[PM-9826] Remove validation from 2fa GET and mask sensitive data (#4526)

* remove validation from 2fa GET and mask sensitive data * skip verification check on put email * disable verification on send-email and reenable on put email * validate authenticator on set instead of get * Revert "validate authenticator on set instead of get" This reverts commit 7bf2084531. * fix tests * fix more tests * Narrow scope of verify bypass * Defaulted to false on VerifySecretAsync * fix default param value --------- Co-authored-by: Ike Kottlowski <ikottlowski@bitwarden.com> Co-authored-by: Todd Martin <tmartin@bitwarden.com>
2025-12-21 18:53:41 +00:00 · 2024-07-22 11:21:14 -04:00
parent 4f4750a0a6
commit 091c03a90c
6 changed files with 49 additions and 28 deletions
--- a/src/Core/Services/IUserService.cs
+++ b/src/Core/Services/IUserService.cs
@@ -75,7 +75,7 @@ public interface IUserService
    string GetUserName(ClaimsPrincipal principal);
    Task SendOTPAsync(User user);
    Task<bool> VerifyOTPAsync(User user, string token);
-    Task<bool> VerifySecretAsync(User user, string secret);
+    Task<bool> VerifySecretAsync(User user, string secret, bool isSettingMFA = false);


    void SetTwoFactorProvider(User user, TwoFactorProviderType type, bool setEnabled = true);