From ef359c3cf1925c07f87d608d81b0a70afacb769a Mon Sep 17 00:00:00 2001 From: Oscar Hinton Date: Thu, 18 Jan 2024 17:54:57 +0100 Subject: [PATCH] [PM-5566] Remove U2F keys from TwoFactorProviders (#3645) * Remove U2F keys from TwoFactorProviders * Remove U2f from Premium check. --- src/Core/Auth/Models/TwoFactorProvider.cs | 1 - src/Core/Entities/User.cs | 7 +++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/Core/Auth/Models/TwoFactorProvider.cs b/src/Core/Auth/Models/TwoFactorProvider.cs index 498a70cb09..04ef4d7cb2 100644 --- a/src/Core/Auth/Models/TwoFactorProvider.cs +++ b/src/Core/Auth/Models/TwoFactorProvider.cs @@ -56,7 +56,6 @@ public class TwoFactorProvider { case TwoFactorProviderType.Duo: case TwoFactorProviderType.YubiKey: - case TwoFactorProviderType.U2f: // Keep to ensure old U2f keys are considered premium return true; default: return false; diff --git a/src/Core/Entities/User.cs b/src/Core/Entities/User.cs index 16eac4cb75..d10ab25f18 100644 --- a/src/Core/Entities/User.cs +++ b/src/Core/Entities/User.cs @@ -137,6 +137,13 @@ public class User : ITableObject, ISubscriber, IStorable, IStorableSubscri TwoFactorProviders); } + // U2F is no longer supported, and all users keys should have been migrated to WebAuthn. + // To prevent issues with accounts being prompted for unsupported U2F we remove them + if (_twoFactorProviders.ContainsKey(TwoFactorProviderType.U2f)) + { + _twoFactorProviders.Remove(TwoFactorProviderType.U2f); + } + return _twoFactorProviders; } catch (JsonException)