Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
2025-07-03 09:02:48 -05:00 · 2021-11-09 16:37:32 +01:00
parent f6bc35b2d0
commit fd37cb5a12
62 changed files with 3799 additions and 306 deletions
--- a/src/Core/Services/Implementations/SsoConfigService.cs
+++ b/src/Core/Services/Implementations/SsoConfigService.cs
@ -1,5 +1,7 @@
 using System;
 using System.Threading.Tasks;
+using Bit.Core.Enums;
+using Bit.Core.Exceptions;
 using Bit.Core.Models.Table;
 using Bit.Core.Repositories;

@ -8,11 +10,20 @@ namespace Bit.Core.Services
    public class SsoConfigService : ISsoConfigService
    {
        private readonly ISsoConfigRepository _ssoConfigRepository;
+        private readonly IPolicyRepository _policyRepository;
+        private readonly IOrganizationRepository _organizationRepository;
+        private readonly IEventService _eventService;

        public SsoConfigService(
-            ISsoConfigRepository ssoConfigRepository)
+            ISsoConfigRepository ssoConfigRepository,
+            IPolicyRepository policyRepository,
+            IOrganizationRepository organizationRepository,
+            IEventService eventService)
        {
            _ssoConfigRepository = ssoConfigRepository;
+            _policyRepository = policyRepository;
+            _organizationRepository = organizationRepository;
+            _eventService = eventService;
        }

        public async Task SaveAsync(SsoConfig config)
@ -23,7 +34,49 @@ namespace Bit.Core.Services
            {
                config.CreationDate = now;
            }
+
+            var useKeyConnector = config.GetData().UseKeyConnector;
+            if (useKeyConnector)
+            {
+                await VerifyDependenciesAsync(config);
+            }
+
+            var oldConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(config.OrganizationId);
+            if (oldConfig?.GetData()?.UseKeyConnector == true && !useKeyConnector)
+            {
+                throw new BadRequestException("KeyConnector cannot be disabled at this moment.");
+            }
+
+            await LogEventsAsync(config, oldConfig);
            await _ssoConfigRepository.UpsertAsync(config);
        }
+
+        private async Task VerifyDependenciesAsync(SsoConfig config)
+        {
+            var policy = await _policyRepository.GetByOrganizationIdTypeAsync(config.OrganizationId, PolicyType.SingleOrg);
+            if (policy is not { Enabled: true })
+            {
+                throw new BadRequestException("KeyConnector requires Single Organization to be enabled.");
+            }
+        }
+
+        private async Task LogEventsAsync(SsoConfig config, SsoConfig oldConfig)
+        {
+            var organization = await _organizationRepository.GetByIdAsync(config.OrganizationId);
+            if (oldConfig?.Enabled != config.Enabled)
+            {
+                var e = config.Enabled ? EventType.Organization_EnabledSso : EventType.Organization_DisabledSso;
+                await _eventService.LogOrganizationEventAsync(organization, e);
+            }
+
+            var useKeyConnector = config.GetData().UseKeyConnector;
+            if (oldConfig?.GetData()?.UseKeyConnector != useKeyConnector)
+            {
+                var e = useKeyConnector
+                    ? EventType.Organization_EnabledKeyConnector
+                    : EventType.Organization_DisabledKeyConnector;
+                await _eventService.LogOrganizationEventAsync(organization, e);
+            }
+        }
    }
 }