Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-12-01 13:43:23 +01:00
Code Issues Projects Releases Wiki Activity
313eef49f0
bitwarden-server/test/Api.Test/Auth/Validators/EmergencyAccessRotationValidatorTests.cs

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

158 lines
6.4 KiB
C#
Raw Normal View History

[Pm 3797 Part 2] Add emergency access rotations (#3434) ## Type of change <!-- (mark with an `X`) --> ``` - [ ] Bug fix - [ ] New feature development - [x] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [ ] Build/deploy pipeline (DevOps) - [ ] Other ``` ## Objective <!--Describe what the purpose of this PR is. For example: what bug you're fixing or what new feature you're adding--> See #3425 for part 1 and background. This PR adds emergency access to the rotation. All new code is hidden behind a feature flag. The Accounts controller has also been moved to Auth ownership. ## Code changes <!--Explain the changes you've made to each file or major component. This should help the reviewer understand your changes--> <!--Also refer to any related changes or PRs in other repositories--> * **file.ext:** Description of what was changed and why * **AccountsController.cs:** Moved to Auth ownership. Emergency access validation was added (as well as initializing empty lists to avoid errors). * **EmergencyAccessRotationValidator.cs:** Performs validation on the provided list of new emergency access keys. * **EmergencyAccessRepository.cs:** Adds a method to rotate encryption keys. This is added to a list in the `RotateUserKeyCommand` that the `UserRepository` calls so it doesn't have to know about all the domains. ## Before you submit - Please check for formatting errors (`dotnet format --verify-no-changes`) (required) - If making database changes - make sure you also update Entity Framework queries and/or migrations - Please add **unit tests** where it makes sense to do so (encouraged but not required) - If this change requires a **documentation update** - notify the documentation team - If this change has particular **deployment requirements** - notify the DevOps team
2023-12-05 18:05:51 +01:00
using Bit.Api.Auth.Models.Request;
using Bit.Api.Auth.Validators;
using Bit.Core.Auth.Models.Data;
using Bit.Core.Entities;
using Bit.Core.Exceptions;
using Bit.Core.Repositories;
using Bit.Core.Services;
using Bit.Test.Common.AutoFixture;
using Bit.Test.Common.AutoFixture.Attributes;
using NSubstitute;
using Xunit;
namespace Bit.Api.Test.Auth.Validators;
[SutProviderCustomize]
public class EmergencyAccessRotationValidatorTests
{
[Theory]
[BitAutoData]
public async Task ValidateAsync_MissingEmergencyAccess_Throws(
SutProvider<EmergencyAccessRotationValidator> sutProvider, User user,
IEnumerable<EmergencyAccessWithIdRequestModel> emergencyAccessKeys)
{
sutProvider.GetDependency<IUserService>().CanAccessPremium(user).Returns(true);
var userEmergencyAccess = emergencyAccessKeys.Select(e => new EmergencyAccessDetails
{
Id = e.Id,
GrantorName = user.Name,
GrantorEmail = user.Email,
KeyEncrypted = e.KeyEncrypted,
Type = e.Type
}).ToList();
userEmergencyAccess.Add(new EmergencyAccessDetails { Id = Guid.NewGuid(), KeyEncrypted = "TestKey" });
sutProvider.GetDependency<IEmergencyAccessRepository>().GetManyDetailsByGrantorIdAsync(user.Id)
.Returns(userEmergencyAccess);
await Assert.ThrowsAsync<BadRequestException>(async () =>
await sutProvider.Sut.ValidateAsync(user, emergencyAccessKeys));
}
[Theory]
[BitAutoData]
public async Task ValidateAsync_EmergencyAccessDoesNotBelongToUser_NotIncluded(
SutProvider<EmergencyAccessRotationValidator> sutProvider, User user,
IEnumerable<EmergencyAccessWithIdRequestModel> emergencyAccessKeys)
{
sutProvider.GetDependency<IUserService>().CanAccessPremium(user).Returns(true);
var userEmergencyAccess = emergencyAccessKeys.Select(e => new EmergencyAccessDetails
{
Id = e.Id,
GrantorName = user.Name,
GrantorEmail = user.Email,
KeyEncrypted = e.KeyEncrypted,
Type = e.Type
}).ToList();
userEmergencyAccess.RemoveAt(0);
sutProvider.GetDependency<IEmergencyAccessRepository>().GetManyDetailsByGrantorIdAsync(user.Id)
.Returns(userEmergencyAccess);
var result = await sutProvider.Sut.ValidateAsync(user, emergencyAccessKeys);
Assert.DoesNotContain(result, c => c.Id == emergencyAccessKeys.First().Id);
}
[Theory]
[BitAutoData]
public async Task ValidateAsync_UserNotPremium_Success(
SutProvider<EmergencyAccessRotationValidator> sutProvider, User user,
IEnumerable<EmergencyAccessWithIdRequestModel> emergencyAccessKeys)
{
// We want to allow users who have lost premium to rotate their key for any existing emergency access, as long
// as we restrict it to existing records and don't let them alter data
user.Premium = false;
var userEmergencyAccess = emergencyAccessKeys.Select(e => new EmergencyAccessDetails
{
Id = e.Id,
GrantorName = user.Name,
GrantorEmail = user.Email,
KeyEncrypted = e.KeyEncrypted,
Type = e.Type
}).ToList();
sutProvider.GetDependency<IEmergencyAccessRepository>().GetManyDetailsByGrantorIdAsync(user.Id)
.Returns(userEmergencyAccess);
var result = await sutProvider.Sut.ValidateAsync(user, emergencyAccessKeys);
Assert.Equal(userEmergencyAccess, result);
}
[Theory]
[BitAutoData]
public async Task ValidateAsync_NonConfirmedEmergencyAccess_NotReturned(
SutProvider<EmergencyAccessRotationValidator> sutProvider, User user,
IEnumerable<EmergencyAccessWithIdRequestModel> emergencyAccessKeys)
{
emergencyAccessKeys.First().KeyEncrypted = null;
sutProvider.GetDependency<IUserService>().CanAccessPremium(user).Returns(true);
var userEmergencyAccess = emergencyAccessKeys.Select(e => new EmergencyAccessDetails
{
Id = e.Id,
GrantorName = user.Name,
GrantorEmail = user.Email,
KeyEncrypted = e.KeyEncrypted,
Type = e.Type
}).ToList();
sutProvider.GetDependency<IEmergencyAccessRepository>().GetManyDetailsByGrantorIdAsync(user.Id)
.Returns(userEmergencyAccess);
var result = await sutProvider.Sut.ValidateAsync(user, emergencyAccessKeys);
Assert.DoesNotContain(result, c => c.Id == emergencyAccessKeys.First().Id);
}
[Theory]
[BitAutoData]
public async Task ValidateAsync_AttemptToSetKeyToNull_Throws(
SutProvider<EmergencyAccessRotationValidator> sutProvider, User user,
IEnumerable<EmergencyAccessWithIdRequestModel> emergencyAccessKeys)
{
sutProvider.GetDependency<IUserService>().CanAccessPremium(user).Returns(true);
var userEmergencyAccess = emergencyAccessKeys.Select(e => new EmergencyAccessDetails
{
Id = e.Id,
GrantorName = user.Name,
GrantorEmail = user.Email,
KeyEncrypted = e.KeyEncrypted,
Type = e.Type
}).ToList();
sutProvider.GetDependency<IEmergencyAccessRepository>().GetManyDetailsByGrantorIdAsync(user.Id)
.Returns(userEmergencyAccess);
emergencyAccessKeys.First().KeyEncrypted = null;
await Assert.ThrowsAsync<BadRequestException>(async () =>
await sutProvider.Sut.ValidateAsync(user, emergencyAccessKeys));
}
[PM-5938] Prevent permanent vault coruption on key-rotation with desycned vault (#4098) * Add check to verify the vault state for rotation is not obviously desynced (empty) * Add unit test for key rotation guardrail * Move de-synced vault detection to validators * Add tests
2024-05-30 11:08:26 +02:00
[Theory]
[BitAutoData]
public async Task ValidateAsync_SentKeysAreEmptyButDatabaseIsNot_Throws(
SutProvider<EmergencyAccessRotationValidator> sutProvider, User user,
IEnumerable<EmergencyAccessWithIdRequestModel> emergencyAccessKeys)
{
sutProvider.GetDependency<IUserService>().CanAccessPremium(user).Returns(true);
var userEmergencyAccess = emergencyAccessKeys.Select(e => new EmergencyAccessDetails
{
Id = e.Id,
GrantorName = user.Name,
GrantorEmail = user.Email,
KeyEncrypted = e.KeyEncrypted,
Type = e.Type
}).ToList();
sutProvider.GetDependency<IEmergencyAccessRepository>().GetManyDetailsByGrantorIdAsync(user.Id)
.Returns(userEmergencyAccess);
await Assert.ThrowsAsync<BadRequestException>(async () => await sutProvider.Sut.ValidateAsync(user, Enumerable.Empty<EmergencyAccessWithIdRequestModel>()));
}
[Pm 3797 Part 2] Add emergency access rotations (#3434) ## Type of change <!-- (mark with an `X`) --> ``` - [ ] Bug fix - [ ] New feature development - [x] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [ ] Build/deploy pipeline (DevOps) - [ ] Other ``` ## Objective <!--Describe what the purpose of this PR is. For example: what bug you're fixing or what new feature you're adding--> See #3425 for part 1 and background. This PR adds emergency access to the rotation. All new code is hidden behind a feature flag. The Accounts controller has also been moved to Auth ownership. ## Code changes <!--Explain the changes you've made to each file or major component. This should help the reviewer understand your changes--> <!--Also refer to any related changes or PRs in other repositories--> * **file.ext:** Description of what was changed and why * **AccountsController.cs:** Moved to Auth ownership. Emergency access validation was added (as well as initializing empty lists to avoid errors). * **EmergencyAccessRotationValidator.cs:** Performs validation on the provided list of new emergency access keys. * **EmergencyAccessRepository.cs:** Adds a method to rotate encryption keys. This is added to a list in the `RotateUserKeyCommand` that the `UserRepository` calls so it doesn't have to know about all the domains. ## Before you submit - Please check for formatting errors (`dotnet format --verify-no-changes`) (required) - If making database changes - make sure you also update Entity Framework queries and/or migrations - Please add **unit tests** where it makes sense to do so (encouraged but not required) - If this change requires a **documentation update** - notify the documentation team - If this change has particular **deployment requirements** - notify the DevOps team
2023-12-05 18:05:51 +01:00
}
Reference in New Issue Copy Permalink