Add user verification to reset password request (#1980)

We only need master password hash because this is currently
only used for sso password setting after auto-provisioning. Key
Connector is not involved in these accounts
This commit is contained in:
Matt Gibson 2022-07-06 18:23:20 -04:00 committed by GitHub
parent 6c7413e38c
commit 58a3662d0f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 1 deletions

View file

@ -219,7 +219,8 @@ namespace Bit.App.Pages
// Request // Request
var resetRequest = new OrganizationUserResetPasswordEnrollmentRequest var resetRequest = new OrganizationUserResetPasswordEnrollmentRequest
{ {
ResetPasswordKey = encryptedKey.EncryptedString ResetPasswordKey = encryptedKey.EncryptedString,
MasterPasswordHash = masterPasswordHash,
}; };
var userId = await _stateService.GetActiveUserIdAsync(); var userId = await _stateService.GetActiveUserIdAsync();
// Enroll user // Enroll user

View file

@ -2,6 +2,7 @@
{ {
public class OrganizationUserResetPasswordEnrollmentRequest public class OrganizationUserResetPasswordEnrollmentRequest
{ {
public string MasterPasswordHash { get; set; }
public string ResetPasswordKey { get; set; } public string ResetPasswordKey { get; set; }
} }
} }