diff --git a/src/Core/AdminConsole/Services/Implementations/PolicyService.cs b/src/Core/AdminConsole/Services/Implementations/PolicyService.cs index fab32aaff43d..35ab8d2002a1 100644 --- a/src/Core/AdminConsole/Services/Implementations/PolicyService.cs +++ b/src/Core/AdminConsole/Services/Implementations/PolicyService.cs @@ -25,6 +25,7 @@ public class PolicyService : IPolicyService private readonly ISsoConfigRepository _ssoConfigRepository; private readonly IMailService _mailService; private readonly GlobalSettings _globalSettings; + private readonly IOrganizationDomainService _organizationDomainService; private readonly ITwoFactorIsEnabledQuery _twoFactorIsEnabledQuery; public PolicyService( @@ -36,6 +37,7 @@ public PolicyService( ISsoConfigRepository ssoConfigRepository, IMailService mailService, GlobalSettings globalSettings, + IOrganizationDomainService organizationDomainService, ITwoFactorIsEnabledQuery twoFactorIsEnabledQuery) { _applicationCacheService = applicationCacheService; @@ -46,6 +48,7 @@ public PolicyService( _ssoConfigRepository = ssoConfigRepository; _mailService = mailService; _globalSettings = globalSettings; + _organizationDomainService = organizationDomainService; _twoFactorIsEnabledQuery = twoFactorIsEnabledQuery; } @@ -212,6 +215,7 @@ private async Task HandleDependentPoliciesAsync(Policy policy, Organization org) case PolicyType.SingleOrg: if (!policy.Enabled) { + await HasNoVerifiedDomainsAsync(org); await RequiredBySsoAsync(org); await RequiredByVaultTimeoutAsync(org); await RequiredByKeyConnectorAsync(org); @@ -252,6 +256,14 @@ private async Task HandleDependentPoliciesAsync(Policy policy, Organization org) } } + private async Task HasNoVerifiedDomainsAsync(Organization org) + { + if (await _organizationDomainService.HasVerifiedDomainsAsync(org.Id)) + { + throw new BadRequestException("Organization still has verified domains."); + } + } + private async Task SetPolicyConfiguration(Policy policy) { await _policyRepository.UpsertAsync(policy);