feat(register): [PM-27084] Account Register Uses New Data Types - Repush (#6855)

* feat(register): [PM-27084] Account Register Uses New Data Types - Changes. * test(register): [PM-27084] Account Register Uses New Data Types - Added tests. * fix(register): [PM-27084] Account Register Uses New Data Types - Added constant for feature flag.
2026-02-24 00:23:05 +00:00 · 2026-02-04 10:03:55 -05:00
parent 5afdfa6fd1
commit c52f2e0d09
20 changed files with 1046 additions and 63 deletions
--- a/src/Identity/Controllers/AccountsController.cs
+++ b/src/Identity/Controllers/AccountsController.cs
@@ -1,8 +1,4 @@
-// FIXME: Update this file to be null safe and then delete the line below
-#nullable disable
-
-using System.Diagnostics;
-using System.Text;
+using System.Text;
 using Bit.Core;
 using Bit.Core.Auth.Enums;
 using Bit.Core.Auth.Models.Api.Request.Accounts;
@@ -42,7 +38,7 @@ public class AccountsController : Controller
    private readonly IFeatureService _featureService;
    private readonly IDataProtectorTokenFactory<RegistrationEmailVerificationTokenable> _registrationEmailVerificationTokenDataFactory;

-    private readonly byte[] _defaultKdfHmacKey = null;
+    private readonly byte[]? _defaultKdfHmacKey = null;
    private static readonly List<UserKdfInformation> _defaultKdfResults =
    [
        // The first result (index 0) should always return the "normal" default.
@@ -145,40 +141,55 @@ public class AccountsController : Controller
    [HttpPost("register/finish")]
    public async Task<RegisterFinishResponseModel> PostRegisterFinish([FromBody] RegisterFinishRequestModel model)
    {
-        var user = model.ToUser();
+        User user = model.ToUser();

        // Users will either have an emailed token or an email verification token - not both.
-        IdentityResult identityResult = null;
+        IdentityResult? identityResult = null;
+
+        // PM-28143 - Just use the MasterPasswordAuthenticationData.MasterPasswordAuthenticationHash
+        string masterPasswordAuthenticationHash = model.MasterPasswordAuthentication?.MasterPasswordAuthenticationHash
+                                                  ?? model.MasterPasswordHash!;

        switch (model.GetTokenType())
        {
            case RegisterFinishTokenType.EmailVerification:
-                identityResult =
-                    await _registerUserCommand.RegisterUserViaEmailVerificationToken(user, model.MasterPasswordHash,
-                        model.EmailVerificationToken);
-
+                identityResult = await _registerUserCommand.RegisterUserViaEmailVerificationToken(
+                    user,
+                    masterPasswordAuthenticationHash,
+                    model.EmailVerificationToken!);
                return ProcessRegistrationResult(identityResult, user);
+
            case RegisterFinishTokenType.OrganizationInvite:
-                identityResult = await _registerUserCommand.RegisterUserViaOrganizationInviteToken(user, model.MasterPasswordHash,
-                    model.OrgInviteToken, model.OrganizationUserId);
-
+                identityResult = await _registerUserCommand.RegisterUserViaOrganizationInviteToken(
+                    user,
+                    masterPasswordAuthenticationHash,
+                    model.OrgInviteToken!,
+                    model.OrganizationUserId);
                return ProcessRegistrationResult(identityResult, user);
+
            case RegisterFinishTokenType.OrgSponsoredFreeFamilyPlan:
-                identityResult = await _registerUserCommand.RegisterUserViaOrganizationSponsoredFreeFamilyPlanInviteToken(user, model.MasterPasswordHash, model.OrgSponsoredFreeFamilyPlanToken);
-
+                identityResult = await _registerUserCommand.RegisterUserViaOrganizationSponsoredFreeFamilyPlanInviteToken(
+                    user,
+                    masterPasswordAuthenticationHash,
+                    model.OrgSponsoredFreeFamilyPlanToken!);
                return ProcessRegistrationResult(identityResult, user);
+
            case RegisterFinishTokenType.EmergencyAccessInvite:
-                Debug.Assert(model.AcceptEmergencyAccessId.HasValue);
-                identityResult = await _registerUserCommand.RegisterUserViaAcceptEmergencyAccessInviteToken(user, model.MasterPasswordHash,
-                    model.AcceptEmergencyAccessInviteToken, model.AcceptEmergencyAccessId.Value);
-
+                identityResult = await _registerUserCommand.RegisterUserViaAcceptEmergencyAccessInviteToken(
+                    user,
+                    masterPasswordAuthenticationHash,
+                    model.AcceptEmergencyAccessInviteToken!,
+                    (Guid)model.AcceptEmergencyAccessId!);
                return ProcessRegistrationResult(identityResult, user);
+
            case RegisterFinishTokenType.ProviderInvite:
-                Debug.Assert(model.ProviderUserId.HasValue);
-                identityResult = await _registerUserCommand.RegisterUserViaProviderInviteToken(user, model.MasterPasswordHash,
-                    model.ProviderInviteToken, model.ProviderUserId.Value);
-
+                identityResult = await _registerUserCommand.RegisterUserViaProviderInviteToken(
+                    user,
+                    masterPasswordAuthenticationHash,
+                    model.ProviderInviteToken!,
+                    (Guid)model.ProviderUserId!);
                return ProcessRegistrationResult(identityResult, user);
+
            default:
                throw new BadRequestException("Invalid registration finish request");
        }