1
0
mirror of https://github.com/bitwarden/server.git synced 2024-12-26 17:37:36 +01:00

Add check to ensure admins or owners arn't enrolled in key connector (#1725)

This commit is contained in:
Oscar Hinton 2021-11-18 21:56:13 +01:00 committed by GitHub
parent 2dc29e51d1
commit 6008715abc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -639,15 +639,10 @@ namespace Bit.Core.Services
public async Task<IdentityResult> SetKeyConnectorKeyAsync(User user, string key, string orgIdentifier)
{
if (user == null)
var identityResult = CheckCanUseKeyConnector(user);
if (identityResult != null)
{
throw new ArgumentNullException(nameof(user));
}
if (user.UsesKeyConnector)
{
Logger.LogWarning("Already uses Key Connector.");
return IdentityResult.Failed(_identityErrorDescriber.UserAlreadyHasPassword());
return identityResult;
}
user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
@ -663,6 +658,24 @@ namespace Bit.Core.Services
}
public async Task<IdentityResult> ConvertToKeyConnectorAsync(User user)
{
var identityResult = CheckCanUseKeyConnector(user);
if (identityResult != null)
{
return identityResult;
}
user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
user.MasterPassword = null;
user.UsesKeyConnector = true;
await _userRepository.ReplaceAsync(user);
await _eventService.LogUserEventAsync(user.Id, EventType.User_MigratedKeyToKeyConnector);
return IdentityResult.Success;
}
private IdentityResult CheckCanUseKeyConnector(User user)
{
if (user == null)
{
@ -675,14 +688,13 @@ namespace Bit.Core.Services
return IdentityResult.Failed(_identityErrorDescriber.UserAlreadyHasPassword());
}
user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
user.MasterPassword = null;
user.UsesKeyConnector = true;
if (_currentContext.Organizations.Any(u =>
u.Type is OrganizationUserType.Owner or OrganizationUserType.Admin))
{
throw new BadRequestException("Cannot use Key Connector when admin or owner of an organization.");
}
await _userRepository.ReplaceAsync(user);
await _eventService.LogUserEventAsync(user.Id, EventType.User_MigratedKeyToKeyConnector);
return IdentityResult.Success;
return null;
}
public async Task<IdentityResult> AdminResetPasswordAsync(OrganizationUserType callingUserType, Guid orgId, Guid id, string newMasterPassword, string key)