1
0
mirror of https://github.com/bitwarden/server.git synced 2025-06-30 23:52:50 -05:00

[PM-15957] Fix: Domain Claim fails to enable Single Organization Policy, sends no emails and Revokes all users (#5147)

* Add JSON-based stored procedure for updating account revision dates and modify existing procedure to use it

* Refactor SingleOrgPolicyValidator to revoke only non-compliant organization users and update related tests
This commit is contained in:
Rui Tomé
2024-12-17 15:57:31 +00:00
committed by GitHub
parent 16488091d2
commit b75c63c2c6
5 changed files with 140 additions and 8 deletions

View File

@ -97,15 +97,22 @@ public class SingleOrgPolicyValidator : IPolicyValidator
return;
}
var allRevocableUserOrgs = await _organizationUserRepository.GetManyByManyUsersAsync(
currentActiveRevocableOrganizationUsers.Select(ou => ou.UserId!.Value));
var usersToRevoke = currentActiveRevocableOrganizationUsers.Where(ou =>
allRevocableUserOrgs.Any(uo => uo.UserId == ou.UserId &&
uo.OrganizationId != organizationId &&
uo.Status != OrganizationUserStatusType.Invited)).ToList();
var commandResult = await _revokeNonCompliantOrganizationUserCommand.RevokeNonCompliantOrganizationUsersAsync(
new RevokeOrganizationUsersRequest(organizationId, currentActiveRevocableOrganizationUsers, performedBy));
new RevokeOrganizationUsersRequest(organizationId, usersToRevoke, performedBy));
if (commandResult.HasErrors)
{
throw new BadRequestException(string.Join(", ", commandResult.ErrorMessages));
}
await Task.WhenAll(currentActiveRevocableOrganizationUsers.Select(x =>
await Task.WhenAll(usersToRevoke.Select(x =>
_mailService.SendOrganizationUserRevokedForPolicySingleOrgEmailAsync(organization.DisplayName(), x.Email)));
}