[Reset Password] Get/Post Org Keys and API updates (#1323)

* [Reset Password] Organization Keys APIs * Updated details response to include private key and added more security checks for reset password methods * Added org type and policy security checks to the enrollment api * Updated based on PR feedback * Added org user type permission checks * Added TODO for email to user * Removed unecessary policyRepository object
2025-07-01 16:12:49 -05:00 · 2021-05-19 09:40:32 -05:00
parent 982e26cbfd
commit c7f88ae430
9 changed files with 181 additions and 21 deletions
--- a/src/Core/Models/Api/Response/OrganizationKeysResponseModel.cs
+++ b/src/Core/Models/Api/Response/OrganizationKeysResponseModel.cs
@ -0,0 +1,22 @@
+using System;
+using Bit.Core.Models.Table;
+
+namespace Bit.Core.Models.Api
+{
+    public class OrganizationKeysResponseModel : ResponseModel
+    {
+        public OrganizationKeysResponseModel(Organization org) : base("organizationKeys")
+        {
+            if (org == null)
+            {
+                throw new ArgumentNullException(nameof(org));
+            }
+            
+            PublicKey = org.PublicKey;
+            PrivateKey = org.PrivateKey;
+        }
+        
+        public string PublicKey { get; set; }
+        public string PrivateKey { get; set; }
+    }
+}
--- a/src/Core/Models/Api/Response/OrganizationUserResponseModel.cs
+++ b/src/Core/Models/Api/Response/OrganizationUserResponseModel.cs
@ -100,10 +100,12 @@ namespace Bit.Core.Models.Api
            Kdf = orgUser.Kdf;
            KdfIterations = orgUser.KdfIterations;
            ResetPasswordKey = orgUser.ResetPasswordKey;
+            EncryptedPrivateKey = orgUser.EncryptedPrivateKey;
        }
        
        public KdfType Kdf { get; set; }
        public int KdfIterations { get; set; }
        public string ResetPasswordKey { get; set; }
+        public string EncryptedPrivateKey { get; set; }
    }
 }
--- a/src/Core/Models/Data/OrganizationUserResetPasswordDetails.cs
+++ b/src/Core/Models/Data/OrganizationUserResetPasswordDetails.cs
@ -6,7 +6,7 @@ namespace Bit.Core.Models.Data
 {
    public class OrganizationUserResetPasswordDetails
    {
-        public OrganizationUserResetPasswordDetails(OrganizationUser orgUser, User user)
+        public OrganizationUserResetPasswordDetails(OrganizationUser orgUser, User user, Organization org)
        {
            if (orgUser == null)
            {
@ -17,13 +17,20 @@ namespace Bit.Core.Models.Data
            {
                throw new ArgumentNullException(nameof(user));
            }
+            
+            if (org == null)
+            {
+                throw new ArgumentNullException(nameof(org));
+            }

            Kdf = user.Kdf;
            KdfIterations = user.KdfIterations;
            ResetPasswordKey = orgUser.ResetPasswordKey;
+            EncryptedPrivateKey = org.PrivateKey;
        }
        public KdfType Kdf { get; set; }
        public int KdfIterations { get; set; }
        public string ResetPasswordKey { get; set; }
+        public string EncryptedPrivateKey { get; set; }
    }
 }