nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-01 16:12:49 -05:00
Code Activity

[PM-1033] feat: remove user verification from password enrollment

Browse Source
This commit is contained in:
Andreas Coroiu
2023-06-19 10:50:27 +02:00
parent 7f8b6c0bce
commit b0392972fd
2 changed files with 4 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/Api/Controllers/OrganizationUsersController.cs
View File

@ -313,17 +313,9 @@ public class OrganizationUsersController : Controller
throw new UnauthorizedAccessException();
}
if (model.ResetPasswordKey != null && !await _userService.VerifySecretAsync(user, model.Secret))
{
await Task.Delay(2000);
throw new BadRequestException("MasterPasswordHash", "Invalid password.");
}
else
{
var callingUserId = user.Id;
await _organizationService.UpdateUserResetPasswordEnrollmentAsync(
new Guid(orgId), new Guid(userId), model.ResetPasswordKey, callingUserId);
}
var callingUserId = user.Id;
await _organizationService.UpdateUserResetPasswordEnrollmentAsync(
new Guid(orgId), new Guid(userId), model.ResetPasswordKey, callingUserId);
}
[HttpPut("{id}/reset-password")]

3
src/Api/Models/Request/Organizations/OrganizationUserRequestModels.cs
View File

@ -1,5 +1,4 @@
using System.ComponentModel.DataAnnotations;
using Bit.Api.Auth.Models.Request.Accounts;
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Models.Data;
@ -108,7 +107,7 @@ public class OrganizationUserUpdateGroupsRequestModel
public IEnumerable<string> GroupIds { get; set; }
}
public class OrganizationUserResetPasswordEnrollmentRequestModel : SecretVerificationRequestModel
public class OrganizationUserResetPasswordEnrollmentRequestModel
{
public string ResetPasswordKey { get; set; }
}