[PS-589] Fix emergency contact takeover device verification and endpoints for its settings (#2016)

* Added UnknownDeviceVerificationEnabled on User that is turned off when emergency contact takes over the account. Also added endpoints to get and update 2fa device verification settings. And Updated migrations & tests * Applied dotnet format * Fixed method rename call on TwoFactorController * PS-589 Format fixes * PS-589 changed UnknownDeviceVerificationEnabled to be non-nullable
2025-06-30 15:42:48 -05:00 · 2022-06-06 14:52:50 -03:00
parent 16c6b23a27
commit b070e9a387
23 changed files with 3781 additions and 13 deletions
--- a/test/Core.Test/Services/EmergencyAccessServiceTests.cs
+++ b/test/Core.Test/Services/EmergencyAccessServiceTests.cs
@ -1,7 +1,10 @@
 using System;
+using System.Collections.Generic;
 using System.Threading.Tasks;
 using Bit.Core.Entities;
+using Bit.Core.Enums;
 using Bit.Core.Exceptions;
+using Bit.Core.Models;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
 using Bit.Core.Test.AutoFixture;
@ -137,5 +140,37 @@ namespace Bit.Core.Test.Services

            Assert.Contains("You cannot takeover an account that is using Key Connector", exception.Message);
        }
+
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task PasswordAsync_Disables_2FA_Providers_And_Unknown_Device_Verification_On_The_Grantor(
+            SutProvider<EmergencyAccessService> sutProvider, User requestingUser, User grantor)
+        {
+            grantor.UsesKeyConnector = true;
+            grantor.UnknownDeviceVerificationEnabled = true;
+            grantor.SetTwoFactorProviders(new Dictionary<TwoFactorProviderType, TwoFactorProvider>
+            {
+                [TwoFactorProviderType.Email] = new TwoFactorProvider
+                {
+                    MetaData = new Dictionary<string, object> { ["Email"] = "asdfasf" },
+                    Enabled = true
+                }
+            });
+            var emergencyAccess = new EmergencyAccess
+            {
+                GrantorId = grantor.Id,
+                GranteeId = requestingUser.Id,
+                Status = Enums.EmergencyAccessStatusType.RecoveryApproved,
+                Type = Enums.EmergencyAccessType.Takeover,
+            };
+
+            sutProvider.GetDependency<IEmergencyAccessRepository>().GetByIdAsync(Arg.Any<Guid>()).Returns(emergencyAccess);
+            sutProvider.GetDependency<IUserRepository>().GetByIdAsync(grantor.Id).Returns(grantor);
+
+            await sutProvider.Sut.PasswordAsync(Guid.NewGuid(), requestingUser, "blablahash", "blablakey");
+
+            Assert.False(grantor.UnknownDeviceVerificationEnabled);
+            Assert.Empty(grantor.GetTwoFactorProviders());
+            await sutProvider.GetDependency<IUserRepository>().Received().ReplaceAsync(grantor);
+        }
    }
 }