Resolves dani-garcia/bitwarden_rs#981

* a user without 2fa trying to join a 2fa org will fail, but user gets an email to enable 2fa * a user disabling 2fa will be removed from 2fa orgs; user gets an email for each org * an org enabling 2fa policy will remove users without 2fa; users get an email
2025-09-11 03:05:58 +03:00 · 2021-04-11 22:57:17 -04:00
parent b268c3dd1c
commit d75a80bd2d
8 changed files with 228 additions and 2 deletions
--- a/src/api/core/two_factor/mod.rs
+++ b/src/api/core/two_factor/mod.rs
@@ -8,9 +8,10 @@ use crate::{
    auth::Headers,
    crypto,
    db::{
-        models::{TwoFactor, User},
+        models::*,
        DbConn,
    },
+    mail,
 };

 pub mod authenticator;
@@ -134,6 +135,23 @@ fn disable_twofactor(data: JsonUpcase<DisableTwoFactorData>, headers: Headers, c
        twofactor.delete(&conn)?;
    }

+    let twofactor_disabled = TwoFactor::find_by_user(&user.uuid, &conn).is_empty();
+
+    if twofactor_disabled {
+        let policy_type = OrgPolicyType::TwoFactorAuthentication;
+        let org_list = UserOrganization::find_by_user_and_policy(&user.uuid, policy_type, &conn);
+
+        for user_org in org_list.into_iter() {
+
+            if user_org.atype < UserOrgType::Admin {
+                let org = Organization::find_by_uuid(&user_org.org_uuid, &conn).unwrap();
+
+                mail::send_2fa_removed_from_org(&user.email, &org.name)?;
+                user_org.delete(&conn)?;
+            }
+        }
+    }
+
    Ok(Json(json!({
        "Enabled": false,
        "Type": type_,