[EC-400] Code clean up Device Verification (#2601)

* EC-400 Clean up code regarding Unknown Device Verification * EC-400 Fix formatting
2025-07-01 08:02:49 -05:00 · 2023-02-17 10:15:28 -03:00
parent 7594ca1122
commit 69511160cb
32 changed files with 6876 additions and 469 deletions
--- a/src/Core/Services/IMailService.cs
+++ b/src/Core/Services/IMailService.cs
@ -13,7 +13,6 @@ public interface IMailService
    Task SendChangeEmailAlreadyExistsEmailAsync(string fromEmail, string toEmail);
    Task SendChangeEmailEmailAsync(string newEmailAddress, string token);
    Task SendTwoFactorEmailAsync(string email, string token);
-    Task SendNewDeviceLoginTwoFactorEmailAsync(string email, string token);
    Task SendNoMasterPasswordHintEmailAsync(string email);
    Task SendMasterPasswordHintEmailAsync(string email, string hint);
    Task SendOrganizationInviteEmailAsync(string organizationName, OrganizationUser orgUser, ExpiringToken token);
--- a/src/Core/Services/IUserService.cs
+++ b/src/Core/Services/IUserService.cs
@ -19,7 +19,7 @@ public interface IUserService
    Task<IdentityResult> RegisterUserAsync(User user, string masterPassword, string token, Guid? orgUserId);
    Task<IdentityResult> RegisterUserAsync(User user);
    Task SendMasterPasswordHintAsync(string email);
-    Task SendTwoFactorEmailAsync(User user, bool isBecauseNewDeviceLogin = false);
+    Task SendTwoFactorEmailAsync(User user);
    Task<bool> VerifyTwoFactorEmailAsync(User user, string token);
    Task<CredentialCreateOptions> StartWebAuthnRegistrationAsync(User user);
    Task<bool> DeleteWebAuthnKeyAsync(User user, int id);
@ -76,6 +76,4 @@ public interface IUserService
    Task SendOTPAsync(User user);
    Task<bool> VerifyOTPAsync(User user, string token);
    Task<bool> VerifySecretAsync(User user, string secret);
-    Task<bool> Needs2FABecauseNewDeviceAsync(User user, string deviceIdentifier, string grantType);
-    bool CanEditDeviceVerificationSettings(User user);
 }
--- a/src/Core/Services/Implementations/EmergencyAccessService.cs
+++ b/src/Core/Services/Implementations/EmergencyAccessService.cs
@ -323,7 +323,6 @@ public class EmergencyAccessService : IEmergencyAccessService
        grantor.Key = key;
        // Disable TwoFactor providers since they will otherwise block logins
        grantor.SetTwoFactorProviders(new Dictionary<TwoFactorProviderType, TwoFactorProvider>());
-        grantor.UnknownDeviceVerificationEnabled = false;
        await _userRepository.ReplaceAsync(grantor);

        // Remove grantor from all organizations unless Owner
--- a/src/Core/Services/Implementations/HandlebarsMailService.cs
+++ b/src/Core/Services/Implementations/HandlebarsMailService.cs
@ -113,21 +113,6 @@ public class HandlebarsMailService : IMailService
        await _mailDeliveryService.SendEmailAsync(message);
    }

-    public async Task SendNewDeviceLoginTwoFactorEmailAsync(string email, string token)
-    {
-        var message = CreateDefaultMessage("New Device Login Verification Code", email);
-        var model = new EmailTokenViewModel
-        {
-            Token = token,
-            WebVaultUrl = _globalSettings.BaseServiceUri.VaultWithHash,
-            SiteName = _globalSettings.SiteName
-        };
-        await AddMessageContentAsync(message, "NewDeviceLoginTwoFactorEmail", model);
-        message.MetaData.Add("SendGridBypassListManagement", true);
-        message.Category = "TwoFactorEmail";
-        await _mailDeliveryService.SendEmailAsync(message);
-    }
-
    public async Task SendMasterPasswordHintEmailAsync(string email, string hint)
    {
        var message = CreateDefaultMessage("Your Master Password Hint", email);
--- a/src/Core/Services/Implementations/UserService.cs
+++ b/src/Core/Services/Implementations/UserService.cs
@ -46,7 +46,6 @@ public class UserService : UserManager<User>, IUserService, IDisposable
    private readonly IGlobalSettings _globalSettings;
    private readonly IOrganizationService _organizationService;
    private readonly IProviderUserRepository _providerUserRepository;
-    private readonly IDeviceRepository _deviceRepository;
    private readonly IStripeSyncService _stripeSyncService;

    public UserService(
@ -77,7 +76,6 @@ public class UserService : UserManager<User>, IUserService, IDisposable
        IGlobalSettings globalSettings,
        IOrganizationService organizationService,
        IProviderUserRepository providerUserRepository,
-        IDeviceRepository deviceRepository,
        IStripeSyncService stripeSyncService)
        : base(
              store,
@ -113,7 +111,6 @@ public class UserService : UserManager<User>, IUserService, IDisposable
        _globalSettings = globalSettings;
        _organizationService = organizationService;
        _providerUserRepository = providerUserRepository;
-        _deviceRepository = deviceRepository;
        _stripeSyncService = stripeSyncService;
    }

@ -353,7 +350,7 @@ public class UserService : UserManager<User>, IUserService, IDisposable
        await _mailService.SendMasterPasswordHintEmailAsync(email, user.MasterPasswordHint);
    }

-    public async Task SendTwoFactorEmailAsync(User user, bool isBecauseNewDeviceLogin = false)
+    public async Task SendTwoFactorEmailAsync(User user)
    {
        var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Email);
        if (provider == null || provider.MetaData == null || !provider.MetaData.ContainsKey("Email"))
@ -365,14 +362,7 @@ public class UserService : UserManager<User>, IUserService, IDisposable
        var token = await base.GenerateUserTokenAsync(user, TokenOptions.DefaultEmailProvider,
            "2faEmail:" + email);

-        if (isBecauseNewDeviceLogin)
-        {
-            await _mailService.SendNewDeviceLoginTwoFactorEmailAsync(email, token);
-        }
-        else
-        {
-            await _mailService.SendTwoFactorEmailAsync(email, token);
-        }
+        await _mailService.SendTwoFactorEmailAsync(email, token);
    }

    public async Task<bool> VerifyTwoFactorEmailAsync(User user, string token)
@ -1478,36 +1468,4 @@ public class UserService : UserManager<User>, IUserService, IDisposable
            ? await VerifyOTPAsync(user, secret)
            : await CheckPasswordAsync(user, secret);
    }
-
-    public async Task<bool> Needs2FABecauseNewDeviceAsync(User user, string deviceIdentifier, string grantType)
-    {
-        return CanEditDeviceVerificationSettings(user)
-               && user.UnknownDeviceVerificationEnabled
-               && grantType != "authorization_code"
-               && await IsNewDeviceAndNotTheFirstOneAsync(user, deviceIdentifier);
-    }
-
-    public bool CanEditDeviceVerificationSettings(User user)
-    {
-        return _globalSettings.TwoFactorAuth.EmailOnNewDeviceLogin
-               && user.EmailVerified
-               && !user.UsesKeyConnector
-               && !(user.GetTwoFactorProviders()?.Any() ?? false);
-    }
-
-    private async Task<bool> IsNewDeviceAndNotTheFirstOneAsync(User user, string deviceIdentifier)
-    {
-        if (user == null)
-        {
-            return default;
-        }
-
-        var devices = await _deviceRepository.GetManyByUserIdAsync(user.Id);
-        if (!devices.Any())
-        {
-            return false;
-        }
-
-        return !devices.Any(d => d.Identifier == deviceIdentifier);
-    }
 }
--- a/src/Core/Services/NoopImplementations/NoopMailService.cs
+++ b/src/Core/Services/NoopImplementations/NoopMailService.cs
@ -72,11 +72,6 @@ public class NoopMailService : IMailService
        return Task.FromResult(0);
    }

-    public Task SendNewDeviceLoginTwoFactorEmailAsync(string email, string token)
-    {
-        return Task.CompletedTask;
-    }
-
    public Task SendWelcomeEmailAsync(User user)
    {
        return Task.FromResult(0);