[Require SSO] Enterprise policy enforcement (#970)

* Initial commit of require sso authentication policy enforcement * Updated sproc to send UseSso flag // Updated base validator to send back error message // Added changes to EntityFramework (just so its there for the future * Update policy name // adjusted conditional to demorgan's * Updated sproc // Added migrator script * Added .sql file extension to DeleteOrgUserWithOrg migrator script * Added policy // edit // strings // validation to business portal * Change requests from review // Added Owner & Admin exemption * Updated repository function used to get org user's type * Updated with requested changes
2025-07-01 08:02:49 -05:00 · 2020-10-26 11:56:16 -05:00
parent e872b4df9d
commit 66e44759f0
15 changed files with 195 additions and 11 deletions
--- a/src/Core/IdentityServer/ResourceOwnerPasswordValidator.cs
+++ b/src/Core/IdentityServer/ResourceOwnerPasswordValidator.cs
@ -31,10 +31,11 @@ namespace Bit.Core.IdentityServer
            IMailService mailService,
            ILogger<ResourceOwnerPasswordValidator> logger,
            CurrentContext currentContext,
-            GlobalSettings globalSettings)
+            GlobalSettings globalSettings,
+            IPolicyRepository policyRepository)
            : base(userManager, deviceRepository, deviceService, userService, eventService,
                  organizationDuoWebTokenProvider, organizationRepository, organizationUserRepository,
-                  applicationCacheService, mailService, logger, currentContext, globalSettings)
+                  applicationCacheService, mailService, logger, currentContext, globalSettings, policyRepository)
        {
            _userManager = userManager;
            _userService = userService;
@ -77,6 +78,13 @@ namespace Bit.Core.IdentityServer
                customResponse);
        }

+        protected override void SetSsoResult(ResourceOwnerPasswordValidationContext context,
+            Dictionary<string, object> customResponse)
+        {
+            context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "Sso authentication required.",
+                customResponse);
+        }
+
        protected override void SetErrorResult(ResourceOwnerPasswordValidationContext context,
            Dictionary<string, object> customResponse)
        {