[PM-9925] Tokenable for User Verification on Two Factor Authenticator settings (#4558)

* initial changes * Fixing some bits * fixing issue when feature flag is `false`; also names; * consume OTP on read if FF true * comment typo * fix formatting * check access code first to not consume token * add docs * revert checking access code first * update error messages * remove line number from comment --------- Co-authored-by: Jake Fink <jfink@bitwarden.com>
2026-01-02 16:43:25 +00:00 · 2024-07-25 07:51:23 -07:00
parent f211e969c7
commit aba2f023cd
6 changed files with 130 additions and 14 deletions
--- a/src/Api/Auth/Models/Request/TwoFactorRequestModels.cs
+++ b/src/Api/Auth/Models/Request/TwoFactorRequestModels.cs
@@ -17,7 +17,7 @@ public class UpdateTwoFactorAuthenticatorRequestModel : SecretVerificationReques
    [Required]
    [StringLength(50)]
    public string Key { get; set; }
-
+    public string UserVerificationToken { get; set; }
    public User ToUser(User existingUser)
    {
        var providers = existingUser.GetTwoFactorProviders();
@@ -323,3 +323,11 @@ public class TwoFactorRecoveryRequestModel : TwoFactorEmailRequestModel
    [StringLength(32)]
    public string RecoveryCode { get; set; }
 }
+
+public class TwoFactorAuthenticatorDisableRequestModel : TwoFactorProviderRequestModel
+{
+    [Required]
+    public string UserVerificationToken { get; set; }
+    [Required]
+    public string Key { get; set; }
+}
--- a/src/Api/Auth/Models/Response/TwoFactor/TwoFactorAuthenticatorResponseModel.cs
+++ b/src/Api/Auth/Models/Response/TwoFactor/TwoFactorAuthenticatorResponseModel.cs
@@ -10,10 +10,7 @@ public class TwoFactorAuthenticatorResponseModel : ResponseModel
    public TwoFactorAuthenticatorResponseModel(User user)
        : base("twoFactorAuthenticator")
    {
-        if (user == null)
-        {
-            throw new ArgumentNullException(nameof(user));
-        }
+        ArgumentNullException.ThrowIfNull(user);

        var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Authenticator);
        if (provider?.MetaData?.ContainsKey("Key") ?? false)
@@ -31,4 +28,5 @@ public class TwoFactorAuthenticatorResponseModel : ResponseModel

    public bool Enabled { get; set; }
    public string Key { get; set; }
+    public string UserVerificationToken { get; set; }
 }