diff --git a/src/Api/AdminConsole/Controllers/PoliciesController.cs b/src/Api/AdminConsole/Controllers/PoliciesController.cs index 86a1609ee6..11777f293f 100644 --- a/src/Api/AdminConsole/Controllers/PoliciesController.cs +++ b/src/Api/AdminConsole/Controllers/PoliciesController.cs @@ -2,15 +2,18 @@ using Bit.Api.AdminConsole.Models.Response.Helpers; using Bit.Api.AdminConsole.Models.Response.Organizations; using Bit.Api.Models.Response; +using Bit.Core; using Bit.Core.AdminConsole.Entities; using Bit.Core.AdminConsole.Enums; using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationDomains.Interfaces; using Bit.Core.AdminConsole.OrganizationFeatures.Policies; using Bit.Core.AdminConsole.Repositories; +using Bit.Core.AdminConsole.Services; using Bit.Core.Auth.Models.Business.Tokenables; using Bit.Core.Context; using Bit.Core.Enums; using Bit.Core.Exceptions; +using Bit.Core.Models.Api.Response; using Bit.Core.Repositories; using Bit.Core.Services; using Bit.Core.Settings; @@ -36,6 +39,7 @@ public class PoliciesController : Controller private readonly IDataProtectorTokenFactory _orgUserInviteTokenDataFactory; private readonly IPolicyRepository _policyRepository; private readonly IUserService _userService; + private readonly IPolicyService _policyService; private readonly ISavePolicyCommand _savePolicyCommand; @@ -49,7 +53,8 @@ public class PoliciesController : Controller IFeatureService featureService, IOrganizationHasVerifiedDomainsQuery organizationHasVerifiedDomainsQuery, IOrganizationRepository organizationRepository, - ISavePolicyCommand savePolicyCommand) + ISavePolicyCommand savePolicyCommand, + IPolicyService policyService) { _policyRepository = policyRepository; _organizationUserRepository = organizationUserRepository; @@ -63,6 +68,7 @@ public class PoliciesController : Controller _featureService = featureService; _organizationHasVerifiedDomainsQuery = organizationHasVerifiedDomainsQuery; _savePolicyCommand = savePolicyCommand; + _policyService = policyService; } [HttpGet("{type}")] @@ -192,6 +198,15 @@ public class PoliciesController : Controller return new PolicyResponseModel(policy); } + [HttpGet("~/policies/master-password")] + [RequireFeature(FeatureFlagKeys.ChangeExistingPasswordRefactor)] + public async Task GetMasterPasswordPolicy() + { + var userId = _userService.GetProperUserId(User).Value; + + return new MasterPasswordPolicyResponseModel(await _policyService.GetMasterPasswordPolicyForUserAsync(new Guid(userId.ToString()), true)); + } + [HttpPut("{type}")] public async Task Put(Guid orgId, PolicyType type, [FromBody] PolicyRequestModel model) { diff --git a/src/Api/Auth/Controllers/AccountsController.cs b/src/Api/Auth/Controllers/AccountsController.cs index 2499b269f5..1153e75ba0 100644 --- a/src/Api/Auth/Controllers/AccountsController.cs +++ b/src/Api/Auth/Controllers/AccountsController.cs @@ -278,7 +278,7 @@ public class AccountsController : Controller if (await _userService.CheckPasswordAsync(user, model.MasterPasswordHash)) { - var policyData = await _policyService.GetMasterPasswordPolicyForUserAsync(user); + var policyData = await _policyService.GetMasterPasswordPolicyForUserAsync(user.Id); return new MasterPasswordPolicyResponseModel(policyData); } diff --git a/src/Core/AdminConsole/Services/IPolicyService.cs b/src/Core/AdminConsole/Services/IPolicyService.cs index d2674d6abd..b9824fc6ac 100644 --- a/src/Core/AdminConsole/Services/IPolicyService.cs +++ b/src/Core/AdminConsole/Services/IPolicyService.cs @@ -1,6 +1,5 @@ using Bit.Core.AdminConsole.Enums; using Bit.Core.AdminConsole.Models.Data.Organizations.Policies; -using Bit.Core.Entities; using Bit.Core.Enums; using Bit.Core.Models.Data.Organizations.OrganizationUsers; @@ -11,7 +10,7 @@ public interface IPolicyService /// /// Get the combined master password policy options for the specified user. /// - Task GetMasterPasswordPolicyForUserAsync(User user, bool getConfirmedOrAccepted = false); + Task GetMasterPasswordPolicyForUserAsync(Guid userId, bool getConfirmedOrAccepted = false); Task> GetPoliciesApplicableToUserAsync(Guid userId, PolicyType policyType, OrganizationUserStatusType minStatus = OrganizationUserStatusType.Accepted); Task AnyPoliciesApplicableToUserAsync(Guid userId, PolicyType policyType, OrganizationUserStatusType minStatus = OrganizationUserStatusType.Accepted); } diff --git a/src/Core/AdminConsole/Services/Implementations/PolicyService.cs b/src/Core/AdminConsole/Services/Implementations/PolicyService.cs index 676293d669..afa50835a5 100644 --- a/src/Core/AdminConsole/Services/Implementations/PolicyService.cs +++ b/src/Core/AdminConsole/Services/Implementations/PolicyService.cs @@ -1,7 +1,6 @@ using Bit.Core.AdminConsole.Enums; using Bit.Core.AdminConsole.Models.Data.Organizations.Policies; using Bit.Core.AdminConsole.Repositories; -using Bit.Core.Entities; using Bit.Core.Enums; using Bit.Core.Models.Data.Organizations.OrganizationUsers; using Bit.Core.Repositories; @@ -29,13 +28,16 @@ public class PolicyService : IPolicyService _globalSettings = globalSettings; } - public async Task GetMasterPasswordPolicyForUserAsync(User user, bool getConfirmedOrAccepted = false) + // Reuse this in the policies controller + public async Task GetMasterPasswordPolicyForUserAsync( + Guid userId, + bool getConfirmedOrAccepted = false) { var policies = getConfirmedOrAccepted ? - (await _policyRepository.GetManyAcceptedOrConfirmedByUserIdAsync(user.Id)) + (await _policyRepository.GetManyAcceptedOrConfirmedByUserIdAsync(userId)) .Where(p => p.Type == PolicyType.MasterPassword && p.Enabled) .ToList() - : (await _policyRepository.GetManyByUserIdAsync(user.Id)) + : (await _policyRepository.GetManyByUserIdAsync(userId)) .Where(p => p.Type == PolicyType.MasterPassword && p.Enabled) .ToList(); diff --git a/src/Identity/IdentityServer/RequestValidators/BaseRequestValidator.cs b/src/Identity/IdentityServer/RequestValidators/BaseRequestValidator.cs index 2d94703873..f2576bddcd 100644 --- a/src/Identity/IdentityServer/RequestValidators/BaseRequestValidator.cs +++ b/src/Identity/IdentityServer/RequestValidators/BaseRequestValidator.cs @@ -369,7 +369,7 @@ public abstract class BaseRequestValidator where T : class return null; } - return new MasterPasswordPolicyResponseModel(await PolicyService.GetMasterPasswordPolicyForUserAsync(user, true)); + return new MasterPasswordPolicyResponseModel(await PolicyService.GetMasterPasswordPolicyForUserAsync(user.Id, true)); } ///