fix(auth-validator): [PM-22975] Client Version Validator - Fixing some white spaces as well as the renaming of a file

2026-01-02 08:33:48 +00:00 · 2025-11-20 13:28:33 -05:00
parent 47a26bb204
commit a82b31c65f
11 changed files with 4 additions and 284 deletions
--- a/src/Identity/IdentityServer/RequestValidators/BaseRequestValidator.cs
+++ b/src/Identity/IdentityServer/RequestValidators/BaseRequestValidator.cs
@@ -111,7 +111,7 @@ public abstract class BaseRequestValidator<T> where T : class
        }
        else
        {
-            // 1. We need to check if the user's master password hash is correct.
+            // 1. We need to check if the user is legitimate via the appropriate mechanism through.
            var valid = await ValidateContextAsync(context, validatorContext);
            var user = validatorContext.User;
            if (!valid)
@@ -122,10 +122,11 @@ public abstract class BaseRequestValidator<T> where T : class
                return;
            }

-            // 1.5 We need to check now the version number
+            // 1.5 Now check the version number of the client. Do this after ValidateContextAsync so that
+            // we prevent account enumeration. If we were to do this before we would validate that a given user
+            // could exist
            await ValidateClientVersionAsync(context, validatorContext);

-
            // 2. Decide if this user belongs to an organization that requires SSO.
            validatorContext.SsoRequired = await RequireSsoLoginAsync(user, request.GrantType);
            if (validatorContext.SsoRequired)