nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-02 16:42:50 -05:00
Code Activity

Enforce 2fa policy (#654)

Browse Source
This commit is contained in:
Kyle Spearrin
2020-02-19 14:56:16 -05:00
committed by GitHub
parent 6b6c2d862d
commit 81424a8526
13 changed files with 100 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/Core/Services/Implementations/PolicyService.cs
View File

@ -1,4 +1,5 @@
using System;
using System.Linq;
using System.Threading.Tasks;
using Bit.Core.Exceptions;
using Bit.Core.Models.Table;
@ -25,7 +26,8 @@ namespace Bit.Core.Services
_policyRepository = policyRepository;
}
public async Task SaveAsync(Policy policy)
public async Task SaveAsync(Policy policy, IUserService userService, IOrganizationService organizationService,
Guid? savingUserId)
{
var org = await _organizationRepository.GetByIdAsync(policy.OrganizationId);
if(org == null)
@ -43,6 +45,28 @@ namespace Bit.Core.Services
{
policy.CreationDate = now;
}
else if(policy.Enabled)
{
var currentPolicy = await _policyRepository.GetByIdAsync(policy.Id);
if(!currentPolicy?.Enabled ?? true)
{
if(currentPolicy.Type == Enums.PolicyType.TwoFactorAuthentication)
{
var orgUsers = await _organizationUserRepository.GetManyDetailsByOrganizationAsync(
policy.OrganizationId);
foreach(var orgUser in orgUsers.Where(ou =>
ou.Status != Enums.OrganizationUserStatusType.Invited &&
ou.Type != Enums.OrganizationUserType.Owner))
{
if(orgUser.UserId != savingUserId && !await userService.TwoFactorIsEnabledAsync(orgUser))
{
await organizationService.DeleteUserAsync(policy.OrganizationId, orgUser.Id,
savingUserId);
}
}
}
}
}
policy.RevisionDate = DateTime.UtcNow;
await _policyRepository.UpsertAsync(policy);
await _eventService.LogPolicyEventAsync(policy, Enums.EventType.Policy_Updated);