src/Core/Services/Implementations/PolicyService.cs

using Bit.Core.Auth.Repositories;
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Exceptions;
using Bit.Core.Models.Data.Organizations.Policies;
using Bit.Core.Repositories;

namespace Bit.Core.Services;

public class PolicyService : IPolicyService
{
    private readonly IEventService _eventService;
    private readonly IOrganizationRepository _organizationRepository;
    private readonly IOrganizationUserRepository _organizationUserRepository;
    private readonly IPolicyRepository _policyRepository;
    private readonly ISsoConfigRepository _ssoConfigRepository;
    private readonly IMailService _mailService;

    public PolicyService(
        IEventService eventService,
        IOrganizationRepository organizationRepository,
        IOrganizationUserRepository organizationUserRepository,
        IPolicyRepository policyRepository,
        ISsoConfigRepository ssoConfigRepository,
        IMailService mailService)
    {
        _eventService = eventService;
        _organizationRepository = organizationRepository;
        _organizationUserRepository = organizationUserRepository;
        _policyRepository = policyRepository;
        _ssoConfigRepository = ssoConfigRepository;
        _mailService = mailService;
    }

    public async Task SaveAsync(Policy policy, IUserService userService, IOrganizationService organizationService,
        Guid? savingUserId)
    {
        var org = await _organizationRepository.GetByIdAsync(policy.OrganizationId);
        if (org == null)
        {
            throw new BadRequestException("Organization not found");
        }

        if (!org.UsePolicies)
        {
            throw new BadRequestException("This organization cannot use policies.");
        }

        // Handle dependent policy checks
        switch (policy.Type)
        {
            case PolicyType.SingleOrg:
                if (!policy.Enabled)
                {
                    await RequiredBySsoAsync(org);
                    await RequiredByVaultTimeoutAsync(org);
                    await RequiredByKeyConnectorAsync(org);
                }
                break;

            case PolicyType.RequireSso:
                if (policy.Enabled)
                {
                    await DependsOnSingleOrgAsync(org);
                }
                else
                {
                    await RequiredByKeyConnectorAsync(org);
                }
                break;

            case PolicyType.MaximumVaultTimeout:
                if (policy.Enabled)
                {
                    await DependsOnSingleOrgAsync(org);
                }
                break;

            // Activate Autofill is only available to Enterprise 2020-current plans
            case PolicyType.ActivateAutofill:
                if (policy.Enabled)
                {
                    LockedTo2020Plan(org);
                }
                break;
        }

        var now = DateTime.UtcNow;
        if (policy.Id == default(Guid))
        {
            policy.CreationDate = now;
        }

        if (policy.Enabled)
        {
            var currentPolicy = await _policyRepository.GetByIdAsync(policy.Id);
            if (!currentPolicy?.Enabled ?? true)
            {
                var orgUsers = await _organizationUserRepository.GetManyDetailsByOrganizationAsync(
                    policy.OrganizationId);
                var removableOrgUsers = orgUsers.Where(ou =>
                    ou.Status != Enums.OrganizationUserStatusType.Invited && ou.Status != Enums.OrganizationUserStatusType.Revoked &&
                    ou.Type != Enums.OrganizationUserType.Owner && ou.Type != Enums.OrganizationUserType.Admin &&
                    ou.UserId != savingUserId);
                switch (policy.Type)
                {
                    case Enums.PolicyType.TwoFactorAuthentication:
                        foreach (var orgUser in removableOrgUsers)
                        {
                            if (!await userService.TwoFactorIsEnabledAsync(orgUser))
                            {
                                await organizationService.DeleteUserAsync(policy.OrganizationId, orgUser.Id,
                                    savingUserId);
                                await _mailService.SendOrganizationUserRemovedForPolicyTwoStepEmailAsync(
                                    org.Name, orgUser.Email);
                            }
                        }
                        break;
                    case Enums.PolicyType.SingleOrg:
                        var userOrgs = await _organizationUserRepository.GetManyByManyUsersAsync(
                                removableOrgUsers.Select(ou => ou.UserId.Value));
                        foreach (var orgUser in removableOrgUsers)
                        {
                            if (userOrgs.Any(ou => ou.UserId == orgUser.UserId
                                        && ou.OrganizationId != org.Id
                                        && ou.Status != OrganizationUserStatusType.Invited))
                            {
                                await organizationService.DeleteUserAsync(policy.OrganizationId, orgUser.Id,
                                    savingUserId);
                                await _mailService.SendOrganizationUserRemovedForPolicySingleOrgEmailAsync(
                                    org.Name, orgUser.Email);
                            }
                        }
                        break;
                    default:
                        break;
                }
            }
        }
        policy.RevisionDate = now;
        await _policyRepository.UpsertAsync(policy);
        await _eventService.LogPolicyEventAsync(policy, Enums.EventType.Policy_Updated);
    }

    public async Task<MasterPasswordPolicyData> GetMasterPasswordPolicyForUserAsync(User user)
    {
        var policies = (await _policyRepository.GetManyByUserIdAsync(user.Id))
            .Where(p => p.Type == PolicyType.MasterPassword && p.Enabled)
            .ToList();

        if (!policies.Any())
        {
            return null;
        }

        var enforcedOptions = new MasterPasswordPolicyData();

        foreach (var policy in policies)
        {
            enforcedOptions.CombineWith(policy.GetDataModel<MasterPasswordPolicyData>());
        }

        return enforcedOptions;
    }

    private async Task DependsOnSingleOrgAsync(Organization org)
    {
        var singleOrg = await _policyRepository.GetByOrganizationIdTypeAsync(org.Id, PolicyType.SingleOrg);
        if (singleOrg?.Enabled != true)
        {
            throw new BadRequestException("Single Organization policy not enabled.");
        }
    }

    private async Task RequiredBySsoAsync(Organization org)
    {
        var requireSso = await _policyRepository.GetByOrganizationIdTypeAsync(org.Id, PolicyType.RequireSso);
        if (requireSso?.Enabled == true)
        {
            throw new BadRequestException("Single Sign-On Authentication policy is enabled.");
        }
    }

    private async Task RequiredByKeyConnectorAsync(Organization org)
    {

        var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(org.Id);
        if (ssoConfig?.GetData()?.KeyConnectorEnabled == true)
        {
            throw new BadRequestException("Key Connector is enabled.");
        }
    }

    private async Task RequiredByVaultTimeoutAsync(Organization org)
    {
        var vaultTimeout = await _policyRepository.GetByOrganizationIdTypeAsync(org.Id, PolicyType.MaximumVaultTimeout);
        if (vaultTimeout?.Enabled == true)
        {
            throw new BadRequestException("Maximum Vault Timeout policy is enabled.");
        }
    }

    private void LockedTo2020Plan(Organization org)
    {
        if (org.PlanType != PlanType.EnterpriseAnnually && org.PlanType != PlanType.EnterpriseMonthly)
        {
            throw new BadRequestException("This policy is only available to 2020 Enterprise plans.");
        }
    }
}
-												[PM-1188] Server owner auth migration (#2825)

* [PM-1188] add sso project to auth

* [PM-1188] move sso api models to auth

* [PM-1188] fix sso api model namespace & imports

* [PM-1188] move core files to auth

* [PM-1188] fix core sso namespace & models

* [PM-1188] move sso repository files to auth

* [PM-1188] fix sso repo files namespace & imports

* [PM-1188] move sso sql files to auth folder

* [PM-1188] move sso test files to auth folders

* [PM-1188] fix sso tests namespace & imports

* [PM-1188] move auth api files to auth folder

* [PM-1188] fix auth api files namespace & imports

* [PM-1188] move auth core files to auth folder

* [PM-1188] fix auth core files namespace & imports

* [PM-1188] move auth email templates to auth folder

* [PM-1188] move auth email folder back into shared directory

* [PM-1188] fix auth email names

* [PM-1188] move auth core models to auth folder

* [PM-1188] fix auth model namespace & imports

* [PM-1188] add entire Identity project to auth codeowners

* [PM-1188] fix auth orm files namespace & imports

* [PM-1188] move auth orm files to auth folder

* [PM-1188] move auth sql files to auth folder

* [PM-1188] move auth tests to auth folder

* [PM-1188] fix auth test files namespace & imports

* [PM-1188] move emergency access api files to auth folder

* [PM-1188] fix emergencyaccess api files namespace & imports

* [PM-1188] move emergency access core files to auth folder

* [PM-1188] fix emergency access core files namespace & imports

* [PM-1188] move emergency access orm files to auth folder

* [PM-1188] fix emergency access orm files namespace & imports

* [PM-1188] move emergency access sql files to auth folder

* [PM-1188] move emergencyaccess test files to auth folder

* [PM-1188] fix emergency access test files namespace & imports

* [PM-1188] move captcha files to auth folder

* [PM-1188] fix captcha files namespace & imports

* [PM-1188] move auth admin files into auth folder

* [PM-1188] fix admin auth files namespace & imports
- configure mvc to look in auth folders for views

* [PM-1188] remove extra imports and formatting

* [PM-1188] fix ef auth model imports

* [PM-1188] fix DatabaseContextModelSnapshot paths

* [PM-1188] fix grant import in ef

* [PM-1188] update sqlproj

* [PM-1188] move missed sqlproj files

* [PM-1188] move auth ef models out of auth folder

* [PM-1188] fix auth ef models namespace

* [PM-1188] remove auth ef models unused imports

* [PM-1188] fix imports for auth ef models

* [PM-1188] fix more ef model imports

* [PM-1188] fix file encodings
											
										
										
											2023-04-14 13:25:56 -04:00
+								using Bit.Core.Auth.Repositories;
 								using Bit.Core.Entities;
-												Only org policy (#962)

* added OnlyOrg to PolicyType enum

* blocked accepting new org invitations if OnlyOrg is relevant to the userOrg

* blocked creating new orgs if already in an org with OnlyOrg enabled

* created email alert for OnlyOrg policy

* removed users & sent alerts when appropriate for the OnlyOrg policy

* added method to noop mail service

* cleanup for OnlyOrg policy server logic

* blocked confirming new org users if they have violated the OnlyOrg policy since accepting

* added localization strings needed for the OnlyOrg policy

* allowed OnlyOrg policy configuration from the portal

* used correct localization key for onlyorg

* formatting and messaging changes for OnlyOrg

* formatting

* messaging change

* code review changes for onlyorg

* slimmed down a conditional

* optimized getting many orgUser records from many userIds

* removed a test file

* sql formatting

* weirdness

* trying to resolve git diff formatting issues
											
										
										
											2020-10-20 02:48:10 -04:00
+								using Bit.Core.Enums;
-												policy service

											
										
										
											2020-01-15 09:19:28 -05:00
+								using Bit.Core.Exceptions;
-												[AC-1070] Enforce master password policy on login  (#2714)

* [EC-1070] Add API endpoint to retrieve all policies for the current user

The additional API endpoint is required to avoid forcing a full sync call before every login for master password policy enforcement on login.

* [EC-1070] Add MasterPasswordPolicyData model

* [EC-1070] Move PolicyResponseModel to Core project

The response model is used by both the Identity and Api projects.

* [EC-1070] Supply master password polices as a custom identity token response

* [EC-1070] Include master password policies in 2FA token response

* [EC-1070] Add response model to verify-password endpoint that includes master password policies

* [AC-1070] Introduce MasterPasswordPolicyResponseModel

* [AC-1070] Add policy service method to retrieve a user's master password policy

* [AC-1070] User new policy service method

- Update BaseRequestValidator
- Update AccountsController for /verify-password endpoint
- Update VerifyMasterPasswordResponseModel to accept MasterPasswordPolicyData

* [AC-1070] Cleanup new policy service method

- Use User object instead of Guid
- Remove TODO message
- Use `PolicyRepository.GetManyByTypeApplicableToUserIdAsync` instead of filtering locally

* [AC-1070] Cleanup MasterPasswordPolicy models

- Remove default values from both models
- Add missing `RequireLower`
- Fix mismatched properties in `CombineWith` method
- Make properties nullable in response model

* [AC-1070] Remove now un-used GET /policies endpoint

* [AC-1070] Update policy service method to use GetManyByUserIdAsync

* [AC-1070] Ensure existing value is not null before comparison

* [AC-1070] Remove redundant VerifyMasterPasswordResponse model

* [AC-1070] Fix service typo in constructor
											
										
										
											2023-04-17 07:35:47 -07:00
+								using Bit.Core.Models.Data.Organizations.Policies;
-												policy service

											
										
										
											2020-01-15 09:19:28 -05:00
+								using Bit.Core.Repositories;
 								namespace Bit.Core.Services;
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
-												policy service

											
										
										
											2020-01-15 09:19:28 -05:00
+								public class PolicyService : IPolicyService
 								{
 								    private readonly IEventService _eventService;
 								    private readonly IOrganizationRepository _organizationRepository;
 								    private readonly IOrganizationUserRepository _organizationUserRepository;
 								    private readonly IPolicyRepository _policyRepository;
 								    private readonly ISsoConfigRepository _ssoConfigRepository;
-												email user whenever they're removed from org because of 2fa policy (#657)


											
										
										
											2020-02-27 09:30:04 -05:00
+								    private readonly IMailService _mailService;
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
-												policy service

											
										
										
											2020-01-15 09:19:28 -05:00
+								    public PolicyService(
 								        IEventService eventService,
-												email user whenever they're removed from org because of 2fa policy (#657)


											
										
										
											2020-02-27 09:30:04 -05:00
+								        IOrganizationRepository organizationRepository,
 								        IOrganizationUserRepository organizationUserRepository,
 								        IPolicyRepository policyRepository,
 								        ISsoConfigRepository ssoConfigRepository,
 								        IMailService mailService)
-												policy service

											
										
										
											2020-01-15 09:19:28 -05:00
+								    {
 								        _eventService = eventService;
 								        _organizationRepository = organizationRepository;
 								        _organizationUserRepository = organizationUserRepository;
 								        _policyRepository = policyRepository;
-												Add support for Key Connector OTP and account migration (#1663)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
											
										
										
											2021-11-09 16:37:32 +01:00
+								        _ssoConfigRepository = ssoConfigRepository;
-												email user whenever they're removed from org because of 2fa policy (#657)


											
										
										
											2020-02-27 09:30:04 -05:00
+								        _mailService = mailService;
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												policy service

											
										
										
											2020-01-15 09:19:28 -05:00
-												email user whenever they're removed from org because of 2fa policy (#657)


											
										
										
											2020-02-27 09:30:04 -05:00
+								    public async Task SaveAsync(Policy policy, IUserService userService, IOrganizationService organizationService,
-												Enforce 2fa policy (#654)


											
										
										
											2020-02-19 14:56:16 -05:00
+								        Guid? savingUserId)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												email user whenever they're removed from org because of 2fa policy (#657)


											
										
										
											2020-02-27 09:30:04 -05:00
+								        var org = await _organizationRepository.GetByIdAsync(policy.OrganizationId);
 								        if (org == null)
-												policy service

											
										
										
											2020-01-15 09:19:28 -05:00
+								        {
 								            throw new BadRequestException("Organization not found");
 								        }
-												Enforce 2fa policy (#654)


											
										
										
											2020-02-19 14:56:16 -05:00
+								        if (!org.UsePolicies)
-												policy service

											
										
										
											2020-01-15 09:19:28 -05:00
+								        {
-												[Key Connector] Fix policy checks and other pre-reqs (#1711)

* Require SSO Policy to enable Key Connector

* Require that SSO is enabled to use Key Connector

* Fix error messages

"Key Connector" instead of "KeyConnector"

* Refactor dependent policy checks to handle expansion

* Block disabling Sso Policy if using Key Connector

* Update tests for policies required by Key Connector

* Fix tests

* Add test for Key Connector to require Sso Policy

* Add test: Sso config must be enabled to use Key Connector
											
										
										
											2021-11-15 19:25:10 +10:00
+								            throw new BadRequestException("This organization cannot use policies.");
-												Initial commit of SingleOrg downstream policy checks (#1038)


											
										
										
											2020-12-16 16:02:54 -06:00
+								        }
-												Run dotnet format (#1764)


											
										
										
											2021-12-16 15:35:09 +01:00
-												[Require SSO] Added service layer dependent policy check (#977)

* Added service layer dependent policy check

* Updated to SingleOrg
											
										
										
											2020-10-27 14:08:19 -05:00
+								        // Handle dependent policy checks
 								        switch (policy.Type)
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								        {
-												[Require SSO] Added service layer dependent policy check (#977)

* Added service layer dependent policy check

* Updated to SingleOrg
											
										
										
											2020-10-27 14:08:19 -05:00
+								            case PolicyType.SingleOrg:
-												[Key Connector] Fix policy checks and other pre-reqs (#1711)

* Require SSO Policy to enable Key Connector

* Require that SSO is enabled to use Key Connector

* Fix error messages

"Key Connector" instead of "KeyConnector"

* Refactor dependent policy checks to handle expansion

* Block disabling Sso Policy if using Key Connector

* Update tests for policies required by Key Connector

* Fix tests

* Add test for Key Connector to require Sso Policy

* Add test: Sso config must be enabled to use Key Connector
											
										
										
											2021-11-15 19:25:10 +10:00
+								                if (!policy.Enabled)
 								                {
 								                    await RequiredBySsoAsync(org);
 								                    await RequiredByVaultTimeoutAsync(org);
 								                    await RequiredByKeyConnectorAsync(org);
 								                }
 								                break;
-												Add checks for vault timeout policy (#1694)


											
										
										
											2021-11-08 14:37:40 +01:00
+								            case PolicyType.RequireSso:
-												[Require SSO] Added service layer dependent policy check (#977)

* Added service layer dependent policy check

* Updated to SingleOrg
											
										
										
											2020-10-27 14:08:19 -05:00
+								                if (policy.Enabled)
 								                {
-												[Key Connector] Fix policy checks and other pre-reqs (#1711)

* Require SSO Policy to enable Key Connector

* Require that SSO is enabled to use Key Connector

* Fix error messages

"Key Connector" instead of "KeyConnector"

* Refactor dependent policy checks to handle expansion

* Block disabling Sso Policy if using Key Connector

* Update tests for policies required by Key Connector

* Fix tests

* Add test for Key Connector to require Sso Policy

* Add test: Sso config must be enabled to use Key Connector
											
										
										
											2021-11-15 19:25:10 +10:00
+								                    await DependsOnSingleOrgAsync(org);
-												[Require SSO] Added service layer dependent policy check (#977)

* Added service layer dependent policy check

* Updated to SingleOrg
											
										
										
											2020-10-27 14:08:19 -05:00
+								                }
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								                else
 								                {
-												[Key Connector] Fix policy checks and other pre-reqs (#1711)

* Require SSO Policy to enable Key Connector

* Require that SSO is enabled to use Key Connector

* Fix error messages

"Key Connector" instead of "KeyConnector"

* Refactor dependent policy checks to handle expansion

* Block disabling Sso Policy if using Key Connector

* Update tests for policies required by Key Connector

* Fix tests

* Add test for Key Connector to require Sso Policy

* Add test: Sso config must be enabled to use Key Connector
											
										
										
											2021-11-15 19:25:10 +10:00
+								                    await RequiredByKeyConnectorAsync(org);
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								                }
-												[Require SSO] Added service layer dependent policy check (#977)

* Added service layer dependent policy check

* Updated to SingleOrg
											
										
										
											2020-10-27 14:08:19 -05:00
+								                break;
-												policy service

											
										
										
											2020-01-15 09:19:28 -05:00
-												only 1 policy event

											
										
										
											2020-01-20 09:02:41 -05:00
+								            case PolicyType.MaximumVaultTimeout:
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                if (policy.Enabled)
-												policy service

											
										
										
											2020-01-15 09:19:28 -05:00
+								                {
-												only 1 policy event

											
										
										
											2020-01-20 09:02:41 -05:00
+								                    await DependsOnSingleOrgAsync(org);
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								                }
-												only 1 policy event

											
										
										
											2020-01-20 09:02:41 -05:00
+								                break;
-												[AC-1046] add browser autofill policy (#2751)

* [EC-1046] add browser autofill policy

* [AC-1046] check plan when activating policy

* [AC-1046] add useActivateAutofillPolicy to Organization response

* [AC-1046] add UseActivateAutofillPolicy to provider org response
											
										
										
											2023-03-10 12:52:50 -05:00
 								            // Activate Autofill is only available to Enterprise 2020-current plans
 								            case PolicyType.ActivateAutofill:
 								                if (policy.Enabled)
 								                {
 								                    LockedTo2020Plan(org);
 								                }
 								                break;
-												policy service

											
										
										
											2020-01-15 09:19:28 -05:00
+								        }
-												Remove noncompliant users for new policies (#1951)


											
										
										
											2022-04-22 08:13:02 +10:00
-												only 1 policy event

											
										
										
											2020-01-20 09:02:41 -05:00
+								        var now = DateTime.UtcNow;
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								        if (policy.Id == default(Guid))
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								        {
-												only 1 policy event

											
										
										
											2020-01-20 09:02:41 -05:00
+								            policy.CreationDate = now;
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								        }
-												Remove noncompliant users for new policies (#1951)


											
										
										
											2022-04-22 08:13:02 +10:00
+								        if (policy.Enabled)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												Enforce 2fa policy (#654)


											
										
										
											2020-02-19 14:56:16 -05:00
+								            var currentPolicy = await _policyRepository.GetByIdAsync(policy.Id);
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            if (!currentPolicy?.Enabled ?? true)
-												Enforce 2fa policy (#654)


											
										
										
											2020-02-19 14:56:16 -05:00
+								            {
 								                var orgUsers = await _organizationUserRepository.GetManyDetailsByOrganizationAsync(
 								                    policy.OrganizationId);
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                var removableOrgUsers = orgUsers.Where(ou =>
-												[EC-741 Single Organization policy exception when an Invited status user is also in the Revoked status (#2568)

* [EC-741] Check that OrganizationUsers to be removed have a UserId

* [EC-741] Filtering Revoked users in query for users to remove from organization
											
										
										
											2023-01-23 16:05:12 +00:00
+								                    ou.Status != Enums.OrganizationUserStatusType.Invited && ou.Status != Enums.OrganizationUserStatusType.Revoked &&
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                    ou.Type != Enums.OrganizationUserType.Owner && ou.Type != Enums.OrganizationUserType.Admin &&
-												[Exemption] Updated policy messages (#984)

* Updated messages // added exemption message // added callout

* updated strings - futureproofing
											
										
										
											2020-11-10 09:53:44 -06:00
+								                    ou.UserId != savingUserId);
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                switch (policy.Type)
-												Enforce 2fa policy (#654)


											
										
										
											2020-02-19 14:56:16 -05:00
+								                {
-												Only org policy (#962)

* added OnlyOrg to PolicyType enum

* blocked accepting new org invitations if OnlyOrg is relevant to the userOrg

* blocked creating new orgs if already in an org with OnlyOrg enabled

* created email alert for OnlyOrg policy

* removed users & sent alerts when appropriate for the OnlyOrg policy

* added method to noop mail service

* cleanup for OnlyOrg policy server logic

* blocked confirming new org users if they have violated the OnlyOrg policy since accepting

* added localization strings needed for the OnlyOrg policy

* allowed OnlyOrg policy configuration from the portal

* used correct localization key for onlyorg

* formatting and messaging changes for OnlyOrg

* formatting

* messaging change

* code review changes for onlyorg

* slimmed down a conditional

* optimized getting many orgUser records from many userIds

* removed a test file

* sql formatting

* weirdness

* trying to resolve git diff formatting issues
											
										
										
											2020-10-20 02:48:10 -04:00
+								                    case Enums.PolicyType.TwoFactorAuthentication:
 								                        foreach (var orgUser in removableOrgUsers)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								                        {
-												Only org policy (#962)

* added OnlyOrg to PolicyType enum

* blocked accepting new org invitations if OnlyOrg is relevant to the userOrg

* blocked creating new orgs if already in an org with OnlyOrg enabled

* created email alert for OnlyOrg policy

* removed users & sent alerts when appropriate for the OnlyOrg policy

* added method to noop mail service

* cleanup for OnlyOrg policy server logic

* blocked confirming new org users if they have violated the OnlyOrg policy since accepting

* added localization strings needed for the OnlyOrg policy

* allowed OnlyOrg policy configuration from the portal

* used correct localization key for onlyorg

* formatting and messaging changes for OnlyOrg

* formatting

* messaging change

* code review changes for onlyorg

* slimmed down a conditional

* optimized getting many orgUser records from many userIds

* removed a test file

* sql formatting

* weirdness

* trying to resolve git diff formatting issues
											
										
										
											2020-10-20 02:48:10 -04:00
+								                            if (!await userService.TwoFactorIsEnabledAsync(orgUser))
-												Enforce 2fa policy (#654)


											
										
										
											2020-02-19 14:56:16 -05:00
+								                            {
-												Only org policy (#962)

* added OnlyOrg to PolicyType enum

* blocked accepting new org invitations if OnlyOrg is relevant to the userOrg

* blocked creating new orgs if already in an org with OnlyOrg enabled

* created email alert for OnlyOrg policy

* removed users & sent alerts when appropriate for the OnlyOrg policy

* added method to noop mail service

* cleanup for OnlyOrg policy server logic

* blocked confirming new org users if they have violated the OnlyOrg policy since accepting

* added localization strings needed for the OnlyOrg policy

* allowed OnlyOrg policy configuration from the portal

* used correct localization key for onlyorg

* formatting and messaging changes for OnlyOrg

* formatting

* messaging change

* code review changes for onlyorg

* slimmed down a conditional

* optimized getting many orgUser records from many userIds

* removed a test file

* sql formatting

* weirdness

* trying to resolve git diff formatting issues
											
										
										
											2020-10-20 02:48:10 -04:00
+								                                await organizationService.DeleteUserAsync(policy.OrganizationId, orgUser.Id,
 								                                    savingUserId);
 								                                await _mailService.SendOrganizationUserRemovedForPolicyTwoStepEmailAsync(
-												Policy Service Tests (#1344)

* Added SsoConfigService tests

* Cleanup whitespace in SsoConfigServiceTests

* Work on PolicyServiceTests

* Refactor PolicyService to remove uneeded calls

* Implement Code Coverage

* Continued work on PolicyServiceTests

* Revert "Implement Code Coverage"

This reverts commit 4ada179ada53725fc9e8965a0a90bd2a9d115146.

* Fix PolicyServiceTests after rebasing

* Cleanup unused namespaces

* Added assertions that saving or logging of save aren't happening on exceptions
											
										
										
											2021-06-11 11:33:32 -04:00
+								                                    org.Name, orgUser.Email);
-												Enforce 2fa policy (#654)


											
										
										
											2020-02-19 14:56:16 -05:00
+								                            }
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								                        }
-												Only org policy (#962)

* added OnlyOrg to PolicyType enum

* blocked accepting new org invitations if OnlyOrg is relevant to the userOrg

* blocked creating new orgs if already in an org with OnlyOrg enabled

* created email alert for OnlyOrg policy

* removed users & sent alerts when appropriate for the OnlyOrg policy

* added method to noop mail service

* cleanup for OnlyOrg policy server logic

* blocked confirming new org users if they have violated the OnlyOrg policy since accepting

* added localization strings needed for the OnlyOrg policy

* allowed OnlyOrg policy configuration from the portal

* used correct localization key for onlyorg

* formatting and messaging changes for OnlyOrg

* formatting

* messaging change

* code review changes for onlyorg

* slimmed down a conditional

* optimized getting many orgUser records from many userIds

* removed a test file

* sql formatting

* weirdness

* trying to resolve git diff formatting issues
											
										
										
											2020-10-20 02:48:10 -04:00
+								                        break;
-												changed all OnlyOrg wording to be SingleOrg instead (#974)

* changed all OnlyOrg wording to be SingleOrg instead

* missed an OnlyOrg to change to SingleOrg
											
										
										
											2020-10-27 10:28:41 -04:00
+								                    case Enums.PolicyType.SingleOrg:
-												Only org policy (#962)

* added OnlyOrg to PolicyType enum

* blocked accepting new org invitations if OnlyOrg is relevant to the userOrg

* blocked creating new orgs if already in an org with OnlyOrg enabled

* created email alert for OnlyOrg policy

* removed users & sent alerts when appropriate for the OnlyOrg policy

* added method to noop mail service

* cleanup for OnlyOrg policy server logic

* blocked confirming new org users if they have violated the OnlyOrg policy since accepting

* added localization strings needed for the OnlyOrg policy

* allowed OnlyOrg policy configuration from the portal

* used correct localization key for onlyorg

* formatting and messaging changes for OnlyOrg

* formatting

* messaging change

* code review changes for onlyorg

* slimmed down a conditional

* optimized getting many orgUser records from many userIds

* removed a test file

* sql formatting

* weirdness

* trying to resolve git diff formatting issues
											
										
										
											2020-10-20 02:48:10 -04:00
+								                        var userOrgs = await _organizationUserRepository.GetManyByManyUsersAsync(
 								                                removableOrgUsers.Select(ou => ou.UserId.Value));
 								                        foreach (var orgUser in removableOrgUsers)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								                        {
-												check that SingleOrg policy is enabled before saying users cant create new orgs (#1110)

* check that SingleOrg policy is enabled before saying users cant create new orgs

* fixed org user kick check for SingleOrg

* code review cleanup
											
										
										
											2021-01-25 11:19:33 -05:00
+								                            if (userOrgs.Any(ou => ou.UserId == orgUser.UserId
-												Policy Service Tests (#1344)

* Added SsoConfigService tests

* Cleanup whitespace in SsoConfigServiceTests

* Work on PolicyServiceTests

* Refactor PolicyService to remove uneeded calls

* Implement Code Coverage

* Continued work on PolicyServiceTests

* Revert "Implement Code Coverage"

This reverts commit 4ada179ada53725fc9e8965a0a90bd2a9d115146.

* Fix PolicyServiceTests after rebasing

* Cleanup unused namespaces

* Added assertions that saving or logging of save aren't happening on exceptions
											
										
										
											2021-06-11 11:33:32 -04:00
+								                                        && ou.OrganizationId != org.Id
-												check that SingleOrg policy is enabled before saying users cant create new orgs (#1110)

* check that SingleOrg policy is enabled before saying users cant create new orgs

* fixed org user kick check for SingleOrg

* code review cleanup
											
										
										
											2021-01-25 11:19:33 -05:00
+								                                        && ou.Status != OrganizationUserStatusType.Invited))
-												Only org policy (#962)

* added OnlyOrg to PolicyType enum

* blocked accepting new org invitations if OnlyOrg is relevant to the userOrg

* blocked creating new orgs if already in an org with OnlyOrg enabled

* created email alert for OnlyOrg policy

* removed users & sent alerts when appropriate for the OnlyOrg policy

* added method to noop mail service

* cleanup for OnlyOrg policy server logic

* blocked confirming new org users if they have violated the OnlyOrg policy since accepting

* added localization strings needed for the OnlyOrg policy

* allowed OnlyOrg policy configuration from the portal

* used correct localization key for onlyorg

* formatting and messaging changes for OnlyOrg

* formatting

* messaging change

* code review changes for onlyorg

* slimmed down a conditional

* optimized getting many orgUser records from many userIds

* removed a test file

* sql formatting

* weirdness

* trying to resolve git diff formatting issues
											
										
										
											2020-10-20 02:48:10 -04:00
+								                            {
 								                                await organizationService.DeleteUserAsync(policy.OrganizationId, orgUser.Id,
 								                                    savingUserId);
-												changed all OnlyOrg wording to be SingleOrg instead (#974)

* changed all OnlyOrg wording to be SingleOrg instead

* missed an OnlyOrg to change to SingleOrg
											
										
										
											2020-10-27 10:28:41 -04:00
+								                                await _mailService.SendOrganizationUserRemovedForPolicySingleOrgEmailAsync(
-												Policy Service Tests (#1344)

* Added SsoConfigService tests

* Cleanup whitespace in SsoConfigServiceTests

* Work on PolicyServiceTests

* Refactor PolicyService to remove uneeded calls

* Implement Code Coverage

* Continued work on PolicyServiceTests

* Revert "Implement Code Coverage"

This reverts commit 4ada179ada53725fc9e8965a0a90bd2a9d115146.

* Fix PolicyServiceTests after rebasing

* Cleanup unused namespaces

* Added assertions that saving or logging of save aren't happening on exceptions
											
										
										
											2021-06-11 11:33:32 -04:00
+								                                    org.Name, orgUser.Email);
-												Only org policy (#962)

* added OnlyOrg to PolicyType enum

* blocked accepting new org invitations if OnlyOrg is relevant to the userOrg

* blocked creating new orgs if already in an org with OnlyOrg enabled

* created email alert for OnlyOrg policy

* removed users & sent alerts when appropriate for the OnlyOrg policy

* added method to noop mail service

* cleanup for OnlyOrg policy server logic

* blocked confirming new org users if they have violated the OnlyOrg policy since accepting

* added localization strings needed for the OnlyOrg policy

* allowed OnlyOrg policy configuration from the portal

* used correct localization key for onlyorg

* formatting and messaging changes for OnlyOrg

* formatting

* messaging change

* code review changes for onlyorg

* slimmed down a conditional

* optimized getting many orgUser records from many userIds

* removed a test file

* sql formatting

* weirdness

* trying to resolve git diff formatting issues
											
										
										
											2020-10-20 02:48:10 -04:00
+								                            }
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								                        }
-												Only org policy (#962)

* added OnlyOrg to PolicyType enum

* blocked accepting new org invitations if OnlyOrg is relevant to the userOrg

* blocked creating new orgs if already in an org with OnlyOrg enabled

* created email alert for OnlyOrg policy

* removed users & sent alerts when appropriate for the OnlyOrg policy

* added method to noop mail service

* cleanup for OnlyOrg policy server logic

* blocked confirming new org users if they have violated the OnlyOrg policy since accepting

* added localization strings needed for the OnlyOrg policy

* allowed OnlyOrg policy configuration from the portal

* used correct localization key for onlyorg

* formatting and messaging changes for OnlyOrg

* formatting

* messaging change

* code review changes for onlyorg

* slimmed down a conditional

* optimized getting many orgUser records from many userIds

* removed a test file

* sql formatting

* weirdness

* trying to resolve git diff formatting issues
											
										
										
											2020-10-20 02:48:10 -04:00
+								                        break;
 								                    default:
 								                        break;
-												Enforce 2fa policy (#654)


											
										
										
											2020-02-19 14:56:16 -05:00
+								                }
 								            }
-												policy service

											
										
										
											2020-01-15 09:19:28 -05:00
+								        }
-												Policy Service Tests (#1344)

* Added SsoConfigService tests

* Cleanup whitespace in SsoConfigServiceTests

* Work on PolicyServiceTests

* Refactor PolicyService to remove uneeded calls

* Implement Code Coverage

* Continued work on PolicyServiceTests

* Revert "Implement Code Coverage"

This reverts commit 4ada179ada53725fc9e8965a0a90bd2a9d115146.

* Fix PolicyServiceTests after rebasing

* Cleanup unused namespaces

* Added assertions that saving or logging of save aren't happening on exceptions
											
										
										
											2021-06-11 11:33:32 -04:00
+								        policy.RevisionDate = now;
-												only 1 policy event

											
										
										
											2020-01-20 09:02:41 -05:00
+								        await _policyRepository.UpsertAsync(policy);
 								        await _eventService.LogPolicyEventAsync(policy, Enums.EventType.Policy_Updated);
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												[Key Connector] Fix policy checks and other pre-reqs (#1711)

* Require SSO Policy to enable Key Connector

* Require that SSO is enabled to use Key Connector

* Fix error messages

"Key Connector" instead of "KeyConnector"

* Refactor dependent policy checks to handle expansion

* Block disabling Sso Policy if using Key Connector

* Update tests for policies required by Key Connector

* Fix tests

* Add test for Key Connector to require Sso Policy

* Add test: Sso config must be enabled to use Key Connector
											
										
										
											2021-11-15 19:25:10 +10:00
-												[AC-1070] Enforce master password policy on login  (#2714)

* [EC-1070] Add API endpoint to retrieve all policies for the current user

The additional API endpoint is required to avoid forcing a full sync call before every login for master password policy enforcement on login.

* [EC-1070] Add MasterPasswordPolicyData model

* [EC-1070] Move PolicyResponseModel to Core project

The response model is used by both the Identity and Api projects.

* [EC-1070] Supply master password polices as a custom identity token response

* [EC-1070] Include master password policies in 2FA token response

* [EC-1070] Add response model to verify-password endpoint that includes master password policies

* [AC-1070] Introduce MasterPasswordPolicyResponseModel

* [AC-1070] Add policy service method to retrieve a user's master password policy

* [AC-1070] User new policy service method

- Update BaseRequestValidator
- Update AccountsController for /verify-password endpoint
- Update VerifyMasterPasswordResponseModel to accept MasterPasswordPolicyData

* [AC-1070] Cleanup new policy service method

- Use User object instead of Guid
- Remove TODO message
- Use `PolicyRepository.GetManyByTypeApplicableToUserIdAsync` instead of filtering locally

* [AC-1070] Cleanup MasterPasswordPolicy models

- Remove default values from both models
- Add missing `RequireLower`
- Fix mismatched properties in `CombineWith` method
- Make properties nullable in response model

* [AC-1070] Remove now un-used GET /policies endpoint

* [AC-1070] Update policy service method to use GetManyByUserIdAsync

* [AC-1070] Ensure existing value is not null before comparison

* [AC-1070] Remove redundant VerifyMasterPasswordResponse model

* [AC-1070] Fix service typo in constructor
											
										
										
											2023-04-17 07:35:47 -07:00
+								    public async Task<MasterPasswordPolicyData> GetMasterPasswordPolicyForUserAsync(User user)
 								    {
 								        var policies = (await _policyRepository.GetManyByUserIdAsync(user.Id))
 								            .Where(p => p.Type == PolicyType.MasterPassword && p.Enabled)
 								            .ToList();
 								        if (!policies.Any())
 								        {
 								            return null;
 								        }
 								        var enforcedOptions = new MasterPasswordPolicyData();
 								        foreach (var policy in policies)
 								        {
 								            enforcedOptions.CombineWith(policy.GetDataModel<MasterPasswordPolicyData>());
 								        }
 								        return enforcedOptions;
 								    }
-												[Key Connector] Fix policy checks and other pre-reqs (#1711)

* Require SSO Policy to enable Key Connector

* Require that SSO is enabled to use Key Connector

* Fix error messages

"Key Connector" instead of "KeyConnector"

* Refactor dependent policy checks to handle expansion

* Block disabling Sso Policy if using Key Connector

* Update tests for policies required by Key Connector

* Fix tests

* Add test for Key Connector to require Sso Policy

* Add test: Sso config must be enabled to use Key Connector
											
										
										
											2021-11-15 19:25:10 +10:00
+								    private async Task DependsOnSingleOrgAsync(Organization org)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												[Key Connector] Fix policy checks and other pre-reqs (#1711)

* Require SSO Policy to enable Key Connector

* Require that SSO is enabled to use Key Connector

* Fix error messages

"Key Connector" instead of "KeyConnector"

* Refactor dependent policy checks to handle expansion

* Block disabling Sso Policy if using Key Connector

* Update tests for policies required by Key Connector

* Fix tests

* Add test for Key Connector to require Sso Policy

* Add test: Sso config must be enabled to use Key Connector
											
										
										
											2021-11-15 19:25:10 +10:00
+								        var singleOrg = await _policyRepository.GetByOrganizationIdTypeAsync(org.Id, PolicyType.SingleOrg);
 								        if (singleOrg?.Enabled != true)
 								        {
 								            throw new BadRequestException("Single Organization policy not enabled.");
 								        }
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												[Key Connector] Fix policy checks and other pre-reqs (#1711)

* Require SSO Policy to enable Key Connector

* Require that SSO is enabled to use Key Connector

* Fix error messages

"Key Connector" instead of "KeyConnector"

* Refactor dependent policy checks to handle expansion

* Block disabling Sso Policy if using Key Connector

* Update tests for policies required by Key Connector

* Fix tests

* Add test for Key Connector to require Sso Policy

* Add test: Sso config must be enabled to use Key Connector
											
										
										
											2021-11-15 19:25:10 +10:00
 								    private async Task RequiredBySsoAsync(Organization org)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												[Key Connector] Fix policy checks and other pre-reqs (#1711)

* Require SSO Policy to enable Key Connector

* Require that SSO is enabled to use Key Connector

* Fix error messages

"Key Connector" instead of "KeyConnector"

* Refactor dependent policy checks to handle expansion

* Block disabling Sso Policy if using Key Connector

* Update tests for policies required by Key Connector

* Fix tests

* Add test for Key Connector to require Sso Policy

* Add test: Sso config must be enabled to use Key Connector
											
										
										
											2021-11-15 19:25:10 +10:00
+								        var requireSso = await _policyRepository.GetByOrganizationIdTypeAsync(org.Id, PolicyType.RequireSso);
 								        if (requireSso?.Enabled == true)
 								        {
 								            throw new BadRequestException("Single Sign-On Authentication policy is enabled.");
 								        }
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												[Key Connector] Fix policy checks and other pre-reqs (#1711)

* Require SSO Policy to enable Key Connector

* Require that SSO is enabled to use Key Connector

* Fix error messages

"Key Connector" instead of "KeyConnector"

* Refactor dependent policy checks to handle expansion

* Block disabling Sso Policy if using Key Connector

* Update tests for policies required by Key Connector

* Fix tests

* Add test for Key Connector to require Sso Policy

* Add test: Sso config must be enabled to use Key Connector
											
										
										
											2021-11-15 19:25:10 +10:00
 								    private async Task RequiredByKeyConnectorAsync(Organization org)
 								    {
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
-												[Key Connector] Fix policy checks and other pre-reqs (#1711)

* Require SSO Policy to enable Key Connector

* Require that SSO is enabled to use Key Connector

* Fix error messages

"Key Connector" instead of "KeyConnector"

* Refactor dependent policy checks to handle expansion

* Block disabling Sso Policy if using Key Connector

* Update tests for policies required by Key Connector

* Fix tests

* Add test for Key Connector to require Sso Policy

* Add test: Sso config must be enabled to use Key Connector
											
										
										
											2021-11-15 19:25:10 +10:00
+								        var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(org.Id);
-												Key Connector feature toggle (#1716)


											
										
										
											2021-11-17 11:46:35 +01:00
+								        if (ssoConfig?.GetData()?.KeyConnectorEnabled == true)
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								        {
-												[Key Connector] Fix policy checks and other pre-reqs (#1711)

* Require SSO Policy to enable Key Connector

* Require that SSO is enabled to use Key Connector

* Fix error messages

"Key Connector" instead of "KeyConnector"

* Refactor dependent policy checks to handle expansion

* Block disabling Sso Policy if using Key Connector

* Update tests for policies required by Key Connector

* Fix tests

* Add test for Key Connector to require Sso Policy

* Add test: Sso config must be enabled to use Key Connector
											
										
										
											2021-11-15 19:25:10 +10:00
+								            throw new BadRequestException("Key Connector is enabled.");
 								        }
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												[Key Connector] Fix policy checks and other pre-reqs (#1711)

* Require SSO Policy to enable Key Connector

* Require that SSO is enabled to use Key Connector

* Fix error messages

"Key Connector" instead of "KeyConnector"

* Refactor dependent policy checks to handle expansion

* Block disabling Sso Policy if using Key Connector

* Update tests for policies required by Key Connector

* Fix tests

* Add test for Key Connector to require Sso Policy

* Add test: Sso config must be enabled to use Key Connector
											
										
										
											2021-11-15 19:25:10 +10:00
 								    private async Task RequiredByVaultTimeoutAsync(Organization org)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												[Key Connector] Fix policy checks and other pre-reqs (#1711)

* Require SSO Policy to enable Key Connector

* Require that SSO is enabled to use Key Connector

* Fix error messages

"Key Connector" instead of "KeyConnector"

* Refactor dependent policy checks to handle expansion

* Block disabling Sso Policy if using Key Connector

* Update tests for policies required by Key Connector

* Fix tests

* Add test for Key Connector to require Sso Policy

* Add test: Sso config must be enabled to use Key Connector
											
										
										
											2021-11-15 19:25:10 +10:00
+								        var vaultTimeout = await _policyRepository.GetByOrganizationIdTypeAsync(org.Id, PolicyType.MaximumVaultTimeout);
 								        if (vaultTimeout?.Enabled == true)
 								        {
 								            throw new BadRequestException("Maximum Vault Timeout policy is enabled.");
 								        }
-												policy service

											
										
										
											2020-01-15 09:19:28 -05:00
+								    }
-												[AC-1046] add browser autofill policy (#2751)

* [EC-1046] add browser autofill policy

* [AC-1046] check plan when activating policy

* [AC-1046] add useActivateAutofillPolicy to Organization response

* [AC-1046] add UseActivateAutofillPolicy to provider org response
											
										
										
											2023-03-10 12:52:50 -05:00
 								    private void LockedTo2020Plan(Organization org)
 								    {
 								        if (org.PlanType != PlanType.EnterpriseAnnually && org.PlanType != PlanType.EnterpriseMonthly)
 								        {
 								            throw new BadRequestException("This policy is only available to 2020 Enterprise plans.");
 								        }
 								    }
-												policy service

											
										
										
											2020-01-15 09:19:28 -05:00
+								}