From 0602c3eaf7c342739a7b8f3af5741b1f8564c138 Mon Sep 17 00:00:00 2001 From: Jared McCannon Date: Thu, 4 Dec 2025 14:24:44 -0600 Subject: [PATCH] changed request --- .../OrganizationUsers/AcceptOrgUserCommand.cs | 2 +- ...icallyConfirmOrganizationUsersValidator.cs | 6 ++-- .../AutoConfirmUser/Errors.cs | 1 + ...serConfirmationPolicyEnforcementRequest.cs | 23 +++++++------ ...rConfirmationPolicyEnforcementValidator.cs | 32 +++++++++++-------- ...rConfirmationPolicyEnforcementValidator.cs | 6 ++-- ...omaticUserConfirmationPolicyRequirement.cs | 3 -- 7 files changed, 37 insertions(+), 36 deletions(-) diff --git a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AcceptOrgUserCommand.cs b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AcceptOrgUserCommand.cs index e2ebb1657e..8b86a9945a 100644 --- a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AcceptOrgUserCommand.cs +++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AcceptOrgUserCommand.cs @@ -270,7 +270,7 @@ public class AcceptOrgUserCommand : IAcceptOrgUserCommand ICollection allOrgUsers, User user) { var error = (await _automaticUserConfirmationPolicyEnforcementValidator.IsCompliantAsync( - new AutomaticUserConfirmationPolicyEnforcementRequest(orgUser, allOrgUsers, user))) + new AutomaticUserConfirmationPolicyEnforcementRequest(orgUser.Id, allOrgUsers, user))) .Match( error => error.Message, _ => string.Empty diff --git a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUser/AutomaticallyConfirmOrganizationUsersValidator.cs b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUser/AutomaticallyConfirmOrganizationUsersValidator.cs index f4b3eefdbf..3153f2954e 100644 --- a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUser/AutomaticallyConfirmOrganizationUsersValidator.cs +++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUser/AutomaticallyConfirmOrganizationUsersValidator.cs @@ -82,10 +82,8 @@ public class AutomaticallyConfirmOrganizationUsersValidator( private async Task OrganizationUserIsProviderAsync(AutomaticallyConfirmOrganizationUserValidationRequest request) => (await providerUserRepository.GetManyByUserAsync(request.OrganizationUser!.UserId!.Value)).Count != 0; - private async Task OrganizationHasAutomaticallyConfirmUsersPolicyEnabledAsync( - AutomaticallyConfirmOrganizationUserValidationRequest request) => - await policyRepository.GetByOrganizationIdTypeAsync(request.OrganizationId, - PolicyType.AutomaticUserConfirmation) is { Enabled: true } + private async Task OrganizationHasAutomaticallyConfirmUsersPolicyEnabledAsync(AutomaticallyConfirmOrganizationUserValidationRequest request) => + await policyRepository.GetByOrganizationIdTypeAsync(request.OrganizationId, PolicyType.AutomaticUserConfirmation) is { Enabled: true } && request.Organization is { UseAutomaticUserConfirmation: true }; private async Task OrganizationUserConformsToTwoFactorRequiredPolicyAsync(AutomaticallyConfirmOrganizationUserValidationRequest request) diff --git a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUser/Errors.cs b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUser/Errors.cs index 06fd769beb..f8109f24b7 100644 --- a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUser/Errors.cs +++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUser/Errors.cs @@ -12,3 +12,4 @@ public record OrganizationEnforcesSingleOrgPolicy() : BadRequestError("Cannot co public record OtherOrganizationEnforcesSingleOrgPolicy() : BadRequestError("Cannot confirm this member to the organization because they are in another organization which forbids it."); public record AutomaticallyConfirmUsersPolicyIsNotEnabled() : BadRequestError("Cannot confirm this member because the Automatically Confirm Users policy is not enabled."); public record ProviderUsersCannotJoin() : BadRequestError("An organization the user is a part of has enabled Automatic User Confirmation policy and it does not support provider users joining."); +public record CurrentOrganizationUserIsNotPresentInRequest() : BadRequestError("The current organization user does not exist in the request."); diff --git a/src/Core/AdminConsole/OrganizationFeatures/Policies/Enforcement/AutoConfirm/AutomaticUserConfirmationPolicyEnforcementRequest.cs b/src/Core/AdminConsole/OrganizationFeatures/Policies/Enforcement/AutoConfirm/AutomaticUserConfirmationPolicyEnforcementRequest.cs index d8e7b64dcd..fefc326d17 100644 --- a/src/Core/AdminConsole/OrganizationFeatures/Policies/Enforcement/AutoConfirm/AutomaticUserConfirmationPolicyEnforcementRequest.cs +++ b/src/Core/AdminConsole/OrganizationFeatures/Policies/Enforcement/AutoConfirm/AutomaticUserConfirmationPolicyEnforcementRequest.cs @@ -8,14 +8,14 @@ namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies.Enforcement.AutoCo public record AutomaticUserConfirmationPolicyEnforcementRequest { /// - /// Organization user to be confirmed to be confirmed + /// Organization user to be validated /// - public OrganizationUser OrganizationUser { get; } + public Guid OrganizationUserId { get; } + /// - /// Collection of organization users that match the provided user. This must be populated with organizations users associated with the - /// organization user to confirm. + /// All organization users that match the provided user. /// - public IEnumerable OtherOrganizationsOrganizationUsers { get; } + public IEnumerable AllOrganizationUsers { get; } /// /// User associated with the organization user to be confirmed /// @@ -26,18 +26,17 @@ public record AutomaticUserConfirmationPolicyEnforcementRequest /// /// /// This record is used to encapsulate the data required for handling the automatic confirmation policy enforcement. - /// /// - /// The organization user to be validated within the current organization context. - /// THIS MUST BE POPULATED CORRECTLY. A collection of organization user records that match the provided user. + /// The organization user id to be validated. + /// All organization users that match the provided user. /// The general user associated with the operation. public AutomaticUserConfirmationPolicyEnforcementRequest( - OrganizationUser organizationUserToValidate, - IEnumerable organizationUsersForOtherOrganizations, + Guid organizationUserId, + IEnumerable organizationUsers, User user) { - OrganizationUser = organizationUserToValidate; - OtherOrganizationsOrganizationUsers = organizationUsersForOtherOrganizations; + OrganizationUserId = organizationUserId; + AllOrganizationUsers = organizationUsers; User = user; } } diff --git a/src/Core/AdminConsole/OrganizationFeatures/Policies/Enforcement/AutoConfirm/AutomaticUserConfirmationPolicyEnforcementValidator.cs b/src/Core/AdminConsole/OrganizationFeatures/Policies/Enforcement/AutoConfirm/AutomaticUserConfirmationPolicyEnforcementValidator.cs index 3bc2cbd964..2c2ff0b838 100644 --- a/src/Core/AdminConsole/OrganizationFeatures/Policies/Enforcement/AutoConfirm/AutomaticUserConfirmationPolicyEnforcementValidator.cs +++ b/src/Core/AdminConsole/OrganizationFeatures/Policies/Enforcement/AutoConfirm/AutomaticUserConfirmationPolicyEnforcementValidator.cs @@ -1,12 +1,14 @@ using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.AutoConfirmUser; using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements; +using Bit.Core.AdminConsole.Repositories; using Bit.Core.AdminConsole.Utilities.v2.Validation; using static Bit.Core.AdminConsole.Utilities.v2.Validation.ValidationResultHelpers; namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies.Enforcement.AutoConfirm; public class AutomaticUserConfirmationPolicyEnforcementValidator( - IPolicyRequirementQuery policyRequirementQuery) + IPolicyRequirementQuery policyRequirementQuery, + IProviderUserRepository providerUserRepository) : IAutomaticUserConfirmationPolicyEnforcementValidator { public async Task> IsCompliantAsync( @@ -15,27 +17,31 @@ public class AutomaticUserConfirmationPolicyEnforcementValidator( var automaticUserConfirmationPolicyRequirement = await policyRequirementQuery .GetAsync(request.User.Id); - if (automaticUserConfirmationPolicyRequirement.IsEnabled(request.OrganizationUser.OrganizationId) - && OrganizationUserBelongsToAnotherOrganization(request)) + var currentOrganizationUser = request.AllOrganizationUsers + .FirstOrDefault(x => x.Id == request.OrganizationUserId); + + if (currentOrganizationUser is null) + { + return Invalid(request, new CurrentOrganizationUserIsNotPresentInRequest()); + } + + if (automaticUserConfirmationPolicyRequirement.IsEnabled(currentOrganizationUser.OrganizationId) + && automaticUserConfirmationPolicyRequirement.UserBelongsToOrganizationWithAutomaticUserConfirmationEnabled()) { return Invalid(request, new OrganizationEnforcesSingleOrgPolicy()); } - if (automaticUserConfirmationPolicyRequirement.IsEnabledAndUserIsAProvider(request.OrganizationUser.OrganizationId)) - { - return Invalid(request, new ProviderUsersCannotJoin()); - } - if (automaticUserConfirmationPolicyRequirement - .IsEnabledForOrganizationsOtherThan(request.OrganizationUser.OrganizationId)) + .IsEnabledForOrganizationsOtherThan(currentOrganizationUser.OrganizationId)) { return Invalid(request, new OtherOrganizationEnforcesSingleOrgPolicy()); } + if ((await providerUserRepository.GetManyByUserAsync(request.User.Id)).Count != 0) + { + return Invalid(request, new ProviderUsersCannotJoin()); + } + return Valid(request); } - - private static bool OrganizationUserBelongsToAnotherOrganization(AutomaticUserConfirmationPolicyEnforcementRequest request) => - request.OtherOrganizationsOrganizationUsers.Any(ou => - ou.OrganizationId != request.OrganizationUser.OrganizationId); } diff --git a/src/Core/AdminConsole/OrganizationFeatures/Policies/Enforcement/AutoConfirm/IAutomaticUserConfirmationPolicyEnforcementValidator.cs b/src/Core/AdminConsole/OrganizationFeatures/Policies/Enforcement/AutoConfirm/IAutomaticUserConfirmationPolicyEnforcementValidator.cs index b153775efe..7bc1664140 100644 --- a/src/Core/AdminConsole/OrganizationFeatures/Policies/Enforcement/AutoConfirm/IAutomaticUserConfirmationPolicyEnforcementValidator.cs +++ b/src/Core/AdminConsole/OrganizationFeatures/Policies/Enforcement/AutoConfirm/IAutomaticUserConfirmationPolicyEnforcementValidator.cs @@ -15,9 +15,9 @@ public interface IAutomaticUserConfirmationPolicyEnforcementValidator /// /// Checks if the given user is compliant with the Automatic User Confirmation policy. /// - /// To be compliant a user must - /// - not be a provider - /// - not be a member of another organization (similar to Single Organization Policy) + /// To be compliant, a user must + /// - not be a member of a provider + /// - not be a member of another organization /// /// /// diff --git a/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/AutomaticUserConfirmationPolicyRequirement.cs b/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/AutomaticUserConfirmationPolicyRequirement.cs index 969ab1b781..84a9806260 100644 --- a/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/AutomaticUserConfirmationPolicyRequirement.cs +++ b/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/AutomaticUserConfirmationPolicyRequirement.cs @@ -25,9 +25,6 @@ public class AutomaticUserConfirmationPolicyRequirement(IEnumerable policyDetails.Any(p => p.OrganizationId == organizationId); - public bool IsEnabledAndUserIsAProvider(Guid organizationId) => - policyDetails.Any(p => p.OrganizationId == organizationId && p.IsProvider); - public bool IsEnabledForOrganizationsOtherThan(Guid organizationId) => policyDetails.Any(p => p.OrganizationId != organizationId); }