[PS-1051] Fix/add master pass hash to all org reset key requests (#3049)

* clarify master password reset calls

* Add master password hash to master password change requests
This commit is contained in:
Matt Gibson 2022-07-06 15:19:58 -04:00 committed by GitHub
parent 4dd149e912
commit 12615c203f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 5 additions and 2 deletions

View File

@ -120,6 +120,7 @@ export class OrganizationOptionsComponent {
},
});
} else {
// Remove reset password
const request = new OrganizationUserResetPasswordEnrollmentRequest();
request.masterPasswordHash = "ignored";
request.resetPasswordKey = null;

View File

@ -224,7 +224,7 @@ export class ChangePasswordComponent extends BaseChangePasswordComponent {
await this.updateEmergencyAccesses(encKey[0]);
await this.updateAllResetPasswordKeys(encKey[0]);
await this.updateAllResetPasswordKeys(encKey[0], masterPasswordHash);
}
private async updateEmergencyAccesses(encKey: SymmetricCryptoKey) {
@ -252,7 +252,7 @@ export class ChangePasswordComponent extends BaseChangePasswordComponent {
}
}
private async updateAllResetPasswordKeys(encKey: SymmetricCryptoKey) {
private async updateAllResetPasswordKeys(encKey: SymmetricCryptoKey, masterPasswordHash: string) {
const orgs = await this.organizationService.getAll();
for (const org of orgs) {
@ -270,6 +270,7 @@ export class ChangePasswordComponent extends BaseChangePasswordComponent {
// Create/Execute request
const request = new OrganizationUserResetPasswordEnrollmentRequest();
request.masterPasswordHash = masterPasswordHash;
request.resetPasswordKey = encryptedKey.encryptedString;
await this.apiService.putOrganizationUserResetPasswordEnrollment(org.id, org.userId, request);

View File

@ -128,6 +128,7 @@ export class SetPasswordComponent extends BaseChangePasswordComponent {
);
const resetRequest = new OrganizationUserResetPasswordEnrollmentRequest();
resetRequest.masterPasswordHash = masterPasswordHash;
resetRequest.resetPasswordKey = encryptedKey.encryptedString;
return this.apiService.putOrganizationUserResetPasswordEnrollment(