bitwarden-browser/libs/common/spec/misc/logInStrategies/ssoLogIn.strategy.spec.ts

// eslint-disable-next-line no-restricted-imports
import { Arg, Substitute, SubstituteOf } from "@fluffy-spoon/substitute";

import { ApiService } from "@bitwarden/common/abstractions/api.service";
import { AppIdService } from "@bitwarden/common/abstractions/appId.service";
import { CryptoService } from "@bitwarden/common/abstractions/crypto.service";
import { KeyConnectorService } from "@bitwarden/common/abstractions/keyConnector.service";
import { LogService } from "@bitwarden/common/abstractions/log.service";
import { MessagingService } from "@bitwarden/common/abstractions/messaging.service";
import { PlatformUtilsService } from "@bitwarden/common/abstractions/platformUtils.service";
import { StateService } from "@bitwarden/common/abstractions/state.service";
import { TokenService } from "@bitwarden/common/abstractions/token.service";
import { TwoFactorService } from "@bitwarden/common/abstractions/twoFactor.service";
import { SsoLogInStrategy } from "@bitwarden/common/misc/logInStrategies/ssoLogin.strategy";
import { Utils } from "@bitwarden/common/misc/utils";
import { SsoLogInCredentials } from "@bitwarden/common/models/domain/logInCredentials";

import { identityTokenResponseFactory } from "./logIn.strategy.spec";

describe("SsoLogInStrategy", () => {
  let cryptoService: SubstituteOf<CryptoService>;
  let apiService: SubstituteOf<ApiService>;
  let tokenService: SubstituteOf<TokenService>;
  let appIdService: SubstituteOf<AppIdService>;
  let platformUtilsService: SubstituteOf<PlatformUtilsService>;
  let messagingService: SubstituteOf<MessagingService>;
  let logService: SubstituteOf<LogService>;
  let keyConnectorService: SubstituteOf<KeyConnectorService>;
  let stateService: SubstituteOf<StateService>;
  let twoFactorService: SubstituteOf<TwoFactorService>;

  let ssoLogInStrategy: SsoLogInStrategy;
  let credentials: SsoLogInCredentials;

  const deviceId = Utils.newGuid();
  const encKey = "ENC_KEY";
  const privateKey = "PRIVATE_KEY";
  const keyConnectorUrl = "KEY_CONNECTOR_URL";

  const ssoCode = "SSO_CODE";
  const ssoCodeVerifier = "SSO_CODE_VERIFIER";
  const ssoRedirectUrl = "SSO_REDIRECT_URL";
  const ssoOrgId = "SSO_ORG_ID";

  beforeEach(async () => {
    cryptoService = Substitute.for<CryptoService>();
    apiService = Substitute.for<ApiService>();
    tokenService = Substitute.for<TokenService>();
    appIdService = Substitute.for<AppIdService>();
    platformUtilsService = Substitute.for<PlatformUtilsService>();
    messagingService = Substitute.for<MessagingService>();
    logService = Substitute.for<LogService>();
    stateService = Substitute.for<StateService>();
    keyConnectorService = Substitute.for<KeyConnectorService>();
    twoFactorService = Substitute.for<TwoFactorService>();

    tokenService.getTwoFactorToken().resolves(null);
    appIdService.getAppId().resolves(deviceId);

    ssoLogInStrategy = new SsoLogInStrategy(
      cryptoService,
      apiService,
      tokenService,
      appIdService,
      platformUtilsService,
      messagingService,
      logService,
      stateService,
      twoFactorService,
      keyConnectorService
    );
    credentials = new SsoLogInCredentials(ssoCode, ssoCodeVerifier, ssoRedirectUrl, ssoOrgId);
  });

  it("sends SSO information to server", async () => {
    apiService.postIdentityToken(Arg.any()).resolves(identityTokenResponseFactory());

    await ssoLogInStrategy.logIn(credentials);

    apiService.received(1).postIdentityToken(
      Arg.is((actual) => {
        const ssoTokenRequest = actual as any;
        return (
          ssoTokenRequest.code === ssoCode &&
          ssoTokenRequest.codeVerifier === ssoCodeVerifier &&
          ssoTokenRequest.redirectUri === ssoRedirectUrl &&
          ssoTokenRequest.device.identifier === deviceId &&
          ssoTokenRequest.twoFactor.provider == null &&
          ssoTokenRequest.twoFactor.token == null
        );
      })
    );
  });

  it("does not set keys for new SSO user flow", async () => {
    const tokenResponse = identityTokenResponseFactory();
    tokenResponse.key = null;
    apiService.postIdentityToken(Arg.any()).resolves(tokenResponse);

    await ssoLogInStrategy.logIn(credentials);

    cryptoService.didNotReceive().setEncPrivateKey(privateKey);
    cryptoService.didNotReceive().setEncKey(encKey);
  });

  it("gets and sets KeyConnector key for enrolled user", async () => {
    const tokenResponse = identityTokenResponseFactory();
    tokenResponse.keyConnectorUrl = keyConnectorUrl;

    apiService.postIdentityToken(Arg.any()).resolves(tokenResponse);

    await ssoLogInStrategy.logIn(credentials);

    keyConnectorService.received(1).getAndSetKey(keyConnectorUrl);
  });

  it("converts new SSO user to Key Connector on first login", async () => {
    const tokenResponse = identityTokenResponseFactory();
    tokenResponse.keyConnectorUrl = keyConnectorUrl;
    tokenResponse.key = null;

    apiService.postIdentityToken(Arg.any()).resolves(tokenResponse);

    await ssoLogInStrategy.logIn(credentials);

    keyConnectorService.received(1).convertNewSsoUserToKeyConnector(tokenResponse, ssoOrgId);
  });
});
Forbid substitute (#3734) 2022-10-10 17:19:01 +02:00			`// eslint-disable-next-line no-restricted-imports`
[Tech debt] Refactor authService and remove LogInHelper (#588) * Use different strategy classes for different types of login * General refactor and cleanup of auth logic * Create subclasses for different types of login credentials * Create subclasses for different types of tokenRequests * Create TwoFactorService, move code out of authService * refactor base CLI commands to use new interface 2022-02-01 00:51:32 +01:00			`import { Arg, Substitute, SubstituteOf } from "@fluffy-spoon/substitute";`

Use NPM workspace (#2874) 2022-06-14 17:10:53 +02:00			`import { ApiService } from "@bitwarden/common/abstractions/api.service";`
			`import { AppIdService } from "@bitwarden/common/abstractions/appId.service";`
			`import { CryptoService } from "@bitwarden/common/abstractions/crypto.service";`
			`import { KeyConnectorService } from "@bitwarden/common/abstractions/keyConnector.service";`
			`import { LogService } from "@bitwarden/common/abstractions/log.service";`
			`import { MessagingService } from "@bitwarden/common/abstractions/messaging.service";`
			`import { PlatformUtilsService } from "@bitwarden/common/abstractions/platformUtils.service";`
			`import { StateService } from "@bitwarden/common/abstractions/state.service";`
			`import { TokenService } from "@bitwarden/common/abstractions/token.service";`
			`import { TwoFactorService } from "@bitwarden/common/abstractions/twoFactor.service";`
			`import { SsoLogInStrategy } from "@bitwarden/common/misc/logInStrategies/ssoLogin.strategy";`
			`import { Utils } from "@bitwarden/common/misc/utils";`
			`import { SsoLogInCredentials } from "@bitwarden/common/models/domain/logInCredentials";`
[Tech debt] Refactor authService and remove LogInHelper (#588) * Use different strategy classes for different types of login * General refactor and cleanup of auth logic * Create subclasses for different types of login credentials * Create subclasses for different types of tokenRequests * Create TwoFactorService, move code out of authService * refactor base CLI commands to use new interface 2022-02-01 00:51:32 +01:00
			`import { identityTokenResponseFactory } from "./logIn.strategy.spec";`

			`describe("SsoLogInStrategy", () => {`
			`let cryptoService: SubstituteOf<CryptoService>;`
			`let apiService: SubstituteOf<ApiService>;`
			`let tokenService: SubstituteOf<TokenService>;`
			`let appIdService: SubstituteOf<AppIdService>;`
			`let platformUtilsService: SubstituteOf<PlatformUtilsService>;`
			`let messagingService: SubstituteOf<MessagingService>;`
			`let logService: SubstituteOf<LogService>;`
			`let keyConnectorService: SubstituteOf<KeyConnectorService>;`
			`let stateService: SubstituteOf<StateService>;`
			`let twoFactorService: SubstituteOf<TwoFactorService>;`

			`let ssoLogInStrategy: SsoLogInStrategy;`
			`let credentials: SsoLogInCredentials;`

			`const deviceId = Utils.newGuid();`
			`const encKey = "ENC_KEY";`
			`const privateKey = "PRIVATE_KEY";`
			`const keyConnectorUrl = "KEY_CONNECTOR_URL";`

			`const ssoCode = "SSO_CODE";`
			`const ssoCodeVerifier = "SSO_CODE_VERIFIER";`
			`const ssoRedirectUrl = "SSO_REDIRECT_URL";`
			`const ssoOrgId = "SSO_ORG_ID";`

			`beforeEach(async () => {`
			`cryptoService = Substitute.for<CryptoService>();`
			`apiService = Substitute.for<ApiService>();`
			`tokenService = Substitute.for<TokenService>();`
			`appIdService = Substitute.for<AppIdService>();`
			`platformUtilsService = Substitute.for<PlatformUtilsService>();`
			`messagingService = Substitute.for<MessagingService>();`
			`logService = Substitute.for<LogService>();`
			`stateService = Substitute.for<StateService>();`
			`keyConnectorService = Substitute.for<KeyConnectorService>();`
			`twoFactorService = Substitute.for<TwoFactorService>();`

			`tokenService.getTwoFactorToken().resolves(null);`
			`appIdService.getAppId().resolves(deviceId);`

			`ssoLogInStrategy = new SsoLogInStrategy(`
			`cryptoService,`
			`apiService,`
			`tokenService,`
			`appIdService,`
			`platformUtilsService,`
			`messagingService,`
			`logService,`
			`stateService,`
			`twoFactorService,`
			`keyConnectorService`
			`);`
			`credentials = new SsoLogInCredentials(ssoCode, ssoCodeVerifier, ssoRedirectUrl, ssoOrgId);`
			`});`

			`it("sends SSO information to server", async () => {`
			`apiService.postIdentityToken(Arg.any()).resolves(identityTokenResponseFactory());`

			`await ssoLogInStrategy.logIn(credentials);`

			`apiService.received(1).postIdentityToken(`
			`Arg.is((actual) => {`
			`const ssoTokenRequest = actual as any;`
			`return (`
			`ssoTokenRequest.code === ssoCode &&`
			`ssoTokenRequest.codeVerifier === ssoCodeVerifier &&`
			`ssoTokenRequest.redirectUri === ssoRedirectUrl &&`
			`ssoTokenRequest.device.identifier === deviceId &&`
			`ssoTokenRequest.twoFactor.provider == null &&`
			`ssoTokenRequest.twoFactor.token == null`
			`);`
			`})`
			`);`
			`});`

			`it("does not set keys for new SSO user flow", async () => {`
			`const tokenResponse = identityTokenResponseFactory();`
			`tokenResponse.key = null;`
			`apiService.postIdentityToken(Arg.any()).resolves(tokenResponse);`

			`await ssoLogInStrategy.logIn(credentials);`

			`cryptoService.didNotReceive().setEncPrivateKey(privateKey);`
			`cryptoService.didNotReceive().setEncKey(encKey);`
			`});`

			`it("gets and sets KeyConnector key for enrolled user", async () => {`
			`const tokenResponse = identityTokenResponseFactory();`
			`tokenResponse.keyConnectorUrl = keyConnectorUrl;`

			`apiService.postIdentityToken(Arg.any()).resolves(tokenResponse);`

			`await ssoLogInStrategy.logIn(credentials);`

			`keyConnectorService.received(1).getAndSetKey(keyConnectorUrl);`
			`});`

			`it("converts new SSO user to Key Connector on first login", async () => {`
			`const tokenResponse = identityTokenResponseFactory();`
			`tokenResponse.keyConnectorUrl = keyConnectorUrl;`
			`tokenResponse.key = null;`

			`apiService.postIdentityToken(Arg.any()).resolves(tokenResponse);`

			`await ssoLogInStrategy.logIn(credentials);`

			`keyConnectorService.received(1).convertNewSsoUserToKeyConnector(tokenResponse, ssoOrgId);`
			`});`
			`});`