[PM-10319] - Revoke Non Complaint Users for 2FA and Single Org Policy Enablement (#5037)

- Revoking users when enabling single org and 2fa policies. - Updated emails sent when users are revoked via 2FA or Single Organization policy enablement Co-authored-by: Matt Bishop <mbishop@bitwarden.com> Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>
2025-06-30 15:42:48 -05:00 · 2024-11-26 16:37:12 -06:00
parent 8f703a29ac
commit 1b75e35c31
36 changed files with 1074 additions and 73 deletions
--- a/src/Core/Services/IMailService.cs
+++ b/src/Core/Services/IMailService.cs
@ -35,6 +35,8 @@ public interface IMailService
    Task SendOrganizationAcceptedEmailAsync(Organization organization, string userIdentifier, IEnumerable<string> adminEmails, bool hasAccessSecretsManager = false);
    Task SendOrganizationConfirmedEmailAsync(string organizationName, string email, bool hasAccessSecretsManager = false);
    Task SendOrganizationUserRemovedForPolicyTwoStepEmailAsync(string organizationName, string email);
+    Task SendOrganizationUserRevokedForTwoFactoryPolicyEmailAsync(string organizationName, string email);
+    Task SendOrganizationUserRevokedForPolicySingleOrgEmailAsync(string organizationName, string email);
    Task SendPasswordlessSignInAsync(string returnUrl, string token, string email);
    Task SendInvoiceUpcoming(
        string email,
--- a/src/Core/Services/Implementations/HandlebarsMailService.cs
+++ b/src/Core/Services/Implementations/HandlebarsMailService.cs
@ -25,8 +25,7 @@ public class HandlebarsMailService : IMailService
    private readonly GlobalSettings _globalSettings;
    private readonly IMailDeliveryService _mailDeliveryService;
    private readonly IMailEnqueuingService _mailEnqueuingService;
-    private readonly Dictionary<string, HandlebarsTemplate<object, object>> _templateCache =
-        new Dictionary<string, HandlebarsTemplate<object, object>>();
+    private readonly Dictionary<string, HandlebarsTemplate<object, object>> _templateCache = new();

    private bool _registeredHelpersAndPartials = false;

@ -295,6 +294,20 @@ public class HandlebarsMailService : IMailService
        await _mailDeliveryService.SendEmailAsync(message);
    }

+    public async Task SendOrganizationUserRevokedForTwoFactoryPolicyEmailAsync(string organizationName, string email)
+    {
+        var message = CreateDefaultMessage($"You have been revoked from {organizationName}", email);
+        var model = new OrganizationUserRevokedForPolicyTwoFactorViewModel
+        {
+            OrganizationName = CoreHelpers.SanitizeForEmail(organizationName, false),
+            WebVaultUrl = _globalSettings.BaseServiceUri.VaultWithHash,
+            SiteName = _globalSettings.SiteName
+        };
+        await AddMessageContentAsync(message, "AdminConsole.OrganizationUserRevokedForTwoFactorPolicy", model);
+        message.Category = "OrganizationUserRevokedForTwoFactorPolicy";
+        await _mailDeliveryService.SendEmailAsync(message);
+    }
+
    public async Task SendWelcomeEmailAsync(User user)
    {
        var message = CreateDefaultMessage("Welcome to Bitwarden!", user.Email);
@ -496,6 +509,20 @@ public class HandlebarsMailService : IMailService
        await _mailDeliveryService.SendEmailAsync(message);
    }

+    public async Task SendOrganizationUserRevokedForPolicySingleOrgEmailAsync(string organizationName, string email)
+    {
+        var message = CreateDefaultMessage($"You have been revoked from {organizationName}", email);
+        var model = new OrganizationUserRevokedForPolicySingleOrgViewModel
+        {
+            OrganizationName = CoreHelpers.SanitizeForEmail(organizationName, false),
+            WebVaultUrl = _globalSettings.BaseServiceUri.VaultWithHash,
+            SiteName = _globalSettings.SiteName
+        };
+        await AddMessageContentAsync(message, "AdminConsole.OrganizationUserRevokedForSingleOrgPolicy", model);
+        message.Category = "OrganizationUserRevokedForSingleOrgPolicy";
+        await _mailDeliveryService.SendEmailAsync(message);
+    }
+
    public async Task SendEnqueuedMailMessageAsync(IMailQueueMessage queueMessage)
    {
        var message = CreateDefaultMessage(queueMessage.Subject, queueMessage.ToEmails);
--- a/src/Core/Services/NoopImplementations/NoopMailService.cs
+++ b/src/Core/Services/NoopImplementations/NoopMailService.cs
@ -79,6 +79,12 @@ public class NoopMailService : IMailService
        return Task.FromResult(0);
    }

+    public Task SendOrganizationUserRevokedForTwoFactoryPolicyEmailAsync(string organizationName, string email) =>
+        Task.CompletedTask;
+
+    public Task SendOrganizationUserRevokedForPolicySingleOrgEmailAsync(string organizationName, string email) =>
+        Task.CompletedTask;
+
    public Task SendTwoFactorEmailAsync(string email, string token)
    {
        return Task.FromResult(0);