Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-03 18:16:17 +02:00
Code Issues Projects Releases Wiki Activity

[PM-18608] Don't require new device verification on newly created accounts (#5440)

Browse Source 
* Limit new device verification to aged accounts

* set user creation date context for test

* formatting
This commit is contained in:
Kyle Spearrin 2025-02-27 11:01:40 -05:00 committed by GitHub
parent 3533f82d0f
commit 8354929ff1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 36 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/Identity/IdentityServer/RequestValidators/DeviceValidator.cs
View File

@ -120,6 +120,13 @@ public class DeviceValidator(
return DeviceValidationResultType.Success; return DeviceValidationResultType.Success;
} }
// User is newly registered, so don't require new device verification
var createdSpan = DateTime.UtcNow - user.CreationDate;
if (createdSpan < TimeSpan.FromHours(24))
{
return DeviceValidationResultType.Success;
}
// CS exception flow // CS exception flow
// Check cache for user information // Check cache for user information
var cacheKey = string.Format(AuthConstants.NewDeviceVerificationExceptionCacheKeyFormat, user.Id.ToString()); var cacheKey = string.Format(AuthConstants.NewDeviceVerificationExceptionCacheKeyFormat, user.Id.ToString());

29
test/Identity.Test/IdentityServer/DeviceValidatorTests.cs
View File

@ -447,6 +447,31 @@ public class DeviceValidatorTests
Assert.NotNull(context.Device); Assert.NotNull(context.Device);
} }
[Theory, BitAutoData]
public async void HandleNewDeviceVerificationAsync_NewlyCreated_ReturnsSuccess(
CustomValidatorRequestContext context,
[AuthFixtures.ValidatedTokenRequest] ValidatedTokenRequest request)
{
// Arrange
ArrangeForHandleNewDeviceVerificationTest(context, request);
_featureService.IsEnabled(FeatureFlagKeys.NewDeviceVerification).Returns(true);
_globalSettings.EnableNewDeviceVerification = true;
_distributedCache.GetAsync(Arg.Any<string>()).Returns(null as byte[]);
context.User.CreationDate = DateTime.UtcNow - TimeSpan.FromHours(23);
// Act
var result = await _sut.ValidateRequestDeviceAsync(request, context);
// Assert
await _userService.Received(0).SendOTPAsync(context.User);
await _deviceService.Received(1).SaveAsync(Arg.Any<Device>());
Assert.True(result);
Assert.False(context.CustomResponse.ContainsKey("ErrorModel"));
Assert.Equal(context.User.Id, context.Device.UserId);
Assert.NotNull(context.Device);
}
[Theory, BitAutoData] [Theory, BitAutoData]
public async void HandleNewDeviceVerificationAsync_UserHasCacheValue_ReturnsSuccess( public async void HandleNewDeviceVerificationAsync_UserHasCacheValue_ReturnsSuccess(
CustomValidatorRequestContext context, CustomValidatorRequestContext context,
@ -633,5 +658,9 @@ public class DeviceValidatorTests
request.GrantType = "password"; request.GrantType = "password";
context.TwoFactorRequired = false; context.TwoFactorRequired = false;
context.SsoRequired = false; context.SsoRequired = false;
if (context.User != null)
{
context.User.CreationDate = DateTime.UtcNow - TimeSpan.FromDays(365);
}
} }
} }