[PM-19685] Remove email delay feature flag (#5622)

* Remove email delay feature flag * Fixed reference. * Removed field from old registration method
2025-07-03 00:52:49 -05:00 · 2025-04-07 21:36:08 -04:00
parent 91fa02f8e6
commit 8beefbb417
3 changed files with 7 additions and 32 deletions
--- a/src/Core/Auth/UserFeatures/Registration/Implementations/SendVerificationEmailForRegistrationCommand.cs
+++ b/src/Core/Auth/UserFeatures/Registration/Implementations/SendVerificationEmailForRegistrationCommand.cs
@ -53,23 +53,10 @@ public class SendVerificationEmailForRegistrationCommand : ISendVerificationEmai
        var user = await _userRepository.GetByEmailAsync(email);
        var userExists = user != null;

-        // Delays enabled by default; flag must be enabled to remove the delays.
-        var delaysEnabled = !_featureService.IsEnabled(FeatureFlagKeys.EmailVerificationDisableTimingDelays);
-
        if (!_globalSettings.EnableEmailVerification)
        {
-
            if (userExists)
            {
-
-                if (delaysEnabled)
-                {
-                    // Add delay to prevent timing attacks
-                    // Note: sub 140 ms feels responsive to users so we are using a random value between 100 - 130 ms
-                    // as it should be long enough to prevent timing attacks but not too long to be noticeable to the user.
-                    await Task.Delay(Random.Shared.Next(100, 130));
-                }
-
                throw new BadRequestException($"Email {email} is already taken");
            }

@ -87,11 +74,6 @@ public class SendVerificationEmailForRegistrationCommand : ISendVerificationEmai
            await _mailService.SendRegistrationVerificationEmailAsync(email, token);
        }

-        if (delaysEnabled)
-        {
-            // Add random delay between 100ms-130ms to prevent timing attacks
-            await Task.Delay(Random.Shared.Next(100, 130));
-        }
        // User exists but we will return a 200 regardless of whether the email was sent or not; so return null
        return null;
    }
--- a/src/Core/Constants.cs
+++ b/src/Core/Constants.cs
@ -115,7 +115,6 @@ public static class FeatureFlagKeys
    public const string TwoFactorExtensionDataPersistence = "pm-9115-two-factor-extension-data-persistence";
    public const string DuoRedirect = "duo-redirect";
    public const string EmailVerification = "email-verification";
-    public const string EmailVerificationDisableTimingDelays = "email-verification-disable-timing-delays";
    public const string DeviceTrustLogging = "pm-8285-device-trust-logging";
    public const string AuthenticatorTwoFactorToken = "authenticator-2fa-token";
    public const string UnauthenticatedExtensionUIRefresh = "unauth-ui-refresh";