[PM-3797 Part 5] Add reset password keys to key rotation (#3445)

* Add reset password validator with tests * add organization user rotation methods to repository - move organization user TVP helper to admin console ownership * rename account recovery to reset password * formatting * move registration of RotateUserKeyCommand to Core and make internal * add admin console ValidatorServiceCollectionExtensions
2025-06-30 23:52:50 -05:00 · 2023-12-14 15:05:19 -05:00
parent da0bf77a39
commit b77ee017e3
15 changed files with 372 additions and 42 deletions
--- a/src/Api/Auth/Controllers/AccountsController.cs
+++ b/src/Api/Auth/Controllers/AccountsController.cs
@ -1,4 +1,5 @@
-using Bit.Api.AdminConsole.Models.Response;
+using Bit.Api.AdminConsole.Models.Request.Organizations;
+using Bit.Api.AdminConsole.Models.Response;
 using Bit.Api.Auth.Models.Request;
 using Bit.Api.Auth.Models.Request.Accounts;
 using Bit.Api.Auth.Validators;
@ -72,6 +73,9 @@ public class AccountsController : Controller
    private readonly IRotationValidator<IEnumerable<SendWithIdRequestModel>, IReadOnlyList<Send>> _sendValidator;
    private readonly IRotationValidator<IEnumerable<EmergencyAccessWithIdRequestModel>, IEnumerable<EmergencyAccess>>
        _emergencyAccessValidator;
+    private readonly IRotationValidator<IEnumerable<ResetPasswordWithOrgIdRequestModel>,
+            IReadOnlyList<OrganizationUser>>
+        _organizationUserValidator;


    public AccountsController(
@ -96,7 +100,9 @@ public class AccountsController : Controller
        IRotationValidator<IEnumerable<FolderWithIdRequestModel>, IEnumerable<Folder>> folderValidator,
        IRotationValidator<IEnumerable<SendWithIdRequestModel>, IReadOnlyList<Send>> sendValidator,
        IRotationValidator<IEnumerable<EmergencyAccessWithIdRequestModel>, IEnumerable<EmergencyAccess>>
-            emergencyAccessValidator
+            emergencyAccessValidator,
+        IRotationValidator<IEnumerable<ResetPasswordWithOrgIdRequestModel>, IReadOnlyList<OrganizationUser>>
+            organizationUserValidator
        )
    {
        _cipherRepository = cipherRepository;
@ -120,6 +126,7 @@ public class AccountsController : Controller
        _folderValidator = folderValidator;
        _sendValidator = sendValidator;
        _emergencyAccessValidator = emergencyAccessValidator;
+        _organizationUserValidator = organizationUserValidator;
    }

    #region DEPRECATED (Moved to Identity Service)
@ -428,8 +435,8 @@ public class AccountsController : Controller
                Ciphers = await _cipherValidator.ValidateAsync(user, model.Ciphers),
                Folders = await _folderValidator.ValidateAsync(user, model.Folders),
                Sends = await _sendValidator.ValidateAsync(user, model.Sends),
-                EmergencyAccessKeys = await _emergencyAccessValidator.ValidateAsync(user, model.EmergencyAccessKeys),
-                ResetPasswordKeys = new List<OrganizationUser>(),
+                EmergencyAccesses = await _emergencyAccessValidator.ValidateAsync(user, model.EmergencyAccessKeys),
+                OrganizationUsers = await _organizationUserValidator.ValidateAsync(user, model.ResetPasswordKeys)
            };

            result = await _rotateUserKeyCommand.RotateUserKeyAsync(user, dataModel);