[Reset Password] Admin Actions (#349)

* [Reset Password] Admin Actions * Updated password reset apis to use orgUser.Id instead of orgUser.UserId * Added new ResetPassword policy type * Added all necessary changes for organization changes * Added get/post for org keys // Added org keys reponse model * Fixed lint errors
2024-11-23 11:56:00 +01:00 · 2021-05-19 09:40:48 -05:00 · 2021-05-19 09:40:48 -05:00 · 73ec484b17
commit 73ec484b17
parent c8eca37183
19 changed files with 128 additions and 8 deletions
--- a/src/abstractions/api.service.ts
+++ b/src/abstractions/api.service.ts
@ -31,6 +31,7 @@ import { ImportOrganizationCiphersRequest } from '../models/request/importOrgani
 import { KdfRequest } from '../models/request/kdfRequest';
 import { KeysRequest } from '../models/request/keysRequest';
 import { OrganizationCreateRequest } from '../models/request/organizationCreateRequest';
+import { OrganizationKeysRequest } from '../models/request/organizationKeysRequest';
 import { OrganizationTaxInfoUpdateRequest } from '../models/request/organizationTaxInfoUpdateRequest';
 import { OrganizationUpdateRequest } from '../models/request/organizationUpdateRequest';
 import { OrganizationUpgradeRequest } from '../models/request/organizationUpgradeRequest';
@ -39,6 +40,7 @@ import { OrganizationUserBulkRequest } from '../models/request/organizationUserB
 import { OrganizationUserConfirmRequest } from '../models/request/organizationUserConfirmRequest';
 import { OrganizationUserInviteRequest } from '../models/request/organizationUserInviteRequest';
 import { OrganizationUserResetPasswordEnrollmentRequest } from '../models/request/organizationUserResetPasswordEnrollmentRequest';
+import { OrganizationUserResetPasswordRequest } from '../models/request/organizationUserResetPasswordRequest';
 import { OrganizationUserUpdateGroupsRequest } from '../models/request/organizationUserUpdateGroupsRequest';
 import { OrganizationUserUpdateRequest } from '../models/request/organizationUserUpdateRequest';
 import { PasswordHintRequest } from '../models/request/passwordHintRequest';
@ -98,10 +100,12 @@ import {
 import { IdentityTokenResponse } from '../models/response/identityTokenResponse';
 import { IdentityTwoFactorResponse } from '../models/response/identityTwoFactorResponse';
 import { ListResponse } from '../models/response/listResponse';
+import { OrganizationKeysResponse } from '../models/response/organizationKeysResponse';
 import { OrganizationResponse } from '../models/response/organizationResponse';
 import { OrganizationSubscriptionResponse } from '../models/response/organizationSubscriptionResponse';
 import {
    OrganizationUserDetailsResponse,
+    OrganizationUserResetPasswordDetailsReponse,
    OrganizationUserUserDetailsResponse,
 } from '../models/response/organizationUserResponse';
 import { PaymentResponse } from '../models/response/paymentResponse';
@ -271,6 +275,8 @@ export abstract class ApiService {
    getOrganizationUser: (organizationId: string, id: string) => Promise<OrganizationUserDetailsResponse>;
    getOrganizationUserGroups: (organizationId: string, id: string) => Promise<string[]>;
    getOrganizationUsers: (organizationId: string) => Promise<ListResponse<OrganizationUserUserDetailsResponse>>;
+    getOrganizationUserResetPasswordDetails: (organizationId: string, id: string)
+        => Promise<OrganizationUserResetPasswordDetailsReponse>;
    postOrganizationUserInvite: (organizationId: string, request: OrganizationUserInviteRequest) => Promise<any>;
    postOrganizationUserReinvite: (organizationId: string, id: string) => Promise<any>;
    postManyOrganizationUserReinvite: (organizationId: string, request: OrganizationUserBulkRequest) => Promise<any>;
@ -283,6 +289,8 @@ export abstract class ApiService {
        request: OrganizationUserUpdateGroupsRequest) => Promise<any>;
    putOrganizationUserResetPasswordEnrollment: (organizationId: string, userId: string,
        request: OrganizationUserResetPasswordEnrollmentRequest) => Promise<any>;
+    putOrganizationUserResetPassword: (organizationId: string, id: string,
+        request: OrganizationUserResetPasswordRequest) => Promise<any>;
    deleteOrganizationUser: (organizationId: string, id: string) => Promise<any>;
    deleteManyOrganizationUsers: (organizationId: string, request: OrganizationUserBulkRequest) => Promise<any>;

@ -359,6 +367,8 @@ export abstract class ApiService {
    deleteOrganization: (id: string, request: PasswordVerificationRequest) => Promise<any>;
    getPlans: () => Promise<ListResponse<PlanResponse>>;
    getTaxRates: () => Promise<ListResponse<TaxRateResponse>>;
+    getOrganizationKeys: (id: string) => Promise<OrganizationKeysResponse>;
+    postOrganizationKeys: (id: string, request: OrganizationKeysRequest) => Promise<OrganizationKeysResponse>;

    getEvents: (start: string, end: string, token: string) => Promise<ListResponse<EventResponse>>;
    getEventsCipher: (id: string, start: string, end: string, token: string) => Promise<ListResponse<EventResponse>>;
--- a/src/abstractions/policy.service.ts
+++ b/src/abstractions/policy.service.ts
@ -2,6 +2,7 @@ import { PolicyData } from '../models/data/policyData';

 import { MasterPasswordPolicyOptions } from '../models/domain/masterPasswordPolicyOptions';
 import { Policy } from '../models/domain/policy';
+import { ResetPasswordPolicyOptions } from '../models/domain/resetPasswordPolicyOptions';

 import { PolicyType } from '../enums/policyType';

@ -15,4 +16,5 @@ export abstract class PolicyService {
    getMasterPasswordPolicyOptions: (policies?: Policy[]) => Promise<MasterPasswordPolicyOptions>;
    evaluateMasterPassword: (passwordStrength: number, newPassword: string,
        enforcedPolicyOptions?: MasterPasswordPolicyOptions) => boolean;
+    getResetPasswordPolicyOptions: (policy: Policy) => ResetPasswordPolicyOptions;
 }
--- a/src/enums/permissions.ts
+++ b/src/enums/permissions.ts
@ -9,4 +9,5 @@ export enum Permissions {
    ManageOrganization,
    ManagePolicies,
    ManageUsers,
+    ManageUsersPassword,
 }
--- a/src/enums/policyType.ts
+++ b/src/enums/policyType.ts
@ -7,4 +7,5 @@ export enum PolicyType {
    PersonalOwnership = 5, // Disables personal vault ownership for adding/cloning items
    DisableSend = 6, // Disables the ability to create and edit Bitwarden Sends
    SendOptions = 7, // Sets restrictions or defaults for Bitwarden Sends
+    ResetPassword = 8, // Allows orgs to use reset password : also can enable auto-enrollment during invite flow
 }
--- a/src/models/data/organizationData.ts
+++ b/src/models/data/organizationData.ts
@ -19,6 +19,7 @@ export class OrganizationData {
    useApi: boolean;
    useBusinessPortal: boolean;
    useSso: boolean;
+    useResetPassword: boolean;
    selfHost: boolean;
    usersGetPremium: boolean;
    seats: number;
@ -27,8 +28,9 @@ export class OrganizationData {
    ssoBound: boolean;
    identifier: string;
    permissions: PermissionsApi;
-    resetPasswordKey: string;
+    resetPasswordEnrolled: boolean;
    userId: string;
+    hasPublicAndPrivateKeys: boolean;

    constructor(response: ProfileOrganizationResponse) {
        this.id = response.id;
@ -45,6 +47,7 @@ export class OrganizationData {
        this.useApi = response.useApi;
        this.useBusinessPortal = response.useBusinessPortal;
        this.useSso = response.useSso;
+        this.useResetPassword = response.useResetPassword;
        this.selfHost = response.selfHost;
        this.usersGetPremium = response.usersGetPremium;
        this.seats = response.seats;
@ -53,7 +56,8 @@ export class OrganizationData {
        this.ssoBound = response.ssoBound;
        this.identifier = response.identifier;
        this.permissions = response.permissions;
-        this.resetPasswordKey = response.resetPasswordKey;
+        this.resetPasswordEnrolled = response.resetPasswordEnrolled;
        this.userId = response.userId;
+        this.hasPublicAndPrivateKeys = response.hasPublicAndPrivateKeys;
    }
 }
--- a/src/models/domain/organization.ts
+++ b/src/models/domain/organization.ts
@ -20,6 +20,7 @@ export class Organization {
    useApi: boolean;
    useBusinessPortal: boolean;
    useSso: boolean;
+    useResetPassword: boolean;
    selfHost: boolean;
    usersGetPremium: boolean;
    seats: number;
@ -28,8 +29,9 @@ export class Organization {
    ssoBound: boolean;
    identifier: string;
    permissions: PermissionsApi;
-    resetPasswordKey: string;
+    resetPasswordEnrolled: boolean;
    userId: string;
+    hasPublicAndPrivateKeys: boolean;

    constructor(obj?: OrganizationData) {
        if (obj == null) {
@ -50,6 +52,7 @@ export class Organization {
        this.useApi = obj.useApi;
        this.useBusinessPortal = obj.useBusinessPortal;
        this.useSso = obj.useSso;
+        this.useResetPassword = obj.useResetPassword;
        this.selfHost = obj.selfHost;
        this.usersGetPremium = obj.usersGetPremium;
        this.seats = obj.seats;
@ -58,8 +61,9 @@ export class Organization {
        this.ssoBound = obj.ssoBound;
        this.identifier = obj.identifier;
        this.permissions = obj.permissions;
-        this.resetPasswordKey = obj.resetPasswordKey;
+        this.resetPasswordEnrolled = obj.resetPasswordEnrolled;
        this.userId = obj.userId;
+        this.hasPublicAndPrivateKeys = obj.hasPublicAndPrivateKeys;
    }

    get canAccess() {
@ -122,7 +126,7 @@ export class Organization {
        return this.isAdmin || this.permissions.manageUsers;
    }

-    get isResetPasswordEnrolled() {
-        return this.resetPasswordKey != null;
+    get canManageUsersPassword() {
+        return this.isAdmin || this.permissions.manageResetPassword;
    }
 }
--- a/src/models/domain/resetPasswordPolicyOptions.ts
+++ b/src/models/domain/resetPasswordPolicyOptions.ts
@ -0,0 +1,5 @@
+import Domain from './domainBase';
+
+export class ResetPasswordPolicyOptions extends Domain {
+    autoEnrollEnabled: boolean = false;
+}
--- a/src/models/request/organizationCreateRequest.ts
+++ b/src/models/request/organizationCreateRequest.ts
@ -1,12 +1,15 @@
 import { PaymentMethodType } from '../../enums/paymentMethodType';
 import { PlanType } from '../../enums/planType';

+import { OrganizationKeysRequest } from './organizationKeysRequest';
+
 export class OrganizationCreateRequest {
    name: string;
    businessName: string;
    billingEmail: string;
    planType: PlanType;
    key: string;
+    keys: OrganizationKeysRequest;
    paymentMethodType: PaymentMethodType;
    paymentToken: string;
    additionalSeats: number;
--- a/src/models/request/organizationKeysRequest.ts
+++ b/src/models/request/organizationKeysRequest.ts
@ -0,0 +1,7 @@
+import { KeysRequest } from './keysRequest';
+
+export class OrganizationKeysRequest extends KeysRequest {
+    constructor(publicKey: string, encryptedPrivateKey: string) {
+        super(publicKey, encryptedPrivateKey);
+    }
+}
--- a/src/models/request/organizationUpdateRequest.ts
+++ b/src/models/request/organizationUpdateRequest.ts
@ -1,6 +1,9 @@
+import { OrganizationKeysRequest } from './organizationKeysRequest';
+
 export class OrganizationUpdateRequest {
    name: string;
    identifier: string;
    businessName: string;
    billingEmail: string;
+    keys: OrganizationKeysRequest;
 }
--- a/src/models/request/organizationUpgradeRequest.ts
+++ b/src/models/request/organizationUpgradeRequest.ts
@ -1,5 +1,7 @@
 import { PlanType } from '../../enums/planType';

+import { OrganizationKeysRequest } from './organizationKeysRequest';
+
 export class OrganizationUpgradeRequest {
    businessName: string;
    planType: PlanType;
@ -8,4 +10,5 @@ export class OrganizationUpgradeRequest {
    premiumAccessAddon: boolean;
    billingAddressCountry: string;
    billingAddressPostalCode: string;
+    keys: OrganizationKeysRequest;
 }
--- a/src/models/request/organizationUserResetPasswordRequest.ts
+++ b/src/models/request/organizationUserResetPasswordRequest.ts
@ -0,0 +1,4 @@
+export class OrganizationUserResetPasswordRequest {
+    newMasterPasswordHash: string;
+    key: string;
+}
--- a/src/models/response/organizationKeysResponse.ts
+++ b/src/models/response/organizationKeysResponse.ts
@ -0,0 +1,7 @@
+import { KeysResponse } from './keysResponse';
+
+export class OrganizationKeysResponse extends KeysResponse {
+    constructor(response: any) {
+        super(response);
+    }
+}
--- a/src/models/response/organizationResponse.ts
+++ b/src/models/response/organizationResponse.ts
@ -25,6 +25,8 @@ export class OrganizationResponse extends BaseResponse {
    useTotp: boolean;
    use2fa: boolean;
    useApi: boolean;
+    useResetPassword: boolean;
+    hasPublicAndPrivateKeys: boolean;

    constructor(response: any) {
        super(response);
@ -50,5 +52,7 @@ export class OrganizationResponse extends BaseResponse {
        this.useTotp = this.getResponseProperty('UseTotp');
        this.use2fa = this.getResponseProperty('Use2fa');
        this.useApi = this.getResponseProperty('UseApi');
+        this.useResetPassword = this.getResponseProperty('UseResetPassword');
+        this.hasPublicAndPrivateKeys = this.getResponseProperty('HasPublicAndPrivateKeys');
    }
 }
--- a/src/models/response/organizationUserResponse.ts
+++ b/src/models/response/organizationUserResponse.ts
@ -3,6 +3,7 @@ import { SelectionReadOnlyResponse } from './selectionReadOnlyResponse';

 import { PermissionsApi } from '../api/permissionsApi';

+import { KdfType } from '../../enums/kdfType';
 import { OrganizationUserStatusType } from '../../enums/organizationUserStatusType';
 import { OrganizationUserType } from '../../enums/organizationUserType';

@ -13,6 +14,7 @@ export class OrganizationUserResponse extends BaseResponse {
    status: OrganizationUserStatusType;
    accessAll: boolean;
    permissions: PermissionsApi;
+    resetPasswordEnrolled: boolean;

    constructor(response: any) {
        super(response);
@ -22,6 +24,7 @@ export class OrganizationUserResponse extends BaseResponse {
        this.status = this.getResponseProperty('Status');
        this.permissions = new PermissionsApi(this.getResponseProperty('Permissions'));
        this.accessAll = this.getResponseProperty('AccessAll');
+        this.resetPasswordEnrolled = this.getResponseProperty('ResetPasswordEnrolled');
    }
 }

@ -49,3 +52,18 @@ export class OrganizationUserDetailsResponse extends OrganizationUserResponse {
        }
    }
 }
+
+export class OrganizationUserResetPasswordDetailsReponse extends BaseResponse {
+    kdf: KdfType;
+    kdfIterations: number;
+    resetPasswordKey: string;
+    encryptedPrivateKey: string;
+
+    constructor(response: any) {
+        super(response);
+        this.kdf = this.getResponseProperty('Kdf');
+        this.kdfIterations = this.getResponseProperty('KdfIterations');
+        this.resetPasswordKey = this.getResponseProperty('ResetPasswordKey');
+        this.encryptedPrivateKey = this.getResponseProperty('EncryptedPrivateKey');
+    }
+}
--- a/src/models/response/planResponse.ts
+++ b/src/models/response/planResponse.ts
@ -32,6 +32,7 @@ export class PlanResponse extends BaseResponse {
    has2fa: boolean;
    hasApi: boolean;
    hasSso: boolean;
+    hasResetPassword: boolean;
    usersGetPremium: boolean;

    upgradeSortOrder: number;
@ -76,6 +77,7 @@ export class PlanResponse extends BaseResponse {
        this.has2fa = this.getResponseProperty('Has2fa');
        this.hasApi = this.getResponseProperty('HasApi');
        this.hasSso = this.getResponseProperty('HasSso');
+        this.hasResetPassword = this.getResponseProperty('HasResetPassword');
        this.usersGetPremium = this.getResponseProperty('UsersGetPremium');
        this.upgradeSortOrder = this.getResponseProperty('UpgradeSortOrder');
        this.displaySortOrder = this.getResponseProperty('SortOrder');
--- a/src/models/response/profileOrganizationResponse.ts
+++ b/src/models/response/profileOrganizationResponse.ts
@ -16,19 +16,21 @@ export class ProfileOrganizationResponse extends BaseResponse {
    useApi: boolean;
    useBusinessPortal: boolean;
    useSso: boolean;
+    useResetPassword: boolean;
    selfHost: boolean;
    usersGetPremium: boolean;
    seats: number;
    maxCollections: number;
    maxStorageGb?: number;
    key: string;
+    hasPublicAndPrivateKeys: boolean;
    status: OrganizationUserStatusType;
    type: OrganizationUserType;
    enabled: boolean;
    ssoBound: boolean;
    identifier: string;
    permissions: PermissionsApi;
-    resetPasswordKey: string;
+    resetPasswordEnrolled: boolean;
    userId: string;

    constructor(response: any) {
@ -44,19 +46,21 @@ export class ProfileOrganizationResponse extends BaseResponse {
        this.useApi = this.getResponseProperty('UseApi');
        this.useBusinessPortal = this.getResponseProperty('UseBusinessPortal');
        this.useSso = this.getResponseProperty('UseSso');
+        this.useResetPassword = this.getResponseProperty('UseResetPassword');
        this.selfHost = this.getResponseProperty('SelfHost');
        this.usersGetPremium = this.getResponseProperty('UsersGetPremium');
        this.seats = this.getResponseProperty('Seats');
        this.maxCollections = this.getResponseProperty('MaxCollections');
        this.maxStorageGb = this.getResponseProperty('MaxStorageGb');
        this.key = this.getResponseProperty('Key');
+        this.hasPublicAndPrivateKeys = this.getResponseProperty('HasPublicAndPrivateKeys');
        this.status = this.getResponseProperty('Status');
        this.type = this.getResponseProperty('Type');
        this.enabled = this.getResponseProperty('Enabled');
        this.ssoBound = this.getResponseProperty('SsoBound');
        this.identifier = this.getResponseProperty('Identifier');
        this.permissions = new PermissionsApi(this.getResponseProperty('permissions'));
-        this.resetPasswordKey = this.getResponseProperty('ResetPasswordKey');
+        this.resetPasswordEnrolled = this.getResponseProperty('ResetPasswordEnrolled');
        this.userId = this.getResponseProperty('UserId');
    }
 }
--- a/src/services/api.service.ts
+++ b/src/services/api.service.ts
@ -35,6 +35,7 @@ import { ImportOrganizationCiphersRequest } from '../models/request/importOrgani
 import { KdfRequest } from '../models/request/kdfRequest';
 import { KeysRequest } from '../models/request/keysRequest';
 import { OrganizationCreateRequest } from '../models/request/organizationCreateRequest';
+import { OrganizationKeysRequest } from '../models/request/organizationKeysRequest';
 import { OrganizationTaxInfoUpdateRequest } from '../models/request/organizationTaxInfoUpdateRequest';
 import { OrganizationUpdateRequest } from '../models/request/organizationUpdateRequest';
 import { OrganizationUpgradeRequest } from '../models/request/organizationUpgradeRequest';
@ -43,6 +44,7 @@ import { OrganizationUserBulkRequest } from '../models/request/organizationUserB
 import { OrganizationUserConfirmRequest } from '../models/request/organizationUserConfirmRequest';
 import { OrganizationUserInviteRequest } from '../models/request/organizationUserInviteRequest';
 import { OrganizationUserResetPasswordEnrollmentRequest } from '../models/request/organizationUserResetPasswordEnrollmentRequest';
+import { OrganizationUserResetPasswordRequest } from '../models/request/organizationUserResetPasswordRequest';
 import { OrganizationUserUpdateGroupsRequest } from '../models/request/organizationUserUpdateGroupsRequest';
 import { OrganizationUserUpdateRequest } from '../models/request/organizationUserUpdateRequest';
 import { PasswordHintRequest } from '../models/request/passwordHintRequest';
@ -104,10 +106,12 @@ import {
 import { IdentityTokenResponse } from '../models/response/identityTokenResponse';
 import { IdentityTwoFactorResponse } from '../models/response/identityTwoFactorResponse';
 import { ListResponse } from '../models/response/listResponse';
+import { OrganizationKeysResponse } from '../models/response/organizationKeysResponse';
 import { OrganizationResponse } from '../models/response/organizationResponse';
 import { OrganizationSubscriptionResponse } from '../models/response/organizationSubscriptionResponse';
 import {
    OrganizationUserDetailsResponse,
+    OrganizationUserResetPasswordDetailsReponse,
    OrganizationUserUserDetailsResponse,
 } from '../models/response/organizationUserResponse';
 import { PaymentResponse } from '../models/response/paymentResponse';
@ -794,6 +798,13 @@ export class ApiService implements ApiServiceAbstraction {
        return new ListResponse(r, OrganizationUserUserDetailsResponse);
    }

+    async getOrganizationUserResetPasswordDetails(organizationId: string, id: string):
+        Promise<OrganizationUserResetPasswordDetailsReponse> {
+        const r = await this.send('GET', '/organizations/' + organizationId + '/users/' + id +
+            '/reset-password-details', null, true, true);
+        return new OrganizationUserResetPasswordDetailsReponse(r);
+    }
+
    postOrganizationUserInvite(organizationId: string, request: OrganizationUserInviteRequest): Promise<any> {
        return this.send('POST', '/organizations/' + organizationId + '/users/invite', request, true, false);
    }
@ -832,6 +843,12 @@ export class ApiService implements ApiServiceAbstraction {
            request, true, false);
    }

+    putOrganizationUserResetPassword(organizationId: string, id: string,
+        request: OrganizationUserResetPasswordRequest): Promise<any> {
+        return this.send('PUT', '/organizations/' + organizationId + '/users/' + id + '/reset-password',
+            request, true, false);
+    }
+
    deleteOrganizationUser(organizationId: string, id: string): Promise<any> {
        return this.send('DELETE', '/organizations/' + organizationId + '/users/' + id, null, true, false);
    }
@ -1176,6 +1193,16 @@ export class ApiService implements ApiServiceAbstraction {
        return this.send('DELETE', '/organizations/' + id, request, true, false);
    }

+    async getOrganizationKeys(id: string): Promise<OrganizationKeysResponse> {
+        const r = await this.send('GET', '/organizations/' + id + '/keys', null, true, true);
+        return new OrganizationKeysResponse(r);
+    }
+
+    async postOrganizationKeys(id: string, request: OrganizationKeysRequest): Promise<OrganizationKeysResponse> {
+        const r = await this.send('POST', '/organizations/' + id + '/keys', request, true, true);
+        return new OrganizationKeysResponse(r);
+    }
+
    // Event APIs

    async getEvents(start: string, end: string, token: string): Promise<ListResponse<EventResponse>> {
--- a/src/services/policy.service.ts
+++ b/src/services/policy.service.ts
@ -8,6 +8,7 @@ import { MasterPasswordPolicyOptions } from '../models/domain/masterPasswordPoli
 import { Policy } from '../models/domain/policy';

 import { PolicyType } from '../enums/policyType';
+import { ResetPasswordPolicyOptions } from '../models/domain/resetPasswordPolicyOptions';

 const Keys = {
    policiesPrefix: 'policies_',
@ -138,4 +139,14 @@ export class PolicyService implements PolicyServiceAbstraction {

        return true;
    }
+
+    getResetPasswordPolicyOptions(policy: Policy): ResetPasswordPolicyOptions {
+        const resetPasswordPolicyOptions = new ResetPasswordPolicyOptions();
+
+        if (policy != null && policy.enabled && policy.data != null) {
+            resetPasswordPolicyOptions.autoEnrollEnabled = policy.data.autoEnrollEnabled;
+        }
+
+        return resetPasswordPolicyOptions;
+    }
 }