mirror of
https://github.com/bitwarden/server.git
synced 2024-12-22 16:57:36 +01:00
[BEEEP] begin 2fa integration tests for identity (#3843)
* begin 2fa integration tests for identity - fix org mappings and query * add key length to doc * lint
This commit is contained in:
parent
4af7780bb8
commit
108d22f484
@ -26,7 +26,20 @@ public class OrganizationMapperProfile : Profile
|
||||
{
|
||||
public OrganizationMapperProfile()
|
||||
{
|
||||
CreateMap<Core.AdminConsole.Entities.Organization, Organization>().ReverseMap();
|
||||
CreateMap<Core.AdminConsole.Entities.Organization, Organization>()
|
||||
.ForMember(org => org.Ciphers, opt => opt.Ignore())
|
||||
.ForMember(org => org.OrganizationUsers, opt => opt.Ignore())
|
||||
.ForMember(org => org.Groups, opt => opt.Ignore())
|
||||
.ForMember(org => org.Policies, opt => opt.Ignore())
|
||||
.ForMember(org => org.Collections, opt => opt.Ignore())
|
||||
.ForMember(org => org.SsoConfigs, opt => opt.Ignore())
|
||||
.ForMember(org => org.SsoUsers, opt => opt.Ignore())
|
||||
.ForMember(org => org.Transactions, opt => opt.Ignore())
|
||||
.ForMember(org => org.ApiKeys, opt => opt.Ignore())
|
||||
.ForMember(org => org.Connections, opt => opt.Ignore())
|
||||
.ForMember(org => org.Domains, opt => opt.Ignore())
|
||||
.ReverseMap();
|
||||
|
||||
CreateProjection<Organization, SelfHostedOrganizationDetails>()
|
||||
.ForMember(sd => sd.CollectionCount, opt => opt.MapFrom(o => o.Collections.Count))
|
||||
.ForMember(sd => sd.GroupCount, opt => opt.MapFrom(o => o.Groups.Count))
|
||||
|
@ -50,9 +50,10 @@ public class OrganizationRepository : Repository<Core.AdminConsole.Entities.Orga
|
||||
{
|
||||
var dbContext = GetDatabaseContext(scope);
|
||||
var organizations = await GetDbSet(dbContext)
|
||||
.Select(e => e.OrganizationUsers
|
||||
.Where(ou => ou.UserId == userId)
|
||||
.Select(ou => ou.Organization))
|
||||
.SelectMany(e => e.OrganizationUsers
|
||||
.Where(ou => ou.UserId == userId))
|
||||
.Include(ou => ou.Organization)
|
||||
.Select(ou => ou.Organization)
|
||||
.ToListAsync();
|
||||
return Mapper.Map<List<Core.AdminConsole.Entities.Organization>>(organizations);
|
||||
}
|
||||
|
@ -0,0 +1,141 @@
|
||||
using System.Text.Json;
|
||||
using Bit.Core.AdminConsole.Entities;
|
||||
using Bit.Core.Auth.Enums;
|
||||
using Bit.Core.Auth.Models.Api.Request.Accounts;
|
||||
using Bit.Core.Entities;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Repositories;
|
||||
using Bit.Core.Services;
|
||||
using Bit.IntegrationTestCommon.Factories;
|
||||
using Bit.Test.Common.AutoFixture.Attributes;
|
||||
using Bit.Test.Common.Helpers;
|
||||
using Microsoft.AspNetCore.TestHost;
|
||||
using Xunit;
|
||||
|
||||
namespace Bit.Identity.IntegrationTest.Endpoints;
|
||||
|
||||
public class IdentityServerTwoFactorTests : IClassFixture<IdentityApplicationFactory>
|
||||
{
|
||||
private readonly IdentityApplicationFactory _factory;
|
||||
private readonly IUserRepository _userRepository;
|
||||
private readonly IUserService _userService;
|
||||
|
||||
public IdentityServerTwoFactorTests(IdentityApplicationFactory factory)
|
||||
{
|
||||
_factory = factory;
|
||||
_userRepository = _factory.GetService<IUserRepository>();
|
||||
_userService = _factory.GetService<IUserService>();
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task TokenEndpoint_UserTwoFactorRequired_NoTwoFactorProvided_Fails(string deviceId)
|
||||
{
|
||||
// Arrange
|
||||
var username = "test+2farequired@email.com";
|
||||
var twoFactor = """{"1": { "Enabled": true, "MetaData": { "Email": "test+2farequired@email.com"}}}""";
|
||||
|
||||
await CreateUserAsync(_factory.Server, username, deviceId, async () =>
|
||||
{
|
||||
var user = await _userRepository.GetByEmailAsync(username);
|
||||
user.TwoFactorProviders = twoFactor;
|
||||
await _userService.UpdateTwoFactorProviderAsync(user, TwoFactorProviderType.Email);
|
||||
});
|
||||
|
||||
// Act
|
||||
var context = await PostLoginAsync(_factory.Server, username, deviceId);
|
||||
|
||||
// Assert
|
||||
var body = await AssertHelper.AssertResponseTypeIs<JsonDocument>(context);
|
||||
var root = body.RootElement;
|
||||
|
||||
var error = AssertHelper.AssertJsonProperty(root, "error_description", JsonValueKind.String).GetString();
|
||||
Assert.Equal("Two factor required.", error);
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task TokenEndpoint_OrgTwoFactorRequired_NoTwoFactorProvided_Fails(string deviceId)
|
||||
{
|
||||
// Arrange
|
||||
var username = "test+org2farequired@email.com";
|
||||
// use valid length keys so DuoWeb.SignRequest doesn't throw
|
||||
// ikey: 20, skey: 40, akey: 40
|
||||
var orgTwoFactor =
|
||||
"""{"6":{"Enabled":true,"MetaData":{"IKey":"DIEFB13LB49IEB3459N2","SKey":"0ZnsZHav0KcNPBZTS6EOUwqLPoB0sfMd5aJeWExQ","Host":"api-example.duosecurity.com"}}}""";
|
||||
|
||||
var server = _factory.WithWebHostBuilder(builder =>
|
||||
{
|
||||
builder.UseSetting("globalSettings:Duo:AKey", "WJHB374KM3N5hglO9hniwbkibg$789EfbhNyLpNq1");
|
||||
}).Server;
|
||||
|
||||
|
||||
await CreateUserAsync(server, username, deviceId, async () =>
|
||||
{
|
||||
var user = await _userRepository.GetByEmailAsync(username);
|
||||
|
||||
var organizationRepository = _factory.Services.GetService<IOrganizationRepository>();
|
||||
var organization = await organizationRepository.CreateAsync(new Organization
|
||||
{
|
||||
Name = "Test Org",
|
||||
Use2fa = true,
|
||||
TwoFactorProviders = orgTwoFactor,
|
||||
});
|
||||
|
||||
await _factory.Services.GetService<IOrganizationUserRepository>()
|
||||
.CreateAsync(new OrganizationUser
|
||||
{
|
||||
UserId = user.Id,
|
||||
OrganizationId = organization.Id,
|
||||
Status = OrganizationUserStatusType.Confirmed,
|
||||
Type = OrganizationUserType.User,
|
||||
});
|
||||
});
|
||||
|
||||
// Act
|
||||
var context = await PostLoginAsync(server, username, deviceId);
|
||||
|
||||
// Assert
|
||||
var body = await AssertHelper.AssertResponseTypeIs<JsonDocument>(context);
|
||||
var root = body.RootElement;
|
||||
|
||||
var error = AssertHelper.AssertJsonProperty(root, "error_description", JsonValueKind.String).GetString();
|
||||
Assert.Equal("Two factor required.", error);
|
||||
}
|
||||
|
||||
private async Task CreateUserAsync(TestServer server, string username, string deviceId,
|
||||
Func<Task> twoFactorSetup)
|
||||
{
|
||||
// Register user
|
||||
await _factory.RegisterAsync(new RegisterRequestModel
|
||||
{
|
||||
Email = username,
|
||||
MasterPasswordHash = "master_password_hash"
|
||||
});
|
||||
|
||||
// Add two factor
|
||||
if (twoFactorSetup != null)
|
||||
{
|
||||
await twoFactorSetup();
|
||||
}
|
||||
}
|
||||
|
||||
private async Task<HttpContext> PostLoginAsync(TestServer server, string username, string deviceId,
|
||||
Action<HttpContext> extraConfiguration = null)
|
||||
{
|
||||
return await server.PostAsync("/connect/token", new FormUrlEncodedContent(new Dictionary<string, string>
|
||||
{
|
||||
{ "scope", "api offline_access" },
|
||||
{ "client_id", "web" },
|
||||
{ "deviceType", DeviceTypeAsString(DeviceType.FirefoxBrowser) },
|
||||
{ "deviceIdentifier", deviceId },
|
||||
{ "deviceName", "firefox" },
|
||||
{ "grant_type", "password" },
|
||||
{ "username", username },
|
||||
{ "password", "master_password_hash" },
|
||||
}), context => context.SetAuthEmail(username));
|
||||
}
|
||||
|
||||
private static string DeviceTypeAsString(DeviceType deviceType)
|
||||
{
|
||||
return ((int)deviceType).ToString();
|
||||
}
|
||||
}
|
@ -1,9 +1,11 @@
|
||||
using Bit.Core.Entities;
|
||||
using AutoMapper;
|
||||
using Bit.Core.Entities;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Models.Data.Organizations;
|
||||
using Bit.Core.Test.AutoFixture.Attributes;
|
||||
using Bit.Infrastructure.EFIntegration.Test.AutoFixture;
|
||||
using Bit.Infrastructure.EFIntegration.Test.Repositories.EqualityComparers;
|
||||
using Bit.Infrastructure.EntityFramework.AdminConsole.Models;
|
||||
using Xunit;
|
||||
using EfRepo = Bit.Infrastructure.EntityFramework.Repositories;
|
||||
using Organization = Bit.Core.AdminConsole.Entities.Organization;
|
||||
@ -13,6 +15,13 @@ namespace Bit.Infrastructure.EFIntegration.Test.Repositories;
|
||||
|
||||
public class OrganizationRepositoryTests
|
||||
{
|
||||
[Fact]
|
||||
public void ValidateOrganizationMappings_ReturnsSuccess()
|
||||
{
|
||||
var config = new MapperConfiguration(cfg => cfg.AddProfile<OrganizationMapperProfile>());
|
||||
config.AssertConfigurationIsValid();
|
||||
}
|
||||
|
||||
[CiSkippedTheory, EfOrganizationAutoData]
|
||||
public async Task CreateAsync_Works_DataMatches(
|
||||
Organization organization,
|
||||
|
Loading…
Reference in New Issue
Block a user