[PM-12512] Add Endpoint to allow users to request a new device otp (#5146)

feat(NewDeviceVerification): Added a resend new device OTP endpoint and method for the IUserService as well as wrote test for new methods for the user service.
2025-06-30 15:42:48 -05:00 · 2024-12-16 07:57:56 -08:00
parent 8994d1d7dd
commit c446ac86fe
5 changed files with 171 additions and 38 deletions
--- a/src/Api/Auth/Controllers/AccountsController.cs
+++ b/src/Api/Auth/Controllers/AccountsController.cs
@ -961,6 +961,14 @@ public class AccountsController : Controller
        }
    }

+    [RequireFeature(FeatureFlagKeys.NewDeviceVerification)]
+    [AllowAnonymous]
+    [HttpPost("resend-new-device-otp")]
+    public async Task ResendNewDeviceOtpAsync([FromBody] UnauthenticatedSecretVerificatioRequestModel request)
+    {
+        await _userService.ResendNewDeviceVerificationEmail(request.Email, request.Secret);
+    }
+
    private async Task<IEnumerable<Guid>> GetOrganizationIdsManagingUserAsync(Guid userId)
    {
        var organizationManagingUser = await _userService.GetOrganizationsManagingUserAsync(userId);
--- a/src/Api/Auth/Models/Request/Accounts/UnauthenticatedSecretVerificatioRequestModel.cs
+++ b/src/Api/Auth/Models/Request/Accounts/UnauthenticatedSecretVerificatioRequestModel.cs
@ -0,0 +1,12 @@
+using System.ComponentModel.DataAnnotations;
+using Bit.Core.Utilities;
+
+namespace Bit.Api.Auth.Models.Request.Accounts;
+
+public class UnauthenticatedSecretVerificatioRequestModel : SecretVerificationRequestModel
+{
+    [Required]
+    [StrictEmailAddress]
+    [StringLength(256)]
+    public string Email { get; set; }
+}
--- a/src/Core/Services/IUserService.cs
+++ b/src/Core/Services/IUserService.cs
@ -76,7 +76,7 @@ public interface IUserService
    Task SendOTPAsync(User user);
    Task<bool> VerifyOTPAsync(User user, string token);
    Task<bool> VerifySecretAsync(User user, string secret, bool isSettingMFA = false);
-
+    Task ResendNewDeviceVerificationEmail(string email, string secret);

    void SetTwoFactorProvider(User user, TwoFactorProviderType type, bool setEnabled = true);

--- a/src/Core/Services/Implementations/UserService.cs
+++ b/src/Core/Services/Implementations/UserService.cs
@ -1407,7 +1407,7 @@ public class UserService : UserManager<User>, IUserService, IDisposable

    public async Task SendOTPAsync(User user)
    {
-        if (user.Email == null)
+        if (string.IsNullOrEmpty(user.Email))
        {
            throw new BadRequestException("No user email.");
        }
@ -1450,6 +1450,20 @@ public class UserService : UserManager<User>, IUserService, IDisposable
        return isVerified;
    }

+    public async Task ResendNewDeviceVerificationEmail(string email, string secret)
+    {
+        var user = await _userRepository.GetByEmailAsync(email);
+        if (user == null)
+        {
+            return;
+        }
+
+        if (await VerifySecretAsync(user, secret))
+        {
+            await SendOTPAsync(user);
+        }
+    }
+
    private async Task SendAppropriateWelcomeEmailAsync(User user, string initiationPath)
    {
        var isFromMarketingWebsite = initiationPath.Contains("Secrets Manager trial");