Revert "feat(prelogin): [Auth/PM-27062] Prelogin New Response (#6577)" (#6582)

This reverts commit 92e511284b. Merged without feature flag code and before QA could get their review done.
2025-12-15 15:53:59 +00:00 · 2025-11-14 16:42:14 -05:00
parent 92e511284b
commit 7eaca9bb7d
6 changed files with 47 additions and 175 deletions
--- a/src/Core/Models/Data/UserKdfInformation.cs
+++ b/src/Core/Models/Data/UserKdfInformation.cs
@@ -4,8 +4,8 @@ namespace Bit.Core.Models.Data;

 public class UserKdfInformation
 {
-    public required KdfType Kdf { get; set; }
-    public required int KdfIterations { get; set; }
+    public KdfType Kdf { get; set; }
+    public int KdfIterations { get; set; }
    public int? KdfMemory { get; set; }
    public int? KdfParallelism { get; set; }
 }
--- a/src/Identity/Controllers/AccountsController.cs
+++ b/src/Identity/Controllers/AccountsController.cs
@@ -195,35 +195,16 @@ public class AccountsController : Controller
        throw new BadRequestException(ModelState);
    }

+    // Moved from API, If you modify this endpoint, please update API as well. Self hosted installs still use the API endpoints.
    [HttpPost("prelogin")]
-    [Obsolete("Migrating to use a more descriptive endpoint that would support different types of prelogins. " +
-              "Use prelogin/password instead. This endpoint has no EOL at the time of writing.")]
-    public async Task<PasswordPreloginResponseModel> PostPrelogin([FromBody] PasswordPreloginRequestModel model)
-    {
-        // Same as PostPasswordPrelogin to maintain compatibility. Do not make changes in this function body,
-        // only make changes in MakePasswordPreloginCall
-        return await MakePasswordPreloginCall(model);
-    }
-
-    // There are two functions done this way because the open api docs that get generated in our build pipeline
-    // cannot handle two of the same post attributes on the same function call. That is why there is a
-    // PostPrelogin and the more appropriate PostPasswordPrelogin.
-    [HttpPost("prelogin/password")]
-    public async Task<PasswordPreloginResponseModel> PostPasswordPrelogin([FromBody] PasswordPreloginRequestModel model)
-    {
-        // Same as PostPrelogin to maintain backwards compatibility. Do not make changes in this function body,
-        // only make changes in MakePasswordPreloginCall
-        return await MakePasswordPreloginCall(model);
-    }
-
-    private async Task<PasswordPreloginResponseModel> MakePasswordPreloginCall(PasswordPreloginRequestModel model)
+    public async Task<PreloginResponseModel> PostPrelogin([FromBody] PreloginRequestModel model)
    {
        var kdfInformation = await _userRepository.GetKdfInformationByEmailAsync(model.Email);
        if (kdfInformation == null)
        {
            kdfInformation = GetDefaultKdf(model.Email);
        }
-        return new PasswordPreloginResponseModel(kdfInformation, model.Email);
+        return new PreloginResponseModel(kdfInformation);
    }

    [HttpGet("webauthn/assertion-options")]
@@ -247,17 +228,19 @@ public class AccountsController : Controller
        {
            return _defaultKdfResults[0];
        }
-
-        // Compute the HMAC hash of the email
-        var hmacMessage = Encoding.UTF8.GetBytes(email.Trim().ToLowerInvariant());
-        using var hmac = new System.Security.Cryptography.HMACSHA256(_defaultKdfHmacKey);
-        var hmacHash = hmac.ComputeHash(hmacMessage);
-        // Convert the hash to a number
-        var hashHex = BitConverter.ToString(hmacHash).Replace("-", string.Empty).ToLowerInvariant();
-        var hashFirst8Bytes = hashHex.Substring(0, 16);
-        var hashNumber = long.Parse(hashFirst8Bytes, System.Globalization.NumberStyles.HexNumber);
-        // Find the default KDF value for this hash number
-        var hashIndex = (int)(Math.Abs(hashNumber) % _defaultKdfResults.Count);
-        return _defaultKdfResults[hashIndex];
+        else
+        {
+            // Compute the HMAC hash of the email
+            var hmacMessage = Encoding.UTF8.GetBytes(email.Trim().ToLowerInvariant());
+            using var hmac = new System.Security.Cryptography.HMACSHA256(_defaultKdfHmacKey);
+            var hmacHash = hmac.ComputeHash(hmacMessage);
+            // Convert the hash to a number
+            var hashHex = BitConverter.ToString(hmacHash).Replace("-", string.Empty).ToLowerInvariant();
+            var hashFirst8Bytes = hashHex.Substring(0, 16);
+            var hashNumber = long.Parse(hashFirst8Bytes, System.Globalization.NumberStyles.HexNumber);
+            // Find the default KDF value for this hash number
+            var hashIndex = (int)(Math.Abs(hashNumber) % _defaultKdfResults.Count);
+            return _defaultKdfResults[hashIndex];
+        }
    }
 }
--- a/src/Identity/Models/Request/Accounts/PasswordPreloginRequestModel.cs
+++ b/src/Identity/Models/Request/Accounts/PasswordPreloginRequestModel.cs
@@ -5,7 +5,7 @@ using System.ComponentModel.DataAnnotations;

 namespace Bit.Identity.Models.Request.Accounts;

-public class PasswordPreloginRequestModel
+public class PreloginRequestModel
 {
    [Required]
    [EmailAddress]
--- a/src/Identity/Models/Response/Accounts/PasswordPreloginResponseModel.cs
+++ b/src/Identity/Models/Response/Accounts/PasswordPreloginResponseModel.cs
@@ -1,38 +0,0 @@
-using Bit.Core.Enums;
-using Bit.Core.KeyManagement.Models.Data;
-using Bit.Core.Models.Data;
-
-namespace Bit.Identity.Models.Response.Accounts;
-
-public class PasswordPreloginResponseModel
-{
-    public PasswordPreloginResponseModel(UserKdfInformation kdfInformation, string? salt = null)
-    {
-        // PM-28143 Cleanup
-        Kdf = kdfInformation.Kdf;
-        KdfIterations = kdfInformation.KdfIterations;
-        KdfMemory = kdfInformation.KdfMemory;
-        KdfParallelism = kdfInformation.KdfParallelism;
-        // End Cleanup
-
-        KdfSettings = new KdfSettings()
-        {
-            KdfType = kdfInformation.Kdf,
-            Iterations = kdfInformation.KdfIterations,
-            Memory = kdfInformation.KdfMemory,
-            Parallelism = kdfInformation.KdfParallelism,
-        };
-        Salt = salt;
-    }
-
-    // Old Data Types
-    public KdfType? Kdf { get; set; }           // PM-28143 Remove with cleanup
-    public int? KdfIterations { get; set; }     // PM-28143 Remove with cleanup
-    public int? KdfMemory { get; set; }         // PM-28143 Remove with cleanup
-    public int? KdfParallelism { get; set; }    // PM-28143 Remove with cleanup
-
-    // New Data Types
-    public KdfSettings? KdfSettings { get; set; }  // PM-28143 With cleanup make this not nullish
-    public string? Salt { get; set; }              // PM-28143 With cleanup make this not nullish. Not used yet,
-                                                   // just the email from the request at this time.
-}
--- a/src/Identity/Models/Response/Accounts/PreloginResponseModel.cs
+++ b/src/Identity/Models/Response/Accounts/PreloginResponseModel.cs
@@ -0,0 +1,20 @@
+using Bit.Core.Enums;
+using Bit.Core.Models.Data;
+
+namespace Bit.Identity.Models.Response.Accounts;
+
+public class PreloginResponseModel
+{
+    public PreloginResponseModel(UserKdfInformation kdfInformation)
+    {
+        Kdf = kdfInformation.Kdf;
+        KdfIterations = kdfInformation.KdfIterations;
+        KdfMemory = kdfInformation.KdfMemory;
+        KdfParallelism = kdfInformation.KdfParallelism;
+    }
+
+    public KdfType Kdf { get; set; }
+    public int KdfIterations { get; set; }
+    public int? KdfMemory { get; set; }
+    public int? KdfParallelism { get; set; }
+}