From c2284e1a3b5176da87ae8d84fa2121a3dde16ac6 Mon Sep 17 00:00:00 2001 From: Shane Melton Date: Tue, 7 Mar 2023 15:54:54 -0800 Subject: [PATCH] [AC-1070] Save ForcePasswordResetReason to state when a weak master password is found during login - Additionally, save the AdminForcePasswordReset reason if the identity result indicates an admin password reset is in effect. --- src/Core/Services/AuthService.cs | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/Core/Services/AuthService.cs b/src/Core/Services/AuthService.cs index 099d31610..9f74e56ac 100644 --- a/src/Core/Services/AuthService.cs +++ b/src/Core/Services/AuthService.cs @@ -148,6 +148,8 @@ namespace Bit.Core.Services if (await RequirePasswordChange(email, masterPassword)) { result.ForcePasswordReset = true; + await _stateService.SetForcePasswordResetReasonAsync( + ForcePasswordResetReason.WeakMasterPasswordOnLogin); } return result; @@ -425,6 +427,9 @@ namespace Bit.Core.Services KdfMemory = tokenResponse.KdfMemory, KdfParallelism = tokenResponse.KdfParallelism, HasPremiumPersonally = _tokenService.GetPremium(), + ForcePasswordResetReason = result.ForcePasswordReset + ? ForcePasswordResetReason.AdminForcePasswordReset + : (ForcePasswordResetReason?)null, }, new Account.AccountTokens() {