[PM-5938] Prevent permanent vault coruption on key-rotation with desycned vault (#4098)

* Add check to verify the vault state for rotation is not obviously desynced (empty) * Add unit test for key rotation guardrail * Move de-synced vault detection to validators * Add tests
2025-06-30 07:36:14 -05:00 · 2024-05-30 11:08:26 +02:00
parent f73b7c7fa8
commit 0189952e1f
10 changed files with 70 additions and 25 deletions
--- a/test/Api.Test/AdminConsole/Validators/OrganizationUserRotationValidatorTests.cs
+++ b/test/Api.Test/AdminConsole/Validators/OrganizationUserRotationValidatorTests.cs
@ -140,4 +140,25 @@ public class OrganizationUserRotationValidatorTests
        await Assert.ThrowsAsync<BadRequestException>(async () =>
            await sutProvider.Sut.ValidateAsync(user, resetPasswordKeys));
    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_NoOrganizationsInRequestButInDatabase_Throws(
+        SutProvider<OrganizationUserRotationValidator> sutProvider, User user,
+        IEnumerable<ResetPasswordWithOrgIdRequestModel> resetPasswordKeys)
+    {
+        var existingUserResetPassword = resetPasswordKeys
+            .Select(a =>
+                new OrganizationUser
+                {
+                    Id = new Guid(),
+                    ResetPasswordKey = a.ResetPasswordKey,
+                    OrganizationId = a.OrganizationId
+                }).ToList();
+        sutProvider.GetDependency<IOrganizationUserRepository>().GetManyByUserAsync(user.Id)
+            .Returns(existingUserResetPassword);
+
+        await Assert.ThrowsAsync<BadRequestException>(async () =>
+            await sutProvider.Sut.ValidateAsync(user, Enumerable.Empty<ResetPasswordWithOrgIdRequestModel>()));
+    }
 }
--- a/test/Api.Test/Auth/Validators/EmergencyAccessRotationValidatorTests.cs
+++ b/test/Api.Test/Auth/Validators/EmergencyAccessRotationValidatorTests.cs
@ -133,4 +133,25 @@ public class EmergencyAccessRotationValidatorTests
        await Assert.ThrowsAsync<BadRequestException>(async () =>
            await sutProvider.Sut.ValidateAsync(user, emergencyAccessKeys));
    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_SentKeysAreEmptyButDatabaseIsNot_Throws(
+        SutProvider<EmergencyAccessRotationValidator> sutProvider, User user,
+        IEnumerable<EmergencyAccessWithIdRequestModel> emergencyAccessKeys)
+    {
+        sutProvider.GetDependency<IUserService>().CanAccessPremium(user).Returns(true);
+        var userEmergencyAccess = emergencyAccessKeys.Select(e => new EmergencyAccessDetails
+        {
+            Id = e.Id,
+            GrantorName = user.Name,
+            GrantorEmail = user.Email,
+            KeyEncrypted = e.KeyEncrypted,
+            Type = e.Type
+        }).ToList();
+        sutProvider.GetDependency<IEmergencyAccessRepository>().GetManyDetailsByGrantorIdAsync(user.Id)
+            .Returns(userEmergencyAccess);
+
+        await Assert.ThrowsAsync<BadRequestException>(async () => await sutProvider.Sut.ValidateAsync(user, Enumerable.Empty<EmergencyAccessWithIdRequestModel>()));
+    }
 }
--- a/test/Api.Test/Vault/Validators/CipherRotationValidatorTests.cs
+++ b/test/Api.Test/Vault/Validators/CipherRotationValidatorTests.cs
@ -42,4 +42,16 @@ public class CipherRotationValidatorTests

        Assert.DoesNotContain(result, c => c.Id == ciphers.First().Id);
    }
+
+    [Theory, BitAutoData]
+    public async Task ValidateAsync_SentCiphersAreEmptyButDatabaseCiphersAreNot_Throws(
+        SutProvider<CipherRotationValidator> sutProvider, User user, IEnumerable<CipherWithIdRequestModel> ciphers)
+    {
+        var userCiphers = ciphers.Select(c => new CipherDetails { Id = c.Id.GetValueOrDefault(), Type = c.Type })
+            .ToList();
+        sutProvider.GetDependency<ICipherRepository>().GetManyByUserIdAsync(user.Id, Arg.Any<bool>())
+            .Returns(userCiphers);
+
+        await Assert.ThrowsAsync<BadRequestException>(async () => await sutProvider.Sut.ValidateAsync(user, Enumerable.Empty<CipherWithIdRequestModel>()));
+    }
 }
--- a/test/Api.Test/Vault/Validators/FolderRotationValidatorTests.cs
+++ b/test/Api.Test/Vault/Validators/FolderRotationValidatorTests.cs
@ -39,4 +39,14 @@ public class FolderRotationValidatorTests

        Assert.DoesNotContain(result, c => c.Id == folders.First().Id);
    }
+
+    [Theory, BitAutoData]
+    public async Task ValidateAsync_SentFoldersAreEmptyButDatabaseFoldersAreNot_Throws(
+        SutProvider<FolderRotationValidator> sutProvider, User user, IEnumerable<FolderWithIdRequestModel> folders)
+    {
+        var userFolders = folders.Select(f => f.ToFolder(new Folder())).ToList();
+        sutProvider.GetDependency<IFolderRepository>().GetManyByUserIdAsync(user.Id).Returns(userFolders);
+
+        await Assert.ThrowsAsync<BadRequestException>(async () => await sutProvider.Sut.ValidateAsync(user, Enumerable.Empty<FolderWithIdRequestModel>()));
+    }
 }
--- a/test/Core.Test/Auth/UserFeatures/UserKey/RotateUserKeyCommandTests.cs
+++ b/test/Core.Test/Auth/UserFeatures/UserKey/RotateUserKeyCommandTests.cs
@ -49,4 +49,5 @@ public class RotateUserKeyCommandTests
        await sutProvider.GetDependency<IPushNotificationService>().ReceivedWithAnyArgs()
            .PushLogOutAsync(default, default);
    }
+
 }