src/Core/Services/Implementations/PolicyService.cs

using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Exceptions;
using Bit.Core.Repositories;

namespace Bit.Core.Services;

public class PolicyService : IPolicyService
{
    private readonly IEventService _eventService;
    private readonly IOrganizationRepository _organizationRepository;
    private readonly IOrganizationUserRepository _organizationUserRepository;
    private readonly IPolicyRepository _policyRepository;
    private readonly ISsoConfigRepository _ssoConfigRepository;
    private readonly IMailService _mailService;

    public PolicyService(
        IEventService eventService,
        IOrganizationRepository organizationRepository,
        IOrganizationUserRepository organizationUserRepository,
        IPolicyRepository policyRepository,
        ISsoConfigRepository ssoConfigRepository,
        IMailService mailService)
    {
        _eventService = eventService;
        _organizationRepository = organizationRepository;
        _organizationUserRepository = organizationUserRepository;
        _policyRepository = policyRepository;
        _ssoConfigRepository = ssoConfigRepository;
        _mailService = mailService;
    }

    public async Task SaveAsync(Policy policy, IUserService userService, IOrganizationService organizationService,
        Guid? savingUserId)
    {
        var org = await _organizationRepository.GetByIdAsync(policy.OrganizationId);
        if (org == null)
        {
            throw new BadRequestException("Organization not found");
        }

        if (!org.UsePolicies)
        {
            throw new BadRequestException("This organization cannot use policies.");
        }

        // Handle dependent policy checks
        switch (policy.Type)
        {
            case PolicyType.SingleOrg:
                if (!policy.Enabled)
                {
                    await RequiredBySsoAsync(org);
                    await RequiredByVaultTimeoutAsync(org);
                    await RequiredByKeyConnectorAsync(org);
                }
                break;

            case PolicyType.RequireSso:
                if (policy.Enabled)
                {
                    await DependsOnSingleOrgAsync(org);
                }
                else
                {
                    await RequiredByKeyConnectorAsync(org);
                }
                break;

            case PolicyType.MaximumVaultTimeout:
                if (policy.Enabled)
                {
                    await DependsOnSingleOrgAsync(org);
                }
                break;
        }

        var now = DateTime.UtcNow;
        if (policy.Id == default(Guid))
        {
            policy.CreationDate = now;
        }

        if (policy.Enabled)
        {
            var currentPolicy = await _policyRepository.GetByIdAsync(policy.Id);
            if (!currentPolicy?.Enabled ?? true)
            {
                var orgUsers = await _organizationUserRepository.GetManyDetailsByOrganizationAsync(
                    policy.OrganizationId);
                var removableOrgUsers = orgUsers.Where(ou =>
                    ou.Status != Enums.OrganizationUserStatusType.Invited &&
                    ou.Type != Enums.OrganizationUserType.Owner && ou.Type != Enums.OrganizationUserType.Admin &&
                    ou.UserId != savingUserId);
                switch (policy.Type)
                {
                    case Enums.PolicyType.TwoFactorAuthentication:
                        foreach (var orgUser in removableOrgUsers)
                        {
                            if (!await userService.TwoFactorIsEnabledAsync(orgUser))
                            {
                                await organizationService.DeleteUserAsync(policy.OrganizationId, orgUser.Id,
                                    savingUserId);
                                await _mailService.SendOrganizationUserRemovedForPolicyTwoStepEmailAsync(
                                    org.Name, orgUser.Email);
                            }
                        }
                        break;
                    case Enums.PolicyType.SingleOrg:
                        var userOrgs = await _organizationUserRepository.GetManyByManyUsersAsync(
                                removableOrgUsers.Select(ou => ou.UserId.Value));
                        foreach (var orgUser in removableOrgUsers)
                        {
                            if (userOrgs.Any(ou => ou.UserId == orgUser.UserId
                                        && ou.OrganizationId != org.Id
                                        && ou.Status != OrganizationUserStatusType.Invited))
                            {
                                await organizationService.DeleteUserAsync(policy.OrganizationId, orgUser.Id,
                                    savingUserId);
                                await _mailService.SendOrganizationUserRemovedForPolicySingleOrgEmailAsync(
                                    org.Name, orgUser.Email);
                            }
                        }
                        break;
                    default:
                        break;
                }
            }
        }
        policy.RevisionDate = now;
        await _policyRepository.UpsertAsync(policy);
        await _eventService.LogPolicyEventAsync(policy, Enums.EventType.Policy_Updated);
    }

    private async Task DependsOnSingleOrgAsync(Organization org)
    {
        var singleOrg = await _policyRepository.GetByOrganizationIdTypeAsync(org.Id, PolicyType.SingleOrg);
        if (singleOrg?.Enabled != true)
        {
            throw new BadRequestException("Single Organization policy not enabled.");
        }
    }

    private async Task RequiredBySsoAsync(Organization org)
    {
        var requireSso = await _policyRepository.GetByOrganizationIdTypeAsync(org.Id, PolicyType.RequireSso);
        if (requireSso?.Enabled == true)
        {
            throw new BadRequestException("Single Sign-On Authentication policy is enabled.");
        }
    }

    private async Task RequiredByKeyConnectorAsync(Organization org)
    {

        var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(org.Id);
        if (ssoConfig?.GetData()?.KeyConnectorEnabled == true)
        {
            throw new BadRequestException("Key Connector is enabled.");
        }
    }

    private async Task RequiredByVaultTimeoutAsync(Organization org)
    {
        var vaultTimeout = await _policyRepository.GetByOrganizationIdTypeAsync(org.Id, PolicyType.MaximumVaultTimeout);
        if (vaultTimeout?.Enabled == true)
        {
            throw new BadRequestException("Maximum Vault Timeout policy is enabled.");
        }
    }
}
-												Turn On `ImplicitUsings` (#2079)

* Turn on ImplicitUsings

* Fix formatting

* Run linter
											
										
										
											2022-06-29 19:46:41 -04:00
+								using Bit.Core.Entities;
-												Only org policy (#962)

* added OnlyOrg to PolicyType enum

* blocked accepting new org invitations if OnlyOrg is relevant to the userOrg

* blocked creating new orgs if already in an org with OnlyOrg enabled

* created email alert for OnlyOrg policy

* removed users & sent alerts when appropriate for the OnlyOrg policy

* added method to noop mail service

* cleanup for OnlyOrg policy server logic

* blocked confirming new org users if they have violated the OnlyOrg policy since accepting

* added localization strings needed for the OnlyOrg policy

* allowed OnlyOrg policy configuration from the portal

* used correct localization key for onlyorg

* formatting and messaging changes for OnlyOrg

* formatting

* messaging change

* code review changes for onlyorg

* slimmed down a conditional

* optimized getting many orgUser records from many userIds

* removed a test file

* sql formatting

* weirdness

* trying to resolve git diff formatting issues
											
										
										
											2020-10-20 02:48:10 -04:00
+								using Bit.Core.Enums;
-												policy service

											
										
										
											2020-01-15 09:19:28 -05:00
+								using Bit.Core.Exceptions;
 								using Bit.Core.Repositories;
 								namespace Bit.Core.Services;
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
-												policy service

											
										
										
											2020-01-15 09:19:28 -05:00
+								public class PolicyService : IPolicyService
 								{
 								    private readonly IEventService _eventService;
 								    private readonly IOrganizationRepository _organizationRepository;
 								    private readonly IOrganizationUserRepository _organizationUserRepository;
 								    private readonly IPolicyRepository _policyRepository;
 								    private readonly ISsoConfigRepository _ssoConfigRepository;
-												email user whenever they're removed from org because of 2fa policy (#657)


											
										
										
											2020-02-27 09:30:04 -05:00
+								    private readonly IMailService _mailService;
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
-												policy service

											
										
										
											2020-01-15 09:19:28 -05:00
+								    public PolicyService(
 								        IEventService eventService,
 								        IOrganizationRepository organizationRepository,
 								        IOrganizationUserRepository organizationUserRepository,
-												email user whenever they're removed from org because of 2fa policy (#657)


											
										
										
											2020-02-27 09:30:04 -05:00
+								        IPolicyRepository policyRepository,
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								        ISsoConfigRepository ssoConfigRepository,
-												email user whenever they're removed from org because of 2fa policy (#657)


											
										
										
											2020-02-27 09:30:04 -05:00
+								        IMailService mailService)
-												policy service

											
										
										
											2020-01-15 09:19:28 -05:00
+								    {
 								        _eventService = eventService;
 								        _organizationRepository = organizationRepository;
 								        _organizationUserRepository = organizationUserRepository;
 								        _policyRepository = policyRepository;
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								        _ssoConfigRepository = ssoConfigRepository;
-												email user whenever they're removed from org because of 2fa policy (#657)


											
										
										
											2020-02-27 09:30:04 -05:00
+								        _mailService = mailService;
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								    }
-												policy service

											
										
										
											2020-01-15 09:19:28 -05:00
 								    public async Task SaveAsync(Policy policy, IUserService userService, IOrganizationService organizationService,
-												Enforce 2fa policy (#654)


											
										
										
											2020-02-19 14:56:16 -05:00
+								        Guid? savingUserId)
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								    {
-												email user whenever they're removed from org because of 2fa policy (#657)


											
										
										
											2020-02-27 09:30:04 -05:00
+								        var org = await _organizationRepository.GetByIdAsync(policy.OrganizationId);
 								        if (org == null)
-												policy service

											
										
										
											2020-01-15 09:19:28 -05:00
+								        {
 								            throw new BadRequestException("Organization not found");
 								        }
-												Enforce 2fa policy (#654)


											
										
										
											2020-02-19 14:56:16 -05:00
+								        if (!org.UsePolicies)
-												policy service

											
										
										
											2020-01-15 09:19:28 -05:00
+								        {
 								            throw new BadRequestException("This organization cannot use policies.");
 								        }
-												Run dotnet format (#1764)


											
										
										
											2021-12-16 15:35:09 +01:00
-												[Require SSO] Added service layer dependent policy check (#977)

* Added service layer dependent policy check

* Updated to SingleOrg
											
										
										
											2020-10-27 14:08:19 -05:00
+								        // Handle dependent policy checks
 								        switch (policy.Type)
 								        {
-												Initial commit of SingleOrg downstream policy checks (#1038)


											
										
										
											2020-12-16 16:02:54 -06:00
+								            case PolicyType.SingleOrg:
 								                if (!policy.Enabled)
 								                {
-												[Key Connector] Fix policy checks and other pre-reqs (#1711)

* Require SSO Policy to enable Key Connector

* Require that SSO is enabled to use Key Connector

* Fix error messages

"Key Connector" instead of "KeyConnector"

* Refactor dependent policy checks to handle expansion

* Block disabling Sso Policy if using Key Connector

* Update tests for policies required by Key Connector

* Fix tests

* Add test for Key Connector to require Sso Policy

* Add test: Sso config must be enabled to use Key Connector
											
										
										
											2021-11-15 19:25:10 +10:00
+								                    await RequiredBySsoAsync(org);
 								                    await RequiredByVaultTimeoutAsync(org);
 								                    await RequiredByKeyConnectorAsync(org);
-												Initial commit of SingleOrg downstream policy checks (#1038)


											
										
										
											2020-12-16 16:02:54 -06:00
+								                }
 								                break;
-												Run dotnet format (#1764)


											
										
										
											2021-12-16 15:35:09 +01:00
-												[Require SSO] Added service layer dependent policy check (#977)

* Added service layer dependent policy check

* Updated to SingleOrg
											
										
										
											2020-10-27 14:08:19 -05:00
+								            case PolicyType.RequireSso:
-												[Key Connector] Fix policy checks and other pre-reqs (#1711)

* Require SSO Policy to enable Key Connector

* Require that SSO is enabled to use Key Connector

* Fix error messages

"Key Connector" instead of "KeyConnector"

* Refactor dependent policy checks to handle expansion

* Block disabling Sso Policy if using Key Connector

* Update tests for policies required by Key Connector

* Fix tests

* Add test for Key Connector to require Sso Policy

* Add test: Sso config must be enabled to use Key Connector
											
										
										
											2021-11-15 19:25:10 +10:00
+								                if (policy.Enabled)
 								                {
 								                    await DependsOnSingleOrgAsync(org);
 								                }
 								                else
 								                {
 								                    await RequiredByKeyConnectorAsync(org);
 								                }
 								                break;
-												Add checks for vault timeout policy (#1694)


											
										
										
											2021-11-08 14:37:40 +01:00
+								            case PolicyType.MaximumVaultTimeout:
-												[Require SSO] Added service layer dependent policy check (#977)

* Added service layer dependent policy check

* Updated to SingleOrg
											
										
										
											2020-10-27 14:08:19 -05:00
+								                if (policy.Enabled)
 								                {
-												[Key Connector] Fix policy checks and other pre-reqs (#1711)

* Require SSO Policy to enable Key Connector

* Require that SSO is enabled to use Key Connector

* Fix error messages

"Key Connector" instead of "KeyConnector"

* Refactor dependent policy checks to handle expansion

* Block disabling Sso Policy if using Key Connector

* Update tests for policies required by Key Connector

* Fix tests

* Add test for Key Connector to require Sso Policy

* Add test: Sso config must be enabled to use Key Connector
											
										
										
											2021-11-15 19:25:10 +10:00
+								                    await DependsOnSingleOrgAsync(org);
-												[Require SSO] Added service layer dependent policy check (#977)

* Added service layer dependent policy check

* Updated to SingleOrg
											
										
										
											2020-10-27 14:08:19 -05:00
+								                }
 								                break;
 								        }
-												policy service

											
										
										
											2020-01-15 09:19:28 -05:00
-												only 1 policy event

											
										
										
											2020-01-20 09:02:41 -05:00
+								        var now = DateTime.UtcNow;
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								        if (policy.Id == default(Guid))
-												policy service

											
										
										
											2020-01-15 09:19:28 -05:00
+								        {
-												only 1 policy event

											
										
										
											2020-01-20 09:02:41 -05:00
+								            policy.CreationDate = now;
-												policy service

											
										
										
											2020-01-15 09:19:28 -05:00
+								        }
-												Remove noncompliant users for new policies (#1951)


											
										
										
											2022-04-22 08:13:02 +10:00
 								        if (policy.Enabled)
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								        {
-												Enforce 2fa policy (#654)


											
										
										
											2020-02-19 14:56:16 -05:00
+								            var currentPolicy = await _policyRepository.GetByIdAsync(policy.Id);
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            if (!currentPolicy?.Enabled ?? true)
-												Enforce 2fa policy (#654)


											
										
										
											2020-02-19 14:56:16 -05:00
+								            {
 								                var orgUsers = await _organizationUserRepository.GetManyDetailsByOrganizationAsync(
 								                    policy.OrganizationId);
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                var removableOrgUsers = orgUsers.Where(ou =>
 								                    ou.Status != Enums.OrganizationUserStatusType.Invited &&
 								                    ou.Type != Enums.OrganizationUserType.Owner && ou.Type != Enums.OrganizationUserType.Admin &&
-												[Exemption] Updated policy messages (#984)

* Updated messages // added exemption message // added callout

* updated strings - futureproofing
											
										
										
											2020-11-10 09:53:44 -06:00
+								                    ou.UserId != savingUserId);
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                switch (policy.Type)
-												Enforce 2fa policy (#654)


											
										
										
											2020-02-19 14:56:16 -05:00
+								                {
-												Only org policy (#962)

* added OnlyOrg to PolicyType enum

* blocked accepting new org invitations if OnlyOrg is relevant to the userOrg

* blocked creating new orgs if already in an org with OnlyOrg enabled

* created email alert for OnlyOrg policy

* removed users & sent alerts when appropriate for the OnlyOrg policy

* added method to noop mail service

* cleanup for OnlyOrg policy server logic

* blocked confirming new org users if they have violated the OnlyOrg policy since accepting

* added localization strings needed for the OnlyOrg policy

* allowed OnlyOrg policy configuration from the portal

* used correct localization key for onlyorg

* formatting and messaging changes for OnlyOrg

* formatting

* messaging change

* code review changes for onlyorg

* slimmed down a conditional

* optimized getting many orgUser records from many userIds

* removed a test file

* sql formatting

* weirdness

* trying to resolve git diff formatting issues
											
										
										
											2020-10-20 02:48:10 -04:00
+								                    case Enums.PolicyType.TwoFactorAuthentication:
 								                        foreach (var orgUser in removableOrgUsers)
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								                        {
-												Only org policy (#962)

* added OnlyOrg to PolicyType enum

* blocked accepting new org invitations if OnlyOrg is relevant to the userOrg

* blocked creating new orgs if already in an org with OnlyOrg enabled

* created email alert for OnlyOrg policy

* removed users & sent alerts when appropriate for the OnlyOrg policy

* added method to noop mail service

* cleanup for OnlyOrg policy server logic

* blocked confirming new org users if they have violated the OnlyOrg policy since accepting

* added localization strings needed for the OnlyOrg policy

* allowed OnlyOrg policy configuration from the portal

* used correct localization key for onlyorg

* formatting and messaging changes for OnlyOrg

* formatting

* messaging change

* code review changes for onlyorg

* slimmed down a conditional

* optimized getting many orgUser records from many userIds

* removed a test file

* sql formatting

* weirdness

* trying to resolve git diff formatting issues
											
										
										
											2020-10-20 02:48:10 -04:00
+								                            if (!await userService.TwoFactorIsEnabledAsync(orgUser))
-												Enforce 2fa policy (#654)


											
										
										
											2020-02-19 14:56:16 -05:00
+								                            {
-												Only org policy (#962)

* added OnlyOrg to PolicyType enum

* blocked accepting new org invitations if OnlyOrg is relevant to the userOrg

* blocked creating new orgs if already in an org with OnlyOrg enabled

* created email alert for OnlyOrg policy

* removed users & sent alerts when appropriate for the OnlyOrg policy

* added method to noop mail service

* cleanup for OnlyOrg policy server logic

* blocked confirming new org users if they have violated the OnlyOrg policy since accepting

* added localization strings needed for the OnlyOrg policy

* allowed OnlyOrg policy configuration from the portal

* used correct localization key for onlyorg

* formatting and messaging changes for OnlyOrg

* formatting

* messaging change

* code review changes for onlyorg

* slimmed down a conditional

* optimized getting many orgUser records from many userIds

* removed a test file

* sql formatting

* weirdness

* trying to resolve git diff formatting issues
											
										
										
											2020-10-20 02:48:10 -04:00
+								                                await organizationService.DeleteUserAsync(policy.OrganizationId, orgUser.Id,
 								                                    savingUserId);
 								                                await _mailService.SendOrganizationUserRemovedForPolicyTwoStepEmailAsync(
-												Policy Service Tests (#1344)

* Added SsoConfigService tests

* Cleanup whitespace in SsoConfigServiceTests

* Work on PolicyServiceTests

* Refactor PolicyService to remove uneeded calls

* Implement Code Coverage

* Continued work on PolicyServiceTests

* Revert "Implement Code Coverage"

This reverts commit 4ada179ada53725fc9e8965a0a90bd2a9d115146.

* Fix PolicyServiceTests after rebasing

* Cleanup unused namespaces

* Added assertions that saving or logging of save aren't happening on exceptions
											
										
										
											2021-06-11 11:33:32 -04:00
+								                                    org.Name, orgUser.Email);
-												Enforce 2fa policy (#654)


											
										
										
											2020-02-19 14:56:16 -05:00
+								                            }
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								                        }
-												Only org policy (#962)

* added OnlyOrg to PolicyType enum

* blocked accepting new org invitations if OnlyOrg is relevant to the userOrg

* blocked creating new orgs if already in an org with OnlyOrg enabled

* created email alert for OnlyOrg policy

* removed users & sent alerts when appropriate for the OnlyOrg policy

* added method to noop mail service

* cleanup for OnlyOrg policy server logic

* blocked confirming new org users if they have violated the OnlyOrg policy since accepting

* added localization strings needed for the OnlyOrg policy

* allowed OnlyOrg policy configuration from the portal

* used correct localization key for onlyorg

* formatting and messaging changes for OnlyOrg

* formatting

* messaging change

* code review changes for onlyorg

* slimmed down a conditional

* optimized getting many orgUser records from many userIds

* removed a test file

* sql formatting

* weirdness

* trying to resolve git diff formatting issues
											
										
										
											2020-10-20 02:48:10 -04:00
+								                        break;
-												changed all OnlyOrg wording to be SingleOrg instead (#974)

* changed all OnlyOrg wording to be SingleOrg instead

* missed an OnlyOrg to change to SingleOrg
											
										
										
											2020-10-27 10:28:41 -04:00
+								                    case Enums.PolicyType.SingleOrg:
-												Only org policy (#962)

* added OnlyOrg to PolicyType enum

* blocked accepting new org invitations if OnlyOrg is relevant to the userOrg

* blocked creating new orgs if already in an org with OnlyOrg enabled

* created email alert for OnlyOrg policy

* removed users & sent alerts when appropriate for the OnlyOrg policy

* added method to noop mail service

* cleanup for OnlyOrg policy server logic

* blocked confirming new org users if they have violated the OnlyOrg policy since accepting

* added localization strings needed for the OnlyOrg policy

* allowed OnlyOrg policy configuration from the portal

* used correct localization key for onlyorg

* formatting and messaging changes for OnlyOrg

* formatting

* messaging change

* code review changes for onlyorg

* slimmed down a conditional

* optimized getting many orgUser records from many userIds

* removed a test file

* sql formatting

* weirdness

* trying to resolve git diff formatting issues
											
										
										
											2020-10-20 02:48:10 -04:00
+								                        var userOrgs = await _organizationUserRepository.GetManyByManyUsersAsync(
 								                                removableOrgUsers.Select(ou => ou.UserId.Value));
 								                        foreach (var orgUser in removableOrgUsers)
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								                        {
-												check that SingleOrg policy is enabled before saying users cant create new orgs (#1110)

* check that SingleOrg policy is enabled before saying users cant create new orgs

* fixed org user kick check for SingleOrg

* code review cleanup
											
										
										
											2021-01-25 11:19:33 -05:00
+								                            if (userOrgs.Any(ou => ou.UserId == orgUser.UserId
-												Policy Service Tests (#1344)

* Added SsoConfigService tests

* Cleanup whitespace in SsoConfigServiceTests

* Work on PolicyServiceTests

* Refactor PolicyService to remove uneeded calls

* Implement Code Coverage

* Continued work on PolicyServiceTests

* Revert "Implement Code Coverage"

This reverts commit 4ada179ada53725fc9e8965a0a90bd2a9d115146.

* Fix PolicyServiceTests after rebasing

* Cleanup unused namespaces

* Added assertions that saving or logging of save aren't happening on exceptions
											
										
										
											2021-06-11 11:33:32 -04:00
+								                                        && ou.OrganizationId != org.Id
-												check that SingleOrg policy is enabled before saying users cant create new orgs (#1110)

* check that SingleOrg policy is enabled before saying users cant create new orgs

* fixed org user kick check for SingleOrg

* code review cleanup
											
										
										
											2021-01-25 11:19:33 -05:00
+								                                        && ou.Status != OrganizationUserStatusType.Invited))
-												Only org policy (#962)

* added OnlyOrg to PolicyType enum

* blocked accepting new org invitations if OnlyOrg is relevant to the userOrg

* blocked creating new orgs if already in an org with OnlyOrg enabled

* created email alert for OnlyOrg policy

* removed users & sent alerts when appropriate for the OnlyOrg policy

* added method to noop mail service

* cleanup for OnlyOrg policy server logic

* blocked confirming new org users if they have violated the OnlyOrg policy since accepting

* added localization strings needed for the OnlyOrg policy

* allowed OnlyOrg policy configuration from the portal

* used correct localization key for onlyorg

* formatting and messaging changes for OnlyOrg

* formatting

* messaging change

* code review changes for onlyorg

* slimmed down a conditional

* optimized getting many orgUser records from many userIds

* removed a test file

* sql formatting

* weirdness

* trying to resolve git diff formatting issues
											
										
										
											2020-10-20 02:48:10 -04:00
+								                            {
 								                                await organizationService.DeleteUserAsync(policy.OrganizationId, orgUser.Id,
 								                                    savingUserId);
-												changed all OnlyOrg wording to be SingleOrg instead (#974)

* changed all OnlyOrg wording to be SingleOrg instead

* missed an OnlyOrg to change to SingleOrg
											
										
										
											2020-10-27 10:28:41 -04:00
+								                                await _mailService.SendOrganizationUserRemovedForPolicySingleOrgEmailAsync(
-												Policy Service Tests (#1344)

* Added SsoConfigService tests

* Cleanup whitespace in SsoConfigServiceTests

* Work on PolicyServiceTests

* Refactor PolicyService to remove uneeded calls

* Implement Code Coverage

* Continued work on PolicyServiceTests

* Revert "Implement Code Coverage"

This reverts commit 4ada179ada53725fc9e8965a0a90bd2a9d115146.

* Fix PolicyServiceTests after rebasing

* Cleanup unused namespaces

* Added assertions that saving or logging of save aren't happening on exceptions
											
										
										
											2021-06-11 11:33:32 -04:00
+								                                    org.Name, orgUser.Email);
-												Only org policy (#962)

* added OnlyOrg to PolicyType enum

* blocked accepting new org invitations if OnlyOrg is relevant to the userOrg

* blocked creating new orgs if already in an org with OnlyOrg enabled

* created email alert for OnlyOrg policy

* removed users & sent alerts when appropriate for the OnlyOrg policy

* added method to noop mail service

* cleanup for OnlyOrg policy server logic

* blocked confirming new org users if they have violated the OnlyOrg policy since accepting

* added localization strings needed for the OnlyOrg policy

* allowed OnlyOrg policy configuration from the portal

* used correct localization key for onlyorg

* formatting and messaging changes for OnlyOrg

* formatting

* messaging change

* code review changes for onlyorg

* slimmed down a conditional

* optimized getting many orgUser records from many userIds

* removed a test file

* sql formatting

* weirdness

* trying to resolve git diff formatting issues
											
										
										
											2020-10-20 02:48:10 -04:00
+								                            }
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								                        }
-												Only org policy (#962)

* added OnlyOrg to PolicyType enum

* blocked accepting new org invitations if OnlyOrg is relevant to the userOrg

* blocked creating new orgs if already in an org with OnlyOrg enabled

* created email alert for OnlyOrg policy

* removed users & sent alerts when appropriate for the OnlyOrg policy

* added method to noop mail service

* cleanup for OnlyOrg policy server logic

* blocked confirming new org users if they have violated the OnlyOrg policy since accepting

* added localization strings needed for the OnlyOrg policy

* allowed OnlyOrg policy configuration from the portal

* used correct localization key for onlyorg

* formatting and messaging changes for OnlyOrg

* formatting

* messaging change

* code review changes for onlyorg

* slimmed down a conditional

* optimized getting many orgUser records from many userIds

* removed a test file

* sql formatting

* weirdness

* trying to resolve git diff formatting issues
											
										
										
											2020-10-20 02:48:10 -04:00
+								                        break;
 								                    default:
 								                        break;
-												Enforce 2fa policy (#654)


											
										
										
											2020-02-19 14:56:16 -05:00
+								                }
 								            }
-												policy service

											
										
										
											2020-01-15 09:19:28 -05:00
+								        }
-												Policy Service Tests (#1344)

* Added SsoConfigService tests

* Cleanup whitespace in SsoConfigServiceTests

* Work on PolicyServiceTests

* Refactor PolicyService to remove uneeded calls

* Implement Code Coverage

* Continued work on PolicyServiceTests

* Revert "Implement Code Coverage"

This reverts commit 4ada179ada53725fc9e8965a0a90bd2a9d115146.

* Fix PolicyServiceTests after rebasing

* Cleanup unused namespaces

* Added assertions that saving or logging of save aren't happening on exceptions
											
										
										
											2021-06-11 11:33:32 -04:00
+								        policy.RevisionDate = now;
-												only 1 policy event

											
										
										
											2020-01-20 09:02:41 -05:00
+								        await _policyRepository.UpsertAsync(policy);
 								        await _eventService.LogPolicyEventAsync(policy, Enums.EventType.Policy_Updated);
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								    }
-												[Key Connector] Fix policy checks and other pre-reqs (#1711)

* Require SSO Policy to enable Key Connector

* Require that SSO is enabled to use Key Connector

* Fix error messages

"Key Connector" instead of "KeyConnector"

* Refactor dependent policy checks to handle expansion

* Block disabling Sso Policy if using Key Connector

* Update tests for policies required by Key Connector

* Fix tests

* Add test for Key Connector to require Sso Policy

* Add test: Sso config must be enabled to use Key Connector
											
										
										
											2021-11-15 19:25:10 +10:00
 								    private async Task DependsOnSingleOrgAsync(Organization org)
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								    {
-												[Key Connector] Fix policy checks and other pre-reqs (#1711)

* Require SSO Policy to enable Key Connector

* Require that SSO is enabled to use Key Connector

* Fix error messages

"Key Connector" instead of "KeyConnector"

* Refactor dependent policy checks to handle expansion

* Block disabling Sso Policy if using Key Connector

* Update tests for policies required by Key Connector

* Fix tests

* Add test for Key Connector to require Sso Policy

* Add test: Sso config must be enabled to use Key Connector
											
										
										
											2021-11-15 19:25:10 +10:00
+								        var singleOrg = await _policyRepository.GetByOrganizationIdTypeAsync(org.Id, PolicyType.SingleOrg);
 								        if (singleOrg?.Enabled != true)
 								        {
 								            throw new BadRequestException("Single Organization policy not enabled.");
 								        }
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								    }
-												[Key Connector] Fix policy checks and other pre-reqs (#1711)

* Require SSO Policy to enable Key Connector

* Require that SSO is enabled to use Key Connector

* Fix error messages

"Key Connector" instead of "KeyConnector"

* Refactor dependent policy checks to handle expansion

* Block disabling Sso Policy if using Key Connector

* Update tests for policies required by Key Connector

* Fix tests

* Add test for Key Connector to require Sso Policy

* Add test: Sso config must be enabled to use Key Connector
											
										
										
											2021-11-15 19:25:10 +10:00
 								    private async Task RequiredBySsoAsync(Organization org)
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								    {
-												[Key Connector] Fix policy checks and other pre-reqs (#1711)

* Require SSO Policy to enable Key Connector

* Require that SSO is enabled to use Key Connector

* Fix error messages

"Key Connector" instead of "KeyConnector"

* Refactor dependent policy checks to handle expansion

* Block disabling Sso Policy if using Key Connector

* Update tests for policies required by Key Connector

* Fix tests

* Add test for Key Connector to require Sso Policy

* Add test: Sso config must be enabled to use Key Connector
											
										
										
											2021-11-15 19:25:10 +10:00
+								        var requireSso = await _policyRepository.GetByOrganizationIdTypeAsync(org.Id, PolicyType.RequireSso);
 								        if (requireSso?.Enabled == true)
 								        {
 								            throw new BadRequestException("Single Sign-On Authentication policy is enabled.");
 								        }
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								    }
-												[Key Connector] Fix policy checks and other pre-reqs (#1711)

* Require SSO Policy to enable Key Connector

* Require that SSO is enabled to use Key Connector

* Fix error messages

"Key Connector" instead of "KeyConnector"

* Refactor dependent policy checks to handle expansion

* Block disabling Sso Policy if using Key Connector

* Update tests for policies required by Key Connector

* Fix tests

* Add test for Key Connector to require Sso Policy

* Add test: Sso config must be enabled to use Key Connector
											
										
										
											2021-11-15 19:25:10 +10:00
 								    private async Task RequiredByKeyConnectorAsync(Organization org)
 								    {
 								        var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(org.Id);
-												Key Connector feature toggle (#1716)


											
										
										
											2021-11-17 11:46:35 +01:00
+								        if (ssoConfig?.GetData()?.KeyConnectorEnabled == true)
-												[Key Connector] Fix policy checks and other pre-reqs (#1711)

* Require SSO Policy to enable Key Connector

* Require that SSO is enabled to use Key Connector

* Fix error messages

"Key Connector" instead of "KeyConnector"

* Refactor dependent policy checks to handle expansion

* Block disabling Sso Policy if using Key Connector

* Update tests for policies required by Key Connector

* Fix tests

* Add test for Key Connector to require Sso Policy

* Add test: Sso config must be enabled to use Key Connector
											
										
										
											2021-11-15 19:25:10 +10:00
+								        {
 								            throw new BadRequestException("Key Connector is enabled.");
 								        }
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								    }
-												[Key Connector] Fix policy checks and other pre-reqs (#1711)

* Require SSO Policy to enable Key Connector

* Require that SSO is enabled to use Key Connector

* Fix error messages

"Key Connector" instead of "KeyConnector"

* Refactor dependent policy checks to handle expansion

* Block disabling Sso Policy if using Key Connector

* Update tests for policies required by Key Connector

* Fix tests

* Add test for Key Connector to require Sso Policy

* Add test: Sso config must be enabled to use Key Connector
											
										
										
											2021-11-15 19:25:10 +10:00
 								    private async Task RequiredByVaultTimeoutAsync(Organization org)
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								    {
-												[Key Connector] Fix policy checks and other pre-reqs (#1711)

* Require SSO Policy to enable Key Connector

* Require that SSO is enabled to use Key Connector

* Fix error messages

"Key Connector" instead of "KeyConnector"

* Refactor dependent policy checks to handle expansion

* Block disabling Sso Policy if using Key Connector

* Update tests for policies required by Key Connector

* Fix tests

* Add test for Key Connector to require Sso Policy

* Add test: Sso config must be enabled to use Key Connector
											
										
										
											2021-11-15 19:25:10 +10:00
+								        var vaultTimeout = await _policyRepository.GetByOrganizationIdTypeAsync(org.Id, PolicyType.MaximumVaultTimeout);
 								        if (vaultTimeout?.Enabled == true)
 								        {
 								            throw new BadRequestException("Maximum Vault Timeout policy is enabled.");
 								        }
-												policy service

											
										
										
											2020-01-15 09:19:28 -05:00
+								    }
 								}