check to make sure user actually needs key update

2025-02-03 23:51:21 +01:00 · 2018-07-31 08:19:49 -04:00 · 2018-07-31 08:19:49 -04:00 · cf6334e37d
commit cf6334e37d
parent 6d22356caf
1 changed files with 6 additions and 1 deletions
--- a/src/Core/Services/Implementations/UserService.cs
+++ b/src/Core/Services/Implementations/UserService.cs
@ -215,7 +215,7 @@ namespace Bit.Core.Services
            var tokenValid = false;
            if(_globalSettings.DisableUserRegistration && !string.IsNullOrWhiteSpace(token) && orgUserId.HasValue)
            {
-                tokenValid = CoreHelpers.UserInviteTokenIsValid(_organizationServiceDataProtector, token, 
+                tokenValid = CoreHelpers.UserInviteTokenIsValid(_organizationServiceDataProtector, token,
                    user.Email, orgUserId.Value);
            }

@ -456,6 +456,11 @@ namespace Bit.Core.Services

            if(await CheckPasswordAsync(user, masterPassword))
            {
+                if(user.Key != null)
+                {
+                    throw new BadRequestException("User already has an updated encryption key.");
+                }
+
                user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
                user.SecurityStamp = Guid.NewGuid().ToString();
                user.Key = key;