From 58a3662d0faad97d081d680d9769fef762a60b57 Mon Sep 17 00:00:00 2001
From: Matt Gibson <mgibson@bitwarden.com>
Date: Wed, 6 Jul 2022 18:23:20 -0400
Subject: [PATCH] Add user verification to reset password request (#1980)

We only need master password hash because this is currently
only used for sso password setting after auto-provisioning. Key
Connector is not involved in these accounts
---
 src/App/Pages/Accounts/SetPasswordPageViewModel.cs             | 3 ++-
 .../Request/OrganizationUserResetPasswordEnrollmentRequest.cs  | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/App/Pages/Accounts/SetPasswordPageViewModel.cs b/src/App/Pages/Accounts/SetPasswordPageViewModel.cs
index fd4adfd05..b4c415959 100644
--- a/src/App/Pages/Accounts/SetPasswordPageViewModel.cs
+++ b/src/App/Pages/Accounts/SetPasswordPageViewModel.cs
@@ -219,7 +219,8 @@ namespace Bit.App.Pages
                     // Request
                     var resetRequest = new OrganizationUserResetPasswordEnrollmentRequest
                     {
-                        ResetPasswordKey = encryptedKey.EncryptedString
+                        ResetPasswordKey = encryptedKey.EncryptedString,
+                        MasterPasswordHash = masterPasswordHash,
                     };
                     var userId = await _stateService.GetActiveUserIdAsync();
                     // Enroll user
diff --git a/src/Core/Models/Request/OrganizationUserResetPasswordEnrollmentRequest.cs b/src/Core/Models/Request/OrganizationUserResetPasswordEnrollmentRequest.cs
index 267a425ec..663e0fc61 100644
--- a/src/Core/Models/Request/OrganizationUserResetPasswordEnrollmentRequest.cs
+++ b/src/Core/Models/Request/OrganizationUserResetPasswordEnrollmentRequest.cs
@@ -2,6 +2,7 @@
 {
     public class OrganizationUserResetPasswordEnrollmentRequest
     {
+        public string MasterPasswordHash { get; set; }
         public string ResetPasswordKey { get; set; }
     }
 }