nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-02 08:32:50 -05:00
Code Activity

chore/SRE-583 Deprecate usage of Auth-Email Header (#5709)

Browse Source 
* chore/SRE-583 Deprecate usage of Auth-Email Header

* SRE-583 cleanup function and references

* SRE-583 cleanup tests

---------

Co-authored-by: sneakernuts <671942+sneakernuts@users.noreply.github.com>
This commit is contained in:
bitwarden-charlie
2025-05-16 08:45:04 -05:00
committed by GitHub
parent d72d721684
commit 67f745ebc4
7 changed files with 22 additions and 156 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
test/Identity.IntegrationTest/Endpoints/IdentityServerTests.cs
View File

@ -57,8 +57,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
var localFactory = new IdentityApplicationFactory();
var user = await localFactory.RegisterNewIdentityFactoryUserAsync(requestModel);
var context = await PostLoginAsync(localFactory.Server, user, requestModel.MasterPasswordHash,
context => context.SetAuthEmail(user.Email));
var context = await PostLoginAsync(localFactory.Server, user, requestModel.MasterPasswordHash);
using var body = await AssertDefaultTokenBodyAsync(context);
var root = body.RootElement;
@ -72,71 +71,6 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
AssertUserDecryptionOptions(root);
}
[Theory, BitAutoData, RegisterFinishRequestModelCustomize]
public async Task TokenEndpoint_GrantTypePassword_NoAuthEmailHeader_Fails(
RegisterFinishRequestModel requestModel)
{
requestModel.Email = "test+noauthemailheader@email.com";
var localFactory = new IdentityApplicationFactory();
var user = await localFactory.RegisterNewIdentityFactoryUserAsync(requestModel);
var context = await PostLoginAsync(localFactory.Server, user, requestModel.MasterPasswordHash, null);
Assert.Equal(StatusCodes.Status400BadRequest, context.Response.StatusCode);
var body = await AssertHelper.AssertResponseTypeIs<JsonDocument>(context);
var root = body.RootElement;
var error = AssertHelper.AssertJsonProperty(root, "error", JsonValueKind.String).GetString();
Assert.Equal("invalid_grant", error);
AssertHelper.AssertJsonProperty(root, "error_description", JsonValueKind.String);
}
[Theory, BitAutoData, RegisterFinishRequestModelCustomize]
public async Task TokenEndpoint_GrantTypePassword_InvalidBase64AuthEmailHeader_Fails(
RegisterFinishRequestModel requestModel)
{
requestModel.Email = "test+badauthheader@email.com";
var localFactory = new IdentityApplicationFactory();
var user = await localFactory.RegisterNewIdentityFactoryUserAsync(requestModel);
var context = await PostLoginAsync(localFactory.Server, user, requestModel.MasterPasswordHash,
context => context.Request.Headers.Append("Auth-Email", "bad_value"));
Assert.Equal(StatusCodes.Status400BadRequest, context.Response.StatusCode);
var body = await AssertHelper.AssertResponseTypeIs<JsonDocument>(context);
var root = body.RootElement;
var error = AssertHelper.AssertJsonProperty(root, "error", JsonValueKind.String).GetString();
Assert.Equal("invalid_grant", error);
AssertHelper.AssertJsonProperty(root, "error_description", JsonValueKind.String);
}
[Theory, BitAutoData, RegisterFinishRequestModelCustomize]
public async Task TokenEndpoint_GrantTypePassword_WrongAuthEmailHeader_Fails(
RegisterFinishRequestModel requestModel)
{
requestModel.Email = "test+badauthheader@email.com";
var localFactory = new IdentityApplicationFactory();
var user = await localFactory.RegisterNewIdentityFactoryUserAsync(requestModel);
var context = await PostLoginAsync(localFactory.Server, user, requestModel.MasterPasswordHash,
context => context.SetAuthEmail("bad_value"));
Assert.Equal(StatusCodes.Status400BadRequest, context.Response.StatusCode);
var body = await AssertHelper.AssertResponseTypeIs<JsonDocument>(context);
var root = body.RootElement;
var error = AssertHelper.AssertJsonProperty(root, "error", JsonValueKind.String).GetString();
Assert.Equal("invalid_grant", error);
AssertHelper.AssertJsonProperty(root, "error_description", JsonValueKind.String);
}
[Theory, RegisterFinishRequestModelCustomize]
[BitAutoData(OrganizationUserType.Owner)]
[BitAutoData(OrganizationUserType.Admin)]
@ -157,8 +91,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
await CreateOrganizationWithSsoPolicyAsync(localFactory,
organizationId, user.Email, organizationUserType, ssoPolicyEnabled: false);
var context = await PostLoginAsync(server, user, requestModel.MasterPasswordHash,
context => context.SetAuthEmail(user.Email));
var context = await PostLoginAsync(server, user, requestModel.MasterPasswordHash);
Assert.Equal(StatusCodes.Status200OK, context.Response.StatusCode);
}
@ -184,8 +117,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
await CreateOrganizationWithSsoPolicyAsync(
localFactory, organizationId, user.Email, organizationUserType, ssoPolicyEnabled: false);
var context = await PostLoginAsync(server, user, requestModel.MasterPasswordHash,
context => context.SetAuthEmail(user.Email));
var context = await PostLoginAsync(server, user, requestModel.MasterPasswordHash);
Assert.Equal(StatusCodes.Status200OK, context.Response.StatusCode);
}
@ -209,8 +141,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
await CreateOrganizationWithSsoPolicyAsync(localFactory, organizationId, user.Email, organizationUserType, ssoPolicyEnabled: true);
var context = await PostLoginAsync(server, user, requestModel.MasterPasswordHash,
context => context.SetAuthEmail(user.Email));
var context = await PostLoginAsync(server, user, requestModel.MasterPasswordHash);
Assert.Equal(StatusCodes.Status400BadRequest, context.Response.StatusCode);
await AssertRequiredSsoAuthenticationResponseAsync(context);
@ -234,8 +165,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
await CreateOrganizationWithSsoPolicyAsync(localFactory, organizationId, user.Email, organizationUserType, ssoPolicyEnabled: true);
var context = await PostLoginAsync(server, user, requestModel.MasterPasswordHash,
context => context.SetAuthEmail(user.Email));
var context = await PostLoginAsync(server, user, requestModel.MasterPasswordHash);
Assert.Equal(StatusCodes.Status200OK, context.Response.StatusCode);
}
@ -258,8 +188,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
await CreateOrganizationWithSsoPolicyAsync(localFactory, organizationId, user.Email, organizationUserType, ssoPolicyEnabled: true);
var context = await PostLoginAsync(server, user, requestModel.MasterPasswordHash,
context => context.SetAuthEmail(user.Email));
var context = await PostLoginAsync(server, user, requestModel.MasterPasswordHash);
Assert.Equal(StatusCodes.Status400BadRequest, context.Response.StatusCode);
await AssertRequiredSsoAuthenticationResponseAsync(context);
@ -342,7 +271,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
{ "grant_type", "password" },
{ "username", model.Email },
{ "password", model.MasterPasswordHash },
}), context => context.SetAuthEmail(model.Email));
}));
Assert.Equal(StatusCodes.Status400BadRequest, context.Response.StatusCode);
@ -554,12 +483,12 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
{ "grant_type", "password" },
{ "username", user.Email},
{ "password", "master_password_hash" },
}), context => context.SetAuthEmail(user.Email).SetIp("1.1.1.2"));
}), context => context.SetIp("1.1.1.2"));
}
}
private async Task<HttpContext> PostLoginAsync(
TestServer server, User user, string MasterPasswordHash, Action<HttpContext> extraConfiguration)
TestServer server, User user, string MasterPasswordHash)
{
return await server.PostAsync("/connect/token", new FormUrlEncodedContent(new Dictionary<string, string>
{
@ -571,7 +500,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
{ "grant_type", "password" },
{ "username", user.Email },
{ "password", MasterPasswordHash },
}), extraConfiguration);
}));
}
private async Task CreateOrganizationWithSsoPolicyAsync(

10
test/Identity.IntegrationTest/Endpoints/IdentityServerTwoFactorTests.cs
View File

@ -143,7 +143,7 @@ public class IdentityServerTwoFactorTests : IClassFixture<IdentityApplicationFac
{ "grant_type", "password" },
{ "username", _testEmail },
{ "password", _testPassword },
}), context => context.Request.Headers.Append("Auth-Email", CoreHelpers.Base64UrlEncodeString(_testEmail)));
}));
// Assert
using var responseBody = await AssertHelper.AssertResponseTypeIs<JsonDocument>(context);
@ -263,7 +263,7 @@ public class IdentityServerTwoFactorTests : IClassFixture<IdentityApplicationFac
{ "code", "test_code" },
{ "code_verifier", challenge },
{ "redirect_uri", "https://localhost:8080/sso-connector.html" }
}), context => context.Request.Headers.Append("Auth-Email", CoreHelpers.Base64UrlEncodeString(_testEmail)));
}));
// Assert
using var responseBody = await AssertHelper.AssertResponseTypeIs<JsonDocument>(context);
@ -307,7 +307,7 @@ public class IdentityServerTwoFactorTests : IClassFixture<IdentityApplicationFac
{ "code", "test_code" },
{ "code_verifier", challenge },
{ "redirect_uri", "https://localhost:8080/sso-connector.html" }
}), context => context.Request.Headers.Append("Auth-Email", CoreHelpers.Base64UrlEncodeString(_testEmail)));
}));
Assert.Equal(StatusCodes.Status400BadRequest, failedTokenContext.Response.StatusCode);
Assert.NotNull(emailToken);
@ -326,7 +326,7 @@ public class IdentityServerTwoFactorTests : IClassFixture<IdentityApplicationFac
{ "code", "test_code" },
{ "code_verifier", challenge },
{ "redirect_uri", "https://localhost:8080/sso-connector.html" }
}), context => context.Request.Headers.Append("Auth-Email", CoreHelpers.Base64UrlEncodeString(_testEmail)));
}));
// Assert
@ -363,7 +363,7 @@ public class IdentityServerTwoFactorTests : IClassFixture<IdentityApplicationFac
{ "code", "test_code" },
{ "code_verifier", challenge },
{ "redirect_uri", "https://localhost:8080/sso-connector.html" }
}), context => context.Request.Headers.Append("Auth-Email", CoreHelpers.Base64UrlEncodeString(_testEmail)));
}));
// Assert
using var responseBody = await AssertHelper.AssertResponseTypeIs<JsonDocument>(context);