Added configuration to not display 2FA setup instruction

src/Core/Auth/Enums/TwoFactorEmailPurpose.cs

@@ -0,0 +1,8 @@
+namespace Core.Auth.Enums;
+
+public enum TwoFactorEmailPurpose
+{
+    Login,
+    Setup,
+    NewDeviceVerification,
+}

src/Core/MailTemplates/Handlebars/Auth/TwoFactorEmail.html.hbs

@@ -12,7 +12,9 @@
       <ul>
         <li>Deauthorize unrecognized devices</li>
         <li>Change your master password</li>
-        <li>Turn on two-step login</li>
+        {{#if DisplayTwoFactorReminder}}
+          <li style="margin-bottom: 5px;">Turn on two-step login</li>
+        {{/if}}
       </ul>
     </td>
   </tr>

src/Core/Models/Mail/TwoFactorEmailTokenViewModel.cs

@@ -22,4 +22,9 @@ public class TwoFactorEmailTokenViewModel : BaseMailModel
     public string TimeZone { get; set; }
     public string DeviceIp { get; set; }
     public string DeviceType { get; set; }
+    /// <summary>
+    /// Depending on the context, we may want to show a reminder to the user that they should enable two factor authentication.
+    /// This is not relevant when the user is using the email to verify setting up 2FA, so we hide it in that case.
+    /// </summary>
+    public bool DisplayTwoFactorReminder { get; set; }
 }

src/Core/Services/Implementations/HandlebarsMailService.cs

@@ -21,6 +21,7 @@ using Bit.Core.SecretsManager.Models.Mail;
 using Bit.Core.Settings;
 using Bit.Core.Utilities;
 using Bit.Core.Vault.Models.Data;
+using Core.Auth.Enums;
 using HandlebarsDotNet;
 
 namespace Bit.Core.Services;
@@ -166,14 +167,14 @@ public class HandlebarsMailService : IMailService
         await _mailDeliveryService.SendEmailAsync(message);
     }
 
-    public async Task SendTwoFactorEmailAsync(string email, string accountEmail, string token, string deviceIp, string deviceType, bool authentication = true)
+    public async Task SendTwoFactorEmailAsync(string email, string accountEmail, string token, string deviceIp, string deviceType, TwoFactorEmailPurpose purpose)
     {
         var message = CreateDefaultMessage("Your Bitwarden Verification Code", email);
         var requestDateTime = DateTime.UtcNow;
         var model = new TwoFactorEmailTokenViewModel
         {
             Token = token,
-            EmailTotpAction = authentication ? "logging in" : "setting up two-step login",
+            EmailTotpAction = (purpose == TwoFactorEmailPurpose.Login) ? "logging in" : "setting up two-step login",
             AccountEmail = accountEmail,
             TheDate = requestDateTime.ToLongDateString(),
             TheTime = requestDateTime.ToShortTimeString(),
@@ -182,6 +183,9 @@ public class HandlebarsMailService : IMailService
             DeviceType = deviceType,
             WebVaultUrl = _globalSettings.BaseServiceUri.VaultWithHash,
             SiteName = _globalSettings.SiteName,
+            // We only want to remind users to set up 2FA if they're getting a new device verification email.
+            // For login with 2FA, and setup of 2FA, we do not want to show the reminder because users are already doing so.
+            DisplayTwoFactorReminder = purpose == TwoFactorEmailPurpose.NewDeviceVerification 
         };
         await AddMessageContentAsync(message, "Auth.TwoFactorEmail", model);
         message.MetaData.Add("SendGridBypassListManagement", true);