From 5b2edef7369064aa6f547cd3febfa5e58926d0a4 Mon Sep 17 00:00:00 2001
From: Patrick Pimentel <ppimentel@bitwarden.com>
Date: Mon, 22 Dec 2025 21:49:38 -0500
Subject: [PATCH] test(register): [PM-27084] Account Register Uses New Data
 Types - Added new checks from review.

---
 .../Accounts/RegisterFinishRequestModel.cs    | 16 +++++++++--
 .../Data/MasterPasswordAuthenticationData.cs  | 13 +++++++++
 .../Models/Data/MasterPasswordUnlockData.cs   | 27 +++++++++++++++++++
 3 files changed, 54 insertions(+), 2 deletions(-)

diff --git a/src/Core/Auth/Models/Api/Request/Accounts/RegisterFinishRequestModel.cs b/src/Core/Auth/Models/Api/Request/Accounts/RegisterFinishRequestModel.cs
index 1fa78390fd..43e5a471d1 100644
--- a/src/Core/Auth/Models/Api/Request/Accounts/RegisterFinishRequestModel.cs
+++ b/src/Core/Auth/Models/Api/Request/Accounts/RegisterFinishRequestModel.cs
@@ -63,12 +63,22 @@ public class RegisterFinishRequestModel : IValidatableObject
 
     public User ToUser()
     {
+        // PM-28143 - Remove line below
+        // When we process this request to a user object, check if the unlock and authentication
+        // data has been passed through, and if so they should have matching values.
+        MasterPasswordUnlockData.ThrowIfExistsAndNotMatchingAuthenticationData(MasterPasswordAuthenticationData, MasterPasswordUnlockData);
+
+        // PM-28143 - Remove line below
+        MasterPasswordAuthenticationData.ThrowIfExistsAndHashIsNotEqual(MasterPasswordAuthenticationData, MasterPasswordHash);
+
         var user = new User
         {
             Email = Email,
             MasterPasswordHint = MasterPasswordHint,
-            Kdf = MasterPasswordUnlockData?.Kdf.KdfType ?? Kdf ?? throw new Exception("KdfType couldn't be found on either the MasterPasswordUnlockData or the Kdf property passed in."),
-            KdfIterations = MasterPasswordUnlockData?.Kdf.Iterations ?? KdfIterations ?? throw new Exception("KdfIterations couldn't be found on either the MasterPasswordUnlockData or the KdfIterations property passed in."),
+            Kdf = MasterPasswordUnlockData?.Kdf.KdfType ?? Kdf
+                ?? throw new Exception("KdfType couldn't be found on either the MasterPasswordUnlockData or the Kdf property passed in."),
+            KdfIterations = MasterPasswordUnlockData?.Kdf.Iterations ?? KdfIterations
+                ?? throw new Exception("KdfIterations couldn't be found on either the MasterPasswordUnlockData or the KdfIterations property passed in."),
             // KdfMemory and KdfParallelism are optional (only used for Argon2id)
             KdfMemory = MasterPasswordUnlockData?.Kdf.Memory ?? KdfMemory,
             KdfParallelism = MasterPasswordUnlockData?.Kdf.Parallelism ?? KdfParallelism,
@@ -111,6 +121,8 @@ public class RegisterFinishRequestModel : IValidatableObject
 
     public IEnumerable<ValidationResult> Validate(ValidationContext validationContext)
     {
+        MasterPasswordUnlockData.ThrowIfExistsAndNotMatchingAuthenticationData(MasterPasswordAuthenticationData, MasterPasswordUnlockData);
+
         // PM-28143 - Remove line below
         var kdf = MasterPasswordUnlockData?.Kdf.KdfType
                   ?? Kdf
diff --git a/src/Core/KeyManagement/Models/Data/MasterPasswordAuthenticationData.cs b/src/Core/KeyManagement/Models/Data/MasterPasswordAuthenticationData.cs
index 1bc7006cef..be566aa4d0 100644
--- a/src/Core/KeyManagement/Models/Data/MasterPasswordAuthenticationData.cs
+++ b/src/Core/KeyManagement/Models/Data/MasterPasswordAuthenticationData.cs
@@ -16,4 +16,17 @@ public class MasterPasswordAuthenticationData
             throw new BadRequestException("Invalid master password salt.");
         }
     }
+
+    public static void ThrowIfExistsAndHashIsNotEqual(
+        MasterPasswordAuthenticationData? authenticationData,
+        string? hash)
+    {
+        if (authenticationData != null && hash != null)
+        {
+            if (authenticationData.MasterPasswordAuthenticationHash != hash)
+            {
+                throw new Exception("Master password hash and hash are not equal.");
+            }
+        }
+    }
 }
diff --git a/src/Core/KeyManagement/Models/Data/MasterPasswordUnlockData.cs b/src/Core/KeyManagement/Models/Data/MasterPasswordUnlockData.cs
index cb18ed2a78..609401b643 100644
--- a/src/Core/KeyManagement/Models/Data/MasterPasswordUnlockData.cs
+++ b/src/Core/KeyManagement/Models/Data/MasterPasswordUnlockData.cs
@@ -16,4 +16,31 @@ public class MasterPasswordUnlockData
             throw new BadRequestException("Invalid master password salt.");
         }
     }
+
+    public static void ThrowIfExistsAndNotMatchingAuthenticationData(
+        MasterPasswordAuthenticationData? authenticationData,
+        MasterPasswordUnlockData? unlockData)
+    {
+        if (unlockData != null && authenticationData != null)
+        {
+            var matches = MatchesAuthenticationData(
+                unlockData,
+                authenticationData);
+
+            if (!matches)
+            {
+                throw new Exception("KDF settings and salt must match between authentication and unlock data.");
+            }
+        }
+    }
+
+    private static bool MatchesAuthenticationData(
+        MasterPasswordUnlockData unlockData,
+        MasterPasswordAuthenticationData authenticationData)
+    {
+        var kdfMatches = unlockData.Kdf.Equals(authenticationData.Kdf);
+        var saltMatches = unlockData.Salt == authenticationData.Salt;
+
+        return kdfMatches && saltMatches;
+    }
 }