[PM-6208] Move TOTP cache validation logic to providers (#3779)

* move totp cache validation logic to providers

* remove unused usings

* reduce TTL

src/Identity/IdentityServer/BaseRequestValidator.cs

@@ -27,7 +27,6 @@ using Bit.Core.Tokens;
 using Bit.Core.Utilities;
 using Duende.IdentityServer.Validation;
 using Microsoft.AspNetCore.Identity;
-using Microsoft.Extensions.Caching.Distributed;
 
 namespace Bit.Identity.IdentityServer;
 
@@ -47,8 +46,6 @@ public abstract class BaseRequestValidator<T> where T : class
     private readonly GlobalSettings _globalSettings;
     private readonly IUserRepository _userRepository;
     private readonly IDataProtectorTokenFactory<SsoEmail2faSessionTokenable> _tokenDataFactory;
-    private readonly IDistributedCache _distributedCache;
-    private readonly DistributedCacheEntryOptions _cacheEntryOptions;
 
     protected ICurrentContext CurrentContext { get; }
     protected IPolicyService PolicyService { get; }
@@ -77,7 +74,6 @@ public abstract class BaseRequestValidator<T> where T : class
         IDataProtectorTokenFactory<SsoEmail2faSessionTokenable> tokenDataFactory,
         IFeatureService featureService,
         ISsoConfigRepository ssoConfigRepository,
-        IDistributedCache distributedCache,
         IUserDecryptionOptionsBuilder userDecryptionOptionsBuilder)
     {
         _userManager = userManager;
@@ -99,14 +95,6 @@ public abstract class BaseRequestValidator<T> where T : class
         _tokenDataFactory = tokenDataFactory;
         FeatureService = featureService;
         SsoConfigRepository = ssoConfigRepository;
-        _distributedCache = distributedCache;
-        _cacheEntryOptions = new DistributedCacheEntryOptions
-        {
-            // This sets the time an item is cached to 17 minutes. This value is hard coded
-            // to 17 because to it covers all time-out windows for both Authenticators and
-            // Email TOTP.
-            AbsoluteExpirationRelativeToNow = TimeSpan.FromMinutes(17)
-        };
         UserDecryptionOptionsBuilder = userDecryptionOptionsBuilder;
     }
 
@@ -153,11 +141,7 @@ public abstract class BaseRequestValidator<T> where T : class
 
             var verified = await VerifyTwoFactor(user, twoFactorOrganization,
                 twoFactorProviderType, twoFactorToken);
-
-            var cacheKey = "TOTP_" + user.Email + "_" + twoFactorToken;
-
-            var isOtpCached = Core.Utilities.DistributedCacheExtensions.TryGetValue(_distributedCache, cacheKey, out string _);
-            if (!verified || isBot || isOtpCached)
+            if (!verified || isBot)
             {
                 if (twoFactorProviderType != TwoFactorProviderType.Remember)
                 {
@@ -170,11 +154,6 @@ public abstract class BaseRequestValidator<T> where T : class
                 }
                 return;
             }
-            // We only want to track TOTPs in the cache to enforce one time use.
-            if (twoFactorProviderType == TwoFactorProviderType.Authenticator || twoFactorProviderType == TwoFactorProviderType.Email)
-            {
-                await Core.Utilities.DistributedCacheExtensions.SetAsync(_distributedCache, cacheKey, twoFactorToken, _cacheEntryOptions);
-            }
         }
         else
         {