Data protection for user columns at rest (#2571)

* ServerProtectedData for user entity * remove using statements * formatting * use data protection libs * no async * add data protection to ef user repo * switch to `SetApplicationName` per ASPNET docs * null checks * cleanup * value converter for EF * new line at eof * fix using * remove folder ref * restore ctor * fix lint * use global constant * UseApplicationServiceProvider for integration tests * implement constant for DatabaseFieldProtectedPrefix * Fix EF IntegrationTest * restore original values after protect and save * lint fixes * Use Constants Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
2025-06-30 07:36:14 -05:00 · 2023-01-18 13:16:57 -05:00
parent 22201bf30a
commit 6f04298e17
8 changed files with 199 additions and 14 deletions
--- a/test/Core.Test/AutoFixture/GlobalSettingsFixtures.cs
+++ b/test/Core.Test/AutoFixture/GlobalSettingsFixtures.cs
@ -1,8 +1,12 @@
 using System.Reflection;
+using System.Text;
 using AutoFixture;
 using AutoFixture.Kernel;
 using AutoFixture.Xunit2;
+using Bit.Core;
 using Bit.Core.Test.Helpers.Factories;
+using Microsoft.AspNetCore.DataProtection;
+using Moq;

 namespace Bit.Test.Common.AutoFixture;

@ -15,13 +19,34 @@ public class GlobalSettingsBuilder : ISpecimenBuilder
            throw new ArgumentNullException(nameof(context));
        }

-        var pi = request as ParameterInfo;
        var fixture = new Fixture();

-        if (pi == null || pi.ParameterType != typeof(Bit.Core.Settings.GlobalSettings))
+        if (request is not ParameterInfo pi)
+        {
            return new NoSpecimen();
+        }

-        return GlobalSettingsFactory.GlobalSettings;
+        if (pi.ParameterType == typeof(Bit.Core.Settings.GlobalSettings))
+        {
+            return GlobalSettingsFactory.GlobalSettings;
+        }
+
+        if (pi.ParameterType == typeof(IDataProtectionProvider))
+        {
+            var dataProtector = new Mock<IDataProtector>();
+            dataProtector
+                .Setup(d => d.Unprotect(It.IsAny<byte[]>()))
+                .Returns<byte[]>(data => Encoding.UTF8.GetBytes(Constants.DatabaseFieldProtectedPrefix + Encoding.UTF8.GetString(data)));
+
+            var dataProtectionProvider = new Mock<IDataProtectionProvider>();
+            dataProtectionProvider
+                .Setup(x => x.CreateProtector(Constants.DatabaseFieldProtectorPurpose))
+                .Returns(dataProtector.Object);
+
+            return dataProtectionProvider.Object;
+        }
+
+        return new NoSpecimen();
    }
 }