GitHub-Bitwarden
/
server
mirror of https://github.com/bitwarden/server.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Add check to ensure admins or owners arn't enrolled in key connector (#1725)

pull/1726/head
Oscar Hinton 4 years ago committed by GitHub
parent
2dc29e51d1
commit
6008715abc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 27 additions and 15 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 42
      src/Core/Services/Implementations/UserService.cs

42
src/Core/Services/Implementations/UserService.cs
Unescape View File

@ -639,15 +639,10 @@ namespace Bit.Core.Services
public async Task<IdentityResult> SetKeyConnectorKeyAsync(User user, string key, string orgIdentifier) public async Task<IdentityResult> SetKeyConnectorKeyAsync(User user, string key, string orgIdentifier)
{ {
if (user == null) var identityResult = CheckCanUseKeyConnector(user);
{ if (identityResult != null)
throw new ArgumentNullException(nameof(user));
}
if (user.UsesKeyConnector)
{ {
Logger.LogWarning("Already uses Key Connector."); return identityResult;
return IdentityResult.Failed(_identityErrorDescriber.UserAlreadyHasPassword());
} }
user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow; user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
@ -663,6 +658,24 @@ namespace Bit.Core.Services
} }
public async Task<IdentityResult> ConvertToKeyConnectorAsync(User user) public async Task<IdentityResult> ConvertToKeyConnectorAsync(User user)
{
var identityResult = CheckCanUseKeyConnector(user);
if (identityResult != null)
{
return identityResult;
}
user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
user.MasterPassword = null;
user.UsesKeyConnector = true;
await _userRepository.ReplaceAsync(user);
await _eventService.LogUserEventAsync(user.Id, EventType.User_MigratedKeyToKeyConnector);
return IdentityResult.Success;
}
private IdentityResult CheckCanUseKeyConnector(User user)
{ {
if (user == null) if (user == null)
{ {
@ -675,14 +688,13 @@ namespace Bit.Core.Services
return IdentityResult.Failed(_identityErrorDescriber.UserAlreadyHasPassword()); return IdentityResult.Failed(_identityErrorDescriber.UserAlreadyHasPassword());
} }
user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow; if (_currentContext.Organizations.Any(u =>
user.MasterPassword = null; u.Type is OrganizationUserType.Owner or OrganizationUserType.Admin))
user.UsesKeyConnector = true; {
throw new BadRequestException("Cannot use Key Connector when admin or owner of an organization.");
await _userRepository.ReplaceAsync(user); }
await _eventService.LogUserEventAsync(user.Id, EventType.User_MigratedKeyToKeyConnector);
return IdentityResult.Success; return null;
} }
public async Task<IdentityResult> AdminResetPasswordAsync(OrganizationUserType callingUserType, Guid orgId, Guid id, string newMasterPassword, string key) public async Task<IdentityResult> AdminResetPasswordAsync(OrganizationUserType callingUserType, Guid orgId, Guid id, string newMasterPassword, string key)

Write Preview
Loading…
Cancel
Save