[PM-11404] Account Management: Prevent a verified user from purging their vault (#4853)

* Add check for managed user before purging account * Rename IOrganizationRepository.GetByClaimedUserDomainAsync to GetByVerifiedUserEmailDomainAsync and refactor to return a list. Remove ManagedByOrganizationId from ProfileResponseMode. Add ManagesActiveUser to ProfileOrganizationResponseModel * Rename the property ManagesActiveUser to UserIsManagedByOrganization * Remove whole class #nullable enable and add it to specific places * Remove unnecessary .ToList() * Refactor IUserService methods GetOrganizationsManagingUserAsync and IsManagedByAnyOrganizationAsync to not return nullable objects. Update ProfileOrganizationResponseModel.UserIsManagedByOrganization to not be nullable * Update error message when unable to purge vault for managed account
2025-07-04 01:22:50 -05:00 · 2024-10-17 16:06:32 +01:00
parent 245e2e4d52
commit d6cd73cfcc
15 changed files with 285 additions and 92 deletions
--- a/src/Api/Vault/Controllers/CiphersController.cs
+++ b/src/Api/Vault/Controllers/CiphersController.cs
@ -910,6 +910,13 @@ public class CiphersController : Controller
            throw new BadRequestException(ModelState);
        }

+        // If Account Deprovisioning is enabled, we need to check if the user is managed by any organization.
+        if (_featureService.IsEnabled(FeatureFlagKeys.AccountDeprovisioning)
+            && await _userService.IsManagedByAnyOrganizationAsync(user.Id))
+        {
+            throw new BadRequestException("Cannot purge accounts owned by an organization. Contact your organization administrator for additional details.");
+        }
+
        if (string.IsNullOrWhiteSpace(organizationId))
        {
            await _cipherRepository.DeleteByUserIdAsync(user.Id);