[PM-4371] Implement PRF key rotation (#4157)

* Send rotateable keyset on list webauthn keys * Implement basic prf key rotation * Add validator for webauthn rotation * Fix accounts controller tests * Add webauthn rotation validator tests * Introduce separate request model * Fix tests * Remove extra empty line * Remove filtering in validator * Don't send encrypted private key * Fix tests * Implement delegated webauthn db transactions * Add backward compatibility * Fix query not working * Update migration sql * Update dapper query * Remove unused helper * Rename webauthn to WebAuthnLogin * Fix linter errors * Fix tests * Fix tests
2025-12-18 17:23:28 +00:00 · 2024-06-17 20:46:57 +02:00
parent a556462685
commit 3ad4bc1cab
19 changed files with 347 additions and 11 deletions
--- a/src/Api/Auth/Models/Request/WebAuthn/WebAuthnLoginRotateKeyRequestModel.cs
+++ b/src/Api/Auth/Models/Request/WebAuthn/WebAuthnLoginRotateKeyRequestModel.cs
@@ -0,0 +1,32 @@
+using System.ComponentModel.DataAnnotations;
+using Bit.Core.Auth.Models.Data;
+using Bit.Core.Utilities;
+
+namespace Bit.Api.Auth.Models.Request.WebAuthn;
+
+public class WebAuthnLoginRotateKeyRequestModel
+{
+    [Required]
+    public Guid Id { get; set; }
+
+    [Required]
+    [EncryptedString]
+    [EncryptedStringLength(2000)]
+    public string EncryptedUserKey { get; set; }
+
+    [Required]
+    [EncryptedString]
+    [EncryptedStringLength(2000)]
+    public string EncryptedPublicKey { get; set; }
+
+    public WebAuthnLoginRotateKeyData ToWebAuthnRotateKeyData()
+    {
+        return new WebAuthnLoginRotateKeyData
+        {
+            Id = Id,
+            EncryptedUserKey = EncryptedUserKey,
+            EncryptedPublicKey = EncryptedPublicKey
+        };
+    }
+
+}