email user whenever they're removed from org because of 2fa policy (#657)

2025-07-02 16:42:50 -05:00 · 2020-02-27 09:30:04 -05:00
parent 153709fe3b
commit f54ebfdc75
8 changed files with 63 additions and 1 deletions
--- a/src/Core/Services/Implementations/PolicyService.cs
+++ b/src/Core/Services/Implementations/PolicyService.cs
@ -13,17 +13,20 @@ namespace Bit.Core.Services
        private readonly IOrganizationRepository _organizationRepository;
        private readonly IOrganizationUserRepository _organizationUserRepository;
        private readonly IPolicyRepository _policyRepository;
+        private readonly IMailService _mailService;

        public PolicyService(
            IEventService eventService,
            IOrganizationRepository organizationRepository,
            IOrganizationUserRepository organizationUserRepository,
-            IPolicyRepository policyRepository)
+            IPolicyRepository policyRepository,
+            IMailService mailService)
        {
            _eventService = eventService;
            _organizationRepository = organizationRepository;
            _organizationUserRepository = organizationUserRepository;
            _policyRepository = policyRepository;
+            _mailService = mailService;
        }

        public async Task SaveAsync(Policy policy, IUserService userService, IOrganizationService organizationService,
@ -52,6 +55,7 @@ namespace Bit.Core.Services
                {
                    if(currentPolicy.Type == Enums.PolicyType.TwoFactorAuthentication)
                    {
+                        Organization organization = null;
                        var orgUsers = await _organizationUserRepository.GetManyDetailsByOrganizationAsync(
                            policy.OrganizationId);
                        foreach(var orgUser in orgUsers.Where(ou =>
@ -60,8 +64,14 @@ namespace Bit.Core.Services
                        {
                            if(orgUser.UserId != savingUserId && !await userService.TwoFactorIsEnabledAsync(orgUser))
                            {
+                                if(organization == null)
+                                {
+                                    organization = await _organizationRepository.GetByIdAsync(policy.OrganizationId);
+                                }
                                await organizationService.DeleteUserAsync(policy.OrganizationId, orgUser.Id,
                                    savingUserId);
+                                await _mailService.SendOrganizationUserRemovedForPolicyTwoStepEmailAsync(
+                                    organization.Name, orgUser.Email);
                            }
                        }
                    }