[PM-15614] Allow Users to opt out of new device verification (#5176)

feat(NewDeviceVerification) : * Created database migration scripts for VerifyDevices column in [dbo].[User]. * Updated DeviceValidator to check if user has opted out of device verification. * Added endpoint to AccountsController.cs to allow editing of new User.VerifyDevices property. * Added tests for new methods and endpoint. * Updating queries to track [dbo].[User].[VerifyDevices]. * Updated DeviceValidator to set `User.EmailVerified` property during the New Device Verification flow.
2025-06-30 15:42:48 -05:00 · 2025-01-08 07:31:24 -08:00
parent 481a766cd2
commit a84ef0724c
21 changed files with 9459 additions and 9 deletions
--- a/src/Api/Auth/Controllers/AccountsController.cs
+++ b/src/Api/Auth/Controllers/AccountsController.cs
@ -969,11 +969,28 @@ public class AccountsController : Controller
    [RequireFeature(FeatureFlagKeys.NewDeviceVerification)]
    [AllowAnonymous]
    [HttpPost("resend-new-device-otp")]
-    public async Task ResendNewDeviceOtpAsync([FromBody] UnauthenticatedSecretVerificatioRequestModel request)
+    public async Task ResendNewDeviceOtpAsync([FromBody] UnauthenticatedSecretVerificationRequestModel request)
    {
        await _userService.ResendNewDeviceVerificationEmail(request.Email, request.Secret);
    }

+    [RequireFeature(FeatureFlagKeys.NewDeviceVerification)]
+    [HttpPost("verify-devices")]
+    [HttpPut("verify-devices")]
+    public async Task SetUserVerifyDevicesAsync([FromBody] SetVerifyDevicesRequestModel request)
+    {
+        var user = await _userService.GetUserByPrincipalAsync(User) ?? throw new UnauthorizedAccessException();
+
+        if (!await _userService.VerifySecretAsync(user, request.Secret))
+        {
+            await Task.Delay(2000);
+            throw new BadRequestException(string.Empty, "User verification failed.");
+        }
+        user.VerifyDevices = request.VerifyDevices;
+
+        await _userService.SaveUserAsync(user);
+    }
+
    private async Task<IEnumerable<Guid>> GetOrganizationIdsManagingUserAsync(Guid userId)
    {
        var organizationManagingUser = await _userService.GetOrganizationsManagingUserAsync(userId);
--- a/src/Api/Auth/Models/Request/Accounts/SetVerifyDevicesRequestModel.cs
+++ b/src/Api/Auth/Models/Request/Accounts/SetVerifyDevicesRequestModel.cs
@ -0,0 +1,9 @@
+using System.ComponentModel.DataAnnotations;
+
+namespace Bit.Api.Auth.Models.Request.Accounts;
+
+public class SetVerifyDevicesRequestModel : SecretVerificationRequestModel
+{
+    [Required]
+    public bool VerifyDevices { get; set; }
+}
--- a/src/Api/Auth/Models/Request/Accounts/UnauthenticatedSecretVerificationRequestModel.cs
+++ b/src/Api/Auth/Models/Request/Accounts/UnauthenticatedSecretVerificationRequestModel.cs
@ -3,7 +3,7 @@ using Bit.Core.Utilities;

 namespace Bit.Api.Auth.Models.Request.Accounts;

-public class UnauthenticatedSecretVerificatioRequestModel : SecretVerificationRequestModel
+public class UnauthenticatedSecretVerificationRequestModel : SecretVerificationRequestModel
 {
    [Required]
    [StrictEmailAddress]