[Reset Password v1] - Make auto enrollment required when enabled (#1412)

* [Reset Password v1] - Make auto enrollment required when enabled * Removed unnecessary imports
2025-07-15 06:37:54 -05:00 · 2021-07-08 10:48:43 -05:00
parent feb3106f37
commit be13eb153a
3 changed files with 14 additions and 3 deletions
--- a/src/Core/Services/Implementations/OrganizationService.cs
+++ b/src/Core/Services/Implementations/OrganizationService.cs
@ -1728,6 +1728,17 @@ namespace Bit.Core.Services
                throw new BadRequestException("Organization does not have the password reset policy enabled.");
            }
            
+            // Block the user from withdrawal if auto enrollment is enabled
+            if (resetPasswordKey == null && resetPasswordPolicy.Data != null)
+            {
+                var data = JsonConvert.DeserializeObject<ResetPasswordDataModel>(resetPasswordPolicy.Data);
+
+                if (data?.AutoEnrollEnabled ?? false)
+                {
+                    throw new BadRequestException("Due to an Enterprise Policy, you are not allowed to withdraw from Password Reset.");
+                }
+            }
+            
            orgUser.ResetPasswordKey = resetPasswordKey;
            await _organizationUserRepository.ReplaceAsync(orgUser);
            await _eventService.LogOrganizationUserEventAsync(orgUser, resetPasswordKey != null ?