Allow disabling key connector if no user is enrolled (#1712)

2025-06-30 15:42:48 -05:00 · 2021-11-12 14:38:31 +01:00
parent 6b629feb03
commit f1c41257b3
2 changed files with 53 additions and 3 deletions
--- a/src/Core/Services/Implementations/SsoConfigService.cs
+++ b/src/Core/Services/Implementations/SsoConfigService.cs
@ -1,4 +1,5 @@
 using System;
+using System.Linq;
 using System.Threading.Tasks;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
@ -12,17 +13,20 @@ namespace Bit.Core.Services
        private readonly ISsoConfigRepository _ssoConfigRepository;
        private readonly IPolicyRepository _policyRepository;
        private readonly IOrganizationRepository _organizationRepository;
+        private readonly IOrganizationUserRepository _organizationUserRepository;
        private readonly IEventService _eventService;

        public SsoConfigService(
            ISsoConfigRepository ssoConfigRepository,
            IPolicyRepository policyRepository,
            IOrganizationRepository organizationRepository,
+            IOrganizationUserRepository organizationUserRepository,
            IEventService eventService)
        {
            _ssoConfigRepository = ssoConfigRepository;
            _policyRepository = policyRepository;
            _organizationRepository = organizationRepository;
+            _organizationUserRepository = organizationUserRepository;
            _eventService = eventService;
        }

@ -42,15 +46,23 @@ namespace Bit.Core.Services
            }

            var oldConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(config.OrganizationId);
-            if (oldConfig?.GetData()?.UseKeyConnector == true && !useKeyConnector)
+            var disabledKeyConnector = oldConfig?.GetData()?.UseKeyConnector == true && !useKeyConnector;
+            if (disabledKeyConnector && await AnyOrgUserHasKeyConnectorEnabledAsync(config.OrganizationId))
            {
-                throw new BadRequestException("KeyConnector cannot be disabled at this moment.");
+                throw new BadRequestException("Key Connector cannot be disabled at this moment.");
            }

            await LogEventsAsync(config, oldConfig);
            await _ssoConfigRepository.UpsertAsync(config);
        }

+        private async Task<bool> AnyOrgUserHasKeyConnectorEnabledAsync(Guid organizationId)
+        {
+            var userDetails =
+                await _organizationUserRepository.GetManyDetailsByOrganizationAsync(organizationId);
+            return userDetails.Any(u => u.UsesKeyConnector);
+        }
+
        private async Task VerifyDependenciesAsync(SsoConfig config)
        {
            var policy = await _policyRepository.GetByOrganizationIdTypeAsync(config.OrganizationId, PolicyType.SingleOrg);