[PM-3797 Part 5] Add reset password keys to key rotation (#3445)

* Add reset password validator with tests * add organization user rotation methods to repository - move organization user TVP helper to admin console ownership * rename account recovery to reset password * formatting * move registration of RotateUserKeyCommand to Core and make internal * add admin console ValidatorServiceCollectionExtensions
2025-12-16 08:13:33 +00:00 · 2023-12-14 15:05:19 -05:00
parent da0bf77a39
commit b77ee017e3
15 changed files with 372 additions and 42 deletions
--- a/src/Infrastructure.Dapper/AdminConsole/Repositories/OrganizationUserRepository.cs
+++ b/src/Infrastructure.Dapper/AdminConsole/Repositories/OrganizationUserRepository.cs
@@ -2,12 +2,14 @@
 using System.Text.Json;
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Enums;
+using Bit.Core.Auth.UserFeatures.UserKey;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Models.Data;
 using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 using Bit.Core.Repositories;
 using Bit.Core.Settings;
+using Bit.Infrastructure.Dapper.AdminConsole.Helpers;
 using Dapper;
 using Microsoft.Data.SqlClient;

@@ -520,4 +522,32 @@ public class OrganizationUserRepository : Repository<OrganizationUser, Guid>, IO
            return results.ToList();
        }
    }
+
+    /// <inheritdoc />
+    public UpdateEncryptedDataForKeyRotation UpdateForKeyRotation(
+        Guid userId, IEnumerable<OrganizationUser> resetPasswordKeys)
+    {
+        return async (SqlConnection connection, SqlTransaction transaction) =>
+        {
+            const string sql = @"
+                            UPDATE
+                                [dbo].[OrganizationUser]
+                            SET
+                                [ResetPasswordKey] = AR.[ResetPasswordKey]
+                            FROM
+                                [dbo].[OrganizationUser] OU
+                            INNER JOIN
+                                @ResetPasswordKeys AR ON OU.Id = AR.Id
+                            WHERE
+                                OU.[UserId] = @UserId";
+
+            var organizationUsersTVP = resetPasswordKeys.ToTvp();
+
+            await connection.ExecuteAsync(
+                sql,
+                new { UserId = userId, resetPasswordKeys = organizationUsersTVP },
+                transaction: transaction,
+                commandType: CommandType.Text);
+        };
+    }
 }