[PM-18608] Don't require new device verification on newly created accounts (#5440)

* Limit new device verification to aged accounts * set user creation date context for test * formatting
2025-03-12 13:29:14 +01:00 · 2025-02-27 11:01:40 -05:00 · 2025-02-27 11:01:40 -05:00 · 8354929ff1
commit 8354929ff1
parent 3533f82d0f
2 changed files with 36 additions and 0 deletions
--- a/src/Identity/IdentityServer/RequestValidators/DeviceValidator.cs
+++ b/src/Identity/IdentityServer/RequestValidators/DeviceValidator.cs
@ -120,6 +120,13 @@ public class DeviceValidator(
            return DeviceValidationResultType.Success;
        }

+        // User is newly registered, so don't require new device verification
+        var createdSpan = DateTime.UtcNow - user.CreationDate;
+        if (createdSpan < TimeSpan.FromHours(24))
+        {
+            return DeviceValidationResultType.Success;
+        }
+
        // CS exception flow
        // Check cache for user information
        var cacheKey = string.Format(AuthConstants.NewDeviceVerificationExceptionCacheKeyFormat, user.Id.ToString());
--- a/test/Identity.Test/IdentityServer/DeviceValidatorTests.cs
+++ b/test/Identity.Test/IdentityServer/DeviceValidatorTests.cs
@ -447,6 +447,31 @@ public class DeviceValidatorTests
        Assert.NotNull(context.Device);
    }

+    [Theory, BitAutoData]
+    public async void HandleNewDeviceVerificationAsync_NewlyCreated_ReturnsSuccess(
+        CustomValidatorRequestContext context,
+        [AuthFixtures.ValidatedTokenRequest] ValidatedTokenRequest request)
+    {
+        // Arrange
+        ArrangeForHandleNewDeviceVerificationTest(context, request);
+        _featureService.IsEnabled(FeatureFlagKeys.NewDeviceVerification).Returns(true);
+        _globalSettings.EnableNewDeviceVerification = true;
+        _distributedCache.GetAsync(Arg.Any<string>()).Returns(null as byte[]);
+        context.User.CreationDate = DateTime.UtcNow - TimeSpan.FromHours(23);
+
+        // Act
+        var result = await _sut.ValidateRequestDeviceAsync(request, context);
+
+        // Assert
+        await _userService.Received(0).SendOTPAsync(context.User);
+        await _deviceService.Received(1).SaveAsync(Arg.Any<Device>());
+
+        Assert.True(result);
+        Assert.False(context.CustomResponse.ContainsKey("ErrorModel"));
+        Assert.Equal(context.User.Id, context.Device.UserId);
+        Assert.NotNull(context.Device);
+    }
+
    [Theory, BitAutoData]
    public async void HandleNewDeviceVerificationAsync_UserHasCacheValue_ReturnsSuccess(
        CustomValidatorRequestContext context,
@ -633,5 +658,9 @@ public class DeviceValidatorTests
        request.GrantType = "password";
        context.TwoFactorRequired = false;
        context.SsoRequired = false;
+        if (context.User != null)
+        {
+            context.User.CreationDate = DateTime.UtcNow - TimeSpan.FromDays(365);
+        }
    }
 }