Require 2FA token in order to disiable 2FA. Added 2FA recovery code to data/domain model and exposed recover and regenerate 2FA APIs

2025-07-01 08:02:49 -05:00 · 2016-11-14 21:13:53 -05:00
parent 17f8d0f677
commit e68ed04f77
8 changed files with 104 additions and 23 deletions
--- a/src/Api/Models/Request/Accounts/RecoverTwoFactorRequestModel.cs
+++ b/src/Api/Models/Request/Accounts/RecoverTwoFactorRequestModel.cs
@ -0,0 +1,14 @@
+using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
+
+namespace Bit.Api.Models
+{
+    public class RecoverTwoFactorRequestModel
+    {
+        [Required]
+        public string MasterPasswordHash { get; set; }
+        [Required]
+        [StringLength(32)]
+        public string RecoveryCode { get; set; }
+    }
+}
--- a/src/Api/Models/Request/Accounts/RegenerateTwoFactorRequestModel.cs
+++ b/src/Api/Models/Request/Accounts/RegenerateTwoFactorRequestModel.cs
@ -0,0 +1,14 @@
+using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
+
+namespace Bit.Api.Models
+{
+    public class RegenerateTwoFactorRequestModel
+    {
+        [Required]
+        public string MasterPasswordHash { get; set; }
+        [Required]
+        [StringLength(50)]
+        public string Token { get; set; }
+    }
+}
--- a/src/Api/Models/Request/Accounts/UpdateTwoFactorRequestModel.cs
+++ b/src/Api/Models/Request/Accounts/UpdateTwoFactorRequestModel.cs
@ -3,21 +3,14 @@ using System.ComponentModel.DataAnnotations;

 namespace Bit.Api.Models
 {
-    public class UpdateTwoFactorRequestModel : IValidatableObject
+    public class UpdateTwoFactorRequestModel
    {
        [Required]
        public string MasterPasswordHash { get; set; }
        [Required]
        public bool? Enabled { get; set; }
+        [Required]
        [StringLength(50)]
        public string Token { get; set; }
-
-        public IEnumerable<ValidationResult> Validate(ValidationContext validationContext)
-        {
-            if(Enabled.HasValue && Enabled.Value && string.IsNullOrWhiteSpace(Token))
-            {
-                yield return new ValidationResult("Token is required.", new[] { "Token" });
-            }
-        }
    }
 }
--- a/src/Api/Models/Response/TwoFactorResponseModel.cs
+++ b/src/Api/Models/Response/TwoFactorResponseModel.cs
@ -17,10 +17,12 @@ namespace Bit.Api.Models
            TwoFactorEnabled = user.TwoFactorEnabled;
            AuthenticatorKey = user.AuthenticatorKey;
            TwoFactorProvider = user.TwoFactorProvider;
+            TwoFactorRecoveryCode = user.TwoFactorRecoveryCode;
        }

        public bool TwoFactorEnabled { get; set; }
        public TwoFactorProvider? TwoFactorProvider { get; set; }
        public string AuthenticatorKey { get; set; }
+        public string TwoFactorRecoveryCode { get; set; }
    }
 }