[AC-1070] Save ForcePasswordResetReason to state when a weak master password is found during login

- Additionally, save the AdminForcePasswordReset reason if the identity result indicates an admin password reset is in effect.
2026-01-10 20:43:41 +00:00 · 2023-03-07 15:54:54 -08:00
parent d208bc82e5
commit c2284e1a3b
1 changed files with 5 additions and 0 deletions
--- a/src/Core/Services/AuthService.cs
+++ b/src/Core/Services/AuthService.cs
@@ -148,6 +148,8 @@ namespace Bit.Core.Services
            if (await RequirePasswordChange(email, masterPassword))
            {
                result.ForcePasswordReset = true;
+                await _stateService.SetForcePasswordResetReasonAsync(
+                    ForcePasswordResetReason.WeakMasterPasswordOnLogin);
            }

            return result;
@@ -425,6 +427,9 @@ namespace Bit.Core.Services
                        KdfMemory = tokenResponse.KdfMemory,
                        KdfParallelism = tokenResponse.KdfParallelism,
                        HasPremiumPersonally = _tokenService.GetPremium(),
+                        ForcePasswordResetReason = result.ForcePasswordReset 
+                            ? ForcePasswordResetReason.AdminForcePasswordReset 
+                            : (ForcePasswordResetReason?)null,
                    },
                    new Account.AccountTokens()
                    {