Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-22 12:15:36 +01:00
Code Issues Projects Releases Wiki Activity
330e41a6d9
bitwarden-server/test/Core.Test/Services/UserServiceTests.cs

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

324 lines
14 KiB
C#
Raw Normal View History

Turn On `ImplicitUsings` (#2079) * Turn on ImplicitUsings * Fix formatting * Run linter
2022-06-30 01:46:41 +02:00
using System.Text.Json;
[AC-1284] AC Team code ownership moves - Provider (#3359)
2023-10-26 19:38:29 +02:00
using Bit.Core.AdminConsole.Repositories;
[PM-1188] Server owner auth migration (#2825) * [PM-1188] add sso project to auth * [PM-1188] move sso api models to auth * [PM-1188] fix sso api model namespace & imports * [PM-1188] move core files to auth * [PM-1188] fix core sso namespace & models * [PM-1188] move sso repository files to auth * [PM-1188] fix sso repo files namespace & imports * [PM-1188] move sso sql files to auth folder * [PM-1188] move sso test files to auth folders * [PM-1188] fix sso tests namespace & imports * [PM-1188] move auth api files to auth folder * [PM-1188] fix auth api files namespace & imports * [PM-1188] move auth core files to auth folder * [PM-1188] fix auth core files namespace & imports * [PM-1188] move auth email templates to auth folder * [PM-1188] move auth email folder back into shared directory * [PM-1188] fix auth email names * [PM-1188] move auth core models to auth folder * [PM-1188] fix auth model namespace & imports * [PM-1188] add entire Identity project to auth codeowners * [PM-1188] fix auth orm files namespace & imports * [PM-1188] move auth orm files to auth folder * [PM-1188] move auth sql files to auth folder * [PM-1188] move auth tests to auth folder * [PM-1188] fix auth test files namespace & imports * [PM-1188] move emergency access api files to auth folder * [PM-1188] fix emergencyaccess api files namespace & imports * [PM-1188] move emergency access core files to auth folder * [PM-1188] fix emergency access core files namespace & imports * [PM-1188] move emergency access orm files to auth folder * [PM-1188] fix emergency access orm files namespace & imports * [PM-1188] move emergency access sql files to auth folder * [PM-1188] move emergencyaccess test files to auth folder * [PM-1188] fix emergency access test files namespace & imports * [PM-1188] move captcha files to auth folder * [PM-1188] fix captcha files namespace & imports * [PM-1188] move auth admin files into auth folder * [PM-1188] fix admin auth files namespace & imports - configure mvc to look in auth folders for views * [PM-1188] remove extra imports and formatting * [PM-1188] fix ef auth model imports * [PM-1188] fix DatabaseContextModelSnapshot paths * [PM-1188] fix grant import in ef * [PM-1188] update sqlproj * [PM-1188] move missed sqlproj files * [PM-1188] move auth ef models out of auth folder * [PM-1188] fix auth ef models namespace * [PM-1188] remove auth ef models unused imports * [PM-1188] fix imports for auth ef models * [PM-1188] fix more ef model imports * [PM-1188] fix file encodings
2023-04-14 19:25:56 +02:00
using Bit.Core.Auth.Enums;
using Bit.Core.Auth.Models;
Trusted Device Encryption feature (#3151) * [PM-1203] feat: allow verification for all passwordless accounts (#3038) * [PM-1033] Org invite user creation flow 1 (#3028) * [PM-1033] feat: remove user verification from password enrollment * [PM-1033] feat: auto accept invitation when enrolling into password reset * [PM-1033] fix: controller tests * [PM-1033] refactor: `UpdateUserResetPasswordEnrollmentCommand` * [PM-1033] refactor(wip): make `AcceptUserCommand` * Revert "[PM-1033] refactor(wip): make `AcceptUserCommand`" This reverts commit dc1319e7fa70c4844bbc70e0b01089b682ac2843. * Revert "[PM-1033] refactor: `UpdateUserResetPasswordEnrollmentCommand`" This reverts commit 43df689c7f244af4f7ffec1f9768a72081a624c3. * [PM-1033] refactor: move invite accept to controller This avoids creating yet another method that depends on having `IUserService` passed in as a parameter * [PM-1033] fix: add missing changes * [PM-1381] Add Trusted Device Keys to Auth Response (#3066) * Return Keys for Trusted Device - Check whether the current logging in device is trusted - Return their keys on successful login * Formatting * Address PR Feedback * Add Remarks Comment * [PM-1338] `AuthRequest` Event Logs (#3046) * Update AuthRequestController - Only allow AdminApproval Requests to be created from authed endpoint - Add endpoint that has authentication to be able to create admin approval * Add PasswordlessAuthSettings - Add settings for customizing expiration times * Add new EventTypes * Add Logic for AdminApproval Type - Add logic for validating AdminApproval expiration - Add event logging for Approval/Disapproval of AdminApproval - Add logic for creating AdminApproval types * Add Test Helpers - Change BitAutoData to allow you to use string representations of common types. * Add/Update AuthRequestService Tests * Run Formatting * Switch to 7 Days * Add Test Covering ResponseDate Being Set * Address PR Feedback - Create helper for checking if date is expired - Move validation logic into smaller methods * Switch to User Event Type - Make RequestDeviceApproval user type - User types will log for each org user is in * [PM-2998] Move Approving Device Check (#3101) * Move Check for Approving Devices - Exclude currently logging in device - Remove old way of checking - Add tests asserting behavior * Update DeviceType list * Update Naming & Address PR Feedback * Fix Tests * Address PR Feedback * Formatting * Now Fully Update Naming? * Feature/auth/pm 2759/add can reset password to user decryption options (#3113) * PM-2759 - BaseRequestValidator.cs - CreateUserDecryptionOptionsAsync - Add new hasManageResetPasswordPermission for post SSO redirect logic required on client. * PM-2759 - Update IdentityServerSsoTests.cs to all pass based on the addition of HasManageResetPasswordPermission to TrustedDeviceUserDecryptionOption * IdentityServerSsoTests.cs - fix typo in test name: LoggingApproval --> LoginApproval * PM1259 - Add test case for verifying that TrustedDeviceOption.hasManageResetPasswordPermission is set properly based on user permission * dotnet format run * Feature/auth/pm 2759/add can reset password to user decryption options fix jit users (#3120) * PM-2759 - IdentityServer - CreateUserDecryptionOptionsAsync - hasManageResetPasswordPermission set logic was broken for JIT provisioned users as I assumed we would always have a list of at least 1 org during the SSO process. Added TODO for future test addition but getting this out there now as QA is blocked by being unable to create JIT provisioned users. * dotnet format * Tiny tweak * [PM-1339] Allow Rotating Device Keys (#3096) * Allow Rotation of Trusted Device Keys - Add endpoint for getting keys relating to rotation - Add endpoint for rotating your current device - In the same endpoint allow a list of other devices to rotate * Formatting * Use Extension Method * Add Tests from PR Co-authored-by: Jared Snider <jsnider@bitwarden.com> --------- Co-authored-by: Jared Snider <jsnider@bitwarden.com> * Check the user directly if they have the ResetPasswordKey (#3153) * PM-3327 - UpdateKeyAsync must exempt the currently calling device from the logout notification in order to prevent prematurely logging the user out before the client side key rotation process can complete. The calling device will log itself out once it is done. (#3170) * Allow OTP Requests When Users Are On TDE (#3184) * [PM-3356][PM-3292] Allow OTP For All (#3188) * Allow OTP For All - On a trusted device isn't a good check because a user might be using a trusted device locally but not trusted it long term - The logic wasn't working for KC users anyways * Remove Old Comment * [AC-1601] Added RequireSso policy as a dependency of TDE (#3209) * Added RequireSso policy as a dependency of TDE. * Added test for RequireSso for TDE. * Added save. * Fixed policy name. --------- Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com> Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com> Co-authored-by: Vincent Salucci <vincesalucci21@gmail.com> Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com> Co-authored-by: Jared Snider <jsnider@bitwarden.com>
2023-08-17 22:03:06 +02:00
using Bit.Core.Context;
Split out repositories to Infrastructure.Dapper / EntityFramework (#1759)
2022-01-11 10:40:51 +01:00
using Bit.Core.Entities;
Start Migration from Newtonsoft.Json to System.Text.Json (#1803) * Start switch to System.Text.Json * Work on switching to System.Text.Json * Main work on STJ refactor * Fix build errors * Run formatting * Delete unused file * Use legacy for two factor providers * Run formatter * Add TokenProviderTests * Run formatting * Fix merge issues * Switch to use JsonSerializer * Address PR feedback * Fix formatting * Ran formatter * Switch to async * Ensure Enums are serialized as strings * Fix formatting * Enqueue single items as arrays * Remove CreateAsync method on AzureQueueService
2022-01-21 15:36:25 +01:00
using Bit.Core.Models.Business;
[EC-243] Grant premium status when member accepts org invite (#2043)
2022-06-16 22:30:50 +02:00
using Bit.Core.Models.Data.Organizations;
PS-82 check send 2FA email for new devices on TwoFactorController send-email-login (#1977)
2022-04-28 18:14:09 +02:00
using Bit.Core.Repositories;
Add basic Core.Services test files (#526) Following the paradigms illustrated in "Working Effectively with Legacy Code", this commit introduces at least one test for each service class implementation. This test is a simple construction test -- we just create each service and assert that it exists. Each test suite includes a comment instructing the developer who comes next to remove the constructor test. We don't want to keep these tests as the codebase matures, as they aren't useful in the longterm. They only prove that we have that class under test. Where test suites failed to construct their associated classes, we skip the test but leave behind the implementation. This is by design, so that as the constructors for those classes change, we are forced to keep the test suite current by leaning on the compiler.
2019-07-06 05:35:54 +02:00
using Bit.Core.Services;
Trusted Device Encryption feature (#3151) * [PM-1203] feat: allow verification for all passwordless accounts (#3038) * [PM-1033] Org invite user creation flow 1 (#3028) * [PM-1033] feat: remove user verification from password enrollment * [PM-1033] feat: auto accept invitation when enrolling into password reset * [PM-1033] fix: controller tests * [PM-1033] refactor: `UpdateUserResetPasswordEnrollmentCommand` * [PM-1033] refactor(wip): make `AcceptUserCommand` * Revert "[PM-1033] refactor(wip): make `AcceptUserCommand`" This reverts commit dc1319e7fa70c4844bbc70e0b01089b682ac2843. * Revert "[PM-1033] refactor: `UpdateUserResetPasswordEnrollmentCommand`" This reverts commit 43df689c7f244af4f7ffec1f9768a72081a624c3. * [PM-1033] refactor: move invite accept to controller This avoids creating yet another method that depends on having `IUserService` passed in as a parameter * [PM-1033] fix: add missing changes * [PM-1381] Add Trusted Device Keys to Auth Response (#3066) * Return Keys for Trusted Device - Check whether the current logging in device is trusted - Return their keys on successful login * Formatting * Address PR Feedback * Add Remarks Comment * [PM-1338] `AuthRequest` Event Logs (#3046) * Update AuthRequestController - Only allow AdminApproval Requests to be created from authed endpoint - Add endpoint that has authentication to be able to create admin approval * Add PasswordlessAuthSettings - Add settings for customizing expiration times * Add new EventTypes * Add Logic for AdminApproval Type - Add logic for validating AdminApproval expiration - Add event logging for Approval/Disapproval of AdminApproval - Add logic for creating AdminApproval types * Add Test Helpers - Change BitAutoData to allow you to use string representations of common types. * Add/Update AuthRequestService Tests * Run Formatting * Switch to 7 Days * Add Test Covering ResponseDate Being Set * Address PR Feedback - Create helper for checking if date is expired - Move validation logic into smaller methods * Switch to User Event Type - Make RequestDeviceApproval user type - User types will log for each org user is in * [PM-2998] Move Approving Device Check (#3101) * Move Check for Approving Devices - Exclude currently logging in device - Remove old way of checking - Add tests asserting behavior * Update DeviceType list * Update Naming & Address PR Feedback * Fix Tests * Address PR Feedback * Formatting * Now Fully Update Naming? * Feature/auth/pm 2759/add can reset password to user decryption options (#3113) * PM-2759 - BaseRequestValidator.cs - CreateUserDecryptionOptionsAsync - Add new hasManageResetPasswordPermission for post SSO redirect logic required on client. * PM-2759 - Update IdentityServerSsoTests.cs to all pass based on the addition of HasManageResetPasswordPermission to TrustedDeviceUserDecryptionOption * IdentityServerSsoTests.cs - fix typo in test name: LoggingApproval --> LoginApproval * PM1259 - Add test case for verifying that TrustedDeviceOption.hasManageResetPasswordPermission is set properly based on user permission * dotnet format run * Feature/auth/pm 2759/add can reset password to user decryption options fix jit users (#3120) * PM-2759 - IdentityServer - CreateUserDecryptionOptionsAsync - hasManageResetPasswordPermission set logic was broken for JIT provisioned users as I assumed we would always have a list of at least 1 org during the SSO process. Added TODO for future test addition but getting this out there now as QA is blocked by being unable to create JIT provisioned users. * dotnet format * Tiny tweak * [PM-1339] Allow Rotating Device Keys (#3096) * Allow Rotation of Trusted Device Keys - Add endpoint for getting keys relating to rotation - Add endpoint for rotating your current device - In the same endpoint allow a list of other devices to rotate * Formatting * Use Extension Method * Add Tests from PR Co-authored-by: Jared Snider <jsnider@bitwarden.com> --------- Co-authored-by: Jared Snider <jsnider@bitwarden.com> * Check the user directly if they have the ResetPasswordKey (#3153) * PM-3327 - UpdateKeyAsync must exempt the currently calling device from the logout notification in order to prevent prematurely logging the user out before the client side key rotation process can complete. The calling device will log itself out once it is done. (#3170) * Allow OTP Requests When Users Are On TDE (#3184) * [PM-3356][PM-3292] Allow OTP For All (#3188) * Allow OTP For All - On a trusted device isn't a good check because a user might be using a trusted device locally but not trusted it long term - The logic wasn't working for KC users anyways * Remove Old Comment * [AC-1601] Added RequireSso policy as a dependency of TDE (#3209) * Added RequireSso policy as a dependency of TDE. * Added test for RequireSso for TDE. * Added save. * Fixed policy name. --------- Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com> Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com> Co-authored-by: Vincent Salucci <vincesalucci21@gmail.com> Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com> Co-authored-by: Jared Snider <jsnider@bitwarden.com>
2023-08-17 22:03:06 +02:00
using Bit.Core.Settings;
using Bit.Core.Tools.Services;
using Bit.Core.Vault.Repositories;
Start Migration from Newtonsoft.Json to System.Text.Json (#1803) * Start switch to System.Text.Json * Work on switching to System.Text.Json * Main work on STJ refactor * Fix build errors * Run formatting * Delete unused file * Use legacy for two factor providers * Run formatter * Add TokenProviderTests * Run formatting * Fix merge issues * Switch to use JsonSerializer * Address PR feedback * Fix formatting * Ran formatter * Switch to async * Ensure Enums are serialized as strings * Fix formatting * Enqueue single items as arrays * Remove CreateAsync method on AzureQueueService
2022-01-21 15:36:25 +01:00
using Bit.Test.Common.AutoFixture;
using Bit.Test.Common.AutoFixture.Attributes;
using Bit.Test.Common.Helpers;
Trusted Device Encryption feature (#3151) * [PM-1203] feat: allow verification for all passwordless accounts (#3038) * [PM-1033] Org invite user creation flow 1 (#3028) * [PM-1033] feat: remove user verification from password enrollment * [PM-1033] feat: auto accept invitation when enrolling into password reset * [PM-1033] fix: controller tests * [PM-1033] refactor: `UpdateUserResetPasswordEnrollmentCommand` * [PM-1033] refactor(wip): make `AcceptUserCommand` * Revert "[PM-1033] refactor(wip): make `AcceptUserCommand`" This reverts commit dc1319e7fa70c4844bbc70e0b01089b682ac2843. * Revert "[PM-1033] refactor: `UpdateUserResetPasswordEnrollmentCommand`" This reverts commit 43df689c7f244af4f7ffec1f9768a72081a624c3. * [PM-1033] refactor: move invite accept to controller This avoids creating yet another method that depends on having `IUserService` passed in as a parameter * [PM-1033] fix: add missing changes * [PM-1381] Add Trusted Device Keys to Auth Response (#3066) * Return Keys for Trusted Device - Check whether the current logging in device is trusted - Return their keys on successful login * Formatting * Address PR Feedback * Add Remarks Comment * [PM-1338] `AuthRequest` Event Logs (#3046) * Update AuthRequestController - Only allow AdminApproval Requests to be created from authed endpoint - Add endpoint that has authentication to be able to create admin approval * Add PasswordlessAuthSettings - Add settings for customizing expiration times * Add new EventTypes * Add Logic for AdminApproval Type - Add logic for validating AdminApproval expiration - Add event logging for Approval/Disapproval of AdminApproval - Add logic for creating AdminApproval types * Add Test Helpers - Change BitAutoData to allow you to use string representations of common types. * Add/Update AuthRequestService Tests * Run Formatting * Switch to 7 Days * Add Test Covering ResponseDate Being Set * Address PR Feedback - Create helper for checking if date is expired - Move validation logic into smaller methods * Switch to User Event Type - Make RequestDeviceApproval user type - User types will log for each org user is in * [PM-2998] Move Approving Device Check (#3101) * Move Check for Approving Devices - Exclude currently logging in device - Remove old way of checking - Add tests asserting behavior * Update DeviceType list * Update Naming & Address PR Feedback * Fix Tests * Address PR Feedback * Formatting * Now Fully Update Naming? * Feature/auth/pm 2759/add can reset password to user decryption options (#3113) * PM-2759 - BaseRequestValidator.cs - CreateUserDecryptionOptionsAsync - Add new hasManageResetPasswordPermission for post SSO redirect logic required on client. * PM-2759 - Update IdentityServerSsoTests.cs to all pass based on the addition of HasManageResetPasswordPermission to TrustedDeviceUserDecryptionOption * IdentityServerSsoTests.cs - fix typo in test name: LoggingApproval --> LoginApproval * PM1259 - Add test case for verifying that TrustedDeviceOption.hasManageResetPasswordPermission is set properly based on user permission * dotnet format run * Feature/auth/pm 2759/add can reset password to user decryption options fix jit users (#3120) * PM-2759 - IdentityServer - CreateUserDecryptionOptionsAsync - hasManageResetPasswordPermission set logic was broken for JIT provisioned users as I assumed we would always have a list of at least 1 org during the SSO process. Added TODO for future test addition but getting this out there now as QA is blocked by being unable to create JIT provisioned users. * dotnet format * Tiny tweak * [PM-1339] Allow Rotating Device Keys (#3096) * Allow Rotation of Trusted Device Keys - Add endpoint for getting keys relating to rotation - Add endpoint for rotating your current device - In the same endpoint allow a list of other devices to rotate * Formatting * Use Extension Method * Add Tests from PR Co-authored-by: Jared Snider <jsnider@bitwarden.com> --------- Co-authored-by: Jared Snider <jsnider@bitwarden.com> * Check the user directly if they have the ResetPasswordKey (#3153) * PM-3327 - UpdateKeyAsync must exempt the currently calling device from the logout notification in order to prevent prematurely logging the user out before the client side key rotation process can complete. The calling device will log itself out once it is done. (#3170) * Allow OTP Requests When Users Are On TDE (#3184) * [PM-3356][PM-3292] Allow OTP For All (#3188) * Allow OTP For All - On a trusted device isn't a good check because a user might be using a trusted device locally but not trusted it long term - The logic wasn't working for KC users anyways * Remove Old Comment * [AC-1601] Added RequireSso policy as a dependency of TDE (#3209) * Added RequireSso policy as a dependency of TDE. * Added test for RequireSso for TDE. * Added save. * Fixed policy name. --------- Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com> Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com> Co-authored-by: Vincent Salucci <vincesalucci21@gmail.com> Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com> Co-authored-by: Jared Snider <jsnider@bitwarden.com>
2023-08-17 22:03:06 +02:00
using Fido2NetLib;
using Microsoft.AspNetCore.DataProtection;
Add basic Core.Services test files (#526) Following the paradigms illustrated in "Working Effectively with Legacy Code", this commit introduces at least one test for each service class implementation. This test is a simple construction test -- we just create each service and assert that it exists. Each test suite includes a comment instructing the developer who comes next to remove the constructor test. We don't want to keep these tests as the codebase matures, as they aren't useful in the longterm. They only prove that we have that class under test. Where test suites failed to construct their associated classes, we skip the test but leave behind the implementation. This is by design, so that as the constructors for those classes change, we are forced to keep the test suite current by leaning on the compiler.
2019-07-06 05:35:54 +02:00
using Microsoft.AspNetCore.Identity;
Trusted Device Encryption feature (#3151) * [PM-1203] feat: allow verification for all passwordless accounts (#3038) * [PM-1033] Org invite user creation flow 1 (#3028) * [PM-1033] feat: remove user verification from password enrollment * [PM-1033] feat: auto accept invitation when enrolling into password reset * [PM-1033] fix: controller tests * [PM-1033] refactor: `UpdateUserResetPasswordEnrollmentCommand` * [PM-1033] refactor(wip): make `AcceptUserCommand` * Revert "[PM-1033] refactor(wip): make `AcceptUserCommand`" This reverts commit dc1319e7fa70c4844bbc70e0b01089b682ac2843. * Revert "[PM-1033] refactor: `UpdateUserResetPasswordEnrollmentCommand`" This reverts commit 43df689c7f244af4f7ffec1f9768a72081a624c3. * [PM-1033] refactor: move invite accept to controller This avoids creating yet another method that depends on having `IUserService` passed in as a parameter * [PM-1033] fix: add missing changes * [PM-1381] Add Trusted Device Keys to Auth Response (#3066) * Return Keys for Trusted Device - Check whether the current logging in device is trusted - Return their keys on successful login * Formatting * Address PR Feedback * Add Remarks Comment * [PM-1338] `AuthRequest` Event Logs (#3046) * Update AuthRequestController - Only allow AdminApproval Requests to be created from authed endpoint - Add endpoint that has authentication to be able to create admin approval * Add PasswordlessAuthSettings - Add settings for customizing expiration times * Add new EventTypes * Add Logic for AdminApproval Type - Add logic for validating AdminApproval expiration - Add event logging for Approval/Disapproval of AdminApproval - Add logic for creating AdminApproval types * Add Test Helpers - Change BitAutoData to allow you to use string representations of common types. * Add/Update AuthRequestService Tests * Run Formatting * Switch to 7 Days * Add Test Covering ResponseDate Being Set * Address PR Feedback - Create helper for checking if date is expired - Move validation logic into smaller methods * Switch to User Event Type - Make RequestDeviceApproval user type - User types will log for each org user is in * [PM-2998] Move Approving Device Check (#3101) * Move Check for Approving Devices - Exclude currently logging in device - Remove old way of checking - Add tests asserting behavior * Update DeviceType list * Update Naming & Address PR Feedback * Fix Tests * Address PR Feedback * Formatting * Now Fully Update Naming? * Feature/auth/pm 2759/add can reset password to user decryption options (#3113) * PM-2759 - BaseRequestValidator.cs - CreateUserDecryptionOptionsAsync - Add new hasManageResetPasswordPermission for post SSO redirect logic required on client. * PM-2759 - Update IdentityServerSsoTests.cs to all pass based on the addition of HasManageResetPasswordPermission to TrustedDeviceUserDecryptionOption * IdentityServerSsoTests.cs - fix typo in test name: LoggingApproval --> LoginApproval * PM1259 - Add test case for verifying that TrustedDeviceOption.hasManageResetPasswordPermission is set properly based on user permission * dotnet format run * Feature/auth/pm 2759/add can reset password to user decryption options fix jit users (#3120) * PM-2759 - IdentityServer - CreateUserDecryptionOptionsAsync - hasManageResetPasswordPermission set logic was broken for JIT provisioned users as I assumed we would always have a list of at least 1 org during the SSO process. Added TODO for future test addition but getting this out there now as QA is blocked by being unable to create JIT provisioned users. * dotnet format * Tiny tweak * [PM-1339] Allow Rotating Device Keys (#3096) * Allow Rotation of Trusted Device Keys - Add endpoint for getting keys relating to rotation - Add endpoint for rotating your current device - In the same endpoint allow a list of other devices to rotate * Formatting * Use Extension Method * Add Tests from PR Co-authored-by: Jared Snider <jsnider@bitwarden.com> --------- Co-authored-by: Jared Snider <jsnider@bitwarden.com> * Check the user directly if they have the ResetPasswordKey (#3153) * PM-3327 - UpdateKeyAsync must exempt the currently calling device from the logout notification in order to prevent prematurely logging the user out before the client side key rotation process can complete. The calling device will log itself out once it is done. (#3170) * Allow OTP Requests When Users Are On TDE (#3184) * [PM-3356][PM-3292] Allow OTP For All (#3188) * Allow OTP For All - On a trusted device isn't a good check because a user might be using a trusted device locally but not trusted it long term - The logic wasn't working for KC users anyways * Remove Old Comment * [AC-1601] Added RequireSso policy as a dependency of TDE (#3209) * Added RequireSso policy as a dependency of TDE. * Added test for RequireSso for TDE. * Added save. * Fixed policy name. --------- Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com> Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com> Co-authored-by: Vincent Salucci <vincesalucci21@gmail.com> Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com> Co-authored-by: Jared Snider <jsnider@bitwarden.com>
2023-08-17 22:03:06 +02:00
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
Add basic Core.Services test files (#526) Following the paradigms illustrated in "Working Effectively with Legacy Code", this commit introduces at least one test for each service class implementation. This test is a simple construction test -- we just create each service and assert that it exists. Each test suite includes a comment instructing the developer who comes next to remove the constructor test. We don't want to keep these tests as the codebase matures, as they aren't useful in the longterm. They only prove that we have that class under test. Where test suites failed to construct their associated classes, we skip the test but leave behind the implementation. This is by design, so that as the constructors for those classes change, we are forced to keep the test suite current by leaning on the compiler.
2019-07-06 05:35:54 +02:00
using NSubstitute;
Email verification for new devices (#1931) * PS-56 Added Email 2FA on login with new devices that don't have any 2FA enabled * PS-56 Fixed wrong argument in VerifyTwoFactor call
2022-04-01 22:08:47 +02:00
using NSubstitute.ReceivedExtensions;
Add basic Core.Services test files (#526) Following the paradigms illustrated in "Working Effectively with Legacy Code", this commit introduces at least one test for each service class implementation. This test is a simple construction test -- we just create each service and assert that it exists. Each test suite includes a comment instructing the developer who comes next to remove the constructor test. We don't want to keep these tests as the codebase matures, as they aren't useful in the longterm. They only prove that we have that class under test. Where test suites failed to construct their associated classes, we skip the test but leave behind the implementation. This is by design, so that as the constructors for those classes change, we are forced to keep the test suite current by leaning on the compiler.
2019-07-06 05:35:54 +02:00
using Xunit;
namespace Bit.Core.Test.Services;
Run formatting (#2230)
2022-08-29 22:06:55 +02:00
Feature/bit auto data (#2219) * Update ProviderService tests * Use BitAutoData in CipherService tests * Simplify UserCipher fixture Because we use a single customizer for all ciphers, they all have the same userId. * Clean up more cipher fixtures * Swap Cipher Fixtures to BitCustomizeAttribute * Clean up collection fixtures * Clean up GroupFixtures * Move SendService Tests to BitAutoData * Clean up Organization Fixtures TODO: The customize attributes should not be customizing more than one class * Name files after the class they contain * Clear up usage of CustomAutoDataAttribute in tests * Clean up usages of InlineCustomAutoData * format * Manually merge with file-scoped-namespace changes
2022-08-31 15:38:35 +02:00
[SutProviderCustomize]
Add basic Core.Services test files (#526) Following the paradigms illustrated in "Working Effectively with Legacy Code", this commit introduces at least one test for each service class implementation. This test is a simple construction test -- we just create each service and assert that it exists. Each test suite includes a comment instructing the developer who comes next to remove the constructor test. We don't want to keep these tests as the codebase matures, as they aren't useful in the longterm. They only prove that we have that class under test. Where test suites failed to construct their associated classes, we skip the test but leave behind the implementation. This is by design, so that as the constructors for those classes change, we are forced to keep the test suite current by leaning on the compiler.
2019-07-06 05:35:54 +02:00
public class UserServiceTests
{
[EC-1032] if name is Empty, set to null before saving (#2619)
2023-01-25 17:07:33 +01:00
[Theory, BitAutoData]
public async Task SaveUserAsync_SetsNameToNull_WhenNameIsEmpty(SutProvider<UserService> sutProvider, User user)
{
user.Name = string.Empty;
await sutProvider.Sut.SaveUserAsync(user);
Assert.Null(user.Name);
}
Feature/bit auto data (#2219) * Update ProviderService tests * Use BitAutoData in CipherService tests * Simplify UserCipher fixture Because we use a single customizer for all ciphers, they all have the same userId. * Clean up more cipher fixtures * Swap Cipher Fixtures to BitCustomizeAttribute * Clean up collection fixtures * Clean up GroupFixtures * Move SendService Tests to BitAutoData * Clean up Organization Fixtures TODO: The customize attributes should not be customizing more than one class * Name files after the class they contain * Clear up usage of CustomAutoDataAttribute in tests * Clean up usages of InlineCustomAutoData * format * Manually merge with file-scoped-namespace changes
2022-08-31 15:38:35 +02:00
[Theory, BitAutoData]
Add basic Core.Services test files (#526) Following the paradigms illustrated in "Working Effectively with Legacy Code", this commit introduces at least one test for each service class implementation. This test is a simple construction test -- we just create each service and assert that it exists. Each test suite includes a comment instructing the developer who comes next to remove the constructor test. We don't want to keep these tests as the codebase matures, as they aren't useful in the longterm. They only prove that we have that class under test. Where test suites failed to construct their associated classes, we skip the test but leave behind the implementation. This is by design, so that as the constructors for those classes change, we are forced to keep the test suite current by leaning on the compiler.
2019-07-06 05:35:54 +02:00
public async Task UpdateLicenseAsync_Success(SutProvider<UserService> sutProvider,
Start Migration from Newtonsoft.Json to System.Text.Json (#1803) * Start switch to System.Text.Json * Work on switching to System.Text.Json * Main work on STJ refactor * Fix build errors * Run formatting * Delete unused file * Use legacy for two factor providers * Run formatter * Add TokenProviderTests * Run formatting * Fix merge issues * Switch to use JsonSerializer * Address PR feedback * Fix formatting * Ran formatter * Switch to async * Ensure Enums are serialized as strings * Fix formatting * Enqueue single items as arrays * Remove CreateAsync method on AzureQueueService
2022-01-21 15:36:25 +01:00
User user, UserLicense userLicense)
Add basic Core.Services test files (#526) Following the paradigms illustrated in "Working Effectively with Legacy Code", this commit introduces at least one test for each service class implementation. This test is a simple construction test -- we just create each service and assert that it exists. Each test suite includes a comment instructing the developer who comes next to remove the constructor test. We don't want to keep these tests as the codebase matures, as they aren't useful in the longterm. They only prove that we have that class under test. Where test suites failed to construct their associated classes, we skip the test but leave behind the implementation. This is by design, so that as the constructors for those classes change, we are forced to keep the test suite current by leaning on the compiler.
2019-07-06 05:35:54 +02:00
{
Start Migration from Newtonsoft.Json to System.Text.Json (#1803) * Start switch to System.Text.Json * Work on switching to System.Text.Json * Main work on STJ refactor * Fix build errors * Run formatting * Delete unused file * Use legacy for two factor providers * Run formatter * Add TokenProviderTests * Run formatting * Fix merge issues * Switch to use JsonSerializer * Address PR feedback * Fix formatting * Ran formatter * Switch to async * Ensure Enums are serialized as strings * Fix formatting * Enqueue single items as arrays * Remove CreateAsync method on AzureQueueService
2022-01-21 15:36:25 +01:00
using var tempDir = new TempDirectory();
Run formatting (#2230)
2022-08-29 22:06:55 +02:00
Start Migration from Newtonsoft.Json to System.Text.Json (#1803) * Start switch to System.Text.Json * Work on switching to System.Text.Json * Main work on STJ refactor * Fix build errors * Run formatting * Delete unused file * Use legacy for two factor providers * Run formatter * Add TokenProviderTests * Run formatting * Fix merge issues * Switch to use JsonSerializer * Address PR feedback * Fix formatting * Ran formatter * Switch to async * Ensure Enums are serialized as strings * Fix formatting * Enqueue single items as arrays * Remove CreateAsync method on AzureQueueService
2022-01-21 15:36:25 +01:00
var now = DateTime.UtcNow;
userLicense.Issued = now.AddDays(-10);
userLicense.Expires = now.AddDays(10);
userLicense.Version = 1;
userLicense.Premium = true;
Run formatting (#2230)
2022-08-29 22:06:55 +02:00
Start Migration from Newtonsoft.Json to System.Text.Json (#1803) * Start switch to System.Text.Json * Work on switching to System.Text.Json * Main work on STJ refactor * Fix build errors * Run formatting * Delete unused file * Use legacy for two factor providers * Run formatter * Add TokenProviderTests * Run formatting * Fix merge issues * Switch to use JsonSerializer * Address PR feedback * Fix formatting * Ran formatter * Switch to async * Ensure Enums are serialized as strings * Fix formatting * Enqueue single items as arrays * Remove CreateAsync method on AzureQueueService
2022-01-21 15:36:25 +01:00
user.EmailVerified = true;
user.Email = userLicense.Email;
Run formatting (#2230)
2022-08-29 22:06:55 +02:00
EC-198 Added feature flag for 2FA Email for new device login (#1993) * EC-198 added global setting flag for 2FA email on new device login feature * EC-198 Removed is development environment check on 2FA email new device login given that we can now rely on the global settings feature flag * EC-198 Improved IGlobalSettings and UserService code for testing
2022-05-13 15:48:48 +02:00
sutProvider.GetDependency<Settings.IGlobalSettings>().SelfHosted = true;
sutProvider.GetDependency<Settings.IGlobalSettings>().LicenseDirectory = tempDir.Directory;
Start Migration from Newtonsoft.Json to System.Text.Json (#1803) * Start switch to System.Text.Json * Work on switching to System.Text.Json * Main work on STJ refactor * Fix build errors * Run formatting * Delete unused file * Use legacy for two factor providers * Run formatter * Add TokenProviderTests * Run formatting * Fix merge issues * Switch to use JsonSerializer * Address PR feedback * Fix formatting * Ran formatter * Switch to async * Ensure Enums are serialized as strings * Fix formatting * Enqueue single items as arrays * Remove CreateAsync method on AzureQueueService
2022-01-21 15:36:25 +01:00
sutProvider.GetDependency<ILicensingService>()
.VerifyLicense(userLicense)
.Returns(true);
Run formatting (#2230)
2022-08-29 22:06:55 +02:00
Start Migration from Newtonsoft.Json to System.Text.Json (#1803) * Start switch to System.Text.Json * Work on switching to System.Text.Json * Main work on STJ refactor * Fix build errors * Run formatting * Delete unused file * Use legacy for two factor providers * Run formatter * Add TokenProviderTests * Run formatting * Fix merge issues * Switch to use JsonSerializer * Address PR feedback * Fix formatting * Ran formatter * Switch to async * Ensure Enums are serialized as strings * Fix formatting * Enqueue single items as arrays * Remove CreateAsync method on AzureQueueService
2022-01-21 15:36:25 +01:00
await sutProvider.Sut.UpdateLicenseAsync(user, userLicense);
Run formatting (#2230)
2022-08-29 22:06:55 +02:00
Start Migration from Newtonsoft.Json to System.Text.Json (#1803) * Start switch to System.Text.Json * Work on switching to System.Text.Json * Main work on STJ refactor * Fix build errors * Run formatting * Delete unused file * Use legacy for two factor providers * Run formatter * Add TokenProviderTests * Run formatting * Fix merge issues * Switch to use JsonSerializer * Address PR feedback * Fix formatting * Ran formatter * Switch to async * Ensure Enums are serialized as strings * Fix formatting * Enqueue single items as arrays * Remove CreateAsync method on AzureQueueService
2022-01-21 15:36:25 +01:00
var filePath = Path.Combine(tempDir.Directory, "user", $"{user.Id}.json");
Assert.True(File.Exists(filePath));
var document = JsonDocument.Parse(File.OpenRead(filePath));
var root = document.RootElement;
Assert.Equal(JsonValueKind.Object, root.ValueKind);
// Sort of a lazy way to test that it is indented but not sure of a better way
Assert.Contains('\n', root.GetRawText());
AssertHelper.AssertJsonProperty(root, "LicenseKey", JsonValueKind.String);
AssertHelper.AssertJsonProperty(root, "Id", JsonValueKind.String);
AssertHelper.AssertJsonProperty(root, "Premium", JsonValueKind.True);
var versionProp = AssertHelper.AssertJsonProperty(root, "Version", JsonValueKind.Number);
Assert.Equal(1, versionProp.GetInt32());
Add basic Core.Services test files (#526) Following the paradigms illustrated in "Working Effectively with Legacy Code", this commit introduces at least one test for each service class implementation. This test is a simple construction test -- we just create each service and assert that it exists. Each test suite includes a comment instructing the developer who comes next to remove the constructor test. We don't want to keep these tests as the codebase matures, as they aren't useful in the longterm. They only prove that we have that class under test. Where test suites failed to construct their associated classes, we skip the test but leave behind the implementation. This is by design, so that as the constructors for those classes change, we are forced to keep the test suite current by leaning on the compiler.
2019-07-06 05:35:54 +02:00
}
Email verification for new devices (#1931) * PS-56 Added Email 2FA on login with new devices that don't have any 2FA enabled * PS-56 Fixed wrong argument in VerifyTwoFactor call
2022-04-01 22:08:47 +02:00
Feature/bit auto data (#2219) * Update ProviderService tests * Use BitAutoData in CipherService tests * Simplify UserCipher fixture Because we use a single customizer for all ciphers, they all have the same userId. * Clean up more cipher fixtures * Swap Cipher Fixtures to BitCustomizeAttribute * Clean up collection fixtures * Clean up GroupFixtures * Move SendService Tests to BitAutoData * Clean up Organization Fixtures TODO: The customize attributes should not be customizing more than one class * Name files after the class they contain * Clear up usage of CustomAutoDataAttribute in tests * Clean up usages of InlineCustomAutoData * format * Manually merge with file-scoped-namespace changes
2022-08-31 15:38:35 +02:00
[Theory, BitAutoData]
Email verification for new devices (#1931) * PS-56 Added Email 2FA on login with new devices that don't have any 2FA enabled * PS-56 Fixed wrong argument in VerifyTwoFactor call
2022-04-01 22:08:47 +02:00
public async Task SendTwoFactorEmailAsync_Success(SutProvider<UserService> sutProvider, User user)
Run formatting (#2230)
2022-08-29 22:06:55 +02:00
{
Email verification for new devices (#1931) * PS-56 Added Email 2FA on login with new devices that don't have any 2FA enabled * PS-56 Fixed wrong argument in VerifyTwoFactor call
2022-04-01 22:08:47 +02:00
var email = user.Email.ToLowerInvariant();
var token = "thisisatokentocompare";
var userTwoFactorTokenProvider = Substitute.For<IUserTwoFactorTokenProvider<User>>();
userTwoFactorTokenProvider
.CanGenerateTwoFactorTokenAsync(Arg.Any<UserManager<User>>(), user)
.Returns(Task.FromResult(true));
userTwoFactorTokenProvider
.GenerateAsync("2faEmail:" + email, Arg.Any<UserManager<User>>(), user)
.Returns(Task.FromResult(token));
Turn on file scoped namespaces (#2225)
2022-08-29 20:53:16 +02:00
Email verification for new devices (#1931) * PS-56 Added Email 2FA on login with new devices that don't have any 2FA enabled * PS-56 Fixed wrong argument in VerifyTwoFactor call
2022-04-01 22:08:47 +02:00
sutProvider.Sut.RegisterTokenProvider("Email", userTwoFactorTokenProvider);
Run formatting (#2230)
2022-08-29 22:06:55 +02:00
Email verification for new devices (#1931) * PS-56 Added Email 2FA on login with new devices that don't have any 2FA enabled * PS-56 Fixed wrong argument in VerifyTwoFactor call
2022-04-01 22:08:47 +02:00
user.SetTwoFactorProviders(new Dictionary<TwoFactorProviderType, TwoFactorProvider>
Turn on file scoped namespaces (#2225)
2022-08-29 20:53:16 +02:00
{
Email verification for new devices (#1931) * PS-56 Added Email 2FA on login with new devices that don't have any 2FA enabled * PS-56 Fixed wrong argument in VerifyTwoFactor call
2022-04-01 22:08:47 +02:00
[TwoFactorProviderType.Email] = new TwoFactorProvider
Run formatting (#2230)
2022-08-29 22:06:55 +02:00
{
Email verification for new devices (#1931) * PS-56 Added Email 2FA on login with new devices that don't have any 2FA enabled * PS-56 Fixed wrong argument in VerifyTwoFactor call
2022-04-01 22:08:47 +02:00
MetaData = new Dictionary<string, object> { ["Email"] = email },
Enabled = true
Run formatting (#2230)
2022-08-29 22:06:55 +02:00
}
});
Email verification for new devices (#1931) * PS-56 Added Email 2FA on login with new devices that don't have any 2FA enabled * PS-56 Fixed wrong argument in VerifyTwoFactor call
2022-04-01 22:08:47 +02:00
await sutProvider.Sut.SendTwoFactorEmailAsync(user);
Run formatting (#2230)
2022-08-29 22:06:55 +02:00
Email verification for new devices (#1931) * PS-56 Added Email 2FA on login with new devices that don't have any 2FA enabled * PS-56 Fixed wrong argument in VerifyTwoFactor call
2022-04-01 22:08:47 +02:00
await sutProvider.GetDependency<IMailService>()
.Received(1)
.SendTwoFactorEmailAsync(email, token);
Run formatting (#2230)
2022-08-29 22:06:55 +02:00
}
Email verification for new devices (#1931) * PS-56 Added Email 2FA on login with new devices that don't have any 2FA enabled * PS-56 Fixed wrong argument in VerifyTwoFactor call
2022-04-01 22:08:47 +02:00
Feature/bit auto data (#2219) * Update ProviderService tests * Use BitAutoData in CipherService tests * Simplify UserCipher fixture Because we use a single customizer for all ciphers, they all have the same userId. * Clean up more cipher fixtures * Swap Cipher Fixtures to BitCustomizeAttribute * Clean up collection fixtures * Clean up GroupFixtures * Move SendService Tests to BitAutoData * Clean up Organization Fixtures TODO: The customize attributes should not be customizing more than one class * Name files after the class they contain * Clear up usage of CustomAutoDataAttribute in tests * Clean up usages of InlineCustomAutoData * format * Manually merge with file-scoped-namespace changes
2022-08-31 15:38:35 +02:00
[Theory, BitAutoData]
Email verification for new devices (#1931) * PS-56 Added Email 2FA on login with new devices that don't have any 2FA enabled * PS-56 Fixed wrong argument in VerifyTwoFactor call
2022-04-01 22:08:47 +02:00
public async Task SendTwoFactorEmailAsync_ExceptionBecauseNoProviderOnUser(SutProvider<UserService> sutProvider, User user)
Run formatting (#2230)
2022-08-29 22:06:55 +02:00
{
[PS-589] Fix emergency contact takeover device verification and endpoints for its settings (#2016) * Added UnknownDeviceVerificationEnabled on User that is turned off when emergency contact takes over the account. Also added endpoints to get and update 2fa device verification settings. And Updated migrations & tests * Applied dotnet format * Fixed method rename call on TwoFactorController * PS-589 Format fixes * PS-589 changed UnknownDeviceVerificationEnabled to be non-nullable
2022-06-06 19:52:50 +02:00
user.TwoFactorProviders = null;
Run formatting (#2230)
2022-08-29 22:06:55 +02:00
Email verification for new devices (#1931) * PS-56 Added Email 2FA on login with new devices that don't have any 2FA enabled * PS-56 Fixed wrong argument in VerifyTwoFactor call
2022-04-01 22:08:47 +02:00
await Assert.ThrowsAsync<ArgumentNullException>("No email.", () => sutProvider.Sut.SendTwoFactorEmailAsync(user));
}
Feature/bit auto data (#2219) * Update ProviderService tests * Use BitAutoData in CipherService tests * Simplify UserCipher fixture Because we use a single customizer for all ciphers, they all have the same userId. * Clean up more cipher fixtures * Swap Cipher Fixtures to BitCustomizeAttribute * Clean up collection fixtures * Clean up GroupFixtures * Move SendService Tests to BitAutoData * Clean up Organization Fixtures TODO: The customize attributes should not be customizing more than one class * Name files after the class they contain * Clear up usage of CustomAutoDataAttribute in tests * Clean up usages of InlineCustomAutoData * format * Manually merge with file-scoped-namespace changes
2022-08-31 15:38:35 +02:00
[Theory, BitAutoData]
Email verification for new devices (#1931) * PS-56 Added Email 2FA on login with new devices that don't have any 2FA enabled * PS-56 Fixed wrong argument in VerifyTwoFactor call
2022-04-01 22:08:47 +02:00
public async Task SendTwoFactorEmailAsync_ExceptionBecauseNoProviderMetadataOnUser(SutProvider<UserService> sutProvider, User user)
Run formatting (#2230)
2022-08-29 22:06:55 +02:00
{
Email verification for new devices (#1931) * PS-56 Added Email 2FA on login with new devices that don't have any 2FA enabled * PS-56 Fixed wrong argument in VerifyTwoFactor call
2022-04-01 22:08:47 +02:00
user.SetTwoFactorProviders(new Dictionary<TwoFactorProviderType, TwoFactorProvider>
{
[TwoFactorProviderType.Email] = new TwoFactorProvider
{
MetaData = null,
Enabled = true
}
});
Run formatting (#2230)
2022-08-29 22:06:55 +02:00
Email verification for new devices (#1931) * PS-56 Added Email 2FA on login with new devices that don't have any 2FA enabled * PS-56 Fixed wrong argument in VerifyTwoFactor call
2022-04-01 22:08:47 +02:00
await Assert.ThrowsAsync<ArgumentNullException>("No email.", () => sutProvider.Sut.SendTwoFactorEmailAsync(user));
}
Run formatting (#2230)
2022-08-29 22:06:55 +02:00
Feature/bit auto data (#2219) * Update ProviderService tests * Use BitAutoData in CipherService tests * Simplify UserCipher fixture Because we use a single customizer for all ciphers, they all have the same userId. * Clean up more cipher fixtures * Swap Cipher Fixtures to BitCustomizeAttribute * Clean up collection fixtures * Clean up GroupFixtures * Move SendService Tests to BitAutoData * Clean up Organization Fixtures TODO: The customize attributes should not be customizing more than one class * Name files after the class they contain * Clear up usage of CustomAutoDataAttribute in tests * Clean up usages of InlineCustomAutoData * format * Manually merge with file-scoped-namespace changes
2022-08-31 15:38:35 +02:00
[Theory, BitAutoData]
Email verification for new devices (#1931) * PS-56 Added Email 2FA on login with new devices that don't have any 2FA enabled * PS-56 Fixed wrong argument in VerifyTwoFactor call
2022-04-01 22:08:47 +02:00
public async Task SendTwoFactorEmailAsync_ExceptionBecauseNoProviderEmailMetadataOnUser(SutProvider<UserService> sutProvider, User user)
Run formatting (#2230)
2022-08-29 22:06:55 +02:00
{
Email verification for new devices (#1931) * PS-56 Added Email 2FA on login with new devices that don't have any 2FA enabled * PS-56 Fixed wrong argument in VerifyTwoFactor call
2022-04-01 22:08:47 +02:00
user.SetTwoFactorProviders(new Dictionary<TwoFactorProviderType, TwoFactorProvider>
{
[TwoFactorProviderType.Email] = new TwoFactorProvider
{
MetaData = new Dictionary<string, object> { ["qweqwe"] = user.Email.ToLowerInvariant() },
Enabled = true
}
});
PS-82 check send 2FA email for new devices on TwoFactorController send-email-login (#1977)
2022-04-28 18:14:09 +02:00
await Assert.ThrowsAsync<ArgumentNullException>("No email.", () => sutProvider.Sut.SendTwoFactorEmailAsync(user));
}
Feature/bit auto data (#2219) * Update ProviderService tests * Use BitAutoData in CipherService tests * Simplify UserCipher fixture Because we use a single customizer for all ciphers, they all have the same userId. * Clean up more cipher fixtures * Swap Cipher Fixtures to BitCustomizeAttribute * Clean up collection fixtures * Clean up GroupFixtures * Move SendService Tests to BitAutoData * Clean up Organization Fixtures TODO: The customize attributes should not be customizing more than one class * Name files after the class they contain * Clear up usage of CustomAutoDataAttribute in tests * Clean up usages of InlineCustomAutoData * format * Manually merge with file-scoped-namespace changes
2022-08-31 15:38:35 +02:00
[Theory, BitAutoData]
Trusted Device Encryption feature (#3151) * [PM-1203] feat: allow verification for all passwordless accounts (#3038) * [PM-1033] Org invite user creation flow 1 (#3028) * [PM-1033] feat: remove user verification from password enrollment * [PM-1033] feat: auto accept invitation when enrolling into password reset * [PM-1033] fix: controller tests * [PM-1033] refactor: `UpdateUserResetPasswordEnrollmentCommand` * [PM-1033] refactor(wip): make `AcceptUserCommand` * Revert "[PM-1033] refactor(wip): make `AcceptUserCommand`" This reverts commit dc1319e7fa70c4844bbc70e0b01089b682ac2843. * Revert "[PM-1033] refactor: `UpdateUserResetPasswordEnrollmentCommand`" This reverts commit 43df689c7f244af4f7ffec1f9768a72081a624c3. * [PM-1033] refactor: move invite accept to controller This avoids creating yet another method that depends on having `IUserService` passed in as a parameter * [PM-1033] fix: add missing changes * [PM-1381] Add Trusted Device Keys to Auth Response (#3066) * Return Keys for Trusted Device - Check whether the current logging in device is trusted - Return their keys on successful login * Formatting * Address PR Feedback * Add Remarks Comment * [PM-1338] `AuthRequest` Event Logs (#3046) * Update AuthRequestController - Only allow AdminApproval Requests to be created from authed endpoint - Add endpoint that has authentication to be able to create admin approval * Add PasswordlessAuthSettings - Add settings for customizing expiration times * Add new EventTypes * Add Logic for AdminApproval Type - Add logic for validating AdminApproval expiration - Add event logging for Approval/Disapproval of AdminApproval - Add logic for creating AdminApproval types * Add Test Helpers - Change BitAutoData to allow you to use string representations of common types. * Add/Update AuthRequestService Tests * Run Formatting * Switch to 7 Days * Add Test Covering ResponseDate Being Set * Address PR Feedback - Create helper for checking if date is expired - Move validation logic into smaller methods * Switch to User Event Type - Make RequestDeviceApproval user type - User types will log for each org user is in * [PM-2998] Move Approving Device Check (#3101) * Move Check for Approving Devices - Exclude currently logging in device - Remove old way of checking - Add tests asserting behavior * Update DeviceType list * Update Naming & Address PR Feedback * Fix Tests * Address PR Feedback * Formatting * Now Fully Update Naming? * Feature/auth/pm 2759/add can reset password to user decryption options (#3113) * PM-2759 - BaseRequestValidator.cs - CreateUserDecryptionOptionsAsync - Add new hasManageResetPasswordPermission for post SSO redirect logic required on client. * PM-2759 - Update IdentityServerSsoTests.cs to all pass based on the addition of HasManageResetPasswordPermission to TrustedDeviceUserDecryptionOption * IdentityServerSsoTests.cs - fix typo in test name: LoggingApproval --> LoginApproval * PM1259 - Add test case for verifying that TrustedDeviceOption.hasManageResetPasswordPermission is set properly based on user permission * dotnet format run * Feature/auth/pm 2759/add can reset password to user decryption options fix jit users (#3120) * PM-2759 - IdentityServer - CreateUserDecryptionOptionsAsync - hasManageResetPasswordPermission set logic was broken for JIT provisioned users as I assumed we would always have a list of at least 1 org during the SSO process. Added TODO for future test addition but getting this out there now as QA is blocked by being unable to create JIT provisioned users. * dotnet format * Tiny tweak * [PM-1339] Allow Rotating Device Keys (#3096) * Allow Rotation of Trusted Device Keys - Add endpoint for getting keys relating to rotation - Add endpoint for rotating your current device - In the same endpoint allow a list of other devices to rotate * Formatting * Use Extension Method * Add Tests from PR Co-authored-by: Jared Snider <jsnider@bitwarden.com> --------- Co-authored-by: Jared Snider <jsnider@bitwarden.com> * Check the user directly if they have the ResetPasswordKey (#3153) * PM-3327 - UpdateKeyAsync must exempt the currently calling device from the logout notification in order to prevent prematurely logging the user out before the client side key rotation process can complete. The calling device will log itself out once it is done. (#3170) * Allow OTP Requests When Users Are On TDE (#3184) * [PM-3356][PM-3292] Allow OTP For All (#3188) * Allow OTP For All - On a trusted device isn't a good check because a user might be using a trusted device locally but not trusted it long term - The logic wasn't working for KC users anyways * Remove Old Comment * [AC-1601] Added RequireSso policy as a dependency of TDE (#3209) * Added RequireSso policy as a dependency of TDE. * Added test for RequireSso for TDE. * Added save. * Fixed policy name. --------- Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com> Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com> Co-authored-by: Vincent Salucci <vincesalucci21@gmail.com> Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com> Co-authored-by: Jared Snider <jsnider@bitwarden.com>
2023-08-17 22:03:06 +02:00
public async Task HasPremiumFromOrganization_Returns_False_If_No_Orgs(SutProvider<UserService> sutProvider, User user)
[EC-243] Grant premium status when member accepts org invite (#2043)
2022-06-16 22:30:50 +02:00
{
sutProvider.GetDependency<IOrganizationUserRepository>().GetManyByUserAsync(user.Id).Returns(new List<OrganizationUser>());
Assert.False(await sutProvider.Sut.HasPremiumFromOrganization(user));
}
[Theory]
Feature/bit auto data (#2219) * Update ProviderService tests * Use BitAutoData in CipherService tests * Simplify UserCipher fixture Because we use a single customizer for all ciphers, they all have the same userId. * Clean up more cipher fixtures * Swap Cipher Fixtures to BitCustomizeAttribute * Clean up collection fixtures * Clean up GroupFixtures * Move SendService Tests to BitAutoData * Clean up Organization Fixtures TODO: The customize attributes should not be customizing more than one class * Name files after the class they contain * Clear up usage of CustomAutoDataAttribute in tests * Clean up usages of InlineCustomAutoData * format * Manually merge with file-scoped-namespace changes
2022-08-31 15:38:35 +02:00
[BitAutoData(false, true)]
[BitAutoData(true, false)]
Trusted Device Encryption feature (#3151) * [PM-1203] feat: allow verification for all passwordless accounts (#3038) * [PM-1033] Org invite user creation flow 1 (#3028) * [PM-1033] feat: remove user verification from password enrollment * [PM-1033] feat: auto accept invitation when enrolling into password reset * [PM-1033] fix: controller tests * [PM-1033] refactor: `UpdateUserResetPasswordEnrollmentCommand` * [PM-1033] refactor(wip): make `AcceptUserCommand` * Revert "[PM-1033] refactor(wip): make `AcceptUserCommand`" This reverts commit dc1319e7fa70c4844bbc70e0b01089b682ac2843. * Revert "[PM-1033] refactor: `UpdateUserResetPasswordEnrollmentCommand`" This reverts commit 43df689c7f244af4f7ffec1f9768a72081a624c3. * [PM-1033] refactor: move invite accept to controller This avoids creating yet another method that depends on having `IUserService` passed in as a parameter * [PM-1033] fix: add missing changes * [PM-1381] Add Trusted Device Keys to Auth Response (#3066) * Return Keys for Trusted Device - Check whether the current logging in device is trusted - Return their keys on successful login * Formatting * Address PR Feedback * Add Remarks Comment * [PM-1338] `AuthRequest` Event Logs (#3046) * Update AuthRequestController - Only allow AdminApproval Requests to be created from authed endpoint - Add endpoint that has authentication to be able to create admin approval * Add PasswordlessAuthSettings - Add settings for customizing expiration times * Add new EventTypes * Add Logic for AdminApproval Type - Add logic for validating AdminApproval expiration - Add event logging for Approval/Disapproval of AdminApproval - Add logic for creating AdminApproval types * Add Test Helpers - Change BitAutoData to allow you to use string representations of common types. * Add/Update AuthRequestService Tests * Run Formatting * Switch to 7 Days * Add Test Covering ResponseDate Being Set * Address PR Feedback - Create helper for checking if date is expired - Move validation logic into smaller methods * Switch to User Event Type - Make RequestDeviceApproval user type - User types will log for each org user is in * [PM-2998] Move Approving Device Check (#3101) * Move Check for Approving Devices - Exclude currently logging in device - Remove old way of checking - Add tests asserting behavior * Update DeviceType list * Update Naming & Address PR Feedback * Fix Tests * Address PR Feedback * Formatting * Now Fully Update Naming? * Feature/auth/pm 2759/add can reset password to user decryption options (#3113) * PM-2759 - BaseRequestValidator.cs - CreateUserDecryptionOptionsAsync - Add new hasManageResetPasswordPermission for post SSO redirect logic required on client. * PM-2759 - Update IdentityServerSsoTests.cs to all pass based on the addition of HasManageResetPasswordPermission to TrustedDeviceUserDecryptionOption * IdentityServerSsoTests.cs - fix typo in test name: LoggingApproval --> LoginApproval * PM1259 - Add test case for verifying that TrustedDeviceOption.hasManageResetPasswordPermission is set properly based on user permission * dotnet format run * Feature/auth/pm 2759/add can reset password to user decryption options fix jit users (#3120) * PM-2759 - IdentityServer - CreateUserDecryptionOptionsAsync - hasManageResetPasswordPermission set logic was broken for JIT provisioned users as I assumed we would always have a list of at least 1 org during the SSO process. Added TODO for future test addition but getting this out there now as QA is blocked by being unable to create JIT provisioned users. * dotnet format * Tiny tweak * [PM-1339] Allow Rotating Device Keys (#3096) * Allow Rotation of Trusted Device Keys - Add endpoint for getting keys relating to rotation - Add endpoint for rotating your current device - In the same endpoint allow a list of other devices to rotate * Formatting * Use Extension Method * Add Tests from PR Co-authored-by: Jared Snider <jsnider@bitwarden.com> --------- Co-authored-by: Jared Snider <jsnider@bitwarden.com> * Check the user directly if they have the ResetPasswordKey (#3153) * PM-3327 - UpdateKeyAsync must exempt the currently calling device from the logout notification in order to prevent prematurely logging the user out before the client side key rotation process can complete. The calling device will log itself out once it is done. (#3170) * Allow OTP Requests When Users Are On TDE (#3184) * [PM-3356][PM-3292] Allow OTP For All (#3188) * Allow OTP For All - On a trusted device isn't a good check because a user might be using a trusted device locally but not trusted it long term - The logic wasn't working for KC users anyways * Remove Old Comment * [AC-1601] Added RequireSso policy as a dependency of TDE (#3209) * Added RequireSso policy as a dependency of TDE. * Added test for RequireSso for TDE. * Added save. * Fixed policy name. --------- Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com> Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com> Co-authored-by: Vincent Salucci <vincesalucci21@gmail.com> Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com> Co-authored-by: Jared Snider <jsnider@bitwarden.com>
2023-08-17 22:03:06 +02:00
public async Task HasPremiumFromOrganization_Returns_False_If_Org_Not_Eligible(bool orgEnabled, bool orgUsersGetPremium, SutProvider<UserService> sutProvider, User user, OrganizationUser orgUser, Organization organization)
[EC-243] Grant premium status when member accepts org invite (#2043)
2022-06-16 22:30:50 +02:00
{
orgUser.OrganizationId = organization.Id;
organization.Enabled = orgEnabled;
organization.UsersGetPremium = orgUsersGetPremium;
var orgAbilities = new Dictionary<Guid, OrganizationAbility>() { { organization.Id, new OrganizationAbility(organization) } };
sutProvider.GetDependency<IOrganizationUserRepository>().GetManyByUserAsync(user.Id).Returns(new List<OrganizationUser>() { orgUser });
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(orgAbilities);
Assert.False(await sutProvider.Sut.HasPremiumFromOrganization(user));
}
Feature/bit auto data (#2219) * Update ProviderService tests * Use BitAutoData in CipherService tests * Simplify UserCipher fixture Because we use a single customizer for all ciphers, they all have the same userId. * Clean up more cipher fixtures * Swap Cipher Fixtures to BitCustomizeAttribute * Clean up collection fixtures * Clean up GroupFixtures * Move SendService Tests to BitAutoData * Clean up Organization Fixtures TODO: The customize attributes should not be customizing more than one class * Name files after the class they contain * Clear up usage of CustomAutoDataAttribute in tests * Clean up usages of InlineCustomAutoData * format * Manually merge with file-scoped-namespace changes
2022-08-31 15:38:35 +02:00
[Theory, BitAutoData]
Trusted Device Encryption feature (#3151) * [PM-1203] feat: allow verification for all passwordless accounts (#3038) * [PM-1033] Org invite user creation flow 1 (#3028) * [PM-1033] feat: remove user verification from password enrollment * [PM-1033] feat: auto accept invitation when enrolling into password reset * [PM-1033] fix: controller tests * [PM-1033] refactor: `UpdateUserResetPasswordEnrollmentCommand` * [PM-1033] refactor(wip): make `AcceptUserCommand` * Revert "[PM-1033] refactor(wip): make `AcceptUserCommand`" This reverts commit dc1319e7fa70c4844bbc70e0b01089b682ac2843. * Revert "[PM-1033] refactor: `UpdateUserResetPasswordEnrollmentCommand`" This reverts commit 43df689c7f244af4f7ffec1f9768a72081a624c3. * [PM-1033] refactor: move invite accept to controller This avoids creating yet another method that depends on having `IUserService` passed in as a parameter * [PM-1033] fix: add missing changes * [PM-1381] Add Trusted Device Keys to Auth Response (#3066) * Return Keys for Trusted Device - Check whether the current logging in device is trusted - Return their keys on successful login * Formatting * Address PR Feedback * Add Remarks Comment * [PM-1338] `AuthRequest` Event Logs (#3046) * Update AuthRequestController - Only allow AdminApproval Requests to be created from authed endpoint - Add endpoint that has authentication to be able to create admin approval * Add PasswordlessAuthSettings - Add settings for customizing expiration times * Add new EventTypes * Add Logic for AdminApproval Type - Add logic for validating AdminApproval expiration - Add event logging for Approval/Disapproval of AdminApproval - Add logic for creating AdminApproval types * Add Test Helpers - Change BitAutoData to allow you to use string representations of common types. * Add/Update AuthRequestService Tests * Run Formatting * Switch to 7 Days * Add Test Covering ResponseDate Being Set * Address PR Feedback - Create helper for checking if date is expired - Move validation logic into smaller methods * Switch to User Event Type - Make RequestDeviceApproval user type - User types will log for each org user is in * [PM-2998] Move Approving Device Check (#3101) * Move Check for Approving Devices - Exclude currently logging in device - Remove old way of checking - Add tests asserting behavior * Update DeviceType list * Update Naming & Address PR Feedback * Fix Tests * Address PR Feedback * Formatting * Now Fully Update Naming? * Feature/auth/pm 2759/add can reset password to user decryption options (#3113) * PM-2759 - BaseRequestValidator.cs - CreateUserDecryptionOptionsAsync - Add new hasManageResetPasswordPermission for post SSO redirect logic required on client. * PM-2759 - Update IdentityServerSsoTests.cs to all pass based on the addition of HasManageResetPasswordPermission to TrustedDeviceUserDecryptionOption * IdentityServerSsoTests.cs - fix typo in test name: LoggingApproval --> LoginApproval * PM1259 - Add test case for verifying that TrustedDeviceOption.hasManageResetPasswordPermission is set properly based on user permission * dotnet format run * Feature/auth/pm 2759/add can reset password to user decryption options fix jit users (#3120) * PM-2759 - IdentityServer - CreateUserDecryptionOptionsAsync - hasManageResetPasswordPermission set logic was broken for JIT provisioned users as I assumed we would always have a list of at least 1 org during the SSO process. Added TODO for future test addition but getting this out there now as QA is blocked by being unable to create JIT provisioned users. * dotnet format * Tiny tweak * [PM-1339] Allow Rotating Device Keys (#3096) * Allow Rotation of Trusted Device Keys - Add endpoint for getting keys relating to rotation - Add endpoint for rotating your current device - In the same endpoint allow a list of other devices to rotate * Formatting * Use Extension Method * Add Tests from PR Co-authored-by: Jared Snider <jsnider@bitwarden.com> --------- Co-authored-by: Jared Snider <jsnider@bitwarden.com> * Check the user directly if they have the ResetPasswordKey (#3153) * PM-3327 - UpdateKeyAsync must exempt the currently calling device from the logout notification in order to prevent prematurely logging the user out before the client side key rotation process can complete. The calling device will log itself out once it is done. (#3170) * Allow OTP Requests When Users Are On TDE (#3184) * [PM-3356][PM-3292] Allow OTP For All (#3188) * Allow OTP For All - On a trusted device isn't a good check because a user might be using a trusted device locally but not trusted it long term - The logic wasn't working for KC users anyways * Remove Old Comment * [AC-1601] Added RequireSso policy as a dependency of TDE (#3209) * Added RequireSso policy as a dependency of TDE. * Added test for RequireSso for TDE. * Added save. * Fixed policy name. --------- Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com> Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com> Co-authored-by: Vincent Salucci <vincesalucci21@gmail.com> Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com> Co-authored-by: Jared Snider <jsnider@bitwarden.com>
2023-08-17 22:03:06 +02:00
public async Task HasPremiumFromOrganization_Returns_True_If_Org_Eligible(SutProvider<UserService> sutProvider, User user, OrganizationUser orgUser, Organization organization)
[EC-243] Grant premium status when member accepts org invite (#2043)
2022-06-16 22:30:50 +02:00
{
orgUser.OrganizationId = organization.Id;
organization.Enabled = true;
organization.UsersGetPremium = true;
var orgAbilities = new Dictionary<Guid, OrganizationAbility>() { { organization.Id, new OrganizationAbility(organization) } };
sutProvider.GetDependency<IOrganizationUserRepository>().GetManyByUserAsync(user.Id).Returns(new List<OrganizationUser>() { orgUser });
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(orgAbilities);
Assert.True(await sutProvider.Sut.HasPremiumFromOrganization(user));
Add basic Core.Services test files (#526) Following the paradigms illustrated in "Working Effectively with Legacy Code", this commit introduces at least one test for each service class implementation. This test is a simple construction test -- we just create each service and assert that it exists. Each test suite includes a comment instructing the developer who comes next to remove the constructor test. We don't want to keep these tests as the codebase matures, as they aren't useful in the longterm. They only prove that we have that class under test. Where test suites failed to construct their associated classes, we skip the test but leave behind the implementation. This is by design, so that as the constructors for those classes change, we are forced to keep the test suite current by leaning on the compiler.
2019-07-06 05:35:54 +02:00
}
Trusted Device Encryption feature (#3151) * [PM-1203] feat: allow verification for all passwordless accounts (#3038) * [PM-1033] Org invite user creation flow 1 (#3028) * [PM-1033] feat: remove user verification from password enrollment * [PM-1033] feat: auto accept invitation when enrolling into password reset * [PM-1033] fix: controller tests * [PM-1033] refactor: `UpdateUserResetPasswordEnrollmentCommand` * [PM-1033] refactor(wip): make `AcceptUserCommand` * Revert "[PM-1033] refactor(wip): make `AcceptUserCommand`" This reverts commit dc1319e7fa70c4844bbc70e0b01089b682ac2843. * Revert "[PM-1033] refactor: `UpdateUserResetPasswordEnrollmentCommand`" This reverts commit 43df689c7f244af4f7ffec1f9768a72081a624c3. * [PM-1033] refactor: move invite accept to controller This avoids creating yet another method that depends on having `IUserService` passed in as a parameter * [PM-1033] fix: add missing changes * [PM-1381] Add Trusted Device Keys to Auth Response (#3066) * Return Keys for Trusted Device - Check whether the current logging in device is trusted - Return their keys on successful login * Formatting * Address PR Feedback * Add Remarks Comment * [PM-1338] `AuthRequest` Event Logs (#3046) * Update AuthRequestController - Only allow AdminApproval Requests to be created from authed endpoint - Add endpoint that has authentication to be able to create admin approval * Add PasswordlessAuthSettings - Add settings for customizing expiration times * Add new EventTypes * Add Logic for AdminApproval Type - Add logic for validating AdminApproval expiration - Add event logging for Approval/Disapproval of AdminApproval - Add logic for creating AdminApproval types * Add Test Helpers - Change BitAutoData to allow you to use string representations of common types. * Add/Update AuthRequestService Tests * Run Formatting * Switch to 7 Days * Add Test Covering ResponseDate Being Set * Address PR Feedback - Create helper for checking if date is expired - Move validation logic into smaller methods * Switch to User Event Type - Make RequestDeviceApproval user type - User types will log for each org user is in * [PM-2998] Move Approving Device Check (#3101) * Move Check for Approving Devices - Exclude currently logging in device - Remove old way of checking - Add tests asserting behavior * Update DeviceType list * Update Naming & Address PR Feedback * Fix Tests * Address PR Feedback * Formatting * Now Fully Update Naming? * Feature/auth/pm 2759/add can reset password to user decryption options (#3113) * PM-2759 - BaseRequestValidator.cs - CreateUserDecryptionOptionsAsync - Add new hasManageResetPasswordPermission for post SSO redirect logic required on client. * PM-2759 - Update IdentityServerSsoTests.cs to all pass based on the addition of HasManageResetPasswordPermission to TrustedDeviceUserDecryptionOption * IdentityServerSsoTests.cs - fix typo in test name: LoggingApproval --> LoginApproval * PM1259 - Add test case for verifying that TrustedDeviceOption.hasManageResetPasswordPermission is set properly based on user permission * dotnet format run * Feature/auth/pm 2759/add can reset password to user decryption options fix jit users (#3120) * PM-2759 - IdentityServer - CreateUserDecryptionOptionsAsync - hasManageResetPasswordPermission set logic was broken for JIT provisioned users as I assumed we would always have a list of at least 1 org during the SSO process. Added TODO for future test addition but getting this out there now as QA is blocked by being unable to create JIT provisioned users. * dotnet format * Tiny tweak * [PM-1339] Allow Rotating Device Keys (#3096) * Allow Rotation of Trusted Device Keys - Add endpoint for getting keys relating to rotation - Add endpoint for rotating your current device - In the same endpoint allow a list of other devices to rotate * Formatting * Use Extension Method * Add Tests from PR Co-authored-by: Jared Snider <jsnider@bitwarden.com> --------- Co-authored-by: Jared Snider <jsnider@bitwarden.com> * Check the user directly if they have the ResetPasswordKey (#3153) * PM-3327 - UpdateKeyAsync must exempt the currently calling device from the logout notification in order to prevent prematurely logging the user out before the client side key rotation process can complete. The calling device will log itself out once it is done. (#3170) * Allow OTP Requests When Users Are On TDE (#3184) * [PM-3356][PM-3292] Allow OTP For All (#3188) * Allow OTP For All - On a trusted device isn't a good check because a user might be using a trusted device locally but not trusted it long term - The logic wasn't working for KC users anyways * Remove Old Comment * [AC-1601] Added RequireSso policy as a dependency of TDE (#3209) * Added RequireSso policy as a dependency of TDE. * Added test for RequireSso for TDE. * Added save. * Fixed policy name. --------- Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com> Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com> Co-authored-by: Vincent Salucci <vincesalucci21@gmail.com> Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com> Co-authored-by: Jared Snider <jsnider@bitwarden.com>
2023-08-17 22:03:06 +02:00
[Flags]
public enum ShouldCheck
{
Password = 0x1,
OTP = 0x2,
}
[Theory]
// A user who has a password, and the password is valid should only check for that password
[BitAutoData(true, "test_password", true, ShouldCheck.Password)]
// A user who does not have a password, should only check if the OTP is valid
[BitAutoData(false, "otp_token", true, ShouldCheck.OTP)]
// A user who has a password but supplied a OTP, it will check password first and then try OTP
[BitAutoData(true, "otp_token", true, ShouldCheck.Password | ShouldCheck.OTP)]
// A user who does not have a password and supplied an invalid OTP token, should only check OTP and return invalid
[BitAutoData(false, "bad_otp_token", false, ShouldCheck.OTP)]
// A user who does have a password but they supply a bad one, we will check both but it will still be invalid
[BitAutoData(true, "bad_test_password", false, ShouldCheck.Password | ShouldCheck.OTP)]
public async Task VerifySecretAsync_Works(
bool shouldHavePassword, string secret, bool expectedIsVerified, ShouldCheck shouldCheck, // inline theory data
SutProvider<UserService> sutProvider, User user) // AutoFixture injected data
{
// Arrange
var tokenProvider = SetupFakeTokenProvider(sutProvider, user);
SetupUserAndDevice(user, shouldHavePassword);
// Setup the fake password verification
var substitutedUserPasswordStore = Substitute.For<IUserPasswordStore<User>>();
substitutedUserPasswordStore
.GetPasswordHashAsync(user, Arg.Any<CancellationToken>())
.Returns((ci) =>
{
return Task.FromResult("hashed_test_password");
});
sutProvider.SetDependency<IUserStore<User>>(substitutedUserPasswordStore, "store");
sutProvider.GetDependency<IPasswordHasher<User>>("passwordHasher")
.VerifyHashedPassword(user, "hashed_test_password", "test_password")
.Returns((ci) =>
{
return PasswordVerificationResult.Success;
});
// HACK: SutProvider is being weird about not injecting the IPasswordHasher that I configured
var sut = new UserService(
sutProvider.GetDependency<IUserRepository>(),
sutProvider.GetDependency<ICipherRepository>(),
sutProvider.GetDependency<IOrganizationUserRepository>(),
sutProvider.GetDependency<IOrganizationRepository>(),
sutProvider.GetDependency<IMailService>(),
sutProvider.GetDependency<IPushNotificationService>(),
sutProvider.GetDependency<IUserStore<User>>(),
sutProvider.GetDependency<IOptions<IdentityOptions>>(),
sutProvider.GetDependency<IPasswordHasher<User>>(),
sutProvider.GetDependency<IEnumerable<IUserValidator<User>>>(),
sutProvider.GetDependency<IEnumerable<IPasswordValidator<User>>>(),
sutProvider.GetDependency<ILookupNormalizer>(),
sutProvider.GetDependency<IdentityErrorDescriber>(),
sutProvider.GetDependency<IServiceProvider>(),
sutProvider.GetDependency<ILogger<UserManager<User>>>(),
sutProvider.GetDependency<ILicensingService>(),
sutProvider.GetDependency<IEventService>(),
sutProvider.GetDependency<IApplicationCacheService>(),
sutProvider.GetDependency<IDataProtectionProvider>(),
sutProvider.GetDependency<IPaymentService>(),
sutProvider.GetDependency<IPolicyRepository>(),
sutProvider.GetDependency<IPolicyService>(),
sutProvider.GetDependency<IReferenceEventService>(),
sutProvider.GetDependency<IFido2>(),
sutProvider.GetDependency<ICurrentContext>(),
sutProvider.GetDependency<IGlobalSettings>(),
sutProvider.GetDependency<IOrganizationService>(),
sutProvider.GetDependency<IProviderUserRepository>(),
sutProvider.GetDependency<IStripeSyncService>());
var actualIsVerified = await sut.VerifySecretAsync(user, secret);
Assert.Equal(expectedIsVerified, actualIsVerified);
await tokenProvider
.Received(shouldCheck.HasFlag(ShouldCheck.OTP) ? 1 : 0)
.ValidateAsync(Arg.Any<string>(), secret, Arg.Any<UserManager<User>>(), user);
sutProvider.GetDependency<IPasswordHasher<User>>()
.Received(shouldCheck.HasFlag(ShouldCheck.Password) ? 1 : 0)
.VerifyHashedPassword(user, "hashed_test_password", secret);
}
private static void SetupUserAndDevice(User user,
bool shouldHavePassword)
{
if (shouldHavePassword)
{
user.MasterPassword = "test_password";
}
else
{
user.MasterPassword = null;
}
}
private static IUserTwoFactorTokenProvider<User> SetupFakeTokenProvider(SutProvider<UserService> sutProvider, User user)
{
var fakeUserTwoFactorProvider = Substitute.For<IUserTwoFactorTokenProvider<User>>();
fakeUserTwoFactorProvider
.GenerateAsync(Arg.Any<string>(), Arg.Any<UserManager<User>>(), user)
.Returns("OTP_TOKEN");
fakeUserTwoFactorProvider
.ValidateAsync(Arg.Any<string>(), Arg.Is<string>(s => s != "otp_token"), Arg.Any<UserManager<User>>(), user)
.Returns(false);
fakeUserTwoFactorProvider
.ValidateAsync(Arg.Any<string>(), "otp_token", Arg.Any<UserManager<User>>(), user)
.Returns(true);
sutProvider.GetDependency<IOptions<IdentityOptions>>()
.Value.Returns(new IdentityOptions
{
Tokens = new TokenOptions
{
ProviderMap = new Dictionary<string, TokenProviderDescriptor>()
{
["Email"] = new TokenProviderDescriptor(typeof(IUserTwoFactorTokenProvider<User>))
{
ProviderInstance = fakeUserTwoFactorProvider,
}
}
}
});
// The above arranging of dependencies is used in the constructor of UserManager
// ref: https://github.com/dotnet/aspnetcore/blob/bfeb3bf9005c36b081d1e48725531ee0e15a9dfb/src/Identity/Extensions.Core/src/UserManager.cs#L103-L120
// since the constructor of the Sut has ran already (when injected) I need to recreate it to get it to run again
sutProvider.Create();
return fakeUserTwoFactorProvider;
}
Add basic Core.Services test files (#526) Following the paradigms illustrated in "Working Effectively with Legacy Code", this commit introduces at least one test for each service class implementation. This test is a simple construction test -- we just create each service and assert that it exists. Each test suite includes a comment instructing the developer who comes next to remove the constructor test. We don't want to keep these tests as the codebase matures, as they aren't useful in the longterm. They only prove that we have that class under test. Where test suites failed to construct their associated classes, we skip the test but leave behind the implementation. This is by design, so that as the constructors for those classes change, we are forced to keep the test suite current by leaning on the compiler.
2019-07-06 05:35:54 +02:00
}
Reference in New Issue Copy Permalink