Added sending emails to revoked non-compliant users.

2025-01-21 21:41:21 +01:00 · 2024-11-12 15:33:00 -06:00 · 2024-11-12 15:33:00 -06:00 · abbd4f5825
commit abbd4f5825
parent d64032c465
7 changed files with 47 additions and 2 deletions
--- a/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyValidators/SingleOrgPolicyValidator.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyValidators/SingleOrgPolicyValidator.cs
@ -94,7 +94,8 @@ public class SingleOrgPolicyValidator : IPolicyValidator
            var revocableUsers = removableOrgUsers.Where(nonCompliantUser => orgUsers.Any(orgUser =>
                nonCompliantUser.UserId == orgUser.UserId
                && nonCompliantUser.OrganizationId != org.Id
-                && nonCompliantUser.Status != OrganizationUserStatusType.Invited));
+                && nonCompliantUser.Status != OrganizationUserStatusType.Invited))
+                .ToList();

            var commandResult = await _revokeNonCompliantOrganizationUserCommand.RevokeNonCompliantOrganizationUsersAsync(
                new RevokeOrganizationUsers(organizationId, revocableUsers, new StandardUser(savingUserId ?? Guid.Empty, isOwner)));
@ -104,7 +105,8 @@ public class SingleOrgPolicyValidator : IPolicyValidator
                throw new BadRequestException(string.Join(", ", commandResult.ErrorMessages));
            }

-            // TODO send email
+            await Task.WhenAll(revocableUsers.Select(x =>
+                _mailService.SendOrganizationUserRevokedForPolicySingleOrgEmailAsync(org.DisplayName(), x.Email)));
        }
        else
        {
--- a/src/Core/MailTemplates/Handlebars/AdminConsole/OrganizationUserRevokedForSinglePolicyOrg.html.hbs
+++ b/src/Core/MailTemplates/Handlebars/AdminConsole/OrganizationUserRevokedForSinglePolicyOrg.html.hbs
@ -0,0 +1,14 @@
+{{#>FullHtmlLayout}}
+    <table width="100%" cellpadding="0" cellspacing="0" style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
+        <tr style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
+            <td class="content-block" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; padding: 0 0 10px; -webkit-text-size-adjust: none;" valign="top" align="left">
+                Your user account has been revoked from the <b style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">{{OrganizationName}}</b> organization because your account is part of multiple organizations. Before you can re-join {{OrganizationName}}, you must first leave all other organizations.
+            </td>
+        </tr>
+        <tr style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
+            <td class="content-block" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; padding: 0 0 10px; -webkit-text-size-adjust: none;" valign="top" align="left">
+                To leave an organization, first log into the <a href="https://vault.bitwarden.com/#/login">web app</a>, select the three dot menu next to the organization name, and select Leave.
+            </td>
+        </tr>
+    </table>
+{{/FullHtmlLayout}}
--- a/src/Core/MailTemplates/Handlebars/AdminConsole/OrganizationUserRevokedForSinglePolicyOrg.text.hbs
+++ b/src/Core/MailTemplates/Handlebars/AdminConsole/OrganizationUserRevokedForSinglePolicyOrg.text.hbs
@ -0,0 +1,5 @@
+{{#>BasicTextLayout}}
+Your user account has been revoked from the {{OrganizationName}} organization because your account is part of multiple organizations. Before you can rejoin {{OrganizationName}}, you must first leave all other organizations.
+
+To leave an organization, first log in the {{link "web app" "https://vault.bitwarden.com/#/login"}}, select the three dot menu next to the organization name, and select Leave.
+{{/BasicTextLayout}}
--- a/src/Core/Models/Mail/OrganizationUserRevokedForPolicySingleOrgViewModel.cs
+++ b/src/Core/Models/Mail/OrganizationUserRevokedForPolicySingleOrgViewModel.cs
@ -0,0 +1,6 @@
+namespace Bit.Core.Models.Mail;
+
+public class OrganizationUserRevokedForPolicySingleOrgViewModel : BaseMailModel
+{
+    public string OrganizationName { get; set; }
+}
--- a/src/Core/Services/IMailService.cs
+++ b/src/Core/Services/IMailService.cs
@ -35,6 +35,7 @@ public interface IMailService
    Task SendOrganizationAcceptedEmailAsync(Organization organization, string userIdentifier, IEnumerable<string> adminEmails, bool hasAccessSecretsManager = false);
    Task SendOrganizationConfirmedEmailAsync(string organizationName, string email, bool hasAccessSecretsManager = false);
    Task SendOrganizationUserRemovedForPolicyTwoStepEmailAsync(string organizationName, string email);
+    Task SendOrganizationUserRevokedForPolicySingleOrgEmailAsync(string organizationName, string email);
    Task SendPasswordlessSignInAsync(string returnUrl, string token, string email);
    Task SendInvoiceUpcoming(
        string email,
--- a/src/Core/Services/Implementations/HandlebarsMailService.cs
+++ b/src/Core/Services/Implementations/HandlebarsMailService.cs
@ -496,6 +496,20 @@ public class HandlebarsMailService : IMailService
        await _mailDeliveryService.SendEmailAsync(message);
    }

+    public async Task SendOrganizationUserRevokedForPolicySingleOrgEmailAsync(string organizationName, string email)
+    {
+        var message = CreateDefaultMessage($"You have been revoked from {organizationName}", email);
+        var model = new OrganizationUserRevokedForPolicySingleOrgViewModel
+        {
+            OrganizationName = CoreHelpers.SanitizeForEmail(organizationName, false),
+            WebVaultUrl = _globalSettings.BaseServiceUri.VaultWithHash,
+            SiteName = _globalSettings.SiteName
+        };
+        await AddMessageContentAsync(message, "OrganizationUserRevokedForPolicySingleOrg", model);
+        message.Category = "OrganizationUserRevokedForPolicySingleOrg";
+        await _mailDeliveryService.SendEmailAsync(message);
+    }
+
    public async Task SendEnqueuedMailMessageAsync(IMailQueueMessage queueMessage)
    {
        var message = CreateDefaultMessage(queueMessage.Subject, queueMessage.ToEmails);
--- a/src/Core/Services/NoopImplementations/NoopMailService.cs
+++ b/src/Core/Services/NoopImplementations/NoopMailService.cs
@ -79,6 +79,9 @@ public class NoopMailService : IMailService
        return Task.FromResult(0);
    }

+    public Task SendOrganizationUserRevokedForPolicySingleOrgEmailAsync(string organizationName, string email) =>
+        Task.CompletedTask;
+
    public Task SendTwoFactorEmailAsync(string email, string token)
    {
        return Task.FromResult(0);