mirror of
https://github.com/bitwarden/server.git
synced 2024-11-23 12:25:16 +01:00
enable email 2fa if joining an org with policy (#658)
This commit is contained in:
parent
0b9125be9c
commit
621192b701
@ -261,6 +261,29 @@ namespace Bit.Core.Services
|
||||
throw new BadRequestException("Open registration has been disabled by the system administrator.");
|
||||
}
|
||||
|
||||
if(orgUserId.HasValue)
|
||||
{
|
||||
var orgUser = await _organizationUserRepository.GetByIdAsync(orgUserId.Value);
|
||||
if(orgUser != null)
|
||||
{
|
||||
var twoFactorPolicy = await _policyRepository.GetByOrganizationIdTypeAsync(orgUser.OrganizationId,
|
||||
PolicyType.TwoFactorAuthentication);
|
||||
if(twoFactorPolicy != null && twoFactorPolicy.Enabled)
|
||||
{
|
||||
user.SetTwoFactorProviders(new Dictionary<TwoFactorProviderType, TwoFactorProvider>
|
||||
{
|
||||
|
||||
[TwoFactorProviderType.Email] = new TwoFactorProvider
|
||||
{
|
||||
MetaData = new Dictionary<string, object> { ["Email"] = user.Email.ToLowerInvariant() },
|
||||
Enabled = true
|
||||
}
|
||||
});
|
||||
SetTwoFactorProvider(user, TwoFactorProviderType.Email);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
var result = await base.CreateAsync(user, masterPassword);
|
||||
if(result == IdentityResult.Success)
|
||||
{
|
||||
@ -624,19 +647,7 @@ namespace Bit.Core.Services
|
||||
|
||||
public async Task UpdateTwoFactorProviderAsync(User user, TwoFactorProviderType type)
|
||||
{
|
||||
var providers = user.GetTwoFactorProviders();
|
||||
if(!providers?.ContainsKey(type) ?? true)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
providers[type].Enabled = true;
|
||||
user.SetTwoFactorProviders(providers);
|
||||
|
||||
if(string.IsNullOrWhiteSpace(user.TwoFactorRecoveryCode))
|
||||
{
|
||||
user.TwoFactorRecoveryCode = CoreHelpers.SecureRandomString(32, upper: false, special: false);
|
||||
}
|
||||
SetTwoFactorProvider(user, type);
|
||||
await SaveUserAsync(user);
|
||||
await _eventService.LogUserEventAsync(user.Id, EventType.User_Updated2fa);
|
||||
}
|
||||
@ -663,7 +674,7 @@ namespace Bit.Core.Services
|
||||
{
|
||||
var userOrgs = await _organizationUserRepository.GetManyByUserAsync(user.Id);
|
||||
var ownerOrgs = userOrgs.Where(o => o.Type == OrganizationUserType.Owner)
|
||||
.Select(o => o.Id).ToHashSet();
|
||||
.Select(o => o.OrganizationId).ToHashSet();
|
||||
foreach(var policy in twoFactorPolicies)
|
||||
{
|
||||
if(!ownerOrgs.Contains(policy.OrganizationId))
|
||||
@ -1066,5 +1077,22 @@ namespace Bit.Core.Services
|
||||
|
||||
return IdentityResult.Success;
|
||||
}
|
||||
|
||||
public void SetTwoFactorProvider(User user, TwoFactorProviderType type)
|
||||
{
|
||||
var providers = user.GetTwoFactorProviders();
|
||||
if(!providers?.ContainsKey(type) ?? true)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
providers[type].Enabled = true;
|
||||
user.SetTwoFactorProviders(providers);
|
||||
|
||||
if(string.IsNullOrWhiteSpace(user.TwoFactorRecoveryCode))
|
||||
{
|
||||
user.TwoFactorRecoveryCode = CoreHelpers.SecureRandomString(32, upper: false, special: false);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user