Added check for PasswordlessLogin feature flag on new controller and methods. (#3284)

* Added check for PasswordlessLogin feature flag on new controller and methods.

* fix: build error from missing constructor argument

---------

Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>

src/Api/Auth/Controllers/WebAuthnController.cs

@@ -8,6 +8,7 @@ using Bit.Core.Auth.Repositories;
 using Bit.Core.Exceptions;
 using Bit.Core.Services;
 using Bit.Core.Tokens;
+using Bit.Core.Utilities;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
@@ -15,6 +16,7 @@ namespace Bit.Api.Auth.Controllers;
 
 [Route("webauthn")]
 [Authorize("Web")]
+[RequireFeature(FeatureFlagKeys.PasswordlessLogin)]
 public class WebAuthnController : Controller
 {
     private readonly IUserService _userService;

src/Identity/Controllers/AccountsController.cs

@@ -1,4 +1,5 @@
-using Bit.Core.Auth.Models.Api.Request.Accounts;
+using Bit.Core;
+using Bit.Core.Auth.Models.Api.Request.Accounts;
 using Bit.Core.Auth.Models.Api.Response.Accounts;
 using Bit.Core.Auth.Services;
 using Bit.Core.Auth.Utilities;
@@ -7,6 +8,7 @@ using Bit.Core.Exceptions;
 using Bit.Core.Models.Data;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
+using Bit.Core.Utilities;
 using Bit.SharedWeb.Utilities;
 using Fido2NetLib;
 using Microsoft.AspNetCore.Mvc;
@@ -75,6 +77,7 @@ public class AccountsController : Controller
 
     [HttpPost("webauthn-assertion-options")]
     [ApiExplorerSettings(IgnoreApi = true)] // Disable Swagger due to CredentialCreateOptions not converting properly
+    [RequireFeature(FeatureFlagKeys.PasswordlessLogin)]
     // TODO: Create proper models for this call
     public async Task<AssertionOptions> PostWebAuthnAssertionOptions([FromBody] PreloginRequestModel model)
     {
@@ -90,6 +93,7 @@ public class AccountsController : Controller
     }
 
     [HttpPost("webauthn-assertion")]
+    [RequireFeature(FeatureFlagKeys.PasswordlessLogin)]
     // TODO: Create proper models for this call
     public async Task<string> PostWebAuthnAssertion([FromBody] PreloginRequestModel model)
     {

src/Identity/IdentityServer/ExtensionGrantValidator.cs

@@ -11,6 +11,7 @@ using Bit.Core.Tokens;
 using IdentityServer4.Models;
 using IdentityServer4.Validation;
 using Microsoft.AspNetCore.Identity;
+using Microsoft.Extensions.Caching.Distributed;
 
 namespace Bit.Identity.IdentityServer;
 
@@ -38,11 +39,13 @@ public class ExtensionGrantValidator : BaseRequestValidator<ExtensionGrantValida
         IPolicyService policyService,
         IDataProtectorTokenFactory<SsoEmail2faSessionTokenable> tokenDataFactory,
         IDataProtectorTokenFactory<WebAuthnLoginTokenable> webAuthnLoginTokenizer,
-        IFeatureService featureService)
+        IFeatureService featureService,
+        IDistributedCache distributedCache
+        )
         : base(userManager, deviceRepository, deviceService, userService, eventService,
             organizationDuoWebTokenProvider, organizationRepository, organizationUserRepository,
             applicationCacheService, mailService, logger, currentContext, globalSettings,
-            userRepository, policyService, tokenDataFactory, featureService, ssoConfigRepository)
+            userRepository, policyService, tokenDataFactory, featureService, ssoConfigRepository, distributedCache)
     {
         _userManager = userManager;
         _webAuthnLoginTokenizer = webAuthnLoginTokenizer;