nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-05 05:00:19 -05:00
Code

Add check to ensure admins or owners arn't enrolled in key connector (#1725)

Browse Source
This commit is contained in:
Oscar Hinton 2021-11-18 21:56:13 +01:00 committed by GitHub
parent 2dc29e51d1
commit 6008715abc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 27 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
src/Core/Services/Implementations/UserService.cs
View File

@ -639,15 +639,10 @@ namespace Bit.Core.Services
public async Task<IdentityResult> SetKeyConnectorKeyAsync(User user, string key, string orgIdentifier) public async Task<IdentityResult> SetKeyConnectorKeyAsync(User user, string key, string orgIdentifier)
{ {
if (user == null) var identityResult = CheckCanUseKeyConnector(user);
if (identityResult != null)
{ {
throw new ArgumentNullException(nameof(user)); return identityResult;
}
if (user.UsesKeyConnector)
{
Logger.LogWarning("Already uses Key Connector.");
return IdentityResult.Failed(_identityErrorDescriber.UserAlreadyHasPassword());
} }
user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow; user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
@ -663,6 +658,24 @@ namespace Bit.Core.Services
} }
public async Task<IdentityResult> ConvertToKeyConnectorAsync(User user) public async Task<IdentityResult> ConvertToKeyConnectorAsync(User user)
{
var identityResult = CheckCanUseKeyConnector(user);
if (identityResult != null)
{
return identityResult;
}
user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
user.MasterPassword = null;
user.UsesKeyConnector = true;
await _userRepository.ReplaceAsync(user);
await _eventService.LogUserEventAsync(user.Id, EventType.User_MigratedKeyToKeyConnector);
return IdentityResult.Success;
}
private IdentityResult CheckCanUseKeyConnector(User user)
{ {
if (user == null) if (user == null)
{ {
@ -675,14 +688,13 @@ namespace Bit.Core.Services
return IdentityResult.Failed(_identityErrorDescriber.UserAlreadyHasPassword()); return IdentityResult.Failed(_identityErrorDescriber.UserAlreadyHasPassword());
} }
user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow; if (_currentContext.Organizations.Any(u =>
user.MasterPassword = null; u.Type is OrganizationUserType.Owner or OrganizationUserType.Admin))
user.UsesKeyConnector = true; {
throw new BadRequestException("Cannot use Key Connector when admin or owner of an organization.");
}
await _userRepository.ReplaceAsync(user); return null;
await _eventService.LogUserEventAsync(user.Id, EventType.User_MigratedKeyToKeyConnector);
return IdentityResult.Success;
} }
public async Task<IdentityResult> AdminResetPasswordAsync(OrganizationUserType callingUserType, Guid orgId, Guid id, string newMasterPassword, string key) public async Task<IdentityResult> AdminResetPasswordAsync(OrganizationUserType callingUserType, Guid orgId, Guid id, string newMasterPassword, string key)