Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-24 12:35:25 +01:00
Code Issues Projects Releases Wiki Activity
329eef82cd
bitwarden-server/test/Api.Test/Models/Request/Accounts/KdfRequestModelTests.cs

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

66 lines
2.6 KiB
C#
Raw Normal View History

[PS-2267] Add KdfMemory and KDFParallelism fields (#2583) * Add KdfMemory and KDFParallelism fields * Revise argon2 support This pull request makes the new attribues for argon2, kdfMemory and kdfParallelism optional. Furthermore it adds checks for the argon2 parametrs and improves the database migration script. * Add validation for argon2 in RegisterRequestModel * update validation messages * update sql scripts * register data protection with migration factories * add ef migrations * update kdf option validation * adjust validation * Centralize and Test KDF Validation Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com> Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com> Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
2023-01-25 13:56:54 +01:00
using System.ComponentModel.DataAnnotations;
[PM-1188] Server owner auth migration (#2825) * [PM-1188] add sso project to auth * [PM-1188] move sso api models to auth * [PM-1188] fix sso api model namespace & imports * [PM-1188] move core files to auth * [PM-1188] fix core sso namespace & models * [PM-1188] move sso repository files to auth * [PM-1188] fix sso repo files namespace & imports * [PM-1188] move sso sql files to auth folder * [PM-1188] move sso test files to auth folders * [PM-1188] fix sso tests namespace & imports * [PM-1188] move auth api files to auth folder * [PM-1188] fix auth api files namespace & imports * [PM-1188] move auth core files to auth folder * [PM-1188] fix auth core files namespace & imports * [PM-1188] move auth email templates to auth folder * [PM-1188] move auth email folder back into shared directory * [PM-1188] fix auth email names * [PM-1188] move auth core models to auth folder * [PM-1188] fix auth model namespace & imports * [PM-1188] add entire Identity project to auth codeowners * [PM-1188] fix auth orm files namespace & imports * [PM-1188] move auth orm files to auth folder * [PM-1188] move auth sql files to auth folder * [PM-1188] move auth tests to auth folder * [PM-1188] fix auth test files namespace & imports * [PM-1188] move emergency access api files to auth folder * [PM-1188] fix emergencyaccess api files namespace & imports * [PM-1188] move emergency access core files to auth folder * [PM-1188] fix emergency access core files namespace & imports * [PM-1188] move emergency access orm files to auth folder * [PM-1188] fix emergency access orm files namespace & imports * [PM-1188] move emergency access sql files to auth folder * [PM-1188] move emergencyaccess test files to auth folder * [PM-1188] fix emergency access test files namespace & imports * [PM-1188] move captcha files to auth folder * [PM-1188] fix captcha files namespace & imports * [PM-1188] move auth admin files into auth folder * [PM-1188] fix admin auth files namespace & imports - configure mvc to look in auth folders for views * [PM-1188] remove extra imports and formatting * [PM-1188] fix ef auth model imports * [PM-1188] fix DatabaseContextModelSnapshot paths * [PM-1188] fix grant import in ef * [PM-1188] update sqlproj * [PM-1188] move missed sqlproj files * [PM-1188] move auth ef models out of auth folder * [PM-1188] fix auth ef models namespace * [PM-1188] remove auth ef models unused imports * [PM-1188] fix imports for auth ef models * [PM-1188] fix more ef model imports * [PM-1188] fix file encodings
2023-04-14 19:25:56 +02:00
using Bit.Api.Auth.Models.Request.Accounts;
[PS-2267] Add KdfMemory and KDFParallelism fields (#2583) * Add KdfMemory and KDFParallelism fields * Revise argon2 support This pull request makes the new attribues for argon2, kdfMemory and kdfParallelism optional. Furthermore it adds checks for the argon2 parametrs and improves the database migration script. * Add validation for argon2 in RegisterRequestModel * update validation messages * update sql scripts * register data protection with migration factories * add ef migrations * update kdf option validation * adjust validation * Centralize and Test KDF Validation Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com> Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com> Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
2023-01-25 13:56:54 +01:00
using Bit.Core.Enums;
using Xunit;
namespace Bit.Api.Test.Models.Request.Accounts;
public class KdfRequestModelTests
{
[Theory]
[InlineData(KdfType.PBKDF2_SHA256, 1_000_000, null, null)] // Somewhere in the middle
[PM-3565] Enforce higher minimum KDF (#3304) Extract KDF logic into a new Range class. Increase minimum iterations for PBKDF.
2023-12-05 17:21:46 +01:00
[InlineData(KdfType.PBKDF2_SHA256, 600_000, null, null)] // Right on the lower boundary
[PS-2267] Add KdfMemory and KDFParallelism fields (#2583) * Add KdfMemory and KDFParallelism fields * Revise argon2 support This pull request makes the new attribues for argon2, kdfMemory and kdfParallelism optional. Furthermore it adds checks for the argon2 parametrs and improves the database migration script. * Add validation for argon2 in RegisterRequestModel * update validation messages * update sql scripts * register data protection with migration factories * add ef migrations * update kdf option validation * adjust validation * Centralize and Test KDF Validation Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com> Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com> Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
2023-01-25 13:56:54 +01:00
[InlineData(KdfType.PBKDF2_SHA256, 2_000_000, null, null)] // Right on the upper boundary
[PM-3565] Enforce higher minimum KDF (#3304) Extract KDF logic into a new Range class. Increase minimum iterations for PBKDF.
2023-12-05 17:21:46 +01:00
[InlineData(KdfType.Argon2id, 5, 500, 8)] // Somewhere in the middle
[InlineData(KdfType.Argon2id, 2, 15, 1)] // Right on the lower boundary
[InlineData(KdfType.Argon2id, 10, 1024, 16)] // Right on the upper boundary
[PS-2267] Add KdfMemory and KDFParallelism fields (#2583) * Add KdfMemory and KDFParallelism fields * Revise argon2 support This pull request makes the new attribues for argon2, kdfMemory and kdfParallelism optional. Furthermore it adds checks for the argon2 parametrs and improves the database migration script. * Add validation for argon2 in RegisterRequestModel * update validation messages * update sql scripts * register data protection with migration factories * add ef migrations * update kdf option validation * adjust validation * Centralize and Test KDF Validation Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com> Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com> Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
2023-01-25 13:56:54 +01:00
public void Validate_IsValid(KdfType kdfType, int? kdfIterations, int? kdfMemory, int? kdfParallelism)
{
var model = new KdfRequestModel
{
Kdf = kdfType,
KdfIterations = kdfIterations,
KdfMemory = kdfMemory,
KdfParallelism = kdfParallelism,
Key = "TEST",
NewMasterPasswordHash = "TEST",
};
var results = Validate(model);
Assert.Empty(results);
}
[Theory]
[InlineData(null, 350_000, null, null, 1)] // Although KdfType is nullable, it's marked as [Required]
[PM-3565] Enforce higher minimum KDF (#3304) Extract KDF logic into a new Range class. Increase minimum iterations for PBKDF.
2023-12-05 17:21:46 +01:00
[InlineData(KdfType.PBKDF2_SHA256, 500_000, null, null, 1)] // Too few iterations
[PS-2267] Add KdfMemory and KDFParallelism fields (#2583) * Add KdfMemory and KDFParallelism fields * Revise argon2 support This pull request makes the new attribues for argon2, kdfMemory and kdfParallelism optional. Furthermore it adds checks for the argon2 parametrs and improves the database migration script. * Add validation for argon2 in RegisterRequestModel * update validation messages * update sql scripts * register data protection with migration factories * add ef migrations * update kdf option validation * adjust validation * Centralize and Test KDF Validation Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com> Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com> Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
2023-01-25 13:56:54 +01:00
[InlineData(KdfType.PBKDF2_SHA256, 2_000_001, null, null, 1)] // Too many iterations
[InlineData(KdfType.Argon2id, 0, 30, 8, 1)] // Iterations must be greater than 0
[InlineData(KdfType.Argon2id, 10, 14, 8, 1)] // Too little memory
[InlineData(KdfType.Argon2id, 10, 14, 0, 1)] // Too small of a parallelism value
[InlineData(KdfType.Argon2id, 10, 1025, 8, 1)] // Too much memory
[InlineData(KdfType.Argon2id, 10, 512, 17, 1)] // Too big of a parallelism value
public void Validate_Fails(KdfType? kdfType, int? kdfIterations, int? kdfMemory, int? kdfParallelism, int expectedFailures)
{
var model = new KdfRequestModel
{
Kdf = kdfType,
KdfIterations = kdfIterations,
KdfMemory = kdfMemory,
KdfParallelism = kdfParallelism,
Key = "TEST",
NewMasterPasswordHash = "TEST",
};
var results = Validate(model);
Assert.NotEmpty(results);
Assert.Equal(expectedFailures, results.Count);
}
public static List<ValidationResult> Validate(KdfRequestModel model)
{
var results = new List<ValidationResult>();
Validator.TryValidateObject(model, new ValidationContext(model), results);
return results;
}
}
Reference in New Issue Copy Permalink