[AC-2634] Add device-approvals approve command (#9476)

2024-09-13 01:58:44 +02:00 · 2024-06-04 08:26:53 +10:00 · 2024-06-04 08:26:53 +10:00 · e99fd44eed
commit e99fd44eed
parent edecec56de
2 changed files with 56 additions and 7 deletions
--- a/bitwarden_license/bit-cli/src/admin-console/device-approval/approve.command.ts
+++ b/bitwarden_license/bit-cli/src/admin-console/device-approval/approve.command.ts
@ -1,9 +1,54 @@
+import { firstValueFrom } from "rxjs";
+
 import { Response } from "@bitwarden/cli/models/response";
+import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
+import { Utils } from "@bitwarden/common/platform/misc/utils";
+
+import { OrganizationAuthRequestService } from "../../../../bit-common/src/admin-console/auth-requests";

 export class ApproveCommand {
-  constructor() {}
+  constructor(
+    private organizationService: OrganizationService,
+    private organizationAuthRequestService: OrganizationAuthRequestService,
+  ) {}

-  async run(id: string): Promise<Response> {
-    throw new Error("Not implemented");
+  async run(organizationId: string, id: string): Promise<Response> {
+    if (organizationId != null) {
+      organizationId = organizationId.toLowerCase();
+    }
+
+    if (!Utils.isGuid(organizationId)) {
+      return Response.badRequest("`" + organizationId + "` is not a GUID.");
+    }
+
+    if (id != null) {
+      id = id.toLowerCase();
+    }
+
+    if (!Utils.isGuid(id)) {
+      return Response.badRequest("`" + id + "` is not a GUID.");
+    }
+
+    const organization = await firstValueFrom(this.organizationService.get$(organizationId));
+    if (!organization?.canManageUsersPassword) {
+      return Response.error(
+        "You do not have permission to approve pending device authorization requests.",
+      );
+    }
+
+    try {
+      const pendingRequests =
+        await this.organizationAuthRequestService.listPendingRequests(organizationId);
+
+      const request = pendingRequests.find((r) => r.id == id);
+      if (request == null) {
+        return Response.error("Invalid request id");
+      }
+
+      await this.organizationAuthRequestService.approvePendingRequest(organizationId, request);
+      return Response.success();
+    } catch (e) {
+      return Response.error(e);
+    }
  }
 }
--- a/bitwarden_license/bit-cli/src/admin-console/device-approval/device-approval.program.ts
+++ b/bitwarden_license/bit-cli/src/admin-console/device-approval/device-approval.program.ts
@ -49,14 +49,18 @@ export class DeviceApprovalProgram extends BaseProgram {

  private approveCommand(): Command {
    return new Command("approve")
-      .argument("<id>")
+      .argument("<organizationId>", "The id of the organization")
+      .argument("<requestId>", "The id of the request to approve")
      .description("Approve a pending request")
-      .action(async (id: string) => {
+      .action(async (organizationId: string, id: string) => {
        await this.exitIfFeatureFlagDisabled(FeatureFlag.BulkDeviceApproval);
        await this.exitIfLocked();

-        const cmd = new ApproveCommand();
-        const response = await cmd.run(id);
+        const cmd = new ApproveCommand(
+          this.serviceContainer.organizationService,
+          this.serviceContainer.organizationAuthRequestService,
+        );
+        const response = await cmd.run(organizationId, id);
        this.processResponse(response);
      });
  }