nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-06 19:20:33 -05:00
Code

Refactor AcceptOrgUserCommand: delegate feature flag check to the ValidateTwoFactorAuthenticationPolicyAsync method

Browse Source
This commit is contained in:
Rui Tome 2025-05-26 10:35:10 +01:00
parent d98b4b3c4e
commit 265dd37ca0
No known key found for this signature in database
GPG Key ID: 526239D96A8EC066
1 changed files with 21 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AcceptOrgUserCommand.cs
View File

@ -203,22 +203,7 @@ public class AcceptOrgUserCommand : IAcceptOrgUserCommand
} }
// Enforce Two Factor Authentication Policy of organization user is trying to join // Enforce Two Factor Authentication Policy of organization user is trying to join
if (_featureService.IsEnabled(FeatureFlagKeys.PolicyRequirements))
{
await ValidateTwoFactorAuthenticationPolicyAsync(user, orgUser.OrganizationId); await ValidateTwoFactorAuthenticationPolicyAsync(user, orgUser.OrganizationId);
}
else
{
if (!await _twoFactorIsEnabledQuery.TwoFactorIsEnabledAsync(user))
{
var invitedTwoFactorPolicies = await _policyService.GetPoliciesApplicableToUserAsync(user.Id,
PolicyType.TwoFactorAuthentication, OrganizationUserStatusType.Invited);
if (invitedTwoFactorPolicies.Any(p => p.OrganizationId == orgUser.OrganizationId))
{
throw new BadRequestException("You cannot join this organization until you enable two-step login on your user account.");
}
}
}
orgUser.Status = OrganizationUserStatusType.Accepted; orgUser.Status = OrganizationUserStatusType.Accepted;
orgUser.UserId = user.Id; orgUser.UserId = user.Id;
@ -247,6 +232,8 @@ public class AcceptOrgUserCommand : IAcceptOrgUserCommand
/// <exception cref="BadRequestException">Thrown if the policy applies to the organization and /// <exception cref="BadRequestException">Thrown if the policy applies to the organization and
/// the user does not have two-step login enabled.</exception> /// the user does not have two-step login enabled.</exception>
private async Task ValidateTwoFactorAuthenticationPolicyAsync(User user, Guid organizationId) private async Task ValidateTwoFactorAuthenticationPolicyAsync(User user, Guid organizationId)
{
if (_featureService.IsEnabled(FeatureFlagKeys.PolicyRequirements))
{ {
var twoFactorPolicyRequirement = await _policyRequirementQuery.GetAsync<RequireTwoFactorPolicyRequirement>(user.Id); var twoFactorPolicyRequirement = await _policyRequirementQuery.GetAsync<RequireTwoFactorPolicyRequirement>(user.Id);
var twoFactorRequiredForOrganization = twoFactorPolicyRequirement.IsTwoFactorRequiredForOrganization(organizationId); var twoFactorRequiredForOrganization = twoFactorPolicyRequirement.IsTwoFactorRequiredForOrganization(organizationId);
@ -256,4 +243,17 @@ public class AcceptOrgUserCommand : IAcceptOrgUserCommand
throw new BadRequestException("You cannot join this organization until you enable two-step login on your user account."); throw new BadRequestException("You cannot join this organization until you enable two-step login on your user account.");
} }
} }
else
{
if (!await _twoFactorIsEnabledQuery.TwoFactorIsEnabledAsync(user))
{
var invitedTwoFactorPolicies = await _policyService.GetPoliciesApplicableToUserAsync(user.Id,
PolicyType.TwoFactorAuthentication, OrganizationUserStatusType.Invited);
if (invitedTwoFactorPolicies.Any(p => p.OrganizationId == organizationId))
{
throw new BadRequestException("You cannot join this organization until you enable two-step login on your user account.");
}
}
}
}
} }