bitwarden · voommen-livefront · Apr 9, 2026 · Apr 9, 2026 · Apr 9, 2026
@@ -125,4 +125,10 @@ public enum EventType : int
     ServiceAccount_GroupRemoved = 2303,
     ServiceAccount_Created = 2304,
     ServiceAccount_Deleted = 2305,
+
+    PhishingBlocker_SiteAccessed = 2400,
+    PhishingBlocker_SiteExited = 2401,
+    PhishingBlocker_Bypassed = 2402,
+
+
 }
@@ -146,7 +146,29 @@ public async Task<IActionResult> Post([FromBody] IEnumerable<EventModel> model)
 
                     await _eventService.LogOrganizationEventAsync(organization, eventModel.Type, eventModel.Date);
                     break;
+                case EventType.PhishingBlocker_SiteAccessed:
+                case EventType.PhishingBlocker_SiteExited:
+                case EventType.PhishingBlocker_Bypassed:
+                    if (!eventModel.OrganizationId.HasValue)
+                    {
+                        continue;
+                    }
 
+                    // Verify the user belongs to this organization
+                    var orgUserContext = await _organizationUserRepository.GetByOrganizationAsync(eventModel.OrganizationId.Value, _currentContext.UserId.Value);
+                    if (orgUserContext == null)
+                    {
+                        continue;
+                    }
+
+                    var organizationForPhishingEvent = await _organizationRepository.GetByIdAsync(eventModel.OrganizationId.Value);
+                    if (organizationForPhishingEvent == null || !organizationForPhishingEvent.UsePhishingBlocker)
+                    {
+                        continue;
+                    }
+
+                    await _eventService.LogOrganizationUserEventAsync(orgUserContext, eventModel.Type, eventModel.Date);
+                    break;
                 default:
                     continue;
             }

@@ -819,4 +819,120 @@ public async Task Post_OrganizationAutoConfirmAdmin_WithNullOrg_SkipsEvent(
         await _organizationRepository.Received(1).GetByIdAsync(orgId);
         await _eventService.DidNotReceiveWithAnyArgs().LogOrganizationEventAsync(default, default, default);
     }
+
+    [Theory]
+    [BitAutoData(EventType.PhishingBlocker_SiteAccessed)]
+    [BitAutoData(EventType.PhishingBlocker_SiteExited)]
+    [BitAutoData(EventType.PhishingBlocker_Bypassed)]
+    public async Task Post_PhishingBlocker_WithValidOrgUser_LogsOrganizationUserEvent(
+        EventType type, Guid userId, Guid orgId, OrganizationUser orgUser, Organization organization)
+    {
+        _currentContext.UserId.Returns(userId);
+        orgUser.OrganizationId = orgId;
+        organization.Id = orgId;
+        organization.UsePhishingBlocker = true;
+        _organizationUserRepository.GetByOrganizationAsync(orgId, userId).Returns(orgUser);
+        _organizationRepository.GetByIdAsync(orgId).Returns(organization);
+        var eventDate = DateTime.UtcNow;
+        var events = new List<EventModel>
+        {
+            new EventModel
+            {
+                Type = type,
+                OrganizationId = orgId,
+                Date = eventDate
+            }
+        };
+
+        var result = await _sut.Post(events);
+
+        Assert.IsType<OkResult>(result);
+        await _organizationRepository.Received(1).GetByIdAsync(orgId);
+        await _organizationUserRepository.Received(1).GetByOrganizationAsync(orgId, userId);
+        await _eventService.Received(1).LogOrganizationUserEventAsync(
+            Arg.Is<OrganizationUser>(o => o == orgUser), type, eventDate);
+    }
+
+    [Theory]
+    [BitAutoData(EventType.PhishingBlocker_SiteAccessed)]
+    [BitAutoData(EventType.PhishingBlocker_SiteExited)]
+    [BitAutoData(EventType.PhishingBlocker_Bypassed)]
+    public async Task Post_PhishingBlocker_WithoutOrgId_SkipsEvent(EventType type, Guid userId)
+    {
+        _currentContext.UserId.Returns(userId);
+        var events = new List<EventModel>
+        {
+            new EventModel
+            {
+                Type = type,
+                OrganizationId = null,
+                Date = DateTime.UtcNow
+            }
+        };
+
+        var result = await _sut.Post(events);
+
+        Assert.IsType<OkResult>(result);
+        await _organizationRepository.DidNotReceiveWithAnyArgs().GetByIdAsync(default);
+        await _organizationUserRepository.DidNotReceiveWithAnyArgs().GetByOrganizationAsync(default, default);
+        await _eventService.DidNotReceiveWithAnyArgs().LogOrganizationUserEventAsync(Arg.Any<OrganizationUser>(), Arg.Any<EventType>(), Arg.Any<DateTime?>());
+    }
+
+    [Theory]
+    [BitAutoData(EventType.PhishingBlocker_SiteAccessed)]
+    [BitAutoData(EventType.PhishingBlocker_SiteExited)]
+    [BitAutoData(EventType.PhishingBlocker_Bypassed)]
+    public async Task Post_PhishingBlocker_WithNullOrgUser_SkipsEvent(
+        EventType type, Guid userId, Guid orgId)
+    {
+        _currentContext.UserId.Returns(userId);
+        _organizationUserRepository.GetByOrganizationAsync(orgId, userId).Returns((OrganizationUser)null);
+        var events = new List<EventModel>
+        {
+            new EventModel
+            {
+                Type = type,
+                OrganizationId = orgId,
+                Date = DateTime.UtcNow
+            }
+        };
+
+        var result = await _sut.Post(events);
+
+        Assert.IsType<OkResult>(result);
+        await _organizationUserRepository.Received(1).GetByOrganizationAsync(orgId, userId);
+        await _organizationRepository.DidNotReceiveWithAnyArgs().GetByIdAsync(default);
+        await _eventService.DidNotReceiveWithAnyArgs().LogOrganizationUserEventAsync(Arg.Any<OrganizationUser>(), Arg.Any<EventType>(), Arg.Any<DateTime?>());
+    }
+
+    [Theory]
+    [BitAutoData(EventType.PhishingBlocker_SiteAccessed)]
+    [BitAutoData(EventType.PhishingBlocker_SiteExited)]
+    [BitAutoData(EventType.PhishingBlocker_Bypassed)]
+    public async Task Post_PhishingBlocker_WithPhishingBlockerDisabled_SkipsEvent(
+        EventType type, Guid userId, Guid orgId, Organization organization, OrganizationUser orgUser)
+    {
+        _currentContext.UserId.Returns(userId);
+        organization.Id = orgId;
+        organization.UsePhishingBlocker = false;
+        orgUser.OrganizationId = orgId;
+        _organizationRepository.GetByIdAsync(orgId).Returns(organization);
+        _organizationUserRepository.GetByOrganizationAsync(orgId, userId).Returns(orgUser);
+        var events = new List<EventModel>
+        {
+            new EventModel
+            {
+                Type = type,
+                OrganizationId = orgId,
+                Date = DateTime.UtcNow
+            }
+        };
+
+        var result = await _sut.Post(events);
+
+        Assert.IsType<OkResult>(result);
+        await _organizationUserRepository.Received(1).GetByOrganizationAsync(orgId, userId);
+        await _organizationRepository.Received(1).GetByIdAsync(orgId);
+        await _eventService.DidNotReceiveWithAnyArgs().LogOrganizationUserEventAsync(Arg.Any<OrganizationUser>(), Arg.Any<EventType>(), Arg.Any<DateTime?>());
+    }
 }