bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2026-02-25 00:52:57 +00:00
Code Issues Releases Wiki Activity

Validate loaded user's org matches pass-in organization when resetting password (#7019)

Browse Source
This commit is contained in:
sven-bitwarden
2026-02-20 15:58:50 -06:00
committed by GitHub
parent 414a6d037e
commit 993d3bc085
2 changed files with 67 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Api/AdminConsole/Controllers/OrganizationUsersController.cs
View File

@@ -227,7 +227,7 @@ public class OrganizationUsersController : BaseAdminConsoleController
public async Task<OrganizationUserResetPasswordDetailsResponseModel> GetResetPasswordDetails(Guid orgId, Guid id)
{
var organizationUser = await _organizationUserRepository.GetByIdAsync(id);
if (organizationUser is null || organizationUser.UserId is null)
if (organizationUser is null || organizationUser.OrganizationId != orgId || organizationUser.UserId is null)
{
throw new NotFoundException();
}