From c255e397c0c1bc8d501fddc1d27b8005a449b54b Mon Sep 17 00:00:00 2001
From: Patrick Pimentel <ppimentel@bitwarden.com>
Date: Fri, 2 Jan 2026 12:21:04 -0500
Subject: [PATCH] fix(register): [PM-27084] Account Register Uses New Data
 Types - Added more validation around the master password kdf.

---
 .../Accounts/RegisterFinishRequestModel.cs    | 23 +++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/src/Core/Auth/Models/Api/Request/Accounts/RegisterFinishRequestModel.cs b/src/Core/Auth/Models/Api/Request/Accounts/RegisterFinishRequestModel.cs
index 430ef04307..720306a1d1 100644
--- a/src/Core/Auth/Models/Api/Request/Accounts/RegisterFinishRequestModel.cs
+++ b/src/Core/Auth/Models/Api/Request/Accounts/RegisterFinishRequestModel.cs
@@ -192,14 +192,23 @@ public class RegisterFinishRequestModel : IValidatableObject
         }
 
         // 2. Validate kdf settings.
-        if (MasterPasswordUnlock != null && MasterPasswordAuthentication != null)
+        if (MasterPasswordUnlock != null)
         {
             foreach (var validationResult in KdfSettingsValidator.Validate(MasterPasswordUnlock.ToData().Kdf))
             {
                 yield return validationResult;
             }
         }
-        else
+
+        if (MasterPasswordAuthentication != null)
+        {
+            foreach (var validationResult in KdfSettingsValidator.Validate(MasterPasswordAuthentication.ToData().Kdf))
+            {
+                yield return validationResult;
+            }
+        }
+
+        if (MasterPasswordUnlock == null && MasterPasswordAuthentication == null)
         {
             var hasMissingRequiredKdfInputs = false;
             if (Kdf == null)
@@ -225,5 +234,15 @@ public class RegisterFinishRequestModel : IValidatableObject
                 }
             }
         }
+        else if (MasterPasswordUnlock == null && MasterPasswordAuthentication != null)
+        {
+            // Authentication provided but Unlock missing
+            yield return new ValidationResult($"{nameof(MasterPasswordUnlock)} not found on RequestModel", [nameof(MasterPasswordUnlock)]);
+        }
+        else if (MasterPasswordUnlock != null && MasterPasswordAuthentication == null)
+        {
+            // Unlock provided but Authentication missing
+            yield return new ValidationResult($"{nameof(MasterPasswordAuthentication)} not found on RequestModel", [nameof(MasterPasswordAuthentication)]);
+        }
     }
 }