Add new accountKeys and masterPasswordUnlock fields (#6572)

* Add new accountKeys and masterPasswordUnlock fields * Fmt
2026-01-09 02:57:58 -05:00 · 2025-12-19 13:34:43 +01:00
parent 2c73c6c2f2
commit 061d320c7f
2 changed files with 30 additions and 2 deletions
--- a/src/api/core/mod.rs
+++ b/src/api/core/mod.rs
@@ -217,7 +217,8 @@ fn config() -> Json<Value> {
        // We should make sure that we keep this updated when we support the new server features
        // Version history:
        // - Individual cipher key encryption: 2024.2.0
-        "version": "2025.6.0",
+        // - Mobile app support for MasterPasswordUnlockData: 2025.8.0
+        "version": "2025.12.0",
        "gitHash": option_env!("GIT_REV"),
        "server": {
          "name": "Vaultwarden",
--- a/src/api/identity.rs
+++ b/src/api/identity.rs
@@ -463,6 +463,31 @@ async fn authenticated_response(

    let master_password_policy = master_password_policy(user, conn).await;

+    let has_master_password = !user.password_hash.is_empty();
+    let master_password_unlock = if has_master_password {
+        json!({
+            "Kdf": {
+                "KdfType": user.client_kdf_type,
+                "Iterations": user.client_kdf_iter,
+                "Memory": user.client_kdf_memory,
+                "Parallelism": user.client_kdf_parallelism
+            },
+            "MasterKeyEncryptedUserKey": user.akey,
+            "Salt": user.email
+        })
+    } else {
+        Value::Null
+    };
+
+    let account_keys = json!({
+        "publicKeyEncryptionKeyPair": {
+            "wrappedPrivateKey": user.private_key,
+            "publicKey": user.public_key,
+            "Object": "publicKeyEncryptionKeyPair"
+        },
+        "Object": "privateKeys"
+    });
+
    let mut result = json!({
        "access_token": auth_tokens.access_token(),
        "expires_in": auth_tokens.expires_in(),
@@ -477,8 +502,10 @@ async fn authenticated_response(
        "ForcePasswordReset": false,
        "MasterPasswordPolicy": master_password_policy,
        "scope": auth_tokens.scope(),
+        "AccountKeys": account_keys,
        "UserDecryptionOptions": {
-            "HasMasterPassword": !user.password_hash.is_empty(),
+            "HasMasterPassword": has_master_password,
+            "MasterPasswordUnlock": master_password_unlock,
            "Object": "userDecryptionOptions"
        },
    });