CSA-1 - adding master password authentication when enrolling in passw… (#1940)

* CSA-2 - adding master password authentication when enrolling in password reset * Getting user by principal rather than ID * Removing unnecessary userId call * Use secret verification for re-auth api requests Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
2025-06-30 23:52:50 -05:00 · 2022-05-19 15:55:42 -04:00
parent 60e36a8f0f
commit 452472deab
2 changed files with 19 additions and 3 deletions
--- a/src/Api/Models/Request/Organizations/OrganizationUserRequestModels.cs
+++ b/src/Api/Models/Request/Organizations/OrganizationUserRequestModels.cs
@ -3,6 +3,7 @@ using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
 using System.Linq;
 using System.Text.Json;
+using Bit.Api.Models.Request.Accounts;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Models.Data;
@ -92,7 +93,7 @@ namespace Bit.Api.Models.Request.Organizations
        public IEnumerable<string> GroupIds { get; set; }
    }

-    public class OrganizationUserResetPasswordEnrollmentRequestModel
+    public class OrganizationUserResetPasswordEnrollmentRequestModel : SecretVerificationRequestModel
    {
        public string ResetPasswordKey { get; set; }
    }