From 0a334cc928e5867445e99b2b70c9642c804320e6 Mon Sep 17 00:00:00 2001
From: Brandon Maharaj <107377945+BrandonM-Bitwarden@users.noreply.github.com>
Date: Mon, 11 Jul 2022 09:28:14 -0400
Subject: [PATCH] [SG-199] Move MP hint to MP change form (#2080)

* chore: backend changes

* fixed: test

* fix: lint
---
 src/Api/Controllers/AccountsController.cs                   | 2 +-
 src/Api/Models/Request/Accounts/PasswordRequestModel.cs     | 2 ++
 .../Models/Request/Accounts/UpdateProfileRequestModel.cs    | 4 +++-
 src/Core/Services/IUserService.cs                           | 2 +-
 src/Core/Services/Implementations/UserService.cs            | 3 ++-
 test/Api.Test/Controllers/AccountsControllerTests.cs        | 6 +++---
 6 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/src/Api/Controllers/AccountsController.cs b/src/Api/Controllers/AccountsController.cs
index 1b74d7a7c..41708d3d2 100644
--- a/src/Api/Controllers/AccountsController.cs
+++ b/src/Api/Controllers/AccountsController.cs
@@ -211,7 +211,7 @@ namespace Bit.Api.Controllers
             }
 
             var result = await _userService.ChangePasswordAsync(user, model.MasterPasswordHash,
-                model.NewMasterPasswordHash, model.Key);
+                model.NewMasterPasswordHash, model.MasterPasswordHint, model.Key);
             if (result.Succeeded)
             {
                 return;
diff --git a/src/Api/Models/Request/Accounts/PasswordRequestModel.cs b/src/Api/Models/Request/Accounts/PasswordRequestModel.cs
index 0d970237e..0df96f527 100644
--- a/src/Api/Models/Request/Accounts/PasswordRequestModel.cs
+++ b/src/Api/Models/Request/Accounts/PasswordRequestModel.cs
@@ -7,6 +7,8 @@ namespace Bit.Api.Models.Request.Accounts
         [Required]
         [StringLength(300)]
         public string NewMasterPasswordHash { get; set; }
+        [StringLength(50)]
+        public string MasterPasswordHint { get; set; }
         [Required]
         public string Key { get; set; }
     }
diff --git a/src/Api/Models/Request/Accounts/UpdateProfileRequestModel.cs b/src/Api/Models/Request/Accounts/UpdateProfileRequestModel.cs
index e92bad863..0ab9b89be 100644
--- a/src/Api/Models/Request/Accounts/UpdateProfileRequestModel.cs
+++ b/src/Api/Models/Request/Accounts/UpdateProfileRequestModel.cs
@@ -1,4 +1,5 @@
-using System.ComponentModel.DataAnnotations;
+using System;
+using System.ComponentModel.DataAnnotations;
 using Bit.Core.Entities;
 
 namespace Bit.Api.Models.Request.Accounts
@@ -8,6 +9,7 @@ namespace Bit.Api.Models.Request.Accounts
         [StringLength(50)]
         public string Name { get; set; }
         [StringLength(50)]
+        [Obsolete("Changes will be made via the 'password' endpoint going forward.")]
         public string MasterPasswordHint { get; set; }
 
         public User ToUser(User existingUser)
diff --git a/src/Core/Services/IUserService.cs b/src/Core/Services/IUserService.cs
index 76a60f97d..989bea85d 100644
--- a/src/Core/Services/IUserService.cs
+++ b/src/Core/Services/IUserService.cs
@@ -29,7 +29,7 @@ namespace Bit.Core.Services
         Task InitiateEmailChangeAsync(User user, string newEmail);
         Task<IdentityResult> ChangeEmailAsync(User user, string masterPassword, string newEmail, string newMasterPassword,
             string token, string key);
-        Task<IdentityResult> ChangePasswordAsync(User user, string masterPassword, string newMasterPassword, string key);
+        Task<IdentityResult> ChangePasswordAsync(User user, string masterPassword, string newMasterPassword, string passwordHint, string key);
         Task<IdentityResult> SetPasswordAsync(User user, string newMasterPassword, string key, string orgIdentifier = null);
         Task<IdentityResult> SetKeyConnectorKeyAsync(User user, string key, string orgIdentifier);
         Task<IdentityResult> ConvertToKeyConnectorAsync(User user);
diff --git a/src/Core/Services/Implementations/UserService.cs b/src/Core/Services/Implementations/UserService.cs
index 6250f19ca..d54ea7bb4 100644
--- a/src/Core/Services/Implementations/UserService.cs
+++ b/src/Core/Services/Implementations/UserService.cs
@@ -596,7 +596,7 @@ namespace Bit.Core.Services
             throw new NotImplementedException();
         }
 
-        public async Task<IdentityResult> ChangePasswordAsync(User user, string masterPassword, string newMasterPassword,
+        public async Task<IdentityResult> ChangePasswordAsync(User user, string masterPassword, string newMasterPassword, string passwordHint,
             string key)
         {
             if (user == null)
@@ -614,6 +614,7 @@ namespace Bit.Core.Services
 
                 user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
                 user.Key = key;
+                user.MasterPasswordHint = passwordHint;
 
                 await _userRepository.ReplaceAsync(user);
                 await _eventService.LogUserEventAsync(user.Id, EventType.User_ChangedPassword);
diff --git a/test/Api.Test/Controllers/AccountsControllerTests.cs b/test/Api.Test/Controllers/AccountsControllerTests.cs
index 51d76c544..cd33de4c8 100644
--- a/test/Api.Test/Controllers/AccountsControllerTests.cs
+++ b/test/Api.Test/Controllers/AccountsControllerTests.cs
@@ -279,12 +279,12 @@ namespace Bit.Api.Test.Controllers
         {
             var user = GenerateExampleUser();
             ConfigureUserServiceToReturnValidPrincipalFor(user);
-            _userService.ChangePasswordAsync(user, default, default, default)
+            _userService.ChangePasswordAsync(user, default, default, default, default)
                         .Returns(Task.FromResult(IdentityResult.Success));
 
             await _sut.PostPassword(new PasswordRequestModel());
 
-            await _userService.Received(1).ChangePasswordAsync(user, default, default, default);
+            await _userService.Received(1).ChangePasswordAsync(user, default, default, default, default);
         }
 
         [Fact]
@@ -302,7 +302,7 @@ namespace Bit.Api.Test.Controllers
         {
             var user = GenerateExampleUser();
             ConfigureUserServiceToReturnValidPrincipalFor(user);
-            _userService.ChangePasswordAsync(user, default, default, default)
+            _userService.ChangePasswordAsync(user, default, default, default, default)
                         .Returns(Task.FromResult(IdentityResult.Failed()));
 
             await Assert.ThrowsAsync<BadRequestException>(