[PM-3797 Part 5] Add reset password keys to key rotation (#3445)

* Add reset password validator with tests * add organization user rotation methods to repository - move organization user TVP helper to admin console ownership * rename account recovery to reset password * formatting * move registration of RotateUserKeyCommand to Core and make internal * add admin console ValidatorServiceCollectionExtensions
2025-07-04 01:22:50 -05:00 · 2023-12-14 15:05:19 -05:00
parent da0bf77a39
commit b77ee017e3
15 changed files with 372 additions and 42 deletions
--- a/src/Infrastructure.EntityFramework/AdminConsole/Repositories/OrganizationUserRepository.cs
+++ b/src/Infrastructure.EntityFramework/AdminConsole/Repositories/OrganizationUserRepository.cs
@ -1,5 +1,6 @@
 using AutoMapper;
 using Bit.Core.AdminConsole.Enums;
+using Bit.Core.Auth.UserFeatures.UserKey;
 using Bit.Core.Enums;
 using Bit.Core.Models.Data;
 using Bit.Core.Models.Data.Organizations.OrganizationUsers;
@ -640,4 +641,35 @@ public class OrganizationUserRepository : Repository<Core.Entities.OrganizationU
        return await GetCountFromQuery(query);
    }

+    /// <inheritdoc />
+    public UpdateEncryptedDataForKeyRotation UpdateForKeyRotation(
+        Guid userId, IEnumerable<Core.Entities.OrganizationUser> resetPasswordKeys)
+    {
+        return async (_, _) =>
+        {
+            var newOrganizationUsers = resetPasswordKeys.ToList();
+            using var scope = ServiceScopeFactory.CreateScope();
+            var dbContext = GetDatabaseContext(scope);
+
+            // Get user organization users
+            var userOrganizationUsers = await GetDbSet(dbContext)
+                .Where(c => c.UserId == userId)
+                .ToListAsync();
+
+            // Filter to only organization users that are included
+            var validOrganizationUsers = userOrganizationUsers
+                .Where(organizationUser =>
+                    newOrganizationUsers.Any(newOrganizationUser => newOrganizationUser.Id == organizationUser.Id));
+
+            foreach (var organizationUser in validOrganizationUsers)
+            {
+                var updateOrganizationUser =
+                    newOrganizationUsers.First(newOrganizationUser => newOrganizationUser.Id == organizationUser.Id);
+                organizationUser.ResetPasswordKey = updateOrganizationUser.ResetPasswordKey;
+            }
+
+            await dbContext.SaveChangesAsync();
+        };
+    }
+
 }