Account Deletion on SSO with CME (#1721)

* WIP Added Verification Code page and a verification flow helper to coordinate things * Improved Verification Code page verification flow helper and fix some issues, also added flag ApiService to choose whether to logout on Unanuthorized * Improved Verification Code page UI/UX verification flow helper and fix some issues and made some cleanups * Fix spelling
2025-12-15 07:43:37 +00:00 · 2022-01-24 13:25:46 -03:00
parent 5a6aec51f3
commit 4e7ceaf5b5
12 changed files with 622 additions and 24 deletions
--- a/src/Core/Services/ApiService.cs
+++ b/src/Core/Services/ApiService.cs
@@ -180,13 +180,13 @@ namespace Bit.Core.Services

        public Task PostAccountRequestOTP()
        {
-            return SendAsync<object, object>(HttpMethod.Post, "/accounts/request-otp", null, true, false);
+            return SendAsync<object, object>(HttpMethod.Post, "/accounts/request-otp", null, true, false, false);
        }

        public Task PostAccountVerifyOTPAsync(VerifyOTPRequest request)
        {
            return SendAsync<VerifyOTPRequest, object>(HttpMethod.Post, "/accounts/verify-otp", request,
-                true, false);
+                true, false, false);
        }

        public Task PutUpdateTempPasswordAsync(UpdateTempPasswordRequest request)
@@ -579,7 +579,7 @@ namespace Bit.Core.Services
        public Task<TResponse> SendAsync<TResponse>(HttpMethod method, string path, bool authed) =>
            SendAsync<object, TResponse>(method, path, null, authed, true);
        public async Task<TResponse> SendAsync<TRequest, TResponse>(HttpMethod method, string path, TRequest body,
-            bool authed, bool hasResponse)
+            bool authed, bool hasResponse, bool logoutOnUnauthorized = true)
        {
            using (var requestMessage = new HttpRequestMessage())
            {
@@ -631,7 +631,7 @@ namespace Bit.Core.Services
                }
                else if (!response.IsSuccessStatusCode)
                {
-                    var error = await HandleErrorAsync(response, false, authed);
+                    var error = await HandleErrorAsync(response, false, authed, logoutOnUnauthorized);
                    throw new ApiException(error);
                }
                return (TResponse)(object)null;
@@ -693,10 +693,18 @@ namespace Bit.Core.Services
            };
        }

-        private async Task<ErrorResponse> HandleErrorAsync(HttpResponseMessage response, bool tokenError, bool authed)
+        private async Task<ErrorResponse> HandleErrorAsync(HttpResponseMessage response, bool tokenError,
+            bool authed, bool logoutOnUnauthorized = true)
        {
-            if (authed && ((tokenError && response.StatusCode == HttpStatusCode.BadRequest) ||
-                response.StatusCode == HttpStatusCode.Unauthorized || response.StatusCode == HttpStatusCode.Forbidden))
+            if (authed
+                &&
+                (
+                    (tokenError && response.StatusCode == HttpStatusCode.BadRequest)
+                    ||
+                    (logoutOnUnauthorized && response.StatusCode == HttpStatusCode.Unauthorized)
+                    ||
+                    response.StatusCode == HttpStatusCode.Forbidden
+                ))
            {
                await _logoutCallbackAsync(true);
                return null;