bitwarden · fedemkr · Feb 3, 2022 · Feb 3, 2022
diff --git a/src/Android/MainApplication.cs b/src/Android/MainApplication.cs
@@ -52,14 +52,14 @@ public MainApplication(IntPtr handle, JniHandleOwnership transer)
                 var deleteAccountActionFlowExecutioner = new DeleteAccountActionFlowExecutioner(
                     ServiceContainer.Resolve<IApiService>("apiService"),
                     ServiceContainer.Resolve<IMessagingService>("messagingService"),
-                    ServiceContainer.Resolve<ICryptoService>("cryptoService"),
                     ServiceContainer.Resolve<IPlatformUtilsService>("platformUtilsService"),
                     ServiceContainer.Resolve<IDeviceActionService>("deviceActionService"));
                 ServiceContainer.Register<IDeleteAccountActionFlowExecutioner>("deleteAccountActionFlowExecutioner", deleteAccountActionFlowExecutioner);
 
                 var verificationActionsFlowHelper = new VerificationActionsFlowHelper(
                     ServiceContainer.Resolve<IKeyConnectorService>("keyConnectorService"),
-                    ServiceContainer.Resolve<IPasswordRepromptService>("passwordRepromptService"));
+                    ServiceContainer.Resolve<IPasswordRepromptService>("passwordRepromptService"),
+                    ServiceContainer.Resolve<ICryptoService>("cryptoService"));
                 ServiceContainer.Register<IVerificationActionsFlowHelper>("verificationActionsFlowHelper", verificationActionsFlowHelper);
             }
 #if !FDROID

diff --git a/src/App/Pages/Accounts/DeleteAccountViewModel.cs b/src/App/Pages/Accounts/DeleteAccountViewModel.cs
@@ -58,19 +58,16 @@ public class DeleteAccountActionFlowExecutioner : IDeleteAccountActionFlowExecut
     {
         readonly IApiService _apiService;
         readonly IMessagingService _messagingService;
-        readonly ICryptoService _cryptoService;
         readonly IPlatformUtilsService _platformUtilsService;
         readonly IDeviceActionService _deviceActionService;
 
         public DeleteAccountActionFlowExecutioner(IApiService apiService,
             IMessagingService messagingService,
-            ICryptoService cryptoService,
             IPlatformUtilsService platformUtilsService,
             IDeviceActionService deviceActionService)
         {
             _apiService = apiService;
             _messagingService = messagingService;
-            _cryptoService = cryptoService;
             _platformUtilsService = platformUtilsService;
             _deviceActionService = deviceActionService;
         }
@@ -81,10 +78,10 @@ public async Task Execute(IActionFlowParmeters parameters)
             {
                 await _deviceActionService.ShowLoadingAsync(AppResources.DeletingYourAccount);
 
-                var masterPasswordHashKey = await _cryptoService.HashPasswordAsync(parameters.Secret, null);
                 await _apiService.DeleteAccountAsync(new Core.Models.Request.DeleteAccountRequest
                 {
-                    MasterPasswordHash = masterPasswordHashKey
+                    MasterPasswordHash = parameters.VerificationType == Core.Enums.VerificationType.MasterPassword ? parameters.Secret : (string)null,
+                    OTP = parameters.VerificationType == Core.Enums.VerificationType.OTP ? parameters.Secret : (string)null
                 });
 
                 await _deviceActionService.HideLoadingAsync();

diff --git a/src/App/Pages/Accounts/VerificationCodeViewModel.cs b/src/App/Pages/Accounts/VerificationCodeViewModel.cs
@@ -10,6 +10,7 @@
 using System.Windows.Input;
 using Bit.App.Utilities;
 using Bit.Core;
+using Bit.Core.Enums;
 #if !FDROID
 using Microsoft.AppCenter.Crashes;
 #endif
@@ -144,7 +145,7 @@ await _platformUtilsService.ShowDialogAsync(AppResources.InternetConnectionRequi
 
                 await _deviceActionService.ShowLoadingAsync(AppResources.Verifying);
 
-                if (!await _userVerificationService.VerifyUser(Secret, Core.Enums.VerificationType.OTP))
+                if (!await _userVerificationService.VerifyUser(Secret, VerificationType.OTP))
                 {
                     await _deviceActionService.HideLoadingAsync();
                     return;
@@ -154,6 +155,7 @@ await _platformUtilsService.ShowDialogAsync(AppResources.InternetConnectionRequi
 
                 var parameters = _verificationActionsFlowHelper.GetParameters();
                 parameters.Secret = Secret;
+                parameters.VerificationType = VerificationType.OTP;
                 await _verificationActionsFlowHelper.ExecuteAsync(parameters);
 
                 Secret = string.Empty;

diff --git a/src/App/Utilities/VerificationActionsFlowHelper.cs b/src/App/Utilities/VerificationActionsFlowHelper.cs
@@ -24,11 +24,15 @@ IVerificationActionsFlowHelper Configure(VerificationFlowAction action,
 
     public interface IActionFlowParmeters
     {
+        VerificationType VerificationType { get; set; }
+
         string Secret { get; set; }
     }
 
     public class DefaultActionFlowParameters : IActionFlowParmeters
     {
+        public VerificationType VerificationType { get; set; }
+
         public string Secret { get; set; }
     }
 
@@ -58,6 +62,7 @@ public class VerificationActionsFlowHelper : IVerificationActionsFlowHelper
     {
         private readonly IKeyConnectorService _keyConnectorService;
         private readonly IPasswordRepromptService _passwordRepromptService;
+        private readonly ICryptoService _cryptoService;
 
         private VerificationFlowAction? _action;
         private IActionFlowParmeters _parameters;
@@ -67,10 +72,12 @@ public class VerificationActionsFlowHelper : IVerificationActionsFlowHelper
         private readonly Dictionary<VerificationFlowAction, IActionFlowExecutioner> _actionExecutionerDictionary = new Dictionary<VerificationFlowAction, IActionFlowExecutioner>();
 
         public VerificationActionsFlowHelper(IKeyConnectorService keyConnectorService,
-            IPasswordRepromptService passwordRepromptService)
+            IPasswordRepromptService passwordRepromptService,
+            ICryptoService cryptoService)
         {
             _keyConnectorService = keyConnectorService;
             _passwordRepromptService = passwordRepromptService;
+            _cryptoService = cryptoService;
 
             _actionExecutionerDictionary.Add(VerificationFlowAction.DeleteAccount, ServiceContainer.Resolve<IDeleteAccountActionFlowExecutioner>("deleteAccountActionFlowExecutioner"));
         }
@@ -113,8 +120,10 @@ public async Task ValidateAndExecuteAsync()
                         return;
                     }
 
-                    GetParameters().Secret = password;
-                    await ExecuteAsync(_parameters);
+                    var parameters = GetParameters();
+                    parameters.Secret = await _cryptoService.HashPasswordAsync(password, null);
+                    parameters.VerificationType = VerificationType.MasterPassword;
+                    await ExecuteAsync(parameters);
                     break;
                 case VerificationType.OTP:
                     await Application.Current.MainPage.Navigation.PushModalAsync(new NavigationPage(

diff --git a/src/Core/Models/Request/DeleteAccountRequest.cs b/src/Core/Models/Request/DeleteAccountRequest.cs
@@ -3,5 +3,7 @@
     public class DeleteAccountRequest
     {
         public string MasterPasswordHash { get; set; }
+
+        public string OTP { get; set; }
     }
 }
diff --git a/src/Core/Services/UserVerificationService.cs b/src/Core/Services/UserVerificationService.cs
@@ -1,9 +1,7 @@
-using System;
+using System.Threading.Tasks;
+using Bit.Core.Abstractions;
 using Bit.Core.Enums;
 using Bit.Core.Models.Request;
-using Bit.Core.Services;
-using Bit.Core.Abstractions;
-using System.Threading.Tasks;
 
 namespace Bit.Core.Services
 {

diff --git a/src/iOS.Core/Utilities/iOSCoreHelpers.cs b/src/iOS.Core/Utilities/iOSCoreHelpers.cs
@@ -154,14 +154,14 @@ await ServiceContainer.Resolve<IStateService>("stateService").SaveAsync(
             var deleteAccountActionFlowExecutioner = new DeleteAccountActionFlowExecutioner(
                 ServiceContainer.Resolve<IApiService>("apiService"),
                 ServiceContainer.Resolve<IMessagingService>("messagingService"),
-                ServiceContainer.Resolve<ICryptoService>("cryptoService"),
                 ServiceContainer.Resolve<IPlatformUtilsService>("platformUtilsService"),
                 ServiceContainer.Resolve<IDeviceActionService>("deviceActionService"));
             ServiceContainer.Register<IDeleteAccountActionFlowExecutioner>("deleteAccountActionFlowExecutioner", deleteAccountActionFlowExecutioner);
 
             var verificationActionsFlowHelper = new VerificationActionsFlowHelper(
-            ServiceContainer.Resolve<IKeyConnectorService>("keyConnectorService"),
-            ServiceContainer.Resolve<IPasswordRepromptService>("passwordRepromptService"));
+                ServiceContainer.Resolve<IKeyConnectorService>("keyConnectorService"),
+                ServiceContainer.Resolve<IPasswordRepromptService>("passwordRepromptService"),
+                ServiceContainer.Resolve<ICryptoService>("cryptoService"));
             ServiceContainer.Register<IVerificationActionsFlowHelper>("verificationActionsFlowHelper", verificationActionsFlowHelper);
 
             if (postBootstrapFunc != null)