bitwarden
diff --git a/‎src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUser/AutomaticallyConfirmOrganizationUsersValidator.cs‎
Lines changed: 16 additions & 7 deletions b/‎src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUser/AutomaticallyConfirmOrganizationUsersValidator.cs‎
Lines changed: 16 additions & 7 deletions
@@ -1,6 +1,7 @@
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.DeleteClaimedAccount;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
+using Bit.Core.AdminConsole.Utilities.v2;
 using Bit.Core.AdminConsole.Utilities.v2.Validation;
 using Bit.Core.Auth.UserFeatures.TwoFactorAuth.Interfaces;
 using Bit.Core.Enums;
@@ -54,10 +55,12 @@ public async Task<ValidationResult<AutomaticallyConfirmOrganizationUserValidatio
             return Invalid(request, new UserDoesNotHaveTwoFactorEnabled());
         }
 
-        // OrgUser must conform to Single Org Policy if applicable
-        if (!await OrganizationUserConformsToSingleOrgPolicyAsync(request))
+        // OrgUser must conform to this Single Org Policy
+
+
+        if (await OrganizationUserConformsToSingleOrgPolicyAsync(request) is { } error)
         {
-            return Invalid(request, new OrganizationEnforcesSingleOrgPolicy());
+            return Invalid(request, error);
         }
 
         return Valid(request);
@@ -75,24 +78,30 @@ private async Task<bool> OrganizationUserConformsToTwoFactorRequiredPolicyAsync(
             .IsTwoFactorRequiredForOrganization(request.Organization!.Id);
     }
 
-    private async Task<bool> OrganizationUserConformsToSingleOrgPolicyAsync(AutomaticallyConfirmOrganizationUserValidationRequest request)
+    private async Task<Error?> OrganizationUserConformsToSingleOrgPolicyAsync(
+        AutomaticallyConfirmOrganizationUserValidationRequest request)
     {
         var allOrganizationUsersForUser = await organizationUserRepository
             .GetManyByUserAsync(request.OrganizationUser!.UserId!.Value);
 
         if (allOrganizationUsersForUser.Count == 1)
         {
-            return true;
+            return null;
         }
 
         var policyRequirement = await policyRequirementQuery
             .GetAsync<SingleOrganizationPolicyRequirement>(request.OrganizationUser!.UserId!.Value);
 
         if (policyRequirement.IsSingleOrgEnabledForThisOrganization(request.Organization!.Id))
         {
-            return false;
+            return new OrganizationEnforcesSingleOrgPolicy();
+        }
+
+        if (policyRequirement.IsSingleOrgEnabledForOrganizationsOtherThan(request.Organization.Id))
+        {
+            return new OtherOrganizationEnforcesSingleOrgPolicy();
         }
 
-        return !policyRequirement.IsSingleOrgEnabledForOrganizationsOtherThan(request.Organization.Id);
+        return null;
     }
 }
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,7 @@`
`1`	`1`	`using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.DeleteClaimedAccount;`
`2`	`2`	`using Bit.Core.AdminConsole.OrganizationFeatures.Policies;`
`3`	`3`	`using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;`
	`4`	`+using Bit.Core.AdminConsole.Utilities.v2;`
`4`	`5`	`using Bit.Core.AdminConsole.Utilities.v2.Validation;`
`5`	`6`	`using Bit.Core.Auth.UserFeatures.TwoFactorAuth.Interfaces;`
`6`	`7`	`using Bit.Core.Enums;`
`@@ -54,10 +55,12 @@ public async Task<ValidationResult<AutomaticallyConfirmOrganizationUserValidatio`
`54`	`55`	`return Invalid(request, new UserDoesNotHaveTwoFactorEnabled());`
`55`	`56`	`}`
`56`	`57`
`57`		`- // OrgUser must conform to Single Org Policy if applicable`
`58`		`- if (!await OrganizationUserConformsToSingleOrgPolicyAsync(request))`
	`58`	`+ // OrgUser must conform to this Single Org Policy`
	`59`	`+`
	`60`	`+`
	`61`	`+ if (await OrganizationUserConformsToSingleOrgPolicyAsync(request) is { } error)`
`59`	`62`	`{`
`60`		`- return Invalid(request, new OrganizationEnforcesSingleOrgPolicy());`
	`63`	`+ return Invalid(request, error);`
`61`	`64`	`}`
`62`	`65`
`63`	`66`	`return Valid(request);`
`@@ -75,24 +78,30 @@ private async Task<bool> OrganizationUserConformsToTwoFactorRequiredPolicyAsync(`
`75`	`78`	`.IsTwoFactorRequiredForOrganization(request.Organization!.Id);`
`76`	`79`	`}`
`77`	`80`
`78`		`- private async Task<bool> OrganizationUserConformsToSingleOrgPolicyAsync(AutomaticallyConfirmOrganizationUserValidationRequest request)`
	`81`	`+ private async Task<Error?> OrganizationUserConformsToSingleOrgPolicyAsync(`
	`82`	`+ AutomaticallyConfirmOrganizationUserValidationRequest request)`
`79`	`83`	`{`
`80`	`84`	`var allOrganizationUsersForUser = await organizationUserRepository`
`81`	`85`	`.GetManyByUserAsync(request.OrganizationUser!.UserId!.Value);`
`82`	`86`
`83`	`87`	`if (allOrganizationUsersForUser.Count == 1)`
`84`	`88`	`{`
`85`		`- return true;`
	`89`	`+ return null;`
`86`	`90`	`}`
`87`	`91`
`88`	`92`	`var policyRequirement = await policyRequirementQuery`
`89`	`93`	`.GetAsync<SingleOrganizationPolicyRequirement>(request.OrganizationUser!.UserId!.Value);`
`90`	`94`
`91`	`95`	`if (policyRequirement.IsSingleOrgEnabledForThisOrganization(request.Organization!.Id))`
`92`	`96`	`{`
`93`		`- return false;`
	`97`	`+ return new OrganizationEnforcesSingleOrgPolicy();`
	`98`	`+ }`
	`99`	`+`
	`100`	`+ if (policyRequirement.IsSingleOrgEnabledForOrganizationsOtherThan(request.Organization.Id))`
	`101`	`+ {`
	`102`	`+ return new OtherOrganizationEnforcesSingleOrgPolicy();`
`94`	`103`	`}`
`95`	`104`
`96`		`- return !policyRequirement.IsSingleOrgEnabledForOrganizationsOtherThan(request.Organization.Id);`
	`105`	`+ return null;`
`97`	`106`	`}`
`98`	`107`	`}`