[PM-23242] Added UserDecryption with MasterPasswordUnlock as part of /sync response (#6102)

* Added MasterPasswordUnlock to UserDecryptionOptions as part of identity response * Added UserDecryption with MasterPasswordUnlock as part of /sync response
2025-12-24 04:03:25 +00:00 · 2025-07-28 18:38:15 +02:00
parent 59e7bc7438
commit abfb3a27b1
5 changed files with 183 additions and 6 deletions
--- a/test/Api.Test/Vault/Controllers/SyncControllerTests.cs
+++ b/test/Api.Test/Vault/Controllers/SyncControllerTests.cs
@@ -317,6 +317,55 @@ public class SyncControllerTests
        }
    }

+    [Theory]
+    [BitAutoData]
+    public async Task Get_HaveNoMasterPassword_UserDecryptionMasterPasswordUnlockIsNull(
+        User user, SutProvider<SyncController> sutProvider)
+    {
+        user.EquivalentDomains = null;
+        user.ExcludedGlobalEquivalentDomains = null;
+
+        user.MasterPassword = null;
+
+        var userService = sutProvider.GetDependency<IUserService>();
+        userService.GetUserByPrincipalAsync(Arg.Any<ClaimsPrincipal>()).ReturnsForAnyArgs(user);
+
+        var result = await sutProvider.Sut.Get();
+
+        Assert.Null(result.UserDecryption.MasterPasswordUnlock);
+    }
+
+    [Theory]
+    [BitAutoData(KdfType.PBKDF2_SHA256, 654_321, null, null)]
+    [BitAutoData(KdfType.Argon2id, 11, 128, 5)]
+    public async Task Get_HaveMasterPassword_UserDecryptionMasterPasswordUnlockNotNull(
+        KdfType kdfType, int kdfIterations, int? kdfMemory, int? kdfParallelism,
+        User user, SutProvider<SyncController> sutProvider)
+    {
+        user.EquivalentDomains = null;
+        user.ExcludedGlobalEquivalentDomains = null;
+
+        user.Key = "test-key";
+        user.MasterPassword = "test-master-password";
+        user.Kdf = kdfType;
+        user.KdfIterations = kdfIterations;
+        user.KdfMemory = kdfMemory;
+        user.KdfParallelism = kdfParallelism;
+
+        var userService = sutProvider.GetDependency<IUserService>();
+        userService.GetUserByPrincipalAsync(Arg.Any<ClaimsPrincipal>()).ReturnsForAnyArgs(user);
+
+        var result = await sutProvider.Sut.Get();
+
+        Assert.NotNull(result.UserDecryption.MasterPasswordUnlock);
+        Assert.NotNull(result.UserDecryption.MasterPasswordUnlock.Kdf);
+        Assert.Equal(kdfType, result.UserDecryption.MasterPasswordUnlock.Kdf.KdfType);
+        Assert.Equal(kdfIterations, result.UserDecryption.MasterPasswordUnlock.Kdf.Iterations);
+        Assert.Equal(kdfMemory, result.UserDecryption.MasterPasswordUnlock.Kdf.Memory);
+        Assert.Equal(kdfParallelism, result.UserDecryption.MasterPasswordUnlock.Kdf.Parallelism);
+        Assert.Equal(user.Key, result.UserDecryption.MasterPasswordUnlock.MasterKeyEncryptedUserKey);
+        Assert.Equal(user.Email.ToLower(), result.UserDecryption.MasterPasswordUnlock.Salt);
+    }

    private async Task AssertMethodsCalledAsync(IUserService userService,
        ITwoFactorIsEnabledQuery twoFactorIsEnabledQuery,