using System.Text.Json; using Bit.Core.Entities; using Bit.Core.Enums; using Bit.Core.Models; using Bit.Core.Models.Business; using Bit.Core.Models.Data.Organizations; using Bit.Core.Repositories; using Bit.Core.Services; using Bit.Test.Common.AutoFixture; using Bit.Test.Common.AutoFixture.Attributes; using Bit.Test.Common.Helpers; using Microsoft.AspNetCore.Identity; using NSubstitute; using NSubstitute.ReceivedExtensions; using Xunit; namespace Bit.Core.Test.Services; public class UserServiceTests { [Theory, CustomAutoData(typeof(SutProviderCustomization))] public async Task UpdateLicenseAsync_Success(SutProvider sutProvider, User user, UserLicense userLicense) { using var tempDir = new TempDirectory(); var now = DateTime.UtcNow; userLicense.Issued = now.AddDays(-10); userLicense.Expires = now.AddDays(10); userLicense.Version = 1; userLicense.Premium = true; user.EmailVerified = true; user.Email = userLicense.Email; sutProvider.GetDependency().SelfHosted = true; sutProvider.GetDependency().LicenseDirectory = tempDir.Directory; sutProvider.GetDependency() .VerifyLicense(userLicense) .Returns(true); await sutProvider.Sut.UpdateLicenseAsync(user, userLicense); var filePath = Path.Combine(tempDir.Directory, "user", $"{user.Id}.json"); Assert.True(File.Exists(filePath)); var document = JsonDocument.Parse(File.OpenRead(filePath)); var root = document.RootElement; Assert.Equal(JsonValueKind.Object, root.ValueKind); // Sort of a lazy way to test that it is indented but not sure of a better way Assert.Contains('\n', root.GetRawText()); AssertHelper.AssertJsonProperty(root, "LicenseKey", JsonValueKind.String); AssertHelper.AssertJsonProperty(root, "Id", JsonValueKind.String); AssertHelper.AssertJsonProperty(root, "Premium", JsonValueKind.True); var versionProp = AssertHelper.AssertJsonProperty(root, "Version", JsonValueKind.Number); Assert.Equal(1, versionProp.GetInt32()); } [Theory, CustomAutoData(typeof(SutProviderCustomization))] public async Task SendTwoFactorEmailAsync_Success(SutProvider sutProvider, User user) { var email = user.Email.ToLowerInvariant(); var token = "thisisatokentocompare"; var userTwoFactorTokenProvider = Substitute.For>(); userTwoFactorTokenProvider .CanGenerateTwoFactorTokenAsync(Arg.Any>(), user) .Returns(Task.FromResult(true)); userTwoFactorTokenProvider .GenerateAsync("2faEmail:" + email, Arg.Any>(), user) .Returns(Task.FromResult(token)); sutProvider.Sut.RegisterTokenProvider("Email", userTwoFactorTokenProvider); user.SetTwoFactorProviders(new Dictionary { [TwoFactorProviderType.Email] = new TwoFactorProvider { MetaData = new Dictionary { ["Email"] = email }, Enabled = true } }); await sutProvider.Sut.SendTwoFactorEmailAsync(user); await sutProvider.GetDependency() .Received(1) .SendTwoFactorEmailAsync(email, token); } [Theory, CustomAutoData(typeof(SutProviderCustomization))] public async Task SendTwoFactorEmailBecauseNewDeviceLoginAsync_Success(SutProvider sutProvider, User user) { var email = user.Email.ToLowerInvariant(); var token = "thisisatokentocompare"; var userTwoFactorTokenProvider = Substitute.For>(); userTwoFactorTokenProvider .CanGenerateTwoFactorTokenAsync(Arg.Any>(), user) .Returns(Task.FromResult(true)); userTwoFactorTokenProvider .GenerateAsync("2faEmail:" + email, Arg.Any>(), user) .Returns(Task.FromResult(token)); sutProvider.Sut.RegisterTokenProvider("Email", userTwoFactorTokenProvider); user.SetTwoFactorProviders(new Dictionary { [TwoFactorProviderType.Email] = new TwoFactorProvider { MetaData = new Dictionary { ["Email"] = email }, Enabled = true } }); await sutProvider.Sut.SendTwoFactorEmailAsync(user, true); await sutProvider.GetDependency() .Received(1) .SendNewDeviceLoginTwoFactorEmailAsync(email, token); } [Theory, CustomAutoData(typeof(SutProviderCustomization))] public async Task SendTwoFactorEmailAsync_ExceptionBecauseNoProviderOnUser(SutProvider sutProvider, User user) { user.TwoFactorProviders = null; await Assert.ThrowsAsync("No email.", () => sutProvider.Sut.SendTwoFactorEmailAsync(user)); } [Theory, CustomAutoData(typeof(SutProviderCustomization))] public async Task SendTwoFactorEmailAsync_ExceptionBecauseNoProviderMetadataOnUser(SutProvider sutProvider, User user) { user.SetTwoFactorProviders(new Dictionary { [TwoFactorProviderType.Email] = new TwoFactorProvider { MetaData = null, Enabled = true } }); await Assert.ThrowsAsync("No email.", () => sutProvider.Sut.SendTwoFactorEmailAsync(user)); } [Theory, CustomAutoData(typeof(SutProviderCustomization))] public async Task SendTwoFactorEmailAsync_ExceptionBecauseNoProviderEmailMetadataOnUser(SutProvider sutProvider, User user) { user.SetTwoFactorProviders(new Dictionary { [TwoFactorProviderType.Email] = new TwoFactorProvider { MetaData = new Dictionary { ["qweqwe"] = user.Email.ToLowerInvariant() }, Enabled = true } }); await Assert.ThrowsAsync("No email.", () => sutProvider.Sut.SendTwoFactorEmailAsync(user)); } [Theory, CustomAutoData(typeof(SutProviderCustomization))] public async Task Needs2FABecauseNewDeviceAsync_ReturnsTrue(SutProvider sutProvider, User user) { user.EmailVerified = true; user.TwoFactorProviders = null; user.UnknownDeviceVerificationEnabled = true; const string deviceIdToCheck = "7b01b586-b210-499f-8d52-0c3fdaa646fc"; const string deviceIdInRepo = "ea29126c-91b7-4cc4-8ce6-00105b37f64a"; sutProvider.GetDependency() .GetManyByUserIdAsync(user.Id) .Returns(Task.FromResult>(new List { new Device { Identifier = deviceIdInRepo } })); sutProvider.GetDependency().TwoFactorAuth.EmailOnNewDeviceLogin.Returns(true); Assert.True(await sutProvider.Sut.Needs2FABecauseNewDeviceAsync(user, deviceIdToCheck, "password")); } [Theory, CustomAutoData(typeof(SutProviderCustomization))] public async Task Needs2FABecauseNewDeviceAsync_ReturnsFalse_When_GranType_Is_AuthorizationCode(SutProvider sutProvider, User user) { user.EmailVerified = true; user.TwoFactorProviders = null; const string deviceIdToCheck = "7b01b586-b210-499f-8d52-0c3fdaa646fc"; const string deviceIdInRepo = "ea29126c-91b7-4cc4-8ce6-00105b37f64a"; sutProvider.GetDependency() .GetManyByUserIdAsync(user.Id) .Returns(Task.FromResult>(new List { new Device { Identifier = deviceIdInRepo } })); Assert.False(await sutProvider.Sut.Needs2FABecauseNewDeviceAsync(user, deviceIdToCheck, "authorization_code")); } [Theory, CustomAutoData(typeof(SutProviderCustomization))] public async Task Needs2FABecauseNewDeviceAsync_ReturnsFalse_When_Email_Is_Not_Verified(SutProvider sutProvider, User user) { user.EmailVerified = false; user.TwoFactorProviders = null; const string deviceIdToCheck = "7b01b586-b210-499f-8d52-0c3fdaa646fc"; const string deviceIdInRepo = "ea29126c-91b7-4cc4-8ce6-00105b37f64a"; sutProvider.GetDependency() .GetManyByUserIdAsync(user.Id) .Returns(Task.FromResult>(new List { new Device { Identifier = deviceIdInRepo } })); Assert.False(await sutProvider.Sut.Needs2FABecauseNewDeviceAsync(user, deviceIdToCheck, "password")); } [Theory, CustomAutoData(typeof(SutProviderCustomization))] public async Task Needs2FABecauseNewDeviceAsync_ReturnsFalse_When_Is_The_First_Device(SutProvider sutProvider, User user) { user.EmailVerified = true; user.TwoFactorProviders = null; const string deviceIdToCheck = "7b01b586-b210-499f-8d52-0c3fdaa646fc"; sutProvider.GetDependency() .GetManyByUserIdAsync(user.Id) .Returns(Task.FromResult>(new List())); Assert.False(await sutProvider.Sut.Needs2FABecauseNewDeviceAsync(user, deviceIdToCheck, "password")); } [Theory, CustomAutoData(typeof(SutProviderCustomization))] public async Task Needs2FABecauseNewDeviceAsync_ReturnsFalse_When_DeviceId_Is_Already_In_Repo(SutProvider sutProvider, User user) { user.EmailVerified = true; user.TwoFactorProviders = null; const string deviceIdToCheck = "7b01b586-b210-499f-8d52-0c3fdaa646fc"; sutProvider.GetDependency() .GetManyByUserIdAsync(user.Id) .Returns(Task.FromResult>(new List { new Device { Identifier = deviceIdToCheck } })); Assert.False(await sutProvider.Sut.Needs2FABecauseNewDeviceAsync(user, deviceIdToCheck, "password")); } [Theory, CustomAutoData(typeof(SutProviderCustomization))] public async Task Needs2FABecauseNewDeviceAsync_ReturnsFalse_When_GlobalSettings_2FA_EmailOnNewDeviceLogin_Is_Disabled(SutProvider sutProvider, User user) { user.EmailVerified = true; user.TwoFactorProviders = null; const string deviceIdToCheck = "7b01b586-b210-499f-8d52-0c3fdaa646fc"; const string deviceIdInRepo = "ea29126c-91b7-4cc4-8ce6-00105b37f64a"; sutProvider.GetDependency() .GetManyByUserIdAsync(user.Id) .Returns(Task.FromResult>(new List { new Device { Identifier = deviceIdInRepo } })); sutProvider.GetDependency().TwoFactorAuth.EmailOnNewDeviceLogin.Returns(false); Assert.False(await sutProvider.Sut.Needs2FABecauseNewDeviceAsync(user, deviceIdToCheck, "password")); } [Theory, CustomAutoData(typeof(SutProviderCustomization))] public async Task Needs2FABecauseNewDeviceAsync_ReturnsFalse_When_UnknownDeviceVerification_Is_Disabled(SutProvider sutProvider, User user) { user.EmailVerified = true; user.TwoFactorProviders = null; user.UnknownDeviceVerificationEnabled = false; const string deviceIdToCheck = "7b01b586-b210-499f-8d52-0c3fdaa646fc"; const string deviceIdInRepo = "ea29126c-91b7-4cc4-8ce6-00105b37f64a"; sutProvider.GetDependency() .GetManyByUserIdAsync(user.Id) .Returns(Task.FromResult>(new List { new Device { Identifier = deviceIdInRepo } })); sutProvider.GetDependency().TwoFactorAuth.EmailOnNewDeviceLogin.Returns(true); Assert.False(await sutProvider.Sut.Needs2FABecauseNewDeviceAsync(user, deviceIdToCheck, "password")); } [Theory, CustomAutoData(typeof(SutProviderCustomization))] public void CanEditDeviceVerificationSettings_ReturnsTrue(SutProvider sutProvider, User user) { user.EmailVerified = true; user.TwoFactorProviders = null; sutProvider.GetDependency().TwoFactorAuth.EmailOnNewDeviceLogin.Returns(true); Assert.True(sutProvider.Sut.CanEditDeviceVerificationSettings(user)); } [Theory, CustomAutoData(typeof(SutProviderCustomization))] public void CanEditDeviceVerificationSettings_ReturnsFalse_When_GlobalSettings_2FA_EmailOnNewDeviceLogin_Is_Disabled(SutProvider sutProvider, User user) { user.EmailVerified = true; user.TwoFactorProviders = null; sutProvider.GetDependency().TwoFactorAuth.EmailOnNewDeviceLogin.Returns(false); Assert.False(sutProvider.Sut.CanEditDeviceVerificationSettings(user)); } [Theory, CustomAutoData(typeof(SutProviderCustomization))] public void CanEditDeviceVerificationSettings_ReturnsFalse_When_Email_Is_Not_Verified(SutProvider sutProvider, User user) { user.EmailVerified = false; user.TwoFactorProviders = null; sutProvider.GetDependency().TwoFactorAuth.EmailOnNewDeviceLogin.Returns(true); Assert.False(sutProvider.Sut.CanEditDeviceVerificationSettings(user)); } [Theory, CustomAutoData(typeof(SutProviderCustomization))] public void CanEditDeviceVerificationSettings_ReturnsFalse_When_User_Uses_Key_Connector(SutProvider sutProvider, User user) { user.EmailVerified = true; user.TwoFactorProviders = null; user.UsesKeyConnector = true; sutProvider.GetDependency().TwoFactorAuth.EmailOnNewDeviceLogin.Returns(true); Assert.False(sutProvider.Sut.CanEditDeviceVerificationSettings(user)); } [Theory, CustomAutoData(typeof(SutProviderCustomization))] public void CanEditDeviceVerificationSettings_ReturnsFalse_When_User_Has_A_2FA_Already_Set_Up(SutProvider sutProvider, User user) { user.EmailVerified = true; user.SetTwoFactorProviders(new Dictionary { [TwoFactorProviderType.Email] = new TwoFactorProvider { MetaData = new Dictionary { ["Email"] = "asdfasf" }, Enabled = true } }); sutProvider.GetDependency().TwoFactorAuth.EmailOnNewDeviceLogin.Returns(true); Assert.False(sutProvider.Sut.CanEditDeviceVerificationSettings(user)); } [Theory, CustomAutoData(typeof(SutProviderCustomization))] public async void HasPremiumFromOrganization_Returns_False_If_No_Orgs(SutProvider sutProvider, User user) { sutProvider.GetDependency().GetManyByUserAsync(user.Id).Returns(new List()); Assert.False(await sutProvider.Sut.HasPremiumFromOrganization(user)); } [Theory] [InlineCustomAutoData(new[] { typeof(SutProviderCustomization) }, false, true)] [InlineCustomAutoData(new[] { typeof(SutProviderCustomization) }, true, false)] public async void HasPremiumFromOrganization_Returns_False_If_Org_Not_Eligible(bool orgEnabled, bool orgUsersGetPremium, SutProvider sutProvider, User user, OrganizationUser orgUser, Organization organization) { orgUser.OrganizationId = organization.Id; organization.Enabled = orgEnabled; organization.UsersGetPremium = orgUsersGetPremium; var orgAbilities = new Dictionary() { { organization.Id, new OrganizationAbility(organization) } }; sutProvider.GetDependency().GetManyByUserAsync(user.Id).Returns(new List() { orgUser }); sutProvider.GetDependency().GetOrganizationAbilitiesAsync().Returns(orgAbilities); Assert.False(await sutProvider.Sut.HasPremiumFromOrganization(user)); } [Theory, CustomAutoData(typeof(SutProviderCustomization))] public async void HasPremiumFromOrganization_Returns_True_If_Org_Eligible(SutProvider sutProvider, User user, OrganizationUser orgUser, Organization organization) { orgUser.OrganizationId = organization.Id; organization.Enabled = true; organization.UsersGetPremium = true; var orgAbilities = new Dictionary() { { organization.Id, new OrganizationAbility(organization) } }; sutProvider.GetDependency().GetManyByUserAsync(user.Id).Returns(new List() { orgUser }); sutProvider.GetDependency().GetOrganizationAbilitiesAsync().Returns(orgAbilities); Assert.True(await sutProvider.Sut.HasPremiumFromOrganization(user)); } }