[PM-27281] Support v2 account encryption on JIT master password signups (#6777)

* V2 prep, rename existing SSO JIT MP command to V1 * set initial master password for account registraton V2 * later removel docs * TDE MP onboarding split * revert separate TDE onboarding controller api * Server side hash of the user master password hash * use `ValidationResult` instead for validation errors * unit test coverage * integration test coverage * update sql migration script date * revert validate password change * better requests validation * explicit error message when org sso identifier invalid * more unit test coverage * renamed onboarding to set, hash naming clarifications * update db sql script, formatting * use raw json as request instead of request models for integration test * v1 integration test coverage * change of name
2026-02-11 19:33:21 +08:00 · 2026-01-09 09:17:45 +01:00
parent 62ae828143
commit 2e92a53f11
25 changed files with 2642 additions and 279 deletions
--- a/src/Api/KeyManagement/Models/Requests/MasterPasswordUnlockDataRequestModel.cs
+++ b/src/Api/KeyManagement/Models/Requests/MasterPasswordUnlockDataRequestModel.cs
@@ -7,8 +7,12 @@ namespace Bit.Api.KeyManagement.Models.Requests;
 public class MasterPasswordUnlockDataRequestModel
 {
    public required KdfRequestModel Kdf { get; init; }
-    [EncryptedString] public required string MasterKeyWrappedUserKey { get; init; }
-    [StringLength(256)] public required string Salt { get; init; }
+    [Required]
+    [EncryptedString]
+    public required string MasterKeyWrappedUserKey { get; init; }
+    [Required]
+    [StringLength(256)]
+    public required string Salt { get; init; }

    public MasterPasswordUnlockData ToData()
    {