[PM-27278] add AccountKeysRequestModel to RegisterFinishRequestModel for account encryption v2 support

[eligrubb]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-27278
Stacks on top of #6855.

📔 Objective

Deprecating V1 User Asymmetric Key information in favor of new V2 User Asymmetric Account Keys structure.

This PR adds support for the new AccountKeys structure while maintaining support for the legacy UserAsymmetricKey-based flow. Validation is updated to check either AccountKeys or UserAsymmetricKeys are updated. Tests include modeling for both scenarios.

📸 Screenshots

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[claude]

Claude finished @eligrubb's task in 2m 13s —— View job

---

Code Review Summary: PR #6798

PM-27278 add AccountKeysRequestModel to RegisterFinishRequestModel for account encryption v2 support

Overview

This PR introduces V2 account encryption support for user registration. The changes allow the RegisterFinish endpoint to handle both legacy (V1) and new (V2) encryption schemes during the registration process.

Key Changes Reviewed

• New data models: RegisterFinishData, modifications to UserAccountKeysData, MasterPasswordUnlockData, MasterPasswordAuthenticationData
• Modified RegisterFinishRequestModel with new properties and comprehensive validation
• Updated IRegisterUserCommand interface to pass RegisterFinishData instead of string masterPasswordHash
• New repository method SetRegisterFinishUserData with corresponding SQL stored procedure
• Flow changes in UserService.CreateUserAsync to handle V2 encryption

Review Result

APPROVED - The implementation is well-structured and maintains backward compatibility.

Positive Observations

1. Backward Compatibility: The code gracefully handles both V1 and V2 encryption schemes through the IsV2Encryption() check
2. Validation: Comprehensive input validation in RegisterFinishRequestModel.Validate() with clear error messages
3. Transaction Safety: The V2 encryption flow properly uses transactions via SetV2AccountCryptographicStateAsync
4. Security: No sensitive data exposed in logs or error messages; zero-knowledge principles maintained
5. Established Patterns: Uses existing patterns like UpdateUserData delegate for transactional operations

Test Coverage Note

While codecov reports low coverage, the PR includes unit tests in:

• RegisterFinishRequestModelTests.cs - validation and data conversion tests
• AccountsControllerTests.cs - integration tests for the registration flow

---

Reviewed with Claude Code

[quexten]

Question: SetRegisterFinishUserData sets:
{

• KDF Settings
• MasterKey Protected Userkey
  } // masterpassword unlock
  and
  {
  public key
  private key
  } // keypair

But SetV2AccountCryptographicState already writes the keypair

server/src/Infrastructure.Dapper/Repositories/UserRepository.cs

Line 317 in 0159052

PublicKey = accountKeysData.PublicKeyEncryptionKeyPairData.PublicKey,

So essentially we are writing the keypair twice here. Could we remove the key-pair from the registerFinishUserData task / SQL sproc?

[eligrubb]

Done.

[quexten]

As per the other comment, we can probably remove this. Maybe it makes sense to just rename to "SetMasterPasswordUnlockData"?

[eligrubb]

Done. I went with SetMasterPasswordUnlockUserData

[quexten]

Nit/quesion (don't have to act on it): I wonder whether these would be better served as separate tests, one legacy one not.

[eligrubb]

I'm open to either, whichever is seen as more maintainable. I put the testing the legacy & new models in one test because I wanted to match what Auth had already been doing in the file. So if Auth feels strongly one way or the other I'd like to go with that.

[quexten]

Question: Don't e expect argon2 for v2? Subsequently memory and praallelism should also be set?

[eligrubb]

This test in particular is checking the return of the ToUser function, which I changed for v2 users to only set the email and MasterPasswordHint. All others values in the User entity will be the default value, which for Kdf settings means PBKDF2 for type & iterations, and null for memory & parallelism

[quexten]

Missing memory / parallelism?

[eligrubb]

Fixed.

[quexten]

Missing Memory / parallelism

[eligrubb]

Fixed.

[quexten]

Memory / parallelism?

[eligrubb]

Fixed.

[quexten]

Which user is this in the test? A V1 user should use PBKDF2, a V2 User Argon2 but a v2 user should also have the other required values, not just public key / encrypted private key?

[eligrubb]

Good catch, this should be a v1 user. Changed the values to PBKDF2.

[sonarqubecloud]

Quality Gate passed

Issues
7 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud