nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-05-22 20:11:04 -05:00
Code

Enhance RegisterUserCommand to integrate organization policy requirements for two-factor authentication. Added support for feature flags and refactored email two-factor provider setup into a separate method.

Browse Source
This commit is contained in:
Rui Tome 2025-05-22 16:36:08 +01:00
parent 87085e5d67
commit 03b0dc04c4
No known key found for this signature in database
GPG Key ID: 526239D96A8EC066
1 changed files with 40 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
src/Core/Auth/UserFeatures/Registration/Implementations/RegisterUserCommand.cs
View File

@ -1,4 +1,6 @@
using Bit.Core.AdminConsole.Enums; using Bit.Core.AdminConsole.Enums;
using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
using Bit.Core.AdminConsole.Repositories; using Bit.Core.AdminConsole.Repositories;
using Bit.Core.Auth.Enums; using Bit.Core.Auth.Enums;
using Bit.Core.Auth.Models; using Bit.Core.Auth.Models;
@ -42,6 +44,9 @@ public class RegisterUserCommand : IRegisterUserCommand
private readonly IDataProtectorTokenFactory<EmergencyAccessInviteTokenable> _emergencyAccessInviteTokenDataFactory; private readonly IDataProtectorTokenFactory<EmergencyAccessInviteTokenable> _emergencyAccessInviteTokenDataFactory;
private readonly IOrganizationPolicyRequirementQuery _organizationPolicyRequirementQuery;
private readonly IFeatureService _featureService;
private readonly string _disabledUserRegistrationExceptionMsg = "Open registration has been disabled by the system administrator."; private readonly string _disabledUserRegistrationExceptionMsg = "Open registration has been disabled by the system administrator.";
public RegisterUserCommand( public RegisterUserCommand(
@ -56,7 +61,9 @@ public class RegisterUserCommand : IRegisterUserCommand
IUserService userService, IUserService userService,
IMailService mailService, IMailService mailService,
IValidateRedemptionTokenCommand validateRedemptionTokenCommand, IValidateRedemptionTokenCommand validateRedemptionTokenCommand,
IDataProtectorTokenFactory<EmergencyAccessInviteTokenable> emergencyAccessInviteTokenDataFactory IDataProtectorTokenFactory<EmergencyAccessInviteTokenable> emergencyAccessInviteTokenDataFactory,
IOrganizationPolicyRequirementQuery organizationPolicyRequirementQuery,
IFeatureService featureService
) )
{ {
_globalSettings = globalSettings; _globalSettings = globalSettings;
@ -76,6 +83,9 @@ public class RegisterUserCommand : IRegisterUserCommand
_validateRedemptionTokenCommand = validateRedemptionTokenCommand; _validateRedemptionTokenCommand = validateRedemptionTokenCommand;
_emergencyAccessInviteTokenDataFactory = emergencyAccessInviteTokenDataFactory; _emergencyAccessInviteTokenDataFactory = emergencyAccessInviteTokenDataFactory;
_organizationPolicyRequirementQuery = organizationPolicyRequirementQuery;
_featureService = featureService;
_providerServiceDataProtector = dataProtectionProvider.CreateProtector("ProviderServiceDataProtector"); _providerServiceDataProtector = dataProtectionProvider.CreateProtector("ProviderServiceDataProtector");
} }
@ -214,24 +224,41 @@ public class RegisterUserCommand : IRegisterUserCommand
var orgUser = await _organizationUserRepository.GetByIdAsync(orgUserId.Value); var orgUser = await _organizationUserRepository.GetByIdAsync(orgUserId.Value);
if (orgUser != null) if (orgUser != null)
{ {
var twoFactorPolicy = await _policyRepository.GetByOrganizationIdTypeAsync(orgUser.OrganizationId, if (_featureService.IsEnabled(FeatureFlagKeys.PolicyRequirements))
PolicyType.TwoFactorAuthentication);
if (twoFactorPolicy != null && twoFactorPolicy.Enabled)
{ {
user.SetTwoFactorProviders(new Dictionary<TwoFactorProviderType, TwoFactorProvider> var twoFactorPolicyRequirement = await _organizationPolicyRequirementQuery
{ .GetAsync<OrganizationTwoFactorPolicyRequirement>(orgUser.OrganizationId);
[TwoFactorProviderType.Email] = new TwoFactorProvider if (twoFactorPolicyRequirement.IsRequired)
{ {
MetaData = new Dictionary<string, object> { ["Email"] = user.Email.ToLowerInvariant() }, EnableEmailTwoFactorForUser(user);
Enabled = true }
} }
}); else
_userService.SetTwoFactorProvider(user, TwoFactorProviderType.Email); {
var twoFactorPolicy = await _policyRepository.GetByOrganizationIdTypeAsync(orgUser.OrganizationId,
PolicyType.TwoFactorAuthentication);
if (twoFactorPolicy != null && twoFactorPolicy.Enabled)
{
EnableEmailTwoFactorForUser(user);
}
} }
} }
} }
private void EnableEmailTwoFactorForUser(User user)
{
user.SetTwoFactorProviders(new Dictionary<TwoFactorProviderType, TwoFactorProvider>
{
[TwoFactorProviderType.Email] = new TwoFactorProvider
{
MetaData = new Dictionary<string, object> { ["Email"] = user.Email.ToLowerInvariant() },
Enabled = true
}
});
_userService.SetTwoFactorProvider(user, TwoFactorProviderType.Email);
}
private async Task SendAppropriateWelcomeEmailAsync(User user, string initiationPath) private async Task SendAppropriateWelcomeEmailAsync(User user, string initiationPath)
{ {