[Reset Password v1] - Make auto enrollment required when enabled (#1412)

* [Reset Password v1] - Make auto enrollment required when enabled * Removed unnecessary imports
2024-11-22 12:15:36 +01:00 · 2021-07-08 10:48:43 -05:00 · 2021-07-08 10:48:43 -05:00 · be13eb153a
commit be13eb153a
parent feb3106f37
3 changed files with 14 additions and 3 deletions
--- a/bitwarden_license/src/Portal/Models/ResetPasswordDataModel.cs
+++ b/bitwarden_license/src/Portal/Models/ResetPasswordDataModel.cs
@ -1,6 +1,6 @@
 using System.ComponentModel.DataAnnotations;

-namespace Bit.Portal.Models
+namespace Bit.Core.Models.Data
 {
    public class ResetPasswordDataModel
    {
--- a/src/Core/Resources/SharedResources.en.resx
+++ b/src/Core/Resources/SharedResources.en.resx
@ -665,12 +665,12 @@
    <value>Automatic Enrollment</value>
  </data>
  <data name="ResetPasswordAutoEnrollDescription" xml:space="preserve">
-    <value>All users will be automatically enrolled in password reset once their invite is accepted.</value>
+    <value>All users will be automatically enrolled in password reset once their invite is accepted and will not be allowed to withdraw.</value>
  </data>
  <data name="ResetPasswordAutoEnrollWarning" xml:space="preserve">
    <value>Users already in the organization will not be retroactively enrolled in password reset. They will need to self-enroll before administrators can reset their master password.</value>
  </data>
  <data name="ResetPasswordAutoEnrollCheckbox" xml:space="preserve">
-    <value>Automatically enroll new users</value>
+    <value>Require new users to be enrolled automatically</value>
  </data>
 </root>
--- a/src/Core/Services/Implementations/OrganizationService.cs
+++ b/src/Core/Services/Implementations/OrganizationService.cs
@ -1728,6 +1728,17 @@ namespace Bit.Core.Services
                throw new BadRequestException("Organization does not have the password reset policy enabled.");
            }
            
+            // Block the user from withdrawal if auto enrollment is enabled
+            if (resetPasswordKey == null && resetPasswordPolicy.Data != null)
+            {
+                var data = JsonConvert.DeserializeObject<ResetPasswordDataModel>(resetPasswordPolicy.Data);
+
+                if (data?.AutoEnrollEnabled ?? false)
+                {
+                    throw new BadRequestException("Due to an Enterprise Policy, you are not allowed to withdraw from Password Reset.");
+                }
+            }
+            
            orgUser.ResetPasswordKey = resetPasswordKey;
            await _organizationUserRepository.ReplaceAsync(orgUser);
            await _eventService.LogOrganizationUserEventAsync(orgUser, resetPasswordKey != null ?