Forgot to remove compliant users from the list. (#5241)

2025-04-05 13:08:17 -05:00 · 2025-01-09 14:13:29 -06:00 · 2025-01-09 14:13:29 -06:00 · fd195e7cf3
commit fd195e7cf3
parent f753829559
2 changed files with 12 additions and 5 deletions
--- a/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyValidators/TwoFactorAuthenticationPolicyValidator.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyValidators/TwoFactorAuthenticationPolicyValidator.cs
@ -87,16 +87,23 @@ public class TwoFactorAuthenticationPolicyValidator : IPolicyValidator
            return;
        }
-        var organizationUsersTwoFactorEnabled =
+        var revocableUsersWithTwoFactorStatus =
            await _twoFactorIsEnabledQuery.TwoFactorIsEnabledAsync(currentActiveRevocableOrganizationUsers);
-        if (NonCompliantMembersWillLoseAccess(currentActiveRevocableOrganizationUsers, organizationUsersTwoFactorEnabled))
+        var nonCompliantUsers = revocableUsersWithTwoFactorStatus.Where(x => !x.twoFactorIsEnabled);
        if (!nonCompliantUsers.Any())
        {
            return;
        }
        if (MembersWithNoMasterPasswordWillLoseAccess(currentActiveRevocableOrganizationUsers, nonCompliantUsers))
        {
            throw new BadRequestException(NonCompliantMembersWillLoseAccessMessage);
        }
        var commandResult = await _revokeNonCompliantOrganizationUserCommand.RevokeNonCompliantOrganizationUsersAsync(
-            new RevokeOrganizationUsersRequest(organizationId, currentActiveRevocableOrganizationUsers, performedBy));
+            new RevokeOrganizationUsersRequest(organizationId, nonCompliantUsers.Select(x => x.user), performedBy));
        if (commandResult.HasErrors)
        {
@ -141,7 +148,7 @@ public class TwoFactorAuthenticationPolicyValidator : IPolicyValidator
        }
    }
-    private static bool NonCompliantMembersWillLoseAccess(
+    private static bool MembersWithNoMasterPasswordWillLoseAccess(
        IEnumerable<OrganizationUserUserDetails> orgUserDetails,
        IEnumerable<(OrganizationUserUserDetails user, bool isTwoFactorEnabled)> organizationUsersTwoFactorEnabled) =>
            orgUserDetails.Any(x =>
--- a/test/Core.Test/AdminConsole/OrganizationFeatures/Policies/PolicyValidators/TwoFactorAuthenticationPolicyValidatorTests.cs
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/Policies/PolicyValidators/TwoFactorAuthenticationPolicyValidatorTests.cs
@ -336,7 +336,7 @@ public class TwoFactorAuthenticationPolicyValidatorTests
            .TwoFactorIsEnabledAsync(Arg.Any<IEnumerable<OrganizationUserUserDetails>>())
            .Returns(new List<(OrganizationUserUserDetails user, bool hasTwoFactor)>()
            {
-                (orgUserDetailUserWithout2Fa, true),
+                (orgUserDetailUserWithout2Fa, false)
            });
        sutProvider.GetDependency<IRevokeNonCompliantOrganizationUserCommand>()