[Reset Password v1] Update Temporary Password API (#1481)

* [Reset Password v1] Update Temporary Password API

* Fixed Noop interface

src/Api/Controllers/AccountsController.cs

@@ -797,5 +797,28 @@ namespace Bit.Api.Controllers
                 return response;
             }
         }
+        
+        [HttpPost("update-temp-password")]
+        public async Task PostUpdateTempPasswordAsync([FromBody]UpdateTempPasswordRequestModel model)
+        {
+            var user = await _userService.GetUserByPrincipalAsync(User);
+            if (user == null)
+            {
+                throw new UnauthorizedAccessException();
+            }
+
+            var result = await _userService.UpdateTempPasswordAsync(user, model.NewMasterPasswordHash, model.Key);
+            if (result.Succeeded)
+            {
+                return;
+            }
+
+            foreach (var error in result.Errors)
+            {
+                ModelState.AddModelError(string.Empty, error.Description);
+            }
+
+            throw new BadRequestException(ModelState);
+        }
     }
 }

src/Core/Enums/EventType.cs

@@ -10,6 +10,7 @@
         User_FailedLogIn = 1005,
         User_FailedLogIn2fa = 1006,
         User_ClientExportedVault = 1007,
+        User_UpdatedTempPassword = 1008,
 
         Cipher_Created = 1100,
         Cipher_Updated = 1101,

src/Core/MailTemplates/Handlebars/UpdatedTempPassword.html.hbs

@@ -0,0 +1,9 @@
+{{#>FullHtmlLayout}}
+<table width="100%" cellpadding="0" cellspacing="0" style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
+    <tr style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
+        <td class="content-block" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; padding: 0 0 10px; -webkit-text-size-adjust: none;" valign="top">
+            The temporary master password set by an administrator for <b style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">{{UserName}}</b> has been changed. If you did not initiate this request, please reach out to your administrator immediately.
+        </td>
+    </tr>
+</table>
+{{/FullHtmlLayout}}

src/Core/MailTemplates/Handlebars/UpdatedTempPassword.text.hbs

@@ -0,0 +1,3 @@
+{{#>BasicTextLayout}}
+The temporary master password set by an administrator for {{UserName}} has been changed. If you did not initiate this request, please reach out to your administrator immediately.
+{{/BasicTextLayout}}

src/Core/Models/Api/Request/Accounts/UpdateTempPasswordRequestModel.cs

@@ -0,0 +1,7 @@
+namespace Bit.Core.Models.Api.Request.Accounts
+{
+    public class UpdateTempPasswordRequestModel : OrganizationUserResetPasswordRequestModel
+    {
+        
+    }
+}

src/Core/Models/Mail/UpdateTempPasswordViewModel.cs

@@ -0,0 +1,7 @@
+namespace Bit.Core.Models.Mail
+{
+    public class UpdateTempPasswordViewModel
+    {
+        public string UserName { get; set; }
+    }
+}

src/Core/Services/IMailService.cs

@@ -46,5 +46,6 @@ namespace Bit.Core.Services
         Task SendProviderInviteEmailAsync(string providerName, ProviderUser providerUser, string token, string email);
         Task SendProviderConfirmedEmailAsync(string providerName, string email);
         Task SendProviderUserRemoved(string providerName, string email);
+        Task SendUpdatedTempPasswordEmailAsync(string email, string userName);
     }
 }

src/Core/Services/IUserService.cs

@@ -35,6 +35,7 @@ namespace Bit.Core.Services
         Task<IdentityResult> ChangePasswordAsync(User user, string masterPassword, string newMasterPassword, string key);
         Task<IdentityResult> SetPasswordAsync(User user, string newMasterPassword, string key, string orgIdentifier = null);
         Task<IdentityResult> AdminResetPasswordAsync(OrganizationUserType type, Guid orgId, Guid id, string newMasterPassword, string key);
+        Task<IdentityResult> UpdateTempPasswordAsync(User user, string newMasterPassword, string key);
         Task<IdentityResult> ChangeKdfAsync(User user, string masterPassword, string newMasterPassword, string key,
             KdfType kdf, int kdfIterations);
         Task<IdentityResult> UpdateKeyAsync(User user, string masterPassword, string key, string privateKey,

src/Core/Services/Implementations/HandlebarsMailService.cs

@@ -714,5 +714,17 @@ namespace Bit.Core.Services
             message.Category = "ProviderUserRemoved";
             await _mailDeliveryService.SendEmailAsync(message);
         }
+        
+        public async Task SendUpdatedTempPasswordEmailAsync(string email, string userName)
+        {
+            var message = CreateDefaultMessage("Master Password Has Been Changed", email);
+            var model = new UpdateTempPasswordViewModel()
+            {
+                UserName = CoreHelpers.SanitizeForEmail(userName)
+            };
+            await AddMessageContentAsync(message, "UpdatedTempPassword", model);
+            message.Category = "UpdatedTempPassword";
+            await _mailDeliveryService.SendEmailAsync(message);
+        }
     }
 }

src/Core/Services/Implementations/UserService.cs

@@ -690,6 +690,7 @@ namespace Bit.Core.Services
 
             user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
             user.Key = key;
+            user.ForcePasswordReset = true;
 
             await _userRepository.ReplaceAsync(user);
             await _mailService.SendAdminResetPasswordEmailAsync(user.Email, user.Name ?? user.Email, org.Name);
@@ -698,6 +699,31 @@ namespace Bit.Core.Services
 
             return IdentityResult.Success;
         }
+        
+        public async Task<IdentityResult> UpdateTempPasswordAsync(User user, string newMasterPassword, string key)
+        {
+            if (!user.ForcePasswordReset)
+            {
+                throw new BadRequestException("User does not have a temporary password to update.");
+            }
+            
+            var result = await UpdatePasswordHash(user, newMasterPassword);
+            if (!result.Succeeded)
+            {
+                return result;
+            }
+
+            user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
+            user.ForcePasswordReset = false;
+            user.Key = key;
+
+            await _userRepository.ReplaceAsync(user);
+            await _mailService.SendUpdatedTempPasswordEmailAsync(user.Email, user.Name ?? user.Email);
+            await _eventService.LogUserEventAsync(user.Id, EventType.User_UpdatedTempPassword);
+            await _pushService.PushLogOutAsync(user.Id);
+
+            return IdentityResult.Success;
+        }
 
         public async Task<IdentityResult> ChangeKdfAsync(User user, string masterPassword, string newMasterPassword,
             string key, KdfType kdf, int kdfIterations)

src/Core/Services/NoopImplementations/NoopMailService.cs

@@ -185,5 +185,10 @@ namespace Bit.Core.Services
         {
             return Task.FromResult(0);
         }
+        
+        public Task SendUpdatedTempPasswordEmailAsync(string email, string userName)
+        {
+            return Task.FromResult(0);
+        }
     }
 }