2023-08-17 22:03:06 +02:00
|
|
|
|
using System.Runtime.CompilerServices;
|
|
|
|
|
using Bit.Core.Auth.Models.Api.Request;
|
|
|
|
|
using Bit.Core.Entities;
|
Families for Enterprise (#1714)
* Create common test infrastructure project
* Add helpers to further type PlanTypes
* Enable testing of ASP.net MVC controllers
Controller properties have all kinds of validations in the background.
In general, we don't user properties on our Controllers, so the easiest
way to allow for Autofixture-based testing of our Controllers is to just
omit setting all properties on them.
* Workaround for broken MemberAutoDataAttribute
https://github.com/AutoFixture/AutoFixture/pull/1164 shows that only
the first test case is pulled for this attribute.
This is a workaround that populates the provided parameters, left to
right, using AutoFixture to populate any remaining.
* WIP: Organization sponsorship flow
* Add Attribute to use the Bit Autodata dependency chain
BitAutoDataAttribute is used to mark a Theory as autopopulating
parameters.
Extract common attribute methods to to a helper class. Cannot
inherit a common base, since both require inheriting from different
Xunit base classes to work.
* WIP: scaffolding for families for enterprise sponsorship flow
* Fix broken tests
* Create sponsorship offer (#1688)
* Initial db work (#1687)
* Add organization sponsorship databases to all providers
* Generalize create and update for database, specialize in code
* Add PlanSponsorshipType to db model
* Write valid json for test entries
* Initial scaffolding of emails (#1686)
* Initial scaffolding of emails
* Work on adding models for FamilyForEnterprise emails
* Switch verbage
* Put preliminary copy in emails
* Skip test
* Families for enterprise/stripe integrations (#1699)
* Add PlanSponsorshipType to static store
* Add sponsorship type to token and creates sponsorship
* PascalCase properties
* Require sponsorship for remove
* Create subscription sponsorship helper class
* Handle Sponsored subscription changes
* Add sponsorship id to subscription metadata
* Make sponsoring references nullable
This state indicates that a sponsorship has lapsed, but was not able to
be reverted for billing reasons
* WIP: Validate and remove subscriptions
* Update sponsorships on organization and org user delete
* Add friendly name to organization sponsorship
* Add sponsorship available boolean to orgDetails
* Add sponsorship service to DI
* Use userId to find org users
* Send f4e offer email
* Simplify names of f4e mail messages
* Fix Stripe org default tax rates
* Universal sponsorship redeem api
* Populate user in current context
* Add product type to organization details
* Use upgrade path to change sponsorship
Sponsorships need to be annual to match the GB add-on charge rate
* Use organization and auth to find organization sponsorship
* Add resend sponsorship offer api endpoint
* Fix double email send
* Fix sponsorship upgrade options
* Add is sponsored item to subscription response
* Add sponsorship validation to upcoming invoice webhook
* Add sponsorship validation to upcoming invoice webhook
* Fix organization delete sponsorship hooks
* Test org sponsorship service
* Fix sproc
* Create common test infrastructure project
* Add helpers to further type PlanTypes
* Enable testing of ASP.net MVC controllers
Controller properties have all kinds of validations in the background.
In general, we don't user properties on our Controllers, so the easiest
way to allow for Autofixture-based testing of our Controllers is to just
omit setting all properties on them.
* Workaround for broken MemberAutoDataAttribute
https://github.com/AutoFixture/AutoFixture/pull/1164 shows that only
the first test case is pulled for this attribute.
This is a workaround that populates the provided parameters, left to
right, using AutoFixture to populate any remaining.
* WIP: Organization sponsorship flow
* Add Attribute to use the Bit Autodata dependency chain
BitAutoDataAttribute is used to mark a Theory as autopopulating
parameters.
Extract common attribute methods to to a helper class. Cannot
inherit a common base, since both require inheriting from different
Xunit base classes to work.
* WIP: scaffolding for families for enterprise sponsorship flow
* Fix broken tests
* Create sponsorship offer (#1688)
* Initial db work (#1687)
* Add organization sponsorship databases to all providers
* Generalize create and update for database, specialize in code
* Add PlanSponsorshipType to db model
* Write valid json for test entries
* Initial scaffolding of emails (#1686)
* Initial scaffolding of emails
* Work on adding models for FamilyForEnterprise emails
* Switch verbage
* Put preliminary copy in emails
* Skip test
* Families for enterprise/stripe integrations (#1699)
* Add PlanSponsorshipType to static store
* Add sponsorship type to token and creates sponsorship
* PascalCase properties
* Require sponsorship for remove
* Create subscription sponsorship helper class
* Handle Sponsored subscription changes
* Add sponsorship id to subscription metadata
* Make sponsoring references nullable
This state indicates that a sponsorship has lapsed, but was not able to
be reverted for billing reasons
* WIP: Validate and remove subscriptions
* Update sponsorships on organization and org user delete
* Add friendly name to organization sponsorship
* Add sponsorship available boolean to orgDetails
* Add sponsorship service to DI
* Use userId to find org users
* Send f4e offer email
* Simplify names of f4e mail messages
* Fix Stripe org default tax rates
* Universal sponsorship redeem api
* Populate user in current context
* Add product type to organization details
* Use upgrade path to change sponsorship
Sponsorships need to be annual to match the GB add-on charge rate
* Use organization and auth to find organization sponsorship
* Add resend sponsorship offer api endpoint
* Fix double email send
* Fix sponsorship upgrade options
* Add is sponsored item to subscription response
* Add sponsorship validation to upcoming invoice webhook
* Add sponsorship validation to upcoming invoice webhook
* Fix organization delete sponsorship hooks
* Test org sponsorship service
* Fix sproc
* Fix build error
* Update emails
* Fix tests
* Skip local test
* Add newline
* Fix stripe subscription update
* Finish emails
* Skip test
* Fix unit tests
* Remove unused variable
* Fix unit tests
* Switch to handlebars ifs
* Remove ending email
* Remove reconfirmation template
* Switch naming convention
* Switch naming convention
* Fix migration
* Update copy and links
* Switch to using Guid in the method
* Remove unneeded css styles
* Add sql files to Sql.sqlproj
* Removed old comments
* Made name more verbose
* Fix SQL error
* Move unit tests to service
* Fix sp
* Revert "Move unit tests to service"
This reverts commit 1185bf3ec8ca36ccd75717ed2463adf8885159a6.
* Do repository validation in service layer
* Fix tests
* Fix merge conflicts and remove TODO
* Remove unneeded models
* Fix spacing and formatting
* Switch Org -> Organization
* Remove single use variables
* Switch method name
* Fix Controller
* Switch to obfuscating email
* Fix unit tests
Co-authored-by: Justin Baur <admin@justinbaur.com>
2021-11-19 23:25:06 +01:00
|
|
|
|
using Bit.Core.Enums;
|
2023-08-17 22:03:06 +02:00
|
|
|
|
using Bit.Core.Exceptions;
|
2019-01-09 18:31:07 +01:00
|
|
|
|
using Bit.Core.Repositories;
|
|
|
|
|
using Bit.Core.Services;
|
2023-08-17 22:03:06 +02:00
|
|
|
|
using Bit.Test.Common.AutoFixture;
|
|
|
|
|
using Bit.Test.Common.AutoFixture.Attributes;
|
2019-01-09 18:31:07 +01:00
|
|
|
|
using NSubstitute;
|
|
|
|
|
using Xunit;
|
|
|
|
|
|
2022-08-29 22:06:55 +02:00
|
|
|
|
namespace Bit.Core.Test.Services;
|
|
|
|
|
|
2023-08-17 22:03:06 +02:00
|
|
|
|
[SutProviderCustomize]
|
2022-08-29 22:06:55 +02:00
|
|
|
|
public class DeviceServiceTests
|
2019-01-09 18:31:07 +01:00
|
|
|
|
{
|
2022-08-29 22:06:55 +02:00
|
|
|
|
[Fact]
|
|
|
|
|
public async Task DeviceSaveShouldUpdateRevisionDateAndPushRegistration()
|
2019-01-09 18:31:07 +01:00
|
|
|
|
{
|
2022-08-29 22:06:55 +02:00
|
|
|
|
var deviceRepo = Substitute.For<IDeviceRepository>();
|
|
|
|
|
var pushRepo = Substitute.For<IPushRegistrationService>();
|
|
|
|
|
var deviceService = new DeviceService(deviceRepo, pushRepo);
|
2022-08-29 21:53:48 +02:00
|
|
|
|
|
2022-08-29 22:06:55 +02:00
|
|
|
|
var id = Guid.NewGuid();
|
|
|
|
|
var userId = Guid.NewGuid();
|
|
|
|
|
var device = new Device
|
|
|
|
|
{
|
|
|
|
|
Id = id,
|
|
|
|
|
Name = "test device",
|
|
|
|
|
Type = DeviceType.Android,
|
|
|
|
|
UserId = userId,
|
|
|
|
|
PushToken = "testtoken",
|
|
|
|
|
Identifier = "testid"
|
|
|
|
|
};
|
|
|
|
|
await deviceService.SaveAsync(device);
|
2019-01-09 18:31:07 +01:00
|
|
|
|
|
2022-08-29 22:06:55 +02:00
|
|
|
|
Assert.True(device.RevisionDate - DateTime.UtcNow < TimeSpan.FromSeconds(1));
|
|
|
|
|
await pushRepo.Received().CreateOrUpdateRegistrationAsync("testtoken", id.ToString(),
|
|
|
|
|
userId.ToString(), "testid", DeviceType.Android);
|
2019-01-09 18:31:07 +01:00
|
|
|
|
}
|
2023-08-17 22:03:06 +02:00
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
|
/// Story: A user choosed to keep trust in one of their current trusted devices, but not in another one of their
|
|
|
|
|
/// devices. We will rotate the trust of the currently signed in device as well as the device they chose but will
|
|
|
|
|
/// remove the trust of the device they didn't give new keys for.
|
|
|
|
|
/// </summary>
|
|
|
|
|
[Theory, BitAutoData]
|
|
|
|
|
public async Task UpdateDevicesTrustAsync_Works(
|
|
|
|
|
SutProvider<DeviceService> sutProvider,
|
|
|
|
|
Guid currentUserId,
|
|
|
|
|
Device deviceOne,
|
|
|
|
|
Device deviceTwo,
|
|
|
|
|
Device deviceThree)
|
|
|
|
|
{
|
|
|
|
|
SetupOldTrust(deviceOne);
|
|
|
|
|
SetupOldTrust(deviceTwo);
|
|
|
|
|
SetupOldTrust(deviceThree);
|
|
|
|
|
|
|
|
|
|
deviceOne.Identifier = "current_device";
|
|
|
|
|
|
|
|
|
|
sutProvider.GetDependency<IDeviceRepository>()
|
|
|
|
|
.GetManyByUserIdAsync(currentUserId)
|
|
|
|
|
.Returns(new List<Device>
|
|
|
|
|
{
|
|
|
|
|
deviceOne,
|
|
|
|
|
deviceTwo,
|
|
|
|
|
deviceThree,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
var currentDeviceModel = new DeviceKeysUpdateRequestModel
|
|
|
|
|
{
|
|
|
|
|
EncryptedPublicKey = "current_encrypted_public_key",
|
|
|
|
|
EncryptedUserKey = "current_encrypted_user_key",
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
var alteredDeviceModels = new List<OtherDeviceKeysUpdateRequestModel>
|
|
|
|
|
{
|
|
|
|
|
new OtherDeviceKeysUpdateRequestModel
|
|
|
|
|
{
|
|
|
|
|
DeviceId = deviceTwo.Id,
|
|
|
|
|
EncryptedPublicKey = "encrypted_public_key_two",
|
|
|
|
|
EncryptedUserKey = "encrypted_user_key_two",
|
|
|
|
|
},
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
await sutProvider.Sut.UpdateDevicesTrustAsync("current_device", currentUserId, currentDeviceModel, alteredDeviceModels);
|
|
|
|
|
|
|
|
|
|
// Updating trust, "current" or "other" only needs to change the EncryptedPublicKey & EncryptedUserKey
|
|
|
|
|
await sutProvider.GetDependency<IDeviceRepository>()
|
|
|
|
|
.Received(1)
|
|
|
|
|
.UpsertAsync(Arg.Is<Device>(d =>
|
|
|
|
|
d.Id == deviceOne.Id &&
|
|
|
|
|
d.EncryptedPublicKey == "current_encrypted_public_key" &&
|
|
|
|
|
d.EncryptedUserKey == "current_encrypted_user_key" &&
|
|
|
|
|
d.EncryptedPrivateKey == "old_private_deviceOne"));
|
|
|
|
|
|
|
|
|
|
await sutProvider.GetDependency<IDeviceRepository>()
|
|
|
|
|
.Received(1)
|
|
|
|
|
.UpsertAsync(Arg.Is<Device>(d =>
|
|
|
|
|
d.Id == deviceTwo.Id &&
|
|
|
|
|
d.EncryptedPublicKey == "encrypted_public_key_two" &&
|
|
|
|
|
d.EncryptedUserKey == "encrypted_user_key_two" &&
|
|
|
|
|
d.EncryptedPrivateKey == "old_private_deviceTwo"));
|
|
|
|
|
|
|
|
|
|
// Clearing trust should remove all key values
|
|
|
|
|
await sutProvider.GetDependency<IDeviceRepository>()
|
|
|
|
|
.Received(1)
|
|
|
|
|
.UpsertAsync(Arg.Is<Device>(d =>
|
|
|
|
|
d.Id == deviceThree.Id &&
|
|
|
|
|
d.EncryptedPublicKey == null &&
|
|
|
|
|
d.EncryptedUserKey == null &&
|
|
|
|
|
d.EncryptedPrivateKey == null));
|
|
|
|
|
|
|
|
|
|
// Should have recieved a total of 3 calls, the ones asserted above
|
|
|
|
|
await sutProvider.GetDependency<IDeviceRepository>()
|
|
|
|
|
.Received(3)
|
|
|
|
|
.UpsertAsync(Arg.Any<Device>());
|
|
|
|
|
|
|
|
|
|
// TODO: .NET 8: Use nameof for parameter name.
|
|
|
|
|
static void SetupOldTrust(Device device, [CallerArgumentExpression("device")] string expression = null)
|
|
|
|
|
{
|
|
|
|
|
device.EncryptedPublicKey = $"old_public_{expression}";
|
|
|
|
|
device.EncryptedPrivateKey = $"old_private_{expression}";
|
|
|
|
|
device.EncryptedUserKey = $"old_user_{expression}";
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
|
/// Story: This could result from a poor implementation of this method, if they attempt add trust to a device
|
|
|
|
|
/// that doesn't already have trust. They would have to create brand new values and for that values to be accurate
|
|
|
|
|
/// they would technically have all the values needed to trust a device, that is why we don't consider this bad
|
|
|
|
|
/// enough to throw but do skip it because we'd rather keep number of ways for trust to be added to the endpoint we
|
|
|
|
|
/// already have.
|
|
|
|
|
/// </summary>
|
|
|
|
|
[Theory, BitAutoData]
|
|
|
|
|
public async Task UpdateDevicesTrustAsync_DoesNotUpdateUntrustedDevices(
|
|
|
|
|
SutProvider<DeviceService> sutProvider,
|
|
|
|
|
Guid currentUserId,
|
|
|
|
|
Device deviceOne,
|
|
|
|
|
Device deviceTwo)
|
|
|
|
|
{
|
|
|
|
|
deviceOne.Identifier = "current_device";
|
|
|
|
|
|
|
|
|
|
// Make deviceTwo untrusted
|
|
|
|
|
deviceTwo.EncryptedUserKey = string.Empty;
|
|
|
|
|
deviceTwo.EncryptedPublicKey = string.Empty;
|
|
|
|
|
deviceTwo.EncryptedPrivateKey = string.Empty;
|
|
|
|
|
|
|
|
|
|
sutProvider.GetDependency<IDeviceRepository>()
|
|
|
|
|
.GetManyByUserIdAsync(currentUserId)
|
|
|
|
|
.Returns(new List<Device>
|
|
|
|
|
{
|
|
|
|
|
deviceOne,
|
|
|
|
|
deviceTwo,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
var currentDeviceModel = new DeviceKeysUpdateRequestModel
|
|
|
|
|
{
|
|
|
|
|
EncryptedPublicKey = "current_encrypted_public_key",
|
|
|
|
|
EncryptedUserKey = "current_encrypted_user_key",
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
var alteredDeviceModels = new List<OtherDeviceKeysUpdateRequestModel>
|
|
|
|
|
{
|
|
|
|
|
new OtherDeviceKeysUpdateRequestModel
|
|
|
|
|
{
|
|
|
|
|
DeviceId = deviceTwo.Id,
|
|
|
|
|
EncryptedPublicKey = "encrypted_public_key_two",
|
|
|
|
|
EncryptedUserKey = "encrypted_user_key_two",
|
|
|
|
|
},
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
await sutProvider.Sut.UpdateDevicesTrustAsync("current_device", currentUserId, currentDeviceModel, alteredDeviceModels);
|
|
|
|
|
|
|
|
|
|
// Check that UpsertAsync was called for the trusted device
|
|
|
|
|
await sutProvider.GetDependency<IDeviceRepository>()
|
|
|
|
|
.Received(1)
|
|
|
|
|
.UpsertAsync(Arg.Is<Device>(d =>
|
|
|
|
|
d.Id == deviceOne.Id &&
|
|
|
|
|
d.EncryptedPublicKey == "current_encrypted_public_key" &&
|
|
|
|
|
d.EncryptedUserKey == "current_encrypted_user_key"));
|
|
|
|
|
|
|
|
|
|
// Check that UpsertAsync was not called for the untrusted device
|
|
|
|
|
await sutProvider.GetDependency<IDeviceRepository>()
|
|
|
|
|
.DidNotReceive()
|
|
|
|
|
.UpsertAsync(Arg.Is<Device>(d => d.Id == deviceTwo.Id));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
|
/// Story: This should only happen if someone were to take the access token from a different device and try to rotate
|
|
|
|
|
/// a device that they don't actually have.
|
|
|
|
|
/// </summary>
|
|
|
|
|
[Theory, BitAutoData]
|
|
|
|
|
public async Task UpdateDevicesTrustAsync_ThrowsNotFoundException_WhenCurrentDeviceIdentifierDoesNotExist(
|
|
|
|
|
SutProvider<DeviceService> sutProvider,
|
|
|
|
|
Guid currentUserId,
|
|
|
|
|
Device deviceOne,
|
|
|
|
|
Device deviceTwo)
|
|
|
|
|
{
|
|
|
|
|
deviceOne.Identifier = "some_other_device";
|
|
|
|
|
deviceTwo.Identifier = "another_device";
|
|
|
|
|
|
|
|
|
|
sutProvider.GetDependency<IDeviceRepository>()
|
|
|
|
|
.GetManyByUserIdAsync(currentUserId)
|
|
|
|
|
.Returns(new List<Device>
|
|
|
|
|
{
|
|
|
|
|
deviceOne,
|
|
|
|
|
deviceTwo,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
var currentDeviceModel = new DeviceKeysUpdateRequestModel
|
|
|
|
|
{
|
|
|
|
|
EncryptedPublicKey = "current_encrypted_public_key",
|
|
|
|
|
EncryptedUserKey = "current_encrypted_user_key",
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
await Assert.ThrowsAsync<NotFoundException>(() =>
|
|
|
|
|
sutProvider.Sut.UpdateDevicesTrustAsync("current_device", currentUserId, currentDeviceModel,
|
|
|
|
|
Enumerable.Empty<OtherDeviceKeysUpdateRequestModel>()));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
|
/// Story: This should only happen from a poorly implemented user of this method but important to enforce someone
|
|
|
|
|
/// using the method correctly, a device should only be rotated intentionally and including it as both the current
|
|
|
|
|
/// device and one of the users other device would mean they could rotate it twice and we aren't sure
|
|
|
|
|
/// which one they would want to win out.
|
|
|
|
|
/// </summary>
|
|
|
|
|
[Theory, BitAutoData]
|
|
|
|
|
public async Task UpdateDevicesTrustAsync_ThrowsBadRequestException_WhenCurrentDeviceIsIncludedInAlteredDevices(
|
|
|
|
|
SutProvider<DeviceService> sutProvider,
|
|
|
|
|
Guid currentUserId,
|
|
|
|
|
Device deviceOne,
|
|
|
|
|
Device deviceTwo)
|
|
|
|
|
{
|
|
|
|
|
deviceOne.Identifier = "current_device";
|
|
|
|
|
|
|
|
|
|
sutProvider.GetDependency<IDeviceRepository>()
|
|
|
|
|
.GetManyByUserIdAsync(currentUserId)
|
|
|
|
|
.Returns(new List<Device>
|
|
|
|
|
{
|
|
|
|
|
deviceOne,
|
|
|
|
|
deviceTwo,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
var currentDeviceModel = new DeviceKeysUpdateRequestModel
|
|
|
|
|
{
|
|
|
|
|
EncryptedPublicKey = "current_encrypted_public_key",
|
|
|
|
|
EncryptedUserKey = "current_encrypted_user_key",
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
var alteredDeviceModels = new List<OtherDeviceKeysUpdateRequestModel>
|
|
|
|
|
{
|
|
|
|
|
new OtherDeviceKeysUpdateRequestModel
|
|
|
|
|
{
|
|
|
|
|
DeviceId = deviceOne.Id, // current device is included in alteredDevices
|
|
|
|
|
EncryptedPublicKey = "encrypted_public_key_one",
|
|
|
|
|
EncryptedUserKey = "encrypted_user_key_one",
|
|
|
|
|
},
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
await Assert.ThrowsAsync<BadRequestException>(() =>
|
|
|
|
|
sutProvider.Sut.UpdateDevicesTrustAsync("current_device", currentUserId, currentDeviceModel, alteredDeviceModels));
|
|
|
|
|
}
|
2019-01-09 18:31:07 +01:00
|
|
|
|
}
|