[Reset Password] Admin reset actions (#1272)

* [Reset Password] Admin reset actions * Updated thrown except for permission collision * Updated GET/PUT password reset to use orgUser.Id for db operations
2025-06-30 23:52:50 -05:00 · 2021-04-20 16:58:57 -05:00
parent ba36afe69c
commit 477f679fc6
7 changed files with 155 additions and 2 deletions
--- a/src/Core/Models/Api/Request/Organizations/OrganizationUserResetPasswordRequestModel.cs
+++ b/src/Core/Models/Api/Request/Organizations/OrganizationUserResetPasswordRequestModel.cs
@ -0,0 +1,13 @@
+using System.ComponentModel.DataAnnotations;
+
+namespace Bit.Core.Models.Api
+{
+    public class OrganizationUserResetPasswordRequestModel
+    {
+        [Required]
+        [StringLength(300)]
+        public string NewMasterPasswordHash { get; set; }
+        [Required]
+        public string Key { get; set; }
+    }
+}
--- a/src/Core/Models/Api/Response/OrganizationUserResponseModel.cs
+++ b/src/Core/Models/Api/Response/OrganizationUserResponseModel.cs
@ -23,6 +23,7 @@ namespace Bit.Core.Models.Api
            Status = organizationUser.Status;
            AccessAll = organizationUser.AccessAll;
            Permissions = CoreHelpers.LoadClassFromJsonData<Permissions>(organizationUser.Permissions);
+            ResetPasswordEnrolled = !string.IsNullOrEmpty(organizationUser.ResetPasswordKey);
        }

        public OrganizationUserResponseModel(OrganizationUserUserDetails organizationUser, string obj = "organizationUser")
@ -39,6 +40,7 @@ namespace Bit.Core.Models.Api
            Status = organizationUser.Status;
            AccessAll = organizationUser.AccessAll;
            Permissions = CoreHelpers.LoadClassFromJsonData<Permissions>(organizationUser.Permissions);
+            ResetPasswordEnrolled = !string.IsNullOrEmpty(organizationUser.ResetPasswordKey);
        }

        public string Id { get; set; }
@ -47,6 +49,7 @@ namespace Bit.Core.Models.Api
        public OrganizationUserStatusType Status { get; set; }
        public bool AccessAll { get; set; }
        public Permissions Permissions { get; set; }
+        public bool ResetPasswordEnrolled { get; set; }
    }

    public class OrganizationUserDetailsResponseModel : OrganizationUserResponseModel
@ -83,4 +86,24 @@ namespace Bit.Core.Models.Api
        public bool TwoFactorEnabled { get; set; }
        public bool SsoBound { get; set; }
    }
+
+    public class OrganizationUserResetPasswordDetailsResponseModel : ResponseModel
+    {
+        public OrganizationUserResetPasswordDetailsResponseModel(OrganizationUserResetPasswordDetails orgUser,
+            string obj = "organizationUserResetPasswordDetails") : base(obj)
+        {
+            if (orgUser == null)
+            {
+                throw new ArgumentNullException(nameof(orgUser));
+            }
+
+            Kdf = orgUser.Kdf;
+            KdfIterations = orgUser.KdfIterations;
+            ResetPasswordKey = orgUser.ResetPasswordKey;
+        }
+        
+        public KdfType Kdf { get; set; }
+        public int KdfIterations { get; set; }
+        public string ResetPasswordKey { get; set; }
+    }
 }
--- a/src/Core/Models/Api/Response/ProfileOrganizationResponseModel.cs
+++ b/src/Core/Models/Api/Response/ProfileOrganizationResponseModel.cs
@ -30,7 +30,7 @@ namespace Bit.Core.Models.Api
            SsoBound = !string.IsNullOrWhiteSpace(organization.SsoExternalId);
            Identifier = organization.Identifier;
            Permissions = CoreHelpers.LoadClassFromJsonData<Permissions>(organization.Permissions);
-            ResetPasswordKey = organization.ResetPasswordKey;
+            ResetPasswordEnrolled = organization.ResetPasswordKey != null;
            UserId = organization.UserId?.ToString();
        }

@ -57,7 +57,7 @@ namespace Bit.Core.Models.Api
        public bool SsoBound { get; set; }
        public string Identifier { get; set; }
        public Permissions Permissions { get; set; }
-        public string ResetPasswordKey { get; set; }
+        public bool ResetPasswordEnrolled { get; set; }
        public string UserId { get; set; }
    }
 }
--- a/src/Core/Models/Data/OrganizationUserResetPasswordDetails.cs
+++ b/src/Core/Models/Data/OrganizationUserResetPasswordDetails.cs
@ -0,0 +1,29 @@
+using System;
+using Bit.Core.Enums;
+using Bit.Core.Models.Table;
+
+namespace Bit.Core.Models.Data
+{
+    public class OrganizationUserResetPasswordDetails
+    {
+        public OrganizationUserResetPasswordDetails(OrganizationUser orgUser, User user)
+        {
+            if (orgUser == null)
+            {
+                throw new ArgumentNullException(nameof(orgUser));
+            }
+            
+            if (user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+
+            Kdf = user.Kdf;
+            KdfIterations = user.KdfIterations;
+            ResetPasswordKey = orgUser.ResetPasswordKey;
+        }
+        public KdfType Kdf { get; set; }
+        public int KdfIterations { get; set; }
+        public string ResetPasswordKey { get; set; }
+    }
+}