Added OrgIdentifer to SetPasswordAsync // Added jit user two factor provider (#1009)

2024-11-22 12:15:36 +01:00 · 2020-11-22 08:46:44 -06:00 · 2020-11-22 08:46:44 -06:00 · f311f40d93
commit f311f40d93
parent 58eb0510ca
2 changed files with 22 additions and 1 deletions
--- a/bitwarden_license/src/Sso/Controllers/AccountController.cs
+++ b/bitwarden_license/src/Sso/Controllers/AccountController.cs
@ -20,6 +20,7 @@ using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
+using Bit.Core.Models;
 using Bit.Core.Models.Api;
 using Bit.Core.Utilities;

@ -37,6 +38,7 @@ namespace Bit.Sso.Controllers
        private readonly ISsoConfigRepository _ssoConfigRepository;
        private readonly ISsoUserRepository _ssoUserRepository;
        private readonly IUserRepository _userRepository;
+        private readonly IPolicyRepository _policyRepository;
        private readonly IUserService _userService;
        private readonly II18nService _i18nService;
        private readonly UserManager<User> _userManager;
@ -51,6 +53,7 @@ namespace Bit.Sso.Controllers
            ISsoConfigRepository ssoConfigRepository,
            ISsoUserRepository ssoUserRepository,
            IUserRepository userRepository,
+            IPolicyRepository policyRepository,
            IUserService userService,
            II18nService i18nService,
            UserManager<User> userManager)
@ -64,6 +67,7 @@ namespace Bit.Sso.Controllers
            _userRepository = userRepository;
            _ssoConfigRepository = ssoConfigRepository;
            _ssoUserRepository = ssoUserRepository;
+            _policyRepository = policyRepository;
            _userService = userService;
            _i18nService = i18nService;
            _userManager = userManager;
@ -461,6 +465,22 @@ namespace Bit.Sso.Controllers

                if (orgId.HasValue)
                {
+                    // If the organization has 2fa policy enabled, make sure to default jit user 2fa to email
+                    var twoFactorPolicy =
+                        await _policyRepository.GetByOrganizationIdTypeAsync(orgId.Value, PolicyType.TwoFactorAuthentication);
+                    if (twoFactorPolicy != null && twoFactorPolicy.Enabled)
+                    {
+                        user.SetTwoFactorProviders(new Dictionary<TwoFactorProviderType, TwoFactorProvider>
+                        {
+
+                            [TwoFactorProviderType.Email] = new TwoFactorProvider
+                            {
+                                MetaData = new Dictionary<string, object> { ["Email"] = user.Email.ToLowerInvariant() },
+                                Enabled = true
+                            }
+                        });
+                        await _userService.UpdateTwoFactorProviderAsync(user, TwoFactorProviderType.Email);
+                    }
                    // Create organization user record
                    orgUser = new OrganizationUser
                    {
--- a/src/Api/Controllers/AccountsController.cs
+++ b/src/Api/Controllers/AccountsController.cs
@ -210,7 +210,8 @@ namespace Bit.Api.Controllers
                throw new UnauthorizedAccessException();
            }

-            var result = await _userService.SetPasswordAsync(model.ToUser(user), model.MasterPasswordHash, model.Key);
+            var result = await _userService.SetPasswordAsync(model.ToUser(user), model.MasterPasswordHash, model.Key, 
+                model.OrgIdentifier);
            if (result.Succeeded)
            {
                return;