[PM-3777[PM-3633] Update minimum KDF iterations when creating new User record (#3687)

* Updated minimum iterations on new Users to the default. * Fixed test I missed.
2025-04-05 21:18:13 -05:00 · 2024-01-25 10:59:53 -05:00 · 2024-01-25 10:59:53 -05:00 · 2763345e9e
commit 2763345e9e
parent bac06763f5
5 changed files with 6 additions and 5 deletions
--- a/src/Core/Auth/Models/Api/Request/Accounts/RegisterRequestModel.cs
+++ b/src/Core/Auth/Models/Api/Request/Accounts/RegisterRequestModel.cs
@ -38,7 +38,7 @@ public class RegisterRequestModel : IValidatableObject, ICaptchaProtectedModel
            Email = Email,
            MasterPasswordHint = MasterPasswordHint,
            Kdf = Kdf.GetValueOrDefault(KdfType.PBKDF2_SHA256),
-            KdfIterations = KdfIterations.GetValueOrDefault(5000),
+            KdfIterations = KdfIterations.GetValueOrDefault(AuthConstants.PBKDF2_ITERATIONS.Default),
            KdfMemory = KdfMemory,
            KdfParallelism = KdfParallelism
        };
--- a/src/Core/Entities/User.cs
+++ b/src/Core/Entities/User.cs
@ -55,7 +55,7 @@ public class User : ITableObject<Guid>, ISubscriber, IStorable, IStorableSubscri
    [MaxLength(30)]
    public string ApiKey { get; set; }
    public KdfType Kdf { get; set; } = KdfType.PBKDF2_SHA256;
-    public int KdfIterations { get; set; } = 5000;
+    public int KdfIterations { get; set; } = AuthConstants.PBKDF2_ITERATIONS.Default;
    public int? KdfMemory { get; set; }
    public int? KdfParallelism { get; set; }
    public DateTime CreationDate { get; set; } = DateTime.UtcNow;
--- a/test/Api.Test/Auth/Controllers/AccountsControllerTests.cs
+++ b/test/Api.Test/Auth/Controllers/AccountsControllerTests.cs
@ -129,7 +129,7 @@ public class AccountsControllerTests : IDisposable
        var userKdfInfo = new UserKdfInformation
        {
            Kdf = KdfType.PBKDF2_SHA256,
-            KdfIterations = 5000
+            KdfIterations = AuthConstants.PBKDF2_ITERATIONS.Default
        };
        _userRepository.GetKdfInformationByEmailAsync(Arg.Any<string>()).Returns(Task.FromResult(userKdfInfo));
--- a/test/Identity.IntegrationTest/Endpoints/IdentityServerTests.cs
+++ b/test/Identity.IntegrationTest/Endpoints/IdentityServerTests.cs
@ -1,4 +1,5 @@
 using System.Text.Json;
 using Bit.Core;
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Enums;
 using Bit.Core.AdminConsole.Repositories;
@ -67,7 +68,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
        var kdf = AssertHelper.AssertJsonProperty(root, "Kdf", JsonValueKind.Number).GetInt32();
        Assert.Equal(0, kdf);
        var kdfIterations = AssertHelper.AssertJsonProperty(root, "KdfIterations", JsonValueKind.Number).GetInt32();
-        Assert.Equal(5000, kdfIterations);
+        Assert.Equal(AuthConstants.PBKDF2_ITERATIONS.Default, kdfIterations);
        AssertUserDecryptionOptions(root);
    }
--- a/test/Identity.Test/Controllers/AccountsControllerTests.cs
+++ b/test/Identity.Test/Controllers/AccountsControllerTests.cs
@ -58,7 +58,7 @@ public class AccountsControllerTests : IDisposable
        var userKdfInfo = new UserKdfInformation
        {
            Kdf = KdfType.PBKDF2_SHA256,
-            KdfIterations = 5000
+            KdfIterations = AuthConstants.PBKDF2_ITERATIONS.Default
        };
        _userRepository.GetKdfInformationByEmailAsync(Arg.Any<string>()).Returns(Task.FromResult(userKdfInfo));