[PM-4371] Implement PRF key rotation (#4157)

* Send rotateable keyset on list webauthn keys

* Implement basic prf key rotation

* Add validator for webauthn rotation

* Fix accounts controller tests

* Add webauthn rotation validator tests

* Introduce separate request model

* Fix tests

* Remove extra empty line

* Remove filtering in validator

* Don't send encrypted private key

* Fix tests

* Implement delegated webauthn db transactions

* Add backward compatibility

* Fix query not working

* Update migration sql

* Update dapper query

* Remove unused helper

* Rename webauthn to WebAuthnLogin

* Fix linter errors

* Fix tests

* Fix tests

test/Api.Test/Auth/Controllers/AccountsControllerTests.cs

@@ -3,6 +3,7 @@ using Bit.Api.AdminConsole.Models.Request.Organizations;
 using Bit.Api.Auth.Controllers;
 using Bit.Api.Auth.Models.Request;
 using Bit.Api.Auth.Models.Request.Accounts;
+using Bit.Api.Auth.Models.Request.WebAuthn;
 using Bit.Api.Auth.Validators;
 using Bit.Api.Tools.Models.Request;
 using Bit.Api.Vault.Models.Request;
@@ -11,6 +12,7 @@ using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.AdminConsole.Services;
 using Bit.Core.Auth.Entities;
 using Bit.Core.Auth.Models.Api.Request.Accounts;
+using Bit.Core.Auth.Models.Data;
 using Bit.Core.Auth.Services;
 using Bit.Core.Auth.UserFeatures.UserKey;
 using Bit.Core.Auth.UserFeatures.UserMasterPassword.Interfaces;
@@ -67,6 +69,8 @@ public class AccountsControllerTests : IDisposable
     private readonly IRotationValidator<IEnumerable<ResetPasswordWithOrgIdRequestModel>,
             IReadOnlyList<OrganizationUser>>
         _resetPasswordValidator;
+    private readonly IRotationValidator<IEnumerable<WebAuthnLoginRotateKeyRequestModel>, IEnumerable<WebAuthnLoginRotateKeyData>>
+        _webauthnKeyRotationValidator;
 
 
     public AccountsControllerTests()
@@ -97,6 +101,7 @@ public class AccountsControllerTests : IDisposable
         _sendValidator = Substitute.For<IRotationValidator<IEnumerable<SendWithIdRequestModel>, IReadOnlyList<Send>>>();
         _emergencyAccessValidator = Substitute.For<IRotationValidator<IEnumerable<EmergencyAccessWithIdRequestModel>,
             IEnumerable<EmergencyAccess>>>();
+        _webauthnKeyRotationValidator = Substitute.For<IRotationValidator<IEnumerable<WebAuthnLoginRotateKeyRequestModel>, IEnumerable<WebAuthnLoginRotateKeyData>>>();
         _resetPasswordValidator = Substitute
             .For<IRotationValidator<IEnumerable<ResetPasswordWithOrgIdRequestModel>,
                 IReadOnlyList<OrganizationUser>>>();
@@ -125,7 +130,8 @@ public class AccountsControllerTests : IDisposable
             _folderValidator,
             _sendValidator,
             _emergencyAccessValidator,
-            _resetPasswordValidator
+            _resetPasswordValidator,
+            _webauthnKeyRotationValidator
         );
     }
 

test/Api.Test/Auth/Controllers/WebAuthnControllerTests.cs

@@ -1,6 +1,6 @@
 using Bit.Api.Auth.Controllers;
 using Bit.Api.Auth.Models.Request.Accounts;
-using Bit.Api.Auth.Models.Request.Webauthn;
+using Bit.Api.Auth.Models.Request.WebAuthn;
 using Bit.Core.AdminConsole.Enums;
 using Bit.Core.AdminConsole.Services;
 using Bit.Core.Auth.Entities;