From de8b7b14b836ddeb76722494f752ac9b4bf37f2b Mon Sep 17 00:00:00 2001 From: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com> Date: Mon, 8 Apr 2024 14:32:20 -0500 Subject: [PATCH] feat: generate txt record server-side and remove initial domain verification, refs AC-2350 (#3940) --- .../OrganizationDomainController.cs | 1 - .../Request/OrganizationDomainRequestModel.cs | 3 - .../CreateOrganizationDomainCommand.cs | 21 ++----- .../CreateOrganizationDomainCommandTests.cs | 58 +------------------ 4 files changed, 9 insertions(+), 74 deletions(-) diff --git a/src/Api/AdminConsole/Controllers/OrganizationDomainController.cs b/src/Api/AdminConsole/Controllers/OrganizationDomainController.cs index 92feb9a44..35c927d5a 100644 --- a/src/Api/AdminConsole/Controllers/OrganizationDomainController.cs +++ b/src/Api/AdminConsole/Controllers/OrganizationDomainController.cs @@ -80,7 +80,6 @@ public class OrganizationDomainController : Controller var organizationDomain = new OrganizationDomain { OrganizationId = orgId, - Txt = model.Txt, DomainName = model.DomainName.ToLower() }; diff --git a/src/Api/AdminConsole/Models/Request/OrganizationDomainRequestModel.cs b/src/Api/AdminConsole/Models/Request/OrganizationDomainRequestModel.cs index c34c01783..8bf1ebe39 100644 --- a/src/Api/AdminConsole/Models/Request/OrganizationDomainRequestModel.cs +++ b/src/Api/AdminConsole/Models/Request/OrganizationDomainRequestModel.cs @@ -4,9 +4,6 @@ namespace Bit.Api.AdminConsole.Models.Request; public class OrganizationDomainRequestModel { - [Required] - public string Txt { get; set; } - [Required] public string DomainName { get; set; } } diff --git a/src/Core/AdminConsole/OrganizationFeatures/OrganizationDomains/CreateOrganizationDomainCommand.cs b/src/Core/AdminConsole/OrganizationFeatures/OrganizationDomains/CreateOrganizationDomainCommand.cs index 35fa54faa..be8ed0e64 100644 --- a/src/Core/AdminConsole/OrganizationFeatures/OrganizationDomains/CreateOrganizationDomainCommand.cs +++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationDomains/CreateOrganizationDomainCommand.cs @@ -5,6 +5,7 @@ using Bit.Core.Exceptions; using Bit.Core.Repositories; using Bit.Core.Services; using Bit.Core.Settings; +using Bit.Core.Utilities; using Microsoft.Extensions.Logging; namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationDomains; @@ -50,26 +51,16 @@ public class CreateOrganizationDomainCommand : ICreateOrganizationDomainCommand throw new ConflictException("A domain already exists for this organization."); } - try - { - if (await _dnsResolverService.ResolveAsync(organizationDomain.DomainName, organizationDomain.Txt)) - { - organizationDomain.SetVerifiedDate(); - } - } - catch (Exception e) - { - _logger.LogError(e, "Error verifying Organization domain."); - } - + // Generate and set DNS TXT Record + // DNS-Based Service Discovery RFC: https://www.ietf.org/rfc/rfc6763.txt; see section 6.1 + // Google uses 43 chars for their TXT record value: https://support.google.com/a/answer/2716802 + // A random 44 character string was used here to keep parity with prior client-side generation of 47 characters + organizationDomain.Txt = string.Join("=", "bw", CoreHelpers.RandomString(44)); organizationDomain.SetNextRunDate(_globalSettings.DomainVerification.VerificationInterval); - organizationDomain.SetLastCheckedDate(); var orgDomain = await _organizationDomainRepository.CreateAsync(organizationDomain); await _eventService.LogOrganizationDomainEventAsync(orgDomain, EventType.OrganizationDomain_Added); - await _eventService.LogOrganizationDomainEventAsync(orgDomain, - orgDomain.VerifiedDate != null ? EventType.OrganizationDomain_Verified : EventType.OrganizationDomain_NotVerified); return orgDomain; } diff --git a/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationDomains/CreateOrganizationDomainCommandTests.cs b/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationDomains/CreateOrganizationDomainCommandTests.cs index a63aadd06..d6f2c94e9 100644 --- a/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationDomains/CreateOrganizationDomainCommandTests.cs +++ b/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationDomains/CreateOrganizationDomainCommandTests.cs @@ -7,7 +7,6 @@ using Bit.Core.Services; using Bit.Test.Common.AutoFixture; using Bit.Test.Common.AutoFixture.Attributes; using NSubstitute; -using NSubstitute.ExceptionExtensions; using NSubstitute.ReturnsExtensions; using Xunit; @@ -25,9 +24,6 @@ public class CreateOrganizationDomainCommandTests sutProvider.GetDependency() .GetDomainByOrgIdAndDomainNameAsync(orgDomain.OrganizationId, orgDomain.DomainName) .ReturnsNull(); - sutProvider.GetDependency() - .ResolveAsync(orgDomain.DomainName, orgDomain.Txt) - .Returns(false); orgDomain.SetNextRunDate(12); sutProvider.GetDependency() .CreateAsync(orgDomain) @@ -38,12 +34,12 @@ public class CreateOrganizationDomainCommandTests Assert.Equal(orgDomain.Id, result.Id); Assert.Equal(orgDomain.OrganizationId, result.OrganizationId); - Assert.NotNull(result.LastCheckedDate); + Assert.Null(result.LastCheckedDate); + Assert.Equal(orgDomain.Txt, result.Txt); + Assert.Equal(orgDomain.Txt.Length == 47, result.Txt.Length == 47); Assert.Equal(orgDomain.NextRunDate, result.NextRunDate); await sutProvider.GetDependency().Received(1) .LogOrganizationDomainEventAsync(Arg.Any(), EventType.OrganizationDomain_Added); - await sutProvider.GetDependency().Received(1) - .LogOrganizationDomainEventAsync(Arg.Any(), Arg.Is(x => x == EventType.OrganizationDomain_NotVerified)); } [Theory, BitAutoData] @@ -79,52 +75,4 @@ public class CreateOrganizationDomainCommandTests var exception = await Assert.ThrowsAsync(requestAction); Assert.Contains("A domain already exists for this organization.", exception.Message); } - - [Theory, BitAutoData] - public async Task CreateAsync_ShouldNotSetVerifiedDate_WhenDomainCannotBeResolved(OrganizationDomain orgDomain, - SutProvider sutProvider) - { - sutProvider.GetDependency() - .GetClaimedDomainsByDomainNameAsync(orgDomain.DomainName) - .Returns(new List()); - sutProvider.GetDependency() - .GetDomainByOrgIdAndDomainNameAsync(orgDomain.OrganizationId, orgDomain.DomainName) - .ReturnsNull(); - sutProvider.GetDependency() - .ResolveAsync(orgDomain.DomainName, orgDomain.Txt) - .Throws(new DnsQueryException("")); - sutProvider.GetDependency() - .CreateAsync(orgDomain) - .Returns(orgDomain); - - await sutProvider.Sut.CreateAsync(orgDomain); - - Assert.Null(orgDomain.VerifiedDate); - } - - [Theory, BitAutoData] - public async Task CreateAsync_ShouldSetVerifiedDateAndLogEvent_WhenDomainIsResolved(OrganizationDomain orgDomain, - SutProvider sutProvider) - { - sutProvider.GetDependency() - .GetClaimedDomainsByDomainNameAsync(orgDomain.DomainName) - .Returns(new List()); - sutProvider.GetDependency() - .GetDomainByOrgIdAndDomainNameAsync(orgDomain.OrganizationId, orgDomain.DomainName) - .ReturnsNull(); - sutProvider.GetDependency() - .ResolveAsync(orgDomain.DomainName, orgDomain.Txt) - .Returns(true); - sutProvider.GetDependency() - .CreateAsync(orgDomain) - .Returns(orgDomain); - - var result = await sutProvider.Sut.CreateAsync(orgDomain); - - Assert.NotNull(result.VerifiedDate); - await sutProvider.GetDependency().Received(1) - .LogOrganizationDomainEventAsync(Arg.Any(), EventType.OrganizationDomain_Added); - await sutProvider.GetDependency().Received(1) - .LogOrganizationDomainEventAsync(Arg.Any(), Arg.Is(x => x == EventType.OrganizationDomain_Verified)); - } }