From da5fa260542269b149a01fd79e2058ec3ea64a59 Mon Sep 17 00:00:00 2001 From: Todd Martin Date: Fri, 13 Jun 2025 15:10:43 -0400 Subject: [PATCH] Added configuration to not display 2FA setup instruction --- src/Core/Auth/Enums/TwoFactorEmailPurpose.cs | 8 ++++++++ .../MailTemplates/Handlebars/Auth/TwoFactorEmail.html.hbs | 4 +++- src/Core/Models/Mail/TwoFactorEmailTokenViewModel.cs | 5 +++++ .../Services/Implementations/HandlebarsMailService.cs | 8 ++++++-- 4 files changed, 22 insertions(+), 3 deletions(-) create mode 100644 src/Core/Auth/Enums/TwoFactorEmailPurpose.cs diff --git a/src/Core/Auth/Enums/TwoFactorEmailPurpose.cs b/src/Core/Auth/Enums/TwoFactorEmailPurpose.cs new file mode 100644 index 0000000000..651b5cb309 --- /dev/null +++ b/src/Core/Auth/Enums/TwoFactorEmailPurpose.cs @@ -0,0 +1,8 @@ +namespace Core.Auth.Enums; + +public enum TwoFactorEmailPurpose +{ + Login, + Setup, + NewDeviceVerification, +} \ No newline at end of file diff --git a/src/Core/MailTemplates/Handlebars/Auth/TwoFactorEmail.html.hbs b/src/Core/MailTemplates/Handlebars/Auth/TwoFactorEmail.html.hbs index 27a222f1de..7add179787 100644 --- a/src/Core/MailTemplates/Handlebars/Auth/TwoFactorEmail.html.hbs +++ b/src/Core/MailTemplates/Handlebars/Auth/TwoFactorEmail.html.hbs @@ -12,7 +12,9 @@ diff --git a/src/Core/Models/Mail/TwoFactorEmailTokenViewModel.cs b/src/Core/Models/Mail/TwoFactorEmailTokenViewModel.cs index dbd47af35a..20c340acda 100644 --- a/src/Core/Models/Mail/TwoFactorEmailTokenViewModel.cs +++ b/src/Core/Models/Mail/TwoFactorEmailTokenViewModel.cs @@ -22,4 +22,9 @@ public class TwoFactorEmailTokenViewModel : BaseMailModel public string TimeZone { get; set; } public string DeviceIp { get; set; } public string DeviceType { get; set; } + /// + /// Depending on the context, we may want to show a reminder to the user that they should enable two factor authentication. + /// This is not relevant when the user is using the email to verify setting up 2FA, so we hide it in that case. + /// + public bool DisplayTwoFactorReminder { get; set; } } diff --git a/src/Core/Services/Implementations/HandlebarsMailService.cs b/src/Core/Services/Implementations/HandlebarsMailService.cs index 20f6e3a0ab..20441a3ffa 100644 --- a/src/Core/Services/Implementations/HandlebarsMailService.cs +++ b/src/Core/Services/Implementations/HandlebarsMailService.cs @@ -21,6 +21,7 @@ using Bit.Core.SecretsManager.Models.Mail; using Bit.Core.Settings; using Bit.Core.Utilities; using Bit.Core.Vault.Models.Data; +using Core.Auth.Enums; using HandlebarsDotNet; namespace Bit.Core.Services; @@ -166,14 +167,14 @@ public class HandlebarsMailService : IMailService await _mailDeliveryService.SendEmailAsync(message); } - public async Task SendTwoFactorEmailAsync(string email, string accountEmail, string token, string deviceIp, string deviceType, bool authentication = true) + public async Task SendTwoFactorEmailAsync(string email, string accountEmail, string token, string deviceIp, string deviceType, TwoFactorEmailPurpose purpose) { var message = CreateDefaultMessage("Your Bitwarden Verification Code", email); var requestDateTime = DateTime.UtcNow; var model = new TwoFactorEmailTokenViewModel { Token = token, - EmailTotpAction = authentication ? "logging in" : "setting up two-step login", + EmailTotpAction = (purpose == TwoFactorEmailPurpose.Login) ? "logging in" : "setting up two-step login", AccountEmail = accountEmail, TheDate = requestDateTime.ToLongDateString(), TheTime = requestDateTime.ToShortTimeString(), @@ -182,6 +183,9 @@ public class HandlebarsMailService : IMailService DeviceType = deviceType, WebVaultUrl = _globalSettings.BaseServiceUri.VaultWithHash, SiteName = _globalSettings.SiteName, + // We only want to remind users to set up 2FA if they're getting a new device verification email. + // For login with 2FA, and setup of 2FA, we do not want to show the reminder because users are already doing so. + DisplayTwoFactorReminder = purpose == TwoFactorEmailPurpose.NewDeviceVerification }; await AddMessageContentAsync(message, "Auth.TwoFactorEmail", model); message.MetaData.Add("SendGridBypassListManagement", true);