Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-21 12:05:42 +01:00
Code Issues Projects Releases Wiki Activity

[Pm 3797 Part 2] Add emergency access rotations (#3434)

Browse Source 
## Type of change

<!-- (mark with an `X`) -->

```
- [ ] Bug fix
- [ ] New feature development
- [x] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other
```

## Objective
<!--Describe what the purpose of this PR is. For example: what bug you're fixing or what new feature you're adding-->
See #3425 for part 1 and background.

This PR adds emergency access to the rotation. All new code is hidden behind a feature flag.

The Accounts controller has also been moved to Auth ownership.

## Code changes
<!--Explain the changes you've made to each file or major component. This should help the reviewer understand your changes-->
<!--Also refer to any related changes or PRs in other repositories-->

* **file.ext:** Description of what was changed and why
* **AccountsController.cs:** Moved to Auth ownership. Emergency access validation was added (as well as initializing empty lists to avoid errors).
* **EmergencyAccessRotationValidator.cs:** Performs validation on the provided list of new emergency access keys.
* **EmergencyAccessRepository.cs:** Adds a method to rotate encryption keys. This is added to a list in the `RotateUserKeyCommand` that the `UserRepository` calls so it doesn't have to know about all the domains.

## Before you submit

- Please check for formatting errors (`dotnet format --verify-no-changes`) (required)
- If making database changes - make sure you also update Entity Framework queries and/or migrations
- Please add **unit tests** where it makes sense to do so (encouraged but not required)
- If this change requires a **documentation update** - notify the documentation team
- If this change has particular **deployment requirements** - notify the DevOps team
This commit is contained in:
Jake Fink 2023-12-05 12:05:51 -05:00 committed by GitHub
parent eedc96263a
commit 989603ddd3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
19 changed files with 423 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/Api/Controllers/AccountsController.cs → src/Api/Auth/Controllers/AccountsController.cs
View File

@ -1,5 +1,7 @@
using Bit.Api.AdminConsole.Models.Response;
using Bit.Api.Auth.Models.Request;
using Bit.Api.Auth.Models.Request.Accounts;
using Bit.Api.Auth.Validators;
using Bit.Api.Models.Request;
using Bit.Api.Models.Request.Accounts;
using Bit.Api.Models.Response;
@ -8,6 +10,7 @@ using Bit.Core;
using Bit.Core.AdminConsole.Enums.Provider;
using Bit.Core.AdminConsole.Repositories;
using Bit.Core.AdminConsole.Services;
using Bit.Core.Auth.Entities;
using Bit.Core.Auth.Models.Api.Request.Accounts;
using Bit.Core.Auth.Models.Api.Response.Accounts;
using Bit.Core.Auth.Models.Data;
@ -16,6 +19,7 @@ using Bit.Core.Auth.UserFeatures.UserKey;
using Bit.Core.Auth.UserFeatures.UserMasterPassword.Interfaces;
using Bit.Core.Auth.Utilities;
using Bit.Core.Context;
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Exceptions;
using Bit.Core.Models.Api.Response;
@ -34,7 +38,7 @@ using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
namespace Bit.Api.Controllers;
namespace Bit.Api.Auth.Controllers;
[Route("accounts")]
[Authorize("Application")]
@ -61,6 +65,10 @@ public class AccountsController : Controller
private bool UseFlexibleCollections =>
_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollections, _currentContext);
private readonly IRotationValidator<IEnumerable<EmergencyAccessWithIdRequestModel>, IEnumerable<EmergencyAccess>>
_emergencyAccessValidator;
public AccountsController(
GlobalSettings globalSettings,
ICipherRepository cipherRepository,
@ -78,7 +86,9 @@ public class AccountsController : Controller
ISetInitialMasterPasswordCommand setInitialMasterPasswordCommand,
IRotateUserKeyCommand rotateUserKeyCommand,
IFeatureService featureService,
ICurrentContext currentContext
ICurrentContext currentContext,
IRotationValidator<IEnumerable<EmergencyAccessWithIdRequestModel>, IEnumerable<EmergencyAccess>>
emergencyAccessValidator
)
{
_cipherRepository = cipherRepository;
@ -98,6 +108,7 @@ public class AccountsController : Controller
_rotateUserKeyCommand = rotateUserKeyCommand;
_featureService = featureService;
_currentContext = currentContext;
_emergencyAccessValidator = emergencyAccessValidator;
}
#region DEPRECATED (Moved to Identity Service)
@ -403,14 +414,14 @@ public class AccountsController : Controller
MasterPasswordHash = model.MasterPasswordHash,
Key = model.Key,
PrivateKey = model.PrivateKey,
// Ciphers = await _cipherValidator.ValidateAsync(user, model.Ciphers),
// Folders = await _folderValidator.ValidateAsync(user, model.Folders),
// Sends = await _sendValidator.ValidateAsync(user, model.Sends),
// EmergencyAccessKeys = await _emergencyAccessValidator.ValidateAsync(user, model.EmergencyAccessKeys),
// ResetPasswordKeys = await _accountRecoveryValidator.ValidateAsync(user, model.ResetPasswordKeys),
Ciphers = new List<Cipher>(),
Folders = new List<Folder>(),
Sends = new List<Send>(),
EmergencyAccessKeys = await _emergencyAccessValidator.ValidateAsync(user, model.EmergencyAccessKeys),
ResetPasswordKeys = new List<OrganizationUser>(),
};
result = await _rotateUserKeyCommand.RotateUserKeyAsync(dataModel);
result = await _rotateUserKeyCommand.RotateUserKeyAsync(user, dataModel);
}
else
{

2
src/Api/Auth/Models/Request/Accounts/UpdateKeyRequestModel.cs
View File

@ -17,7 +17,7 @@ public class UpdateKeyRequestModel
public IEnumerable<CipherWithIdRequestModel> Ciphers { get; set; }
public IEnumerable<FolderWithIdRequestModel> Folders { get; set; }
public IEnumerable<SendWithIdRequestModel> Sends { get; set; }
public IEnumerable<EmergencyAccessUpdateRequestModel> EmergencyAccessKeys { get; set; }
public IEnumerable<EmergencyAccessWithIdRequestModel> EmergencyAccessKeys { get; set; }
public IEnumerable<OrganizationUserUpdateRequestModel> ResetPasswordKeys { get; set; }
}

6
src/Api/Auth/Models/Request/EmergencyAccessRequstModels.cs → src/Api/Auth/Models/Request/EmergencyAccessRequestModels.cs
View File

@ -46,3 +46,9 @@ public class EmergencyAccessPasswordRequestModel
[Required]
public string Key { get; set; }
}
public class EmergencyAccessWithIdRequestModel : EmergencyAccessUpdateRequestModel
{
[Required]
public Guid Id { get; set; }
}

58
src/Api/Auth/Validators/EmergencyAccessRotationValidator.cs Normal file
View File

@ -0,0 +1,58 @@
using Bit.Api.Auth.Models.Request;
using Bit.Core.Auth.Entities;
using Bit.Core.Entities;
using Bit.Core.Exceptions;
using Bit.Core.Repositories;
using Bit.Core.Services;
namespace Bit.Api.Auth.Validators;
public class EmergencyAccessRotationValidator : IRotationValidator<IEnumerable<EmergencyAccessWithIdRequestModel>,
IEnumerable<EmergencyAccess>>
{
private readonly IEmergencyAccessRepository _emergencyAccessRepository;
private readonly IUserService _userService;
public EmergencyAccessRotationValidator(IEmergencyAccessRepository emergencyAccessRepository,
IUserService userService)
{
_emergencyAccessRepository = emergencyAccessRepository;
_userService = userService;
}
public async Task<IEnumerable<EmergencyAccess>> ValidateAsync(User user,
IEnumerable<EmergencyAccessWithIdRequestModel> emergencyAccessKeys)
{
var result = new List<EmergencyAccess>();
if (emergencyAccessKeys == null || !emergencyAccessKeys.Any())
{
return result;
}
var existing = await _emergencyAccessRepository.GetManyDetailsByGrantorIdAsync(user.Id);
if (existing == null || !existing.Any())
{
return result;
}
// Exclude any emergency access that has not been confirmed yet.
existing = existing.Where(ea => ea.KeyEncrypted != null).ToList();
foreach (var ea in existing)
{
var emergencyAccess = emergencyAccessKeys.FirstOrDefault(c => c.Id == ea.Id);
if (emergencyAccess == null)
{
throw new BadRequestException("All existing emergency access keys must be included in the rotation.");
}
if (emergencyAccess.KeyEncrypted == null)
{
throw new BadRequestException("Emergency access keys cannot be set to null during rotation.");
}
result.Add(emergencyAccess.ToEmergencyAccess(ea));
}
return result;
}
}

15
src/Api/Auth/Validators/IRotationValidator.cs Normal file
View File

@ -0,0 +1,15 @@
using Bit.Core.Entities;
namespace Bit.Api.Auth.Validators;
/// <summary>
/// A consistent interface for domains to validate re-encrypted data before saved to database. Some examples are:<br/>
/// - All available encrypted data is accounted for<br/>
/// - All provided encrypted data belongs to the user
/// </summary>
/// <typeparam name="T">Request model</typeparam>
/// <typeparam name="R">Domain model</typeparam>
public interface IRotationValidator<T, R>
{
Task<R> ValidateAsync(User user, T data);
}

6
src/Api/Startup.cs
View File

@ -7,6 +7,9 @@ using Stripe;
using Bit.Core.Utilities;
using IdentityModel;
using System.Globalization;
using Bit.Api.Auth.Models.Request;
using Bit.Api.Auth.Validators;
using Bit.Core.Auth.Entities;
using Bit.Core.IdentityServer;
using Bit.SharedWeb.Health;
using Microsoft.IdentityModel.Logging;
@ -135,6 +138,9 @@ public class Startup
// Key Rotation
services.AddScoped<IRotateUserKeyCommand, RotateUserKeyCommand>();
services
.AddScoped<IRotationValidator<IEnumerable<EmergencyAccessWithIdRequestModel>, IEnumerable<EmergencyAccess>>,
EmergencyAccessRotationValidator>();
// Services
services.AddBaseServices(globalSettings);

1
src/Core/Auth/Models/Data/RotateUserKeyData.cs
View File

@ -7,7 +7,6 @@ namespace Bit.Core.Auth.Models.Data;
public class RotateUserKeyData
{
public User User { get; set; }
public string MasterPasswordHash { get; set; }
public string Key { get; set; }
public string PrivateKey { get; set; }

9
src/Core/Auth/Repositories/IEmergencyAccessRepository.cs
View File

@ -1,5 +1,6 @@
using Bit.Core.Auth.Entities;
using Bit.Core.Auth.Models.Data;
using Bit.Core.Auth.UserFeatures.UserKey;
namespace Bit.Core.Repositories;
@ -11,4 +12,12 @@ public interface IEmergencyAccessRepository : IRepository<EmergencyAccess, Guid>
Task<EmergencyAccessDetails> GetDetailsByIdGrantorIdAsync(Guid id, Guid grantorId);
Task<ICollection<EmergencyAccessNotify>> GetManyToNotifyAsync();
Task<ICollection<EmergencyAccessDetails>> GetExpiredRecoveriesAsync();
/// <summary>
/// Updates encrypted data for emergency access during a key rotation
/// </summary>
/// <param name="grantorId">The grantor that initiated the key rotation</param>
/// <param name="emergencyAccessKeys">A list of emergency access with updated keys</param>
UpdateEncryptedDataForKeyRotation UpdateForKeyRotation(Guid grantorId,
IEnumerable<EmergencyAccess> emergencyAccessKeys);
}

12
src/Core/Auth/UserFeatures/UserKey/IRotateUserKeyCommand.cs
View File

@ -1,4 +1,5 @@
using Bit.Core.Auth.Models.Data;
using Bit.Core.Entities;
using Microsoft.AspNetCore.Identity;
using Microsoft.Data.SqlClient;
@ -12,7 +13,14 @@ public interface IRotateUserKeyCommand
/// <param name="model">All necessary information for rotation. Warning: Any encrypted data not included will be lost.</param>
/// <returns>An IdentityResult for verification of the master password hash</returns>
/// <exception cref="ArgumentNullException">User must be provided.</exception>
Task<IdentityResult> RotateUserKeyAsync(RotateUserKeyData model);
Task<IdentityResult> RotateUserKeyAsync(User user, RotateUserKeyData model);
}
public delegate Task UpdateEncryptedDataForKeyRotation(SqlTransaction transaction = null);
/// <summary>
/// A type used to implement updates to the database for key rotations. Each domain that requires an update of encrypted
/// data during a key rotation should use this to implement its own database call. The user repository loops through
/// these during a key rotation.
/// <para>Note: connection and transaction are only used for Dapper. They won't be available in EF</para>
/// </summary>
public delegate Task UpdateEncryptedDataForKeyRotation(SqlConnection connection = null,
SqlTransaction transaction = null);

34
src/Core/Auth/UserFeatures/UserKey/Implementations/RotateUserKeyCommand.cs
View File

@ -1,4 +1,5 @@
using Bit.Core.Auth.Models.Data;
using Bit.Core.Entities;
using Bit.Core.Repositories;
using Bit.Core.Services;
using Microsoft.AspNetCore.Identity;
@ -9,37 +10,40 @@ public class RotateUserKeyCommand : IRotateUserKeyCommand
{
private readonly IUserService _userService;
private readonly IUserRepository _userRepository;
private readonly IEmergencyAccessRepository _emergencyAccessRepository;
private readonly IPushNotificationService _pushService;
private readonly IdentityErrorDescriber _identityErrorDescriber;
public RotateUserKeyCommand(IUserService userService, IUserRepository userRepository,
IEmergencyAccessRepository emergencyAccessRepository,
IPushNotificationService pushService, IdentityErrorDescriber errors)
{
_userService = userService;
_userRepository = userRepository;
_emergencyAccessRepository = emergencyAccessRepository;
_pushService = pushService;
_identityErrorDescriber = errors;
}
/// <inheritdoc />
public async Task<IdentityResult> RotateUserKeyAsync(RotateUserKeyData model)
public async Task<IdentityResult> RotateUserKeyAsync(User user, RotateUserKeyData model)
{
if (model.User == null)
if (user == null)
{
throw new ArgumentNullException(nameof(model.User));
throw new ArgumentNullException(nameof(user));
}
if (!await _userService.CheckPasswordAsync(model.User, model.MasterPasswordHash))
if (!await _userService.CheckPasswordAsync(user, model.MasterPasswordHash))
{
return IdentityResult.Failed(_identityErrorDescriber.PasswordMismatch());
}
var now = DateTime.UtcNow;
model.User.RevisionDate = model.User.AccountRevisionDate = now;
model.User.LastKeyRotationDate = now;
model.User.SecurityStamp = Guid.NewGuid().ToString();
model.User.Key = model.Key;
model.User.PrivateKey = model.PrivateKey;
user.RevisionDate = user.AccountRevisionDate = now;
user.LastKeyRotationDate = now;
user.SecurityStamp = Guid.NewGuid().ToString();
user.Key = model.Key;
user.PrivateKey = model.PrivateKey;
if (model.Ciphers.Any() || model.Folders.Any() || model.Sends.Any() || model.EmergencyAccessKeys.Any() ||
model.ResetPasswordKeys.Any())
{
@ -48,14 +52,20 @@ public class RotateUserKeyCommand : IRotateUserKeyCommand
// {
// saveEncryptedDataActions.Add(_cipherRepository.SaveRotatedData);
// }
await _userRepository.UpdateUserKeyAndEncryptedDataAsync(model.User, saveEncryptedDataActions);
if (model.EmergencyAccessKeys.Any())
{
saveEncryptedDataActions.Add(
_emergencyAccessRepository.UpdateForKeyRotation(user.Id, model.EmergencyAccessKeys));
}
await _userRepository.UpdateUserKeyAndEncryptedDataAsync(user, saveEncryptedDataActions);
}
else
{
await _userRepository.ReplaceAsync(model.User);
await _userRepository.ReplaceAsync(user);
}
await _pushService.PushLogOutAsync(model.User.Id, excludeCurrentContextFromPush: true);
await _pushService.PushLogOutAsync(user.Id, excludeCurrentContextFromPush: true);
return IdentityResult.Success;
}
}

30
src/Infrastructure.Dapper/Auth/Helpers/EmergencyAccessHelpers.cs Normal file
View File

@ -0,0 +1,30 @@
using System.Data;
using Bit.Core.Auth.Entities;
namespace Bit.Infrastructure.Dapper.Auth.Helpers;
public static class EmergencyAccessHelpers
{
public static DataTable ToDataTable(this IEnumerable<EmergencyAccess> emergencyAccesses)
{
var emergencyAccessTable = new DataTable();
var columnData = new List<(string name, Type type, Func<EmergencyAccess, object> getter)>
{
(nameof(EmergencyAccess.Id), typeof(Guid), c => c.Id),
(nameof(EmergencyAccess.GrantorId), typeof(Guid), c => c.GrantorId),
(nameof(EmergencyAccess.GranteeId), typeof(Guid), c => c.GranteeId),
(nameof(EmergencyAccess.Email), typeof(string), c => c.Email),
(nameof(EmergencyAccess.KeyEncrypted), typeof(string), c => c.KeyEncrypted),
(nameof(EmergencyAccess.WaitTimeDays), typeof(int), c => c.WaitTimeDays),
(nameof(EmergencyAccess.Type), typeof(short), c => c.Type),
(nameof(EmergencyAccess.Status), typeof(short), c => c.Status),
(nameof(EmergencyAccess.RecoveryInitiatedDate), typeof(DateTime), c => c.RecoveryInitiatedDate),
(nameof(EmergencyAccess.LastNotificationDate), typeof(DateTime), c => c.LastNotificationDate),
(nameof(EmergencyAccess.CreationDate), typeof(DateTime), c => c.CreationDate),
(nameof(EmergencyAccess.RevisionDate), typeof(DateTime), c => c.RevisionDate),
};
return emergencyAccesses.BuildTable(emergencyAccessTable, columnData);
}
}

56
src/Infrastructure.Dapper/Auth/Repositories/EmergencyAccessRepository.cs
View File

@ -1,8 +1,10 @@
using System.Data;
using Bit.Core.Auth.Entities;
using Bit.Core.Auth.Models.Data;
using Bit.Core.Auth.UserFeatures.UserKey;
using Bit.Core.Repositories;
using Bit.Core.Settings;
using Bit.Infrastructure.Dapper.Auth.Helpers;
using Bit.Infrastructure.Dapper.Repositories;
using Dapper;
using Microsoft.Data.SqlClient;
@ -94,4 +96,58 @@ public class EmergencyAccessRepository : Repository<EmergencyAccess, Guid>, IEme
return results.ToList();
}
}
/// <inheritdoc />
public UpdateEncryptedDataForKeyRotation UpdateForKeyRotation(
Guid grantorId, IEnumerable<EmergencyAccess> emergencyAccessKeys)
{
return async (SqlConnection connection, SqlTransaction transaction) =>
{
// Create temp table
var sqlCreateTemp = @"
SELECT TOP 0 *
INTO #TempEmergencyAccess
FROM [dbo].[EmergencyAccess]";
await using (var cmd = new SqlCommand(sqlCreateTemp, connection, transaction))
{
cmd.ExecuteNonQuery();
}
// Bulk copy data into temp table
using (var bulkCopy = new SqlBulkCopy(connection, SqlBulkCopyOptions.KeepIdentity, transaction))
{
bulkCopy.DestinationTableName = "#TempEmergencyAccess";
var emergencyAccessTable = emergencyAccessKeys.ToDataTable();
foreach (DataColumn col in emergencyAccessTable.Columns)
{
bulkCopy.ColumnMappings.Add(col.ColumnName, col.ColumnName);
}
emergencyAccessTable.PrimaryKey = new DataColumn[] { emergencyAccessTable.Columns[0] };
await bulkCopy.WriteToServerAsync(emergencyAccessTable);
}
// Update emergency access table from temp table
var sql = @"
UPDATE
[dbo].[EmergencyAccess]
SET
[KeyEncrypted] = TE.[KeyEncrypted]
FROM
[dbo].[EmergencyAccess] E
INNER JOIN
#TempEmergencyAccess TE ON E.Id = TE.Id
WHERE
E.[GrantorId] = @GrantorId
DROP TABLE #TempEmergencyAccess";
await using (var cmd = new SqlCommand(sql, connection, transaction))
{
cmd.Parameters.Add("@GrantorId", SqlDbType.UniqueIdentifier).Value = grantorId;
cmd.ExecuteNonQuery();
}
};
}
}

3
src/Infrastructure.Dapper/DapperHelpers.cs
View File

@ -107,7 +107,8 @@ public static class DapperHelpers
return organizationSponsorships.BuildTable(table, columnData);
}
private static DataTable BuildTable<T>(this IEnumerable<T> entities, DataTable table, List<(string name, Type type, Func<T, object> getter)> columnData)
public static DataTable BuildTable<T>(this IEnumerable<T> entities, DataTable table,
List<(string name, Type type, Func<T, object> getter)> columnData)
{
foreach (var (name, type, getter) in columnData)
{

2
src/Infrastructure.Dapper/Repositories/UserRepository.cs
View File

@ -209,7 +209,7 @@ public class UserRepository : Repository<User, Guid>, IUserRepository
// Update re-encrypted data
foreach (var action in updateDataActions)
{
await action(transaction);
await action(connection, transaction);
}
transaction.Commit();

28
src/Infrastructure.EntityFramework/Auth/Repositories/EmergencyAccessRepository.cs
View File

@ -1,10 +1,12 @@
using AutoMapper;
using Bit.Core.Auth.Enums;
using Bit.Core.Auth.Models.Data;
using Bit.Core.Auth.UserFeatures.UserKey;
using Bit.Core.Repositories;
using Bit.Infrastructure.EntityFramework.Auth.Models;
using Bit.Infrastructure.EntityFramework.Auth.Repositories.Queries;
using Bit.Infrastructure.EntityFramework.Repositories;
using Microsoft.Data.SqlClient;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.DependencyInjection;
@ -116,4 +118,30 @@ public class EmergencyAccessRepository : Repository<Core.Auth.Entities.Emergency
return notifies;
}
}
/// <inheritdoc />
public UpdateEncryptedDataForKeyRotation UpdateForKeyRotation(
Guid grantorId, IEnumerable<Core.Auth.Entities.EmergencyAccess> emergencyAccessKeys)
{
return async (SqlConnection connection, SqlTransaction transaction) =>
{
var newKeys = emergencyAccessKeys.ToList();
using var scope = ServiceScopeFactory.CreateScope();
var dbContext = GetDatabaseContext(scope);
var userEmergencyAccess = await GetDbSet(dbContext)
.Where(ea => ea.GrantorId == grantorId)
.ToListAsync();
var validEmergencyAccess = userEmergencyAccess
.Where(ea => newKeys.Any(eak => eak.Id == ea.Id));
foreach (var ea in validEmergencyAccess)
{
var eak = newKeys.First(eak => eak.Id == ea.Id);
ea.KeyEncrypted = eak.KeyEncrypted;
}
await dbContext.SaveChangesAsync();
};
}
}

2
src/Infrastructure.EntityFramework/Repositories/UserRepository.cs
View File

@ -164,7 +164,7 @@ public class UserRepository : Repository<Core.Entities.User, User, Guid>, IUserR
// Update re-encrypted data
foreach (var action in updateDataActions)
{
// TODO (jlf0dev): Check if transaction captures these operations
// connection and transaction aren't used in EF
await action();
}

15
test/Api.Test/Controllers/AccountsControllerTests.cs → test/Api.Test/Auth/Controllers/AccountsControllerTests.cs
View File

@ -1,9 +1,12 @@
using System.Security.Claims;
using Bit.Api.Auth.Controllers;
using Bit.Api.Auth.Models.Request;
using Bit.Api.Auth.Models.Request.Accounts;
using Bit.Api.Controllers;
using Bit.Api.Auth.Validators;
using Bit.Core;
using Bit.Core.AdminConsole.Repositories;
using Bit.Core.AdminConsole.Services;
using Bit.Core.Auth.Entities;
using Bit.Core.Auth.Models.Api.Request.Accounts;
using Bit.Core.Auth.Services;
using Bit.Core.Auth.UserFeatures.UserKey;
@ -24,7 +27,7 @@ using Microsoft.AspNetCore.Identity;
using NSubstitute;
using Xunit;
namespace Bit.Api.Test.Controllers;
namespace Bit.Api.Test.Auth.Controllers;
public class AccountsControllerTests : IDisposable
{
@ -48,6 +51,9 @@ public class AccountsControllerTests : IDisposable
private readonly IFeatureService _featureService;
private readonly ICurrentContext _currentContext;
private readonly IRotationValidator<IEnumerable<EmergencyAccessWithIdRequestModel>, IEnumerable<EmergencyAccess>>
_emergencyAccessValidator;
public AccountsControllerTests()
{
@ -68,6 +74,8 @@ public class AccountsControllerTests : IDisposable
_rotateUserKeyCommand = Substitute.For<IRotateUserKeyCommand>();
_featureService = Substitute.For<IFeatureService>();
_currentContext = Substitute.For<ICurrentContext>();
_emergencyAccessValidator = Substitute.For<IRotationValidator<IEnumerable<EmergencyAccessWithIdRequestModel>,
IEnumerable<EmergencyAccess>>>();
_sut = new AccountsController(
_globalSettings,
@ -86,7 +94,8 @@ public class AccountsControllerTests : IDisposable
_setInitialMasterPasswordCommand,
_rotateUserKeyCommand,
_featureService,
_currentContext
_currentContext,
_emergencyAccessValidator
);
}

136
test/Api.Test/Auth/Validators/EmergencyAccessRotationValidatorTests.cs Normal file
View File

@ -0,0 +1,136 @@
using Bit.Api.Auth.Models.Request;
using Bit.Api.Auth.Validators;
using Bit.Core.Auth.Models.Data;
using Bit.Core.Entities;
using Bit.Core.Exceptions;
using Bit.Core.Repositories;
using Bit.Core.Services;
using Bit.Test.Common.AutoFixture;
using Bit.Test.Common.AutoFixture.Attributes;
using NSubstitute;
using Xunit;
namespace Bit.Api.Test.Auth.Validators;
[SutProviderCustomize]
public class EmergencyAccessRotationValidatorTests
{
[Theory]
[BitAutoData]
public async Task ValidateAsync_MissingEmergencyAccess_Throws(
SutProvider<EmergencyAccessRotationValidator> sutProvider, User user,
IEnumerable<EmergencyAccessWithIdRequestModel> emergencyAccessKeys)
{
sutProvider.GetDependency<IUserService>().CanAccessPremium(user).Returns(true);
var userEmergencyAccess = emergencyAccessKeys.Select(e => new EmergencyAccessDetails
{
Id = e.Id,
GrantorName = user.Name,
GrantorEmail = user.Email,
KeyEncrypted = e.KeyEncrypted,
Type = e.Type
}).ToList();
userEmergencyAccess.Add(new EmergencyAccessDetails { Id = Guid.NewGuid(), KeyEncrypted = "TestKey" });
sutProvider.GetDependency<IEmergencyAccessRepository>().GetManyDetailsByGrantorIdAsync(user.Id)
.Returns(userEmergencyAccess);
await Assert.ThrowsAsync<BadRequestException>(async () =>
await sutProvider.Sut.ValidateAsync(user, emergencyAccessKeys));
}
[Theory]
[BitAutoData]
public async Task ValidateAsync_EmergencyAccessDoesNotBelongToUser_NotIncluded(
SutProvider<EmergencyAccessRotationValidator> sutProvider, User user,
IEnumerable<EmergencyAccessWithIdRequestModel> emergencyAccessKeys)
{
sutProvider.GetDependency<IUserService>().CanAccessPremium(user).Returns(true);
var userEmergencyAccess = emergencyAccessKeys.Select(e => new EmergencyAccessDetails
{
Id = e.Id,
GrantorName = user.Name,
GrantorEmail = user.Email,
KeyEncrypted = e.KeyEncrypted,
Type = e.Type
}).ToList();
userEmergencyAccess.RemoveAt(0);
sutProvider.GetDependency<IEmergencyAccessRepository>().GetManyDetailsByGrantorIdAsync(user.Id)
.Returns(userEmergencyAccess);
var result = await sutProvider.Sut.ValidateAsync(user, emergencyAccessKeys);
Assert.DoesNotContain(result, c => c.Id == emergencyAccessKeys.First().Id);
}
[Theory]
[BitAutoData]
public async Task ValidateAsync_UserNotPremium_Success(
SutProvider<EmergencyAccessRotationValidator> sutProvider, User user,
IEnumerable<EmergencyAccessWithIdRequestModel> emergencyAccessKeys)
{
// We want to allow users who have lost premium to rotate their key for any existing emergency access, as long
// as we restrict it to existing records and don't let them alter data
user.Premium = false;
var userEmergencyAccess = emergencyAccessKeys.Select(e => new EmergencyAccessDetails
{
Id = e.Id,
GrantorName = user.Name,
GrantorEmail = user.Email,
KeyEncrypted = e.KeyEncrypted,
Type = e.Type
}).ToList();
sutProvider.GetDependency<IEmergencyAccessRepository>().GetManyDetailsByGrantorIdAsync(user.Id)
.Returns(userEmergencyAccess);
var result = await sutProvider.Sut.ValidateAsync(user, emergencyAccessKeys);
Assert.Equal(userEmergencyAccess, result);
}
[Theory]
[BitAutoData]
public async Task ValidateAsync_NonConfirmedEmergencyAccess_NotReturned(
SutProvider<EmergencyAccessRotationValidator> sutProvider, User user,
IEnumerable<EmergencyAccessWithIdRequestModel> emergencyAccessKeys)
{
emergencyAccessKeys.First().KeyEncrypted = null;
sutProvider.GetDependency<IUserService>().CanAccessPremium(user).Returns(true);
var userEmergencyAccess = emergencyAccessKeys.Select(e => new EmergencyAccessDetails
{
Id = e.Id,
GrantorName = user.Name,
GrantorEmail = user.Email,
KeyEncrypted = e.KeyEncrypted,
Type = e.Type
}).ToList();
sutProvider.GetDependency<IEmergencyAccessRepository>().GetManyDetailsByGrantorIdAsync(user.Id)
.Returns(userEmergencyAccess);
var result = await sutProvider.Sut.ValidateAsync(user, emergencyAccessKeys);
Assert.DoesNotContain(result, c => c.Id == emergencyAccessKeys.First().Id);
}
[Theory]
[BitAutoData]
public async Task ValidateAsync_AttemptToSetKeyToNull_Throws(
SutProvider<EmergencyAccessRotationValidator> sutProvider, User user,
IEnumerable<EmergencyAccessWithIdRequestModel> emergencyAccessKeys)
{
sutProvider.GetDependency<IUserService>().CanAccessPremium(user).Returns(true);
var userEmergencyAccess = emergencyAccessKeys.Select(e => new EmergencyAccessDetails
{
Id = e.Id,
GrantorName = user.Name,
GrantorEmail = user.Email,
KeyEncrypted = e.KeyEncrypted,
Type = e.Type
}).ToList();
sutProvider.GetDependency<IEmergencyAccessRepository>().GetManyDetailsByGrantorIdAsync(user.Id)
.Returns(userEmergencyAccess);
emergencyAccessKeys.First().KeyEncrypted = null;
await Assert.ThrowsAsync<BadRequestException>(async () =>
await sutProvider.Sut.ValidateAsync(user, emergencyAccessKeys));
}
}

20
test/Core.Test/Auth/UserFeatures/UserKey/RotateUserKeyCommandTests.cs
View File

@ -1,5 +1,6 @@
using Bit.Core.Auth.Models.Data;
using Bit.Core.Auth.UserFeatures.UserKey.Implementations;
using Bit.Core.Entities;
using Bit.Core.Services;
using Bit.Test.Common.AutoFixture;
using Bit.Test.Common.AutoFixture.Attributes;
@ -13,36 +14,37 @@ namespace Bit.Core.Test.Auth.UserFeatures.UserKey;
public class RotateUserKeyCommandTests
{
[Theory, BitAutoData]
public async Task RotateUserKeyAsync_Success(SutProvider<RotateUserKeyCommand> sutProvider, RotateUserKeyData model)
public async Task RotateUserKeyAsync_Success(SutProvider<RotateUserKeyCommand> sutProvider, User user,
RotateUserKeyData model)
{
sutProvider.GetDependency<IUserService>().CheckPasswordAsync(model.User, model.MasterPasswordHash)
sutProvider.GetDependency<IUserService>().CheckPasswordAsync(user, model.MasterPasswordHash)
.Returns(true);
var result = await sutProvider.Sut.RotateUserKeyAsync(model);
var result = await sutProvider.Sut.RotateUserKeyAsync(user, model);
Assert.Equal(IdentityResult.Success, result);
}
[Theory, BitAutoData]
public async Task RotateUserKeyAsync_InvalidMasterPasswordHash_ReturnsFailedIdentityResult(
SutProvider<RotateUserKeyCommand> sutProvider, RotateUserKeyData model)
SutProvider<RotateUserKeyCommand> sutProvider, User user, RotateUserKeyData model)
{
sutProvider.GetDependency<IUserService>().CheckPasswordAsync(model.User, model.MasterPasswordHash)
sutProvider.GetDependency<IUserService>().CheckPasswordAsync(user, model.MasterPasswordHash)
.Returns(false);
var result = await sutProvider.Sut.RotateUserKeyAsync(model);
var result = await sutProvider.Sut.RotateUserKeyAsync(user, model);
Assert.False(result.Succeeded);
}
[Theory, BitAutoData]
public async Task RotateUserKeyAsync_LogsOutUser(
SutProvider<RotateUserKeyCommand> sutProvider, RotateUserKeyData model)
SutProvider<RotateUserKeyCommand> sutProvider, User user, RotateUserKeyData model)
{
sutProvider.GetDependency<IUserService>().CheckPasswordAsync(model.User, model.MasterPasswordHash)
sutProvider.GetDependency<IUserService>().CheckPasswordAsync(user, model.MasterPasswordHash)
.Returns(true);
await sutProvider.Sut.RotateUserKeyAsync(model);
await sutProvider.Sut.RotateUserKeyAsync(user, model);
await sutProvider.GetDependency<IPushNotificationService>().ReceivedWithAnyArgs()
.PushLogOutAsync(default, default);