bitwarden-server/test/Api.Test/Auth/Validators/EmergencyAccessRotationValidatorTests.cs

using Bit.Api.Auth.Models.Request;
using Bit.Api.Auth.Validators;
using Bit.Core.Auth.Models.Data;
using Bit.Core.Entities;
using Bit.Core.Exceptions;
using Bit.Core.Repositories;
using Bit.Core.Services;
using Bit.Test.Common.AutoFixture;
using Bit.Test.Common.AutoFixture.Attributes;
using NSubstitute;
using Xunit;

namespace Bit.Api.Test.Auth.Validators;

[SutProviderCustomize]
public class EmergencyAccessRotationValidatorTests
{
    [Theory]
    [BitAutoData]
    public async Task ValidateAsync_MissingEmergencyAccess_Throws(
        SutProvider<EmergencyAccessRotationValidator> sutProvider, User user,
        IEnumerable<EmergencyAccessWithIdRequestModel> emergencyAccessKeys)
    {
        sutProvider.GetDependency<IUserService>().CanAccessPremium(user).Returns(true);
        var userEmergencyAccess = emergencyAccessKeys.Select(e => new EmergencyAccessDetails
        {
            Id = e.Id,
            GrantorName = user.Name,
            GrantorEmail = user.Email,
            KeyEncrypted = e.KeyEncrypted,
            Type = e.Type
        }).ToList();
        userEmergencyAccess.Add(new EmergencyAccessDetails { Id = Guid.NewGuid(), KeyEncrypted = "TestKey" });
        sutProvider.GetDependency<IEmergencyAccessRepository>().GetManyDetailsByGrantorIdAsync(user.Id)
            .Returns(userEmergencyAccess);

        await Assert.ThrowsAsync<BadRequestException>(async () =>
            await sutProvider.Sut.ValidateAsync(user, emergencyAccessKeys));
    }

    [Theory]
    [BitAutoData]
    public async Task ValidateAsync_EmergencyAccessDoesNotBelongToUser_NotIncluded(
        SutProvider<EmergencyAccessRotationValidator> sutProvider, User user,
        IEnumerable<EmergencyAccessWithIdRequestModel> emergencyAccessKeys)
    {
        sutProvider.GetDependency<IUserService>().CanAccessPremium(user).Returns(true);
        var userEmergencyAccess = emergencyAccessKeys.Select(e => new EmergencyAccessDetails
        {
            Id = e.Id,
            GrantorName = user.Name,
            GrantorEmail = user.Email,
            KeyEncrypted = e.KeyEncrypted,
            Type = e.Type
        }).ToList();
        userEmergencyAccess.RemoveAt(0);
        sutProvider.GetDependency<IEmergencyAccessRepository>().GetManyDetailsByGrantorIdAsync(user.Id)
            .Returns(userEmergencyAccess);

        var result = await sutProvider.Sut.ValidateAsync(user, emergencyAccessKeys);

        Assert.DoesNotContain(result, c => c.Id == emergencyAccessKeys.First().Id);
    }

    [Theory]
    [BitAutoData]
    public async Task ValidateAsync_UserNotPremium_Success(
        SutProvider<EmergencyAccessRotationValidator> sutProvider, User user,
        IEnumerable<EmergencyAccessWithIdRequestModel> emergencyAccessKeys)
    {
        // We want to allow users who have lost premium to rotate their key for any existing emergency access, as long
        // as we restrict it to existing records and don't let them alter data
        user.Premium = false;
        var userEmergencyAccess = emergencyAccessKeys.Select(e => new EmergencyAccessDetails
        {
            Id = e.Id,
            GrantorName = user.Name,
            GrantorEmail = user.Email,
            KeyEncrypted = e.KeyEncrypted,
            Type = e.Type
        }).ToList();
        sutProvider.GetDependency<IEmergencyAccessRepository>().GetManyDetailsByGrantorIdAsync(user.Id)
            .Returns(userEmergencyAccess);

        var result = await sutProvider.Sut.ValidateAsync(user, emergencyAccessKeys);

        Assert.Equal(userEmergencyAccess, result);
    }

    [Theory]
    [BitAutoData]
    public async Task ValidateAsync_NonConfirmedEmergencyAccess_NotReturned(
        SutProvider<EmergencyAccessRotationValidator> sutProvider, User user,
        IEnumerable<EmergencyAccessWithIdRequestModel> emergencyAccessKeys)
    {
        emergencyAccessKeys.First().KeyEncrypted = null;
        sutProvider.GetDependency<IUserService>().CanAccessPremium(user).Returns(true);
        var userEmergencyAccess = emergencyAccessKeys.Select(e => new EmergencyAccessDetails
        {
            Id = e.Id,
            GrantorName = user.Name,
            GrantorEmail = user.Email,
            KeyEncrypted = e.KeyEncrypted,
            Type = e.Type
        }).ToList();
        sutProvider.GetDependency<IEmergencyAccessRepository>().GetManyDetailsByGrantorIdAsync(user.Id)
            .Returns(userEmergencyAccess);

        var result = await sutProvider.Sut.ValidateAsync(user, emergencyAccessKeys);

        Assert.DoesNotContain(result, c => c.Id == emergencyAccessKeys.First().Id);
    }

    [Theory]
    [BitAutoData]
    public async Task ValidateAsync_AttemptToSetKeyToNull_Throws(
        SutProvider<EmergencyAccessRotationValidator> sutProvider, User user,
        IEnumerable<EmergencyAccessWithIdRequestModel> emergencyAccessKeys)
    {
        sutProvider.GetDependency<IUserService>().CanAccessPremium(user).Returns(true);
        var userEmergencyAccess = emergencyAccessKeys.Select(e => new EmergencyAccessDetails
        {
            Id = e.Id,
            GrantorName = user.Name,
            GrantorEmail = user.Email,
            KeyEncrypted = e.KeyEncrypted,
            Type = e.Type
        }).ToList();
        sutProvider.GetDependency<IEmergencyAccessRepository>().GetManyDetailsByGrantorIdAsync(user.Id)
            .Returns(userEmergencyAccess);
        emergencyAccessKeys.First().KeyEncrypted = null;

        await Assert.ThrowsAsync<BadRequestException>(async () =>
            await sutProvider.Sut.ValidateAsync(user, emergencyAccessKeys));
    }
}
-												[Pm 3797 Part 2] Add emergency access rotations (#3434)

## Type of change

<!-- (mark with an `X`) -->

```
- [ ] Bug fix
- [ ] New feature development
- [x] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other
```

## Objective
<!--Describe what the purpose of this PR is. For example: what bug you're fixing or what new feature you're adding-->
See #3425 for part 1 and background.

This PR adds emergency access to the rotation. All new code is hidden behind a feature flag.

The Accounts controller has also been moved to Auth ownership.

## Code changes
<!--Explain the changes you've made to each file or major component. This should help the reviewer understand your changes-->
<!--Also refer to any related changes or PRs in other repositories-->

* **file.ext:** Description of what was changed and why
* **AccountsController.cs:** Moved to Auth ownership. Emergency access validation was added (as well as initializing empty lists to avoid errors).
* **EmergencyAccessRotationValidator.cs:** Performs validation on the provided list of new emergency access keys.
* **EmergencyAccessRepository.cs:** Adds a method to rotate encryption keys. This is added to a list in the `RotateUserKeyCommand` that the `UserRepository` calls so it doesn't have to know about all the domains.

## Before you submit

- Please check for formatting errors (`dotnet format --verify-no-changes`) (required)
- If making database changes - make sure you also update Entity Framework queries and/or migrations
- Please add **unit tests** where it makes sense to do so (encouraged but not required)
- If this change requires a **documentation update** - notify the documentation team
- If this change has particular **deployment requirements** - notify the DevOps team

											
										
										
											2023-12-05 18:05:51 +01:00
+								using Bit.Api.Auth.Models.Request;
 								using Bit.Api.Auth.Validators;
 								using Bit.Core.Auth.Models.Data;
 								using Bit.Core.Entities;
 								using Bit.Core.Exceptions;
 								using Bit.Core.Repositories;
 								using Bit.Core.Services;
 								using Bit.Test.Common.AutoFixture;
 								using Bit.Test.Common.AutoFixture.Attributes;
 								using NSubstitute;
 								using Xunit;
 								namespace Bit.Api.Test.Auth.Validators;
 								[SutProviderCustomize]
 								public class EmergencyAccessRotationValidatorTests
 								{
 								    [Theory]
 								    [BitAutoData]
 								    public async Task ValidateAsync_MissingEmergencyAccess_Throws(
 								        SutProvider<EmergencyAccessRotationValidator> sutProvider, User user,
 								        IEnumerable<EmergencyAccessWithIdRequestModel> emergencyAccessKeys)
 								    {
 								        sutProvider.GetDependency<IUserService>().CanAccessPremium(user).Returns(true);
 								        var userEmergencyAccess = emergencyAccessKeys.Select(e => new EmergencyAccessDetails
 								        {
 								            Id = e.Id,
 								            GrantorName = user.Name,
 								            GrantorEmail = user.Email,
 								            KeyEncrypted = e.KeyEncrypted,
 								            Type = e.Type
 								        }).ToList();
 								        userEmergencyAccess.Add(new EmergencyAccessDetails { Id = Guid.NewGuid(), KeyEncrypted = "TestKey" });
 								        sutProvider.GetDependency<IEmergencyAccessRepository>().GetManyDetailsByGrantorIdAsync(user.Id)
 								            .Returns(userEmergencyAccess);
 								        await Assert.ThrowsAsync<BadRequestException>(async () =>
 								            await sutProvider.Sut.ValidateAsync(user, emergencyAccessKeys));
 								    }
 								    [Theory]
 								    [BitAutoData]
 								    public async Task ValidateAsync_EmergencyAccessDoesNotBelongToUser_NotIncluded(
 								        SutProvider<EmergencyAccessRotationValidator> sutProvider, User user,
 								        IEnumerable<EmergencyAccessWithIdRequestModel> emergencyAccessKeys)
 								    {
 								        sutProvider.GetDependency<IUserService>().CanAccessPremium(user).Returns(true);
 								        var userEmergencyAccess = emergencyAccessKeys.Select(e => new EmergencyAccessDetails
 								        {
 								            Id = e.Id,
 								            GrantorName = user.Name,
 								            GrantorEmail = user.Email,
 								            KeyEncrypted = e.KeyEncrypted,
 								            Type = e.Type
 								        }).ToList();
 								        userEmergencyAccess.RemoveAt(0);
 								        sutProvider.GetDependency<IEmergencyAccessRepository>().GetManyDetailsByGrantorIdAsync(user.Id)
 								            .Returns(userEmergencyAccess);
 								        var result = await sutProvider.Sut.ValidateAsync(user, emergencyAccessKeys);
 								        Assert.DoesNotContain(result, c => c.Id == emergencyAccessKeys.First().Id);
 								    }
 								    [Theory]
 								    [BitAutoData]
 								    public async Task ValidateAsync_UserNotPremium_Success(
 								        SutProvider<EmergencyAccessRotationValidator> sutProvider, User user,
 								        IEnumerable<EmergencyAccessWithIdRequestModel> emergencyAccessKeys)
 								    {
 								        // We want to allow users who have lost premium to rotate their key for any existing emergency access, as long
 								        // as we restrict it to existing records and don't let them alter data
 								        user.Premium = false;
 								        var userEmergencyAccess = emergencyAccessKeys.Select(e => new EmergencyAccessDetails
 								        {
 								            Id = e.Id,
 								            GrantorName = user.Name,
 								            GrantorEmail = user.Email,
 								            KeyEncrypted = e.KeyEncrypted,
 								            Type = e.Type
 								        }).ToList();
 								        sutProvider.GetDependency<IEmergencyAccessRepository>().GetManyDetailsByGrantorIdAsync(user.Id)
 								            .Returns(userEmergencyAccess);
 								        var result = await sutProvider.Sut.ValidateAsync(user, emergencyAccessKeys);
 								        Assert.Equal(userEmergencyAccess, result);
 								    }
 								    [Theory]
 								    [BitAutoData]
 								    public async Task ValidateAsync_NonConfirmedEmergencyAccess_NotReturned(
 								        SutProvider<EmergencyAccessRotationValidator> sutProvider, User user,
 								        IEnumerable<EmergencyAccessWithIdRequestModel> emergencyAccessKeys)
 								    {
 								        emergencyAccessKeys.First().KeyEncrypted = null;
 								        sutProvider.GetDependency<IUserService>().CanAccessPremium(user).Returns(true);
 								        var userEmergencyAccess = emergencyAccessKeys.Select(e => new EmergencyAccessDetails
 								        {
 								            Id = e.Id,
 								            GrantorName = user.Name,
 								            GrantorEmail = user.Email,
 								            KeyEncrypted = e.KeyEncrypted,
 								            Type = e.Type
 								        }).ToList();
 								        sutProvider.GetDependency<IEmergencyAccessRepository>().GetManyDetailsByGrantorIdAsync(user.Id)
 								            .Returns(userEmergencyAccess);
 								        var result = await sutProvider.Sut.ValidateAsync(user, emergencyAccessKeys);
 								        Assert.DoesNotContain(result, c => c.Id == emergencyAccessKeys.First().Id);
 								    }
 								    [Theory]
 								    [BitAutoData]
 								    public async Task ValidateAsync_AttemptToSetKeyToNull_Throws(
 								        SutProvider<EmergencyAccessRotationValidator> sutProvider, User user,
 								        IEnumerable<EmergencyAccessWithIdRequestModel> emergencyAccessKeys)
 								    {
 								        sutProvider.GetDependency<IUserService>().CanAccessPremium(user).Returns(true);
 								        var userEmergencyAccess = emergencyAccessKeys.Select(e => new EmergencyAccessDetails
 								        {
 								            Id = e.Id,
 								            GrantorName = user.Name,
 								            GrantorEmail = user.Email,
 								            KeyEncrypted = e.KeyEncrypted,
 								            Type = e.Type
 								        }).ToList();
 								        sutProvider.GetDependency<IEmergencyAccessRepository>().GetManyDetailsByGrantorIdAsync(user.Id)
 								            .Returns(userEmergencyAccess);
 								        emergencyAccessKeys.First().KeyEncrypted = null;
 								        await Assert.ThrowsAsync<BadRequestException>(async () =>
 								            await sutProvider.Sut.ValidateAsync(user, emergencyAccessKeys));
 								    }
 								}