[PS-589] Fix emergency contact takeover device verification and endpoints for its settings (#2016)

* Added UnknownDeviceVerificationEnabled on User that is turned off when emergency contact takes over the account. Also added endpoints to get and update 2fa device verification settings. And Updated migrations & tests * Applied dotnet format * Fixed method rename call on TwoFactorController * PS-589 Format fixes * PS-589 changed UnknownDeviceVerificationEnabled to be non-nullable
2025-07-01 16:12:49 -05:00 · 2022-06-06 14:52:50 -03:00
parent 16c6b23a27
commit b070e9a387
23 changed files with 3781 additions and 13 deletions
--- a/src/Api/Controllers/TwoFactorController.cs
+++ b/src/Api/Controllers/TwoFactorController.cs
@ -380,6 +380,42 @@ namespace Bit.Api.Controllers
            }
        }

+        [HttpGet("get-device-verification-settings")]
+        public async Task<DeviceVerificationResponseModel> GetDeviceVerificationSettings()
+        {
+            var user = await _userService.GetUserByPrincipalAsync(User);
+            if (user == null)
+            {
+                throw new UnauthorizedAccessException();
+            }
+
+            if (User.Claims.HasSsoIdP())
+            {
+                return new DeviceVerificationResponseModel(false, false);
+            }
+
+            return new DeviceVerificationResponseModel(_userService.CanEditDeviceVerificationSettings(user), user.UnknownDeviceVerificationEnabled);
+        }
+
+        [HttpPut("device-verification-settings")]
+        public async Task<DeviceVerificationResponseModel> PutDeviceVerificationSettings([FromBody] DeviceVerificationRequestModel model)
+        {
+            var user = await _userService.GetUserByPrincipalAsync(User);
+            if (user == null)
+            {
+                throw new UnauthorizedAccessException();
+            }
+            if (!_userService.CanEditDeviceVerificationSettings(user)
+                || User.Claims.HasSsoIdP())
+            {
+                throw new InvalidOperationException("Can't update device verification settings");
+            }
+
+            model.ToUser(user);
+            await _userService.SaveUserAsync(user);
+            return new DeviceVerificationResponseModel(true, user.UnknownDeviceVerificationEnabled);
+        }
+
        private async Task<User> CheckAsync(SecretVerificationRequestModel model, bool premium)
        {
            var user = await _userService.GetUserByPrincipalAsync(User);