GitHub-Bitwarden
/
server
mirror of https://github.com/bitwarden/server.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Add check to ensure admins or owners arn't enrolled in key connector (#1725)

pull/1726/head
Oscar Hinton 4 years ago committed by GitHub
parent
2dc29e51d1
commit
6008715abc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 27 additions and 15 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 42
      src/Core/Services/Implementations/UserService.cs

42
src/Core/Services/Implementations/UserService.cs
Unescape View File

@ -639,15 +639,10 @@ namespace Bit.Core.Services @@ -639,15 +639,10 @@ namespace Bit.Core.Services
public async Task<IdentityResult> SetKeyConnectorKeyAsync(User user, string key, string orgIdentifier)
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
if (user.UsesKeyConnector)
var identityResult = CheckCanUseKeyConnector(user);
if (identityResult != null)
{
Logger.LogWarning("Already uses Key Connector.");
return IdentityResult.Failed(_identityErrorDescriber.UserAlreadyHasPassword());
return identityResult;
}
user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
@ -663,6 +658,24 @@ namespace Bit.Core.Services @@ -663,6 +658,24 @@ namespace Bit.Core.Services
}
public async Task<IdentityResult> ConvertToKeyConnectorAsync(User user)
{
var identityResult = CheckCanUseKeyConnector(user);
if (identityResult != null)
{
return identityResult;
}
user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
user.MasterPassword = null;
user.UsesKeyConnector = true;
await _userRepository.ReplaceAsync(user);
await _eventService.LogUserEventAsync(user.Id, EventType.User_MigratedKeyToKeyConnector);
return IdentityResult.Success;
}
private IdentityResult CheckCanUseKeyConnector(User user)
{
if (user == null)
{
@ -675,14 +688,13 @@ namespace Bit.Core.Services @@ -675,14 +688,13 @@ namespace Bit.Core.Services
return IdentityResult.Failed(_identityErrorDescriber.UserAlreadyHasPassword());
}
user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
user.MasterPassword = null;
user.UsesKeyConnector = true;
await _userRepository.ReplaceAsync(user);
await _eventService.LogUserEventAsync(user.Id, EventType.User_MigratedKeyToKeyConnector);
if (_currentContext.Organizations.Any(u =>
u.Type is OrganizationUserType.Owner or OrganizationUserType.Admin))
{
throw new BadRequestException("Cannot use Key Connector when admin or owner of an organization.");
}
return IdentityResult.Success;
return null;
}
public async Task<IdentityResult> AdminResetPasswordAsync(OrganizationUserType callingUserType, Guid orgId, Guid id, string newMasterPassword, string key)

Write Preview
Loading…
Cancel
Save