From 1f2008b301bdb050f0a19d6764c3f1d48ecf845a Mon Sep 17 00:00:00 2001 From: Ike Kottlowski Date: Mon, 16 Mar 2026 16:58:01 -0400 Subject: [PATCH 1/3] feat: add MasterPasswordSalt to dtos --- .../Response/Organizations/OrganizationUserResponseModel.cs | 2 ++ .../OrganizationUsers/OrganizationUserResetPasswordDetails.cs | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/Api/AdminConsole/Models/Response/Organizations/OrganizationUserResponseModel.cs b/src/Api/AdminConsole/Models/Response/Organizations/OrganizationUserResponseModel.cs index 11feba5875dc..b2791578cf50 100644 --- a/src/Api/AdminConsole/Models/Response/Organizations/OrganizationUserResponseModel.cs +++ b/src/Api/AdminConsole/Models/Response/Organizations/OrganizationUserResponseModel.cs @@ -205,6 +205,7 @@ public OrganizationUserResetPasswordDetailsResponseModel(OrganizationUserResetPa KdfIterations = orgUser.KdfIterations; KdfMemory = orgUser.KdfMemory; KdfParallelism = orgUser.KdfParallelism; + MasterPasswordSalt = orgUser.MasterPasswordSalt; ResetPasswordKey = orgUser.ResetPasswordKey; EncryptedPrivateKey = orgUser.EncryptedPrivateKey; } @@ -214,6 +215,7 @@ public OrganizationUserResetPasswordDetailsResponseModel(OrganizationUserResetPa public int KdfIterations { get; set; } public int? KdfMemory { get; set; } public int? KdfParallelism { get; set; } + public string MasterPasswordSalt { get; set; } public string ResetPasswordKey { get; set; } public string EncryptedPrivateKey { get; set; } } diff --git a/src/Core/AdminConsole/Models/Data/Organizations/OrganizationUsers/OrganizationUserResetPasswordDetails.cs b/src/Core/AdminConsole/Models/Data/Organizations/OrganizationUsers/OrganizationUserResetPasswordDetails.cs index f2ed0c0ba2e1..a95e0c1d7d5f 100644 --- a/src/Core/AdminConsole/Models/Data/Organizations/OrganizationUsers/OrganizationUserResetPasswordDetails.cs +++ b/src/Core/AdminConsole/Models/Data/Organizations/OrganizationUsers/OrganizationUserResetPasswordDetails.cs @@ -33,6 +33,7 @@ public OrganizationUserResetPasswordDetails(OrganizationUser orgUser, User user, KdfIterations = user.KdfIterations; KdfMemory = user.KdfMemory; KdfParallelism = user.KdfParallelism; + MasterPasswordSalt = user.MasterPasswordSalt; ResetPasswordKey = orgUser.ResetPasswordKey; EncryptedPrivateKey = org.PrivateKey; } @@ -41,6 +42,7 @@ public OrganizationUserResetPasswordDetails(OrganizationUser orgUser, User user, public int KdfIterations { get; set; } public int? KdfMemory { get; set; } public int? KdfParallelism { get; set; } + public string MasterPasswordSalt { get; set; } public string ResetPasswordKey { get; set; } public string EncryptedPrivateKey { get; set; } } From 426e2bcd8d27989e8ff6516c9f509c8924b028a3 Mon Sep 17 00:00:00 2001 From: Ike Kottlowski Date: Mon, 16 Mar 2026 16:58:02 -0400 Subject: [PATCH 2/3] test: add or modify tests for affected repositories --- .../OrganizationUserRepositoryTests.cs | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/test/Infrastructure.IntegrationTest/AdminConsole/Repositories/OrganizationUserRepository/OrganizationUserRepositoryTests.cs b/test/Infrastructure.IntegrationTest/AdminConsole/Repositories/OrganizationUserRepository/OrganizationUserRepositoryTests.cs index 287c50afca60..369451ad7638 100644 --- a/test/Infrastructure.IntegrationTest/AdminConsole/Repositories/OrganizationUserRepository/OrganizationUserRepositoryTests.cs +++ b/test/Infrastructure.IntegrationTest/AdminConsole/Repositories/OrganizationUserRepository/OrganizationUserRepositoryTests.cs @@ -290,7 +290,8 @@ public async Task GetManyAccountRecoveryDetailsByOrganizationUserAsync_Works(IUs Kdf = KdfType.PBKDF2_SHA256, KdfIterations = 1, KdfMemory = 2, - KdfParallelism = 3 + KdfParallelism = 3, + MasterPasswordSalt = "master-salt1" }); var user2 = await userRepository.CreateAsync(new User @@ -302,7 +303,8 @@ public async Task GetManyAccountRecoveryDetailsByOrganizationUserAsync_Works(IUs Kdf = KdfType.Argon2id, KdfIterations = 4, KdfMemory = 5, - KdfParallelism = 6 + KdfParallelism = 6, + MasterPasswordSalt = "master-salt2" }); var organization = await organizationRepository.CreateAsync(new Organization @@ -352,7 +354,8 @@ public async Task GetManyAccountRecoveryDetailsByOrganizationUserAsync_Works(IUs r.KdfMemory == 2 && r.KdfParallelism == 3 && r.ResetPasswordKey == "resetpasswordkey1" && - r.EncryptedPrivateKey == "privatekey"); + r.EncryptedPrivateKey == "privatekey" && + r.MasterPasswordSalt == "master-salt1"); Assert.Contains(recoveryDetails, r => r.OrganizationUserId == orgUser2.Id && r.Kdf == KdfType.Argon2id && @@ -360,7 +363,8 @@ public async Task GetManyAccountRecoveryDetailsByOrganizationUserAsync_Works(IUs r.KdfMemory == 5 && r.KdfParallelism == 6 && r.ResetPasswordKey == "resetpasswordkey2" && - r.EncryptedPrivateKey == "privatekey"); + r.EncryptedPrivateKey == "privatekey" && + r.MasterPasswordSalt == "master-salt2"); } [DatabaseTheory, DatabaseData] From 603d59cd9d7aefc1f31175fb1255f6c1e271cbcd Mon Sep 17 00:00:00 2001 From: Ike Kottlowski Date: Mon, 16 Mar 2026 16:58:04 -0400 Subject: [PATCH 3/3] test: add tests for --- .../Controllers/OrganizationUsersControllerTests.cs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test/Api.Test/AdminConsole/Controllers/OrganizationUsersControllerTests.cs b/test/Api.Test/AdminConsole/Controllers/OrganizationUsersControllerTests.cs index 2d39ee8b8269..ba15a50d65f0 100644 --- a/test/Api.Test/AdminConsole/Controllers/OrganizationUsersControllerTests.cs +++ b/test/Api.Test/AdminConsole/Controllers/OrganizationUsersControllerTests.cs @@ -337,7 +337,8 @@ public async Task GetAccountRecoveryDetails_ReturnsDetails( ou.KdfMemory == r.KdfMemory && ou.KdfParallelism == r.KdfParallelism && ou.ResetPasswordKey == r.ResetPasswordKey && - ou.EncryptedPrivateKey == r.EncryptedPrivateKey))); + ou.EncryptedPrivateKey == r.EncryptedPrivateKey && + ou.MasterPasswordSalt == r.MasterPasswordSalt))); } [Theory] @@ -404,6 +405,7 @@ public async Task GetResetPasswordDetails_WhenValid_ReturnsDetails( Assert.Equal(user.Kdf, response.Kdf); Assert.Equal(user.KdfIterations, response.KdfIterations); Assert.Equal(org.PrivateKey, response.EncryptedPrivateKey); + Assert.Equal(user.MasterPasswordSalt, response.MasterPasswordSalt); } [Theory]