Fix delete account SSO with CME that the OTP parameter was being sent incorrectly to the server (#1751)

2026-01-06 18:43:43 +00:00 · 2022-02-03 17:46:45 -03:00
parent 4373cee636
commit 31cdf401f1
7 changed files with 26 additions and 18 deletions
--- a/src/App/Pages/Accounts/DeleteAccountViewModel.cs
+++ b/src/App/Pages/Accounts/DeleteAccountViewModel.cs
@@ -58,19 +58,16 @@ namespace Bit.App.Pages
    {
        readonly IApiService _apiService;
        readonly IMessagingService _messagingService;
-        readonly ICryptoService _cryptoService;
        readonly IPlatformUtilsService _platformUtilsService;
        readonly IDeviceActionService _deviceActionService;

        public DeleteAccountActionFlowExecutioner(IApiService apiService,
            IMessagingService messagingService,
-            ICryptoService cryptoService,
            IPlatformUtilsService platformUtilsService,
            IDeviceActionService deviceActionService)
        {
            _apiService = apiService;
            _messagingService = messagingService;
-            _cryptoService = cryptoService;
            _platformUtilsService = platformUtilsService;
            _deviceActionService = deviceActionService;
        }
@@ -81,10 +78,10 @@ namespace Bit.App.Pages
            {
                await _deviceActionService.ShowLoadingAsync(AppResources.DeletingYourAccount);

-                var masterPasswordHashKey = await _cryptoService.HashPasswordAsync(parameters.Secret, null);
                await _apiService.DeleteAccountAsync(new Core.Models.Request.DeleteAccountRequest
                {
-                    MasterPasswordHash = masterPasswordHashKey
+                    MasterPasswordHash = parameters.VerificationType == Core.Enums.VerificationType.MasterPassword ? parameters.Secret : (string)null,
+                    OTP = parameters.VerificationType == Core.Enums.VerificationType.OTP ? parameters.Secret : (string)null
                });

                await _deviceActionService.HideLoadingAsync();
--- a/src/App/Pages/Accounts/VerificationCodeViewModel.cs
+++ b/src/App/Pages/Accounts/VerificationCodeViewModel.cs
@@ -10,6 +10,7 @@ using Xamarin.CommunityToolkit.ObjectModel;
 using System.Windows.Input;
 using Bit.App.Utilities;
 using Bit.Core;
+using Bit.Core.Enums;
 #if !FDROID
 using Microsoft.AppCenter.Crashes;
 #endif
@@ -144,7 +145,7 @@ namespace Bit.App.Pages

                await _deviceActionService.ShowLoadingAsync(AppResources.Verifying);

-                if (!await _userVerificationService.VerifyUser(Secret, Core.Enums.VerificationType.OTP))
+                if (!await _userVerificationService.VerifyUser(Secret, VerificationType.OTP))
                {
                    await _deviceActionService.HideLoadingAsync();
                    return;
@@ -154,6 +155,7 @@ namespace Bit.App.Pages

                var parameters = _verificationActionsFlowHelper.GetParameters();
                parameters.Secret = Secret;
+                parameters.VerificationType = VerificationType.OTP;
                await _verificationActionsFlowHelper.ExecuteAsync(parameters);

                Secret = string.Empty;