Enhance RegisterUserCommand to integrate organization policy requirements for two-factor authentication. Added support for feature flags and refactored email two-factor provider setup into a separate method.

src/Core/Auth/UserFeatures/Registration/Implementations/RegisterUserCommand.cs

@@ -1,4 +1,6 @@
 using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
 using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Auth.Enums;
 using Bit.Core.Auth.Models;
@@ -42,6 +44,9 @@ public class RegisterUserCommand : IRegisterUserCommand
 
     private readonly IDataProtectorTokenFactory<EmergencyAccessInviteTokenable> _emergencyAccessInviteTokenDataFactory;
 
+    private readonly IOrganizationPolicyRequirementQuery _organizationPolicyRequirementQuery;
+    private readonly IFeatureService _featureService;
+
     private readonly string _disabledUserRegistrationExceptionMsg = "Open registration has been disabled by the system administrator.";
 
     public RegisterUserCommand(
@@ -56,7 +61,9 @@ public class RegisterUserCommand : IRegisterUserCommand
         IUserService userService,
         IMailService mailService,
         IValidateRedemptionTokenCommand validateRedemptionTokenCommand,
-        IDataProtectorTokenFactory<EmergencyAccessInviteTokenable> emergencyAccessInviteTokenDataFactory
+        IDataProtectorTokenFactory<EmergencyAccessInviteTokenable> emergencyAccessInviteTokenDataFactory,
+        IOrganizationPolicyRequirementQuery organizationPolicyRequirementQuery,
+        IFeatureService featureService
         )
     {
         _globalSettings = globalSettings;
@@ -76,6 +83,9 @@ public class RegisterUserCommand : IRegisterUserCommand
         _validateRedemptionTokenCommand = validateRedemptionTokenCommand;
         _emergencyAccessInviteTokenDataFactory = emergencyAccessInviteTokenDataFactory;
 
+        _organizationPolicyRequirementQuery = organizationPolicyRequirementQuery;
+        _featureService = featureService;
+
         _providerServiceDataProtector = dataProtectionProvider.CreateProtector("ProviderServiceDataProtector");
     }
 
@@ -213,14 +223,33 @@ public class RegisterUserCommand : IRegisterUserCommand
 
         var orgUser = await _organizationUserRepository.GetByIdAsync(orgUserId.Value);
         if (orgUser != null)
+        {
+            if (_featureService.IsEnabled(FeatureFlagKeys.PolicyRequirements))
+            {
+                var twoFactorPolicyRequirement = await _organizationPolicyRequirementQuery
+                    .GetAsync<OrganizationTwoFactorPolicyRequirement>(orgUser.OrganizationId);
+
+                if (twoFactorPolicyRequirement.IsRequired)
+                {
+                    EnableEmailTwoFactorForUser(user);
+                }
+            }
+            else
             {
                 var twoFactorPolicy = await _policyRepository.GetByOrganizationIdTypeAsync(orgUser.OrganizationId,
                     PolicyType.TwoFactorAuthentication);
                 if (twoFactorPolicy != null && twoFactorPolicy.Enabled)
+                {
+                    EnableEmailTwoFactorForUser(user);
+                }
+            }
+        }
+    }
+
+    private void EnableEmailTwoFactorForUser(User user)
     {
         user.SetTwoFactorProviders(new Dictionary<TwoFactorProviderType, TwoFactorProvider>
         {
-
             [TwoFactorProviderType.Email] = new TwoFactorProvider
             {
                 MetaData = new Dictionary<string, object> { ["Email"] = user.Email.ToLowerInvariant() },
@@ -229,8 +258,6 @@ public class RegisterUserCommand : IRegisterUserCommand
         });
         _userService.SetTwoFactorProvider(user, TwoFactorProviderType.Email);
     }
-        }
-    }
 
 
     private async Task SendAppropriateWelcomeEmailAsync(User user, string initiationPath)