[PM-17645] : update email for new email multi factor tokens (#5428)

* feat(newDeviceVerification) : Initial update to email

* fix : email copying over extra whitespace when using keyboard short cuts

* test : Fixing tests for new device verificaiton email format

src/Api/Auth/Controllers/TwoFactorController.cs

@@ -288,12 +288,17 @@ public class TwoFactorController : Controller
         return response;
     }
 
+    /// <summary>
+    /// This endpoint is only used to set-up email two factor authentication.
+    /// </summary>
+    /// <param name="model">secret verification model</param>
+    /// <returns>void</returns>
     [HttpPost("send-email")]
     public async Task SendEmail([FromBody] TwoFactorEmailRequestModel model)
     {
         var user = await CheckAsync(model, false, true);
         model.ToUser(user);
-        await _userService.SendTwoFactorEmailAsync(user);
+        await _userService.SendTwoFactorEmailAsync(user, false);
     }
 
     [AllowAnonymous]

src/Core/MailTemplates/Handlebars/Auth/TwoFactorEmail.html.hbs

@@ -1,13 +1,37 @@
 {{#>FullHtmlLayout}}
 <table width="100%" cellpadding="0" cellspacing="0" style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
   <tr style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
-        <td class="content-block" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; padding: 0 0 10px; -webkit-text-size-adjust: none;" valign="top">
+    <td class="content-block last" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; padding: 0; -webkit-text-size-adjust: none;" valign="top">
-            Your two-step verification code is: <b style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">{{Token}}</b>
+      To finish {{EmailTotpAction}}, enter this verification code: <b style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">{{Token}}</b>
     </td>
   </tr>
   <tr style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
     <td class="content-block last" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; padding: 0; -webkit-text-size-adjust: none;" valign="top">
-            Use this code to complete logging in with Bitwarden.
+      <br style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;" />
+      If this was not you, take these immediate steps to secure your account in the <a target="_blank" clicktracking="off" href="{{{WebVaultUrl}}}" style="-webkit-font-smoothing: antialiased;-webkit-text-size-adjust: none;box-sizing: border-box;color: #175ddc;font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif;font-size: 16px;line-height: 25px;margin: 0;text-decoration: none;">web app</a>:
+      <ul>
+        <li>Deauthorize unrecognized devices</li>
+        <li>Change your master password</li>
+        <li>Turn on two-step login</li>
+      </ul>
+    </td>
+  </tr>
+  <tr style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
+    <td class="content-block last"  style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; padding: 0; -webkit-text-size-adjust: none;" valign="top">
+      <br style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;" />
+      <hr />
+      <br style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;" />
+      <b style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">Account:</b>
+      {{AccountEmail}}
+      <br style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;" />
+      <b style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">Date:</b>
+      {{TheDate}} at {{TheTime}} {{TimeZone}}
+      <br style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;" />
+      <b style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">IP:</b>
+      {{DeviceIp}}
+      <br style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;" />
+      <b style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">DeviceType:</b>
+      {{DeviceType}}
     </td>
   </tr>
 </table>

src/Core/MailTemplates/Handlebars/Auth/TwoFactorEmail.text.hbs

@@ -1,5 +1,16 @@
 {{#>BasicTextLayout}}
-Your two-step verification code is: {{Token}}
+To finish {{EmailTotpAction}}, enter this verification code: {{Token}}
 
-Use this code to complete logging in with Bitwarden.
+If this was not you, take these immediate steps to secure your account in the web app:
+
+Deauthorize unrecognized devices
+
+Change your master password
+
+Turn on two-step login
+
+Account : {{AccountEmail}}
+Date : {{TheDate}} at {{TheTime}} {{TimeZone}}
+IP : {{DeviceIp}}
+Device Type : {{DeviceType}}
 {{/BasicTextLayout}}

src/Core/Models/Mail/TwoFactorEmailTokenViewModel.cs

@@ -0,0 +1,25 @@
+namespace Bit.Core.Models.Mail;
+
+/// <summary>
+/// This view model is used to set-up email two factor authentication, to log in with email two factor authentication,
+/// and for new device verification.
+/// </summary>
+public class TwoFactorEmailTokenViewModel : BaseMailModel
+{
+    public string Token { get; set; }
+    /// <summary>
+    /// This view model is used to also set-up email two factor authentication. We use this property to communicate
+    /// the purpose of the email, since it can be used for logging in and for setting up.
+    /// </summary>
+    public string EmailTotpAction { get; set; }
+    /// <summary>
+    /// When logging in with email two factor the account email may not be the same as the email used for two factor.
+    /// we want to show the account email in the email, so the user knows which account they are logging into.
+    /// </summary>
+    public string AccountEmail { get; set; }
+    public string TheDate { get; set; }
+    public string TheTime { get; set; }
+    public string TimeZone { get; set; }
+    public string DeviceIp { get; set; }
+    public string DeviceType { get; set; }
+}

src/Core/Models/Mail/UserVerificationEmailTokenViewModel.cs

@@ -1,6 +1,6 @@
 namespace Bit.Core.Models.Mail;
 
-public class EmailTokenViewModel : BaseMailModel
+public class UserVerificationEmailTokenViewModel : BaseMailModel
 {
     public string Token { get; set; }
 }

src/Core/Services/IMailService.cs

@@ -23,7 +23,7 @@ public interface IMailService
     Task SendCannotDeleteManagedAccountEmailAsync(string email);
     Task SendChangeEmailAlreadyExistsEmailAsync(string fromEmail, string toEmail);
     Task SendChangeEmailEmailAsync(string newEmailAddress, string token);
-    Task SendTwoFactorEmailAsync(string email, string token);
+    Task SendTwoFactorEmailAsync(string email, string accountEmail, string token, string deviceIp, string deviceType, bool authentication = true);
     Task SendNoMasterPasswordHintEmailAsync(string email);
     Task SendMasterPasswordHintEmailAsync(string email, string hint);
 

src/Core/Services/IUserService.cs

@@ -21,7 +21,21 @@ public interface IUserService
     Task<IdentityResult> CreateUserAsync(User user);
     Task<IdentityResult> CreateUserAsync(User user, string masterPasswordHash);
     Task SendMasterPasswordHintAsync(string email);
-    Task SendTwoFactorEmailAsync(User user);
+    /// <summary>
+    /// Used for both email two factor and email two factor setup.
+    /// </summary>
+    /// <param name="user">user requesting the action</param>
+    /// <param name="authentication">this controls if what verbiage is shown in the email</param>
+    /// <returns>void</returns>
+    Task SendTwoFactorEmailAsync(User user, bool authentication = true);
+    /// <summary>
+    /// Calls the same email implementation but instead it sends the token to the account email not the
+    /// email set up for two-factor, since in practice they can be different.
+    /// </summary>
+    /// <param name="user">user attepting to login with a new device</param>
+    /// <returns>void</returns>
+    Task SendNewDeviceVerificationEmailAsync(User user);
+    Task<bool> VerifyTwoFactorEmailAsync(User user, string token);
     Task<CredentialCreateOptions> StartWebAuthnRegistrationAsync(User user);
     Task<bool> DeleteWebAuthnKeyAsync(User user, int id);
     Task<bool> CompleteWebAuthRegistrationAsync(User user, int value, string name, AuthenticatorAttestationRawResponse attestationResponse);

src/Core/Services/Implementations/HandlebarsMailService.cs

@@ -146,7 +146,7 @@ public class HandlebarsMailService : IMailService
     public async Task SendChangeEmailEmailAsync(string newEmailAddress, string token)
     {
         var message = CreateDefaultMessage("Your Email Change", newEmailAddress);
-        var model = new EmailTokenViewModel
+        var model = new UserVerificationEmailTokenViewModel
         {
             Token = token,
             WebVaultUrl = _globalSettings.BaseServiceUri.VaultWithHash,
@@ -158,14 +158,22 @@ public class HandlebarsMailService : IMailService
         await _mailDeliveryService.SendEmailAsync(message);
     }
 
-    public async Task SendTwoFactorEmailAsync(string email, string token)
+    public async Task SendTwoFactorEmailAsync(string email, string accountEmail, string token, string deviceIp, string deviceType, bool authentication = true)
     {
-        var message = CreateDefaultMessage("Your Two-step Login Verification Code", email);
+        var message = CreateDefaultMessage("Your Bitwarden Verification Code", email);
-        var model = new EmailTokenViewModel
+        var requestDateTime = DateTime.UtcNow;
+        var model = new TwoFactorEmailTokenViewModel
         {
             Token = token,
+            EmailTotpAction = authentication ? "logging in" : "setting up two-step login",
+            AccountEmail = accountEmail,
+            TheDate = requestDateTime.ToLongDateString(),
+            TheTime = requestDateTime.ToShortTimeString(),
+            TimeZone = _utcTimeZoneDisplay,
+            DeviceIp = deviceIp,
+            DeviceType = deviceType,
             WebVaultUrl = _globalSettings.BaseServiceUri.VaultWithHash,
-            SiteName = _globalSettings.SiteName
+            SiteName = _globalSettings.SiteName,
         };
         await AddMessageContentAsync(message, "Auth.TwoFactorEmail", model);
         message.MetaData.Add("SendGridBypassListManagement", true);
@@ -1012,7 +1020,7 @@ public class HandlebarsMailService : IMailService
     public async Task SendOTPEmailAsync(string email, string token)
     {
         var message = CreateDefaultMessage("Your Bitwarden Verification Code", email);
-        var model = new EmailTokenViewModel
+        var model = new UserVerificationEmailTokenViewModel
         {
             Token = token,
             WebVaultUrl = _globalSettings.BaseServiceUri.VaultWithHash,

src/Core/Services/Implementations/UserService.cs

@@ -1,4 +1,6 @@
-using System.Security.Claims;
+using System.ComponentModel.DataAnnotations;
+using System.Reflection;
+using System.Security.Claims;
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Enums;
 using Bit.Core.AdminConsole.Models.Data;
@@ -350,7 +352,7 @@ public class UserService : UserManager<User>, IUserService, IDisposable
         await _mailService.SendMasterPasswordHintEmailAsync(email, user.MasterPasswordHint);
     }
 
-    public async Task SendTwoFactorEmailAsync(User user)
+    public async Task SendTwoFactorEmailAsync(User user, bool authentication = true)
     {
         var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Email);
         if (provider == null || provider.MetaData == null || !provider.MetaData.ContainsKey("Email"))
@@ -361,7 +363,26 @@ public class UserService : UserManager<User>, IUserService, IDisposable
         var email = ((string)provider.MetaData["Email"]).ToLowerInvariant();
         var token = await base.GenerateTwoFactorTokenAsync(user,
             CoreHelpers.CustomProviderName(TwoFactorProviderType.Email));
-        await _mailService.SendTwoFactorEmailAsync(email, token);
+
+        var deviceType = _currentContext.DeviceType?.GetType().GetMember(_currentContext.DeviceType?.ToString())
+            .FirstOrDefault()?.GetCustomAttribute<DisplayAttribute>()?.GetName() ?? "Unknown Browser";
+
+        await _mailService.SendTwoFactorEmailAsync(
+            email, user.Email, token, _currentContext.IpAddress, deviceType, authentication);
+    }
+
+    public async Task SendNewDeviceVerificationEmailAsync(User user)
+    {
+        ArgumentNullException.ThrowIfNull(user);
+
+        var token = await base.GenerateUserTokenAsync(user, TokenOptions.DefaultEmailProvider,
+            "otp:" + user.Email);
+
+        var deviceType = _currentContext.DeviceType?.GetType().GetMember(_currentContext.DeviceType?.ToString())
+            .FirstOrDefault()?.GetCustomAttribute<DisplayAttribute>()?.GetName() ?? "Unknown Browser";
+
+        await _mailService.SendTwoFactorEmailAsync(
+            user.Email, user.Email, token, _currentContext.IpAddress, deviceType);
     }
 
     public async Task<bool> VerifyTwoFactorEmailAsync(User user, string token)
@@ -1519,7 +1540,7 @@ public class UserService : UserManager<User>, IUserService, IDisposable
 
         if (await VerifySecretAsync(user, secret))
         {
-            await SendOTPAsync(user);
+            await SendNewDeviceVerificationEmailAsync(user);
         }
     }
 

src/Core/Services/NoopImplementations/NoopMailService.cs

@@ -87,7 +87,7 @@ public class NoopMailService : IMailService
     public Task SendOrganizationUserRevokedForPolicySingleOrgEmailAsync(string organizationName, string email) =>
         Task.CompletedTask;
 
-    public Task SendTwoFactorEmailAsync(string email, string token)
+    public Task SendTwoFactorEmailAsync(string email, string accountEmail, string token, string deviceIp, string deviceType, bool authentication = true)
     {
         return Task.FromResult(0);
     }

src/Identity/IdentityServer/RequestValidators/DeviceValidator.cs

@@ -79,7 +79,7 @@ public class DeviceValidator(
                     BuildDeviceErrorResult(validationResult);
                 if (validationResult == DeviceValidationResultType.NewDeviceVerificationRequired)
                 {
-                    await _userService.SendOTPAsync(context.User);
+                    await _userService.SendNewDeviceVerificationEmailAsync(context.User);
                 }
                 return false;
             }
@@ -163,6 +163,14 @@ public class DeviceValidator(
         return DeviceValidationResultType.NewDeviceVerificationRequired;
     }
 
+    /// <summary>
+    /// Sends an email whenever the user logs in from a new device. Will not send to a user who's account
+    /// is less than 10 minutes old. We assume an account that is less than 10 minutes old is new and does
+    /// not need an email stating they just logged in.
+    /// </summary>
+    /// <param name="user">user logging in</param>
+    /// <param name="requestDevice">current device being approved to login</param>
+    /// <returns>void</returns>
     private async Task SendNewDeviceLoginEmail(User user, Device requestDevice)
     {
         // Ensure that the user doesn't receive a "new device" email on the first login

test/Core.Test/Services/UserServiceTests.cs

@@ -96,6 +96,9 @@ public class UserServiceTests
     {
         var email = user.Email.ToLowerInvariant();
         var token = "thisisatokentocompare";
+        var authentication = true;
+        var IpAddress = "1.1.1.1";
+        var deviceType = "Android";
 
         var userTwoFactorTokenProvider = Substitute.For<IUserTwoFactorTokenProvider<User>>();
         userTwoFactorTokenProvider
@@ -105,6 +108,10 @@ public class UserServiceTests
             .GenerateAsync("TwoFactor", Arg.Any<UserManager<User>>(), user)
             .Returns(Task.FromResult(token));
 
+        var context = sutProvider.GetDependency<ICurrentContext>();
+        context.DeviceType = DeviceType.Android;
+        context.IpAddress = IpAddress;
+
         sutProvider.Sut.RegisterTokenProvider("Custom_Email", userTwoFactorTokenProvider);
 
         user.SetTwoFactorProviders(new Dictionary<TwoFactorProviderType, TwoFactorProvider>
@@ -119,7 +126,7 @@ public class UserServiceTests
 
         await sutProvider.GetDependency<IMailService>()
             .Received(1)
-            .SendTwoFactorEmailAsync(email, token);
+            .SendTwoFactorEmailAsync(email, user.Email, token, IpAddress, deviceType, authentication);
     }
 
     [Theory, BitAutoData]
@@ -160,6 +167,44 @@ public class UserServiceTests
         await Assert.ThrowsAsync<ArgumentNullException>("No email.", () => sutProvider.Sut.SendTwoFactorEmailAsync(user));
     }
 
+    [Theory, BitAutoData]
+    public async Task SendNewDeviceVerificationEmailAsync_ExceptionBecauseUserNull(SutProvider<UserService> sutProvider)
+    {
+        await Assert.ThrowsAsync<ArgumentNullException>(() => sutProvider.Sut.SendNewDeviceVerificationEmailAsync(null));
+    }
+
+    [Theory]
+    [BitAutoData(DeviceType.UnknownBrowser, "Unknown Browser")]
+    [BitAutoData(DeviceType.Android, "Android")]
+    public async Task SendNewDeviceVerificationEmailAsync_DeviceMatches(DeviceType deviceType, string deviceTypeName, SutProvider<UserService> sutProvider, User user)
+    {
+        SetupFakeTokenProvider(sutProvider, user);
+        var context = sutProvider.GetDependency<ICurrentContext>();
+        context.DeviceType = deviceType;
+        context.IpAddress = "1.1.1.1";
+
+        await sutProvider.Sut.SendNewDeviceVerificationEmailAsync(user);
+
+        await sutProvider.GetDependency<IMailService>()
+            .Received(1)
+            .SendTwoFactorEmailAsync(Arg.Any<string>(), Arg.Any<string>(), Arg.Any<string>(), Arg.Any<string>(), deviceTypeName, Arg.Any<bool>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task SendNewDeviceVerificationEmailAsync_NullDeviceTypeShouldSendUnkownBrowserType(SutProvider<UserService> sutProvider, User user)
+    {
+        SetupFakeTokenProvider(sutProvider, user);
+        var context = sutProvider.GetDependency<ICurrentContext>();
+        context.DeviceType = null;
+        context.IpAddress = "1.1.1.1";
+
+        await sutProvider.Sut.SendNewDeviceVerificationEmailAsync(user);
+
+        await sutProvider.GetDependency<IMailService>()
+            .Received(1)
+            .SendTwoFactorEmailAsync(Arg.Any<string>(), Arg.Any<string>(), Arg.Any<string>(), Arg.Any<string>(), "Unknown Browser", Arg.Any<bool>());
+    }
+
     [Theory, BitAutoData]
     public async Task HasPremiumFromOrganization_Returns_False_If_No_Orgs(SutProvider<UserService> sutProvider, User user)
     {
@@ -577,7 +622,7 @@ public class UserServiceTests
     }
 
     [Theory, BitAutoData]
-    public async Task ResendNewDeviceVerificationEmail_UserNull_SendOTPAsyncNotCalled(
+    public async Task ResendNewDeviceVerificationEmail_UserNull_SendTwoFactorEmailAsyncNotCalled(
         SutProvider<UserService> sutProvider, string email, string secret)
     {
         sutProvider.GetDependency<IUserRepository>()
@@ -588,11 +633,11 @@ public class UserServiceTests
 
         await sutProvider.GetDependency<IMailService>()
             .DidNotReceive()
-            .SendOTPEmailAsync(Arg.Any<string>(), Arg.Any<string>());
+            .SendTwoFactorEmailAsync(Arg.Any<string>(), Arg.Any<string>(), Arg.Any<string>(), Arg.Any<string>(), Arg.Any<string>(), Arg.Any<bool>());
     }
 
     [Theory, BitAutoData]
-    public async Task ResendNewDeviceVerificationEmail_SecretNotValid_SendOTPAsyncNotCalled(
+    public async Task ResendNewDeviceVerificationEmail_SecretNotValid_SendTwoFactorEmailAsyncNotCalled(
     SutProvider<UserService> sutProvider, string email, string secret)
     {
         sutProvider.GetDependency<IUserRepository>()
@@ -603,7 +648,7 @@ public class UserServiceTests
 
         await sutProvider.GetDependency<IMailService>()
             .DidNotReceive()
-            .SendOTPEmailAsync(Arg.Any<string>(), Arg.Any<string>());
+            .SendTwoFactorEmailAsync(Arg.Any<string>(), Arg.Any<string>(), Arg.Any<string>(), Arg.Any<string>(), Arg.Any<string>(), Arg.Any<bool>());
     }
 
     [Theory, BitAutoData]
@@ -637,6 +682,10 @@ public class UserServiceTests
             .GetByEmailAsync(user.Email)
             .Returns(user);
 
+        var context = sutProvider.GetDependency<ICurrentContext>();
+        context.DeviceType = DeviceType.Android;
+        context.IpAddress = "1.1.1.1";
+
         // HACK: SutProvider is being weird about not injecting the IPasswordHasher that I configured
         var sut = RebuildSut(sutProvider);
 
@@ -644,7 +693,8 @@ public class UserServiceTests
 
         await sutProvider.GetDependency<IMailService>()
             .Received(1)
-            .SendOTPEmailAsync(user.Email, Arg.Any<string>());
+            .SendTwoFactorEmailAsync(Arg.Any<string>(), Arg.Any<string>(), Arg.Any<string>(), Arg.Any<string>(), Arg.Any<string>(), Arg.Any<bool>());
+
     }
 
     [Theory]

test/Identity.IntegrationTest/Endpoints/IdentityServerTwoFactorTests.cs

@@ -67,7 +67,12 @@ public class IdentityServerTwoFactorTests : IClassFixture<IdentityApplicationFac
         string emailToken = null;
         factory.SubstituteService<IMailService>(mailService =>
         {
-            mailService.SendTwoFactorEmailAsync(Arg.Any<string>(), Arg.Do<string>(t => emailToken = t))
+            mailService.SendTwoFactorEmailAsync(
+                    Arg.Any<string>(),
+                    Arg.Any<string>(),
+                    Arg.Do<string>(t => emailToken = t),
+                    Arg.Any<string>(),
+                    Arg.Any<string>())
                 .Returns(Task.CompletedTask);
         });
 
@@ -273,7 +278,12 @@ public class IdentityServerTwoFactorTests : IClassFixture<IdentityApplicationFac
         string emailToken = null;
         localFactory.SubstituteService<IMailService>(mailService =>
         {
-            mailService.SendTwoFactorEmailAsync(Arg.Any<string>(), Arg.Do<string>(t => emailToken = t))
+            mailService.SendTwoFactorEmailAsync(
+                    Arg.Any<string>(),
+                    Arg.Any<string>(),
+                    Arg.Do<string>(t => emailToken = t),
+                    Arg.Any<string>(),
+                    Arg.Any<string>())
                 .Returns(Task.CompletedTask);
         });
 

test/Identity.Test/IdentityServer/DeviceValidatorTests.cs

@@ -574,7 +574,7 @@ public class DeviceValidatorTests
         var result = await _sut.ValidateRequestDeviceAsync(request, context);
 
         // Assert
-        await _userService.Received(1).SendOTPAsync(context.User);
+        await _userService.Received(1).SendNewDeviceVerificationEmailAsync(context.User);
         await _deviceService.Received(0).SaveAsync(Arg.Any<Device>());
 
         Assert.False(result);