[Key Connector] Fix policy checks and other pre-reqs (#1711)

* Require SSO Policy to enable Key Connector * Require that SSO is enabled to use Key Connector * Fix error messages "Key Connector" instead of "KeyConnector" * Refactor dependent policy checks to handle expansion * Block disabling Sso Policy if using Key Connector * Update tests for policies required by Key Connector * Fix tests * Add test for Key Connector to require Sso Policy * Add test: Sso config must be enabled to use Key Connector
2025-07-05 10:02:47 -05:00 · 2021-11-15 19:25:10 +10:00
parent f1c41257b3
commit c2975b003d
4 changed files with 134 additions and 33 deletions
--- a/src/Core/Services/Implementations/SsoConfigService.cs
+++ b/src/Core/Services/Implementations/SsoConfigService.cs
@ -65,10 +65,20 @@ namespace Bit.Core.Services

        private async Task VerifyDependenciesAsync(SsoConfig config)
        {
-            var policy = await _policyRepository.GetByOrganizationIdTypeAsync(config.OrganizationId, PolicyType.SingleOrg);
-            if (policy is not { Enabled: true })
+            var singleOrgPolicy = await _policyRepository.GetByOrganizationIdTypeAsync(config.OrganizationId, PolicyType.SingleOrg);
+            if (singleOrgPolicy is not { Enabled: true })
            {
-                throw new BadRequestException("KeyConnector requires Single Organization to be enabled.");
+                throw new BadRequestException("Key Connector requires the Single Organization policy to be enabled.");
+            }
+
+            var ssoPolicy = await _policyRepository.GetByOrganizationIdTypeAsync(config.OrganizationId, PolicyType.RequireSso);
+            if (ssoPolicy is not { Enabled: true })
+            {
+                throw new BadRequestException("Key Connector requires the Single Sign-On Authentication policy to be enabled.");
+            }
+
+            if (!config.Enabled) {
+                throw new BadRequestException("You must enable SSO to use Key Connector.");
            }
        }