[Reset Password] Enterprise Policy (#1315)

* [Reset Password] Enterprise Policy * Created UI for policy/edit policy // Updated TODOs for policy dependent checks * Updated reset password data model field name to be more descriptive * Update title to Master Password Reset * Updated PoliciesModel, Policy Model spacing, and strings
2025-07-04 09:32:48 -05:00 · 2021-05-12 14:47:00 -05:00
parent a47b86a995
commit ae38c33e05
9 changed files with 111 additions and 19 deletions
--- a/src/Core/Services/Implementations/OrganizationService.cs
+++ b/src/Core/Services/Implementations/OrganizationService.cs
@ -238,7 +238,16 @@ namespace Bit.Core.Services
                }
            }
            
-            // TODO Reset Password - Throw error if policy enabled and new pland doesn't allow
+            if (!newPlan.HasResetPassword && organization.UseResetPassword)
+            {
+                var resetPasswordPolicy =
+                    await _policyRepository.GetByOrganizationIdTypeAsync(organization.Id, PolicyType.ResetPassword);
+                if (resetPasswordPolicy != null && resetPasswordPolicy.Enabled)
+                {
+                    throw new BadRequestException("Your new plan does not allow the Password Reset feature. " + 
+                        "Disable your Password Reset policy.");
+                }
+            }

            // TODO: Check storage?

@ -825,8 +834,16 @@ namespace Bit.Core.Services
                }
            }
            
-            // TODO Reset Password - If the license does not allow reset password, but the organization currently does
-            // TODO Reset Password - Pull Reset Password policy and make sure its disabled.
+            if (!license.UseResetPassword && organization.UseResetPassword)
+            {
+                var resetPasswordPolicy =
+                    await _policyRepository.GetByOrganizationIdTypeAsync(organization.Id, PolicyType.ResetPassword);
+                if (resetPasswordPolicy != null && resetPasswordPolicy.Enabled)
+                {
+                    throw new BadRequestException("Your new license does not allow the Password Reset feature. " 
+                        + "Disable your Password Reset policy.");
+                }
+            }

            var dir = $"{_globalSettings.LicenseDirectory}/organization";
            Directory.CreateDirectory(dir);
@ -1424,7 +1441,7 @@ namespace Bit.Core.Services
                throw new BadRequestException("User not valid.");
            }
            
-            // TODO - Block certain org types from using this feature?
+            // TODO Reset Password - Block certain org types from using this feature?

            orgUser.ResetPasswordKey = resetPasswordKey;
            await _organizationUserRepository.ReplaceAsync(orgUser);