[PM-16777] Fix exception when bulk restoring revoked users who never accepted invitations (#5224)

* Fix null handling for UserId in Two Factor Authentication checks * Add tests for restoring users with and without 2FA policies
2025-06-30 07:36:14 -05:00 · 2025-01-20 14:59:10 +00:00
parent 5423e5d52f
commit 04e5626c57
2 changed files with 107 additions and 2 deletions
--- a/src/Core/AdminConsole/Services/Implementations/OrganizationService.cs
+++ b/src/Core/AdminConsole/Services/Implementations/OrganizationService.cs
@ -2165,7 +2165,8 @@ public class OrganizationService : IOrganizationService

        // Query Two Factor Authentication status for all users in the organization
        // This is an optimization to avoid querying the Two Factor Authentication status for each user individually
-        var organizationUsersTwoFactorEnabled = await _twoFactorIsEnabledQuery.TwoFactorIsEnabledAsync(filteredUsers.Select(ou => ou.UserId.Value));
+        var organizationUsersTwoFactorEnabled = await _twoFactorIsEnabledQuery.TwoFactorIsEnabledAsync(
+            filteredUsers.Where(ou => ou.UserId.HasValue).Select(ou => ou.UserId.Value));

        var result = new List<Tuple<OrganizationUser, string>>();

@ -2188,7 +2189,8 @@ public class OrganizationService : IOrganizationService
                    throw new BadRequestException("Only owners can restore other owners.");
                }

-                var twoFactorIsEnabled = organizationUsersTwoFactorEnabled.FirstOrDefault(ou => ou.userId == organizationUser.UserId.Value).twoFactorIsEnabled;
+                var twoFactorIsEnabled = organizationUser.UserId.HasValue
+                    && organizationUsersTwoFactorEnabled.FirstOrDefault(ou => ou.userId == organizationUser.UserId.Value).twoFactorIsEnabled;
                await CheckPoliciesBeforeRestoreAsync(organizationUser, twoFactorIsEnabled);

                var status = GetPriorActiveOrganizationUserStatusType(organizationUser);