admin/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2026-01-31 14:13:18 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
78588d0246d21cfbd8bb01b36d6cec380647c9d2
server/src/Core/Services/Implementations/PolicyService.cs

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

297 lines
12 KiB
C#
Raw Normal View History

[AC-1145] Add trusted devices option to SSO Config Data (#2909) * [AC-1145] Add TDE feature flag * [AC-1145] Update .gitignore to ignore flags.json in the Api project * [AC-1145] Introduce MemberDecryptionType property on SsoConfigurationData * [AC-1145] Add MemberDecryptionType to the SsoConfigurationDataRequest model * [AC-1145] Automatically enable password reset policy on TDE selection * [AC-1145] Remove references to obsolete KeyConnectorEnabled field * [AC-1145] Formatting * [AC-1145] Update XML doc reference to MemberDecryptionType
2023-05-10 12:52:08 -07:00
using Bit.Core.Auth.Enums;
using Bit.Core.Auth.Repositories;
[PM-1188] Server owner auth migration (#2825) * [PM-1188] add sso project to auth * [PM-1188] move sso api models to auth * [PM-1188] fix sso api model namespace & imports * [PM-1188] move core files to auth * [PM-1188] fix core sso namespace & models * [PM-1188] move sso repository files to auth * [PM-1188] fix sso repo files namespace & imports * [PM-1188] move sso sql files to auth folder * [PM-1188] move sso test files to auth folders * [PM-1188] fix sso tests namespace & imports * [PM-1188] move auth api files to auth folder * [PM-1188] fix auth api files namespace & imports * [PM-1188] move auth core files to auth folder * [PM-1188] fix auth core files namespace & imports * [PM-1188] move auth email templates to auth folder * [PM-1188] move auth email folder back into shared directory * [PM-1188] fix auth email names * [PM-1188] move auth core models to auth folder * [PM-1188] fix auth model namespace & imports * [PM-1188] add entire Identity project to auth codeowners * [PM-1188] fix auth orm files namespace & imports * [PM-1188] move auth orm files to auth folder * [PM-1188] move auth sql files to auth folder * [PM-1188] move auth tests to auth folder * [PM-1188] fix auth test files namespace & imports * [PM-1188] move emergency access api files to auth folder * [PM-1188] fix emergencyaccess api files namespace & imports * [PM-1188] move emergency access core files to auth folder * [PM-1188] fix emergency access core files namespace & imports * [PM-1188] move emergency access orm files to auth folder * [PM-1188] fix emergency access orm files namespace & imports * [PM-1188] move emergency access sql files to auth folder * [PM-1188] move emergencyaccess test files to auth folder * [PM-1188] fix emergency access test files namespace & imports * [PM-1188] move captcha files to auth folder * [PM-1188] fix captcha files namespace & imports * [PM-1188] move auth admin files into auth folder * [PM-1188] fix admin auth files namespace & imports - configure mvc to look in auth folders for views * [PM-1188] remove extra imports and formatting * [PM-1188] fix ef auth model imports * [PM-1188] fix DatabaseContextModelSnapshot paths * [PM-1188] fix grant import in ef * [PM-1188] update sqlproj * [PM-1188] move missed sqlproj files * [PM-1188] move auth ef models out of auth folder * [PM-1188] fix auth ef models namespace * [PM-1188] remove auth ef models unused imports * [PM-1188] fix imports for auth ef models * [PM-1188] fix more ef model imports * [PM-1188] fix file encodings
2023-04-14 13:25:56 -04:00
using Bit.Core.Entities;
Only org policy (#962) * added OnlyOrg to PolicyType enum * blocked accepting new org invitations if OnlyOrg is relevant to the userOrg * blocked creating new orgs if already in an org with OnlyOrg enabled * created email alert for OnlyOrg policy * removed users & sent alerts when appropriate for the OnlyOrg policy * added method to noop mail service * cleanup for OnlyOrg policy server logic * blocked confirming new org users if they have violated the OnlyOrg policy since accepting * added localization strings needed for the OnlyOrg policy * allowed OnlyOrg policy configuration from the portal * used correct localization key for onlyorg * formatting and messaging changes for OnlyOrg * formatting * messaging change * code review changes for onlyorg * slimmed down a conditional * optimized getting many orgUser records from many userIds * removed a test file * sql formatting * weirdness * trying to resolve git diff formatting issues
2020-10-20 02:48:10 -04:00
using Bit.Core.Enums;
policy service
2020-01-15 09:19:28 -05:00
using Bit.Core.Exceptions;
[EC-787] Create a method in PolicyService to check if a policy applies to a user (#2537) * [EC-787] Add new stored procedure OrganizationUser_ReadByUserIdWithPolicyDetails * [EC-787] Add new method IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Add OrganizationUserPolicyDetails to represent policies applicable to a specific user * [EC-787] Add method IPolicyService.GetPoliciesApplicableToUser to filter the obtained policy data * [EC-787] Returning PolicyData on stored procedures * [EC-787] Changed GetPoliciesApplicableToUserAsync to return ICollection * [EC-787] Switched all usings of IPolicyRepository.GetManyByTypeApplicableToUserIdAsync to IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Removed policy logic from BaseRequestValidator and added usage of IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Added unit tests for IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Added unit tests for OrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Changed integration test to check for single result * [EC-787] Marked IPolicyRepository methods GetManyByTypeApplicableToUserIdAsync and GetCountByTypeApplicableToUserIdAsync as obsolete * [EC-787] Returning OrganizationUserId on OrganizationUser_ReadByUserIdWithPolicyDetails * [EC-787] Remove deprecated stored procedures Policy_CountByTypeApplicableToUser, Policy_ReadByTypeApplicableToUser and function PolicyApplicableToUser * [EC-787] Added method IPolicyService.AnyPoliciesApplicableToUserAsync * [EC-787] Removed 'OrganizationUserType' parameter from queries * [EC-787] Formatted OrganizationUserPolicyDetailsCompare * [EC-787] Renamed SQL migration files * [EC-787] Changed OrganizationUser_ReadByUserIdWithPolicyDetails to return Permissions json * [EC-787] Refactored excluded user types for each Policy * [EC-787] Updated dates on dbo_future files * [EC-787] Remove dbo_future files from sql proj * [EC-787] Added parameter PolicyType to IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Rewrote OrganizationUser_ReadByUserIdWithPolicyDetails and added parameter for PolicyType * Update util/Migrator/DbScripts/2023-03-10_00_OrganizationUserReadByUserIdWithPolicyDetails.sql Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> --------- Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
2023-05-12 08:22:19 +01:00
using Bit.Core.Models.Data.Organizations.OrganizationUsers;
[AC-1070] Enforce master password policy on login (#2714) * [EC-1070] Add API endpoint to retrieve all policies for the current user The additional API endpoint is required to avoid forcing a full sync call before every login for master password policy enforcement on login. * [EC-1070] Add MasterPasswordPolicyData model * [EC-1070] Move PolicyResponseModel to Core project The response model is used by both the Identity and Api projects. * [EC-1070] Supply master password polices as a custom identity token response * [EC-1070] Include master password policies in 2FA token response * [EC-1070] Add response model to verify-password endpoint that includes master password policies * [AC-1070] Introduce MasterPasswordPolicyResponseModel * [AC-1070] Add policy service method to retrieve a user's master password policy * [AC-1070] User new policy service method - Update BaseRequestValidator - Update AccountsController for /verify-password endpoint - Update VerifyMasterPasswordResponseModel to accept MasterPasswordPolicyData * [AC-1070] Cleanup new policy service method - Use User object instead of Guid - Remove TODO message - Use `PolicyRepository.GetManyByTypeApplicableToUserIdAsync` instead of filtering locally * [AC-1070] Cleanup MasterPasswordPolicy models - Remove default values from both models - Add missing `RequireLower` - Fix mismatched properties in `CombineWith` method - Make properties nullable in response model * [AC-1070] Remove now un-used GET /policies endpoint * [AC-1070] Update policy service method to use GetManyByUserIdAsync * [AC-1070] Ensure existing value is not null before comparison * [AC-1070] Remove redundant VerifyMasterPasswordResponse model * [AC-1070] Fix service typo in constructor
2023-04-17 07:35:47 -07:00
using Bit.Core.Models.Data.Organizations.Policies;
policy service
2020-01-15 09:19:28 -05:00
using Bit.Core.Repositories;
[EC-787] Create a method in PolicyService to check if a policy applies to a user (#2537) * [EC-787] Add new stored procedure OrganizationUser_ReadByUserIdWithPolicyDetails * [EC-787] Add new method IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Add OrganizationUserPolicyDetails to represent policies applicable to a specific user * [EC-787] Add method IPolicyService.GetPoliciesApplicableToUser to filter the obtained policy data * [EC-787] Returning PolicyData on stored procedures * [EC-787] Changed GetPoliciesApplicableToUserAsync to return ICollection * [EC-787] Switched all usings of IPolicyRepository.GetManyByTypeApplicableToUserIdAsync to IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Removed policy logic from BaseRequestValidator and added usage of IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Added unit tests for IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Added unit tests for OrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Changed integration test to check for single result * [EC-787] Marked IPolicyRepository methods GetManyByTypeApplicableToUserIdAsync and GetCountByTypeApplicableToUserIdAsync as obsolete * [EC-787] Returning OrganizationUserId on OrganizationUser_ReadByUserIdWithPolicyDetails * [EC-787] Remove deprecated stored procedures Policy_CountByTypeApplicableToUser, Policy_ReadByTypeApplicableToUser and function PolicyApplicableToUser * [EC-787] Added method IPolicyService.AnyPoliciesApplicableToUserAsync * [EC-787] Removed 'OrganizationUserType' parameter from queries * [EC-787] Formatted OrganizationUserPolicyDetailsCompare * [EC-787] Renamed SQL migration files * [EC-787] Changed OrganizationUser_ReadByUserIdWithPolicyDetails to return Permissions json * [EC-787] Refactored excluded user types for each Policy * [EC-787] Updated dates on dbo_future files * [EC-787] Remove dbo_future files from sql proj * [EC-787] Added parameter PolicyType to IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Rewrote OrganizationUser_ReadByUserIdWithPolicyDetails and added parameter for PolicyType * Update util/Migrator/DbScripts/2023-03-10_00_OrganizationUserReadByUserIdWithPolicyDetails.sql Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> --------- Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
2023-05-12 08:22:19 +01:00
using Bit.Core.Settings;
policy service
2020-01-15 09:19:28 -05:00
namespace Bit.Core.Services;
Run formatting (#2230)
2022-08-29 16:06:55 -04:00
policy service
2020-01-15 09:19:28 -05:00
public class PolicyService : IPolicyService
{
private readonly IEventService _eventService;
private readonly IOrganizationRepository _organizationRepository;
private readonly IOrganizationUserRepository _organizationUserRepository;
private readonly IPolicyRepository _policyRepository;
private readonly ISsoConfigRepository _ssoConfigRepository;
email user whenever they're removed from org because of 2fa policy (#657)
2020-02-27 09:30:04 -05:00
private readonly IMailService _mailService;
[EC-787] Create a method in PolicyService to check if a policy applies to a user (#2537) * [EC-787] Add new stored procedure OrganizationUser_ReadByUserIdWithPolicyDetails * [EC-787] Add new method IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Add OrganizationUserPolicyDetails to represent policies applicable to a specific user * [EC-787] Add method IPolicyService.GetPoliciesApplicableToUser to filter the obtained policy data * [EC-787] Returning PolicyData on stored procedures * [EC-787] Changed GetPoliciesApplicableToUserAsync to return ICollection * [EC-787] Switched all usings of IPolicyRepository.GetManyByTypeApplicableToUserIdAsync to IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Removed policy logic from BaseRequestValidator and added usage of IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Added unit tests for IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Added unit tests for OrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Changed integration test to check for single result * [EC-787] Marked IPolicyRepository methods GetManyByTypeApplicableToUserIdAsync and GetCountByTypeApplicableToUserIdAsync as obsolete * [EC-787] Returning OrganizationUserId on OrganizationUser_ReadByUserIdWithPolicyDetails * [EC-787] Remove deprecated stored procedures Policy_CountByTypeApplicableToUser, Policy_ReadByTypeApplicableToUser and function PolicyApplicableToUser * [EC-787] Added method IPolicyService.AnyPoliciesApplicableToUserAsync * [EC-787] Removed 'OrganizationUserType' parameter from queries * [EC-787] Formatted OrganizationUserPolicyDetailsCompare * [EC-787] Renamed SQL migration files * [EC-787] Changed OrganizationUser_ReadByUserIdWithPolicyDetails to return Permissions json * [EC-787] Refactored excluded user types for each Policy * [EC-787] Updated dates on dbo_future files * [EC-787] Remove dbo_future files from sql proj * [EC-787] Added parameter PolicyType to IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Rewrote OrganizationUser_ReadByUserIdWithPolicyDetails and added parameter for PolicyType * Update util/Migrator/DbScripts/2023-03-10_00_OrganizationUserReadByUserIdWithPolicyDetails.sql Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> --------- Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
2023-05-12 08:22:19 +01:00
private readonly GlobalSettings _globalSettings;
Run formatting (#2230)
2022-08-29 16:06:55 -04:00
[PM-3007] Caching user policies on PolicyService variable (#3117) * [PM-3007] Caching user policies on PolicyService variable * [PM-3007] Added missing newlines on sql files
2023-08-03 18:36:47 +01:00
private IEnumerable<OrganizationUserPolicyDetails> _cachedOrganizationUserPolicyDetails;
policy service
2020-01-15 09:19:28 -05:00
public PolicyService(
IEventService eventService,
email user whenever they're removed from org because of 2fa policy (#657)
2020-02-27 09:30:04 -05:00
IOrganizationRepository organizationRepository,
IOrganizationUserRepository organizationUserRepository,
IPolicyRepository policyRepository,
ISsoConfigRepository ssoConfigRepository,
[EC-787] Create a method in PolicyService to check if a policy applies to a user (#2537) * [EC-787] Add new stored procedure OrganizationUser_ReadByUserIdWithPolicyDetails * [EC-787] Add new method IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Add OrganizationUserPolicyDetails to represent policies applicable to a specific user * [EC-787] Add method IPolicyService.GetPoliciesApplicableToUser to filter the obtained policy data * [EC-787] Returning PolicyData on stored procedures * [EC-787] Changed GetPoliciesApplicableToUserAsync to return ICollection * [EC-787] Switched all usings of IPolicyRepository.GetManyByTypeApplicableToUserIdAsync to IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Removed policy logic from BaseRequestValidator and added usage of IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Added unit tests for IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Added unit tests for OrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Changed integration test to check for single result * [EC-787] Marked IPolicyRepository methods GetManyByTypeApplicableToUserIdAsync and GetCountByTypeApplicableToUserIdAsync as obsolete * [EC-787] Returning OrganizationUserId on OrganizationUser_ReadByUserIdWithPolicyDetails * [EC-787] Remove deprecated stored procedures Policy_CountByTypeApplicableToUser, Policy_ReadByTypeApplicableToUser and function PolicyApplicableToUser * [EC-787] Added method IPolicyService.AnyPoliciesApplicableToUserAsync * [EC-787] Removed 'OrganizationUserType' parameter from queries * [EC-787] Formatted OrganizationUserPolicyDetailsCompare * [EC-787] Renamed SQL migration files * [EC-787] Changed OrganizationUser_ReadByUserIdWithPolicyDetails to return Permissions json * [EC-787] Refactored excluded user types for each Policy * [EC-787] Updated dates on dbo_future files * [EC-787] Remove dbo_future files from sql proj * [EC-787] Added parameter PolicyType to IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Rewrote OrganizationUser_ReadByUserIdWithPolicyDetails and added parameter for PolicyType * Update util/Migrator/DbScripts/2023-03-10_00_OrganizationUserReadByUserIdWithPolicyDetails.sql Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> --------- Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
2023-05-12 08:22:19 +01:00
IMailService mailService,
GlobalSettings globalSettings)
policy service
2020-01-15 09:19:28 -05:00
{
_eventService = eventService;
_organizationRepository = organizationRepository;
_organizationUserRepository = organizationUserRepository;
_policyRepository = policyRepository;
Add support for Key Connector OTP and account migration (#1663) Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
2021-11-09 16:37:32 +01:00
_ssoConfigRepository = ssoConfigRepository;
email user whenever they're removed from org because of 2fa policy (#657)
2020-02-27 09:30:04 -05:00
_mailService = mailService;
[EC-787] Create a method in PolicyService to check if a policy applies to a user (#2537) * [EC-787] Add new stored procedure OrganizationUser_ReadByUserIdWithPolicyDetails * [EC-787] Add new method IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Add OrganizationUserPolicyDetails to represent policies applicable to a specific user * [EC-787] Add method IPolicyService.GetPoliciesApplicableToUser to filter the obtained policy data * [EC-787] Returning PolicyData on stored procedures * [EC-787] Changed GetPoliciesApplicableToUserAsync to return ICollection * [EC-787] Switched all usings of IPolicyRepository.GetManyByTypeApplicableToUserIdAsync to IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Removed policy logic from BaseRequestValidator and added usage of IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Added unit tests for IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Added unit tests for OrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Changed integration test to check for single result * [EC-787] Marked IPolicyRepository methods GetManyByTypeApplicableToUserIdAsync and GetCountByTypeApplicableToUserIdAsync as obsolete * [EC-787] Returning OrganizationUserId on OrganizationUser_ReadByUserIdWithPolicyDetails * [EC-787] Remove deprecated stored procedures Policy_CountByTypeApplicableToUser, Policy_ReadByTypeApplicableToUser and function PolicyApplicableToUser * [EC-787] Added method IPolicyService.AnyPoliciesApplicableToUserAsync * [EC-787] Removed 'OrganizationUserType' parameter from queries * [EC-787] Formatted OrganizationUserPolicyDetailsCompare * [EC-787] Renamed SQL migration files * [EC-787] Changed OrganizationUser_ReadByUserIdWithPolicyDetails to return Permissions json * [EC-787] Refactored excluded user types for each Policy * [EC-787] Updated dates on dbo_future files * [EC-787] Remove dbo_future files from sql proj * [EC-787] Added parameter PolicyType to IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Rewrote OrganizationUser_ReadByUserIdWithPolicyDetails and added parameter for PolicyType * Update util/Migrator/DbScripts/2023-03-10_00_OrganizationUserReadByUserIdWithPolicyDetails.sql Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> --------- Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
2023-05-12 08:22:19 +01:00
_globalSettings = globalSettings;
Run formatting (#2230)
2022-08-29 16:06:55 -04:00
}
policy service
2020-01-15 09:19:28 -05:00
email user whenever they're removed from org because of 2fa policy (#657)
2020-02-27 09:30:04 -05:00
public async Task SaveAsync(Policy policy, IUserService userService, IOrganizationService organizationService,
Enforce 2fa policy (#654)
2020-02-19 14:56:16 -05:00
Guid? savingUserId)
Run formatting (#2230)
2022-08-29 16:06:55 -04:00
{
email user whenever they're removed from org because of 2fa policy (#657)
2020-02-27 09:30:04 -05:00
var org = await _organizationRepository.GetByIdAsync(policy.OrganizationId);
if (org == null)
policy service
2020-01-15 09:19:28 -05:00
{
throw new BadRequestException("Organization not found");
}
Enforce 2fa policy (#654)
2020-02-19 14:56:16 -05:00
if (!org.UsePolicies)
policy service
2020-01-15 09:19:28 -05:00
{
[Key Connector] Fix policy checks and other pre-reqs (#1711) * Require SSO Policy to enable Key Connector * Require that SSO is enabled to use Key Connector * Fix error messages "Key Connector" instead of "KeyConnector" * Refactor dependent policy checks to handle expansion * Block disabling Sso Policy if using Key Connector * Update tests for policies required by Key Connector * Fix tests * Add test for Key Connector to require Sso Policy * Add test: Sso config must be enabled to use Key Connector
2021-11-15 19:25:10 +10:00
throw new BadRequestException("This organization cannot use policies.");
Initial commit of SingleOrg downstream policy checks (#1038)
2020-12-16 16:02:54 -06:00
}
Run dotnet format (#1764)
2021-12-16 15:35:09 +01:00
[Require SSO] Added service layer dependent policy check (#977) * Added service layer dependent policy check * Updated to SingleOrg
2020-10-27 14:08:19 -05:00
// Handle dependent policy checks
switch (policy.Type)
Revert filescoped (#2227) * Revert "Add git blame entry (#2226)" This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d. * Revert "Turn on file scoped namespaces (#2225)" This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
2022-08-29 15:53:48 -04:00
{
[Require SSO] Added service layer dependent policy check (#977) * Added service layer dependent policy check * Updated to SingleOrg
2020-10-27 14:08:19 -05:00
case PolicyType.SingleOrg:
[Key Connector] Fix policy checks and other pre-reqs (#1711) * Require SSO Policy to enable Key Connector * Require that SSO is enabled to use Key Connector * Fix error messages "Key Connector" instead of "KeyConnector" * Refactor dependent policy checks to handle expansion * Block disabling Sso Policy if using Key Connector * Update tests for policies required by Key Connector * Fix tests * Add test for Key Connector to require Sso Policy * Add test: Sso config must be enabled to use Key Connector
2021-11-15 19:25:10 +10:00
if (!policy.Enabled)
{
await RequiredBySsoAsync(org);
await RequiredByVaultTimeoutAsync(org);
await RequiredByKeyConnectorAsync(org);
[AC-1435] Single Organization policy prerequisite for Account Recovery policy (#3082) * [AC-1435] Automatically enable Single Org policy when selecting TDE * [AC-1435] Add test for automatic policy enablement * [AC-1435] Prevent disabling single org when account recovery is enabled * [AC-1435] Require Single Org policy when enabling Account recovery * [AC-1435] Add unit test to check for account recovery policy when attempting to disable single org * [AC-1435] Add test to verify single org policy is enabled for account recovery policy * [AC-1435] Fix failing test
2023-07-18 08:00:49 -07:00
await RequiredByAccountRecoveryAsync(org);
[Key Connector] Fix policy checks and other pre-reqs (#1711) * Require SSO Policy to enable Key Connector * Require that SSO is enabled to use Key Connector * Fix error messages "Key Connector" instead of "KeyConnector" * Refactor dependent policy checks to handle expansion * Block disabling Sso Policy if using Key Connector * Update tests for policies required by Key Connector * Fix tests * Add test for Key Connector to require Sso Policy * Add test: Sso config must be enabled to use Key Connector
2021-11-15 19:25:10 +10:00
}
break;
Add checks for vault timeout policy (#1694)
2021-11-08 14:37:40 +01:00
case PolicyType.RequireSso:
[Require SSO] Added service layer dependent policy check (#977) * Added service layer dependent policy check * Updated to SingleOrg
2020-10-27 14:08:19 -05:00
if (policy.Enabled)
{
[Key Connector] Fix policy checks and other pre-reqs (#1711) * Require SSO Policy to enable Key Connector * Require that SSO is enabled to use Key Connector * Fix error messages "Key Connector" instead of "KeyConnector" * Refactor dependent policy checks to handle expansion * Block disabling Sso Policy if using Key Connector * Update tests for policies required by Key Connector * Fix tests * Add test for Key Connector to require Sso Policy * Add test: Sso config must be enabled to use Key Connector
2021-11-15 19:25:10 +10:00
await DependsOnSingleOrgAsync(org);
[Require SSO] Added service layer dependent policy check (#977) * Added service layer dependent policy check * Updated to SingleOrg
2020-10-27 14:08:19 -05:00
}
Revert filescoped (#2227) * Revert "Add git blame entry (#2226)" This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d. * Revert "Turn on file scoped namespaces (#2225)" This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
2022-08-29 15:53:48 -04:00
else
{
[Key Connector] Fix policy checks and other pre-reqs (#1711) * Require SSO Policy to enable Key Connector * Require that SSO is enabled to use Key Connector * Fix error messages "Key Connector" instead of "KeyConnector" * Refactor dependent policy checks to handle expansion * Block disabling Sso Policy if using Key Connector * Update tests for policies required by Key Connector * Fix tests * Add test for Key Connector to require Sso Policy * Add test: Sso config must be enabled to use Key Connector
2021-11-15 19:25:10 +10:00
await RequiredByKeyConnectorAsync(org);
Revert filescoped (#2227) * Revert "Add git blame entry (#2226)" This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d. * Revert "Turn on file scoped namespaces (#2225)" This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
2022-08-29 15:53:48 -04:00
}
[Require SSO] Added service layer dependent policy check (#977) * Added service layer dependent policy check * Updated to SingleOrg
2020-10-27 14:08:19 -05:00
break;
policy service
2020-01-15 09:19:28 -05:00
[PM-1270] Throw error when removing master password reset policy with TDE enabled (#2964) * [PM-1270] Updated PolicyService to throw an exception in case TDE is enabled and the user is trying to turn off the master password reset policy or tries to remove auto-enrollment * [PM-1270] Added unit tests around the checks for turning off the master password reset policy or removing auto-enrollment * [PM-1270] Fixed existing unit test SaveAsync_NewPolicy_Created * [PM-1270] Removed unused method mock on unit test
2023-06-07 09:56:31 +01:00
case PolicyType.ResetPassword:
if (!policy.Enabled || policy.GetDataModel<ResetPasswordDataModel>()?.AutoEnrollEnabled == false)
{
await RequiredBySsoTrustedDeviceEncryptionAsync(org);
}
[AC-1435] Single Organization policy prerequisite for Account Recovery policy (#3082) * [AC-1435] Automatically enable Single Org policy when selecting TDE * [AC-1435] Add test for automatic policy enablement * [AC-1435] Prevent disabling single org when account recovery is enabled * [AC-1435] Require Single Org policy when enabling Account recovery * [AC-1435] Add unit test to check for account recovery policy when attempting to disable single org * [AC-1435] Add test to verify single org policy is enabled for account recovery policy * [AC-1435] Fix failing test
2023-07-18 08:00:49 -07:00
if (policy.Enabled)
{
await DependsOnSingleOrgAsync(org);
}
[PM-1270] Throw error when removing master password reset policy with TDE enabled (#2964) * [PM-1270] Updated PolicyService to throw an exception in case TDE is enabled and the user is trying to turn off the master password reset policy or tries to remove auto-enrollment * [PM-1270] Added unit tests around the checks for turning off the master password reset policy or removing auto-enrollment * [PM-1270] Fixed existing unit test SaveAsync_NewPolicy_Created * [PM-1270] Removed unused method mock on unit test
2023-06-07 09:56:31 +01:00
break;
only 1 policy event
2020-01-20 09:02:41 -05:00
case PolicyType.MaximumVaultTimeout:
Changed all C# control flow block statements to include space between keyword and open paren
2020-03-27 14:36:37 -04:00
if (policy.Enabled)
policy service
2020-01-15 09:19:28 -05:00
{
only 1 policy event
2020-01-20 09:02:41 -05:00
await DependsOnSingleOrgAsync(org);
Revert filescoped (#2227) * Revert "Add git blame entry (#2226)" This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d. * Revert "Turn on file scoped namespaces (#2225)" This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
2022-08-29 15:53:48 -04:00
}
only 1 policy event
2020-01-20 09:02:41 -05:00
break;
[AC-1046] add browser autofill policy (#2751) * [EC-1046] add browser autofill policy * [AC-1046] check plan when activating policy * [AC-1046] add useActivateAutofillPolicy to Organization response * [AC-1046] add UseActivateAutofillPolicy to provider org response
2023-03-10 12:52:50 -05:00
// Activate Autofill is only available to Enterprise 2020-current plans
case PolicyType.ActivateAutofill:
if (policy.Enabled)
{
LockedTo2020Plan(org);
}
break;
policy service
2020-01-15 09:19:28 -05:00
}
Remove noncompliant users for new policies (#1951)
2022-04-22 08:13:02 +10:00
only 1 policy event
2020-01-20 09:02:41 -05:00
var now = DateTime.UtcNow;
Changed all C# control flow block statements to include space between keyword and open paren
2020-03-27 14:36:37 -04:00
if (policy.Id == default(Guid))
Revert filescoped (#2227) * Revert "Add git blame entry (#2226)" This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d. * Revert "Turn on file scoped namespaces (#2225)" This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
2022-08-29 15:53:48 -04:00
{
only 1 policy event
2020-01-20 09:02:41 -05:00
policy.CreationDate = now;
Revert filescoped (#2227) * Revert "Add git blame entry (#2226)" This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d. * Revert "Turn on file scoped namespaces (#2225)" This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
2022-08-29 15:53:48 -04:00
}
Remove noncompliant users for new policies (#1951)
2022-04-22 08:13:02 +10:00
if (policy.Enabled)
Run formatting (#2230)
2022-08-29 16:06:55 -04:00
{
Enforce 2fa policy (#654)
2020-02-19 14:56:16 -05:00
var currentPolicy = await _policyRepository.GetByIdAsync(policy.Id);
Changed all C# control flow block statements to include space between keyword and open paren
2020-03-27 14:36:37 -04:00
if (!currentPolicy?.Enabled ?? true)
Enforce 2fa policy (#654)
2020-02-19 14:56:16 -05:00
{
var orgUsers = await _organizationUserRepository.GetManyDetailsByOrganizationAsync(
policy.OrganizationId);
Changed all C# control flow block statements to include space between keyword and open paren
2020-03-27 14:36:37 -04:00
var removableOrgUsers = orgUsers.Where(ou =>
[EC-741 Single Organization policy exception when an Invited status user is also in the Revoked status (#2568) * [EC-741] Check that OrganizationUsers to be removed have a UserId * [EC-741] Filtering Revoked users in query for users to remove from organization
2023-01-23 16:05:12 +00:00
ou.Status != Enums.OrganizationUserStatusType.Invited && ou.Status != Enums.OrganizationUserStatusType.Revoked &&
Changed all C# control flow block statements to include space between keyword and open paren
2020-03-27 14:36:37 -04:00
ou.Type != Enums.OrganizationUserType.Owner && ou.Type != Enums.OrganizationUserType.Admin &&
[Exemption] Updated policy messages (#984) * Updated messages // added exemption message // added callout * updated strings - futureproofing
2020-11-10 09:53:44 -06:00
ou.UserId != savingUserId);
Changed all C# control flow block statements to include space between keyword and open paren
2020-03-27 14:36:37 -04:00
switch (policy.Type)
Enforce 2fa policy (#654)
2020-02-19 14:56:16 -05:00
{
Only org policy (#962) * added OnlyOrg to PolicyType enum * blocked accepting new org invitations if OnlyOrg is relevant to the userOrg * blocked creating new orgs if already in an org with OnlyOrg enabled * created email alert for OnlyOrg policy * removed users & sent alerts when appropriate for the OnlyOrg policy * added method to noop mail service * cleanup for OnlyOrg policy server logic * blocked confirming new org users if they have violated the OnlyOrg policy since accepting * added localization strings needed for the OnlyOrg policy * allowed OnlyOrg policy configuration from the portal * used correct localization key for onlyorg * formatting and messaging changes for OnlyOrg * formatting * messaging change * code review changes for onlyorg * slimmed down a conditional * optimized getting many orgUser records from many userIds * removed a test file * sql formatting * weirdness * trying to resolve git diff formatting issues
2020-10-20 02:48:10 -04:00
case Enums.PolicyType.TwoFactorAuthentication:
foreach (var orgUser in removableOrgUsers)
Run formatting (#2230)
2022-08-29 16:06:55 -04:00
{
Only org policy (#962) * added OnlyOrg to PolicyType enum * blocked accepting new org invitations if OnlyOrg is relevant to the userOrg * blocked creating new orgs if already in an org with OnlyOrg enabled * created email alert for OnlyOrg policy * removed users & sent alerts when appropriate for the OnlyOrg policy * added method to noop mail service * cleanup for OnlyOrg policy server logic * blocked confirming new org users if they have violated the OnlyOrg policy since accepting * added localization strings needed for the OnlyOrg policy * allowed OnlyOrg policy configuration from the portal * used correct localization key for onlyorg * formatting and messaging changes for OnlyOrg * formatting * messaging change * code review changes for onlyorg * slimmed down a conditional * optimized getting many orgUser records from many userIds * removed a test file * sql formatting * weirdness * trying to resolve git diff formatting issues
2020-10-20 02:48:10 -04:00
if (!await userService.TwoFactorIsEnabledAsync(orgUser))
Enforce 2fa policy (#654)
2020-02-19 14:56:16 -05:00
{
Only org policy (#962) * added OnlyOrg to PolicyType enum * blocked accepting new org invitations if OnlyOrg is relevant to the userOrg * blocked creating new orgs if already in an org with OnlyOrg enabled * created email alert for OnlyOrg policy * removed users & sent alerts when appropriate for the OnlyOrg policy * added method to noop mail service * cleanup for OnlyOrg policy server logic * blocked confirming new org users if they have violated the OnlyOrg policy since accepting * added localization strings needed for the OnlyOrg policy * allowed OnlyOrg policy configuration from the portal * used correct localization key for onlyorg * formatting and messaging changes for OnlyOrg * formatting * messaging change * code review changes for onlyorg * slimmed down a conditional * optimized getting many orgUser records from many userIds * removed a test file * sql formatting * weirdness * trying to resolve git diff formatting issues
2020-10-20 02:48:10 -04:00
await organizationService.DeleteUserAsync(policy.OrganizationId, orgUser.Id,
savingUserId);
await _mailService.SendOrganizationUserRemovedForPolicyTwoStepEmailAsync(
Policy Service Tests (#1344) * Added SsoConfigService tests * Cleanup whitespace in SsoConfigServiceTests * Work on PolicyServiceTests * Refactor PolicyService to remove uneeded calls * Implement Code Coverage * Continued work on PolicyServiceTests * Revert "Implement Code Coverage" This reverts commit 4ada179ada53725fc9e8965a0a90bd2a9d115146. * Fix PolicyServiceTests after rebasing * Cleanup unused namespaces * Added assertions that saving or logging of save aren't happening on exceptions
2021-06-11 11:33:32 -04:00
org.Name, orgUser.Email);
Enforce 2fa policy (#654)
2020-02-19 14:56:16 -05:00
}
Run formatting (#2230)
2022-08-29 16:06:55 -04:00
}
Only org policy (#962) * added OnlyOrg to PolicyType enum * blocked accepting new org invitations if OnlyOrg is relevant to the userOrg * blocked creating new orgs if already in an org with OnlyOrg enabled * created email alert for OnlyOrg policy * removed users & sent alerts when appropriate for the OnlyOrg policy * added method to noop mail service * cleanup for OnlyOrg policy server logic * blocked confirming new org users if they have violated the OnlyOrg policy since accepting * added localization strings needed for the OnlyOrg policy * allowed OnlyOrg policy configuration from the portal * used correct localization key for onlyorg * formatting and messaging changes for OnlyOrg * formatting * messaging change * code review changes for onlyorg * slimmed down a conditional * optimized getting many orgUser records from many userIds * removed a test file * sql formatting * weirdness * trying to resolve git diff formatting issues
2020-10-20 02:48:10 -04:00
break;
changed all OnlyOrg wording to be SingleOrg instead (#974) * changed all OnlyOrg wording to be SingleOrg instead * missed an OnlyOrg to change to SingleOrg
2020-10-27 10:28:41 -04:00
case Enums.PolicyType.SingleOrg:
Only org policy (#962) * added OnlyOrg to PolicyType enum * blocked accepting new org invitations if OnlyOrg is relevant to the userOrg * blocked creating new orgs if already in an org with OnlyOrg enabled * created email alert for OnlyOrg policy * removed users & sent alerts when appropriate for the OnlyOrg policy * added method to noop mail service * cleanup for OnlyOrg policy server logic * blocked confirming new org users if they have violated the OnlyOrg policy since accepting * added localization strings needed for the OnlyOrg policy * allowed OnlyOrg policy configuration from the portal * used correct localization key for onlyorg * formatting and messaging changes for OnlyOrg * formatting * messaging change * code review changes for onlyorg * slimmed down a conditional * optimized getting many orgUser records from many userIds * removed a test file * sql formatting * weirdness * trying to resolve git diff formatting issues
2020-10-20 02:48:10 -04:00
var userOrgs = await _organizationUserRepository.GetManyByManyUsersAsync(
removableOrgUsers.Select(ou => ou.UserId.Value));
foreach (var orgUser in removableOrgUsers)
Run formatting (#2230)
2022-08-29 16:06:55 -04:00
{
check that SingleOrg policy is enabled before saying users cant create new orgs (#1110) * check that SingleOrg policy is enabled before saying users cant create new orgs * fixed org user kick check for SingleOrg * code review cleanup
2021-01-25 11:19:33 -05:00
if (userOrgs.Any(ou => ou.UserId == orgUser.UserId
Policy Service Tests (#1344) * Added SsoConfigService tests * Cleanup whitespace in SsoConfigServiceTests * Work on PolicyServiceTests * Refactor PolicyService to remove uneeded calls * Implement Code Coverage * Continued work on PolicyServiceTests * Revert "Implement Code Coverage" This reverts commit 4ada179ada53725fc9e8965a0a90bd2a9d115146. * Fix PolicyServiceTests after rebasing * Cleanup unused namespaces * Added assertions that saving or logging of save aren't happening on exceptions
2021-06-11 11:33:32 -04:00
&& ou.OrganizationId != org.Id
check that SingleOrg policy is enabled before saying users cant create new orgs (#1110) * check that SingleOrg policy is enabled before saying users cant create new orgs * fixed org user kick check for SingleOrg * code review cleanup
2021-01-25 11:19:33 -05:00
&& ou.Status != OrganizationUserStatusType.Invited))
Only org policy (#962) * added OnlyOrg to PolicyType enum * blocked accepting new org invitations if OnlyOrg is relevant to the userOrg * blocked creating new orgs if already in an org with OnlyOrg enabled * created email alert for OnlyOrg policy * removed users & sent alerts when appropriate for the OnlyOrg policy * added method to noop mail service * cleanup for OnlyOrg policy server logic * blocked confirming new org users if they have violated the OnlyOrg policy since accepting * added localization strings needed for the OnlyOrg policy * allowed OnlyOrg policy configuration from the portal * used correct localization key for onlyorg * formatting and messaging changes for OnlyOrg * formatting * messaging change * code review changes for onlyorg * slimmed down a conditional * optimized getting many orgUser records from many userIds * removed a test file * sql formatting * weirdness * trying to resolve git diff formatting issues
2020-10-20 02:48:10 -04:00
{
await organizationService.DeleteUserAsync(policy.OrganizationId, orgUser.Id,
savingUserId);
changed all OnlyOrg wording to be SingleOrg instead (#974) * changed all OnlyOrg wording to be SingleOrg instead * missed an OnlyOrg to change to SingleOrg
2020-10-27 10:28:41 -04:00
await _mailService.SendOrganizationUserRemovedForPolicySingleOrgEmailAsync(
Policy Service Tests (#1344) * Added SsoConfigService tests * Cleanup whitespace in SsoConfigServiceTests * Work on PolicyServiceTests * Refactor PolicyService to remove uneeded calls * Implement Code Coverage * Continued work on PolicyServiceTests * Revert "Implement Code Coverage" This reverts commit 4ada179ada53725fc9e8965a0a90bd2a9d115146. * Fix PolicyServiceTests after rebasing * Cleanup unused namespaces * Added assertions that saving or logging of save aren't happening on exceptions
2021-06-11 11:33:32 -04:00
org.Name, orgUser.Email);
Only org policy (#962) * added OnlyOrg to PolicyType enum * blocked accepting new org invitations if OnlyOrg is relevant to the userOrg * blocked creating new orgs if already in an org with OnlyOrg enabled * created email alert for OnlyOrg policy * removed users & sent alerts when appropriate for the OnlyOrg policy * added method to noop mail service * cleanup for OnlyOrg policy server logic * blocked confirming new org users if they have violated the OnlyOrg policy since accepting * added localization strings needed for the OnlyOrg policy * allowed OnlyOrg policy configuration from the portal * used correct localization key for onlyorg * formatting and messaging changes for OnlyOrg * formatting * messaging change * code review changes for onlyorg * slimmed down a conditional * optimized getting many orgUser records from many userIds * removed a test file * sql formatting * weirdness * trying to resolve git diff formatting issues
2020-10-20 02:48:10 -04:00
}
Run formatting (#2230)
2022-08-29 16:06:55 -04:00
}
Only org policy (#962) * added OnlyOrg to PolicyType enum * blocked accepting new org invitations if OnlyOrg is relevant to the userOrg * blocked creating new orgs if already in an org with OnlyOrg enabled * created email alert for OnlyOrg policy * removed users & sent alerts when appropriate for the OnlyOrg policy * added method to noop mail service * cleanup for OnlyOrg policy server logic * blocked confirming new org users if they have violated the OnlyOrg policy since accepting * added localization strings needed for the OnlyOrg policy * allowed OnlyOrg policy configuration from the portal * used correct localization key for onlyorg * formatting and messaging changes for OnlyOrg * formatting * messaging change * code review changes for onlyorg * slimmed down a conditional * optimized getting many orgUser records from many userIds * removed a test file * sql formatting * weirdness * trying to resolve git diff formatting issues
2020-10-20 02:48:10 -04:00
break;
default:
break;
Enforce 2fa policy (#654)
2020-02-19 14:56:16 -05:00
}
}
policy service
2020-01-15 09:19:28 -05:00
}
Policy Service Tests (#1344) * Added SsoConfigService tests * Cleanup whitespace in SsoConfigServiceTests * Work on PolicyServiceTests * Refactor PolicyService to remove uneeded calls * Implement Code Coverage * Continued work on PolicyServiceTests * Revert "Implement Code Coverage" This reverts commit 4ada179ada53725fc9e8965a0a90bd2a9d115146. * Fix PolicyServiceTests after rebasing * Cleanup unused namespaces * Added assertions that saving or logging of save aren't happening on exceptions
2021-06-11 11:33:32 -04:00
policy.RevisionDate = now;
only 1 policy event
2020-01-20 09:02:41 -05:00
await _policyRepository.UpsertAsync(policy);
await _eventService.LogPolicyEventAsync(policy, Enums.EventType.Policy_Updated);
Run formatting (#2230)
2022-08-29 16:06:55 -04:00
}
[Key Connector] Fix policy checks and other pre-reqs (#1711) * Require SSO Policy to enable Key Connector * Require that SSO is enabled to use Key Connector * Fix error messages "Key Connector" instead of "KeyConnector" * Refactor dependent policy checks to handle expansion * Block disabling Sso Policy if using Key Connector * Update tests for policies required by Key Connector * Fix tests * Add test for Key Connector to require Sso Policy * Add test: Sso config must be enabled to use Key Connector
2021-11-15 19:25:10 +10:00
[AC-1070] Enforce master password policy on login (#2714) * [EC-1070] Add API endpoint to retrieve all policies for the current user The additional API endpoint is required to avoid forcing a full sync call before every login for master password policy enforcement on login. * [EC-1070] Add MasterPasswordPolicyData model * [EC-1070] Move PolicyResponseModel to Core project The response model is used by both the Identity and Api projects. * [EC-1070] Supply master password polices as a custom identity token response * [EC-1070] Include master password policies in 2FA token response * [EC-1070] Add response model to verify-password endpoint that includes master password policies * [AC-1070] Introduce MasterPasswordPolicyResponseModel * [AC-1070] Add policy service method to retrieve a user's master password policy * [AC-1070] User new policy service method - Update BaseRequestValidator - Update AccountsController for /verify-password endpoint - Update VerifyMasterPasswordResponseModel to accept MasterPasswordPolicyData * [AC-1070] Cleanup new policy service method - Use User object instead of Guid - Remove TODO message - Use `PolicyRepository.GetManyByTypeApplicableToUserIdAsync` instead of filtering locally * [AC-1070] Cleanup MasterPasswordPolicy models - Remove default values from both models - Add missing `RequireLower` - Fix mismatched properties in `CombineWith` method - Make properties nullable in response model * [AC-1070] Remove now un-used GET /policies endpoint * [AC-1070] Update policy service method to use GetManyByUserIdAsync * [AC-1070] Ensure existing value is not null before comparison * [AC-1070] Remove redundant VerifyMasterPasswordResponse model * [AC-1070] Fix service typo in constructor
2023-04-17 07:35:47 -07:00
public async Task<MasterPasswordPolicyData> GetMasterPasswordPolicyForUserAsync(User user)
{
var policies = (await _policyRepository.GetManyByUserIdAsync(user.Id))
.Where(p => p.Type == PolicyType.MasterPassword && p.Enabled)
.ToList();
if (!policies.Any())
{
return null;
}
var enforcedOptions = new MasterPasswordPolicyData();
foreach (var policy in policies)
{
enforcedOptions.CombineWith(policy.GetDataModel<MasterPasswordPolicyData>());
}
return enforcedOptions;
}
[EC-787] Create a method in PolicyService to check if a policy applies to a user (#2537) * [EC-787] Add new stored procedure OrganizationUser_ReadByUserIdWithPolicyDetails * [EC-787] Add new method IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Add OrganizationUserPolicyDetails to represent policies applicable to a specific user * [EC-787] Add method IPolicyService.GetPoliciesApplicableToUser to filter the obtained policy data * [EC-787] Returning PolicyData on stored procedures * [EC-787] Changed GetPoliciesApplicableToUserAsync to return ICollection * [EC-787] Switched all usings of IPolicyRepository.GetManyByTypeApplicableToUserIdAsync to IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Removed policy logic from BaseRequestValidator and added usage of IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Added unit tests for IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Added unit tests for OrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Changed integration test to check for single result * [EC-787] Marked IPolicyRepository methods GetManyByTypeApplicableToUserIdAsync and GetCountByTypeApplicableToUserIdAsync as obsolete * [EC-787] Returning OrganizationUserId on OrganizationUser_ReadByUserIdWithPolicyDetails * [EC-787] Remove deprecated stored procedures Policy_CountByTypeApplicableToUser, Policy_ReadByTypeApplicableToUser and function PolicyApplicableToUser * [EC-787] Added method IPolicyService.AnyPoliciesApplicableToUserAsync * [EC-787] Removed 'OrganizationUserType' parameter from queries * [EC-787] Formatted OrganizationUserPolicyDetailsCompare * [EC-787] Renamed SQL migration files * [EC-787] Changed OrganizationUser_ReadByUserIdWithPolicyDetails to return Permissions json * [EC-787] Refactored excluded user types for each Policy * [EC-787] Updated dates on dbo_future files * [EC-787] Remove dbo_future files from sql proj * [EC-787] Added parameter PolicyType to IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Rewrote OrganizationUser_ReadByUserIdWithPolicyDetails and added parameter for PolicyType * Update util/Migrator/DbScripts/2023-03-10_00_OrganizationUserReadByUserIdWithPolicyDetails.sql Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> --------- Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
2023-05-12 08:22:19 +01:00
public async Task<ICollection<OrganizationUserPolicyDetails>> GetPoliciesApplicableToUserAsync(Guid userId, PolicyType policyType, OrganizationUserStatusType minStatus = OrganizationUserStatusType.Accepted)
{
var result = await QueryOrganizationUserPolicyDetailsAsync(userId, policyType, minStatus);
return result.ToList();
}
public async Task<bool> AnyPoliciesApplicableToUserAsync(Guid userId, PolicyType policyType, OrganizationUserStatusType minStatus = OrganizationUserStatusType.Accepted)
{
var result = await QueryOrganizationUserPolicyDetailsAsync(userId, policyType, minStatus);
return result.Any();
}
[PM-3007] Caching user policies on PolicyService variable (#3117) * [PM-3007] Caching user policies on PolicyService variable * [PM-3007] Added missing newlines on sql files
2023-08-03 18:36:47 +01:00
private async Task<IEnumerable<OrganizationUserPolicyDetails>> QueryOrganizationUserPolicyDetailsAsync(Guid userId, PolicyType? policyType, OrganizationUserStatusType minStatus = OrganizationUserStatusType.Accepted)
[EC-787] Create a method in PolicyService to check if a policy applies to a user (#2537) * [EC-787] Add new stored procedure OrganizationUser_ReadByUserIdWithPolicyDetails * [EC-787] Add new method IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Add OrganizationUserPolicyDetails to represent policies applicable to a specific user * [EC-787] Add method IPolicyService.GetPoliciesApplicableToUser to filter the obtained policy data * [EC-787] Returning PolicyData on stored procedures * [EC-787] Changed GetPoliciesApplicableToUserAsync to return ICollection * [EC-787] Switched all usings of IPolicyRepository.GetManyByTypeApplicableToUserIdAsync to IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Removed policy logic from BaseRequestValidator and added usage of IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Added unit tests for IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Added unit tests for OrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Changed integration test to check for single result * [EC-787] Marked IPolicyRepository methods GetManyByTypeApplicableToUserIdAsync and GetCountByTypeApplicableToUserIdAsync as obsolete * [EC-787] Returning OrganizationUserId on OrganizationUser_ReadByUserIdWithPolicyDetails * [EC-787] Remove deprecated stored procedures Policy_CountByTypeApplicableToUser, Policy_ReadByTypeApplicableToUser and function PolicyApplicableToUser * [EC-787] Added method IPolicyService.AnyPoliciesApplicableToUserAsync * [EC-787] Removed 'OrganizationUserType' parameter from queries * [EC-787] Formatted OrganizationUserPolicyDetailsCompare * [EC-787] Renamed SQL migration files * [EC-787] Changed OrganizationUser_ReadByUserIdWithPolicyDetails to return Permissions json * [EC-787] Refactored excluded user types for each Policy * [EC-787] Updated dates on dbo_future files * [EC-787] Remove dbo_future files from sql proj * [EC-787] Added parameter PolicyType to IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Rewrote OrganizationUser_ReadByUserIdWithPolicyDetails and added parameter for PolicyType * Update util/Migrator/DbScripts/2023-03-10_00_OrganizationUserReadByUserIdWithPolicyDetails.sql Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> --------- Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
2023-05-12 08:22:19 +01:00
{
[PM-3007] Caching user policies on PolicyService variable (#3117) * [PM-3007] Caching user policies on PolicyService variable * [PM-3007] Added missing newlines on sql files
2023-08-03 18:36:47 +01:00
// Check if the cached policies are available
if (_cachedOrganizationUserPolicyDetails == null)
{
// Cached policies not available, retrieve from the repository
_cachedOrganizationUserPolicyDetails = await _organizationUserRepository.GetByUserIdWithPolicyDetailsAsync(userId);
}
[EC-787] Create a method in PolicyService to check if a policy applies to a user (#2537) * [EC-787] Add new stored procedure OrganizationUser_ReadByUserIdWithPolicyDetails * [EC-787] Add new method IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Add OrganizationUserPolicyDetails to represent policies applicable to a specific user * [EC-787] Add method IPolicyService.GetPoliciesApplicableToUser to filter the obtained policy data * [EC-787] Returning PolicyData on stored procedures * [EC-787] Changed GetPoliciesApplicableToUserAsync to return ICollection * [EC-787] Switched all usings of IPolicyRepository.GetManyByTypeApplicableToUserIdAsync to IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Removed policy logic from BaseRequestValidator and added usage of IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Added unit tests for IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Added unit tests for OrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Changed integration test to check for single result * [EC-787] Marked IPolicyRepository methods GetManyByTypeApplicableToUserIdAsync and GetCountByTypeApplicableToUserIdAsync as obsolete * [EC-787] Returning OrganizationUserId on OrganizationUser_ReadByUserIdWithPolicyDetails * [EC-787] Remove deprecated stored procedures Policy_CountByTypeApplicableToUser, Policy_ReadByTypeApplicableToUser and function PolicyApplicableToUser * [EC-787] Added method IPolicyService.AnyPoliciesApplicableToUserAsync * [EC-787] Removed 'OrganizationUserType' parameter from queries * [EC-787] Formatted OrganizationUserPolicyDetailsCompare * [EC-787] Renamed SQL migration files * [EC-787] Changed OrganizationUser_ReadByUserIdWithPolicyDetails to return Permissions json * [EC-787] Refactored excluded user types for each Policy * [EC-787] Updated dates on dbo_future files * [EC-787] Remove dbo_future files from sql proj * [EC-787] Added parameter PolicyType to IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Rewrote OrganizationUser_ReadByUserIdWithPolicyDetails and added parameter for PolicyType * Update util/Migrator/DbScripts/2023-03-10_00_OrganizationUserReadByUserIdWithPolicyDetails.sql Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> --------- Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
2023-05-12 08:22:19 +01:00
var excludedUserTypes = GetUserTypesExcludedFromPolicy(policyType);
[PM-3007] Caching user policies on PolicyService variable (#3117) * [PM-3007] Caching user policies on PolicyService variable * [PM-3007] Added missing newlines on sql files
2023-08-03 18:36:47 +01:00
return _cachedOrganizationUserPolicyDetails.Where(o =>
(policyType == null || o.PolicyType == policyType) &&
[EC-787] Create a method in PolicyService to check if a policy applies to a user (#2537) * [EC-787] Add new stored procedure OrganizationUser_ReadByUserIdWithPolicyDetails * [EC-787] Add new method IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Add OrganizationUserPolicyDetails to represent policies applicable to a specific user * [EC-787] Add method IPolicyService.GetPoliciesApplicableToUser to filter the obtained policy data * [EC-787] Returning PolicyData on stored procedures * [EC-787] Changed GetPoliciesApplicableToUserAsync to return ICollection * [EC-787] Switched all usings of IPolicyRepository.GetManyByTypeApplicableToUserIdAsync to IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Removed policy logic from BaseRequestValidator and added usage of IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Added unit tests for IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Added unit tests for OrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Changed integration test to check for single result * [EC-787] Marked IPolicyRepository methods GetManyByTypeApplicableToUserIdAsync and GetCountByTypeApplicableToUserIdAsync as obsolete * [EC-787] Returning OrganizationUserId on OrganizationUser_ReadByUserIdWithPolicyDetails * [EC-787] Remove deprecated stored procedures Policy_CountByTypeApplicableToUser, Policy_ReadByTypeApplicableToUser and function PolicyApplicableToUser * [EC-787] Added method IPolicyService.AnyPoliciesApplicableToUserAsync * [EC-787] Removed 'OrganizationUserType' parameter from queries * [EC-787] Formatted OrganizationUserPolicyDetailsCompare * [EC-787] Renamed SQL migration files * [EC-787] Changed OrganizationUser_ReadByUserIdWithPolicyDetails to return Permissions json * [EC-787] Refactored excluded user types for each Policy * [EC-787] Updated dates on dbo_future files * [EC-787] Remove dbo_future files from sql proj * [EC-787] Added parameter PolicyType to IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Rewrote OrganizationUser_ReadByUserIdWithPolicyDetails and added parameter for PolicyType * Update util/Migrator/DbScripts/2023-03-10_00_OrganizationUserReadByUserIdWithPolicyDetails.sql Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> --------- Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
2023-05-12 08:22:19 +01:00
o.PolicyEnabled &&
!excludedUserTypes.Contains(o.OrganizationUserType) &&
o.OrganizationUserStatus >= minStatus &&
!o.IsProvider);
}
[PM-3007] Caching user policies on PolicyService variable (#3117) * [PM-3007] Caching user policies on PolicyService variable * [PM-3007] Added missing newlines on sql files
2023-08-03 18:36:47 +01:00
private OrganizationUserType[] GetUserTypesExcludedFromPolicy(PolicyType? policyType)
[EC-787] Create a method in PolicyService to check if a policy applies to a user (#2537) * [EC-787] Add new stored procedure OrganizationUser_ReadByUserIdWithPolicyDetails * [EC-787] Add new method IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Add OrganizationUserPolicyDetails to represent policies applicable to a specific user * [EC-787] Add method IPolicyService.GetPoliciesApplicableToUser to filter the obtained policy data * [EC-787] Returning PolicyData on stored procedures * [EC-787] Changed GetPoliciesApplicableToUserAsync to return ICollection * [EC-787] Switched all usings of IPolicyRepository.GetManyByTypeApplicableToUserIdAsync to IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Removed policy logic from BaseRequestValidator and added usage of IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Added unit tests for IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Added unit tests for OrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Changed integration test to check for single result * [EC-787] Marked IPolicyRepository methods GetManyByTypeApplicableToUserIdAsync and GetCountByTypeApplicableToUserIdAsync as obsolete * [EC-787] Returning OrganizationUserId on OrganizationUser_ReadByUserIdWithPolicyDetails * [EC-787] Remove deprecated stored procedures Policy_CountByTypeApplicableToUser, Policy_ReadByTypeApplicableToUser and function PolicyApplicableToUser * [EC-787] Added method IPolicyService.AnyPoliciesApplicableToUserAsync * [EC-787] Removed 'OrganizationUserType' parameter from queries * [EC-787] Formatted OrganizationUserPolicyDetailsCompare * [EC-787] Renamed SQL migration files * [EC-787] Changed OrganizationUser_ReadByUserIdWithPolicyDetails to return Permissions json * [EC-787] Refactored excluded user types for each Policy * [EC-787] Updated dates on dbo_future files * [EC-787] Remove dbo_future files from sql proj * [EC-787] Added parameter PolicyType to IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Rewrote OrganizationUser_ReadByUserIdWithPolicyDetails and added parameter for PolicyType * Update util/Migrator/DbScripts/2023-03-10_00_OrganizationUserReadByUserIdWithPolicyDetails.sql Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> --------- Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
2023-05-12 08:22:19 +01:00
{
switch (policyType)
{
case PolicyType.MasterPassword:
return Array.Empty<OrganizationUserType>();
case PolicyType.RequireSso:
// If 'EnforceSsoPolicyForAllUsers' is set to true then SSO policy applies to all user types otherwise it does not apply to Owner or Admin
if (_globalSettings.Sso.EnforceSsoPolicyForAllUsers)
{
return Array.Empty<OrganizationUserType>();
}
break;
}
return new[] { OrganizationUserType.Owner, OrganizationUserType.Admin };
}
[Key Connector] Fix policy checks and other pre-reqs (#1711) * Require SSO Policy to enable Key Connector * Require that SSO is enabled to use Key Connector * Fix error messages "Key Connector" instead of "KeyConnector" * Refactor dependent policy checks to handle expansion * Block disabling Sso Policy if using Key Connector * Update tests for policies required by Key Connector * Fix tests * Add test for Key Connector to require Sso Policy * Add test: Sso config must be enabled to use Key Connector
2021-11-15 19:25:10 +10:00
private async Task DependsOnSingleOrgAsync(Organization org)
Run formatting (#2230)
2022-08-29 16:06:55 -04:00
{
[Key Connector] Fix policy checks and other pre-reqs (#1711) * Require SSO Policy to enable Key Connector * Require that SSO is enabled to use Key Connector * Fix error messages "Key Connector" instead of "KeyConnector" * Refactor dependent policy checks to handle expansion * Block disabling Sso Policy if using Key Connector * Update tests for policies required by Key Connector * Fix tests * Add test for Key Connector to require Sso Policy * Add test: Sso config must be enabled to use Key Connector
2021-11-15 19:25:10 +10:00
var singleOrg = await _policyRepository.GetByOrganizationIdTypeAsync(org.Id, PolicyType.SingleOrg);
if (singleOrg?.Enabled != true)
{
throw new BadRequestException("Single Organization policy not enabled.");
}
Run formatting (#2230)
2022-08-29 16:06:55 -04:00
}
[Key Connector] Fix policy checks and other pre-reqs (#1711) * Require SSO Policy to enable Key Connector * Require that SSO is enabled to use Key Connector * Fix error messages "Key Connector" instead of "KeyConnector" * Refactor dependent policy checks to handle expansion * Block disabling Sso Policy if using Key Connector * Update tests for policies required by Key Connector * Fix tests * Add test for Key Connector to require Sso Policy * Add test: Sso config must be enabled to use Key Connector
2021-11-15 19:25:10 +10:00
private async Task RequiredBySsoAsync(Organization org)
Run formatting (#2230)
2022-08-29 16:06:55 -04:00
{
[Key Connector] Fix policy checks and other pre-reqs (#1711) * Require SSO Policy to enable Key Connector * Require that SSO is enabled to use Key Connector * Fix error messages "Key Connector" instead of "KeyConnector" * Refactor dependent policy checks to handle expansion * Block disabling Sso Policy if using Key Connector * Update tests for policies required by Key Connector * Fix tests * Add test for Key Connector to require Sso Policy * Add test: Sso config must be enabled to use Key Connector
2021-11-15 19:25:10 +10:00
var requireSso = await _policyRepository.GetByOrganizationIdTypeAsync(org.Id, PolicyType.RequireSso);
if (requireSso?.Enabled == true)
{
throw new BadRequestException("Single Sign-On Authentication policy is enabled.");
}
Run formatting (#2230)
2022-08-29 16:06:55 -04:00
}
[Key Connector] Fix policy checks and other pre-reqs (#1711) * Require SSO Policy to enable Key Connector * Require that SSO is enabled to use Key Connector * Fix error messages "Key Connector" instead of "KeyConnector" * Refactor dependent policy checks to handle expansion * Block disabling Sso Policy if using Key Connector * Update tests for policies required by Key Connector * Fix tests * Add test for Key Connector to require Sso Policy * Add test: Sso config must be enabled to use Key Connector
2021-11-15 19:25:10 +10:00
private async Task RequiredByKeyConnectorAsync(Organization org)
{
var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(org.Id);
[AC-1145] Add trusted devices option to SSO Config Data (#2909) * [AC-1145] Add TDE feature flag * [AC-1145] Update .gitignore to ignore flags.json in the Api project * [AC-1145] Introduce MemberDecryptionType property on SsoConfigurationData * [AC-1145] Add MemberDecryptionType to the SsoConfigurationDataRequest model * [AC-1145] Automatically enable password reset policy on TDE selection * [AC-1145] Remove references to obsolete KeyConnectorEnabled field * [AC-1145] Formatting * [AC-1145] Update XML doc reference to MemberDecryptionType
2023-05-10 12:52:08 -07:00
if (ssoConfig?.GetData()?.MemberDecryptionType == MemberDecryptionType.KeyConnector)
Revert filescoped (#2227) * Revert "Add git blame entry (#2226)" This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d. * Revert "Turn on file scoped namespaces (#2225)" This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
2022-08-29 15:53:48 -04:00
{
[Key Connector] Fix policy checks and other pre-reqs (#1711) * Require SSO Policy to enable Key Connector * Require that SSO is enabled to use Key Connector * Fix error messages "Key Connector" instead of "KeyConnector" * Refactor dependent policy checks to handle expansion * Block disabling Sso Policy if using Key Connector * Update tests for policies required by Key Connector * Fix tests * Add test for Key Connector to require Sso Policy * Add test: Sso config must be enabled to use Key Connector
2021-11-15 19:25:10 +10:00
throw new BadRequestException("Key Connector is enabled.");
}
Run formatting (#2230)
2022-08-29 16:06:55 -04:00
}
[Key Connector] Fix policy checks and other pre-reqs (#1711) * Require SSO Policy to enable Key Connector * Require that SSO is enabled to use Key Connector * Fix error messages "Key Connector" instead of "KeyConnector" * Refactor dependent policy checks to handle expansion * Block disabling Sso Policy if using Key Connector * Update tests for policies required by Key Connector * Fix tests * Add test for Key Connector to require Sso Policy * Add test: Sso config must be enabled to use Key Connector
2021-11-15 19:25:10 +10:00
[AC-1435] Single Organization policy prerequisite for Account Recovery policy (#3082) * [AC-1435] Automatically enable Single Org policy when selecting TDE * [AC-1435] Add test for automatic policy enablement * [AC-1435] Prevent disabling single org when account recovery is enabled * [AC-1435] Require Single Org policy when enabling Account recovery * [AC-1435] Add unit test to check for account recovery policy when attempting to disable single org * [AC-1435] Add test to verify single org policy is enabled for account recovery policy * [AC-1435] Fix failing test
2023-07-18 08:00:49 -07:00
private async Task RequiredByAccountRecoveryAsync(Organization org)
{
var requireSso = await _policyRepository.GetByOrganizationIdTypeAsync(org.Id, PolicyType.ResetPassword);
if (requireSso?.Enabled == true)
{
throw new BadRequestException("Account recovery policy is enabled.");
}
}
[Key Connector] Fix policy checks and other pre-reqs (#1711) * Require SSO Policy to enable Key Connector * Require that SSO is enabled to use Key Connector * Fix error messages "Key Connector" instead of "KeyConnector" * Refactor dependent policy checks to handle expansion * Block disabling Sso Policy if using Key Connector * Update tests for policies required by Key Connector * Fix tests * Add test for Key Connector to require Sso Policy * Add test: Sso config must be enabled to use Key Connector
2021-11-15 19:25:10 +10:00
private async Task RequiredByVaultTimeoutAsync(Organization org)
Run formatting (#2230)
2022-08-29 16:06:55 -04:00
{
[Key Connector] Fix policy checks and other pre-reqs (#1711) * Require SSO Policy to enable Key Connector * Require that SSO is enabled to use Key Connector * Fix error messages "Key Connector" instead of "KeyConnector" * Refactor dependent policy checks to handle expansion * Block disabling Sso Policy if using Key Connector * Update tests for policies required by Key Connector * Fix tests * Add test for Key Connector to require Sso Policy * Add test: Sso config must be enabled to use Key Connector
2021-11-15 19:25:10 +10:00
var vaultTimeout = await _policyRepository.GetByOrganizationIdTypeAsync(org.Id, PolicyType.MaximumVaultTimeout);
if (vaultTimeout?.Enabled == true)
{
throw new BadRequestException("Maximum Vault Timeout policy is enabled.");
}
policy service
2020-01-15 09:19:28 -05:00
}
[AC-1046] add browser autofill policy (#2751) * [EC-1046] add browser autofill policy * [AC-1046] check plan when activating policy * [AC-1046] add useActivateAutofillPolicy to Organization response * [AC-1046] add UseActivateAutofillPolicy to provider org response
2023-03-10 12:52:50 -05:00
private void LockedTo2020Plan(Organization org)
{
if (org.PlanType != PlanType.EnterpriseAnnually && org.PlanType != PlanType.EnterpriseMonthly)
{
throw new BadRequestException("This policy is only available to 2020 Enterprise plans.");
}
}
[PM-1270] Throw error when removing master password reset policy with TDE enabled (#2964) * [PM-1270] Updated PolicyService to throw an exception in case TDE is enabled and the user is trying to turn off the master password reset policy or tries to remove auto-enrollment * [PM-1270] Added unit tests around the checks for turning off the master password reset policy or removing auto-enrollment * [PM-1270] Fixed existing unit test SaveAsync_NewPolicy_Created * [PM-1270] Removed unused method mock on unit test
2023-06-07 09:56:31 +01:00
private async Task RequiredBySsoTrustedDeviceEncryptionAsync(Organization org)
{
var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(org.Id);
if (ssoConfig?.GetData()?.MemberDecryptionType == MemberDecryptionType.TrustedDeviceEncryption)
{
throw new BadRequestException("Trusted device encryption is on and requires this policy.");
}
}
policy service
2020-01-15 09:19:28 -05:00
}
Reference in New Issue Copy Permalink