nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-30 15:42:48 -05:00
Code Activity

[Reset Password] Enterprise Policy (#1315)

Browse Source 
* [Reset Password] Enterprise Policy

* Created UI for policy/edit policy // Updated TODOs for policy dependent checks

* Updated reset password data model field name to be more descriptive

* Update title to Master Password Reset

* Updated PoliciesModel, Policy Model spacing, and strings
This commit is contained in:
Vincent Salucci
2021-05-12 14:47:00 -05:00
committed by GitHub
parent a47b86a995
commit ae38c33e05
9 changed files with 111 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/Core/Enums/PolicyType.cs
View File

@ -10,5 +10,6 @@
PersonalOwnership = 5,
DisableSend = 6,
SendOptions = 7,
ResetPassword = 8,
}
}

21
src/Core/Resources/SharedResources.en.resx
View File

@ -652,4 +652,25 @@
<value>Expected authentication context class reference (acr) was not returned with the authentication response or is invalid.</value>
<comment>'acr' is an explicit OIDC claim type, see https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.2 (acr). It should not be translated.</comment>
</data>
<data name="ResetPassword" xml:space="preserve">
<value>Master Password Reset</value>
</data>
<data name="ResetPasswordDescription" xml:space="preserve">
<value>Allow administrators in the organization to reset organization users' master password.</value>
</data>
<data name="ResetPasswordWarning" xml:space="preserve">
<value>Users in the organization will need to self-enroll or be auto-enrolled before administrators can reset their master password.</value>
</data>
<data name="ResetPasswordAutoEnroll" xml:space="preserve">
<value>Automatic Enrollment</value>
</data>
<data name="ResetPasswordAutoEnrollDescription" xml:space="preserve">
<value>All users will be automatically enrolled in password reset once their invite is accepted.</value>
</data>
<data name="ResetPasswordAutoEnrollWarning" xml:space="preserve">
<value>Users already in the organization will not be retroactively enrolled in password reset. They will need to self-enroll before administrators can reset their master password.</value>
</data>
<data name="ResetPasswordAutoEnrollCheckbox" xml:space="preserve">
<value>Automatically enroll new users</value>
</data>
</root>

25
src/Core/Services/Implementations/OrganizationService.cs
View File

@ -238,7 +238,16 @@ namespace Bit.Core.Services
}
}
// TODO Reset Password - Throw error if policy enabled and new pland doesn't allow
if (!newPlan.HasResetPassword && organization.UseResetPassword)
{
var resetPasswordPolicy =
await _policyRepository.GetByOrganizationIdTypeAsync(organization.Id, PolicyType.ResetPassword);
if (resetPasswordPolicy != null && resetPasswordPolicy.Enabled)
{
throw new BadRequestException("Your new plan does not allow the Password Reset feature. " +
"Disable your Password Reset policy.");
}
}
// TODO: Check storage?
@ -825,8 +834,16 @@ namespace Bit.Core.Services
}
}
// TODO Reset Password - If the license does not allow reset password, but the organization currently does
// TODO Reset Password - Pull Reset Password policy and make sure its disabled.
if (!license.UseResetPassword && organization.UseResetPassword)
{
var resetPasswordPolicy =
await _policyRepository.GetByOrganizationIdTypeAsync(organization.Id, PolicyType.ResetPassword);
if (resetPasswordPolicy != null && resetPasswordPolicy.Enabled)
{
throw new BadRequestException("Your new license does not allow the Password Reset feature. "
+ "Disable your Password Reset policy.");
}
}
var dir = $"{_globalSettings.LicenseDirectory}/organization";
Directory.CreateDirectory(dir);
@ -1424,7 +1441,7 @@ namespace Bit.Core.Services
throw new BadRequestException("User not valid.");
}
// TODO - Block certain org types from using this feature?
// TODO Reset Password - Block certain org types from using this feature?
orgUser.ResetPasswordKey = resetPasswordKey;
await _organizationUserRepository.ReplaceAsync(orgUser);