Auth/PM-3833 - Remove Deprecated Register and Prelogin endpoints from API (#4206)

* PM-3833 - API - AccountsController.cs && AccountsController.cs - remove prelogin and register endpoints. * PM-3833 - Move Request and Response models that were used for Prelogin and PostRegister from API to Identity. * PM-3833 - FIX LINT * PM-3833 - Fix issues after merge conflict fixes. * PM-3833 - Another test fix
2025-06-30 15:42:48 -05:00 · 2024-06-19 15:11:24 -04:00
parent b2b1e3de87
commit 29b47f72ca
15 changed files with 17 additions and 175 deletions
--- a/src/Api/Auth/Controllers/AccountsController.cs
+++ b/src/Api/Auth/Controllers/AccountsController.cs
@ -16,12 +16,9 @@ using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.AdminConsole.Services;
 using Bit.Core.Auth.Entities;
 using Bit.Core.Auth.Models.Api.Request.Accounts;
-using Bit.Core.Auth.Models.Api.Response.Accounts;
 using Bit.Core.Auth.Models.Data;
-using Bit.Core.Auth.Services;
 using Bit.Core.Auth.UserFeatures.UserKey;
 using Bit.Core.Auth.UserFeatures.UserMasterPassword.Interfaces;
-using Bit.Core.Auth.Utilities;
 using Bit.Core.Billing.Models;
 using Bit.Core.Billing.Services;
 using Bit.Core.Context;
@ -30,18 +27,15 @@ using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Api.Response;
 using Bit.Core.Models.Business;
-using Bit.Core.Models.Data;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
 using Bit.Core.Settings;
 using Bit.Core.Tools.Entities;
 using Bit.Core.Tools.Enums;
 using Bit.Core.Tools.Models.Business;
-using Bit.Core.Tools.Repositories;
 using Bit.Core.Tools.Services;
 using Bit.Core.Utilities;
 using Bit.Core.Vault.Entities;
-using Bit.Core.Vault.Repositories;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;

@ -52,17 +46,11 @@ namespace Bit.Api.Auth.Controllers;
 public class AccountsController : Controller
 {
    private readonly GlobalSettings _globalSettings;
-    private readonly ICipherRepository _cipherRepository;
-    private readonly IFolderRepository _folderRepository;
    private readonly IOrganizationService _organizationService;
    private readonly IOrganizationUserRepository _organizationUserRepository;
    private readonly IProviderUserRepository _providerUserRepository;
    private readonly IPaymentService _paymentService;
-    private readonly IUserRepository _userRepository;
    private readonly IUserService _userService;
-    private readonly ISendRepository _sendRepository;
-    private readonly ISendService _sendService;
-    private readonly ICaptchaValidationService _captchaValidationService;
    private readonly IPolicyService _policyService;
    private readonly ISetInitialMasterPasswordCommand _setInitialMasterPasswordCommand;
    private readonly IRotateUserKeyCommand _rotateUserKeyCommand;
@ -88,17 +76,11 @@ public class AccountsController : Controller

    public AccountsController(
        GlobalSettings globalSettings,
-        ICipherRepository cipherRepository,
-        IFolderRepository folderRepository,
        IOrganizationService organizationService,
        IOrganizationUserRepository organizationUserRepository,
        IProviderUserRepository providerUserRepository,
        IPaymentService paymentService,
-        IUserRepository userRepository,
        IUserService userService,
-        ISendRepository sendRepository,
-        ISendService sendService,
-        ICaptchaValidationService captchaValidationService,
        IPolicyService policyService,
        ISetInitialMasterPasswordCommand setInitialMasterPasswordCommand,
        IRotateUserKeyCommand rotateUserKeyCommand,
@ -116,18 +98,12 @@ public class AccountsController : Controller
        IRotationValidator<IEnumerable<WebAuthnLoginRotateKeyRequestModel>, IEnumerable<WebAuthnLoginRotateKeyData>> webAuthnKeyValidator
        )
    {
-        _cipherRepository = cipherRepository;
-        _folderRepository = folderRepository;
        _globalSettings = globalSettings;
        _organizationService = organizationService;
        _organizationUserRepository = organizationUserRepository;
        _providerUserRepository = providerUserRepository;
        _paymentService = paymentService;
-        _userRepository = userRepository;
        _userService = userService;
-        _sendRepository = sendRepository;
-        _sendService = sendService;
-        _captchaValidationService = captchaValidationService;
        _policyService = policyService;
        _setInitialMasterPasswordCommand = setInitialMasterPasswordCommand;
        _rotateUserKeyCommand = rotateUserKeyCommand;
@ -143,50 +119,6 @@ public class AccountsController : Controller
        _webauthnKeyValidator = webAuthnKeyValidator;
    }

-    #region DEPRECATED (Moved to Identity Service)
-
-    [Obsolete("TDL-136 Moved to Identity (2022-01-12 cloud, 2022-09-19 self-hosted), left for backwards compatability with older clients.")]
-    [HttpPost("prelogin")]
-    [AllowAnonymous]
-    public async Task<PreloginResponseModel> PostPrelogin([FromBody] PreloginRequestModel model)
-    {
-        var kdfInformation = await _userRepository.GetKdfInformationByEmailAsync(model.Email);
-        if (kdfInformation == null)
-        {
-            kdfInformation = new UserKdfInformation
-            {
-                Kdf = KdfType.PBKDF2_SHA256,
-                KdfIterations = AuthConstants.PBKDF2_ITERATIONS.Default,
-            };
-        }
-        return new PreloginResponseModel(kdfInformation);
-    }
-
-    [Obsolete("TDL-136 Moved to Identity (2022-01-12 cloud, 2022-09-19 self-hosted), left for backwards compatability with older clients.")]
-    [HttpPost("register")]
-    [AllowAnonymous]
-    [CaptchaProtected]
-    public async Task<RegisterResponseModel> PostRegister([FromBody] RegisterRequestModel model)
-    {
-        var user = model.ToUser();
-        var result = await _userService.RegisterUserAsync(user, model.MasterPasswordHash,
-            model.Token, model.OrganizationUserId);
-        if (result.Succeeded)
-        {
-            var captchaBypassToken = _captchaValidationService.GenerateCaptchaBypassToken(user);
-            return new RegisterResponseModel(captchaBypassToken);
-        }
-
-        foreach (var error in result.Errors.Where(e => e.Code != "DuplicateUserName"))
-        {
-            ModelState.AddModelError(string.Empty, error.Description);
-        }
-
-        await Task.Delay(2000);
-        throw new BadRequestException(ModelState);
-    }
-
-    #endregion

    [HttpPost("password-hint")]
    [AllowAnonymous]
--- a/src/Identity/Controllers/AccountsController.cs
+++ b/src/Identity/Controllers/AccountsController.cs
@ -18,6 +18,8 @@ using Bit.Core.Tools.Enums;
 using Bit.Core.Tools.Models.Business;
 using Bit.Core.Tools.Services;
 using Bit.Core.Utilities;
+using Bit.Identity.Models.Request.Accounts;
+using Bit.Identity.Models.Response.Accounts;
 using Bit.SharedWeb.Utilities;
 using Microsoft.AspNetCore.Mvc;

@ -61,7 +63,6 @@ public class AccountsController : Controller
        _referenceEventService = referenceEventService;
    }

-    // Moved from API, If you modify this endpoint, please update API as well. Self hosted installs still use the API endpoints.
    [HttpPost("register")]
    [CaptchaProtected]
    public async Task<RegisterResponseModel> PostRegister([FromBody] RegisterRequestModel model)
@ -138,5 +139,4 @@ public class AccountsController : Controller
            Token = token
        };
    }
-
 }
--- a/src/Core/Auth/Models/Api/Request/Accounts/PreloginRequestModel.cs
+++ b/src/Core/Auth/Models/Api/Request/Accounts/PreloginRequestModel.cs
@ -1,6 +1,6 @@
 using System.ComponentModel.DataAnnotations;

-namespace Bit.Core.Auth.Models.Api.Request.Accounts;
+namespace Bit.Identity.Models.Request.Accounts;

 public class PreloginRequestModel
 {
--- a/src/Core/Auth/Models/Api/Request/Accounts/RegisterRequestModel.cs
+++ b/src/Core/Auth/Models/Api/Request/Accounts/RegisterRequestModel.cs
@ -1,10 +1,13 @@
 using System.ComponentModel.DataAnnotations;
 using System.Text.Json;
+using Bit.Core;
+using Bit.Core.Auth.Models.Api;
+using Bit.Core.Auth.Models.Api.Request.Accounts;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Utilities;

-namespace Bit.Core.Auth.Models.Api.Request.Accounts;
+namespace Bit.Identity.Models.Request.Accounts;

 public class RegisterRequestModel : IValidatableObject, ICaptchaProtectedModel
 {
--- a/src/Core/Auth/Models/Api/Response/Accounts/ICaptchaProtectedResponseModel.cs
+++ b/src/Core/Auth/Models/Api/Response/Accounts/ICaptchaProtectedResponseModel.cs
@ -1,5 +1,4 @@
-namespace Bit.Core.Auth.Models.Api.Response.Accounts;
-
+namespace Bit.Identity.Models.Response.Accounts;
 public interface ICaptchaProtectedResponseModel
 {
    public string CaptchaBypassToken { get; set; }
--- a/src/Core/Auth/Models/Api/Response/Accounts/PreloginResponseModel.cs
+++ b/src/Core/Auth/Models/Api/Response/Accounts/PreloginResponseModel.cs
@ -1,7 +1,7 @@
 using Bit.Core.Enums;
 using Bit.Core.Models.Data;

-namespace Bit.Core.Auth.Models.Api.Response.Accounts;
+namespace Bit.Identity.Models.Response.Accounts;

 public class PreloginResponseModel
 {
--- a/src/Core/Auth/Models/Api/Response/Accounts/RegisterResponseModel.cs
+++ b/src/Core/Auth/Models/Api/Response/Accounts/RegisterResponseModel.cs
@ -1,6 +1,6 @@
 using Bit.Core.Models.Api;

-namespace Bit.Core.Auth.Models.Api.Response.Accounts;
+namespace Bit.Identity.Models.Response.Accounts;

 public class RegisterResponseModel : ResponseModel, ICaptchaProtectedResponseModel
 {