nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-30 15:42:48 -05:00
Code Activity

Handle TDE enrollment case in put account recovery enrollment endpoint (#4449)

Browse Source 
* Handle TDE enrollment case in put account recovery enrollment endpoint

* Use `ssoConfig` to derive if an organization is using TDE
This commit is contained in:
Addison Beck
2024-07-02 15:18:29 -04:00
committed by GitHub
parent c390a6b589
commit b5d42eb189
3 changed files with 18 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/Api/AdminConsole/Controllers/OrganizationUsersController.cs
View File

@ -10,6 +10,8 @@ using Bit.Core.AdminConsole.Enums;
using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
using Bit.Core.AdminConsole.Repositories;
using Bit.Core.Auth.Enums;
using Bit.Core.Auth.Repositories;
using Bit.Core.Context;
using Bit.Core.Enums;
using Bit.Core.Exceptions;
@ -46,6 +48,7 @@ public class OrganizationUsersController : Controller
private readonly IAuthorizationService _authorizationService;
private readonly IApplicationCacheService _applicationCacheService;
private readonly IFeatureService _featureService;
private readonly ISsoConfigRepository _ssoConfigRepository;
public OrganizationUsersController(
IOrganizationRepository organizationRepository,
@ -63,7 +66,8 @@ public class OrganizationUsersController : Controller
IAcceptOrgUserCommand acceptOrgUserCommand,
IAuthorizationService authorizationService,
IApplicationCacheService applicationCacheService,
IFeatureService featureService)
IFeatureService featureService,
ISsoConfigRepository ssoConfigRepository)
{
_organizationRepository = organizationRepository;
_organizationUserRepository = organizationUserRepository;
@ -81,6 +85,7 @@ public class OrganizationUsersController : Controller
_authorizationService = authorizationService;
_applicationCacheService = applicationCacheService;
_featureService = featureService;
_ssoConfigRepository = ssoConfigRepository;
}
[HttpGet("{id}")]
@ -456,7 +461,9 @@ public class OrganizationUsersController : Controller
throw new UnauthorizedAccessException();
}
if (!string.IsNullOrWhiteSpace(model.ResetPasswordKey) && !await _userService.VerifySecretAsync(user, model.Secret))
var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(orgId);
var isTdeEnrollment = ssoConfig != null && ssoConfig.GetData().MemberDecryptionType == MemberDecryptionType.TrustedDeviceEncryption;
if (!isTdeEnrollment && !string.IsNullOrWhiteSpace(model.ResetPasswordKey) && !await _userService.VerifySecretAsync(user, model.MasterPasswordHash))
{
throw new BadRequestException("Incorrect password");
}