fix(auth-validator): [PM-22975] Client Version Validator - Took in team feedback.

2026-01-02 00:23:40 +00:00 · 2025-12-03 14:44:33 -05:00
parent 544965e0bd
commit f719763a85
3 changed files with 18 additions and 4 deletions
--- a/src/Core/Entities/User.cs
+++ b/src/Core/Entities/User.cs
@@ -4,6 +4,7 @@ using Bit.Core.Auth.Enums;
 using Bit.Core.Auth.Models;
 using Bit.Core.Enums;
 using Bit.Core.KeyManagement.Models.Data;
+using Bit.Core.KeyManagement.Utilities;
 using Bit.Core.Utilities;
 using Microsoft.AspNetCore.Identity;

@@ -211,7 +212,17 @@ public class User : ITableObject<Guid>, IStorableSubscriber, IRevisable, ITwoFac
        return SecurityVersion ?? 1;
    }

-    public bool IsSecurityVersionTwo()
+    public bool IsSetupForV2Encryption()
+    {
+        return HasV2KeyShape() && IsSecurityVersionTwo();
+    }
+
+    private bool HasV2KeyShape()
+    {
+        return EncryptionParsing.GetEncryptionType(PrivateKey) == EncryptionType.XChaCha20Poly1305_B64;
+    }
+
+    private bool IsSecurityVersionTwo()
    {
        return SecurityVersion == 2;
    }
--- a/src/Core/KeyManagement/Queries/GetMinimumClientVersionForUserQuery.cs
+++ b/src/Core/KeyManagement/Queries/GetMinimumClientVersionForUserQuery.cs
@@ -13,7 +13,7 @@ public class GetMinimumClientVersionForUserQuery()
            return Task.FromResult<Version?>(null);
        }

-        if (user.IsSecurityVersionTwo())
+        if (user.IsSetupForV2Encryption())
        {
            return Task.FromResult(Constants.MinimumClientVersionForV2Encryption)!;
        }
--- a/test/Core.Test/KeyManagement/Queries/GetMinimumClientVersionForUserQueryTests.cs
+++ b/test/Core.Test/KeyManagement/Queries/GetMinimumClientVersionForUserQueryTests.cs
@@ -1,5 +1,6 @@
 using Bit.Core.Entities;
 using Bit.Core.KeyManagement.Queries;
+using Bit.Test.Common.Constants;
 using Xunit;

 namespace Bit.Core.Test.KeyManagement.Queries;
@@ -12,7 +13,8 @@ public class GetMinimumClientVersionForUserQueryTests
        var sut = new GetMinimumClientVersionForUserQuery();
        var version = await sut.Run(new User
        {
-            SecurityVersion = 2
+            SecurityVersion = 2,
+            PrivateKey = TestEncryptionConstants.V2PrivateKey,
        });
        Assert.Equal(Core.KeyManagement.Constants.MinimumClientVersionForV2Encryption, version);
    }
@@ -23,7 +25,8 @@ public class GetMinimumClientVersionForUserQueryTests
        var sut = new GetMinimumClientVersionForUserQuery();
        var version = await sut.Run(new User
        {
-            SecurityVersion = 1
+            SecurityVersion = 1,
+            PrivateKey = TestEncryptionConstants.V2PrivateKey,
        });
        Assert.Null(version);
    }