2023-04-14 19:25:56 +02:00
|
|
|
|
using Bit.Core.Auth.Models.Api.Request.Accounts;
|
2023-11-20 15:55:31 +01:00
|
|
|
|
using Bit.Core.Auth.Models.Business.Tokenables;
|
2023-04-14 19:25:56 +02:00
|
|
|
|
using Bit.Core.Auth.Services;
|
|
|
|
|
using Bit.Core.Entities;
|
2022-01-17 13:21:51 +01:00
|
|
|
|
using Bit.Core.Enums;
|
|
|
|
|
using Bit.Core.Exceptions;
|
|
|
|
|
using Bit.Core.Models.Data;
|
|
|
|
|
using Bit.Core.Repositories;
|
|
|
|
|
using Bit.Core.Services;
|
2023-11-20 15:55:31 +01:00
|
|
|
|
using Bit.Core.Tokens;
|
2022-01-17 13:21:51 +01:00
|
|
|
|
using Bit.Identity.Controllers;
|
|
|
|
|
using Microsoft.AspNetCore.Identity;
|
|
|
|
|
using Microsoft.Extensions.Logging;
|
|
|
|
|
using NSubstitute;
|
|
|
|
|
using Xunit;
|
|
|
|
|
|
|
|
|
|
namespace Bit.Identity.Test.Controllers;
|
2022-08-29 22:06:55 +02:00
|
|
|
|
|
2022-01-17 13:21:51 +01:00
|
|
|
|
public class AccountsControllerTests : IDisposable
|
|
|
|
|
{
|
2022-08-29 22:06:55 +02:00
|
|
|
|
|
2022-01-17 13:21:51 +01:00
|
|
|
|
private readonly AccountsController _sut;
|
|
|
|
|
private readonly ILogger<AccountsController> _logger;
|
|
|
|
|
private readonly IUserRepository _userRepository;
|
|
|
|
|
private readonly IUserService _userService;
|
2022-09-15 16:02:37 +02:00
|
|
|
|
private readonly ICaptchaValidationService _captchaValidationService;
|
2023-11-20 15:55:31 +01:00
|
|
|
|
private readonly IDataProtectorTokenFactory<WebAuthnLoginAssertionOptionsTokenable> _assertionOptionsDataProtector;
|
2022-08-29 22:06:55 +02:00
|
|
|
|
|
2022-01-17 13:21:51 +01:00
|
|
|
|
public AccountsControllerTests()
|
|
|
|
|
{
|
|
|
|
|
_logger = Substitute.For<ILogger<AccountsController>>();
|
|
|
|
|
_userRepository = Substitute.For<IUserRepository>();
|
|
|
|
|
_userService = Substitute.For<IUserService>();
|
2022-09-15 16:02:37 +02:00
|
|
|
|
_captchaValidationService = Substitute.For<ICaptchaValidationService>();
|
2023-11-20 15:55:31 +01:00
|
|
|
|
_assertionOptionsDataProtector = Substitute.For<IDataProtectorTokenFactory<WebAuthnLoginAssertionOptionsTokenable>>();
|
2022-01-17 13:21:51 +01:00
|
|
|
|
_sut = new AccountsController(
|
2022-08-29 22:06:55 +02:00
|
|
|
|
_logger,
|
2022-01-17 13:21:51 +01:00
|
|
|
|
_userRepository,
|
2022-09-15 16:02:37 +02:00
|
|
|
|
_userService,
|
2023-11-20 15:55:31 +01:00
|
|
|
|
_captchaValidationService,
|
|
|
|
|
_assertionOptionsDataProtector
|
2022-08-29 22:06:55 +02:00
|
|
|
|
);
|
|
|
|
|
}
|
2022-01-17 13:21:51 +01:00
|
|
|
|
|
|
|
|
|
public void Dispose()
|
2022-08-29 22:06:55 +02:00
|
|
|
|
{
|
2022-01-17 13:21:51 +01:00
|
|
|
|
_sut?.Dispose();
|
2022-08-29 22:06:55 +02:00
|
|
|
|
}
|
2022-01-17 13:21:51 +01:00
|
|
|
|
|
|
|
|
|
[Fact]
|
|
|
|
|
public async Task PostPrelogin_WhenUserExists_ShouldReturnUserKdfInfo()
|
2022-08-29 22:06:55 +02:00
|
|
|
|
{
|
2022-01-17 13:21:51 +01:00
|
|
|
|
var userKdfInfo = new UserKdfInformation
|
2022-08-29 21:53:48 +02:00
|
|
|
|
{
|
2022-01-17 13:21:51 +01:00
|
|
|
|
Kdf = KdfType.PBKDF2_SHA256,
|
|
|
|
|
KdfIterations = 5000
|
2022-08-29 22:06:55 +02:00
|
|
|
|
};
|
2022-01-17 13:21:51 +01:00
|
|
|
|
_userRepository.GetKdfInformationByEmailAsync(Arg.Any<string>()).Returns(Task.FromResult(userKdfInfo));
|
|
|
|
|
|
|
|
|
|
var response = await _sut.PostPrelogin(new PreloginRequestModel { Email = "user@example.com" });
|
2022-08-29 20:53:16 +02:00
|
|
|
|
|
2022-01-17 13:21:51 +01:00
|
|
|
|
Assert.Equal(userKdfInfo.Kdf, response.Kdf);
|
|
|
|
|
Assert.Equal(userKdfInfo.KdfIterations, response.KdfIterations);
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-29 22:06:55 +02:00
|
|
|
|
[Fact]
|
2022-01-17 13:21:51 +01:00
|
|
|
|
public async Task PostPrelogin_WhenUserDoesNotExist_ShouldDefaultToSha256And100000Iterations()
|
2022-08-29 22:06:55 +02:00
|
|
|
|
{
|
2022-01-17 13:21:51 +01:00
|
|
|
|
_userRepository.GetKdfInformationByEmailAsync(Arg.Any<string>()).Returns(Task.FromResult<UserKdfInformation>(null!));
|
2022-08-29 22:06:55 +02:00
|
|
|
|
|
2022-01-17 13:21:51 +01:00
|
|
|
|
var response = await _sut.PostPrelogin(new PreloginRequestModel { Email = "user@example.com" });
|
2022-08-29 20:53:16 +02:00
|
|
|
|
|
2022-01-17 13:21:51 +01:00
|
|
|
|
Assert.Equal(KdfType.PBKDF2_SHA256, response.Kdf);
|
|
|
|
|
Assert.Equal(100000, response.KdfIterations);
|
2022-08-29 22:06:55 +02:00
|
|
|
|
}
|
|
|
|
|
|
2022-01-17 13:21:51 +01:00
|
|
|
|
[Fact]
|
|
|
|
|
public async Task PostRegister_ShouldRegisterUser()
|
2022-08-29 22:06:55 +02:00
|
|
|
|
{
|
2022-01-17 13:21:51 +01:00
|
|
|
|
var passwordHash = "abcdef";
|
|
|
|
|
var token = "123456";
|
|
|
|
|
var userGuid = new Guid();
|
|
|
|
|
_userService.RegisterUserAsync(Arg.Any<User>(), passwordHash, token, userGuid)
|
|
|
|
|
.Returns(Task.FromResult(IdentityResult.Success));
|
|
|
|
|
var request = new RegisterRequestModel
|
|
|
|
|
{
|
|
|
|
|
Name = "Example User",
|
2022-06-24 16:39:34 +02:00
|
|
|
|
Email = "user@example.com",
|
|
|
|
|
MasterPasswordHash = passwordHash,
|
|
|
|
|
MasterPasswordHint = "example",
|
|
|
|
|
Token = token,
|
|
|
|
|
OrganizationUserId = userGuid
|
|
|
|
|
};
|
2022-01-17 13:21:51 +01:00
|
|
|
|
|
|
|
|
|
await _sut.PostRegister(request);
|
|
|
|
|
|
|
|
|
|
await _userService.Received(1).RegisterUserAsync(Arg.Any<User>(), passwordHash, token, userGuid);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
[Fact]
|
|
|
|
|
public async Task PostRegister_WhenUserServiceFails_ShouldThrowBadRequestException()
|
|
|
|
|
{
|
|
|
|
|
var passwordHash = "abcdef";
|
|
|
|
|
var token = "123456";
|
|
|
|
|
var userGuid = new Guid();
|
|
|
|
|
_userService.RegisterUserAsync(Arg.Any<User>(), passwordHash, token, userGuid)
|
|
|
|
|
.Returns(Task.FromResult(IdentityResult.Failed()));
|
|
|
|
|
var request = new RegisterRequestModel
|
2022-08-29 21:53:48 +02:00
|
|
|
|
{
|
2022-01-17 13:21:51 +01:00
|
|
|
|
Name = "Example User",
|
2022-06-24 16:39:34 +02:00
|
|
|
|
Email = "user@example.com",
|
|
|
|
|
MasterPasswordHash = passwordHash,
|
|
|
|
|
MasterPasswordHint = "example",
|
|
|
|
|
Token = token,
|
2022-01-17 13:21:51 +01:00
|
|
|
|
OrganizationUserId = userGuid
|
|
|
|
|
};
|
2022-08-29 22:06:55 +02:00
|
|
|
|
|
2022-01-17 13:21:51 +01:00
|
|
|
|
await Assert.ThrowsAsync<BadRequestException>(() => _sut.PostRegister(request));
|
|
|
|
|
}
|
|
|
|
|
}
|