mirror of
https://github.com/bitwarden/server.git
synced 2024-11-29 13:25:17 +01:00
Add regen controller tests
This commit is contained in:
parent
3840b5c230
commit
7d68d7085d
@ -16,6 +16,12 @@ public class LoginHelper
|
|||||||
_client = client;
|
_client = client;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public async Task LoginAsync(string email)
|
||||||
|
{
|
||||||
|
var tokens = await _factory.LoginAsync(email);
|
||||||
|
_client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token);
|
||||||
|
}
|
||||||
|
|
||||||
public async Task LoginWithOrganizationApiKeyAsync(Guid organizationId)
|
public async Task LoginWithOrganizationApiKeyAsync(Guid organizationId)
|
||||||
{
|
{
|
||||||
var (clientId, apiKey) = await GetOrganizationApiKey(_factory, organizationId);
|
var (clientId, apiKey) = await GetOrganizationApiKey(_factory, organizationId);
|
||||||
|
@ -0,0 +1,124 @@
|
|||||||
|
using System.Net;
|
||||||
|
using Bit.Api.IntegrationTest.Factories;
|
||||||
|
using Bit.Api.IntegrationTest.Helpers;
|
||||||
|
using Bit.Api.KeyManagement.Models.Requests;
|
||||||
|
using Bit.Core.Auth.Entities;
|
||||||
|
using Bit.Core.Auth.Enums;
|
||||||
|
using Bit.Core.Billing.Enums;
|
||||||
|
using Bit.Core.Enums;
|
||||||
|
using Bit.Core.Repositories;
|
||||||
|
using Bit.Test.Common.AutoFixture.Attributes;
|
||||||
|
using Xunit;
|
||||||
|
|
||||||
|
namespace Bit.Api.IntegrationTest.KeyManagement.Controllers;
|
||||||
|
|
||||||
|
public class AccountsKeyManagementControllerTests : IClassFixture<ApiApplicationFactory>, IAsyncLifetime
|
||||||
|
{
|
||||||
|
private static readonly string _mockEncryptedString =
|
||||||
|
"2.AOs41Hd8OQiCPXjyJKCiDA==|O6OHgt2U2hJGBSNGnimJmg==|iD33s8B69C8JhYYhSa4V1tArjvLr8eEaGqOV7BRo5Jk=";
|
||||||
|
|
||||||
|
private readonly HttpClient _client;
|
||||||
|
private readonly IEmergencyAccessRepository _emergencyAccessRepository;
|
||||||
|
private readonly ApiApplicationFactory _factory;
|
||||||
|
private readonly LoginHelper _loginHelper;
|
||||||
|
private readonly IUserRepository _userRepository;
|
||||||
|
private string _ownerEmail = null!;
|
||||||
|
|
||||||
|
public AccountsKeyManagementControllerTests(ApiApplicationFactory factory)
|
||||||
|
{
|
||||||
|
_factory = factory;
|
||||||
|
_client = factory.CreateClient();
|
||||||
|
_loginHelper = new LoginHelper(_factory, _client);
|
||||||
|
_userRepository = _factory.GetService<IUserRepository>();
|
||||||
|
_emergencyAccessRepository = _factory.GetService<IEmergencyAccessRepository>();
|
||||||
|
}
|
||||||
|
|
||||||
|
public async Task InitializeAsync()
|
||||||
|
{
|
||||||
|
_ownerEmail = $"integration-test{Guid.NewGuid()}@bitwarden.com";
|
||||||
|
await _factory.LoginWithNewAccount(_ownerEmail);
|
||||||
|
}
|
||||||
|
|
||||||
|
public Task DisposeAsync()
|
||||||
|
{
|
||||||
|
_client.Dispose();
|
||||||
|
return Task.CompletedTask;
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[BitAutoData]
|
||||||
|
public async Task RegenerateKeysAsync_NotLoggedIn_Unauthorized(KeyRegenerationRequestModel request)
|
||||||
|
{
|
||||||
|
request.UserKeyEncryptedUserPrivateKey = _mockEncryptedString;
|
||||||
|
|
||||||
|
var response = await _client.PostAsJsonAsync("/accounts/key-management/regenerate-keys", request);
|
||||||
|
|
||||||
|
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[BitAutoData(true, true)]
|
||||||
|
[BitAutoData(true, false)]
|
||||||
|
[BitAutoData(false, true)]
|
||||||
|
public async Task RegenerateKeysAsync_UserInOrgOrHasDesignatedEmergencyAccess_ThrowsBadRequest(
|
||||||
|
bool inOrganization,
|
||||||
|
bool hasDesignatedEmergencyAccess,
|
||||||
|
KeyRegenerationRequestModel request)
|
||||||
|
{
|
||||||
|
if (inOrganization)
|
||||||
|
{
|
||||||
|
await OrganizationTestHelpers.SignUpAsync(_factory,
|
||||||
|
PlanType.EnterpriseAnnually, _ownerEmail, passwordManagerSeats: 10,
|
||||||
|
paymentMethod: PaymentMethodType.Card);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (hasDesignatedEmergencyAccess)
|
||||||
|
{
|
||||||
|
await CreateDesignatedEmergencyAccessAsync();
|
||||||
|
}
|
||||||
|
|
||||||
|
await _loginHelper.LoginAsync(_ownerEmail);
|
||||||
|
request.UserKeyEncryptedUserPrivateKey = _mockEncryptedString;
|
||||||
|
|
||||||
|
var response = await _client.PostAsJsonAsync("/accounts/key-management/regenerate-keys", request);
|
||||||
|
|
||||||
|
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[BitAutoData]
|
||||||
|
public async Task RegenerateKeysAsync_Success(KeyRegenerationRequestModel request)
|
||||||
|
{
|
||||||
|
await _loginHelper.LoginAsync(_ownerEmail);
|
||||||
|
request.UserKeyEncryptedUserPrivateKey = _mockEncryptedString;
|
||||||
|
|
||||||
|
var response = await _client.PostAsJsonAsync("/accounts/key-management/regenerate-keys", request);
|
||||||
|
response.EnsureSuccessStatusCode();
|
||||||
|
|
||||||
|
var user = await _userRepository.GetByEmailAsync(_ownerEmail);
|
||||||
|
Assert.NotNull(user);
|
||||||
|
Assert.Equal(request.UserPublicKey, user.PublicKey);
|
||||||
|
Assert.Equal(request.UserKeyEncryptedUserPrivateKey, user.PrivateKey);
|
||||||
|
}
|
||||||
|
|
||||||
|
private async Task CreateDesignatedEmergencyAccessAsync()
|
||||||
|
{
|
||||||
|
var tempEmail = $"integration-test{Guid.NewGuid()}@bitwarden.com";
|
||||||
|
await _factory.LoginWithNewAccount(tempEmail);
|
||||||
|
|
||||||
|
var tempUser = await _userRepository.GetByEmailAsync(tempEmail);
|
||||||
|
var user = await _userRepository.GetByEmailAsync(_ownerEmail);
|
||||||
|
var emergencyAccess = new EmergencyAccess
|
||||||
|
{
|
||||||
|
GrantorId = tempUser!.Id,
|
||||||
|
GranteeId = user!.Id,
|
||||||
|
KeyEncrypted = _mockEncryptedString,
|
||||||
|
Status = EmergencyAccessStatusType.Confirmed,
|
||||||
|
Type = EmergencyAccessType.View,
|
||||||
|
WaitTimeDays = 10,
|
||||||
|
CreationDate = DateTime.UtcNow,
|
||||||
|
RevisionDate = DateTime.UtcNow
|
||||||
|
};
|
||||||
|
await _emergencyAccessRepository.CreateAsync(emergencyAccess);
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,61 @@
|
|||||||
|
#nullable enable
|
||||||
|
using System.Security.Claims;
|
||||||
|
using Bit.Api.KeyManagement.Controllers;
|
||||||
|
using Bit.Api.KeyManagement.Models.Requests;
|
||||||
|
using Bit.Core.Auth.Models.Data;
|
||||||
|
using Bit.Core.Entities;
|
||||||
|
using Bit.Core.KeyManagement.Commands.Interfaces;
|
||||||
|
using Bit.Core.KeyManagement.Models.Data;
|
||||||
|
using Bit.Core.Repositories;
|
||||||
|
using Bit.Core.Services;
|
||||||
|
using Bit.Test.Common.AutoFixture;
|
||||||
|
using Bit.Test.Common.AutoFixture.Attributes;
|
||||||
|
using NSubstitute;
|
||||||
|
using NSubstitute.ReturnsExtensions;
|
||||||
|
using Xunit;
|
||||||
|
|
||||||
|
namespace Bit.Api.Test.KeyManagement.Controllers;
|
||||||
|
|
||||||
|
[ControllerCustomize(typeof(AccountsKeyManagementController))]
|
||||||
|
[SutProviderCustomize]
|
||||||
|
[JsonDocumentCustomize]
|
||||||
|
public class AccountsKeyManagementControllerTests
|
||||||
|
{
|
||||||
|
[Theory]
|
||||||
|
[BitAutoData]
|
||||||
|
public async Task RegenerateKeysAsync_UserNull_Throws(SutProvider<AccountsKeyManagementController> sutProvider,
|
||||||
|
KeyRegenerationRequestModel data)
|
||||||
|
{
|
||||||
|
sutProvider.GetDependency<IUserService>().GetUserByPrincipalAsync(Arg.Any<ClaimsPrincipal>()).ReturnsNull();
|
||||||
|
|
||||||
|
await Assert.ThrowsAsync<UnauthorizedAccessException>(() => sutProvider.Sut.RegenerateKeysAsync(data));
|
||||||
|
|
||||||
|
await sutProvider.GetDependency<IOrganizationUserRepository>().ReceivedWithAnyArgs(0)
|
||||||
|
.GetManyByUserAsync(Arg.Any<Guid>());
|
||||||
|
await sutProvider.GetDependency<IEmergencyAccessRepository>().ReceivedWithAnyArgs(0)
|
||||||
|
.GetManyDetailsByGranteeIdAsync(Arg.Any<Guid>());
|
||||||
|
await sutProvider.GetDependency<IRegenerateUserAsymmetricKeysCommand>().ReceivedWithAnyArgs(0)
|
||||||
|
.RegenerateKeysAsync(Arg.Any<UserAsymmetricKeys>(),
|
||||||
|
Arg.Any<ICollection<OrganizationUser>>(),
|
||||||
|
Arg.Any<ICollection<EmergencyAccessDetails>>());
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[BitAutoData]
|
||||||
|
public async Task RegenerateKeysAsync_Success(SutProvider<AccountsKeyManagementController> sutProvider,
|
||||||
|
KeyRegenerationRequestModel data, User user)
|
||||||
|
{
|
||||||
|
sutProvider.GetDependency<IUserService>().GetUserByPrincipalAsync(Arg.Any<ClaimsPrincipal>()).Returns(user);
|
||||||
|
|
||||||
|
await sutProvider.Sut.RegenerateKeysAsync(data);
|
||||||
|
|
||||||
|
await sutProvider.GetDependency<IOrganizationUserRepository>().Received(1)
|
||||||
|
.GetManyByUserAsync(Arg.Is(user.Id));
|
||||||
|
await sutProvider.GetDependency<IEmergencyAccessRepository>().Received(1)
|
||||||
|
.GetManyDetailsByGranteeIdAsync(Arg.Is(user.Id));
|
||||||
|
await sutProvider.GetDependency<IRegenerateUserAsymmetricKeysCommand>().ReceivedWithAnyArgs(1)
|
||||||
|
.RegenerateKeysAsync(Arg.Any<UserAsymmetricKeys>(),
|
||||||
|
Arg.Any<ICollection<OrganizationUser>>(),
|
||||||
|
Arg.Any<ICollection<EmergencyAccessDetails>>());
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user