From 620a7e0a8d6ab35a383501d18f8961e52f7364c4 Mon Sep 17 00:00:00 2001 From: Shane Melton Date: Wed, 10 May 2023 12:52:08 -0700 Subject: [PATCH] [AC-1145] Add trusted devices option to SSO Config Data (#2909) * [AC-1145] Add TDE feature flag * [AC-1145] Update .gitignore to ignore flags.json in the Api project * [AC-1145] Introduce MemberDecryptionType property on SsoConfigurationData * [AC-1145] Add MemberDecryptionType to the SsoConfigurationDataRequest model * [AC-1145] Automatically enable password reset policy on TDE selection * [AC-1145] Remove references to obsolete KeyConnectorEnabled field * [AC-1145] Formatting * [AC-1145] Update XML doc reference to MemberDecryptionType --- .gitignore | 1 + .../Request/OrganizationSsoRequestModel.cs | 10 ++++-- .../Controllers/OrganizationsController.cs | 14 ++++++-- .../ProfileOrganizationResponseModel.cs | 5 +-- src/Core/Auth/Enums/MemberDecryptionType.cs | 8 +++++ .../Auth/Models/Data/SsoConfigurationData.cs | 20 +++++++++++- .../Implementations/SsoConfigService.cs | 32 ++++++++++++++++--- src/Core/Constants.cs | 1 + .../SelfHostedOrganizationDetails.cs | 3 +- .../Implementations/OrganizationService.cs | 4 +-- .../Services/Implementations/PolicyService.cs | 5 +-- .../CustomTokenRequestValidator.cs | 3 +- .../OrganizationsControllerTests.cs | 11 +++++-- .../Auth/Services/SsoConfigServiceTests.cs | 15 +++++---- .../SelfHostedOrganizationDetailsTests.cs | 5 +-- .../Services/OrganizationServiceTests.cs | 3 +- test/Core.Test/Services/PolicyServiceTests.cs | 3 +- 17 files changed, 112 insertions(+), 31 deletions(-) create mode 100644 src/Core/Auth/Enums/MemberDecryptionType.cs diff --git a/.gitignore b/.gitignore index d36073703..4b798f3b7 100644 --- a/.gitignore +++ b/.gitignore @@ -225,3 +225,4 @@ src/Identity/Identity.zip src/Notifications/Notifications.zip bitwarden_license/src/Portal/Portal.zip bitwarden_license/src/Sso/Sso.zip +src/Api/flags.json diff --git a/src/Api/Auth/Models/Request/OrganizationSsoRequestModel.cs b/src/Api/Auth/Models/Request/OrganizationSsoRequestModel.cs index c5b57eb38..a1a50ed3f 100644 --- a/src/Api/Auth/Models/Request/OrganizationSsoRequestModel.cs +++ b/src/Api/Auth/Models/Request/OrganizationSsoRequestModel.cs @@ -41,8 +41,14 @@ public class SsoConfigurationDataRequest : IValidatableObject [Required] public SsoType ConfigType { get; set; } + public MemberDecryptionType MemberDecryptionType { get; set; } - public bool KeyConnectorEnabled { get; set; } + [Obsolete("Use MemberDecryptionType instead")] + public bool KeyConnectorEnabled + { + // Setter is kept for backwards compatibility with older clients that still use this property. + set { MemberDecryptionType = value ? MemberDecryptionType.KeyConnector : MemberDecryptionType.MasterPassword; } + } public string KeyConnectorUrl { get; set; } // OIDC @@ -166,7 +172,7 @@ public class SsoConfigurationDataRequest : IValidatableObject return new SsoConfigurationData { ConfigType = ConfigType, - KeyConnectorEnabled = KeyConnectorEnabled, + MemberDecryptionType = MemberDecryptionType, KeyConnectorUrl = KeyConnectorUrl, Authority = Authority, ClientId = ClientId, diff --git a/src/Api/Controllers/OrganizationsController.cs b/src/Api/Controllers/OrganizationsController.cs index 7a59ceef1..36fdd2a99 100644 --- a/src/Api/Controllers/OrganizationsController.cs +++ b/src/Api/Controllers/OrganizationsController.cs @@ -8,6 +8,8 @@ using Bit.Api.Models.Request.Organizations; using Bit.Api.Models.Response; using Bit.Api.Models.Response.Organizations; using Bit.Api.SecretsManager; +using Bit.Core; +using Bit.Core.Auth.Enums; using Bit.Core.Auth.Repositories; using Bit.Core.Auth.Services; using Bit.Core.Context; @@ -46,6 +48,7 @@ public class OrganizationsController : Controller private readonly IOrganizationApiKeyRepository _organizationApiKeyRepository; private readonly IUpdateOrganizationLicenseCommand _updateOrganizationLicenseCommand; private readonly ICloudGetOrganizationLicenseQuery _cloudGetOrganizationLicenseQuery; + private readonly IFeatureService _featureService; private readonly GlobalSettings _globalSettings; public OrganizationsController( @@ -65,6 +68,7 @@ public class OrganizationsController : Controller IOrganizationApiKeyRepository organizationApiKeyRepository, IUpdateOrganizationLicenseCommand updateOrganizationLicenseCommand, ICloudGetOrganizationLicenseQuery cloudGetOrganizationLicenseQuery, + IFeatureService featureService, GlobalSettings globalSettings) { _organizationRepository = organizationRepository; @@ -83,6 +87,7 @@ public class OrganizationsController : Controller _organizationApiKeyRepository = organizationApiKeyRepository; _updateOrganizationLicenseCommand = updateOrganizationLicenseCommand; _cloudGetOrganizationLicenseQuery = cloudGetOrganizationLicenseQuery; + _featureService = featureService; _globalSettings = globalSettings; } @@ -391,8 +396,7 @@ public class OrganizationsController : Controller var user = await _userService.GetUserByPrincipalAsync(User); var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(orgGuidId); - if (ssoConfig?.GetData()?.KeyConnectorEnabled == true && - user.UsesKeyConnector) + if (ssoConfig?.GetData()?.MemberDecryptionType == MemberDecryptionType.KeyConnector && user.UsesKeyConnector) { throw new BadRequestException("Your organization's Single Sign-On settings prevent you from leaving."); } @@ -678,6 +682,12 @@ public class OrganizationsController : Controller throw new NotFoundException(); } + if (model.Data.MemberDecryptionType == MemberDecryptionType.TrustedDeviceEncryption && + !_featureService.IsEnabled(FeatureFlagKeys.TrustedDeviceEncryption, _currentContext)) + { + throw new BadRequestException(nameof(model.Data.MemberDecryptionType), "Invalid member decryption type."); + } + var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(id); ssoConfig = ssoConfig == null ? model.ToSsoConfig(id) : model.ToSsoConfig(ssoConfig); organization.Identifier = model.Identifier; diff --git a/src/Api/Models/Response/ProfileOrganizationResponseModel.cs b/src/Api/Models/Response/ProfileOrganizationResponseModel.cs index 20737bb67..215fc7a23 100644 --- a/src/Api/Models/Response/ProfileOrganizationResponseModel.cs +++ b/src/Api/Models/Response/ProfileOrganizationResponseModel.cs @@ -1,4 +1,5 @@ -using Bit.Core.Auth.Models.Data; +using Bit.Core.Auth.Enums; +using Bit.Core.Auth.Models.Data; using Bit.Core.Enums; using Bit.Core.Enums.Provider; using Bit.Core.Models.Api; @@ -62,7 +63,7 @@ public class ProfileOrganizationResponseModel : ResponseModel if (organization.SsoConfig != null) { var ssoConfigData = SsoConfigurationData.Deserialize(organization.SsoConfig); - KeyConnectorEnabled = ssoConfigData.KeyConnectorEnabled && !string.IsNullOrEmpty(ssoConfigData.KeyConnectorUrl); + KeyConnectorEnabled = ssoConfigData.MemberDecryptionType == MemberDecryptionType.KeyConnector && !string.IsNullOrEmpty(ssoConfigData.KeyConnectorUrl); KeyConnectorUrl = ssoConfigData.KeyConnectorUrl; } } diff --git a/src/Core/Auth/Enums/MemberDecryptionType.cs b/src/Core/Auth/Enums/MemberDecryptionType.cs new file mode 100644 index 000000000..ac302d6cd --- /dev/null +++ b/src/Core/Auth/Enums/MemberDecryptionType.cs @@ -0,0 +1,8 @@ +namespace Bit.Core.Auth.Enums; + +public enum MemberDecryptionType +{ + MasterPassword = 0, + KeyConnector = 1, + TrustedDeviceEncryption = 2 +} diff --git a/src/Core/Auth/Models/Data/SsoConfigurationData.cs b/src/Core/Auth/Models/Data/SsoConfigurationData.cs index ad5189632..d434661af 100644 --- a/src/Core/Auth/Models/Data/SsoConfigurationData.cs +++ b/src/Core/Auth/Models/Data/SsoConfigurationData.cs @@ -22,7 +22,25 @@ public class SsoConfigurationData public SsoType ConfigType { get; set; } - public bool KeyConnectorEnabled { get; set; } + public MemberDecryptionType MemberDecryptionType { get; set; } + + /// + /// Legacy property to determine if KeyConnector was enabled. + /// Kept for backwards compatibility with old configs that will not have + /// the new when deserialized from the database. + /// + [Obsolete("Use MemberDecryptionType instead")] + public bool KeyConnectorEnabled + { + get => MemberDecryptionType == MemberDecryptionType.KeyConnector; + set + { + if (value) + { + MemberDecryptionType = MemberDecryptionType.KeyConnector; + } + } + } public string KeyConnectorUrl { get; set; } // OIDC diff --git a/src/Core/Auth/Services/Implementations/SsoConfigService.cs b/src/Core/Auth/Services/Implementations/SsoConfigService.cs index 9bb05d241..fb90d5d8d 100644 --- a/src/Core/Auth/Services/Implementations/SsoConfigService.cs +++ b/src/Core/Auth/Services/Implementations/SsoConfigService.cs @@ -1,8 +1,10 @@ using Bit.Core.Auth.Entities; +using Bit.Core.Auth.Enums; using Bit.Core.Auth.Repositories; using Bit.Core.Entities; using Bit.Core.Enums; using Bit.Core.Exceptions; +using Bit.Core.Models.Data.Organizations.Policies; using Bit.Core.Repositories; using Bit.Core.Services; @@ -12,21 +14,30 @@ public class SsoConfigService : ISsoConfigService { private readonly ISsoConfigRepository _ssoConfigRepository; private readonly IPolicyRepository _policyRepository; + private readonly IPolicyService _policyService; private readonly IOrganizationRepository _organizationRepository; private readonly IOrganizationUserRepository _organizationUserRepository; + private readonly IUserService _userService; + private readonly IOrganizationService _organizationService; private readonly IEventService _eventService; public SsoConfigService( ISsoConfigRepository ssoConfigRepository, IPolicyRepository policyRepository, + IPolicyService policyService, IOrganizationRepository organizationRepository, IOrganizationUserRepository organizationUserRepository, + IUserService userService, + IOrganizationService organizationService, IEventService eventService) { _ssoConfigRepository = ssoConfigRepository; _policyRepository = policyRepository; + _policyService = policyService; _organizationRepository = organizationRepository; _organizationUserRepository = organizationUserRepository; + _userService = userService; + _organizationService = organizationService; _eventService = eventService; } @@ -39,19 +50,31 @@ public class SsoConfigService : ISsoConfigService config.CreationDate = now; } - var useKeyConnector = config.GetData().KeyConnectorEnabled; + var useKeyConnector = config.GetData().MemberDecryptionType == MemberDecryptionType.KeyConnector; if (useKeyConnector) { await VerifyDependenciesAsync(config, organization); } var oldConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(config.OrganizationId); - var disabledKeyConnector = oldConfig?.GetData()?.KeyConnectorEnabled == true && !useKeyConnector; + var disabledKeyConnector = oldConfig?.GetData()?.MemberDecryptionType == MemberDecryptionType.KeyConnector && !useKeyConnector; if (disabledKeyConnector && await AnyOrgUserHasKeyConnectorEnabledAsync(config.OrganizationId)) { throw new BadRequestException("Key Connector cannot be disabled at this moment."); } + // Automatically enable reset password policy if trusted device encryption is selected + if (config.GetData().MemberDecryptionType == MemberDecryptionType.TrustedDeviceEncryption) + { + var resetPolicy = await _policyRepository.GetByOrganizationIdTypeAsync(config.OrganizationId, PolicyType.ResetPassword) ?? + new Policy { OrganizationId = config.OrganizationId, Type = PolicyType.ResetPassword, }; + + resetPolicy.Enabled = true; + resetPolicy.SetDataModel(new ResetPasswordDataModel { AutoEnrollEnabled = true }); + + await _policyService.SaveAsync(resetPolicy, _userService, _organizationService, null); + } + await LogEventsAsync(config, oldConfig); await _ssoConfigRepository.UpsertAsync(config); } @@ -97,8 +120,9 @@ public class SsoConfigService : ISsoConfigService await _eventService.LogOrganizationEventAsync(organization, e); } - var keyConnectorEnabled = config.GetData().KeyConnectorEnabled; - if (oldConfig?.GetData()?.KeyConnectorEnabled != keyConnectorEnabled) + var keyConnectorEnabled = config.GetData().MemberDecryptionType == MemberDecryptionType.KeyConnector; + var oldKeyConnectorEnabled = oldConfig?.GetData()?.MemberDecryptionType == MemberDecryptionType.KeyConnector; + if (oldKeyConnectorEnabled != keyConnectorEnabled) { var e = keyConnectorEnabled ? EventType.Organization_EnabledKeyConnector diff --git a/src/Core/Constants.cs b/src/Core/Constants.cs index 420edb403..6e905ef7f 100644 --- a/src/Core/Constants.cs +++ b/src/Core/Constants.cs @@ -30,6 +30,7 @@ public static class FeatureFlagKeys public const string SecretsManager = "secrets-manager"; public const string DisplayEuEnvironment = "display-eu-environment"; public const string DisplayLowKdfIterationWarning = "display-kdf-iteration-warning"; + public const string TrustedDeviceEncryption = "trusted-device-encryption"; public static List GetAllKeys() { diff --git a/src/Core/Models/Data/Organizations/SelfHostedOrganizationDetails.cs b/src/Core/Models/Data/Organizations/SelfHostedOrganizationDetails.cs index b5c68bd3f..b503476a1 100644 --- a/src/Core/Models/Data/Organizations/SelfHostedOrganizationDetails.cs +++ b/src/Core/Models/Data/Organizations/SelfHostedOrganizationDetails.cs @@ -1,5 +1,6 @@ using Bit.Core.AdminConsole.Models.OrganizationConnectionConfigs; using Bit.Core.Auth.Entities; +using Bit.Core.Auth.Enums; using Bit.Core.Entities; using Bit.Core.Enums; using Bit.Core.Models.Business; @@ -56,7 +57,7 @@ public class SelfHostedOrganizationDetails : Organization } if (!license.UseKeyConnector && UseKeyConnector && SsoConfig?.Data != null && - SsoConfig.GetData().KeyConnectorEnabled) + SsoConfig.GetData().MemberDecryptionType == MemberDecryptionType.KeyConnector) { exception = $"Your organization currently has Key Connector enabled. " + $"Your new license does not allow for the use of Key Connector. Disable your Key Connector."; diff --git a/src/Core/Services/Implementations/OrganizationService.cs b/src/Core/Services/Implementations/OrganizationService.cs index bad0b347a..428b9481c 100644 --- a/src/Core/Services/Implementations/OrganizationService.cs +++ b/src/Core/Services/Implementations/OrganizationService.cs @@ -262,7 +262,7 @@ public class OrganizationService : IOrganizationService if (!newPlan.HasKeyConnector && organization.UseKeyConnector) { var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(organization.Id); - if (ssoConfig != null && ssoConfig.GetData().KeyConnectorEnabled) + if (ssoConfig != null && ssoConfig.GetData().MemberDecryptionType == MemberDecryptionType.KeyConnector) { throw new BadRequestException("Your new plan does not allow the Key Connector feature. " + "Disable your Key Connector."); @@ -2153,7 +2153,7 @@ public class OrganizationService : IOrganizationService private async Task ValidateDeleteOrganizationAsync(Organization organization) { var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(organization.Id); - if (ssoConfig?.GetData()?.KeyConnectorEnabled == true) + if (ssoConfig?.GetData()?.MemberDecryptionType == MemberDecryptionType.KeyConnector) { throw new BadRequestException("You cannot delete an Organization that is using Key Connector."); } diff --git a/src/Core/Services/Implementations/PolicyService.cs b/src/Core/Services/Implementations/PolicyService.cs index 7f1ec3ee0..83020505a 100644 --- a/src/Core/Services/Implementations/PolicyService.cs +++ b/src/Core/Services/Implementations/PolicyService.cs @@ -1,4 +1,5 @@ -using Bit.Core.Auth.Repositories; +using Bit.Core.Auth.Enums; +using Bit.Core.Auth.Repositories; using Bit.Core.Entities; using Bit.Core.Enums; using Bit.Core.Exceptions; @@ -185,7 +186,7 @@ public class PolicyService : IPolicyService { var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(org.Id); - if (ssoConfig?.GetData()?.KeyConnectorEnabled == true) + if (ssoConfig?.GetData()?.MemberDecryptionType == MemberDecryptionType.KeyConnector) { throw new BadRequestException("Key Connector is enabled."); } diff --git a/src/Identity/IdentityServer/CustomTokenRequestValidator.cs b/src/Identity/IdentityServer/CustomTokenRequestValidator.cs index aef5f5c54..2f76291bf 100644 --- a/src/Identity/IdentityServer/CustomTokenRequestValidator.cs +++ b/src/Identity/IdentityServer/CustomTokenRequestValidator.cs @@ -1,4 +1,5 @@ using System.Security.Claims; +using Bit.Core.Auth.Enums; using Bit.Core.Auth.Identity; using Bit.Core.Auth.Models.Business.Tokenables; using Bit.Core.Auth.Repositories; @@ -129,7 +130,7 @@ public class CustomTokenRequestValidator : BaseRequestValidator(); _createOrganizationApiKeyCommand = Substitute.For(); _updateOrganizationLicenseCommand = Substitute.For(); + _featureService = Substitute.For(); _sut = new OrganizationsController(_organizationRepository, _organizationUserRepository, _policyRepository, _providerRepository, _organizationService, _userService, _paymentService, _currentContext, _ssoConfigRepository, _ssoConfigService, _getOrganizationApiKeyQuery, _rotateOrganizationApiKeyCommand, _createOrganizationApiKeyCommand, _organizationApiKeyRepository, _updateOrganizationLicenseCommand, - _cloudGetOrganizationLicenseQuery, _globalSettings); + _cloudGetOrganizationLicenseQuery, _featureService, _globalSettings); } public void Dispose() @@ -82,7 +85,7 @@ public class OrganizationsControllerTests : IDisposable Id = default, Data = new SsoConfigurationData { - KeyConnectorEnabled = true, + MemberDecryptionType = MemberDecryptionType.KeyConnector }.Serialize(), Enabled = true, OrganizationId = orgId, @@ -115,7 +118,9 @@ public class OrganizationsControllerTests : IDisposable Id = default, Data = new SsoConfigurationData { - KeyConnectorEnabled = keyConnectorEnabled, + MemberDecryptionType = keyConnectorEnabled + ? MemberDecryptionType.KeyConnector + : MemberDecryptionType.MasterPassword }.Serialize(), Enabled = true, OrganizationId = orgId, diff --git a/test/Core.Test/Auth/Services/SsoConfigServiceTests.cs b/test/Core.Test/Auth/Services/SsoConfigServiceTests.cs index eb155cd0a..fdc8217ba 100644 --- a/test/Core.Test/Auth/Services/SsoConfigServiceTests.cs +++ b/test/Core.Test/Auth/Services/SsoConfigServiceTests.cs @@ -1,4 +1,5 @@ using Bit.Core.Auth.Entities; +using Bit.Core.Auth.Enums; using Bit.Core.Auth.Models.Data; using Bit.Core.Auth.Repositories; using Bit.Core.Auth.Services; @@ -83,7 +84,7 @@ public class SsoConfigServiceTests Id = 1, Data = new SsoConfigurationData { - KeyConnectorEnabled = true, + MemberDecryptionType = MemberDecryptionType.KeyConnector }.Serialize(), Enabled = true, OrganizationId = organization.Id, @@ -127,7 +128,7 @@ public class SsoConfigServiceTests Id = 1, Data = new SsoConfigurationData { - KeyConnectorEnabled = true, + MemberDecryptionType = MemberDecryptionType.KeyConnector, }.Serialize(), Enabled = true, OrganizationId = organization.Id, @@ -165,7 +166,7 @@ public class SsoConfigServiceTests Id = default, Data = new SsoConfigurationData { - KeyConnectorEnabled = true, + MemberDecryptionType = MemberDecryptionType.KeyConnector, }.Serialize(), Enabled = true, OrganizationId = organization.Id, @@ -193,7 +194,7 @@ public class SsoConfigServiceTests Id = default, Data = new SsoConfigurationData { - KeyConnectorEnabled = true, + MemberDecryptionType = MemberDecryptionType.KeyConnector, }.Serialize(), Enabled = true, OrganizationId = organization.Id, @@ -227,7 +228,7 @@ public class SsoConfigServiceTests Id = default, Data = new SsoConfigurationData { - KeyConnectorEnabled = true, + MemberDecryptionType = MemberDecryptionType.KeyConnector, }.Serialize(), Enabled = false, OrganizationId = organization.Id, @@ -262,7 +263,7 @@ public class SsoConfigServiceTests Id = default, Data = new SsoConfigurationData { - KeyConnectorEnabled = true, + MemberDecryptionType = MemberDecryptionType.KeyConnector, }.Serialize(), Enabled = true, OrganizationId = organization.Id, @@ -297,7 +298,7 @@ public class SsoConfigServiceTests Id = default, Data = new SsoConfigurationData { - KeyConnectorEnabled = true, + MemberDecryptionType = MemberDecryptionType.KeyConnector, }.Serialize(), Enabled = true, OrganizationId = organization.Id, diff --git a/test/Core.Test/Models/Data/SelfHostedOrganizationDetailsTests.cs b/test/Core.Test/Models/Data/SelfHostedOrganizationDetailsTests.cs index a001454a0..c0ab7b9c4 100644 --- a/test/Core.Test/Models/Data/SelfHostedOrganizationDetailsTests.cs +++ b/test/Core.Test/Models/Data/SelfHostedOrganizationDetailsTests.cs @@ -1,5 +1,6 @@ using Bit.Core.AdminConsole.Models.OrganizationConnectionConfigs; using Bit.Core.Auth.Entities; +using Bit.Core.Auth.Enums; using Bit.Core.Auth.Models.Data; using Bit.Core.Entities; using Bit.Core.Enums; @@ -173,7 +174,7 @@ public class SelfHostedOrganizationDetailsTests { var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license); orgLicense.UseKeyConnector = false; - orgDetails.SsoConfig.SetData(new SsoConfigurationData() { KeyConnectorEnabled = false }); + orgDetails.SsoConfig.SetData(new SsoConfigurationData() { MemberDecryptionType = MemberDecryptionType.MasterPassword }); var result = orgDetails.CanUseLicense(license, out var exception); @@ -318,7 +319,7 @@ public class SelfHostedOrganizationDetailsTests ssoConfig.Enabled = true; ssoConfig.SetData(new SsoConfigurationData() { - KeyConnectorEnabled = true + MemberDecryptionType = MemberDecryptionType.KeyConnector, }); var enabledScimConfig = new ScimConfig() { Enabled = true }; diff --git a/test/Core.Test/Services/OrganizationServiceTests.cs b/test/Core.Test/Services/OrganizationServiceTests.cs index aae8e98ad..5a92bdcdf 100644 --- a/test/Core.Test/Services/OrganizationServiceTests.cs +++ b/test/Core.Test/Services/OrganizationServiceTests.cs @@ -1,5 +1,6 @@ using System.Text.Json; using Bit.Core.Auth.Entities; +using Bit.Core.Auth.Enums; using Bit.Core.Auth.Models.Business; using Bit.Core.Auth.Models.Data; using Bit.Core.Auth.Repositories; @@ -1192,7 +1193,7 @@ public class OrganizationServiceTests SsoConfig ssoConfig) { ssoConfig.Enabled = true; - ssoConfig.SetData(new SsoConfigurationData { KeyConnectorEnabled = true }); + ssoConfig.SetData(new SsoConfigurationData { MemberDecryptionType = MemberDecryptionType.KeyConnector }); var ssoConfigRepository = sutProvider.GetDependency(); var organizationRepository = sutProvider.GetDependency(); var applicationCacheService = sutProvider.GetDependency(); diff --git a/test/Core.Test/Services/PolicyServiceTests.cs b/test/Core.Test/Services/PolicyServiceTests.cs index 992daf4b6..a5b2c9607 100644 --- a/test/Core.Test/Services/PolicyServiceTests.cs +++ b/test/Core.Test/Services/PolicyServiceTests.cs @@ -1,4 +1,5 @@ using Bit.Core.Auth.Entities; +using Bit.Core.Auth.Enums; using Bit.Core.Auth.Models.Data; using Bit.Core.Auth.Repositories; using Bit.Core.Entities; @@ -147,7 +148,7 @@ public class PolicyServiceTests }); var ssoConfig = new SsoConfig { Enabled = true }; - var data = new SsoConfigurationData { KeyConnectorEnabled = true }; + var data = new SsoConfigurationData { MemberDecryptionType = MemberDecryptionType.KeyConnector }; ssoConfig.SetData(data); sutProvider.GetDependency()