diff --git a/src/Core/Auth/Enums/TwoFactorEmailPurpose.cs b/src/Core/Auth/Enums/TwoFactorEmailPurpose.cs
new file mode 100644
index 0000000000..651b5cb309
--- /dev/null
+++ b/src/Core/Auth/Enums/TwoFactorEmailPurpose.cs
@@ -0,0 +1,8 @@
+namespace Core.Auth.Enums;
+
+public enum TwoFactorEmailPurpose
+{
+ Login,
+ Setup,
+ NewDeviceVerification,
+}
\ No newline at end of file
diff --git a/src/Core/MailTemplates/Handlebars/Auth/TwoFactorEmail.html.hbs b/src/Core/MailTemplates/Handlebars/Auth/TwoFactorEmail.html.hbs
index 27a222f1de..7add179787 100644
--- a/src/Core/MailTemplates/Handlebars/Auth/TwoFactorEmail.html.hbs
+++ b/src/Core/MailTemplates/Handlebars/Auth/TwoFactorEmail.html.hbs
@@ -12,7 +12,9 @@
- Deauthorize unrecognized devices
- Change your master password
- - Turn on two-step login
+ {{#if DisplayTwoFactorReminder}}
+ - Turn on two-step login
+ {{/if}}
diff --git a/src/Core/Models/Mail/TwoFactorEmailTokenViewModel.cs b/src/Core/Models/Mail/TwoFactorEmailTokenViewModel.cs
index dbd47af35a..20c340acda 100644
--- a/src/Core/Models/Mail/TwoFactorEmailTokenViewModel.cs
+++ b/src/Core/Models/Mail/TwoFactorEmailTokenViewModel.cs
@@ -22,4 +22,9 @@ public class TwoFactorEmailTokenViewModel : BaseMailModel
public string TimeZone { get; set; }
public string DeviceIp { get; set; }
public string DeviceType { get; set; }
+ ///
+ /// Depending on the context, we may want to show a reminder to the user that they should enable two factor authentication.
+ /// This is not relevant when the user is using the email to verify setting up 2FA, so we hide it in that case.
+ ///
+ public bool DisplayTwoFactorReminder { get; set; }
}
diff --git a/src/Core/Services/Implementations/HandlebarsMailService.cs b/src/Core/Services/Implementations/HandlebarsMailService.cs
index 20f6e3a0ab..20441a3ffa 100644
--- a/src/Core/Services/Implementations/HandlebarsMailService.cs
+++ b/src/Core/Services/Implementations/HandlebarsMailService.cs
@@ -21,6 +21,7 @@ using Bit.Core.SecretsManager.Models.Mail;
using Bit.Core.Settings;
using Bit.Core.Utilities;
using Bit.Core.Vault.Models.Data;
+using Core.Auth.Enums;
using HandlebarsDotNet;
namespace Bit.Core.Services;
@@ -166,14 +167,14 @@ public class HandlebarsMailService : IMailService
await _mailDeliveryService.SendEmailAsync(message);
}
- public async Task SendTwoFactorEmailAsync(string email, string accountEmail, string token, string deviceIp, string deviceType, bool authentication = true)
+ public async Task SendTwoFactorEmailAsync(string email, string accountEmail, string token, string deviceIp, string deviceType, TwoFactorEmailPurpose purpose)
{
var message = CreateDefaultMessage("Your Bitwarden Verification Code", email);
var requestDateTime = DateTime.UtcNow;
var model = new TwoFactorEmailTokenViewModel
{
Token = token,
- EmailTotpAction = authentication ? "logging in" : "setting up two-step login",
+ EmailTotpAction = (purpose == TwoFactorEmailPurpose.Login) ? "logging in" : "setting up two-step login",
AccountEmail = accountEmail,
TheDate = requestDateTime.ToLongDateString(),
TheTime = requestDateTime.ToShortTimeString(),
@@ -182,6 +183,9 @@ public class HandlebarsMailService : IMailService
DeviceType = deviceType,
WebVaultUrl = _globalSettings.BaseServiceUri.VaultWithHash,
SiteName = _globalSettings.SiteName,
+ // We only want to remind users to set up 2FA if they're getting a new device verification email.
+ // For login with 2FA, and setup of 2FA, we do not want to show the reminder because users are already doing so.
+ DisplayTwoFactorReminder = purpose == TwoFactorEmailPurpose.NewDeviceVerification
};
await AddMessageContentAsync(message, "Auth.TwoFactorEmail", model);
message.MetaData.Add("SendGridBypassListManagement", true);