Improved handling of grantor access to organizations after takeover (refactored) (#1134)

* Revert "Only return policy in TakeoverResponse if Owner" This reverts commit b20e6f5e85. * Revert "Return grantor policy info in TakeoverResponse" This reverts commit 204217a5e0. * Add endpoint to get grantor policies on takeover
2025-06-30 15:42:48 -05:00 · 2021-02-10 09:06:42 +10:00
parent d51b592cb5
commit 9f42357705
4 changed files with 34 additions and 10 deletions
--- a/src/Core/Services/Implementations/EmergencyAccessService.cs
+++ b/src/Core/Services/Implementations/EmergencyAccessService.cs
@ -239,7 +239,7 @@ namespace Bit.Core.Services
            await _mailService.SendEmergencyAccessRecoveryRejected(emergencyAccess, NameOrEmail(rejectingUser), grantee.Email);
        }

-        public async Task<(EmergencyAccess, User, ICollection<Policy>)> TakeoverAsync(Guid id, User requestingUser)
+        public async Task<ICollection<Policy>> GetPoliciesAsync(Guid id, User requestingUser)
        {
            var emergencyAccess = await _emergencyAccessRepository.GetByIdAsync(id);

@ -253,9 +253,24 @@ namespace Bit.Core.Services

            var grantorOrganizations = await _organizationUserRepository.GetManyByUserAsync(grantor.Id);
            var isOrganizationOwner = grantorOrganizations.Any<OrganizationUser>(organization => organization.Type == OrganizationUserType.Owner);
-            var policy = isOrganizationOwner ? await _policyRepository.GetManyByUserIdAsync(grantor.Id) : null;
+            var policies = isOrganizationOwner ? await _policyRepository.GetManyByUserIdAsync(grantor.Id) : null;

-            return (emergencyAccess, grantor, policy);
+            return policies;
+        }
+
+        public async Task<(EmergencyAccess, User)> TakeoverAsync(Guid id, User requestingUser)
+        {
+            var emergencyAccess = await _emergencyAccessRepository.GetByIdAsync(id);
+
+            if (emergencyAccess == null || emergencyAccess.GranteeId != requestingUser.Id ||
+                emergencyAccess.Status != EmergencyAccessStatusType.RecoveryApproved)
+            {
+                throw new BadRequestException("Emergency Access not valid.");
+            }
+
+            var grantor = await _userRepository.GetByIdAsync(emergencyAccess.GrantorId);
+            
+            return (emergencyAccess, grantor);
        }

        public async Task PasswordAsync(Guid id, User requestingUser, string newMasterPasswordHash, string key)