[PS-589] Fix emergency contact takeover device verification and endpoints for its settings (#2016)

* Added UnknownDeviceVerificationEnabled on User that is turned off when emergency contact takes over the account. Also added endpoints to get and update 2fa device verification settings. And Updated migrations & tests * Applied dotnet format * Fixed method rename call on TwoFactorController * PS-589 Format fixes * PS-589 changed UnknownDeviceVerificationEnabled to be non-nullable
2025-07-05 10:02:47 -05:00 · 2022-06-06 14:52:50 -03:00
parent 16c6b23a27
commit b070e9a387
23 changed files with 3781 additions and 13 deletions
--- a/src/Core/Services/Implementations/UserService.cs
+++ b/src/Core/Services/Implementations/UserService.cs
@ -1417,12 +1417,20 @@ namespace Bit.Core.Services

        public async Task<bool> Needs2FABecauseNewDeviceAsync(User user, string deviceIdentifier, string grantType)
        {
-            return _globalSettings.TwoFactorAuth.EmailOnNewDeviceLogin
-                   && user.EmailVerified
+            return CanEditDeviceVerificationSettings(user)
+                   && user.UnknownDeviceVerificationEnabled
                   && grantType != "authorization_code"
                   && await IsNewDeviceAndNotTheFirstOneAsync(user, deviceIdentifier);
        }

+        public bool CanEditDeviceVerificationSettings(User user)
+        {
+            return _globalSettings.TwoFactorAuth.EmailOnNewDeviceLogin
+                   && user.EmailVerified
+                   && !user.UsesKeyConnector
+                   && !(user.GetTwoFactorProviders()?.Any() ?? false);
+        }
+
        private async Task<bool> IsNewDeviceAndNotTheFirstOneAsync(User user, string deviceIdentifier)
        {
            if (user == null)