org invite validation and email tweaks

2025-07-01 08:02:49 -05:00 · 2017-03-28 21:16:19 -04:00
parent da29160218
commit 472a4ade8f
6 changed files with 43 additions and 4 deletions
--- a/src/Core/Services/Implementations/OrganizationService.cs
+++ b/src/Core/Services/Implementations/OrganizationService.cs
@ -105,9 +105,15 @@ namespace Bit.Core.Services
                throw new BadRequestException("Cannot invite users.");
            }

-            // TODO: make sure user is not already invited
+            // Make sure user is not already invited
+            var existingOrgUser = await _organizationUserRepository.GetByOrganizationAsync(organizationId, email);
+            if(existingOrgUser != null)
+            {
+                throw new BadRequestException("User already invited.");
+            }

-            // TODO: validate subvaults?
+            var orgSubvaults = await _subvaultRepository.GetManyByOrganizationIdAsync(organizationId);
+            var filteredSubvaults = subvaults.Where(s => orgSubvaults.Any(os => os.Id == s.SubvaultId));

            var orgUser = new OrganizationUser
            {
@ -122,7 +128,7 @@ namespace Bit.Core.Services
            };

            await _organizationUserRepository.CreateAsync(orgUser);
-            await SaveUserSubvaultsAsync(orgUser, subvaults, true);
+            await SaveUserSubvaultsAsync(orgUser, filteredSubvaults, true);
            await SendInviteAsync(orgUser);

            return orgUser;
@ -147,10 +153,11 @@ namespace Bit.Core.Services

        private async Task SendInviteAsync(OrganizationUser orgUser)
        {
+            var org = await _organizationRepository.GetByIdAsync(orgUser.OrganizationId);
            var nowMillis = CoreHelpers.ToEpocMilliseconds(DateTime.UtcNow);
            var token = _dataProtector.Protect(
                $"OrganizationUserInvite {orgUser.Id} {orgUser.Email} {nowMillis}");
-            await _mailService.SendOrganizationInviteEmailAsync("Organization Name", orgUser, token);
+            await _mailService.SendOrganizationInviteEmailAsync(org.Name, orgUser, token);
        }

        public async Task<OrganizationUser> AcceptUserAsync(Guid organizationUserId, User user, string token)
--- a/src/Core/Services/Implementations/SendGridMailService.cs
+++ b/src/Core/Services/Implementations/SendGridMailService.cs
@ -4,6 +4,7 @@ using System.Threading.Tasks;
 using Bit.Core.Models.Table;
 using SendGrid;
 using SendGrid.Helpers.Mail;
+using System.Net;

 namespace Bit.Core.Services
 {
@ -98,6 +99,7 @@ namespace Bit.Core.Services
            message.AddSubstitution("{{organizationId}}", orgUser.OrganizationId.ToString());
            message.AddSubstitution("{{organizationUserId}}", orgUser.Id.ToString());
            message.AddSubstitution("{{token}}", token);
+            message.AddSubstitution("{{email}}", WebUtility.UrlEncode(orgUser.Email));
            message.AddCategories(new List<string> { AdministrativeCategoryName, "Organization Invite" });

            await _client.SendEmailAsync(message);