[Reset Password v1] Update DB for Forced Reset (#1467)

* [Reset Password v1] Force Temp Password Changes

* Updated EF migrations/scripts

* Updating user sprocs with default bit value

src/Core/Models/Api/Response/ProfileResponseModel.cs

@@ -30,6 +30,7 @@ namespace Bit.Core.Models.Api
             Key = user.Key;
             PrivateKey = user.PrivateKey;
             SecurityStamp = user.SecurityStamp;
+            ForcePasswordReset = user.ForcePasswordReset;
             Organizations = organizationsUserDetails?.Select(o => new ProfileOrganizationResponseModel(o));
             Providers = providerUserDetails?.Select(p => new ProfileProviderResponseModel(p));
             ProviderOrganizations =
@@ -47,6 +48,7 @@ namespace Bit.Core.Models.Api
         public string Key { get; set; }
         public string PrivateKey { get; set; }
         public string SecurityStamp { get; set; }
+        public bool ForcePasswordReset { get; set; }
         public IEnumerable<ProfileOrganizationResponseModel> Organizations { get; set; }
         public IEnumerable<ProfileProviderResponseModel> Providers { get; set; }
         public IEnumerable<ProfileProviderOrganizationResponseModel> ProviderOrganizations { get; set; }

src/Core/Models/Table/User.cs

@@ -57,6 +57,7 @@ namespace Bit.Core.Models.Table
         public int KdfIterations { get; set; } = 5000;
         public DateTime CreationDate { get; internal set; } = DateTime.UtcNow;
         public DateTime RevisionDate { get; internal set; } = DateTime.UtcNow;
+        public bool ForcePasswordReset { get; set; }
 
         public void SetNewId()
         {

src/Sql/dbo/Stored Procedures/User_Create.sql

@@ -29,7 +29,8 @@
     @KdfIterations INT,
     @CreationDate DATETIME2(7),
     @RevisionDate DATETIME2(7),
-    @ApiKey VARCHAR(30)
+    @ApiKey VARCHAR(30),
+    @ForcePasswordReset BIT = 0
 AS
 BEGIN
     SET NOCOUNT ON
@@ -66,7 +67,8 @@ BEGIN
         [KdfIterations],
         [CreationDate],
         [RevisionDate],
-        [ApiKey]
+        [ApiKey],
+        [ForcePasswordReset]
     )
     VALUES
     (
@@ -100,6 +102,7 @@ BEGIN
         @KdfIterations,
         @CreationDate,
         @RevisionDate,
-        @ApiKey
+        @ApiKey,
+        @ForcePasswordReset
     )
 END

src/Sql/dbo/Stored Procedures/User_Update.sql

@@ -29,7 +29,8 @@
     @KdfIterations INT,
     @CreationDate DATETIME2(7),
     @RevisionDate DATETIME2(7),
-    @ApiKey VARCHAR(30)
+    @ApiKey VARCHAR(30),
+    @ForcePasswordReset BIT = 0
 AS
 BEGIN
     SET NOCOUNT ON
@@ -66,7 +67,8 @@ BEGIN
         [KdfIterations] = @KdfIterations,
         [CreationDate] = @CreationDate,
         [RevisionDate] = @RevisionDate,
-        [ApiKey] = @ApiKey
+        [ApiKey] = @ApiKey,
+        [ForcePasswordReset] = @ForcePasswordReset
     WHERE
         [Id] = @Id
 END

src/Sql/dbo/Tables/User.sql

@@ -30,6 +30,7 @@
     [CreationDate]                    DATETIME2 (7)    NOT NULL,
     [RevisionDate]                    DATETIME2 (7)    NOT NULL,
     [ApiKey]                          VARCHAR (30)     NOT NULL,
+    [ForcePasswordReset]              BIT              NOT NULL,
     CONSTRAINT [PK_User] PRIMARY KEY CLUSTERED ([Id] ASC)
 );
 

util/Migrator/DbScripts/2021-07-13_00_UserForcePasswordReset.sql

@@ -0,0 +1,240 @@
+-- Table: User (ForcePasswordReset)
+IF COL_LENGTH('[dbo].[User]', 'ForcePasswordReset') IS NULL
+BEGIN
+    ALTER TABLE
+        [dbo].[User]
+    ADD
+        [ForcePasswordReset] BIT NULL
+END
+GO
+
+UPDATE
+    [dbo].[User]
+SET
+    [ForcePasswordReset] = FALSE
+WHERE
+    [ForcePasswordReset] IS NULL
+GO
+
+ALTER TABLE
+    [dbo].[User]
+ALTER COLUMN
+    [ForcePasswordReset] BIT NOT NULL
+GO
+
+-- View: User
+IF EXISTS(SELECT * FROM sys.views WHERE [Name] = 'UserView')
+BEGIN
+    DROP VIEW [dbo].[UserView]
+END
+GO
+
+CREATE VIEW [dbo].[UserView]
+AS
+SELECT
+    *
+FROM
+    [dbo].[User]
+GO
+
+-- Stored Procedure: User_Create
+IF OBJECT_ID('[dbo].[User_Create]') IS NOT NULL
+BEGIN
+    DROP PROCEDURE [dbo].[User_Create]
+END
+GO
+
+CREATE PROCEDURE [dbo].[User_Create]
+    @Id UNIQUEIDENTIFIER OUTPUT,
+    @Name NVARCHAR(50),
+    @Email NVARCHAR(256),
+    @EmailVerified BIT,
+    @MasterPassword NVARCHAR(300),
+    @MasterPasswordHint NVARCHAR(50),
+    @Culture NVARCHAR(10),
+    @SecurityStamp NVARCHAR(50),
+    @TwoFactorProviders NVARCHAR(MAX),
+    @TwoFactorRecoveryCode NVARCHAR(32),
+    @EquivalentDomains NVARCHAR(MAX),
+    @ExcludedGlobalEquivalentDomains NVARCHAR(MAX),
+    @AccountRevisionDate DATETIME2(7),
+    @Key NVARCHAR(MAX),
+    @PublicKey NVARCHAR(MAX),
+    @PrivateKey NVARCHAR(MAX),
+    @Premium BIT,
+    @PremiumExpirationDate DATETIME2(7),
+    @RenewalReminderDate DATETIME2(7),
+    @Storage BIGINT,
+    @MaxStorageGb SMALLINT,
+    @Gateway TINYINT,
+    @GatewayCustomerId VARCHAR(50),
+    @GatewaySubscriptionId VARCHAR(50),
+    @ReferenceData VARCHAR(MAX),
+    @LicenseKey VARCHAR(100),
+    @Kdf TINYINT,
+    @KdfIterations INT,
+    @CreationDate DATETIME2(7),
+    @RevisionDate DATETIME2(7),
+    @ApiKey VARCHAR(30),
+    @ForcePasswordReset BIT = 0
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    INSERT INTO [dbo].[User]
+    (
+        [Id],
+        [Name],
+        [Email],
+        [EmailVerified],
+        [MasterPassword],
+        [MasterPasswordHint],
+        [Culture],
+        [SecurityStamp],
+        [TwoFactorProviders],
+        [TwoFactorRecoveryCode],
+        [EquivalentDomains],
+        [ExcludedGlobalEquivalentDomains],
+        [AccountRevisionDate],
+        [Key],
+        [PublicKey],
+        [PrivateKey],
+        [Premium],
+        [PremiumExpirationDate],
+        [RenewalReminderDate],
+        [Storage],
+        [MaxStorageGb],
+        [Gateway],
+        [GatewayCustomerId],
+        [GatewaySubscriptionId],
+        [ReferenceData],
+        [LicenseKey],
+        [Kdf],
+        [KdfIterations],
+        [CreationDate],
+        [RevisionDate],
+        [ApiKey],
+        [ForcePasswordReset]
+    )
+    VALUES
+    (
+        @Id,
+        @Name,
+        @Email,
+        @EmailVerified,
+        @MasterPassword,
+        @MasterPasswordHint,
+        @Culture,
+        @SecurityStamp,
+        @TwoFactorProviders,
+        @TwoFactorRecoveryCode,
+        @EquivalentDomains,
+        @ExcludedGlobalEquivalentDomains,
+        @AccountRevisionDate,
+        @Key,
+        @PublicKey,
+        @PrivateKey,
+        @Premium,
+        @PremiumExpirationDate,
+        @RenewalReminderDate,
+        @Storage,
+        @MaxStorageGb,
+        @Gateway,
+        @GatewayCustomerId,
+        @GatewaySubscriptionId,
+        @ReferenceData,
+        @LicenseKey,
+        @Kdf,
+        @KdfIterations,
+        @CreationDate,
+        @RevisionDate,
+        @ApiKey,
+        @ForcePasswordReset
+    )
+END
+GO
+
+-- Stored Procedure: User_Create
+IF OBJECT_ID('[dbo].[User_Update]') IS NOT NULL
+BEGIN
+    DROP PROCEDURE [dbo].[User_Update]
+END
+GO
+
+CREATE PROCEDURE [dbo].[User_Update]
+    @Id UNIQUEIDENTIFIER,
+    @Name NVARCHAR(50),
+    @Email NVARCHAR(256),
+    @EmailVerified BIT,
+    @MasterPassword NVARCHAR(300),
+    @MasterPasswordHint NVARCHAR(50),
+    @Culture NVARCHAR(10),
+    @SecurityStamp NVARCHAR(50),
+    @TwoFactorProviders NVARCHAR(MAX),
+    @TwoFactorRecoveryCode NVARCHAR(32),
+    @EquivalentDomains NVARCHAR(MAX),
+    @ExcludedGlobalEquivalentDomains NVARCHAR(MAX),
+    @AccountRevisionDate DATETIME2(7),
+    @Key NVARCHAR(MAX),
+    @PublicKey NVARCHAR(MAX),
+    @PrivateKey NVARCHAR(MAX),
+    @Premium BIT,
+    @PremiumExpirationDate DATETIME2(7),
+    @RenewalReminderDate DATETIME2(7),
+    @Storage BIGINT,
+    @MaxStorageGb SMALLINT,
+    @Gateway TINYINT,
+    @GatewayCustomerId VARCHAR(50),
+    @GatewaySubscriptionId VARCHAR(50),
+    @ReferenceData VARCHAR(MAX),
+    @LicenseKey VARCHAR(100),
+    @Kdf TINYINT,
+    @KdfIterations INT,
+    @CreationDate DATETIME2(7),
+    @RevisionDate DATETIME2(7),
+    @ApiKey VARCHAR(30),
+    @ForcePasswordReset BIT = 0
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    UPDATE
+        [dbo].[User]
+    SET
+        [Name] = @Name,
+        [Email] = @Email,
+        [EmailVerified] = @EmailVerified,
+        [MasterPassword] = @MasterPassword,
+        [MasterPasswordHint] = @MasterPasswordHint,
+        [Culture] = @Culture,
+        [SecurityStamp] = @SecurityStamp,
+        [TwoFactorProviders] = @TwoFactorProviders,
+        [TwoFactorRecoveryCode] = @TwoFactorRecoveryCode,
+        [EquivalentDomains] = @EquivalentDomains,
+        [ExcludedGlobalEquivalentDomains] = @ExcludedGlobalEquivalentDomains,
+        [AccountRevisionDate] = @AccountRevisionDate,
+        [Key] = @Key,
+        [PublicKey] = @PublicKey,
+        [PrivateKey] = @PrivateKey,
+        [Premium] = @Premium,
+        [PremiumExpirationDate] = @PremiumExpirationDate,
+        [RenewalReminderDate] = @RenewalReminderDate,
+        [Storage] = @Storage,
+        [MaxStorageGb] = @MaxStorageGb,
+        [Gateway] = @Gateway,
+        [GatewayCustomerId] = @GatewayCustomerId,
+        [GatewaySubscriptionId] = @GatewaySubscriptionId,
+        [ReferenceData] = @ReferenceData,
+        [LicenseKey] = @LicenseKey,
+        [Kdf] = @Kdf,
+        [KdfIterations] = @KdfIterations,
+        [CreationDate] = @CreationDate,
+        [RevisionDate] = @RevisionDate,
+        [ApiKey] = @ApiKey,
+        [ForcePasswordReset] = @ForcePasswordReset
+    WHERE
+        [Id] = @Id
+END
+GO
+
+

util/MySqlMigrations/Migrations/20210716142145_UserForcePasswordReset.cs

@@ -0,0 +1,24 @@
+using Microsoft.EntityFrameworkCore.Migrations;
+
+namespace Bit.MySqlMigrations.Migrations
+{
+    public partial class UserForcePasswordReset : Migration
+    {
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.AddColumn<bool>(
+                name: "ForcePasswordReset",
+                table: "User",
+                type: "tinyint(1)",
+                nullable: false,
+                defaultValue: false);
+        }
+
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropColumn(
+                name: "ForcePasswordReset",
+                table: "User");
+        }
+    }
+}

util/MySqlMigrations/Migrations/DatabaseContextModelSnapshot.cs

@@ -1040,6 +1040,9 @@ namespace Bit.MySqlMigrations.Migrations
                     b.Property<string>("ExcludedGlobalEquivalentDomains")
                         .HasColumnType("longtext");
 
+                    b.Property<bool>("ForcePasswordReset")
+                        .HasColumnType("tinyint(1)");
+
                     b.Property<byte?>("Gateway")
                         .HasColumnType("tinyint unsigned");
 

util/MySqlMigrations/Scripts/2021-07-13_00_UserForcePasswordReset.sql

@@ -0,0 +1,8 @@
+START TRANSACTION;
+
+ALTER TABLE `User` ADD `ForcePasswordReset` tinyint(1) NOT NULL DEFAULT FALSE;
+
+INSERT INTO `__EFMigrationsHistory` (`MigrationId`, `ProductVersion`)
+VALUES ('20210716142145_UserForcePasswordReset', '5.0.5');
+
+COMMIT;

util/PostgresMigrations/Migrations/20210716141748_UserForcePasswordReset.cs

@@ -0,0 +1,24 @@
+using Microsoft.EntityFrameworkCore.Migrations;
+
+namespace Bit.PostgresMigrations.Migrations
+{
+    public partial class UserForcePasswordReset : Migration
+    {
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.AddColumn<bool>(
+                name: "ForcePasswordReset",
+                table: "User",
+                type: "boolean",
+                nullable: false,
+                defaultValue: false);
+        }
+
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropColumn(
+                name: "ForcePasswordReset",
+                table: "User");
+        }
+    }
+}

util/PostgresMigrations/Migrations/DatabaseContextModelSnapshot.cs

@@ -1049,6 +1049,9 @@ namespace Bit.PostgresMigrations.Migrations
                     b.Property<string>("ExcludedGlobalEquivalentDomains")
                         .HasColumnType("text");
 
+                    b.Property<bool>("ForcePasswordReset")
+                        .HasColumnType("boolean");
+
                     b.Property<byte?>("Gateway")
                         .HasColumnType("smallint");
 

util/PostgresMigrations/Scripts/2021-07-13_00_UserForcePasswordReset.psql

@@ -0,0 +1,8 @@
+START TRANSACTION;
+
+ALTER TABLE "User" ADD "ForcePasswordReset" boolean NOT NULL DEFAULT FALSE;
+
+INSERT INTO "__EFMigrationsHistory" ("MigrationId", "ProductVersion")
+VALUES ('20210716141748_UserForcePasswordReset', '5.0.5');
+
+COMMIT;