Add device-approval deny and deny-all commands (#9474)

2025-02-16 01:21:48 +01:00 · 2024-06-04 08:34:51 +10:00 · 2024-06-04 08:34:51 +10:00 · 90812e0ef5
commit 90812e0ef5
parent e99fd44eed
3 changed files with 94 additions and 10 deletions
--- a/bitwarden_license/bit-cli/src/admin-console/device-approval/deny-all.command.ts
+++ b/bitwarden_license/bit-cli/src/admin-console/device-approval/deny-all.command.ts
@ -1,9 +1,49 @@
+import { firstValueFrom } from "rxjs";
+
 import { Response } from "@bitwarden/cli/models/response";
+import { MessageResponse } from "@bitwarden/cli/models/response/message.response";
+import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
+import { Utils } from "@bitwarden/common/platform/misc/utils";
+
+import { OrganizationAuthRequestService } from "../../../../bit-common/src/admin-console/auth-requests";

 export class DenyAllCommand {
-  constructor() {}
+  constructor(
+    private organizationService: OrganizationService,
+    private organizationAuthRequestService: OrganizationAuthRequestService,
+  ) {}

  async run(organizationId: string): Promise<Response> {
-    throw new Error("Not implemented");
+    if (organizationId != null) {
+      organizationId = organizationId.toLowerCase();
+    }
+
+    if (!Utils.isGuid(organizationId)) {
+      return Response.badRequest("`" + organizationId + "` is not a GUID.");
+    }
+
+    const organization = await firstValueFrom(this.organizationService.get$(organizationId));
+    if (!organization?.canManageUsersPassword) {
+      return Response.error(
+        "You do not have permission to approve pending device authorization requests.",
+      );
+    }
+
+    try {
+      const pendingRequests =
+        await this.organizationAuthRequestService.listPendingRequests(organizationId);
+      if (pendingRequests.length == 0) {
+        const res = new MessageResponse("No pending device authorization requests to deny.", null);
+        return Response.success(res);
+      }
+
+      await this.organizationAuthRequestService.denyPendingRequests(
+        organizationId,
+        ...pendingRequests.map((r) => r.id),
+      );
+      return Response.success();
+    } catch (e) {
+      return Response.error(e);
+    }
  }
 }
--- a/bitwarden_license/bit-cli/src/admin-console/device-approval/deny.command.ts
+++ b/bitwarden_license/bit-cli/src/admin-console/device-approval/deny.command.ts
@ -1,9 +1,46 @@
+import { firstValueFrom } from "rxjs";
+
 import { Response } from "@bitwarden/cli/models/response";
+import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
+import { Utils } from "@bitwarden/common/platform/misc/utils";
+
+import { OrganizationAuthRequestService } from "../../../../bit-common/src/admin-console/auth-requests";

 export class DenyCommand {
-  constructor() {}
+  constructor(
+    private organizationService: OrganizationService,
+    private organizationAuthRequestService: OrganizationAuthRequestService,
+  ) {}

-  async run(id: string): Promise<Response> {
-    throw new Error("Not implemented");
+  async run(organizationId: string, id: string): Promise<Response> {
+    if (organizationId != null) {
+      organizationId = organizationId.toLowerCase();
+    }
+
+    if (!Utils.isGuid(organizationId)) {
+      return Response.badRequest("`" + organizationId + "` is not a GUID.");
+    }
+
+    if (id != null) {
+      id = id.toLowerCase();
+    }
+
+    if (!Utils.isGuid(id)) {
+      return Response.badRequest("`" + id + "` is not a GUID.");
+    }
+
+    const organization = await firstValueFrom(this.organizationService.get$(organizationId));
+    if (!organization?.canManageUsersPassword) {
+      return Response.error(
+        "You do not have permission to approve pending device authorization requests.",
+      );
+    }
+
+    try {
+      await this.organizationAuthRequestService.denyPendingRequests(organizationId, id);
+      return Response.success();
+    } catch (e) {
+      return Response.error(e);
+    }
  }
 }
--- a/bitwarden_license/bit-cli/src/admin-console/device-approval/device-approval.program.ts
+++ b/bitwarden_license/bit-cli/src/admin-console/device-approval/device-approval.program.ts
@ -84,14 +84,18 @@ export class DeviceApprovalProgram extends BaseProgram {

  private denyCommand(): Command {
    return new Command("deny")
-      .argument("<id>")
+      .argument("<organizationId>", "The id of the organization")
+      .argument("<requestId>", "The id of the request to deny")
      .description("Deny a pending request")
-      .action(async (id: string) => {
+      .action(async (organizationId: string, id: string) => {
        await this.exitIfFeatureFlagDisabled(FeatureFlag.BulkDeviceApproval);
        await this.exitIfLocked();

-        const cmd = new DenyCommand();
-        const response = await cmd.run(id);
+        const cmd = new DenyCommand(
+          this.serviceContainer.organizationService,
+          this.serviceContainer.organizationAuthRequestService,
+        );
+        const response = await cmd.run(organizationId, id);
        this.processResponse(response);
      });
  }
@ -104,7 +108,10 @@ export class DeviceApprovalProgram extends BaseProgram {
        await this.exitIfFeatureFlagDisabled(FeatureFlag.BulkDeviceApproval);
        await this.exitIfLocked();

-        const cmd = new DenyAllCommand();
+        const cmd = new DenyAllCommand(
+          this.serviceContainer.organizationService,
+          this.serviceContainer.organizationAuthRequestService,
+        );
        const response = await cmd.run(organizationId);
        this.processResponse(response);
      });