nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-05-20 19:14:32 -05:00
Code

[Reset Password v1] - Make auto enrollment required when enabled (#1412)

Browse Source 
* [Reset Password v1] - Make auto enrollment required when enabled

* Removed unnecessary imports
This commit is contained in:
Vincent Salucci 2021-07-08 10:48:43 -05:00 committed by GitHub
parent feb3106f37
commit be13eb153a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bitwarden_license/src/Portal/Models/ResetPasswordDataModel.cs → src/Core/Models/Data/ResetPasswordDataModel.cs
View File

@ -1,6 +1,6 @@
using System.ComponentModel.DataAnnotations; using System.ComponentModel.DataAnnotations;
namespace Bit.Portal.Models namespace Bit.Core.Models.Data
{ {
public class ResetPasswordDataModel public class ResetPasswordDataModel
{ {

4
src/Core/Resources/SharedResources.en.resx
View File

@ -665,12 +665,12 @@
<value>Automatic Enrollment</value> <value>Automatic Enrollment</value>
</data> </data>
<data name="ResetPasswordAutoEnrollDescription" xml:space="preserve"> <data name="ResetPasswordAutoEnrollDescription" xml:space="preserve">
<value>All users will be automatically enrolled in password reset once their invite is accepted.</value> <value>All users will be automatically enrolled in password reset once their invite is accepted and will not be allowed to withdraw.</value>
</data> </data>
<data name="ResetPasswordAutoEnrollWarning" xml:space="preserve"> <data name="ResetPasswordAutoEnrollWarning" xml:space="preserve">
<value>Users already in the organization will not be retroactively enrolled in password reset. They will need to self-enroll before administrators can reset their master password.</value> <value>Users already in the organization will not be retroactively enrolled in password reset. They will need to self-enroll before administrators can reset their master password.</value>
</data> </data>
<data name="ResetPasswordAutoEnrollCheckbox" xml:space="preserve"> <data name="ResetPasswordAutoEnrollCheckbox" xml:space="preserve">
<value>Automatically enroll new users</value> <value>Require new users to be enrolled automatically</value>
</data> </data>
</root> </root>

11
src/Core/Services/Implementations/OrganizationService.cs
View File

@ -1728,6 +1728,17 @@ namespace Bit.Core.Services
throw new BadRequestException("Organization does not have the password reset policy enabled."); throw new BadRequestException("Organization does not have the password reset policy enabled.");
} }
// Block the user from withdrawal if auto enrollment is enabled
if (resetPasswordKey == null && resetPasswordPolicy.Data != null)
{
var data = JsonConvert.DeserializeObject<ResetPasswordDataModel>(resetPasswordPolicy.Data);
if (data?.AutoEnrollEnabled ?? false)
{
throw new BadRequestException("Due to an Enterprise Policy, you are not allowed to withdraw from Password Reset.");
}
}
orgUser.ResetPasswordKey = resetPasswordKey; orgUser.ResetPasswordKey = resetPasswordKey;
await _organizationUserRepository.ReplaceAsync(orgUser); await _organizationUserRepository.ReplaceAsync(orgUser);
await _eventService.LogOrganizationUserEventAsync(orgUser, resetPasswordKey != null ? await _eventService.LogOrganizationUserEventAsync(orgUser, resetPasswordKey != null ?