Implement CanAcceptInvitation and CanBeConfirmed methods in RequireTwoFactorPolicyRequirement; update tests to reflect new logic for two-factor authentication policy handling.

2025-07-18 16:11:28 -05:00 · 2025-05-20 16:47:52 +01:00
parent 06a5888c7b
commit f4bfa0baf0
2 changed files with 141 additions and 15 deletions
--- a/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/RequireTwoFactorPolicyRequirement.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/RequireTwoFactorPolicyRequirement.cs
@ -8,10 +8,40 @@ using Bit.Core.Enums;
 /// </summary>
 public class RequireTwoFactorPolicyRequirement : IPolicyRequirement
 {
+    private readonly IEnumerable<PolicyDetails> _policyDetails;
+
+    public RequireTwoFactorPolicyRequirement(IEnumerable<PolicyDetails> policyDetails)
+    {
+        _policyDetails = policyDetails;
+    }
+
    /// <summary>
-    /// Indicates whether two-factor authentication is required for the user.
+    /// Determines if the user can accept an invitation to an organization.
    /// </summary>
-    public bool RequireTwoFactor { get; init; }
+    /// <param name="twoFactorEnabled">Whether the user has two-step login enabled.</param>
+    /// <param name="organizationId">The ID of the organization.</param>
+    /// <returns>True if the user can accept the invitation, false otherwise.</returns>
+    public bool CanAcceptInvitation(bool twoFactorEnabled, Guid organizationId) =>
+        twoFactorEnabled ||
+        !_policyDetails.Any(p => p.OrganizationId == organizationId &&
+            (p.OrganizationUserStatus is
+                OrganizationUserStatusType.Invited or
+                OrganizationUserStatusType.Accepted or
+                OrganizationUserStatusType.Confirmed));
+
+
+    /// <summary>
+    /// Determines if the user can be confirmed in an organization.
+    /// </summary>
+    /// <param name="twoFactorEnabled">Whether the user has two-step login enabled.</param>
+    /// <param name="organizationId">The ID of the organization.</param>
+    /// <returns>True if the user can be confirmed, false otherwise.</returns>
+    public bool CanBeConfirmed(bool twoFactorEnabled, Guid organizationId) =>
+        twoFactorEnabled ||
+        !_policyDetails.Any(p => p.OrganizationId == organizationId &&
+            (p.OrganizationUserStatus is
+                OrganizationUserStatusType.Accepted or
+                OrganizationUserStatusType.Confirmed));
 }

 public class RequireTwoFactorPolicyRequirementFactory : BasePolicyRequirementFactory<RequireTwoFactorPolicyRequirement>
@ -21,9 +51,6 @@ public class RequireTwoFactorPolicyRequirementFactory : BasePolicyRequirementFac

    public override RequireTwoFactorPolicyRequirement Create(IEnumerable<PolicyDetails> policyDetails)
    {
-        return new RequireTwoFactorPolicyRequirement
-        {
-            RequireTwoFactor = policyDetails.Any(p => p.PolicyType == PolicyType.TwoFactorAuthentication)
-        };
+        return new RequireTwoFactorPolicyRequirement(policyDetails);
    }
 }