Merge branch 'feature/maui-migration-passkeys' into PM-5731-create-c-web-authn-authenticator-to-support-maui-apps

src/Core/Models/Api/LoginUriApi.cs

@@ -6,5 +6,6 @@ namespace Bit.Core.Models.Api
     {
         public string Uri { get; set; }
         public UriMatchType? Match { get; set; }
+        public string UriChecksum { get; set; }
     }
 }

src/Core/Models/Data/LoginUriData.cs

@@ -11,9 +11,11 @@ namespace Bit.Core.Models.Data
         {
             Uri = data.Uri;
             Match = data.Match;
+            UriChecksum = data.UriChecksum;
         }
 
         public string Uri { get; set; }
         public UriMatchType? Match { get; set; }
+        public string UriChecksum { get; set; }
     }
 }

src/Core/Models/Domain/Cipher.cs

@@ -115,7 +115,7 @@ namespace Bit.Core.Models.Domain
             switch (Type)
             {
                 case Enums.CipherType.Login:
-                    model.Login = await Login.DecryptAsync(OrganizationId, model.Key);
+                    model.Login = await Login.DecryptAsync(OrganizationId, Key == null, model.Key);
                     break;
                 case Enums.CipherType.SecureNote:
                     model.SecureNote = await SecureNote.DecryptAsync(OrganizationId, model.Key);

src/Core/Models/Domain/Login.cs

@@ -2,8 +2,10 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
+using Bit.Core.Abstractions;
 using Bit.Core.Models.Data;
 using Bit.Core.Models.View;
+using Bit.Core.Utilities;
 
 namespace Bit.Core.Models.Domain
 {
@@ -31,7 +33,7 @@ namespace Bit.Core.Models.Domain
         public EncString Totp { get; set; }
         public List<Fido2Credential> Fido2Credentials { get; set; }
 
-        public async Task<LoginView> DecryptAsync(string orgId, SymmetricCryptoKey key = null)
+        public async Task<LoginView> DecryptAsync(string orgId, bool bypassUriChecksumValidation, SymmetricCryptoKey key = null)
         {
             var view = await DecryptObjAsync(new LoginView(this), this, new HashSet<string>
             {
@@ -41,10 +43,15 @@ namespace Bit.Core.Models.Domain
             }, orgId, key);
             if (Uris != null)
             {
+                var cryptoService = ServiceContainer.Resolve<ICryptoService>();
                 view.Uris = new List<LoginUriView>();
                 foreach (var uri in Uris)
                 {
-                    view.Uris.Add(await uri.DecryptAsync(orgId, key));
+                    var loginUriView = await uri.DecryptAsync(orgId, key);
+                    if (bypassUriChecksumValidation || await cryptoService.ValidateUriChecksumAsync(uri.UriChecksum, loginUriView.Uri, orgId, key))
+                    {
+                        view.Uris.Add(loginUriView);
+                    }
                 }
             }
             if (Fido2Credentials != null)

src/Core/Models/Domain/LoginUri.cs

@@ -1,4 +1,5 @@
 using System.Collections.Generic;
+using System.Linq;
 using System.Threading.Tasks;
 using Bit.Core.Enums;
 using Bit.Core.Models.Data;
@@ -10,7 +11,8 @@ namespace Bit.Core.Models.Domain
     {
         private HashSet<string> _map = new HashSet<string>
         {
-            "Uri"
+            nameof(Uri),
+            nameof(UriChecksum)
         };
 
         public LoginUri() { }
@@ -23,10 +25,11 @@ namespace Bit.Core.Models.Domain
 
         public EncString Uri { get; set; }
         public UriMatchType? Match { get; set; }
+        public EncString UriChecksum { get; set; }
 
         public Task<LoginUriView> DecryptAsync(string orgId, SymmetricCryptoKey key = null)
         {
-            return DecryptObjAsync(new LoginUriView(this), this, _map, orgId, key);
+            return DecryptObjAsync(new LoginUriView(this), this, _map.Where(m => m != nameof(UriChecksum)).ToHashSet<string>(), orgId, key);
         }
 
         public LoginUriData ToLoginUriData()

src/Core/Models/Export/LoginUri.cs

@@ -17,10 +17,12 @@ namespace Bit.Core.Models.Export
         {
             Match = obj.Match;
             Uri = obj.Uri?.EncryptedString;
+            UriChecksum = obj.UriChecksum?.EncryptedString;
         }
 
         public UriMatchType? Match { get; set; }
         public string Uri { get; set; }
+        public string UriChecksum { get; set; }
 
         public static LoginUriView ToView(LoginUri req, LoginUriView view = null)
         {

src/Core/Models/Request/CipherRequest.cs

@@ -27,7 +27,7 @@ namespace Bit.Core.Models.Request
                     Login = new LoginApi
                     {
                         Uris = cipher.Login.Uris?.Select(
-                            u => new LoginUriApi { Match = u.Match, Uri = u.Uri?.EncryptedString }).ToList(),
+                            u => new LoginUriApi { Match = u.Match, Uri = u.Uri?.EncryptedString, UriChecksum = u.UriChecksum?.EncryptedString }).ToList(),
                         Username = cipher.Login.Username?.EncryptedString,
                         Password = cipher.Login.Password?.EncryptedString,
                         PasswordRevisionDate = cipher.Login.PasswordRevisionDate,