From aa8e8cc868bf3270c8b693fa427c7f9c09b87b7d Mon Sep 17 00:00:00 2001
From: Patrick Pimentel <ppimentel@bitwarden.com>
Date: Tue, 16 Dec 2025 12:29:57 -0500
Subject: [PATCH] test(register): [PM-27084] Account Register Uses New Data
 Types - Fixted tests and added comments for the future.

---
 .../Factories/IdentityApplicationFactory.cs   | 67 +++++++++++++++++++
 1 file changed, 67 insertions(+)

diff --git a/test/IntegrationTestCommon/Factories/IdentityApplicationFactory.cs b/test/IntegrationTestCommon/Factories/IdentityApplicationFactory.cs
index 3c0b551908..d605cc9ff8 100644
--- a/test/IntegrationTestCommon/Factories/IdentityApplicationFactory.cs
+++ b/test/IntegrationTestCommon/Factories/IdentityApplicationFactory.cs
@@ -4,9 +4,11 @@
 using System.Collections.Concurrent;
 using System.Net.Http.Json;
 using System.Text.Json;
+using Bit.Core;
 using Bit.Core.Auth.Models.Api.Request.Accounts;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
+using Bit.Core.KeyManagement.Models.Data;
 using Bit.Core.Services;
 using Bit.Identity;
 using Bit.Test.Common.Helpers;
@@ -195,6 +197,71 @@ public class IdentityApplicationFactory : WebApplicationFactoryBase<Startup>
         RegisterFinishRequestModel requestModel,
         bool marketingEmails = true)
     {
+        // Ensure required fields for registration finish are present.
+        // Prefer legacy-path defaults (root fields) to minimize changes to tests.
+        // PM-28143 - When MasterPasswordAuthenticationData is required, delete all handling of MasterPasswordHash.
+        requestModel.MasterPasswordHash ??= DefaultUserPasswordHash;
+        // PM-28143 - When KDF is sourced exclusively from MasterPasswordUnlockData, delete the root Kdf defaults below.
+        requestModel.Kdf ??= KdfType.PBKDF2_SHA256;
+        requestModel.KdfIterations ??= AuthConstants.PBKDF2_ITERATIONS.Default;
+        // Ensure a symmetric key is provided when no unlock data is present
+        // PM-28143 - When MasterPasswordUnlockData is required, delete the UserSymmetricKey fallback block below.
+        if (requestModel.MasterPasswordUnlockData == null && string.IsNullOrWhiteSpace(requestModel.UserSymmetricKey))
+        {
+            requestModel.UserSymmetricKey = "user_symmetric_key";
+        }
+
+        // Align unlock/auth data KDF with root KDF so login uses the provided master password hash.
+        // PM-28143 - After removing root Kdf fields, build KDF exclusively from MasterPasswordUnlockData.Kdf and delete this alignment section.
+        var effectiveKdfType = requestModel.Kdf ?? KdfType.PBKDF2_SHA256;
+        var effectiveIterations = requestModel.KdfIterations ?? AuthConstants.PBKDF2_ITERATIONS.Default;
+        int? effectiveMemory = null;
+        int? effectiveParallelism = null;
+        if (effectiveKdfType == KdfType.Argon2id)
+        {
+            effectiveIterations = AuthConstants.ARGON2_ITERATIONS.InsideRange(effectiveIterations)
+                ? effectiveIterations
+                : AuthConstants.ARGON2_ITERATIONS.Default;
+            effectiveMemory = AuthConstants.ARGON2_MEMORY.Default;
+            effectiveParallelism = AuthConstants.ARGON2_PARALLELISM.Default;
+        }
+
+        var alignedKdf = new KdfSettings
+        {
+            KdfType = effectiveKdfType,
+            Iterations = effectiveIterations,
+            Memory = effectiveMemory,
+            Parallelism = effectiveParallelism
+        };
+
+        if (requestModel.MasterPasswordUnlockData != null)
+        {
+            var unlock = requestModel.MasterPasswordUnlockData;
+            // PM-28143 - Once UserSymmetricKey is removed and UnlockData is required, delete the fallback to UserSymmetricKey below.
+            var masterKeyWrappedUserKey = !string.IsNullOrWhiteSpace(unlock.MasterKeyWrappedUserKey)
+                ? unlock.MasterKeyWrappedUserKey
+                : (string.IsNullOrWhiteSpace(requestModel.UserSymmetricKey) ? "user_symmetric_key" : requestModel.UserSymmetricKey);
+            requestModel.MasterPasswordUnlockData = new MasterPasswordUnlockData
+            {
+                Kdf = alignedKdf,
+                MasterKeyWrappedUserKey = masterKeyWrappedUserKey,
+                Salt = unlock.Salt
+            };
+        }
+
+        if (requestModel.MasterPasswordAuthenticationData != null)
+        {
+            // Ensure registration uses the same hash the tests will provide at login.
+            // PM-28143 - When MasterPasswordAuthenticationData is the only source of the auth hash,
+            // stop overriding it from MasterPasswordHash and delete this whole reassignment block.
+            requestModel.MasterPasswordAuthenticationData = new MasterPasswordAuthenticationData
+            {
+                Kdf = alignedKdf,
+                MasterPasswordAuthenticationHash = requestModel.MasterPasswordHash,
+                Salt = requestModel.Email
+            };
+        }
+
         var sendVerificationEmailReqModel = new RegisterSendVerificationEmailRequestModel
         {
             Email = requestModel.Email,