diff --git a/src/Api/Vault/Controllers/CiphersController.cs b/src/Api/Vault/Controllers/CiphersController.cs index 8bfdf0f0c447..70e410328917 100644 --- a/src/Api/Vault/Controllers/CiphersController.cs +++ b/src/Api/Vault/Controllers/CiphersController.cs @@ -27,6 +27,8 @@ namespace Bit.Api.Vault.Controllers; [Authorize("Application")] public class CiphersController : Controller { + private static readonly Version _fido2KeyCipherMinimumVersion = new Version(Constants.Fido2KeyCipherMinimumVersion); + private readonly ICipherRepository _cipherRepository; private readonly ICollectionCipherRepository _collectionCipherRepository; private readonly ICipherService _cipherService; @@ -189,6 +191,14 @@ public async Task Put(Guid id, [FromBody] CipherRequestMode "then try again."); } + // Temporary protection against old clients overwriting and deleting Fido2Keys + // Response model used to re-use logic for parsing 'data' property + var cipherModel = new CipherResponseModel(cipher, _globalSettings); + if (cipherModel.Login?.Fido2Keys != null && _currentContext.ClientVersion < _fido2KeyCipherMinimumVersion) + { + throw new BadRequestException("Please update your client to edit this item."); + } + await _cipherService.SaveDetailsAsync(model.ToCipherDetails(cipher), userId, model.LastKnownRevisionDate, collectionIds); var response = new CipherResponseModel(cipher, _globalSettings); diff --git a/src/Core/Constants.cs b/src/Core/Constants.cs index 8b0cfed79529..2232800c7ff0 100644 --- a/src/Core/Constants.cs +++ b/src/Core/Constants.cs @@ -20,6 +20,8 @@ public static class Constants /// public const int OrganizationSelfHostSubscriptionGracePeriodDays = 60; + public const string Fido2KeyCipherMinimumVersion = "2023.9.1"; + public const string CipherKeyEncryptionMinimumVersion = "2023.9.2"; }