[PM-9826] Remove validation from 2fa GET and mask sensitive data (#4526)

* remove validation from 2fa GET and mask sensitive data * skip verification check on put email * disable verification on send-email and reenable on put email * validate authenticator on set instead of get * Revert "validate authenticator on set instead of get" This reverts commit 7bf2084531. * fix tests * fix more tests * Narrow scope of verify bypass * Defaulted to false on VerifySecretAsync * fix default param value --------- Co-authored-by: Ike Kottlowski <ikottlowski@bitwarden.com> Co-authored-by: Todd Martin <tmartin@bitwarden.com>
2025-06-30 07:36:14 -05:00 · 2024-07-22 11:21:14 -04:00
parent 4f4750a0a6
commit 091c03a90c
6 changed files with 49 additions and 28 deletions
--- a/test/Api.Test/Auth/Models/Response/OrganizationTwoFactorDuoResponseModelTests.cs
+++ b/test/Api.Test/Auth/Models/Response/OrganizationTwoFactorDuoResponseModelTests.cs
@ -21,9 +21,9 @@ public class OrganizationTwoFactorDuoResponseModelTests
        // Assert if v4 data Ikey and Skey are set to clientId and clientSecret
        Assert.NotNull(model);
        Assert.Equal("clientId", model.ClientId);
-        Assert.Equal("clientSecret", model.ClientSecret);
+        Assert.Equal("secret************", model.ClientSecret);
        Assert.Equal("clientId", model.IntegrationKey);
-        Assert.Equal("clientSecret", model.SecretKey);
+        Assert.Equal("secret************", model.SecretKey);
    }

    [Theory]
@ -57,9 +57,9 @@ public class OrganizationTwoFactorDuoResponseModelTests
        /// Assert Even if both versions are present priority is given to v4 data
        Assert.NotNull(model);
        Assert.Equal("clientId", model.ClientId);
-        Assert.Equal("clientSecret", model.ClientSecret);
+        Assert.Equal("secret************", model.ClientSecret);
        Assert.Equal("clientId", model.IntegrationKey);
-        Assert.Equal("clientSecret", model.SecretKey);
+        Assert.Equal("secret************", model.SecretKey);
    }

    [Theory]
@ -92,12 +92,14 @@ public class OrganizationTwoFactorDuoResponseModelTests

    private string GetTwoFactorOrganizationDuoProvidersJson()
    {
-        return "{\"6\":{\"Enabled\":true,\"MetaData\":{\"SKey\":\"SKey\",\"IKey\":\"IKey\",\"ClientSecret\":\"clientSecret\",\"ClientId\":\"clientId\",\"Host\":\"example.com\"}}}";
+        return
+            "{\"6\":{\"Enabled\":true,\"MetaData\":{\"SKey\":\"SKey\",\"IKey\":\"IKey\",\"ClientSecret\":\"secretClientSecret\",\"ClientId\":\"clientId\",\"Host\":\"example.com\"}}}";
    }

    private string GetTwoFactorOrganizationDuoV4ProvidersJson()
    {
-        return "{\"6\":{\"Enabled\":true,\"MetaData\":{\"ClientSecret\":\"clientSecret\",\"ClientId\":\"clientId\",\"Host\":\"example.com\"}}}";
+        return
+            "{\"6\":{\"Enabled\":true,\"MetaData\":{\"ClientSecret\":\"secretClientSecret\",\"ClientId\":\"clientId\",\"Host\":\"example.com\"}}}";
    }

    private string GetTwoFactorOrganizationDuoV2ProvidersJson()
--- a/test/Api.Test/Auth/Models/Response/UserTwoFactorDuoResponseModelTests.cs
+++ b/test/Api.Test/Auth/Models/Response/UserTwoFactorDuoResponseModelTests.cs
@ -21,9 +21,9 @@ public class UserTwoFactorDuoResponseModelTests
        // Assert if v4 data Ikey and Skey are set to clientId and clientSecret
        Assert.NotNull(model);
        Assert.Equal("clientId", model.ClientId);
-        Assert.Equal("clientSecret", model.ClientSecret);
+        Assert.Equal("secret************", model.ClientSecret);
        Assert.Equal("clientId", model.IntegrationKey);
-        Assert.Equal("clientSecret", model.SecretKey);
+        Assert.Equal("secret************", model.SecretKey);
    }

    [Theory]
@ -57,9 +57,9 @@ public class UserTwoFactorDuoResponseModelTests
        // Assert Even if both versions are present priority is given to v4 data
        Assert.NotNull(model);
        Assert.Equal("clientId", model.ClientId);
-        Assert.Equal("clientSecret", model.ClientSecret);
+        Assert.Equal("secret************", model.ClientSecret);
        Assert.Equal("clientId", model.IntegrationKey);
-        Assert.Equal("clientSecret", model.SecretKey);
+        Assert.Equal("secret************", model.SecretKey);
    }

    [Theory]
@ -92,12 +92,14 @@ public class UserTwoFactorDuoResponseModelTests

    private string GetTwoFactorDuoProvidersJson()
    {
-        return "{\"2\":{\"Enabled\":true,\"MetaData\":{\"SKey\":\"SKey\",\"IKey\":\"IKey\",\"ClientSecret\":\"clientSecret\",\"ClientId\":\"clientId\",\"Host\":\"example.com\"}}}";
+        return
+            "{\"2\":{\"Enabled\":true,\"MetaData\":{\"SKey\":\"SKey\",\"IKey\":\"IKey\",\"ClientSecret\":\"secretClientSecret\",\"ClientId\":\"clientId\",\"Host\":\"example.com\"}}}";
    }

    private string GetTwoFactorDuoV4ProvidersJson()
    {
-        return "{\"2\":{\"Enabled\":true,\"MetaData\":{\"ClientSecret\":\"clientSecret\",\"ClientId\":\"clientId\",\"Host\":\"example.com\"}}}";
+        return
+            "{\"2\":{\"Enabled\":true,\"MetaData\":{\"ClientSecret\":\"secretClientSecret\",\"ClientId\":\"clientId\",\"Host\":\"example.com\"}}}";
    }

    private string GetTwoFactorDuoV2ProvidersJson()