mirror of
https://github.com/bitwarden/server.git
synced 2025-07-01 16:12:49 -05:00
Key Connector feature toggle (#1716)
This commit is contained in:
Oscar Hinton
@ -5,6 +5,6 @@ namespace Bit.Core.Services
|
||||
{
|
||||
public interface ISsoConfigService
|
||||
{
|
||||
Task SaveAsync(SsoConfig config);
|
||||
Task SaveAsync(SsoConfig config, Organization organization);
|
||||
}
|
||||
}
|
||||
|
||||
@ -247,6 +247,16 @@ namespace Bit.Core.Services
|
||||
}
|
||||
}
|
||||
|
||||
if (!newPlan.HasKeyConnector && organization.UseKeyConnector)
|
||||
{
|
||||
var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(organization.Id);
|
||||
if (ssoConfig != null && ssoConfig.GetData().KeyConnectorEnabled)
|
||||
{
|
||||
throw new BadRequestException("Your new plan does not allow the Key Connector feature. " +
|
||||
"Disable your Key Connector.");
|
||||
}
|
||||
}
|
||||
|
||||
if (!newPlan.HasResetPassword && organization.UseResetPassword)
|
||||
{
|
||||
var resetPasswordPolicy =
|
||||
@ -295,6 +305,7 @@ namespace Bit.Core.Services
|
||||
organization.Use2fa = newPlan.Has2fa;
|
||||
organization.UseApi = newPlan.HasApi;
|
||||
organization.UseSso = newPlan.HasSso;
|
||||
organization.UseKeyConnector = newPlan.HasKeyConnector;
|
||||
organization.UseResetPassword = newPlan.HasResetPassword;
|
||||
organization.SelfHost = newPlan.HasSelfHost;
|
||||
organization.UsersGetPremium = newPlan.UsersGetPremium || upgrade.PremiumAccessAddon;
|
||||
@ -687,6 +698,7 @@ namespace Bit.Core.Services
|
||||
MaxStorageGb = _globalSettings.SelfHosted ? 10240 : license.MaxStorageGb, // 10 TB
|
||||
UsePolicies = license.UsePolicies,
|
||||
UseSso = license.UseSso,
|
||||
UseKeyConnector = license.UseKeyConnector,
|
||||
UseGroups = license.UseGroups,
|
||||
UseDirectory = license.UseDirectory,
|
||||
UseEvents = license.UseEvents,
|
||||
@ -865,6 +877,16 @@ namespace Bit.Core.Services
|
||||
}
|
||||
}
|
||||
|
||||
if (!license.UseKeyConnector && organization.UseKeyConnector)
|
||||
{
|
||||
var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(organization.Id);
|
||||
if (ssoConfig != null && ssoConfig.GetData().KeyConnectorEnabled)
|
||||
{
|
||||
throw new BadRequestException($"Your organization currently has Key Connector enabled. " +
|
||||
$"Your new license does not allow for the use of Key Connector. Disable your Key Connector.");
|
||||
}
|
||||
}
|
||||
|
||||
if (!license.UseResetPassword && organization.UseResetPassword)
|
||||
{
|
||||
var resetPasswordPolicy =
|
||||
@ -895,6 +917,7 @@ namespace Bit.Core.Services
|
||||
organization.UseApi = license.UseApi;
|
||||
organization.UsePolicies = license.UsePolicies;
|
||||
organization.UseSso = license.UseSso;
|
||||
organization.UseKeyConnector = license.UseKeyConnector;
|
||||
organization.UseResetPassword = license.UseResetPassword;
|
||||
organization.SelfHost = license.SelfHost;
|
||||
organization.UsersGetPremium = license.UsersGetPremium;
|
||||
@ -2141,7 +2164,7 @@ namespace Bit.Core.Services
|
||||
private async Task ValidateDeleteOrganizationAsync(Organization organization)
|
||||
{
|
||||
var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(organization.Id);
|
||||
if (ssoConfig?.GetData()?.UseKeyConnector == true)
|
||||
if (ssoConfig?.GetData()?.KeyConnectorEnabled == true)
|
||||
{
|
||||
throw new BadRequestException("You cannot delete an Organization that is using Key Connector.");
|
||||
}
|
||||
|
||||
@ -157,7 +157,7 @@ namespace Bit.Core.Services
|
||||
{
|
||||
|
||||
var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(org.Id);
|
||||
if (ssoConfig?.GetData()?.UseKeyConnector == true)
|
||||
if (ssoConfig?.GetData()?.KeyConnectorEnabled == true)
|
||||
{
|
||||
throw new BadRequestException("Key Connector is enabled.");
|
||||
}
|
||||
|
||||
@ -30,7 +30,7 @@ namespace Bit.Core.Services
|
||||
_eventService = eventService;
|
||||
}
|
||||
|
||||
public async Task SaveAsync(SsoConfig config)
|
||||
public async Task SaveAsync(SsoConfig config, Organization organization)
|
||||
{
|
||||
var now = DateTime.UtcNow;
|
||||
config.RevisionDate = now;
|
||||
@ -39,14 +39,14 @@ namespace Bit.Core.Services
|
||||
config.CreationDate = now;
|
||||
}
|
||||
|
||||
var useKeyConnector = config.GetData().UseKeyConnector;
|
||||
var useKeyConnector = config.GetData().KeyConnectorEnabled;
|
||||
if (useKeyConnector)
|
||||
{
|
||||
await VerifyDependenciesAsync(config);
|
||||
await VerifyDependenciesAsync(config, organization);
|
||||
}
|
||||
|
||||
var oldConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(config.OrganizationId);
|
||||
var disabledKeyConnector = oldConfig?.GetData()?.UseKeyConnector == true && !useKeyConnector;
|
||||
var disabledKeyConnector = oldConfig?.GetData()?.KeyConnectorEnabled == true && !useKeyConnector;
|
||||
if (disabledKeyConnector && await AnyOrgUserHasKeyConnectorEnabledAsync(config.OrganizationId))
|
||||
{
|
||||
throw new BadRequestException("Key Connector cannot be disabled at this moment.");
|
||||
@ -63,8 +63,13 @@ namespace Bit.Core.Services
|
||||
return userDetails.Any(u => u.UsesKeyConnector);
|
||||
}
|
||||
|
||||
private async Task VerifyDependenciesAsync(SsoConfig config)
|
||||
private async Task VerifyDependenciesAsync(SsoConfig config, Organization organization)
|
||||
{
|
||||
if (!organization.UseKeyConnector)
|
||||
{
|
||||
throw new BadRequestException("Organization cannot use Key Connector.");
|
||||
}
|
||||
|
||||
var singleOrgPolicy = await _policyRepository.GetByOrganizationIdTypeAsync(config.OrganizationId, PolicyType.SingleOrg);
|
||||
if (singleOrgPolicy is not { Enabled: true })
|
||||
{
|
||||
@ -91,10 +96,10 @@ namespace Bit.Core.Services
|
||||
await _eventService.LogOrganizationEventAsync(organization, e);
|
||||
}
|
||||
|
||||
var useKeyConnector = config.GetData().UseKeyConnector;
|
||||
if (oldConfig?.GetData()?.UseKeyConnector != useKeyConnector)
|
||||
var keyConnectorEnabled = config.GetData().KeyConnectorEnabled;
|
||||
if (oldConfig?.GetData()?.KeyConnectorEnabled != keyConnectorEnabled)
|
||||
{
|
||||
var e = useKeyConnector
|
||||
var e = keyConnectorEnabled
|
||||
? EventType.Organization_EnabledKeyConnector
|
||||
: EventType.Organization_DisabledKeyConnector;
|
||||
await _eventService.LogOrganizationEventAsync(organization, e);
|
||||
|
||||
@ -646,7 +646,7 @@ namespace Bit.Core.Services
|
||||
|
||||
if (user.UsesKeyConnector)
|
||||
{
|
||||
Logger.LogWarning("Already uses key connector.");
|
||||
Logger.LogWarning("Already uses Key Connector.");
|
||||
return IdentityResult.Failed(_identityErrorDescriber.UserAlreadyHasPassword());
|
||||
}
|
||||
|
||||
@ -671,7 +671,7 @@ namespace Bit.Core.Services
|
||||
|
||||
if (user.UsesKeyConnector)
|
||||
{
|
||||
Logger.LogWarning("Already uses key connector.");
|
||||
Logger.LogWarning("Already uses Key Connector.");
|
||||
return IdentityResult.Failed(_identityErrorDescriber.UserAlreadyHasPassword());
|
||||
}
|
||||
|
||||
@ -740,7 +740,7 @@ namespace Bit.Core.Services
|
||||
|
||||
if (user.UsesKeyConnector)
|
||||
{
|
||||
throw new BadRequestException("Cannot reset password of a user with key connector.");
|
||||
throw new BadRequestException("Cannot reset password of a user with Key Connector.");
|
||||
}
|
||||
|
||||
var result = await UpdatePasswordHash(user, newMasterPassword);
|
||||
@ -1387,7 +1387,7 @@ namespace Bit.Core.Services
|
||||
|
||||
if (!user.UsesKeyConnector)
|
||||
{
|
||||
throw new BadRequestException("Not using key connector.");
|
||||
throw new BadRequestException("Not using Key Connector.");
|
||||
}
|
||||
|
||||
var token = await base.GenerateUserTokenAsync(user, TokenOptions.DefaultEmailProvider,
|
||||
|
||||
Reference in New Issue
Block a user