Add email notification on Two Factor recovery use (#625)

* Add email notification on Two Factor recovery use * A user who has lost their 2fa device can clear out the 2fa settings using a recovery code. When this happens it gets logged but no notification to the user occurs. * Add a notification to be sent when 2fa recovery code is used * Add email message templates
2025-07-03 00:52:49 -05:00 · 2019-12-23 15:26:39 -05:00
parent 665e78ec1c
commit 0be86072f7
7 changed files with 62 additions and 0 deletions
--- a/src/Core/Services/Implementations/HandlebarsMailService.cs
+++ b/src/Core/Services/Implementations/HandlebarsMailService.cs
@ -283,6 +283,23 @@ namespace Bit.Core.Services
            await _mailDeliveryService.SendEmailAsync(message);
        }

+        public async Task SendRecoverTwoFactorEmail(string email, DateTime timestamp, string ip)
+        {
+            var message = CreateDefaultMessage($"Recover 2FA From {ip}", email);
+            var model = new RecoverTwoFactorModel
+            {
+                WebVaultUrl = _globalSettings.BaseServiceUri.VaultWithHash,
+                SiteName = _globalSettings.SiteName,
+                TheDate = timestamp.ToLongDateString(),
+                TheTime = timestamp.ToShortTimeString(),
+                TimeZone = "UTC",
+                IpAddress = ip
+            };
+            await AddMessageContentAsync(message, "RecoverTwoFactor", model);
+            message.Category = "RecoverTwoFactor";
+            await _mailDeliveryService.SendEmailAsync(message);
+        }
+
        private MailMessage CreateDefaultMessage(string subject, string toEmail)
        {
            return CreateDefaultMessage(subject, new List<string> { toEmail });
--- a/src/Core/Services/Implementations/UserService.cs
+++ b/src/Core/Services/Implementations/UserService.cs
@ -674,6 +674,7 @@ namespace Bit.Core.Services
            user.TwoFactorProviders = null;
            user.TwoFactorRecoveryCode = CoreHelpers.SecureRandomString(32, upper: false, special: false);
            await SaveUserAsync(user);
+            await _mailService.SendRecoverTwoFactorEmail(user.Email, DateTime.UtcNow, _currentContext.IpAddress);
            await _eventService.LogUserEventAsync(user.Id, EventType.User_Recovered2fa);

            return true;