From 97b87afc07b1ec14a46b01d52f44a95b27954ff7 Mon Sep 17 00:00:00 2001
From: Andreas Coroiu <andreas.coroiu@gmail.com>
Date: Mon, 11 Sep 2023 16:22:41 +0200
Subject: [PATCH] [PM-3808] feat: add fido2 compatibility check before saving
 ciphers

---
 src/Api/Vault/Controllers/CiphersController.cs | 8 ++++++++
 src/Core/Constants.cs                          | 1 +
 2 files changed, 9 insertions(+)

diff --git a/src/Api/Vault/Controllers/CiphersController.cs b/src/Api/Vault/Controllers/CiphersController.cs
index 8bcd6038927d..ff7f6c55f26f 100644
--- a/src/Api/Vault/Controllers/CiphersController.cs
+++ b/src/Api/Vault/Controllers/CiphersController.cs
@@ -27,6 +27,7 @@ namespace Bit.Api.Vault.Controllers;
 [Authorize("Application")]
 public class CiphersController : Controller
 {
+    private readonly Version _fido2KeyCipherMinimumVersion = new Version(Constants.Fido2KeyCipherMinimumVersion);
     private readonly ICipherRepository _cipherRepository;
     private readonly ICollectionCipherRepository _collectionCipherRepository;
     private readonly ICipherService _cipherService;
@@ -186,6 +187,13 @@ public async Task<CipherResponseModel> Put(Guid id, [FromBody] CipherRequestMode
                 "then try again.");
         }
 
+        var existingCipher = await _cipherRepository.GetByIdAsync(id, userId);
+        var existingCipherModel = new CipherResponseModel(existingCipher, _globalSettings);
+        if (existingCipherModel.Login?.Fido2Key != null && _currentContext.ClientVersion < _fido2KeyCipherMinimumVersion)
+        {
+            throw new BadRequestException("Please update your client to edit this item.");
+        }
+
         await _cipherService.SaveDetailsAsync(model.ToCipherDetails(cipher), userId, model.LastKnownRevisionDate, collectionIds);
 
         var response = new CipherResponseModel(cipher, _globalSettings);
diff --git a/src/Core/Constants.cs b/src/Core/Constants.cs
index 13273acdfbb9..3f4362dc12cd 100644
--- a/src/Core/Constants.cs
+++ b/src/Core/Constants.cs
@@ -19,6 +19,7 @@ public static class Constants
     /// their subscription has expired.
     /// </summary>
     public const int OrganizationSelfHostSubscriptionGracePeriodDays = 60;
+    public const string Fido2KeyCipherMinimumVersion = "2023.9.0";
 }
 
 public static class TokenPurposes