[PM-27278] add AccountKeysRequestModel to RegisterFinishRequestModel for account encryption v2 support

[eligrubb]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-27278
Stacks on top of #6855.

📔 Objective

Deprecating V1 User Asymmetric Key information in favor of new V2 User Asymmetric Account Keys structure.

This PR adds support for the new AccountKeys structure while maintaining support for the legacy UserAsymmetricKey-based flow. Validation is updated to check either AccountKeys or UserAsymmetricKeys are updated. Tests include modeling for both scenarios.

📸 Screenshots

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[claude]

Claude finished @eligrubb's task in 2m 13s —— View job

---

Code Review Summary: PR #6798

PM-27278 add AccountKeysRequestModel to RegisterFinishRequestModel for account encryption v2 support

Overview

This PR introduces V2 account encryption support for user registration. The changes allow the RegisterFinish endpoint to handle both legacy (V1) and new (V2) encryption schemes during the registration process.

Key Changes Reviewed

• New data models: RegisterFinishData, modifications to UserAccountKeysData, MasterPasswordUnlockData, MasterPasswordAuthenticationData
• Modified RegisterFinishRequestModel with new properties and comprehensive validation
• Updated IRegisterUserCommand interface to pass RegisterFinishData instead of string masterPasswordHash
• New repository method SetRegisterFinishUserData with corresponding SQL stored procedure
• Flow changes in UserService.CreateUserAsync to handle V2 encryption

Review Result

APPROVED - The implementation is well-structured and maintains backward compatibility.

Positive Observations

1. Backward Compatibility: The code gracefully handles both V1 and V2 encryption schemes through the IsV2Encryption() check
2. Validation: Comprehensive input validation in RegisterFinishRequestModel.Validate() with clear error messages
3. Transaction Safety: The V2 encryption flow properly uses transactions via SetV2AccountCryptographicStateAsync
4. Security: No sensitive data exposed in logs or error messages; zero-knowledge principles maintained
5. Established Patterns: Uses existing patterns like UpdateUserData delegate for transactional operations

Test Coverage Note

While codecov reports low coverage, the PR includes unit tests in:

• RegisterFinishRequestModelTests.cs - validation and data conversion tests
• AccountsControllerTests.cs - integration tests for the registration flow

---

Reviewed with Claude Code

[sonarqubecloud]

Quality Gate passed

Issues
7 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud