[PM-4371] Implement PRF key rotation (#4157)

* Send rotateable keyset on list webauthn keys * Implement basic prf key rotation * Add validator for webauthn rotation * Fix accounts controller tests * Add webauthn rotation validator tests * Introduce separate request model * Fix tests * Remove extra empty line * Remove filtering in validator * Don't send encrypted private key * Fix tests * Implement delegated webauthn db transactions * Add backward compatibility * Fix query not working * Update migration sql * Update dapper query * Remove unused helper * Rename webauthn to WebAuthnLogin * Fix linter errors * Fix tests * Fix tests
2025-12-16 16:23:31 +00:00 · 2024-06-17 20:46:57 +02:00
parent a556462685
commit 3ad4bc1cab
19 changed files with 347 additions and 11 deletions
--- a/src/Api/Auth/Models/Response/WebAuthn/WebAuthnCredentialResponseModel.cs
+++ b/src/Api/Auth/Models/Response/WebAuthn/WebAuthnCredentialResponseModel.cs
@@ -1,6 +1,7 @@
 using Bit.Core.Auth.Entities;
 using Bit.Core.Auth.Enums;
 using Bit.Core.Models.Api;
+using Bit.Core.Utilities;

 namespace Bit.Api.Auth.Models.Response.WebAuthn;

@@ -13,9 +14,17 @@ public class WebAuthnCredentialResponseModel : ResponseModel
        Id = credential.Id.ToString();
        Name = credential.Name;
        PrfStatus = credential.GetPrfStatus();
+        EncryptedUserKey = credential.EncryptedUserKey;
+        EncryptedPublicKey = credential.EncryptedPublicKey;
    }

    public string Id { get; set; }
    public string Name { get; set; }
    public WebAuthnPrfStatus PrfStatus { get; set; }
+    [EncryptedString]
+    [EncryptedStringLength(2000)]
+    public string EncryptedUserKey { get; set; }
+    [EncryptedString]
+    [EncryptedStringLength(2000)]
+    public string EncryptedPublicKey { get; set; }
 }