From 26e574e8d75f0dda47bfcb9ae12b11783096ade1 Mon Sep 17 00:00:00 2001
From: Patrick-Pimentel-Bitwarden <ppimentel@bitwarden.com>
Date: Wed, 17 Sep 2025 17:14:00 -0400
Subject: [PATCH] Auth/pm 25453/support n users auth request (#6347)

* fix(pending-auth-request-view): [PM-25453] Bugfix Auth Requests Multiple Users Same Device - fixed view to allow for multiple users for each device when partitioning for the auth request view.
---
 .../Views/AuthRequestPendingDetailsView.sql   |  2 +-
 ...00_UpdateAuthRequestPendingDetailsView.sql | 42 +++++++++++++++++++
 2 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 util/Migrator/DbScripts/2025-09-16_00_UpdateAuthRequestPendingDetailsView.sql

diff --git a/src/Sql/dbo/Auth/Views/AuthRequestPendingDetailsView.sql b/src/Sql/dbo/Auth/Views/AuthRequestPendingDetailsView.sql
index d0433bca09..16f8a51195 100644
--- a/src/Sql/dbo/Auth/Views/AuthRequestPendingDetailsView.sql
+++ b/src/Sql/dbo/Auth/Views/AuthRequestPendingDetailsView.sql
@@ -7,7 +7,7 @@ AS
             SELECT
                 [AR].*,
                 [D].[Id] AS [DeviceId],
-                ROW_NUMBER() OVER (PARTITION BY [AR].[RequestDeviceIdentifier] ORDER BY [AR].[CreationDate] DESC) AS [rn]
+                ROW_NUMBER() OVER (PARTITION BY [AR].[RequestDeviceIdentifier], [AR].[UserId] ORDER BY [AR].[CreationDate] DESC) AS [rn]
             FROM [dbo].[AuthRequest] [AR]
                 LEFT JOIN [dbo].[Device] [D]
                 ON [AR].[RequestDeviceIdentifier] = [D].[Identifier]
diff --git a/util/Migrator/DbScripts/2025-09-16_00_UpdateAuthRequestPendingDetailsView.sql b/util/Migrator/DbScripts/2025-09-16_00_UpdateAuthRequestPendingDetailsView.sql
new file mode 100644
index 0000000000..21b51387af
--- /dev/null
+++ b/util/Migrator/DbScripts/2025-09-16_00_UpdateAuthRequestPendingDetailsView.sql
@@ -0,0 +1,42 @@
+CREATE OR ALTER VIEW [dbo].[AuthRequestPendingDetailsView]
+AS
+    WITH
+        PendingRequests
+        AS
+        (
+            SELECT
+                [AR].*,
+                [D].[Id] AS [DeviceId],
+                ROW_NUMBER() OVER (PARTITION BY [AR].[RequestDeviceIdentifier], [AR].[UserId] ORDER BY [AR].[CreationDate] DESC) AS [rn]
+            FROM [dbo].[AuthRequest] [AR]
+                LEFT JOIN [dbo].[Device] [D]
+                ON [AR].[RequestDeviceIdentifier] = [D].[Identifier]
+                    AND [D].[UserId] = [AR].[UserId]
+            WHERE [AR].[Type] IN (0, 1) -- 0 = AuthenticateAndUnlock, 1 = Unlock
+        )
+SELECT
+    [PR].[Id],
+    [PR].[UserId],
+    [PR].[OrganizationId],
+    [PR].[Type],
+    [PR].[RequestDeviceIdentifier],
+    [PR].[RequestDeviceType],
+    [PR].[RequestIpAddress],
+    [PR].[RequestCountryName],
+    [PR].[ResponseDeviceId],
+    [PR].[AccessCode],
+    [PR].[PublicKey],
+    [PR].[Key],
+    [PR].[MasterPasswordHash],
+    [PR].[Approved],
+    [PR].[CreationDate],
+    [PR].[ResponseDate],
+    [PR].[AuthenticationDate],
+    [PR].[DeviceId]
+FROM [PendingRequests] [PR]
+WHERE [PR].[rn] = 1
+  AND [PR].[Approved] IS NULL -- since we only want pending requests we only want the most recent that is also approved = null
+GO
+
+EXECUTE sp_refreshsqlmodule N'[dbo].[AuthRequestPendingDetailsView]'
+GO