721
	CSRF	src/Api/Auth/Controllers/AccountsController.cs: 412
	CSRF	src/Api/Auth/Controllers/AccountsController.cs: 192
	CSRF	src/Api/Auth/Controllers/AccountsController.cs: 126
	CSRF	src/Api/Auth/Controllers/AccountsController.cs: 664
	CSRF	src/Api/Auth/Controllers/AccountsController.cs: 641
	CSRF	src/Api/Auth/Controllers/EmergencyAccessController.cs: 173
	CSRF	src/Api/Auth/Controllers/AccountsController.cs: 385
	CSRF	src/Api/Auth/Controllers/AccountsController.cs: 558

[jrmccannon]

Test is failing due to the fact that its creating a SqlServerTestDatabase and it won't be able to pull the connection string to do so. Unsure of how to proceed with this.

Do we want to add a SQL server db for this test or just skip it in CI?

@eliykat @justindbaur

[eliykat]

Test is failing due to the fact that its creating a SqlServerTestDatabase and it won't be able to pull the connection string to do so. Unsure of how to proceed with this.

Do we want to add a SQL server db for this test or just skip it in CI?

We definitely don't want to skip it in CI, or it'll never be run in practice.

The CI job does set up and connect to SQL server, e.g. https://github.com/bitwarden/server/blob/master/.github/workflows/test-database.yml#L131-L132.

I assume your issue is caused by the DapperTransactionManager getting its connection string from GlobalSettings. Have a look at how DatabaseDataAttribute works - it injects the integration test database strings into the repository implementations during tests, maybe you can do a similar thing here.

[mzieniukbw]

Nice, i love the direction. There is a bit duplication between EF and Dapper, but generally good direction in my opinion.

[mzieniukbw]

❓ Serializable transaction isolation is the strictest you can get, but it have side effects compared to default, like it can throw error if there was a concurrent write (in different transaciton). Is this by choice here ?
On a side note, this changes the business logic, which i wonder, whether this PR should do.

In most cases this transaction isolation is unnecessary, in which case, it is better to begin the transaction just before the first write, not during the get.

One important note, the copy paste code trend is unavoidable and we will see other places using this isolation level for no reason, just because it was used somewhere else. If we would use serializable isolation level by choice here, i think a reasonable comment should be added explaining why it might be needed here.

@bitwarden/dept-dbops Opinions ?

[jrmccannon]

The isolation is needed so that we can get the current seat count and ensure that it won't change before we complete our request.

For this specific command, multiple requests come into SCIM grab the organization at the same time and attempt to add their user. Currently, the orgservice#inviteuser method grabs resources multiple times including calling out to stripe. An optimized command for inviting users was created, but that introduced an issue where multiple requests would race to update the seat count and all set it to the same value instead of incrementing it.

3 requests come in => get Org: { Seats: 2 } and each add a seat to the org.Seat value. Each request would set org.Seat to 3 when in reality they should set it to 5 (assuming both Org.Seats are occupied). There's also the ability for an Org to set a limit (Org.MaxSeats: 4). So two should succeed and one should fail.

The SCIM protocol requires the server tell it whether the user was safely provisioned so we have to succeed or fail and can't just switch it to an asynchronous add.

With serialized, this would ensure that the seat count is updated correctly as the requests come in.

So that was the reason for this approach. I'd be interested in another way as this is very heavy handed.

[mzieniukbw]

❓ Since NestedTransactionScope takes care of decreasing the reference count on disposal, shouldn't it also own increasing reference count ?
(Same for dapper)

[jrmccannon]

Good point this isn't even read anywhere so I'll remove it and add a base class the transaction manager.

[sonarqubecloud]

Quality Gate passed

Issues
2 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud