[PS-589] Fix emergency contact takeover device verification and endpoints for its settings (#2016)

* Added UnknownDeviceVerificationEnabled on User that is turned off when emergency contact takes over the account. Also added endpoints to get and update 2fa device verification settings. And Updated migrations & tests

* Applied dotnet format

* Fixed method rename call on TwoFactorController

* PS-589 Format fixes

* PS-589 changed UnknownDeviceVerificationEnabled to be non-nullable

src/Api/Controllers/TwoFactorController.cs

@@ -380,6 +380,42 @@ namespace Bit.Api.Controllers
             }
         }
 
+        [HttpGet("get-device-verification-settings")]
+        public async Task<DeviceVerificationResponseModel> GetDeviceVerificationSettings()
+        {
+            var user = await _userService.GetUserByPrincipalAsync(User);
+            if (user == null)
+            {
+                throw new UnauthorizedAccessException();
+            }
+
+            if (User.Claims.HasSsoIdP())
+            {
+                return new DeviceVerificationResponseModel(false, false);
+            }
+
+            return new DeviceVerificationResponseModel(_userService.CanEditDeviceVerificationSettings(user), user.UnknownDeviceVerificationEnabled);
+        }
+
+        [HttpPut("device-verification-settings")]
+        public async Task<DeviceVerificationResponseModel> PutDeviceVerificationSettings([FromBody] DeviceVerificationRequestModel model)
+        {
+            var user = await _userService.GetUserByPrincipalAsync(User);
+            if (user == null)
+            {
+                throw new UnauthorizedAccessException();
+            }
+            if (!_userService.CanEditDeviceVerificationSettings(user)
+                || User.Claims.HasSsoIdP())
+            {
+                throw new InvalidOperationException("Can't update device verification settings");
+            }
+
+            model.ToUser(user);
+            await _userService.SaveUserAsync(user);
+            return new DeviceVerificationResponseModel(true, user.UnknownDeviceVerificationEnabled);
+        }
+
         private async Task<User> CheckAsync(SecretVerificationRequestModel model, bool premium)
         {
             var user = await _userService.GetUserByPrincipalAsync(User);

src/Api/Models/Request/DeviceVerificationRequestModel.cs

@@ -0,0 +1,18 @@
+using System;
+using System.ComponentModel.DataAnnotations;
+using Bit.Core.Entities;
+
+namespace Bit.Api.Models.Request
+{
+    public class DeviceVerificationRequestModel
+    {
+        [Required]
+        public bool UnknownDeviceVerificationEnabled { get; set; }
+
+        public User ToUser(User user)
+        {
+            user.UnknownDeviceVerificationEnabled = UnknownDeviceVerificationEnabled;
+            return user;
+        }
+    }
+}

src/Api/Models/Response/DeviceVerificationResponseModel.cs

@@ -0,0 +1,18 @@
+using System;
+using Bit.Core.Models.Api;
+
+namespace Bit.Api.Models.Response
+{
+    public class DeviceVerificationResponseModel : ResponseModel
+    {
+        public DeviceVerificationResponseModel(bool isDeviceVerificationSectionEnabled, bool unknownDeviceVerificationEnabled)
+            : base("deviceVerificationSettings")
+        {
+            IsDeviceVerificationSectionEnabled = isDeviceVerificationSectionEnabled;
+            UnknownDeviceVerificationEnabled = unknownDeviceVerificationEnabled;
+        }
+
+        public bool IsDeviceVerificationSectionEnabled { get; }
+        public bool UnknownDeviceVerificationEnabled { get; }
+    }
+}