feat(register): [PM-27084] Account Register Uses New Data Types #6715

Patrick-Pimentel-Bitwarden · 2025-12-09T21:15:02Z

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-27084

📔 Objective

Update register to use new data types
Added comments so that future removal of old properties is clear
Made accounts controller not permit nullish ambiguity
Added tests to demonstrate payloads result in same outcomes for the user model

📸 Screenshots

Screen.Recording.2025-12-11.at.5.21.28.PM.mov

⏰ Reminders before review

Contributor guidelines followed
All formatters and local linters executed and passed
Written new unit and / or integration tests where applicable
Protected functional changes with optionality (feature flags)
Used internationalization (i18n) for all UI strings
CI builds passed
Communicated to DevOps any deployment requirements
Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

👍 (:+1:) or similar for great changes
📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
❓ (:question:) for questions
🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
🎨 (:art:) for suggestions / improvements
❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
⛏ (:pick:) for minor or nitpick changes

…tial changes

codecov · 2025-12-09T21:23:35Z

Codecov Report

❌ Patch coverage is 67.59777% with 58 lines in your changes missing coverage. Please review.
✅ Project coverage is 59.91%. Comparing base (b9d1a35) to head (6301dbf).
⚠️ Report is 25 commits behind head on main.

Files with missing lines	Patch %	Lines
...Api/Request/Accounts/RegisterFinishRequestModel.cs	60.81%	46 Missing and 12 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6715      +/-   ##
==========================================
+ Coverage   55.72%   59.91%   +4.18%     
==========================================
  Files        1949     1965      +16     
  Lines       86539    87037     +498     
  Branches     7725     7765      +40     
==========================================
+ Hits        48227    52150    +3923     
+ Misses      36506    32993    -3513     
- Partials     1806     1894      +88

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

github-actions · 2025-12-09T21:25:45Z

Checkmarx One – Scan Summary & Details – ee51d20b-5446-44ea-82b5-09f29cdd4942

New Issues (1)

Checkmarx found the following issues in this Pull Request

#	Severity	Issue	Source File / Package	Checkmarx Insight
1		Use_Of_Hardcoded_Password	/util/Seeder/Factories/UserSeeder.cs: 16	details The application uses the hard-coded password MasterPassword for authentication purposes, either using it to verify users' identities, or to access... Attack Vector

Fixed Issues (1)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	~~Use_Of_Hardcoded_Password~~	/util/Seeder/Factories/UserSeeder.cs: 62

…ed up reference to master password hash

…d more comments and fixed up some long lines.

…unts controller no longer nullish allowed.

…e thrown error messages more appropriate

…ed tests.

Patrick-Pimentel-Bitwarden · 2025-12-11T22:35:14Z

Adding @eligrubb to review because he has work he is branching off of this to do!

claude · 2025-12-11T22:35:28Z

Claude encountered an error —— View job

I'll analyze this and get back to you.

src/Core/Auth/Models/Api/Request/Accounts/RegisterFinishRequestModel.cs

src/Core/Utilities/KdfSettingsValidator.cs

src/Identity/Controllers/AccountsController.cs

src/Core/Auth/Models/Api/Request/Accounts/RegisterFinishRequestModel.cs

test/Identity.Test/Controllers/AccountsControllerTests.cs

src/Core/Utilities/KdfSettingsValidator.cs

src/Identity/Controllers/AccountsController.cs

test/Identity.Test/Controllers/AccountsControllerTests.cs

src/Core/Auth/Models/Api/Request/Accounts/RegisterFinishRequestModel.cs

src/Identity/Controllers/AccountsController.cs

test/Identity.Test/Controllers/AccountsControllerTests.cs

…ved unused import.

src/Identity/Controllers/AccountsController.cs

quexten · 2026-01-06T08:53:55Z

src/Identity/Controllers/AccountsController.cs

+        IdentityResult? identityResult = null;
+
+        // PM-28143 - Just use the MasterPasswordAuthenticationData.MasterPasswordAuthenticationHash
+        string masterPasswordHash = model.MasterPasswordAuthentication?.MasterPasswordAuthenticationHash


Please rename to "masterPasswordAuthenticationHash", or just use the MasterPasswordAuthentication struct all the way through. Even if it is not on the request model, you can still construct it from the email and kdf that are on the request model.

fixed with 93c9631

I don't think I want to reconstruct it right now in the interest of trying to keep things simpler. Is that okay with you to just do the rename?

As an aside, would you mind pointing me to where I would look to see an example of how to reconstruct it in the server so I can learn?

Sounds reasonable.

What I meant by reconstruction is that the authentication data is just the "MasterPasswordHash", KDF, salt (lower-cased and trimmed email) packed into a struct. You can just directly make it with something like:

MasterPasswordAuthenticationData { Kdf = Kdf {...} MasterPasswordAuthenticationHash = MasterPasswordHash, Salt = email.toLower().trim() };

mzieniukbw · 2026-01-07T13:27:03Z

test/IntegrationTestCommon/Factories/IdentityApplicationFactory.cs

+            // Always force a valid encrypted string for tests to avoid model validation failures.
+            var masterKeyWrappedUserKey = DefaultEncryptedString;


⚠️ This doesn't sound correct, to override all of the test's user key, just because the tests themselves have invalid encrypted string.
This requires fixing the tests that use this function.

Yes I agree it shouldn't override. However the tests will be addressed in PM-28143 and will have to be updated to use the new data types then.

…ed validation tests and ToUser no longer throws bad request.

…ressed feedback and added tests.

…epts-new-data-types

…ressed more feedback. No longer overriding the master password hash.

…ed tests.

…es (#6715)" This reverts commit 8cb8030.

…es (#6715)" (#6854) This reverts commit 8cb8030.

feat(register): [PM-27084] Account Register Uses New Data Types - Ini…

6c7daa6

…tial changes

Patrick-Pimentel-Bitwarden added 5 commits December 9, 2025 17:08

feat(register): [PM-27084] Account Register Uses New Data Types - Fix…

1535fa3

…ed up reference to master password hash

fix(register): [PM-27084] Account Register Uses New Data Types - Adde…

9000474

…d more comments and fixed up some long lines.

fix(register): [PM-27084] Account Register Uses New Data Types - Acco…

d7ddf2e

…unts controller no longer nullish allowed.

docs(register): [PM-27084] Account Register Uses New Data Types - Mad…

08f3acd

…e thrown error messages more appropriate

test(register): [PM-27084] Account Register Uses New Data Types - Add…

f47dac9

…ed tests.

Patrick-Pimentel-Bitwarden marked this pull request as ready for review December 11, 2025 22:34

Patrick-Pimentel-Bitwarden requested a review from a team as a code owner December 11, 2025 22:34

Patrick-Pimentel-Bitwarden requested review from eligrubb and rr-bw December 11, 2025 22:34