fix(register): [PM-27084] Account Register Uses New Data Types - Addressed concerns from reviewer.

2026-02-16 16:59:03 +00:00 · 2025-12-31 21:34:24 -05:00
parent e531ab1aab
commit 28640d0963
3 changed files with 6 additions and 39 deletions
--- a/src/Core/Auth/Models/Api/Request/Accounts/RegisterFinishRequestModel.cs
+++ b/src/Core/Auth/Models/Api/Request/Accounts/RegisterFinishRequestModel.cs
@@ -69,9 +69,9 @@ public class RegisterFinishRequestModel : IValidatableObject
            Email = Email,
            MasterPasswordHint = MasterPasswordHint,
            Kdf = MasterPasswordUnlock?.Kdf.KdfType ?? Kdf
-                ?? throw new BadRequestException("KdfType couldn't be found on either the MasterPasswordUnlockData or the Kdf property passed in."),
+                ?? throw new BadRequestException("KdfType couldn't be found on either the MasterPasswordUnlock or the Kdf property passed in."),
            KdfIterations = MasterPasswordUnlock?.Kdf.Iterations ?? KdfIterations
-                ?? throw new BadRequestException("KdfIterations couldn't be found on either the MasterPasswordUnlockData or the KdfIterations property passed in."),
+                ?? throw new BadRequestException("KdfIterations couldn't be found on either the MasterPasswordUnlock or the KdfIterations property passed in."),
            // KdfMemory and KdfParallelism are optional (only used for Argon2id)
            KdfMemory = MasterPasswordUnlock?.Kdf.Memory ?? KdfMemory,
            KdfParallelism = MasterPasswordUnlock?.Kdf.Parallelism ?? KdfParallelism,
@@ -123,33 +123,6 @@ public class RegisterFinishRequestModel : IValidatableObject
        ThrowIfExistsAndHashIsNotEqual(MasterPasswordAuthentication, MasterPasswordHash);

        // 1. Access Token Presence Verification Check
-
-        // Ensure exactly one registration token type is provided
-        var hasEmailVerification = !string.IsNullOrWhiteSpace(EmailVerificationToken);
-        var hasOrgInvite = !string.IsNullOrEmpty(OrgInviteToken)
-                           && OrganizationUserId.HasValue
-                           && OrganizationUserId.Value != Guid.Empty;
-        var hasOrgSponsoredFreeFamilyPlan = !string.IsNullOrWhiteSpace(OrgSponsoredFreeFamilyPlanToken);
-        var hasEmergencyAccessInvite = !string.IsNullOrWhiteSpace(AcceptEmergencyAccessInviteToken)
-                                       && AcceptEmergencyAccessId.HasValue
-                                       && AcceptEmergencyAccessId.Value != Guid.Empty;
-        var hasProviderInvite = !string.IsNullOrWhiteSpace(ProviderInviteToken)
-                                && ProviderUserId.HasValue
-                                && ProviderUserId.Value != Guid.Empty;
-        var tokenCount = (hasEmailVerification ? 1 : 0)
-                         + (hasOrgInvite ? 1 : 0)
-                         + (hasOrgSponsoredFreeFamilyPlan ? 1 : 0)
-                         + (hasEmergencyAccessInvite ? 1 : 0)
-                         + (hasProviderInvite ? 1 : 0);
-        if (tokenCount == 0)
-        {
-            throw new BadRequestException("Invalid registration finish request");
-        }
-        if (tokenCount > 1)
-        {
-            throw new BadRequestException("Multiple registration token types provided.");
-        }
-
        switch (GetTokenType())
        {
            case RegisterFinishTokenType.EmailVerification:
@@ -222,7 +195,7 @@ public class RegisterFinishRequestModel : IValidatableObject
        {
            if (authenticationData.MasterPasswordAuthenticationHash != hash)
            {
-                throw new BadRequestException("Master password hash and hash are not equal.");
+                throw new BadRequestException("AuthenticationData MasterPasswordHash and root level MasterPasswordHash provided and are not equal. Only provide one.");
            }
        }
    }
--- a/src/Core/KeyManagement/Models/Api/Request/KdfRequestModel.cs
+++ b/src/Core/KeyManagement/Models/Api/Request/KdfRequestModel.cs
@@ -1,8 +1,9 @@
 using System.ComponentModel.DataAnnotations;
 using Bit.Core.Enums;
+using Bit.Core.KeyManagement.Models.Data;
 using Bit.Core.Utilities;

-namespace Bit.Core.KeyManagement.Models.Data;
+namespace Bit.Core.KeyManagement.Models.Api.Request;

 public class KdfRequestModel : IValidatableObject
 {
--- a/src/Core/KeyManagement/Models/Data/MasterPasswordUnlockAndAuthenticationData.cs
+++ b/src/Core/KeyManagement/Models/Data/MasterPasswordUnlockAndAuthenticationData.cs
@@ -1,15 +1,8 @@
-#nullable enable
-using Bit.Core.Entities;
+using Bit.Core.Entities;
 using Bit.Core.Enums;

 namespace Bit.Core.KeyManagement.Models.Data;

-/// <summary>
-/// Probably shouldn't be used as we want to make sure that the unlock data and authentication data
-/// can use separate kdf settings.
-///
-/// Should be cleaned up in the near future.
-/// </summary>
 public class MasterPasswordUnlockAndAuthenticationData
 {
    public KdfType KdfType { get; set; }