nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-30 15:42:48 -05:00
Code Activity

[PM-5938] Prevent permanent vault coruption on key-rotation with desycned vault (#4098)

Browse Source 
* Add check to verify the vault state for rotation is not obviously desynced (empty)

* Add unit test for key rotation guardrail

* Move de-synced vault detection to validators

* Add tests
This commit is contained in:
Bernd Schoolmann
2024-05-30 11:08:26 +02:00
committed by GitHub
parent f73b7c7fa8
commit 0189952e1f
10 changed files with 70 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
test/Api.Test/Auth/Validators/EmergencyAccessRotationValidatorTests.cs
View File

@ -133,4 +133,25 @@ public class EmergencyAccessRotationValidatorTests
await Assert.ThrowsAsync<BadRequestException>(async () =>
await sutProvider.Sut.ValidateAsync(user, emergencyAccessKeys));
}
[Theory]
[BitAutoData]
public async Task ValidateAsync_SentKeysAreEmptyButDatabaseIsNot_Throws(
SutProvider<EmergencyAccessRotationValidator> sutProvider, User user,
IEnumerable<EmergencyAccessWithIdRequestModel> emergencyAccessKeys)
{
sutProvider.GetDependency<IUserService>().CanAccessPremium(user).Returns(true);
var userEmergencyAccess = emergencyAccessKeys.Select(e => new EmergencyAccessDetails
{
Id = e.Id,
GrantorName = user.Name,
GrantorEmail = user.Email,
KeyEncrypted = e.KeyEncrypted,
Type = e.Type
}).ToList();
sutProvider.GetDependency<IEmergencyAccessRepository>().GetManyDetailsByGrantorIdAsync(user.Id)
.Returns(userEmergencyAccess);
await Assert.ThrowsAsync<BadRequestException>(async () => await sutProvider.Sut.ValidateAsync(user, Enumerable.Empty<EmergencyAccessWithIdRequestModel>()));
}
}