Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-02-01 23:31:41 +01:00
Code Issues Projects Releases Wiki Activity

[Reset Password] Enrollment API, Service, and Model updates (#1245)

Browse Source 
* [Reset Password] Enrollment API, Service and Model updates

* Added conditional check for calling User's ID
This commit is contained in:
Vincent Salucci 2021-03-30 09:48:52 -05:00 committed by GitHub
parent 339292f536
commit 296e3d881d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/Api/Controllers/OrganizationUsersController.cs
View File

@ -180,6 +180,13 @@ namespace Bit.Api.Controllers
var loggedInUserId = _userService.GetProperUserId(User);
await _organizationService.UpdateUserGroupsAsync(organizationUser, model.GroupIds.Select(g => new Guid(g)), loggedInUserId);
}
[HttpPut("{userId}/reset-password-enrollment")]
public async Task PutResetPasswordEnrollment(string orgId, string userId, [FromBody]OrganizationUserResetPasswordEnrollmentRequestModel model)
{
var callingUserId = _userService.GetProperUserId(User);
await _organizationService.UpdateUserResetPasswordEnrollmentAsync(new Guid(orgId), new Guid(userId), model.ResetPasswordKey, callingUserId);
}
[HttpDelete("{id}")]
[HttpPost("{id}/delete")]

2
src/Core/Enums/EventType.cs
View File

@ -43,6 +43,8 @@
OrganizationUser_Removed = 1503,
OrganizationUser_UpdatedGroups = 1504,
OrganizationUser_UnlinkedSso = 1505,
OrganizationUser_ResetPassword_Enroll = 1506,
OrganizationUser_ResetPassword_Withdraw = 1507,
Organization_Updated = 1600,
Organization_PurgedVault = 1601,

5
src/Core/Models/Api/Request/Organizations/OrganizationUserRequestModels.cs
View File

@ -84,4 +84,9 @@ namespace Bit.Core.Models.Api
[Required]
public IEnumerable<string> GroupIds { get; set; }
}
public class OrganizationUserResetPasswordEnrollmentRequestModel
{
public string ResetPasswordKey { get; set; }
}
}

4
src/Core/Models/Api/Response/ProfileOrganizationResponseModel.cs
View File

@ -30,6 +30,8 @@ namespace Bit.Core.Models.Api
SsoBound = !string.IsNullOrWhiteSpace(organization.SsoExternalId);
Identifier = organization.Identifier;
Permissions = CoreHelpers.LoadClassFromJsonData<Permissions>(organization.Permissions);
ResetPasswordKey = organization.ResetPasswordKey;
UserId = organization.UserId?.ToString();
}
public string Id { get; set; }
@ -55,5 +57,7 @@ namespace Bit.Core.Models.Api
public bool SsoBound { get; set; }
public string Identifier { get; set; }
public Permissions Permissions { get; set; }
public string ResetPasswordKey { get; set; }
public string UserId { get; set; }
}
}

1
src/Core/Models/Data/OrganizationUserOrganizationDetails.cs
View File

@ -28,5 +28,6 @@ namespace Bit.Core.Models.Data
public string SsoExternalId { get; set; }
public string Identifier { get; set; }
public string Permissions { get; set; }
public string ResetPasswordKey { get; set; }
}
}

1
src/Core/Models/Data/OrganizationUserUserDetails.cs
View File

@ -22,6 +22,7 @@ namespace Bit.Core.Models.Data
public string ExternalId { get; set; }
public string SsoExternalId { get; set; }
public string Permissions { get; set; }
public string ResetPasswordKey { get; set; }
public Dictionary<TwoFactorProviderType, TwoFactorProvider> GetTwoFactorProviders()
{

1
src/Core/Models/Table/OrganizationUser.cs
View File

@ -11,6 +11,7 @@ namespace Bit.Core.Models.Table
public Guid? UserId { get; set; }
public string Email { get; set; }
public string Key { get; set; }
public string ResetPasswordKey { get; set; }
public OrganizationUserStatusType Status { get; set; }
public OrganizationUserType Type { get; set; }
public bool AccessAll { get; set; }

1
src/Core/Services/IOrganizationService.cs
View File

@ -43,6 +43,7 @@ namespace Bit.Core.Services
Task DeleteUserAsync(Guid organizationId, Guid organizationUserId, Guid? deletingUserId);
Task DeleteUserAsync(Guid organizationId, Guid userId);
Task UpdateUserGroupsAsync(OrganizationUser organizationUser, IEnumerable<Guid> groupIds, Guid? loggedInUserId);
Task UpdateUserResetPasswordEnrollmentAsync(Guid organizationId, Guid organizationUserId, string resetPasswordKey, Guid? callingUserId);
Task<OrganizationLicense> GenerateLicenseAsync(Guid organizationId, Guid installationId);
Task<OrganizationLicense> GenerateLicenseAsync(Organization organization, Guid installationId,
int? version = null);

18
src/Core/Services/Implementations/OrganizationService.cs
View File

@ -1378,6 +1378,24 @@ namespace Bit.Core.Services
await _eventService.LogOrganizationUserEventAsync(organizationUser,
EventType.OrganizationUser_UpdatedGroups);
}
public async Task UpdateUserResetPasswordEnrollmentAsync(Guid organizationId, Guid organizationUserId, string resetPasswordKey, Guid? callingUserId)
{
var orgUser = await _organizationUserRepository.GetByOrganizationAsync(organizationId, organizationUserId);
if (!callingUserId.HasValue || orgUser == null || orgUser.UserId != callingUserId.Value ||
orgUser.Status != OrganizationUserStatusType.Confirmed ||
orgUser.OrganizationId != organizationId)
{
throw new BadRequestException("User not valid.");
}
// TODO - Block certain org types from using this feature?
orgUser.ResetPasswordKey = resetPasswordKey;
await _organizationUserRepository.ReplaceAsync(orgUser);
await _eventService.LogOrganizationUserEventAsync(orgUser, resetPasswordKey != null ?
EventType.OrganizationUser_ResetPassword_Enroll : EventType.OrganizationUser_ResetPassword_Withdraw);
}
public async Task<OrganizationLicense> GenerateLicenseAsync(Guid organizationId, Guid installationId)
{