[Reset Password] Organization Key Pair (#1292)

* [Reset Password] Organization Key Pair * Fixed type in Organization_ReadAbilites sproc * Fixed broken unit test by making sure premium addon was false * Updated PublicKey decorator and removed unecessary validation
2025-07-02 16:42:50 -05:00 · 2021-05-06 14:53:12 -05:00
parent cae204cb7c
commit 70ab5b25a1
26 changed files with 535 additions and 12 deletions
--- a/src/Core/Services/IOrganizationService.cs
+++ b/src/Core/Services/IOrganizationService.cs
@ -20,7 +20,7 @@ namespace Bit.Core.Services
        Task VerifyBankAsync(Guid organizationId, int amount1, int amount2);
        Task<Tuple<Organization, OrganizationUser>> SignUpAsync(OrganizationSignup organizationSignup);
        Task<Tuple<Organization, OrganizationUser>> SignUpAsync(OrganizationLicense license, User owner,
-            string ownerKey, string collectionName);
+            string ownerKey, string collectionName, string publicKey, string privateKey);
        Task UpdateLicenseAsync(Guid organizationId, OrganizationLicense license);
        Task DeleteAsync(Organization organization);
        Task EnableAsync(Guid organizationId, DateTime? expirationDate);
--- a/src/Core/Services/Implementations/OrganizationService.cs
+++ b/src/Core/Services/Implementations/OrganizationService.cs
@ -237,6 +237,8 @@ namespace Bit.Core.Services
                        $"Disable your SSO configuration.");
                }
            }
+            
+            // TODO Reset Password - Throw error if policy enabled and new pland doesn't allow

            // TODO: Check storage?

@ -275,10 +277,13 @@ namespace Bit.Core.Services
            organization.Use2fa = newPlan.Has2fa;
            organization.UseApi = newPlan.HasApi;
            organization.UseSso = newPlan.HasSso;
+            organization.UseResetPassword = newPlan.HasResetPassword;
            organization.SelfHost = newPlan.HasSelfHost;
            organization.UsersGetPremium = newPlan.UsersGetPremium || upgrade.PremiumAccessAddon;
            organization.Plan = newPlan.Name;
            organization.Enabled = success;
+            organization.PublicKey = upgrade.PublicKey;
+            organization.PrivateKey = upgrade.PrivateKey;
            await ReplaceAndUpdateCache(organization);
            if (success)
            {
@ -564,6 +569,7 @@ namespace Bit.Core.Services
                UseTotp = plan.HasTotp,
                Use2fa = plan.Has2fa,
                UseApi = plan.HasApi,
+                UseResetPassword = plan.HasResetPassword,
                SelfHost = plan.HasSelfHost,
                UsersGetPremium = plan.UsersGetPremium || signup.PremiumAccessAddon,
                Plan = plan.Name,
@ -572,6 +578,8 @@ namespace Bit.Core.Services
                Enabled = true,
                LicenseKey = CoreHelpers.SecureRandomString(20),
                ApiKey = CoreHelpers.SecureRandomString(30),
+                PublicKey = signup.PublicKey,
+                PrivateKey = signup.PrivateKey,
                CreationDate = DateTime.UtcNow,
                RevisionDate = DateTime.UtcNow,
            };
@ -605,7 +613,8 @@ namespace Bit.Core.Services
        }

        public async Task<Tuple<Organization, OrganizationUser>> SignUpAsync(
-            OrganizationLicense license, User owner, string ownerKey, string collectionName)
+            OrganizationLicense license, User owner, string ownerKey, string collectionName, string publicKey,
+            string privateKey)
        {
            if (license == null || !_licensingService.VerifyLicense(license))
            {
@ -647,6 +656,7 @@ namespace Bit.Core.Services
                UseTotp = license.UseTotp,
                Use2fa = license.Use2fa,
                UseApi = license.UseApi,
+                UseResetPassword = license.UseResetPassword,
                Plan = license.Plan,
                SelfHost = license.SelfHost,
                UsersGetPremium = license.UsersGetPremium,
@ -658,6 +668,8 @@ namespace Bit.Core.Services
                ExpirationDate = license.Expires,
                LicenseKey = license.LicenseKey,
                ApiKey = CoreHelpers.SecureRandomString(30),
+                PublicKey = publicKey,
+                PrivateKey = privateKey,
                CreationDate = DateTime.UtcNow,
                RevisionDate = DateTime.UtcNow
            };
@ -812,6 +824,9 @@ namespace Bit.Core.Services
                        $"Your new license does not allow for the use of SSO. Disable your SSO configuration.");
                }
            }
+            
+            // TODO Reset Password - If the license does not allow reset password, but the organization currently does
+            // TODO Reset Password - Pull Reset Password policy and make sure its disabled.

            var dir = $"{_globalSettings.LicenseDirectory}/organization";
            Directory.CreateDirectory(dir);
@ -832,6 +847,7 @@ namespace Bit.Core.Services
            organization.UseApi = license.UseApi;
            organization.UsePolicies = license.UsePolicies;
            organization.UseSso = license.UseSso;
+            organization.UseResetPassword = license.UseResetPassword;
            organization.SelfHost = license.SelfHost;
            organization.UsersGetPremium = license.UsersGetPremium;
            organization.Plan = license.Plan;