From f311f40d9333442a727eb8b77f3859597de199da Mon Sep 17 00:00:00 2001 From: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com> Date: Sun, 22 Nov 2020 08:46:44 -0600 Subject: [PATCH] Added OrgIdentifer to SetPasswordAsync // Added jit user two factor provider (#1009) --- .../src/Sso/Controllers/AccountController.cs | 20 +++++++++++++++++++ src/Api/Controllers/AccountsController.cs | 3 ++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/bitwarden_license/src/Sso/Controllers/AccountController.cs b/bitwarden_license/src/Sso/Controllers/AccountController.cs index e145d3393..451b1260f 100644 --- a/bitwarden_license/src/Sso/Controllers/AccountController.cs +++ b/bitwarden_license/src/Sso/Controllers/AccountController.cs @@ -20,6 +20,7 @@ using System.Collections.Generic; using System.Linq; using System.Security.Claims; using System.Threading.Tasks; +using Bit.Core.Models; using Bit.Core.Models.Api; using Bit.Core.Utilities; @@ -37,6 +38,7 @@ namespace Bit.Sso.Controllers private readonly ISsoConfigRepository _ssoConfigRepository; private readonly ISsoUserRepository _ssoUserRepository; private readonly IUserRepository _userRepository; + private readonly IPolicyRepository _policyRepository; private readonly IUserService _userService; private readonly II18nService _i18nService; private readonly UserManager _userManager; @@ -51,6 +53,7 @@ namespace Bit.Sso.Controllers ISsoConfigRepository ssoConfigRepository, ISsoUserRepository ssoUserRepository, IUserRepository userRepository, + IPolicyRepository policyRepository, IUserService userService, II18nService i18nService, UserManager userManager) @@ -64,6 +67,7 @@ namespace Bit.Sso.Controllers _userRepository = userRepository; _ssoConfigRepository = ssoConfigRepository; _ssoUserRepository = ssoUserRepository; + _policyRepository = policyRepository; _userService = userService; _i18nService = i18nService; _userManager = userManager; @@ -461,6 +465,22 @@ namespace Bit.Sso.Controllers if (orgId.HasValue) { + // If the organization has 2fa policy enabled, make sure to default jit user 2fa to email + var twoFactorPolicy = + await _policyRepository.GetByOrganizationIdTypeAsync(orgId.Value, PolicyType.TwoFactorAuthentication); + if (twoFactorPolicy != null && twoFactorPolicy.Enabled) + { + user.SetTwoFactorProviders(new Dictionary + { + + [TwoFactorProviderType.Email] = new TwoFactorProvider + { + MetaData = new Dictionary { ["Email"] = user.Email.ToLowerInvariant() }, + Enabled = true + } + }); + await _userService.UpdateTwoFactorProviderAsync(user, TwoFactorProviderType.Email); + } // Create organization user record orgUser = new OrganizationUser { diff --git a/src/Api/Controllers/AccountsController.cs b/src/Api/Controllers/AccountsController.cs index 5d50881ca..9dd1dc659 100644 --- a/src/Api/Controllers/AccountsController.cs +++ b/src/Api/Controllers/AccountsController.cs @@ -210,7 +210,8 @@ namespace Bit.Api.Controllers throw new UnauthorizedAccessException(); } - var result = await _userService.SetPasswordAsync(model.ToUser(user), model.MasterPasswordHash, model.Key); + var result = await _userService.SetPasswordAsync(model.ToUser(user), model.MasterPasswordHash, model.Key, + model.OrgIdentifier); if (result.Succeeded) { return;