1
0
mirror of https://github.com/bitwarden/browser.git synced 2025-01-04 18:37:45 +01:00

[EC-781] Forcing the user to login to evaluate if the user's password meets the Organization password policy requirements

This commit is contained in:
Rui Tome 2022-12-13 10:53:41 +00:00
parent bdfc2b0839
commit f09d74b4fc
No known key found for this signature in database
GPG Key ID: 526239D96A8EC066
2 changed files with 6 additions and 84 deletions

View File

@ -11,7 +11,7 @@
</p> </p>
</div> </div>
</div> </div>
<div class="container" *ngIf="!loading && !authed"> <div class="container" *ngIf="!loading">
<div class="row justify-content-md-center mt-5"> <div class="row justify-content-md-center mt-5">
<div class="col-5"> <div class="col-5">
<p class="lead text-center mb-4">{{ "joinOrganization" | i18n }}</p> <p class="lead text-center mb-4">{{ "joinOrganization" | i18n }}</p>

View File

@ -1,18 +1,9 @@
import { Component } from "@angular/core"; import { Component } from "@angular/core";
import { ActivatedRoute, Params, Router } from "@angular/router"; import { ActivatedRoute, Params, Router } from "@angular/router";
import { ApiService } from "@bitwarden/common/abstractions/api.service";
import { CryptoService } from "@bitwarden/common/abstractions/crypto.service";
import { I18nService } from "@bitwarden/common/abstractions/i18n.service"; import { I18nService } from "@bitwarden/common/abstractions/i18n.service";
import { LogService } from "@bitwarden/common/abstractions/log.service";
import { OrganizationApiServiceAbstraction } from "@bitwarden/common/abstractions/organization/organization-api.service.abstraction";
import { PlatformUtilsService } from "@bitwarden/common/abstractions/platformUtils.service"; import { PlatformUtilsService } from "@bitwarden/common/abstractions/platformUtils.service";
import { PolicyApiServiceAbstraction } from "@bitwarden/common/abstractions/policy/policy-api.service.abstraction";
import { PolicyService } from "@bitwarden/common/abstractions/policy/policy.service.abstraction";
import { StateService } from "@bitwarden/common/abstractions/state.service"; import { StateService } from "@bitwarden/common/abstractions/state.service";
import { Utils } from "@bitwarden/common/misc/utils";
import { Policy } from "@bitwarden/common/models/domain/policy";
import { OrganizationUserAcceptRequest } from "@bitwarden/common/models/request/organization-user-accept.request";
import { BaseAcceptComponent } from "../common/base.accept.component"; import { BaseAcceptComponent } from "../common/base.accept.component";
@ -30,39 +21,19 @@ export class AcceptOrganizationComponent extends BaseAcceptComponent {
platformUtilsService: PlatformUtilsService, platformUtilsService: PlatformUtilsService,
i18nService: I18nService, i18nService: I18nService,
route: ActivatedRoute, route: ActivatedRoute,
private apiService: ApiService, stateService: StateService
stateService: StateService,
private cryptoService: CryptoService,
private policyApiService: PolicyApiServiceAbstraction,
private policyService: PolicyService,
private logService: LogService,
private organizationApiService: OrganizationApiServiceAbstraction
) { ) {
super(router, platformUtilsService, i18nService, route, stateService); super(router, platformUtilsService, i18nService, route, stateService);
} }
async authedHandler(qParams: Params): Promise<void> { async authedHandler(qParams: Params): Promise<void> {
this.actionPromise = this.prepareAcceptRequest(qParams).then(async (request) => { // Forcing the user to login to evaluate if the user's password meets the Organization password policy requirements
await this.apiService.postOrganizationUserAccept( await this.stateService.setActiveUser(null);
qParams.organizationId, await this.unauthedHandler(qParams);
qParams.organizationUserId,
request
);
});
await this.actionPromise;
this.platformUtilService.showToast(
"success",
this.i18nService.t("inviteAccepted"),
this.i18nService.t("inviteAcceptedDesc"),
{ timeout: 10000 }
);
await this.stateService.setOrganizationInvitation(null);
this.router.navigate(["/vault"]);
} }
async unauthedHandler(qParams: Params): Promise<void> { async unauthedHandler(qParams: Params): Promise<void> {
this.email = qParams.email;
this.orgName = qParams.organizationName; this.orgName = qParams.organizationName;
if (this.orgName != null) { if (this.orgName != null) {
// Fix URL encoding of space issue with Angular // Fix URL encoding of space issue with Angular
@ -70,53 +41,4 @@ export class AcceptOrganizationComponent extends BaseAcceptComponent {
} }
await this.stateService.setOrganizationInvitation(qParams); await this.stateService.setOrganizationInvitation(qParams);
} }
private async prepareAcceptRequest(qParams: Params): Promise<OrganizationUserAcceptRequest> {
const request = new OrganizationUserAcceptRequest();
request.token = qParams.token;
if (await this.performResetPasswordAutoEnroll(qParams)) {
const response = await this.organizationApiService.getKeys(qParams.organizationId);
if (response == null) {
throw new Error(this.i18nService.t("resetPasswordOrgKeysError"));
}
const publicKey = Utils.fromB64ToArray(response.publicKey);
// RSA Encrypt user's encKey.key with organization public key
const encKey = await this.cryptoService.getEncKey();
const encryptedKey = await this.cryptoService.rsaEncrypt(encKey.key, publicKey.buffer);
// Add reset password key to accept request
request.resetPasswordKey = encryptedKey.encryptedString;
}
return request;
}
private async performResetPasswordAutoEnroll(qParams: Params): Promise<boolean> {
let policyList: Policy[] = null;
try {
const policies = await this.policyApiService.getPoliciesByToken(
qParams.organizationId,
qParams.token,
qParams.email,
qParams.organizationUserId
);
policyList = this.policyService.mapPoliciesFromToken(policies);
} catch (e) {
this.logService.error(e);
}
if (policyList != null) {
const result = this.policyService.getResetPasswordPolicyOptions(
policyList,
qParams.organizationId
);
// Return true if policy enabled and auto-enroll enabled
return result[1] && result[0].autoEnrollEnabled;
}
return false;
}
} }