nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-30 07:36:14 -05:00
Code Activity

[EC-400] Code clean up Device Verification (#2601)

Browse Source 
* EC-400 Clean up code regarding Unknown Device Verification

* EC-400 Fix formatting
This commit is contained in:
Federico Maccaroni
2023-02-17 10:15:28 -03:00
committed by GitHub
parent 7594ca1122
commit 69511160cb
32 changed files with 6876 additions and 469 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
test/Core.Test/Services/EmergencyAccessServiceTests.cs
View File

@ -138,11 +138,10 @@ public class EmergencyAccessServiceTests
}
[Theory, BitAutoData]
public async Task PasswordAsync_Disables_2FA_Providers_And_Unknown_Device_Verification_On_The_Grantor(
public async Task PasswordAsync_Disables_2FA_Providers_On_The_Grantor(
SutProvider<EmergencyAccessService> sutProvider, User requestingUser, User grantor)
{
grantor.UsesKeyConnector = true;
grantor.UnknownDeviceVerificationEnabled = true;
grantor.SetTwoFactorProviders(new Dictionary<TwoFactorProviderType, TwoFactorProvider>
{
[TwoFactorProviderType.Email] = new TwoFactorProvider
@ -164,7 +163,6 @@ public class EmergencyAccessServiceTests
await sutProvider.Sut.PasswordAsync(Guid.NewGuid(), requestingUser, "blablahash", "blablakey");
Assert.False(grantor.UnknownDeviceVerificationEnabled);
Assert.Empty(grantor.GetTwoFactorProviders());
await sutProvider.GetDependency<IUserRepository>().Received().ReplaceAsync(grantor);
}

224
test/Core.Test/Services/UserServiceTests.cs
View File

@ -95,37 +95,6 @@ public class UserServiceTests
.SendTwoFactorEmailAsync(email, token);
}
[Theory, BitAutoData]
public async Task SendTwoFactorEmailBecauseNewDeviceLoginAsync_Success(SutProvider<UserService> sutProvider, User user)
{
var email = user.Email.ToLowerInvariant();
var token = "thisisatokentocompare";
var userTwoFactorTokenProvider = Substitute.For<IUserTwoFactorTokenProvider<User>>();
userTwoFactorTokenProvider
.CanGenerateTwoFactorTokenAsync(Arg.Any<UserManager<User>>(), user)
.Returns(Task.FromResult(true));
userTwoFactorTokenProvider
.GenerateAsync("2faEmail:" + email, Arg.Any<UserManager<User>>(), user)
.Returns(Task.FromResult(token));
sutProvider.Sut.RegisterTokenProvider("Email", userTwoFactorTokenProvider);
user.SetTwoFactorProviders(new Dictionary<TwoFactorProviderType, TwoFactorProvider>
{
[TwoFactorProviderType.Email] = new TwoFactorProvider
{
MetaData = new Dictionary<string, object> { ["Email"] = email },
Enabled = true
}
});
await sutProvider.Sut.SendTwoFactorEmailAsync(user, true);
await sutProvider.GetDependency<IMailService>()
.Received(1)
.SendNewDeviceLoginTwoFactorEmailAsync(email, token);
}
[Theory, BitAutoData]
public async Task SendTwoFactorEmailAsync_ExceptionBecauseNoProviderOnUser(SutProvider<UserService> sutProvider, User user)
{
@ -164,199 +133,6 @@ public class UserServiceTests
await Assert.ThrowsAsync<ArgumentNullException>("No email.", () => sutProvider.Sut.SendTwoFactorEmailAsync(user));
}
[Theory, BitAutoData]
public async Task Needs2FABecauseNewDeviceAsync_ReturnsTrue(SutProvider<UserService> sutProvider, User user)
{
user.EmailVerified = true;
user.TwoFactorProviders = null;
user.UnknownDeviceVerificationEnabled = true;
const string deviceIdToCheck = "7b01b586-b210-499f-8d52-0c3fdaa646fc";
const string deviceIdInRepo = "ea29126c-91b7-4cc4-8ce6-00105b37f64a";
sutProvider.GetDependency<IDeviceRepository>()
.GetManyByUserIdAsync(user.Id)
.Returns(Task.FromResult<ICollection<Device>>(new List<Device>
{
new Device { Identifier = deviceIdInRepo }
}));
sutProvider.GetDependency<Settings.IGlobalSettings>().TwoFactorAuth.EmailOnNewDeviceLogin.Returns(true);
Assert.True(await sutProvider.Sut.Needs2FABecauseNewDeviceAsync(user, deviceIdToCheck, "password"));
}
[Theory, BitAutoData]
public async Task Needs2FABecauseNewDeviceAsync_ReturnsFalse_When_GranType_Is_AuthorizationCode(SutProvider<UserService> sutProvider, User user)
{
user.EmailVerified = true;
user.TwoFactorProviders = null;
const string deviceIdToCheck = "7b01b586-b210-499f-8d52-0c3fdaa646fc";
const string deviceIdInRepo = "ea29126c-91b7-4cc4-8ce6-00105b37f64a";
sutProvider.GetDependency<IDeviceRepository>()
.GetManyByUserIdAsync(user.Id)
.Returns(Task.FromResult<ICollection<Device>>(new List<Device>
{
new Device { Identifier = deviceIdInRepo }
}));
Assert.False(await sutProvider.Sut.Needs2FABecauseNewDeviceAsync(user, deviceIdToCheck, "authorization_code"));
}
[Theory, BitAutoData]
public async Task Needs2FABecauseNewDeviceAsync_ReturnsFalse_When_Email_Is_Not_Verified(SutProvider<UserService> sutProvider, User user)
{
user.EmailVerified = false;
user.TwoFactorProviders = null;
const string deviceIdToCheck = "7b01b586-b210-499f-8d52-0c3fdaa646fc";
const string deviceIdInRepo = "ea29126c-91b7-4cc4-8ce6-00105b37f64a";
sutProvider.GetDependency<IDeviceRepository>()
.GetManyByUserIdAsync(user.Id)
.Returns(Task.FromResult<ICollection<Device>>(new List<Device>
{
new Device { Identifier = deviceIdInRepo }
}));
Assert.False(await sutProvider.Sut.Needs2FABecauseNewDeviceAsync(user, deviceIdToCheck, "password"));
}
[Theory, BitAutoData]
public async Task Needs2FABecauseNewDeviceAsync_ReturnsFalse_When_Is_The_First_Device(SutProvider<UserService> sutProvider, User user)
{
user.EmailVerified = true;
user.TwoFactorProviders = null;
const string deviceIdToCheck = "7b01b586-b210-499f-8d52-0c3fdaa646fc";
sutProvider.GetDependency<IDeviceRepository>()
.GetManyByUserIdAsync(user.Id)
.Returns(Task.FromResult<ICollection<Device>>(new List<Device>()));
Assert.False(await sutProvider.Sut.Needs2FABecauseNewDeviceAsync(user, deviceIdToCheck, "password"));
}
[Theory, BitAutoData]
public async Task Needs2FABecauseNewDeviceAsync_ReturnsFalse_When_DeviceId_Is_Already_In_Repo(SutProvider<UserService> sutProvider, User user)
{
user.EmailVerified = true;
user.TwoFactorProviders = null;
const string deviceIdToCheck = "7b01b586-b210-499f-8d52-0c3fdaa646fc";
sutProvider.GetDependency<IDeviceRepository>()
.GetManyByUserIdAsync(user.Id)
.Returns(Task.FromResult<ICollection<Device>>(new List<Device>
{
new Device { Identifier = deviceIdToCheck }
}));
Assert.False(await sutProvider.Sut.Needs2FABecauseNewDeviceAsync(user, deviceIdToCheck, "password"));
}
[Theory, BitAutoData]
public async Task Needs2FABecauseNewDeviceAsync_ReturnsFalse_When_GlobalSettings_2FA_EmailOnNewDeviceLogin_Is_Disabled(SutProvider<UserService> sutProvider, User user)
{
user.EmailVerified = true;
user.TwoFactorProviders = null;
const string deviceIdToCheck = "7b01b586-b210-499f-8d52-0c3fdaa646fc";
const string deviceIdInRepo = "ea29126c-91b7-4cc4-8ce6-00105b37f64a";
sutProvider.GetDependency<IDeviceRepository>()
.GetManyByUserIdAsync(user.Id)
.Returns(Task.FromResult<ICollection<Device>>(new List<Device>
{
new Device { Identifier = deviceIdInRepo }
}));
sutProvider.GetDependency<Settings.IGlobalSettings>().TwoFactorAuth.EmailOnNewDeviceLogin.Returns(false);
Assert.False(await sutProvider.Sut.Needs2FABecauseNewDeviceAsync(user, deviceIdToCheck, "password"));
}
[Theory, BitAutoData]
public async Task Needs2FABecauseNewDeviceAsync_ReturnsFalse_When_UnknownDeviceVerification_Is_Disabled(SutProvider<UserService> sutProvider, User user)
{
user.EmailVerified = true;
user.TwoFactorProviders = null;
user.UnknownDeviceVerificationEnabled = false;
const string deviceIdToCheck = "7b01b586-b210-499f-8d52-0c3fdaa646fc";
const string deviceIdInRepo = "ea29126c-91b7-4cc4-8ce6-00105b37f64a";
sutProvider.GetDependency<IDeviceRepository>()
.GetManyByUserIdAsync(user.Id)
.Returns(Task.FromResult<ICollection<Device>>(new List<Device>
{
new Device { Identifier = deviceIdInRepo }
}));
sutProvider.GetDependency<Settings.IGlobalSettings>().TwoFactorAuth.EmailOnNewDeviceLogin.Returns(true);
Assert.False(await sutProvider.Sut.Needs2FABecauseNewDeviceAsync(user, deviceIdToCheck, "password"));
}
[Theory, BitAutoData]
public void CanEditDeviceVerificationSettings_ReturnsTrue(SutProvider<UserService> sutProvider, User user)
{
user.EmailVerified = true;
user.TwoFactorProviders = null;
sutProvider.GetDependency<Settings.IGlobalSettings>().TwoFactorAuth.EmailOnNewDeviceLogin.Returns(true);
Assert.True(sutProvider.Sut.CanEditDeviceVerificationSettings(user));
}
[Theory, BitAutoData]
public void CanEditDeviceVerificationSettings_ReturnsFalse_When_GlobalSettings_2FA_EmailOnNewDeviceLogin_Is_Disabled(SutProvider<UserService> sutProvider, User user)
{
user.EmailVerified = true;
user.TwoFactorProviders = null;
sutProvider.GetDependency<Settings.IGlobalSettings>().TwoFactorAuth.EmailOnNewDeviceLogin.Returns(false);
Assert.False(sutProvider.Sut.CanEditDeviceVerificationSettings(user));
}
[Theory, BitAutoData]
public void CanEditDeviceVerificationSettings_ReturnsFalse_When_Email_Is_Not_Verified(SutProvider<UserService> sutProvider, User user)
{
user.EmailVerified = false;
user.TwoFactorProviders = null;
sutProvider.GetDependency<Settings.IGlobalSettings>().TwoFactorAuth.EmailOnNewDeviceLogin.Returns(true);
Assert.False(sutProvider.Sut.CanEditDeviceVerificationSettings(user));
}
[Theory, BitAutoData]
public void CanEditDeviceVerificationSettings_ReturnsFalse_When_User_Uses_Key_Connector(SutProvider<UserService> sutProvider, User user)
{
user.EmailVerified = true;
user.TwoFactorProviders = null;
user.UsesKeyConnector = true;
sutProvider.GetDependency<Settings.IGlobalSettings>().TwoFactorAuth.EmailOnNewDeviceLogin.Returns(true);
Assert.False(sutProvider.Sut.CanEditDeviceVerificationSettings(user));
}
[Theory, BitAutoData]
public void CanEditDeviceVerificationSettings_ReturnsFalse_When_User_Has_A_2FA_Already_Set_Up(SutProvider<UserService> sutProvider, User user)
{
user.EmailVerified = true;
user.SetTwoFactorProviders(new Dictionary<TwoFactorProviderType, TwoFactorProvider>
{
[TwoFactorProviderType.Email] = new TwoFactorProvider
{
MetaData = new Dictionary<string, object> { ["Email"] = "asdfasf" },
Enabled = true
}
});
sutProvider.GetDependency<Settings.IGlobalSettings>().TwoFactorAuth.EmailOnNewDeviceLogin.Returns(true);
Assert.False(sutProvider.Sut.CanEditDeviceVerificationSettings(user));
}
[Theory, BitAutoData]
public async void HasPremiumFromOrganization_Returns_False_If_No_Orgs(SutProvider<UserService> sutProvider, User user)
{