From f719763a85a489951dfb3a5ad4d20d5cb7138823 Mon Sep 17 00:00:00 2001 From: Patrick Pimentel Date: Wed, 3 Dec 2025 14:44:33 -0500 Subject: [PATCH] fix(auth-validator): [PM-22975] Client Version Validator - Took in team feedback. --- src/Core/Entities/User.cs | 13 ++++++++++++- .../Queries/GetMinimumClientVersionForUserQuery.cs | 2 +- .../GetMinimumClientVersionForUserQueryTests.cs | 7 +++++-- 3 files changed, 18 insertions(+), 4 deletions(-) diff --git a/src/Core/Entities/User.cs b/src/Core/Entities/User.cs index 5d687efe16..8b3b242c8f 100644 --- a/src/Core/Entities/User.cs +++ b/src/Core/Entities/User.cs @@ -4,6 +4,7 @@ using Bit.Core.Auth.Enums; using Bit.Core.Auth.Models; using Bit.Core.Enums; using Bit.Core.KeyManagement.Models.Data; +using Bit.Core.KeyManagement.Utilities; using Bit.Core.Utilities; using Microsoft.AspNetCore.Identity; @@ -211,7 +212,17 @@ public class User : ITableObject, IStorableSubscriber, IRevisable, ITwoFac return SecurityVersion ?? 1; } - public bool IsSecurityVersionTwo() + public bool IsSetupForV2Encryption() + { + return HasV2KeyShape() && IsSecurityVersionTwo(); + } + + private bool HasV2KeyShape() + { + return EncryptionParsing.GetEncryptionType(PrivateKey) == EncryptionType.XChaCha20Poly1305_B64; + } + + private bool IsSecurityVersionTwo() { return SecurityVersion == 2; } diff --git a/src/Core/KeyManagement/Queries/GetMinimumClientVersionForUserQuery.cs b/src/Core/KeyManagement/Queries/GetMinimumClientVersionForUserQuery.cs index b39fa11320..f6fc64a4f7 100644 --- a/src/Core/KeyManagement/Queries/GetMinimumClientVersionForUserQuery.cs +++ b/src/Core/KeyManagement/Queries/GetMinimumClientVersionForUserQuery.cs @@ -13,7 +13,7 @@ public class GetMinimumClientVersionForUserQuery() return Task.FromResult(null); } - if (user.IsSecurityVersionTwo()) + if (user.IsSetupForV2Encryption()) { return Task.FromResult(Constants.MinimumClientVersionForV2Encryption)!; } diff --git a/test/Core.Test/KeyManagement/Queries/GetMinimumClientVersionForUserQueryTests.cs b/test/Core.Test/KeyManagement/Queries/GetMinimumClientVersionForUserQueryTests.cs index db8a76e06b..b9bbbcd60b 100644 --- a/test/Core.Test/KeyManagement/Queries/GetMinimumClientVersionForUserQueryTests.cs +++ b/test/Core.Test/KeyManagement/Queries/GetMinimumClientVersionForUserQueryTests.cs @@ -1,5 +1,6 @@ using Bit.Core.Entities; using Bit.Core.KeyManagement.Queries; +using Bit.Test.Common.Constants; using Xunit; namespace Bit.Core.Test.KeyManagement.Queries; @@ -12,7 +13,8 @@ public class GetMinimumClientVersionForUserQueryTests var sut = new GetMinimumClientVersionForUserQuery(); var version = await sut.Run(new User { - SecurityVersion = 2 + SecurityVersion = 2, + PrivateKey = TestEncryptionConstants.V2PrivateKey, }); Assert.Equal(Core.KeyManagement.Constants.MinimumClientVersionForV2Encryption, version); } @@ -23,7 +25,8 @@ public class GetMinimumClientVersionForUserQueryTests var sut = new GetMinimumClientVersionForUserQuery(); var version = await sut.Run(new User { - SecurityVersion = 1 + SecurityVersion = 1, + PrivateKey = TestEncryptionConstants.V2PrivateKey, }); Assert.Null(version); }