Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-23 12:25:16 +01:00
Code Issues Projects Releases Wiki Activity

enable email 2fa if joining an org with policy (#658)

Browse Source
This commit is contained in:
Kyle Spearrin 2020-02-28 09:14:33 -05:00 committed by GitHub
parent 0b9125be9c
commit 621192b701
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 42 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
src/Core/Services/Implementations/UserService.cs
View File

@ -261,6 +261,29 @@ namespace Bit.Core.Services
throw new BadRequestException("Open registration has been disabled by the system administrator."); throw new BadRequestException("Open registration has been disabled by the system administrator.");
} }
if(orgUserId.HasValue)
{
var orgUser = await _organizationUserRepository.GetByIdAsync(orgUserId.Value);
if(orgUser != null)
{
var twoFactorPolicy = await _policyRepository.GetByOrganizationIdTypeAsync(orgUser.OrganizationId,
PolicyType.TwoFactorAuthentication);
if(twoFactorPolicy != null && twoFactorPolicy.Enabled)
{
user.SetTwoFactorProviders(new Dictionary<TwoFactorProviderType, TwoFactorProvider>
{
[TwoFactorProviderType.Email] = new TwoFactorProvider
{
MetaData = new Dictionary<string, object> { ["Email"] = user.Email.ToLowerInvariant() },
Enabled = true
}
});
SetTwoFactorProvider(user, TwoFactorProviderType.Email);
}
}
}
var result = await base.CreateAsync(user, masterPassword); var result = await base.CreateAsync(user, masterPassword);
if(result == IdentityResult.Success) if(result == IdentityResult.Success)
{ {
@ -624,19 +647,7 @@ namespace Bit.Core.Services
public async Task UpdateTwoFactorProviderAsync(User user, TwoFactorProviderType type) public async Task UpdateTwoFactorProviderAsync(User user, TwoFactorProviderType type)
{ {
var providers = user.GetTwoFactorProviders(); SetTwoFactorProvider(user, type);
if(!providers?.ContainsKey(type) ?? true)
{
return;
}
providers[type].Enabled = true;
user.SetTwoFactorProviders(providers);
if(string.IsNullOrWhiteSpace(user.TwoFactorRecoveryCode))
{
user.TwoFactorRecoveryCode = CoreHelpers.SecureRandomString(32, upper: false, special: false);
}
await SaveUserAsync(user); await SaveUserAsync(user);
await _eventService.LogUserEventAsync(user.Id, EventType.User_Updated2fa); await _eventService.LogUserEventAsync(user.Id, EventType.User_Updated2fa);
} }
@ -663,7 +674,7 @@ namespace Bit.Core.Services
{ {
var userOrgs = await _organizationUserRepository.GetManyByUserAsync(user.Id); var userOrgs = await _organizationUserRepository.GetManyByUserAsync(user.Id);
var ownerOrgs = userOrgs.Where(o => o.Type == OrganizationUserType.Owner) var ownerOrgs = userOrgs.Where(o => o.Type == OrganizationUserType.Owner)
.Select(o => o.Id).ToHashSet(); .Select(o => o.OrganizationId).ToHashSet();
foreach(var policy in twoFactorPolicies) foreach(var policy in twoFactorPolicies)
{ {
if(!ownerOrgs.Contains(policy.OrganizationId)) if(!ownerOrgs.Contains(policy.OrganizationId))
@ -1066,5 +1077,22 @@ namespace Bit.Core.Services
return IdentityResult.Success; return IdentityResult.Success;
} }
public void SetTwoFactorProvider(User user, TwoFactorProviderType type)
{
var providers = user.GetTwoFactorProviders();
if(!providers?.ContainsKey(type) ?? true)
{
return;
}
providers[type].Enabled = true;
user.SetTwoFactorProviders(providers);
if(string.IsNullOrWhiteSpace(user.TwoFactorRecoveryCode))
{
user.TwoFactorRecoveryCode = CoreHelpers.SecureRandomString(32, upper: false, special: false);
}
}
} }
} }