Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weโ€™ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[PM-11404] Account Management: Prevent a verified user from purging their vault #11411

Merged
merged 13 commits into from
Oct 17, 2024
Merged

[PM-11404] Account Management: Prevent a verified user from purging their vault #11411

Show file tree
Hide file tree
Changes from 10 commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
804e706
Update AccountService to include a method for setting the managedByOrโ€ฆ
r-tome Oct 4, 2024
ebfcf3a
Update AccountComponent to conditionally show the purgeVault button bโ€ฆ
r-tome Oct 4, 2024
3ac0c4c
Merge branch 'main' into ac/pm-11404/prevent-a-verified-user-from-purโ€ฆ
r-tome Oct 7, 2024
d01119f
Add missing method to FakeAccountService
r-tome Oct 7, 2024
077d8c3
Remove the setAccountManagedByOrganizationId method from the AccountSโ€ฆ
r-tome Oct 8, 2024
3a02b67
Refactor AccountComponent to use OrganizationService to check for manโ€ฆ
r-tome Oct 8, 2024
f224b58
Merge branch 'main' into ac/pm-11404/prevent-a-verified-user-from-purโ€ฆ
r-tome Oct 8, 2024
5d3689c
Rename managesActiveUser to userIsManagedByOrganization
r-tome Oct 9, 2024
48d4efd
Refactor userIsManagedByOrganization property to be non-nullable in oโ€ฆ
r-tome Oct 11, 2024
8d06879
Refactor organization.data.spec.ts to include non-nullable userIsManaโ€ฆ
r-tome Oct 11, 2024
57476e2
Merge branch 'main' into ac/pm-11404/prevent-a-verified-user-from-purโ€ฆ
r-tome Oct 15, 2024
3ce3f92
Merge branch 'main' into ac/pm-11404/prevent-a-verified-user-from-purโ€ฆ
r-tome Oct 15, 2024
342595c
Merge branch 'main' into ac/pm-11404/prevent-a-verified-user-from-purโ€ฆ
r-tome Oct 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion apps/web/src/app/auth/settings/account/account.component.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,13 @@ <h1 bitTypography="h1">{{ "changeEmail" | i18n }}</h1>
<button type="button" bitButton buttonType="danger" (click)="deauthorizeSessions()">
{{ "deauthorizeSessions" | i18n }}
</button>
<button type="button" bitButton buttonType="danger" [bitAction]="purgeVault">
<button
*ngIf="showPurgeVault$ | async"
type="button"
bitButton
buttonType="danger"
[bitAction]="purgeVault"
>
{{ "purgeVault" | i18n }}
</button>
<button type="button" bitButton buttonType="danger" [bitAction]="deleteAccount">
Expand Down
22 changes: 21 additions & 1 deletion apps/web/src/app/auth/settings/account/account.component.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,11 @@
import { Component, OnInit, ViewChild, ViewContainerRef } from "@angular/core";
import { lastValueFrom } from "rxjs";
import { lastValueFrom, map, Observable, of, switchMap } from "rxjs";

import { ModalService } from "@bitwarden/angular/services/modal.service";
import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
import { DialogService } from "@bitwarden/components";

import { PurgeVaultComponent } from "../../../vault/settings/purge-vault.component";
Expand All @@ -19,15 +22,32 @@
deauthModalRef: ViewContainerRef;

showChangeEmail = true;
showPurgeVault$: Observable<boolean>;

constructor(
private modalService: ModalService,
private dialogService: DialogService,
private userVerificationService: UserVerificationService,
private configService: ConfigService,
private organizationService: OrganizationService,

Check warning on line 32 in apps/web/src/app/auth/settings/account/account.component.ts

View check run for this annotation

Codecov / codecov/patch

apps/web/src/app/auth/settings/account/account.component.ts#L32 

Added line #L32 was not covered by tests
) {}

async ngOnInit() {
this.showChangeEmail = await this.userVerificationService.hasMasterPassword();
this.showPurgeVault$ = this.configService

Check warning on line 37 in apps/web/src/app/auth/settings/account/account.component.ts

View check run for this annotation

Codecov / codecov/patch

apps/web/src/app/auth/settings/account/account.component.ts#L37 

Added line #L37 was not covered by tests
.getFeatureFlag$(FeatureFlag.AccountDeprovisioning)
.pipe(
switchMap((isAccountDeprovisioningEnabled) =>
isAccountDeprovisioningEnabled
? this.organizationService.organizations$.pipe(
map(
(organizations) =>
!organizations.some((o) => o.userIsManagedByOrganization === true),

Check warning on line 45 in apps/web/src/app/auth/settings/account/account.component.ts

View check run for this annotation

Codecov / codecov/patch

apps/web/src/app/auth/settings/account/account.component.ts#L45 

Added line #L45 was not covered by tests
),
)
: of(true),
),
);
}

async deauthorizeSessions() {
Expand Down
1 change: 1 addition & 0 deletions libs/common/src/admin-console/models/data/organization.data.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ describe("ORGANIZATIONS state", () => {
limitCollectionCreationDeletion: false,
allowAdminAccessToAllCollectionItems: false,
familySponsorshipLastSyncDate: new Date(),
userIsManagedByOrganization: false,
},
};
const result = sut.deserializer(JSON.parse(JSON.stringify(expectedResult)));
Expand Down
2 changes: 2 additions & 0 deletions libs/common/src/admin-console/models/data/organization.data.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ export class OrganizationData {
accessSecretsManager: boolean;
limitCollectionCreationDeletion: boolean;
allowAdminAccessToAllCollectionItems: boolean;
userIsManagedByOrganization: boolean;

constructor(
response?: ProfileOrganizationResponse,
Expand Down Expand Up @@ -112,6 +113,7 @@ export class OrganizationData {
this.accessSecretsManager = response.accessSecretsManager;
this.limitCollectionCreationDeletion = response.limitCollectionCreationDeletion;
this.allowAdminAccessToAllCollectionItems = response.allowAdminAccessToAllCollectionItems;
this.userIsManagedByOrganization = response.userIsManagedByOrganization;

this.isMember = options.isMember;
this.isProviderUser = options.isProviderUser;
Expand Down
7 changes: 7 additions & 0 deletions libs/common/src/admin-console/models/domain/organization.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,12 @@ export class Organization {
* Refers to the ability for an owner/admin to access all collection items, regardless of assigned collections
*/
allowAdminAccessToAllCollectionItems: boolean;
/**
* Indicates if this organization manages the user.
* A user is considered managed by an organization if their email domain
* matches one of the verified domains of that organization, and the user is a member of it.
*/
userIsManagedByOrganization: boolean;
coroiu marked this conversation as resolved.
Show resolved Hide resolved

constructor(obj?: OrganizationData) {
if (obj == null) {
Expand Down Expand Up @@ -127,6 +133,7 @@ export class Organization {
this.accessSecretsManager = obj.accessSecretsManager;
this.limitCollectionCreationDeletion = obj.limitCollectionCreationDeletion;
this.allowAdminAccessToAllCollectionItems = obj.allowAdminAccessToAllCollectionItems;
this.userIsManagedByOrganization = obj.userIsManagedByOrganization;
}

get canAccess() {
Expand Down
2 changes: 2 additions & 0 deletions libs/common/src/admin-console/models/response/profile-organization.response.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ export class ProfileOrganizationResponse extends BaseResponse {
accessSecretsManager: boolean;
limitCollectionCreationDeletion: boolean;
allowAdminAccessToAllCollectionItems: boolean;
userIsManagedByOrganization: boolean;

constructor(response: any) {
super(response);
Expand Down Expand Up @@ -115,5 +116,6 @@ export class ProfileOrganizationResponse extends BaseResponse {
this.allowAdminAccessToAllCollectionItems = this.getResponseProperty(
"AllowAdminAccessToAllCollectionItems",
);
this.userIsManagedByOrganization = this.getResponseProperty("UserIsManagedByOrganization");
}
}
2 changes: 0 additions & 2 deletions libs/common/src/models/response/profile.response.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ export class ProfileResponse extends BaseResponse {
securityStamp: string;
forcePasswordReset: boolean;
usesKeyConnector: boolean;
managedByOrganizationId?: string | null;
organizations: ProfileOrganizationResponse[] = [];
providers: ProfileProviderResponse[] = [];
providerOrganizations: ProfileProviderOrganizationResponse[] = [];
Expand All @@ -43,7 +42,6 @@ export class ProfileResponse extends BaseResponse {
this.securityStamp = this.getResponseProperty("SecurityStamp");
this.forcePasswordReset = this.getResponseProperty("ForcePasswordReset") ?? false;
this.usesKeyConnector = this.getResponseProperty("UsesKeyConnector") ?? false;
this.managedByOrganizationId = this.getResponseProperty("ManagedByOrganizationId");

const organizations = this.getResponseProperty("Organizations");
if (organizations != null) {
Expand Down
Loading