nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-30 15:42:48 -05:00
Code Activity

[PM-5938] Prevent permanent vault coruption on key-rotation with desycned vault (#4098)

Browse Source 
* Add check to verify the vault state for rotation is not obviously desynced (empty)

* Add unit test for key rotation guardrail

* Move de-synced vault detection to validators

* Add tests
This commit is contained in:
Bernd Schoolmann
2024-05-30 11:08:26 +02:00
committed by GitHub
parent f73b7c7fa8
commit 0189952e1f
10 changed files with 70 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
test/Api.Test/Vault/Validators/CipherRotationValidatorTests.cs
View File

@ -42,4 +42,16 @@ public class CipherRotationValidatorTests
Assert.DoesNotContain(result, c => c.Id == ciphers.First().Id);
}
[Theory, BitAutoData]
public async Task ValidateAsync_SentCiphersAreEmptyButDatabaseCiphersAreNot_Throws(
SutProvider<CipherRotationValidator> sutProvider, User user, IEnumerable<CipherWithIdRequestModel> ciphers)
{
var userCiphers = ciphers.Select(c => new CipherDetails { Id = c.Id.GetValueOrDefault(), Type = c.Type })
.ToList();
sutProvider.GetDependency<ICipherRepository>().GetManyByUserIdAsync(user.Id, Arg.Any<bool>())
.Returns(userCiphers);
await Assert.ThrowsAsync<BadRequestException>(async () => await sutProvider.Sut.ValidateAsync(user, Enumerable.Empty<CipherWithIdRequestModel>()));
}
}