1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-27 13:05:23 +01:00

Remove grantor from orgs after takeover

This commit is contained in:
Thomas Rittson 2021-02-05 10:58:39 +10:00
parent 19e7ce8519
commit 0dfe8ea833

View File

@ -17,6 +17,7 @@ namespace Bit.Core.Services
public class EmergencyAccessService : IEmergencyAccessService public class EmergencyAccessService : IEmergencyAccessService
{ {
private readonly IEmergencyAccessRepository _emergencyAccessRepository; private readonly IEmergencyAccessRepository _emergencyAccessRepository;
private readonly IOrganizationUserRepository _organizationUserRepository;
private readonly IUserRepository _userRepository; private readonly IUserRepository _userRepository;
private readonly ICipherRepository _cipherRepository; private readonly ICipherRepository _cipherRepository;
private readonly IMailService _mailService; private readonly IMailService _mailService;
@ -24,18 +25,22 @@ namespace Bit.Core.Services
private readonly IDataProtector _dataProtector; private readonly IDataProtector _dataProtector;
private readonly GlobalSettings _globalSettings; private readonly GlobalSettings _globalSettings;
private readonly IPasswordHasher<User> _passwordHasher; private readonly IPasswordHasher<User> _passwordHasher;
private readonly IOrganizationService _organizationService;
public EmergencyAccessService( public EmergencyAccessService(
IEmergencyAccessRepository emergencyAccessRepository, IEmergencyAccessRepository emergencyAccessRepository,
IOrganizationUserRepository organizationUserRepository,
IUserRepository userRepository, IUserRepository userRepository,
ICipherRepository cipherRepository, ICipherRepository cipherRepository,
IMailService mailService, IMailService mailService,
IUserService userService, IUserService userService,
IPasswordHasher<User> passwordHasher, IPasswordHasher<User> passwordHasher,
IDataProtectionProvider dataProtectionProvider, IDataProtectionProvider dataProtectionProvider,
GlobalSettings globalSettings) GlobalSettings globalSettings,
IOrganizationService organizationService)
{ {
_emergencyAccessRepository = emergencyAccessRepository; _emergencyAccessRepository = emergencyAccessRepository;
_organizationUserRepository = organizationUserRepository;
_userRepository = userRepository; _userRepository = userRepository;
_cipherRepository = cipherRepository; _cipherRepository = cipherRepository;
_mailService = mailService; _mailService = mailService;
@ -43,6 +48,7 @@ namespace Bit.Core.Services
_passwordHasher = passwordHasher; _passwordHasher = passwordHasher;
_dataProtector = dataProtectionProvider.CreateProtector("EmergencyAccessServiceDataProtector"); _dataProtector = dataProtectionProvider.CreateProtector("EmergencyAccessServiceDataProtector");
_globalSettings = globalSettings; _globalSettings = globalSettings;
_organizationService = organizationService;
} }
public async Task<EmergencyAccess> InviteAsync(User invitingUser, string email, EmergencyAccessType type, int waitTime) public async Task<EmergencyAccess> InviteAsync(User invitingUser, string email, EmergencyAccessType type, int waitTime)
@ -261,6 +267,16 @@ namespace Bit.Core.Services
// Disable TwoFactor providers since they will otherwise block logins // Disable TwoFactor providers since they will otherwise block logins
grantor.SetTwoFactorProviders(new Dictionary<TwoFactorProviderType, TwoFactorProvider>()); grantor.SetTwoFactorProviders(new Dictionary<TwoFactorProviderType, TwoFactorProvider>());
await _userRepository.ReplaceAsync(grantor); await _userRepository.ReplaceAsync(grantor);
// Remove grantor from all organisations unless Owner
var orgUser = await _organizationUserRepository.GetManyByUserAsync(grantor.Id);
foreach (var o in orgUser)
{
if (o.Type != OrganizationUserType.Owner)
{
await _organizationService.DeleteUserAsync(o.OrganizationId, grantor.Id);
}
}
} }
public async Task SendNotificationsAsync() public async Task SendNotificationsAsync()