1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-21 12:05:42 +01:00

[AC-108] Updated PolicyService to use IApplicationCacheService to determine if an organization uses policies

This commit is contained in:
Rui Tome 2023-08-09 12:48:03 +01:00
parent dd82b8a56f
commit b98b107c4b
No known key found for this signature in database
GPG Key ID: 526239D96A8EC066
7 changed files with 40 additions and 3 deletions

View File

@ -20,6 +20,7 @@ public class OrganizationAbility
UseScim = organization.UseScim;
UseResetPassword = organization.UseResetPassword;
UseCustomPermissions = organization.UseCustomPermissions;
UsePolicies = organization.UsePolicies;
}
public Guid Id { get; set; }
@ -33,4 +34,5 @@ public class OrganizationAbility
public bool UseScim { get; set; }
public bool UseResetPassword { get; set; }
public bool UseCustomPermissions { get; set; }
public bool UsePolicies { get; set; }
}

View File

@ -12,6 +12,7 @@ namespace Bit.Core.Services;
public class PolicyService : IPolicyService
{
private readonly IApplicationCacheService _applicationCacheService;
private readonly IEventService _eventService;
private readonly IOrganizationRepository _organizationRepository;
private readonly IOrganizationUserRepository _organizationUserRepository;
@ -23,6 +24,7 @@ public class PolicyService : IPolicyService
private IEnumerable<OrganizationUserPolicyDetails> _cachedOrganizationUserPolicyDetails;
public PolicyService(
IApplicationCacheService applicationCacheService,
IEventService eventService,
IOrganizationRepository organizationRepository,
IOrganizationUserRepository organizationUserRepository,
@ -31,6 +33,7 @@ public class PolicyService : IPolicyService
IMailService mailService,
GlobalSettings globalSettings)
{
_applicationCacheService = applicationCacheService;
_eventService = eventService;
_organizationRepository = organizationRepository;
_organizationUserRepository = organizationUserRepository;
@ -206,7 +209,9 @@ public class PolicyService : IPolicyService
}
var excludedUserTypes = GetUserTypesExcludedFromPolicy(policyType);
var orgAbilities = await _applicationCacheService.GetOrganizationAbilitiesAsync();
return _cachedOrganizationUserPolicyDetails.Where(o =>
(!orgAbilities.ContainsKey(o.OrganizationId) || orgAbilities[o.OrganizationId].Enabled && orgAbilities[o.OrganizationId].UsePolicies) &&
(policyType == null || o.PolicyType == policyType) &&
o.PolicyEnabled &&
!excludedUserTypes.Contains(o.OrganizationUserType) &&

View File

@ -87,7 +87,8 @@ public class OrganizationRepository : Repository<Core.Entities.Organization, Org
UseKeyConnector = e.UseKeyConnector,
UseResetPassword = e.UseResetPassword,
UseScim = e.UseScim,
UseCustomPermissions = e.UseCustomPermissions
UseCustomPermissions = e.UseCustomPermissions,
UsePolicies = e.UsePolicies
}).ToListAsync();
}
}

View File

@ -19,6 +19,7 @@ BEGIN
[UseKeyConnector],
[UseScim],
[UseResetPassword],
[UsePolicies],
[Enabled]
FROM
[dbo].[Organization]

View File

@ -367,7 +367,7 @@ public class IdentityServerSsoTests
RedirectUri = "https://localhost:8080/sso-connector.html",
RequestedScopes = new[] { "api", "offline_access" },
CodeChallenge = challenge.Sha256(),
CodeChallengeMethod = "plain", //
CodeChallengeMethod = "plain", //
Subject = null, // Temporarily set it to null
};
@ -397,6 +397,7 @@ public class IdentityServerSsoTests
var organization = await organizationRepository.CreateAsync(new Organization
{
Name = "Test Org",
UsePolicies = true
});
var organizationUserRepository = factory.Services.GetRequiredService<IOrganizationUserRepository>();

View File

@ -556,7 +556,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
var organizationUserRepository = _factory.Services.GetService<IOrganizationUserRepository>();
var policyRepository = _factory.Services.GetService<IPolicyRepository>();
var organization = new Bit.Core.Entities.Organization { Id = organizationId, Enabled = true, UseSso = ssoPolicyEnabled };
var organization = new Bit.Core.Entities.Organization { Id = organizationId, Enabled = true, UseSso = ssoPolicyEnabled, UsePolicies = true };
await organizationRepository.CreateAsync(organization);
var user = await userRepository.GetByEmailAsync(username);

View File

@ -0,0 +1,27 @@
CREATE OR ALTER PROCEDURE [dbo].[Organization_ReadAbilities]
AS
BEGIN
SET NOCOUNT ON
SELECT
[Id],
[UseEvents],
[Use2fa],
CASE
WHEN [Use2fa] = 1 AND [TwoFactorProviders] IS NOT NULL AND [TwoFactorProviders] != '{}' THEN
1
ELSE
0
END AS [Using2fa],
[UsersGetPremium],
[UseCustomPermissions],
[UseSso],
[UseKeyConnector],
[UseScim],
[UseResetPassword],
[UsePolicies],
[Enabled]
FROM
[dbo].[Organization]
END
GO