[PM-3808] feat: add fido2 compatibility check before saving ciphers

src/Api/Vault/Controllers/CiphersController.cs

@@ -27,6 +27,7 @@ namespace Bit.Api.Vault.Controllers;
 [Authorize("Application")]
 public class CiphersController : Controller
 {
+    private readonly Version _fido2KeyCipherMinimumVersion = new Version(Constants.Fido2KeyCipherMinimumVersion);
     private readonly ICipherRepository _cipherRepository;
     private readonly ICollectionCipherRepository _collectionCipherRepository;
     private readonly ICipherService _cipherService;
@@ -186,6 +187,13 @@ public async Task<CipherResponseModel> Put(Guid id, [FromBody] CipherRequestMode
                 "then try again.");
         }
 
+        var existingCipher = await _cipherRepository.GetByIdAsync(id, userId);
+        var existingCipherModel = new CipherResponseModel(existingCipher, _globalSettings);
+        if (existingCipherModel.Login?.Fido2Key != null && _currentContext.ClientVersion < _fido2KeyCipherMinimumVersion)
+        {
+            throw new BadRequestException("Please update your client to edit this item.");
+        }
+
         await _cipherService.SaveDetailsAsync(model.ToCipherDetails(cipher), userId, model.LastKnownRevisionDate, collectionIds);
 
         var response = new CipherResponseModel(cipher, _globalSettings);

src/Core/Constants.cs

@@ -19,6 +19,7 @@ public static class Constants
     /// their subscription has expired.
     /// </summary>
     public const int OrganizationSelfHostSubscriptionGracePeriodDays = 60;
+    public const string Fido2KeyCipherMinimumVersion = "2023.9.0";
 }
 
 public static class TokenPurposes