1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-25 12:45:18 +01:00

[Reset Password v1] - Make auto enrollment required when enabled (#1412)

* [Reset Password v1] - Make auto enrollment required when enabled

* Removed unnecessary imports
This commit is contained in:
Vincent Salucci 2021-07-08 10:48:43 -05:00 committed by GitHub
parent feb3106f37
commit be13eb153a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 14 additions and 3 deletions

View File

@ -1,6 +1,6 @@
using System.ComponentModel.DataAnnotations;
namespace Bit.Portal.Models
namespace Bit.Core.Models.Data
{
public class ResetPasswordDataModel
{

View File

@ -665,12 +665,12 @@
<value>Automatic Enrollment</value>
</data>
<data name="ResetPasswordAutoEnrollDescription" xml:space="preserve">
<value>All users will be automatically enrolled in password reset once their invite is accepted.</value>
<value>All users will be automatically enrolled in password reset once their invite is accepted and will not be allowed to withdraw.</value>
</data>
<data name="ResetPasswordAutoEnrollWarning" xml:space="preserve">
<value>Users already in the organization will not be retroactively enrolled in password reset. They will need to self-enroll before administrators can reset their master password.</value>
</data>
<data name="ResetPasswordAutoEnrollCheckbox" xml:space="preserve">
<value>Automatically enroll new users</value>
<value>Require new users to be enrolled automatically</value>
</data>
</root>

View File

@ -1728,6 +1728,17 @@ namespace Bit.Core.Services
throw new BadRequestException("Organization does not have the password reset policy enabled.");
}
// Block the user from withdrawal if auto enrollment is enabled
if (resetPasswordKey == null && resetPasswordPolicy.Data != null)
{
var data = JsonConvert.DeserializeObject<ResetPasswordDataModel>(resetPasswordPolicy.Data);
if (data?.AutoEnrollEnabled ?? false)
{
throw new BadRequestException("Due to an Enterprise Policy, you are not allowed to withdraw from Password Reset.");
}
}
orgUser.ResetPasswordKey = resetPasswordKey;
await _organizationUserRepository.ReplaceAsync(orgUser);
await _eventService.LogOrganizationUserEventAsync(orgUser, resetPasswordKey != null ?