Email verification for new devices (#1931)

* PS-56 Added Email 2FA on login with new devices that don't have any 2FA enabled * PS-56 Fixed wrong argument in VerifyTwoFactor call
2025-06-30 15:42:48 -05:00 · 2022-04-01 17:08:47 -03:00
parent ff23bb87c8
commit 6f60d24f5a
10 changed files with 251 additions and 23 deletions
--- a/test/Core.Test/Services/UserServiceTests.cs
+++ b/test/Core.Test/Services/UserServiceTests.cs
@ -3,21 +3,17 @@ using System.Collections.Generic;
 using System.IO;
 using System.Text.Json;
 using System.Threading.Tasks;
-using Bit.Core.Context;
 using Bit.Core.Entities;
+using Bit.Core.Enums;
+using Bit.Core.Models;
 using Bit.Core.Models.Business;
-using Bit.Core.Repositories;
 using Bit.Core.Services;
-using Bit.Core.Settings;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
 using Bit.Test.Common.Helpers;
-using Fido2NetLib;
-using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Identity;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
 using NSubstitute;
+using NSubstitute.ReceivedExtensions;
 using Xunit;

 namespace Bit.Core.Test.Services
@ -60,5 +56,105 @@ namespace Bit.Core.Test.Services
            var versionProp = AssertHelper.AssertJsonProperty(root, "Version", JsonValueKind.Number);
            Assert.Equal(1, versionProp.GetInt32());
        }
+
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task SendTwoFactorEmailAsync_Success(SutProvider<UserService> sutProvider, User user)
+        {
+            var email = user.Email.ToLowerInvariant();
+            var token = "thisisatokentocompare";
+
+            var userTwoFactorTokenProvider = Substitute.For<IUserTwoFactorTokenProvider<User>>();
+            userTwoFactorTokenProvider
+                .CanGenerateTwoFactorTokenAsync(Arg.Any<UserManager<User>>(), user)
+                .Returns(Task.FromResult(true));
+            userTwoFactorTokenProvider
+                .GenerateAsync("2faEmail:" + email, Arg.Any<UserManager<User>>(), user)
+                .Returns(Task.FromResult(token));
+
+            sutProvider.Sut.RegisterTokenProvider("Email", userTwoFactorTokenProvider);
+
+            user.SetTwoFactorProviders(new Dictionary<TwoFactorProviderType, TwoFactorProvider>
+            {
+                [TwoFactorProviderType.Email] = new TwoFactorProvider
+                {
+                    MetaData = new Dictionary<string, object> { ["Email"] = email },
+                    Enabled = true
+                }
+            });
+            await sutProvider.Sut.SendTwoFactorEmailAsync(user);
+
+            await sutProvider.GetDependency<IMailService>()
+                .Received(1)
+                .SendTwoFactorEmailAsync(email, token);
+        }
+
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task SendTwoFactorEmailBecauseNewDeviceLoginAsync_Success(SutProvider<UserService> sutProvider, User user)
+        {
+            var email = user.Email.ToLowerInvariant();
+            var token = "thisisatokentocompare";
+
+            var userTwoFactorTokenProvider = Substitute.For<IUserTwoFactorTokenProvider<User>>();
+            userTwoFactorTokenProvider
+                .CanGenerateTwoFactorTokenAsync(Arg.Any<UserManager<User>>(), user)
+                .Returns(Task.FromResult(true));
+            userTwoFactorTokenProvider
+                .GenerateAsync("2faEmail:" + email, Arg.Any<UserManager<User>>(), user)
+                .Returns(Task.FromResult(token));
+
+            sutProvider.Sut.RegisterTokenProvider("Email", userTwoFactorTokenProvider);
+
+            user.SetTwoFactorProviders(new Dictionary<TwoFactorProviderType, TwoFactorProvider>
+            {
+                [TwoFactorProviderType.Email] = new TwoFactorProvider
+                {
+                    MetaData = new Dictionary<string, object> { ["Email"] = email },
+                    Enabled = true
+                }
+            });
+            await sutProvider.Sut.SendTwoFactorEmailAsync(user, true);
+
+            await sutProvider.GetDependency<IMailService>()
+                .Received(1)
+                .SendNewDeviceLoginTwoFactorEmailAsync(email, token);
+        }
+
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task SendTwoFactorEmailAsync_ExceptionBecauseNoProviderOnUser(SutProvider<UserService> sutProvider, User user)
+        {
+            user.TwoFactorProviders = null;
+
+            await Assert.ThrowsAsync<ArgumentNullException>("No email.", () => sutProvider.Sut.SendTwoFactorEmailAsync(user));
+        }
+
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task SendTwoFactorEmailAsync_ExceptionBecauseNoProviderMetadataOnUser(SutProvider<UserService> sutProvider, User user)
+        {
+            user.SetTwoFactorProviders(new Dictionary<TwoFactorProviderType, TwoFactorProvider>
+            {
+                [TwoFactorProviderType.Email] = new TwoFactorProvider
+                {
+                    MetaData = null,
+                    Enabled = true
+                }
+            });
+
+            await Assert.ThrowsAsync<ArgumentNullException>("No email.", () => sutProvider.Sut.SendTwoFactorEmailAsync(user));
+        }
+
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task SendTwoFactorEmailAsync_ExceptionBecauseNoProviderEmailMetadataOnUser(SutProvider<UserService> sutProvider, User user)
+        {
+            user.SetTwoFactorProviders(new Dictionary<TwoFactorProviderType, TwoFactorProvider>
+            {
+                [TwoFactorProviderType.Email] = new TwoFactorProvider
+                {
+                    MetaData = new Dictionary<string, object> { ["qweqwe"] = user.Email.ToLowerInvariant() },
+                    Enabled = true
+                }
+            });
+
+            await Assert.ThrowsAsync<ArgumentNullException>("No email.", () => sutProvider.Sut.SendTwoFactorEmailAsync(user));
+        }
    }
 }