[AC-1585] Automatically verify managed members on an organization with a verified domain (#3207)

2 years ago · e679d3127a
3 changed files with 55 additions and 6 deletions
--- a/bitwarden_license/src/Sso/Controllers/AccountController.cs
+++ b/bitwarden_license/src/Sso/Controllers/AccountController.cs
@ -47,6 +47,7 @@ public class AccountController : Controller
				@@ -47,6 +47,7 @@ public class AccountController : Controller
    private readonly IGlobalSettings _globalSettings;
    private readonly Core.Services.IEventService _eventService;
    private readonly IDataProtectorTokenFactory<SsoTokenable> _dataProtector;
+    private readonly IOrganizationDomainRepository _organizationDomainRepository;

    public AccountController(
        IAuthenticationSchemeProvider schemeProvider,
@ -65,7 +66,8 @@ public class AccountController : Controller
				@@ -65,7 +66,8 @@ public class AccountController : Controller
        UserManager<User> userManager,
        IGlobalSettings globalSettings,
        Core.Services.IEventService eventService,
-        IDataProtectorTokenFactory<SsoTokenable> dataProtector)
+        IDataProtectorTokenFactory<SsoTokenable> dataProtector,
+        IOrganizationDomainRepository organizationDomainRepository)
    {
        _schemeProvider = schemeProvider;
        _clientStore = clientStore;
@ -84,6 +86,7 @@ public class AccountController : Controller
				@@ -84,6 +86,7 @@ public class AccountController : Controller
        _eventService = eventService;
        _globalSettings = globalSettings;
        _dataProtector = dataProtector;
+        _organizationDomainRepository = organizationDomainRepository;
    }

    [HttpGet]
@ -513,11 +516,21 @@ public class AccountController : Controller
				@@ -513,11 +516,21 @@ public class AccountController : Controller
            }
        }

+        // If the email domain is verified, we can mark the email as verified
+        var emailVerified = false;
+        var emailDomain = CoreHelpers.GetEmailDomain(email);
+        if (!string.IsNullOrWhiteSpace(emailDomain))
+        {
+            var organizationDomain = await _organizationDomainRepository.GetDomainByOrgIdAndDomainNameAsync(orgId, emailDomain);
+            emailVerified = organizationDomain?.VerifiedDate.HasValue ?? false;
+        }
+
        // Create user record - all existing user flows are handled above
        var user = new User
        {
            Name = name,
            Email = email,
+            EmailVerified = emailVerified,
            ApiKey = CoreHelpers.SecureRandomString(30)
        };
        await _userService.RegisterUserAsync(user);
--- a/src/Core/Utilities/CoreHelpers.cs
+++ b/src/Core/Utilities/CoreHelpers.cs
@ -50,20 +50,20 @@ public static class CoreHelpers
				@@ -50,20 +50,20 @@ public static class CoreHelpers
    {
        var guidArray = startingGuid.ToByteArray();

-        // Get the days and milliseconds which will be used to build the byte string 
+        // Get the days and milliseconds which will be used to build the byte string
        var days = new TimeSpan(time.Ticks - _baseDateTicks);
        var msecs = time.TimeOfDay;

-        // Convert to a byte array 
-        // Note that SQL Server is accurate to 1/300th of a millisecond so we divide by 3.333333 
+        // Convert to a byte array
+        // Note that SQL Server is accurate to 1/300th of a millisecond so we divide by 3.333333
        var daysArray = BitConverter.GetBytes(days.Days);
        var msecsArray = BitConverter.GetBytes((long)(msecs.TotalMilliseconds / 3.333333));

-        // Reverse the bytes to match SQL Servers ordering 
+        // Reverse the bytes to match SQL Servers ordering
        Array.Reverse(daysArray);
        Array.Reverse(msecsArray);

-        // Copy the bytes into the guid 
+        // Copy the bytes into the guid
        Array.Copy(daysArray, daysArray.Length - 2, guidArray, guidArray.Length - 6, 2);
        Array.Copy(msecsArray, msecsArray.Length - 4, guidArray, guidArray.Length - 4, 4);

@ -817,4 +817,19 @@ public static class CoreHelpers
				@@ -817,4 +817,19 @@ public static class CoreHelpers
            .ToString();

    }
+
+    public static string GetEmailDomain(string email)
+    {
+        if (!string.IsNullOrWhiteSpace(email))
+        {
+            var emailParts = email.Split('@', StringSplitOptions.RemoveEmptyEntries);
+
+            if (emailParts.Length == 2)
+            {
+                return emailParts[1].Trim();
+            }
+        }
+
+        return null;
+    }
 }
--- a/test/Core.Test/Utilities/CoreHelpersTests.cs
+++ b/test/Core.Test/Utilities/CoreHelpersTests.cs
@ -416,4 +416,25 @@ public class CoreHelpersTests
				@@ -416,4 +416,25 @@ public class CoreHelpersTests
    {
        Assert.Equal(expected, CoreHelpers.ObfuscateEmail(input));
    }
+
+    [Theory]
+    [InlineData("user@example.com")]
+    [InlineData("user@example.com ")]
+    [InlineData("user.name@example.com")]
+    public void GetEmailDomain_Success(string email)
+    {
+        Assert.Equal("example.com", CoreHelpers.GetEmailDomain(email));
+    }
+
+    [Theory]
+    [InlineData("")]
+    [InlineData(null)]
+    [InlineData("userexample.com")]
+    [InlineData("user@")]
+    [InlineData("@example.com")]
+    [InlineData("user@ex@ample.com")]
+    public void GetEmailDomain_ReturnsNull(string wrongEmail)
+    {
+        Assert.Null(CoreHelpers.GetEmailDomain(wrongEmail));
+    }
 }