From 64bf17684a0aecf461d0fb2f3a65d4c72581fd10 Mon Sep 17 00:00:00 2001
From: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
Date: Wed, 30 Jul 2025 14:23:01 -0400
Subject: [PATCH] pm-24210-v2 (#6144)

---
 .../RequestValidators/DeviceValidator.cs        |  3 +--
 .../IdentityServer/DeviceValidatorTests.cs      | 17 +++++++++++++++--
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/src/Identity/IdentityServer/RequestValidators/DeviceValidator.cs b/src/Identity/IdentityServer/RequestValidators/DeviceValidator.cs
index 42504ae813..80eb455519 100644
--- a/src/Identity/IdentityServer/RequestValidators/DeviceValidator.cs
+++ b/src/Identity/IdentityServer/RequestValidators/DeviceValidator.cs
@@ -95,8 +95,7 @@ public class DeviceValidator(
 
         // Device still unknown, but if we are in an auth request flow, this is not valid
         // as we only support auth request authN requests on known devices
-        if (request.GrantType == PasswordGrantType && isAuthRequest &&
-            context is { TwoFactorRequired: false, SsoRequired: false })
+        if (request.GrantType == PasswordGrantType && isAuthRequest)
         {
             (context.ValidationErrorResult, context.CustomResponse) =
                 BuildDeviceErrorResult(DeviceValidationResultType.AuthRequestFlowUnknownDevice);
diff --git a/test/Identity.Test/IdentityServer/DeviceValidatorTests.cs b/test/Identity.Test/IdentityServer/DeviceValidatorTests.cs
index 681b8c3a2f..551f34b90a 100644
--- a/test/Identity.Test/IdentityServer/DeviceValidatorTests.cs
+++ b/test/Identity.Test/IdentityServer/DeviceValidatorTests.cs
@@ -324,13 +324,26 @@ public class DeviceValidatorTests
         Assert.True(result);
     }
 
-    [Theory, BitAutoData]
+    [Theory]
+    [BitAutoData(false, false)]
+    [BitAutoData(true, false)]
+    [BitAutoData(true, true)]
+    [BitAutoData(true, false)]
+
     public async void ValidateRequestDeviceAsync_IsAuthRequest_UnknownDevice_Errors(
+        bool twoFactoRequired, bool ssoRequired,
         CustomValidatorRequestContext context,
         [AuthFixtures.ValidatedTokenRequest] ValidatedTokenRequest request)
     {
         // Arrange
-        ArrangeForHandleNewDeviceVerificationTest(context, request);
+        request.GrantType = "password";
+        context.TwoFactorRequired = twoFactoRequired;
+        context.SsoRequired = ssoRequired;
+        if (context.User != null)
+        {
+            context.User.CreationDate = DateTime.UtcNow - TimeSpan.FromDays(365);
+        }
+
         AddValidDeviceToRequest(request);
         _deviceRepository.GetByIdentifierAsync(context.Device.Identifier, context.User.Id)
             .Returns(null as Device);