[EC-400] Code clean up Device Verification (#2601)

* EC-400 Clean up code regarding Unknown Device Verification * EC-400 Fix formatting
2025-06-30 23:52:50 -05:00 · 2023-02-17 10:15:28 -03:00
parent 7594ca1122
commit 69511160cb
32 changed files with 6876 additions and 469 deletions
--- a/src/Api/Controllers/TwoFactorController.cs
+++ b/src/Api/Controllers/TwoFactorController.cs
@ -295,21 +295,14 @@ public class TwoFactorController : Controller
                if (await _verifyAuthRequestCommand
                        .VerifyAuthRequestAsync(new Guid(model.AuthRequestId), model.AuthRequestAccessCode))
                {
-                    var isBecauseNewDeviceLogin = await IsNewDeviceLoginAsync(user, model);
-
-                    await _userService.SendTwoFactorEmailAsync(user, isBecauseNewDeviceLogin);
+                    await _userService.SendTwoFactorEmailAsync(user);
                    return;
                }
            }
-            else
+            else if (await _userService.VerifySecretAsync(user, model.Secret))
            {
-                if (await _userService.VerifySecretAsync(user, model.Secret))
-                {
-                    var isBecauseNewDeviceLogin = await IsNewDeviceLoginAsync(user, model);
-
-                    await _userService.SendTwoFactorEmailAsync(user, isBecauseNewDeviceLogin);
-                    return;
-                }
+                await _userService.SendTwoFactorEmailAsync(user);
+                return;
            }
        }

@ -390,41 +383,18 @@ public class TwoFactorController : Controller
        }
    }

+    [Obsolete("Leaving this for backwards compatibilty on clients")]
    [HttpGet("get-device-verification-settings")]
-    public async Task<DeviceVerificationResponseModel> GetDeviceVerificationSettings()
+    public Task<DeviceVerificationResponseModel> GetDeviceVerificationSettings()
    {
-        var user = await _userService.GetUserByPrincipalAsync(User);
-        if (user == null)
-        {
-            throw new UnauthorizedAccessException();
-        }
-
-        if (User.Claims.HasSsoIdP())
-        {
-            return new DeviceVerificationResponseModel(false, false);
-        }
-
-        var canUserEditDeviceVerificationSettings = _userService.CanEditDeviceVerificationSettings(user);
-        return new DeviceVerificationResponseModel(canUserEditDeviceVerificationSettings, canUserEditDeviceVerificationSettings && user.UnknownDeviceVerificationEnabled);
+        return Task.FromResult(new DeviceVerificationResponseModel(false, false));
    }

+    [Obsolete("Leaving this for backwards compatibilty on clients")]
    [HttpPut("device-verification-settings")]
-    public async Task<DeviceVerificationResponseModel> PutDeviceVerificationSettings([FromBody] DeviceVerificationRequestModel model)
+    public Task<DeviceVerificationResponseModel> PutDeviceVerificationSettings([FromBody] DeviceVerificationRequestModel model)
    {
-        var user = await _userService.GetUserByPrincipalAsync(User);
-        if (user == null)
-        {
-            throw new UnauthorizedAccessException();
-        }
-        if (!_userService.CanEditDeviceVerificationSettings(user)
-            || User.Claims.HasSsoIdP())
-        {
-            throw new InvalidOperationException("Can't update device verification settings");
-        }
-
-        model.ToUser(user);
-        await _userService.SaveUserAsync(user);
-        return new DeviceVerificationResponseModel(true, user.UnknownDeviceVerificationEnabled);
+        return Task.FromResult(new DeviceVerificationResponseModel(false, false));
    }

    private async Task<User> CheckAsync(SecretVerificationRequestModel model, bool premium)
@ -467,17 +437,4 @@ public class TwoFactorController : Controller
            await Task.Delay(500);
        }
    }
-
-    private async Task<bool> IsNewDeviceLoginAsync(User user, TwoFactorEmailRequestModel model)
-    {
-        if (user.GetTwoFactorProvider(TwoFactorProviderType.Email) is null
-            &&
-            await _userService.Needs2FABecauseNewDeviceAsync(user, model.DeviceIdentifier, null))
-        {
-            model.ToUser(user);
-            return true;
-        }
-
-        return false;
-    }
 }
--- a/src/Api/Models/Request/DeviceVerificationRequestModel.cs
+++ b/src/Api/Models/Request/DeviceVerificationRequestModel.cs
@ -1,16 +1,10 @@
 using System.ComponentModel.DataAnnotations;
-using Bit.Core.Entities;

 namespace Bit.Api.Models.Request;

 public class DeviceVerificationRequestModel
 {
+    [Obsolete("Leaving this for backwards compatibilty on clients")]
    [Required]
    public bool UnknownDeviceVerificationEnabled { get; set; }
-
-    public User ToUser(User user)
-    {
-        user.UnknownDeviceVerificationEnabled = UnknownDeviceVerificationEnabled;
-        return user;
-    }
 }
--- a/src/Api/Models/Request/TwoFactorRequestModels.cs
+++ b/src/Api/Models/Request/TwoFactorRequestModels.cs
@ -202,8 +202,6 @@ public class TwoFactorEmailRequestModel : SecretVerificationRequestModel
    [StringLength(256)]
    public string Email { get; set; }

-    public string DeviceIdentifier { get; set; }
-
    public string AuthRequestId { get; set; }

    public User ToUser(User extistingUser)
--- a/src/Api/Models/Response/DeviceVerificationResponseModel.cs
+++ b/src/Api/Models/Response/DeviceVerificationResponseModel.cs
@ -2,6 +2,7 @@

 namespace Bit.Api.Models.Response;

+[Obsolete("Leaving this for backwards compatibilty on clients")]
 public class DeviceVerificationResponseModel : ResponseModel
 {
    public DeviceVerificationResponseModel(bool isDeviceVerificationSectionEnabled, bool unknownDeviceVerificationEnabled)