Allow MP policy check when registering via SSO (#1779)

* add endpoint to policies for invited users * convert serialization to use built in dotnet tool
2025-03-10 13:09:12 +01:00 · 2021-12-21 12:10:01 -05:00 · 2021-12-21 12:10:01 -05:00 · 8cbf1906ae
commit 8cbf1906ae
parent f51bdfe2e3
2 changed files with 28 additions and 2 deletions
--- a/src/Api/Controllers/PoliciesController.cs
+++ b/src/Api/Controllers/PoliciesController.cs
@ -106,6 +106,32 @@ namespace Bit.Api.Controllers
            return new ListResponseModel<PolicyResponseModel>(responses);
        }

+        [AllowAnonymous]
+        [HttpGet("invited-user")]
+        public async Task<ListResponseModel<PolicyResponseModel>> GetByInvitedUser(string orgId, [FromQuery] string userId)
+        {
+            var user = await _userService.GetUserByIdAsync(new Guid(userId));
+            if (user == null)
+            {
+                throw new UnauthorizedAccessException();
+            }
+            var orgIdGuid = new Guid(orgId);
+            var orgUsersByUserId = await _organizationUserRepository.GetManyByUserAsync(user.Id);
+            var orgUser = orgUsersByUserId.SingleOrDefault(u => u.OrganizationId == orgIdGuid);
+            if (orgUser == null)
+            {
+                throw new NotFoundException();
+            }
+            if (orgUser.Status != OrganizationUserStatusType.Invited)
+            {
+                throw new UnauthorizedAccessException();
+            }
+
+            var policies = await _policyRepository.GetManyByOrganizationIdAsync(orgIdGuid);
+            var responses = policies.Where(p => p.Enabled).Select(p => new PolicyResponseModel(p));
+            return new ListResponseModel<PolicyResponseModel>(responses);
+        }
+
        [HttpPut("{type}")]
        public async Task<PolicyResponseModel> Put(string orgId, int type, [FromBody] PolicyRequestModel model)
        {
--- a/src/Api/Models/Request/PolicyRequestModel.cs
+++ b/src/Api/Models/Request/PolicyRequestModel.cs
@ -1,9 +1,9 @@
 using System;
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
+using System.Text.Json;
 using Bit.Core.Enums;
 using Bit.Core.Models.Table;
-using Newtonsoft.Json;

 namespace Bit.Api.Models.Request
 {
@ -27,7 +27,7 @@ namespace Bit.Api.Models.Request
        public Policy ToPolicy(Policy existingPolicy)
        {
            existingPolicy.Enabled = Enabled.GetValueOrDefault();
-            existingPolicy.Data = Data != null ? JsonConvert.SerializeObject(Data) : null;
+            existingPolicy.Data = Data != null ? JsonSerializer.Serialize(Data) : null;
            return existingPolicy;
        }
    }