[PM-12995] Create UI elements for New Device Verification in Admin Portal (#5165)

* feat(NewDeviceVerification) : - Added constant to constants in Bit.Core because the cache key format needs to be shared between the Identity Server and the MVC project Admin. - Updated DeviceValidator class to handle checking cache for user information to allow pass through. - Updated and Added tests to handle new flow. - Adding exception flow to admin project. Added tests for new methods in UserService.
2025-06-30 15:42:48 -05:00 · 2025-01-09 18:10:54 -08:00
parent 1988f1402e
commit ce2ecf9da0
6 changed files with 253 additions and 54 deletions
--- a/src/Core/Services/IUserService.cs
+++ b/src/Core/Services/IUserService.cs
@ -77,6 +77,17 @@ public interface IUserService
    Task<bool> VerifyOTPAsync(User user, string token);
    Task<bool> VerifySecretAsync(User user, string secret, bool isSettingMFA = false);
    Task ResendNewDeviceVerificationEmail(string email, string secret);
+    /// <summary>
+    /// We use this method to check if the user has an active new device verification bypass
+    /// </summary>
+    /// <param name="userId">self</param>
+    /// <returns>returns true if the value is found in the cache</returns>
+    Task<bool> ActiveNewDeviceVerificationException(Guid userId);
+    /// <summary>
+    /// We use this method to toggle the new device verification bypass
+    /// </summary>
+    /// <param name="userId">Id of user bypassing new device verification</param>
+    Task ToggleNewDeviceVerificationException(Guid userId);

    void SetTwoFactorProvider(User user, TwoFactorProviderType type, bool setEnabled = true);

--- a/src/Core/Services/Implementations/UserService.cs
+++ b/src/Core/Services/Implementations/UserService.cs
@ -31,6 +31,7 @@ using Fido2NetLib;
 using Fido2NetLib.Objects;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Identity;
+using Microsoft.Extensions.Caching.Distributed;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using File = System.IO.File;
@ -72,6 +73,7 @@ public class UserService : UserManager<User>, IUserService, IDisposable
    private readonly IPremiumUserBillingService _premiumUserBillingService;
    private readonly IRemoveOrganizationUserCommand _removeOrganizationUserCommand;
    private readonly IRevokeNonCompliantOrganizationUserCommand _revokeNonCompliantOrganizationUserCommand;
+    private readonly IDistributedCache _distributedCache;

    public UserService(
        IUserRepository userRepository,
@ -107,7 +109,8 @@ public class UserService : UserManager<User>, IUserService, IDisposable
        IFeatureService featureService,
        IPremiumUserBillingService premiumUserBillingService,
        IRemoveOrganizationUserCommand removeOrganizationUserCommand,
-        IRevokeNonCompliantOrganizationUserCommand revokeNonCompliantOrganizationUserCommand)
+        IRevokeNonCompliantOrganizationUserCommand revokeNonCompliantOrganizationUserCommand,
+        IDistributedCache distributedCache)
        : base(
              store,
              optionsAccessor,
@ -149,6 +152,7 @@ public class UserService : UserManager<User>, IUserService, IDisposable
        _premiumUserBillingService = premiumUserBillingService;
        _removeOrganizationUserCommand = removeOrganizationUserCommand;
        _revokeNonCompliantOrganizationUserCommand = revokeNonCompliantOrganizationUserCommand;
+        _distributedCache = distributedCache;
    }

    public Guid? GetProperUserId(ClaimsPrincipal principal)
@ -1471,6 +1475,30 @@ public class UserService : UserManager<User>, IUserService, IDisposable
        }
    }

+    public async Task<bool> ActiveNewDeviceVerificationException(Guid userId)
+    {
+        var cacheKey = string.Format(AuthConstants.NewDeviceVerificationExceptionCacheKeyFormat, userId.ToString());
+        var cacheValue = await _distributedCache.GetAsync(cacheKey);
+        return cacheValue != null;
+    }
+
+    public async Task ToggleNewDeviceVerificationException(Guid userId)
+    {
+        var cacheKey = string.Format(AuthConstants.NewDeviceVerificationExceptionCacheKeyFormat, userId.ToString());
+        var cacheValue = await _distributedCache.GetAsync(cacheKey);
+        if (cacheValue != null)
+        {
+            await _distributedCache.RemoveAsync(cacheKey);
+        }
+        else
+        {
+            await _distributedCache.SetAsync(cacheKey, new byte[1], new DistributedCacheEntryOptions
+            {
+                AbsoluteExpirationRelativeToNow = TimeSpan.FromHours(24)
+            });
+        }
+    }
+
    private async Task SendAppropriateWelcomeEmailAsync(User user, string initiationPath)
    {
        var isFromMarketingWebsite = initiationPath.Contains("Secrets Manager trial");