nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-05 05:00:19 -05:00
Code

[AC-1144] Warn admins when removing or revoking users without master password (#2953)

Browse Source 
* [AC-1144] Modified OrganizationUserUserDetails queries to include value for 'HasMasterPassword' property

* [AC-1144] Added 'HasMasterPassword' property to ProviderUserUserDetailsView

* [AC-1144] Added IProviderUserRepository.GetDetailsByIdAsync to get the details for a given ProviderUser.Id

* [AC-1144] Changed ProviderUsersController.Get to use ProviderUserRepository.GetDetailsByIdAsync

* [AC-1144] Modified OrganizationUsersController.Get to user OrganizationUserRepository.GetDetailsByIdWithCollectionsAsync to output HasMasterPassword value

* [AC-1144] Reverted changes for ProviderUser

* [AC-1144] Removed line break
This commit is contained in:
Rui Tomé 2023-06-16 16:38:58 +01:00 committed by GitHub
parent 53327b1993
commit c4614bfb3d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 60 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Api/Controllers/OrganizationUsersController.cs
View File

@ -51,7 +51,7 @@ public class OrganizationUsersController : Controller
[HttpGet("{id}")] [HttpGet("{id}")]
public async Task<OrganizationUserDetailsResponseModel> Get(string id, bool includeGroups = false) public async Task<OrganizationUserDetailsResponseModel> Get(string id, bool includeGroups = false)
{ {
var organizationUser = await _organizationUserRepository.GetByIdWithCollectionsAsync(new Guid(id)); var organizationUser = await _organizationUserRepository.GetDetailsByIdWithCollectionsAsync(new Guid(id));
if (organizationUser == null || !await _currentContext.ManageUsers(organizationUser.Item1.OrganizationId)) if (organizationUser == null || !await _currentContext.ManageUsers(organizationUser.Item1.OrganizationId))
{ {
throw new NotFoundException(); throw new NotFoundException();

9
src/Api/Models/Response/Organizations/OrganizationUserResponseModel.cs
View File

@ -47,6 +47,7 @@ public class OrganizationUserResponseModel : ResponseModel
Permissions = CoreHelpers.LoadClassFromJsonData<Permissions>(organizationUser.Permissions); Permissions = CoreHelpers.LoadClassFromJsonData<Permissions>(organizationUser.Permissions);
ResetPasswordEnrolled = !string.IsNullOrEmpty(organizationUser.ResetPasswordKey); ResetPasswordEnrolled = !string.IsNullOrEmpty(organizationUser.ResetPasswordKey);
UsesKeyConnector = organizationUser.UsesKeyConnector; UsesKeyConnector = organizationUser.UsesKeyConnector;
HasMasterPassword = organizationUser.HasMasterPassword;
} }
public string Id { get; set; } public string Id { get; set; }
@ -59,6 +60,7 @@ public class OrganizationUserResponseModel : ResponseModel
public Permissions Permissions { get; set; } public Permissions Permissions { get; set; }
public bool ResetPasswordEnrolled { get; set; } public bool ResetPasswordEnrolled { get; set; }
public bool UsesKeyConnector { get; set; } public bool UsesKeyConnector { get; set; }
public bool HasMasterPassword { get; set; }
} }
public class OrganizationUserDetailsResponseModel : OrganizationUserResponseModel public class OrganizationUserDetailsResponseModel : OrganizationUserResponseModel
@ -70,6 +72,13 @@ public class OrganizationUserDetailsResponseModel : OrganizationUserResponseMode
Collections = collections.Select(c => new SelectionReadOnlyResponseModel(c)); Collections = collections.Select(c => new SelectionReadOnlyResponseModel(c));
} }
public OrganizationUserDetailsResponseModel(OrganizationUserUserDetails organizationUser,
IEnumerable<CollectionAccessSelection> collections)
: base(organizationUser, "organizationUserDetails")
{
Collections = collections.Select(c => new SelectionReadOnlyResponseModel(c));
}
public IEnumerable<SelectionReadOnlyResponseModel> Collections { get; set; } public IEnumerable<SelectionReadOnlyResponseModel> Collections { get; set; }
[JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]

1
src/Core/Models/Data/Organizations/OrganizationUsers/OrganizationUserUserDetails.cs
View File

@ -26,6 +26,7 @@ public class OrganizationUserUserDetails : IExternal, ITwoFactorProvidersUser
public string Permissions { get; set; } public string Permissions { get; set; }
public string ResetPasswordKey { get; set; } public string ResetPasswordKey { get; set; }
public bool UsesKeyConnector { get; set; } public bool UsesKeyConnector { get; set; }
public bool HasMasterPassword { get; set; }
public ICollection<Guid> Groups { get; set; } = new List<Guid>(); public ICollection<Guid> Groups { get; set; } = new List<Guid>();
public ICollection<CollectionAccessSelection> Collections { get; set; } = new List<CollectionAccessSelection>(); public ICollection<CollectionAccessSelection> Collections { get; set; } = new List<CollectionAccessSelection>();

1
src/Infrastructure.EntityFramework/Repositories/Queries/OrganizationUserUserViewQuery.cs
View File

@ -31,6 +31,7 @@ public class OrganizationUserUserDetailsViewQuery : IQuery<OrganizationUserUserD
ResetPasswordKey = x.ou.ResetPasswordKey, ResetPasswordKey = x.ou.ResetPasswordKey,
UsesKeyConnector = x.u != null && x.u.UsesKeyConnector, UsesKeyConnector = x.u != null && x.u.UsesKeyConnector,
AccessSecretsManager = x.ou.AccessSecretsManager, AccessSecretsManager = x.ou.AccessSecretsManager,
HasMasterPassword = x.u != null && !string.IsNullOrWhiteSpace(x.u.MasterPassword)
}); });
} }
} }

3
src/Sql/dbo/Views/OrganizationUserUserDetailsView.sql
View File

@ -17,7 +17,8 @@ SELECT
SU.[ExternalId] SsoExternalId, SU.[ExternalId] SsoExternalId,
OU.[Permissions], OU.[Permissions],
OU.[ResetPasswordKey], OU.[ResetPasswordKey],
U.[UsesKeyConnector] U.[UsesKeyConnector],
CASE WHEN U.[MasterPassword] IS NOT NULL THEN 1 ELSE 0 END AS HasMasterPassword
FROM FROM
[dbo].[OrganizationUser] OU [dbo].[OrganizationUser] OU
LEFT JOIN LEFT JOIN

46
util/Migrator/DbScripts/2023-05-18_00_UserHasMasterPassword.sql Normal file
View File

@ -0,0 +1,46 @@
CREATE OR ALTER VIEW [dbo].[OrganizationUserUserDetailsView]
AS
SELECT
OU.[Id],
OU.[UserId],
OU.[OrganizationId],
U.[Name],
ISNULL(U.[Email], OU.[Email]) Email,
U.[AvatarColor],
U.[TwoFactorProviders],
U.[Premium],
OU.[Status],
OU.[Type],
OU.[AccessAll],
OU.[AccessSecretsManager],
OU.[ExternalId],
SU.[ExternalId] SsoExternalId,
OU.[Permissions],
OU.[ResetPasswordKey],
U.[UsesKeyConnector],
CASE WHEN U.[MasterPassword] IS NOT NULL THEN 1 ELSE 0 END AS HasMasterPassword
FROM
[dbo].[OrganizationUser] OU
LEFT JOIN
[dbo].[User] U ON U.[Id] = OU.[UserId]
LEFT JOIN
[dbo].[SsoUser] SU ON SU.[UserId] = OU.[UserId] AND SU.[OrganizationId] = OU.[OrganizationId]
GO
IF OBJECT_ID('[dbo].[OrganizationUserUserDetails_ReadByOrganizationId]') IS NOT NULL
BEGIN
EXECUTE sp_refreshsqlmodule N'[dbo].[OrganizationUserUserDetails_ReadByOrganizationId]';
END
GO
IF OBJECT_ID('[dbo].[OrganizationUser_ReadByMinimumRole]') IS NOT NULL
BEGIN
EXECUTE sp_refreshsqlmodule N'[dbo].[OrganizationUser_ReadByMinimumRole]';
END
GO
IF OBJECT_ID('[dbo].[OrganizationUserUserDetails_ReadById]') IS NOT NULL
BEGIN
EXECUTE sp_refreshsqlmodule N'[dbo].[OrganizationUserUserDetails_ReadById]';
END
GO