Added configuration to not display 2FA setup instruction

2025-06-16 07:50:49 -05:00 · 2025-06-13 15:10:43 -04:00 · 2025-06-13 15:10:43 -04:00 · da5fa26054
commit da5fa26054
parent db77201ca4
4 changed files with 22 additions and 3 deletions
--- a/src/Core/Auth/Enums/TwoFactorEmailPurpose.cs
+++ b/src/Core/Auth/Enums/TwoFactorEmailPurpose.cs
@ -0,0 +1,8 @@
+namespace Core.Auth.Enums;
+
+public enum TwoFactorEmailPurpose
+{
+    Login,
+    Setup,
+    NewDeviceVerification,
+}
--- a/src/Core/MailTemplates/Handlebars/Auth/TwoFactorEmail.html.hbs
+++ b/src/Core/MailTemplates/Handlebars/Auth/TwoFactorEmail.html.hbs
@ -12,7 +12,9 @@
      <ul>
        <li>Deauthorize unrecognized devices</li>
        <li>Change your master password</li>
-        <li>Turn on two-step login</li>
+        {{#if DisplayTwoFactorReminder}}
+          <li style="margin-bottom: 5px;">Turn on two-step login</li>
+        {{/if}}
      </ul>
    </td>
  </tr>
--- a/src/Core/Models/Mail/TwoFactorEmailTokenViewModel.cs
+++ b/src/Core/Models/Mail/TwoFactorEmailTokenViewModel.cs
@ -22,4 +22,9 @@ public class TwoFactorEmailTokenViewModel : BaseMailModel
    public string TimeZone { get; set; }
    public string DeviceIp { get; set; }
    public string DeviceType { get; set; }
+    /// <summary>
+    /// Depending on the context, we may want to show a reminder to the user that they should enable two factor authentication.
+    /// This is not relevant when the user is using the email to verify setting up 2FA, so we hide it in that case.
+    /// </summary>
+    public bool DisplayTwoFactorReminder { get; set; }
 }
--- a/src/Core/Services/Implementations/HandlebarsMailService.cs
+++ b/src/Core/Services/Implementations/HandlebarsMailService.cs
@ -21,6 +21,7 @@ using Bit.Core.SecretsManager.Models.Mail;
 using Bit.Core.Settings;
 using Bit.Core.Utilities;
 using Bit.Core.Vault.Models.Data;
+using Core.Auth.Enums;
 using HandlebarsDotNet;

 namespace Bit.Core.Services;
@ -166,14 +167,14 @@ public class HandlebarsMailService : IMailService
        await _mailDeliveryService.SendEmailAsync(message);
    }

-    public async Task SendTwoFactorEmailAsync(string email, string accountEmail, string token, string deviceIp, string deviceType, bool authentication = true)
+    public async Task SendTwoFactorEmailAsync(string email, string accountEmail, string token, string deviceIp, string deviceType, TwoFactorEmailPurpose purpose)
    {
        var message = CreateDefaultMessage("Your Bitwarden Verification Code", email);
        var requestDateTime = DateTime.UtcNow;
        var model = new TwoFactorEmailTokenViewModel
        {
            Token = token,
-            EmailTotpAction = authentication ? "logging in" : "setting up two-step login",
+            EmailTotpAction = (purpose == TwoFactorEmailPurpose.Login) ? "logging in" : "setting up two-step login",
            AccountEmail = accountEmail,
            TheDate = requestDateTime.ToLongDateString(),
            TheTime = requestDateTime.ToShortTimeString(),
@ -182,6 +183,9 @@ public class HandlebarsMailService : IMailService
            DeviceType = deviceType,
            WebVaultUrl = _globalSettings.BaseServiceUri.VaultWithHash,
            SiteName = _globalSettings.SiteName,
+            // We only want to remind users to set up 2FA if they're getting a new device verification email.
+            // For login with 2FA, and setup of 2FA, we do not want to show the reminder because users are already doing so.
+            DisplayTwoFactorReminder = purpose == TwoFactorEmailPurpose.NewDeviceVerification 
        };
        await AddMessageContentAsync(message, "Auth.TwoFactorEmail", model);
        message.MetaData.Add("SendGridBypassListManagement", true);