[AC-1070] Add optional ForcePasswordResetReason to profile / state service

2026-01-09 20:13:18 +00:00 · 2023-03-07 13:29:19 -08:00
parent 721db0974d
commit d208bc82e5
4 changed files with 36 additions and 0 deletions
--- a/src/Core/Abstractions/IStateService.cs
+++ b/src/Core/Abstractions/IStateService.cs
@@ -134,6 +134,8 @@ namespace Bit.Core.Abstractions
        Task SetPushRegisteredTokenAsync(string value);
        Task<bool> GetUsesKeyConnectorAsync(string userId = null);
        Task SetUsesKeyConnectorAsync(bool? value, string userId = null);
+        Task<ForcePasswordResetReason?> GetForcePasswordResetReasonAsync(string userId = null);
+        Task SetForcePasswordResetReasonAsync(ForcePasswordResetReason? value, string userId = null);
        Task<Dictionary<string, OrganizationData>> GetOrganizationsAsync(string userId = null);
        Task SetOrganizationsAsync(Dictionary<string, OrganizationData> organizations, string userId = null);
        Task<PasswordGenerationOptions> GetPasswordGenerationOptionsAsync(string userId = null);
--- a/src/Core/Models/Domain/Account.cs
+++ b/src/Core/Models/Domain/Account.cs
@@ -52,6 +52,7 @@ namespace Bit.Core.Models.Domain
                EmailVerified = copy.EmailVerified;
                HasPremiumPersonally = copy.HasPremiumPersonally;
                AvatarColor = copy.AvatarColor;
+                ForcePasswordResetReason = copy.ForcePasswordResetReason;
            }

            public string UserId;
@@ -66,6 +67,7 @@ namespace Bit.Core.Models.Domain
            public int? KdfParallelism;
            public bool? EmailVerified;
            public bool? HasPremiumPersonally;
+            public ForcePasswordResetReason? ForcePasswordResetReason;
        }

        public class AccountTokens
--- a/src/Core/Models/Domain/ForcePasswordResetReason.cs
+++ b/src/Core/Models/Domain/ForcePasswordResetReason.cs
@@ -0,0 +1,16 @@
+namespace Bit.Core.Models.Domain
+{
+    public enum ForcePasswordResetReason
+    {
+        /// <summary>
+        /// Occurs when an organization admin forces a user to reset their password.
+        /// </summary>
+        AdminForcePasswordReset,
+        
+        /// <summary>
+        /// Occurs when a user logs in with a master password that does not meet an organization's master password
+        /// policy that is enforced on login.
+        /// </summary>
+        WeakMasterPasswordOnLogin
+    }
+}
--- a/src/Core/Services/StateService.cs
+++ b/src/Core/Services/StateService.cs
@@ -1040,6 +1040,22 @@ namespace Bit.Core.Services
            await SetValueAsync(Constants.UsesKeyConnectorKey(reconciledOptions.UserId), value, reconciledOptions);
        }

+        public async Task<ForcePasswordResetReason?> GetForcePasswordResetReasonAsync(string userId = null)
+        {
+            var reconcileOptions = ReconcileOptions(new StorageOptions { UserId = userId }, 
+                await GetDefaultStorageOptionsAsync());
+            return (await GetAccountAsync(reconcileOptions))?.Profile?.ForcePasswordResetReason;
+        }
+
+        public async Task SetForcePasswordResetReasonAsync(ForcePasswordResetReason? value, string userId = null)
+        {
+            var reconcileOptions = ReconcileOptions(new StorageOptions { UserId = userId },
+                await GetDefaultStorageOptionsAsync());
+            var account = await GetAccountAsync(reconcileOptions);
+            account.Profile.ForcePasswordResetReason = value;
+            await SaveAccountAsync(account, reconcileOptions);
+        }
+
        public async Task<Dictionary<string, OrganizationData>> GetOrganizationsAsync(string userId = null)
        {
            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },