mirror of
https://github.com/bitwarden/browser.git
synced 2025-01-19 20:51:35 +01:00
[EC-781] Forcing the user to login to evaluate if the user's password meets the Organization password policy requirements
This commit is contained in:
parent
bdfc2b0839
commit
f09d74b4fc
@ -11,7 +11,7 @@
|
|||||||
</p>
|
</p>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="container" *ngIf="!loading && !authed">
|
<div class="container" *ngIf="!loading">
|
||||||
<div class="row justify-content-md-center mt-5">
|
<div class="row justify-content-md-center mt-5">
|
||||||
<div class="col-5">
|
<div class="col-5">
|
||||||
<p class="lead text-center mb-4">{{ "joinOrganization" | i18n }}</p>
|
<p class="lead text-center mb-4">{{ "joinOrganization" | i18n }}</p>
|
||||||
|
@ -1,18 +1,9 @@
|
|||||||
import { Component } from "@angular/core";
|
import { Component } from "@angular/core";
|
||||||
import { ActivatedRoute, Params, Router } from "@angular/router";
|
import { ActivatedRoute, Params, Router } from "@angular/router";
|
||||||
|
|
||||||
import { ApiService } from "@bitwarden/common/abstractions/api.service";
|
|
||||||
import { CryptoService } from "@bitwarden/common/abstractions/crypto.service";
|
|
||||||
import { I18nService } from "@bitwarden/common/abstractions/i18n.service";
|
import { I18nService } from "@bitwarden/common/abstractions/i18n.service";
|
||||||
import { LogService } from "@bitwarden/common/abstractions/log.service";
|
|
||||||
import { OrganizationApiServiceAbstraction } from "@bitwarden/common/abstractions/organization/organization-api.service.abstraction";
|
|
||||||
import { PlatformUtilsService } from "@bitwarden/common/abstractions/platformUtils.service";
|
import { PlatformUtilsService } from "@bitwarden/common/abstractions/platformUtils.service";
|
||||||
import { PolicyApiServiceAbstraction } from "@bitwarden/common/abstractions/policy/policy-api.service.abstraction";
|
|
||||||
import { PolicyService } from "@bitwarden/common/abstractions/policy/policy.service.abstraction";
|
|
||||||
import { StateService } from "@bitwarden/common/abstractions/state.service";
|
import { StateService } from "@bitwarden/common/abstractions/state.service";
|
||||||
import { Utils } from "@bitwarden/common/misc/utils";
|
|
||||||
import { Policy } from "@bitwarden/common/models/domain/policy";
|
|
||||||
import { OrganizationUserAcceptRequest } from "@bitwarden/common/models/request/organization-user-accept.request";
|
|
||||||
|
|
||||||
import { BaseAcceptComponent } from "../common/base.accept.component";
|
import { BaseAcceptComponent } from "../common/base.accept.component";
|
||||||
|
|
||||||
@ -30,39 +21,19 @@ export class AcceptOrganizationComponent extends BaseAcceptComponent {
|
|||||||
platformUtilsService: PlatformUtilsService,
|
platformUtilsService: PlatformUtilsService,
|
||||||
i18nService: I18nService,
|
i18nService: I18nService,
|
||||||
route: ActivatedRoute,
|
route: ActivatedRoute,
|
||||||
private apiService: ApiService,
|
stateService: StateService
|
||||||
stateService: StateService,
|
|
||||||
private cryptoService: CryptoService,
|
|
||||||
private policyApiService: PolicyApiServiceAbstraction,
|
|
||||||
private policyService: PolicyService,
|
|
||||||
private logService: LogService,
|
|
||||||
private organizationApiService: OrganizationApiServiceAbstraction
|
|
||||||
) {
|
) {
|
||||||
super(router, platformUtilsService, i18nService, route, stateService);
|
super(router, platformUtilsService, i18nService, route, stateService);
|
||||||
}
|
}
|
||||||
|
|
||||||
async authedHandler(qParams: Params): Promise<void> {
|
async authedHandler(qParams: Params): Promise<void> {
|
||||||
this.actionPromise = this.prepareAcceptRequest(qParams).then(async (request) => {
|
// Forcing the user to login to evaluate if the user's password meets the Organization password policy requirements
|
||||||
await this.apiService.postOrganizationUserAccept(
|
await this.stateService.setActiveUser(null);
|
||||||
qParams.organizationId,
|
await this.unauthedHandler(qParams);
|
||||||
qParams.organizationUserId,
|
|
||||||
request
|
|
||||||
);
|
|
||||||
});
|
|
||||||
|
|
||||||
await this.actionPromise;
|
|
||||||
this.platformUtilService.showToast(
|
|
||||||
"success",
|
|
||||||
this.i18nService.t("inviteAccepted"),
|
|
||||||
this.i18nService.t("inviteAcceptedDesc"),
|
|
||||||
{ timeout: 10000 }
|
|
||||||
);
|
|
||||||
|
|
||||||
await this.stateService.setOrganizationInvitation(null);
|
|
||||||
this.router.navigate(["/vault"]);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
async unauthedHandler(qParams: Params): Promise<void> {
|
async unauthedHandler(qParams: Params): Promise<void> {
|
||||||
|
this.email = qParams.email;
|
||||||
this.orgName = qParams.organizationName;
|
this.orgName = qParams.organizationName;
|
||||||
if (this.orgName != null) {
|
if (this.orgName != null) {
|
||||||
// Fix URL encoding of space issue with Angular
|
// Fix URL encoding of space issue with Angular
|
||||||
@ -70,53 +41,4 @@ export class AcceptOrganizationComponent extends BaseAcceptComponent {
|
|||||||
}
|
}
|
||||||
await this.stateService.setOrganizationInvitation(qParams);
|
await this.stateService.setOrganizationInvitation(qParams);
|
||||||
}
|
}
|
||||||
|
|
||||||
private async prepareAcceptRequest(qParams: Params): Promise<OrganizationUserAcceptRequest> {
|
|
||||||
const request = new OrganizationUserAcceptRequest();
|
|
||||||
request.token = qParams.token;
|
|
||||||
|
|
||||||
if (await this.performResetPasswordAutoEnroll(qParams)) {
|
|
||||||
const response = await this.organizationApiService.getKeys(qParams.organizationId);
|
|
||||||
|
|
||||||
if (response == null) {
|
|
||||||
throw new Error(this.i18nService.t("resetPasswordOrgKeysError"));
|
|
||||||
}
|
|
||||||
|
|
||||||
const publicKey = Utils.fromB64ToArray(response.publicKey);
|
|
||||||
|
|
||||||
// RSA Encrypt user's encKey.key with organization public key
|
|
||||||
const encKey = await this.cryptoService.getEncKey();
|
|
||||||
const encryptedKey = await this.cryptoService.rsaEncrypt(encKey.key, publicKey.buffer);
|
|
||||||
|
|
||||||
// Add reset password key to accept request
|
|
||||||
request.resetPasswordKey = encryptedKey.encryptedString;
|
|
||||||
}
|
|
||||||
return request;
|
|
||||||
}
|
|
||||||
|
|
||||||
private async performResetPasswordAutoEnroll(qParams: Params): Promise<boolean> {
|
|
||||||
let policyList: Policy[] = null;
|
|
||||||
try {
|
|
||||||
const policies = await this.policyApiService.getPoliciesByToken(
|
|
||||||
qParams.organizationId,
|
|
||||||
qParams.token,
|
|
||||||
qParams.email,
|
|
||||||
qParams.organizationUserId
|
|
||||||
);
|
|
||||||
policyList = this.policyService.mapPoliciesFromToken(policies);
|
|
||||||
} catch (e) {
|
|
||||||
this.logService.error(e);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (policyList != null) {
|
|
||||||
const result = this.policyService.getResetPasswordPolicyOptions(
|
|
||||||
policyList,
|
|
||||||
qParams.organizationId
|
|
||||||
);
|
|
||||||
// Return true if policy enabled and auto-enroll enabled
|
|
||||||
return result[1] && result[0].autoEnrollEnabled;
|
|
||||||
}
|
|
||||||
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user