Skip to content

[BW-138] 2FA Account Recovery#7094

Open
kspearrin wants to merge 2 commits intomainfrom
2fa-account-recovery
Open

[BW-138] 2FA Account Recovery#7094
kspearrin wants to merge 2 commits intomainfrom
2fa-account-recovery

Conversation

@kspearrin
Copy link
Member

@kspearrin kspearrin commented Feb 26, 2026
edited
Loading

🎟️ Tracking

https://bitwarden.atlassian.net/browse/BW-138

📔 Objective

Org admins can recover 2FA on a member's account.

📸 Screenshots

@github-actions
Copy link
Contributor

github-actions bot commented Feb 26, 2026
edited
Loading

Logo
Checkmarx One – Scan Summary & Details8d0965d9-ccd5-4a25-9758-8626d0fad158

Great job! No new security vulnerabilities introduced in this pull request

@eliykat eliykat self-requested a review February 26, 2026 21:57
JaredSnider-Bitwarden
JaredSnider-Bitwarden previously approved these changes Feb 26, 2026
View reviewed changes
Copy link
Contributor

@JaredSnider-Bitwarden JaredSnider-Bitwarden left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auth domain changes LGTM!

@codecov
Copy link

codecov bot commented Feb 27, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 56.70%. Comparing base (18973a4) to head (287a50b).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #7094      +/-   ##
==========================================
- Coverage   60.71%   56.70%   -4.02%     
==========================================
  Files        2013     2013              
  Lines       88131    88191      +60     
  Branches     7846     7861      +15     
==========================================
- Hits        53512    50009    -3503     
- Misses      32716    36362    +3646     
+ Partials     1903     1820      -83

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

eliykat
eliykat reviewed Feb 27, 2026
View reviewed changes
Copy link
Member

@eliykat eliykat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Much nicer review experience, thank you.

plans/2fa-account-recovery.md Outdated
Comment on lines 305 to 310
// Validate
var validationResult = await _adminRecoverAccountValidator.ValidateAsync(commandRequest);
if (validationResult.IsError)
{
return Handle(validationResult.AsError); // maps BadRequestError → 400, NotFoundError → 404
}
Copy link
Member

@eliykat eliykat Feb 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We call validation from inside the command, so that command inputs are always guaranteed to be validated. I can see an argument for doing it from the controller so that they're fully decoupled, but it's not our current practice.

plans/2fa-account-recovery.md Outdated
return TypedResults.NoContent();
```

Add a `Handle(Error)` helper or use existing `Handle(CommandResult)` — need to check how other controllers handle `ValidationResult` errors. The `BaseAdminConsoleController.Handle(CommandResult)` handles `Error` types, so we can map:
Copy link
Member

@eliykat eliykat Feb 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We would use Handle(CommandResult) as this suggests. However, this command returns an IdentityResult for some reason rather than a CommandResult. You can either update the command to return a CommandResult, or - to limit scope - just throw your errors inside the command (including validation failures).

@kspearrin kspearrin requested a review from eliykat February 27, 2026 13:44
@kspearrin
Copy link
Member Author

kspearrin commented Feb 27, 2026

New proposal seems to have simplified things a bit

@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 27, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JaredSnider-Bitwarden JaredSnider-Bitwarden JaredSnider-Bitwarden left review comments

@eliykat eliykat Awaiting requested review from eliykat

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kspearrin @eliykat @JaredSnider-Bitwarden