Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-01-15 20:41:35 +01:00
Code Issues Projects Releases Wiki Activity

email user whenever they're removed from org because of 2fa policy (#657)

Browse Source
This commit is contained in:
Kyle Spearrin 2020-02-27 09:30:04 -05:00 committed by GitHub
parent 153709fe3b
commit f54ebfdc75
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 63 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/Core/MailTemplates/Handlebars/OrganizationUserRemovedForPolicyTwoStep.html.hbs Normal file
View File

@ -0,0 +1,15 @@
{{#>FullHtmlLayout}}
<table width="100%" cellpadding="0" cellspacing="0" style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
<tr style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
<td class="content-block" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; padding: 0 0 10px; -webkit-text-size-adjust: none;" valign="top" align="left">
Your user account has been removed from the <b style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">{{OrganizationName}}</b> organization because you do not have two-step login configured. Before you can re-join this organization you need to set up two-step login on your user account.
</td>
</tr>
<tr style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
<td class="content-block last" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; padding: 0; -webkit-text-size-adjust: none;" valign="top" align="left">
Learn how to enable two-step login on your user account at
<a target="_blank" href="https://help.bitwarden.com/article/setup-two-step-login/" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #3c8dbc; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; text-decoration: underline;">https://help.bitwarden.com/article/setup-two-step-login/</a>
</td>
</tr>
</table>
{{/FullHtmlLayout}}

7
src/Core/MailTemplates/Handlebars/OrganizationUserRemovedForPolicyTwoStep.text.hbs Normal file
View File

@ -0,0 +1,7 @@
{{#>BasicTextLayout}}
Your user account has been removed from the {{OrganizationName}} organization because you do not have two-step login
configured. Before you can re-join this organization you need to set up two-step login on your user account.
Learn how to enable two-step login on your user account at
<https://help.bitwarden.com/article/setup-two-step-login/>
{{/BasicTextLayout}}

7
src/Core/Models/Mail/OrganizationUserRemovedForPolicyTwoStepViewModel.cs Normal file
View File

@ -0,0 +1,7 @@
namespace Bit.Core.Models.Mail
{
public class OrganizationUserRemovedForPolicyTwoStepViewModel : BaseMailModel
{
public string OrganizationName { get; set; }
}
}

1
src/Core/Services/IMailService.cs
View File

@ -19,6 +19,7 @@ namespace Bit.Core.Services
Task SendOrganizationAcceptedEmailAsync(string organizationName, string userEmail, Task SendOrganizationAcceptedEmailAsync(string organizationName, string userEmail,
IEnumerable<string> adminEmails); IEnumerable<string> adminEmails);
Task SendOrganizationConfirmedEmailAsync(string organizationName, string email); Task SendOrganizationConfirmedEmailAsync(string organizationName, string email);
Task SendOrganizationUserRemovedForPolicyTwoStepEmailAsync(string organizationName, string email);
Task SendPasswordlessSignInAsync(string returnUrl, string token, string email); Task SendPasswordlessSignInAsync(string returnUrl, string token, string email);
Task SendInvoiceUpcomingAsync(string email, decimal amount, DateTime dueDate, List<string> items, Task SendInvoiceUpcomingAsync(string email, decimal amount, DateTime dueDate, List<string> items,
bool mentionInvoices); bool mentionInvoices);

14
src/Core/Services/Implementations/HandlebarsMailService.cs
View File

@ -186,6 +186,20 @@ namespace Bit.Core.Services
await _mailDeliveryService.SendEmailAsync(message); await _mailDeliveryService.SendEmailAsync(message);
} }
public async Task SendOrganizationUserRemovedForPolicyTwoStepEmailAsync(string organizationName, string email)
{
var message = CreateDefaultMessage($"You have been removed from {organizationName}", email);
var model = new OrganizationUserRemovedForPolicyTwoStepViewModel
{
OrganizationName = CoreHelpers.SanitizeForEmail(organizationName),
WebVaultUrl = _globalSettings.BaseServiceUri.VaultWithHash,
SiteName = _globalSettings.SiteName
};
await AddMessageContentAsync(message, "OrganizationUserRemovedForPolicyTwoStep", model);
message.Category = "OrganizationUserRemovedForPolicyTwoStep";
await _mailDeliveryService.SendEmailAsync(message);
}
public async Task SendWelcomeEmailAsync(User user) public async Task SendWelcomeEmailAsync(User user)
{ {
var message = CreateDefaultMessage("Welcome", user.Email); var message = CreateDefaultMessage("Welcome", user.Email);

12
src/Core/Services/Implementations/PolicyService.cs
View File

@ -13,17 +13,20 @@ namespace Bit.Core.Services
private readonly IOrganizationRepository _organizationRepository; private readonly IOrganizationRepository _organizationRepository;
private readonly IOrganizationUserRepository _organizationUserRepository; private readonly IOrganizationUserRepository _organizationUserRepository;
private readonly IPolicyRepository _policyRepository; private readonly IPolicyRepository _policyRepository;
private readonly IMailService _mailService;
public PolicyService( public PolicyService(
IEventService eventService, IEventService eventService,
IOrganizationRepository organizationRepository, IOrganizationRepository organizationRepository,
IOrganizationUserRepository organizationUserRepository, IOrganizationUserRepository organizationUserRepository,
IPolicyRepository policyRepository) IPolicyRepository policyRepository,
IMailService mailService)
{ {
_eventService = eventService; _eventService = eventService;
_organizationRepository = organizationRepository; _organizationRepository = organizationRepository;
_organizationUserRepository = organizationUserRepository; _organizationUserRepository = organizationUserRepository;
_policyRepository = policyRepository; _policyRepository = policyRepository;
_mailService = mailService;
} }
public async Task SaveAsync(Policy policy, IUserService userService, IOrganizationService organizationService, public async Task SaveAsync(Policy policy, IUserService userService, IOrganizationService organizationService,
@ -52,6 +55,7 @@ namespace Bit.Core.Services
{ {
if(currentPolicy.Type == Enums.PolicyType.TwoFactorAuthentication) if(currentPolicy.Type == Enums.PolicyType.TwoFactorAuthentication)
{ {
Organization organization = null;
var orgUsers = await _organizationUserRepository.GetManyDetailsByOrganizationAsync( var orgUsers = await _organizationUserRepository.GetManyDetailsByOrganizationAsync(
policy.OrganizationId); policy.OrganizationId);
foreach(var orgUser in orgUsers.Where(ou => foreach(var orgUser in orgUsers.Where(ou =>
@ -60,8 +64,14 @@ namespace Bit.Core.Services
{ {
if(orgUser.UserId != savingUserId && !await userService.TwoFactorIsEnabledAsync(orgUser)) if(orgUser.UserId != savingUserId && !await userService.TwoFactorIsEnabledAsync(orgUser))
{ {
if(organization == null)
{
organization = await _organizationRepository.GetByIdAsync(policy.OrganizationId);
}
await organizationService.DeleteUserAsync(policy.OrganizationId, orgUser.Id, await organizationService.DeleteUserAsync(policy.OrganizationId, orgUser.Id,
savingUserId); savingUserId);
await _mailService.SendOrganizationUserRemovedForPolicyTwoStepEmailAsync(
organization.Name, orgUser.Email);
} }
} }
} }

3
src/Core/Services/Implementations/UserService.cs
View File

@ -669,6 +669,9 @@ namespace Bit.Core.Services
if(!ownerOrgs.Contains(policy.OrganizationId)) if(!ownerOrgs.Contains(policy.OrganizationId))
{ {
await organizationService.DeleteUserAsync(policy.OrganizationId, user.Id); await organizationService.DeleteUserAsync(policy.OrganizationId, user.Id);
var organization = await _organizationRepository.GetByIdAsync(policy.OrganizationId);
await _mailService.SendOrganizationUserRemovedForPolicyTwoStepEmailAsync(
organization.Name, user.Email);
} }
} }
} }

5
src/Core/Services/NoopImplementations/NoopMailService.cs
View File

@ -47,6 +47,11 @@ namespace Bit.Core.Services
return Task.FromResult(0); return Task.FromResult(0);
} }
public Task SendOrganizationUserRemovedForPolicyTwoStepEmailAsync(string organizationName, string email)
{
return Task.FromResult(0);
}
public Task SendTwoFactorEmailAsync(string email, string token) public Task SendTwoFactorEmailAsync(string email, string token)
{ {
return Task.FromResult(0); return Task.FromResult(0);