Auth/PM-11945 - Registration with Email Verification - Fix Org Sponsored Free Family Plan not working (#4772)

* PM-11945 - Rename RegisterUserWithOptionalOrgInvite to RegisterUserViaOrgInvite as the org invite isn't optional in the function - just the overall process of registration. * PM-11945 - Yet another rename * PM-11945 - Wire up call to RegisterUserViaOrgSponsoredFreeFamilyPlanInviteToken and test. * PM-11945 - RegisterUserCommandTests - test new method * PM-11949 - Rename tests * PM-11945 - AccountsControllerTests.cs - add integration test for RegistrationWithEmailVerification_WithOrgSponsoredFreeFamilyPlanInviteToken_Succeeds * PM-11945 - Adjust naming per PR feedback to match docs. * PM-11945 - More renaming
2025-06-30 15:42:48 -05:00 · 2024-09-12 15:24:47 -04:00
parent 95ba256511
commit 7d8df767cd
7 changed files with 231 additions and 29 deletions
--- a/test/Identity.IntegrationTest/Controllers/AccountsControllerTests.cs
+++ b/test/Identity.IntegrationTest/Controllers/AccountsControllerTests.cs
@ -4,6 +4,7 @@ using Bit.Core.Auth.Models.Api.Request.Accounts;
 using Bit.Core.Auth.Models.Business.Tokenables;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
+using Bit.Core.Models.Business.Tokenables;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
 using Bit.Core.Tokens;
@ -322,6 +323,84 @@ public class AccountsControllerTests : IClassFixture<IdentityApplicationFactory>
        Assert.Equal(kdfParallelism, user.KdfParallelism);
    }

+
+    [Theory, BitAutoData]
+    public async Task RegistrationWithEmailVerification_WithOrgSponsoredFreeFamilyPlanInviteToken_Succeeds(
+     [StringLength(1000)] string masterPasswordHash, [StringLength(50)] string masterPasswordHint, string userSymmetricKey,
+    KeysRequestModel userAsymmetricKeys, int kdfMemory, int kdfParallelism, Guid orgSponsorshipId)
+    {
+
+        // Localize factory to just this test.
+        var localFactory = new IdentityApplicationFactory();
+
+        // Hardcoded, valid org sponsored free family plan invite token data
+        var email = "jsnider+local10000008@bitwarden.com";
+        var orgSponsoredFreeFamilyPlanToken = "BWOrganizationSponsorship_CfDJ8HFsgwUNr89EtnCal5H72cx11wdMdD5_FSNMJoXJKp9migo8ZXi2Qx8GOM2b8IccesQEvZxzX_VDvhaaFi1NZc7-5bdadsfaPiwvzy28qwaW5-iF72vncmixArxKt8_FrJCqvn-5Yh45DvUWeOUBl1fPPx6LB4lgf6DcFkFZaHKOxIEywkFWEX9IWsLAfBfhU9K7AYZ02kxLRgXDK_eH3SKY0luoyUbRLBJRq1J9WnAQNcPLx9GOywQDUGRNvQGYmrzpAdq8y3MgUby_XD2NBf4-Vfr_0DIYPlGVJz0Ab1CwKbQ5G9vTXrFbbHQni40GVgohTq6WeVwk-PBMW9kjBw2rHO8QzWUb4whn831y-dEC";
+
+        var orgSponsorship = new OrganizationSponsorship
+        {
+            Id = orgSponsorshipId,
+            PlanSponsorshipType = PlanSponsorshipType.FamiliesForEnterprise,
+            OfferedToEmail = email
+        };
+
+        var orgSponsorshipOfferTokenable = new OrganizationSponsorshipOfferTokenable(orgSponsorship) { };
+
+        localFactory.SubstituteService<IDataProtectorTokenFactory<OrganizationSponsorshipOfferTokenable>>(dataProtectorTokenFactory =>
+        {
+            dataProtectorTokenFactory.TryUnprotect(Arg.Is(orgSponsoredFreeFamilyPlanToken), out Arg.Any<OrganizationSponsorshipOfferTokenable>())
+                .Returns(callInfo =>
+                {
+                    callInfo[1] = orgSponsorshipOfferTokenable;
+                    return true;
+                });
+        });
+
+        localFactory.SubstituteService<IOrganizationSponsorshipRepository>(organizationSponsorshipRepository =>
+        {
+            organizationSponsorshipRepository.GetByIdAsync(orgSponsorshipId)
+                .Returns(orgSponsorship);
+        });
+
+        var registerFinishReqModel = new RegisterFinishRequestModel
+        {
+            Email = email,
+            MasterPasswordHash = masterPasswordHash,
+            MasterPasswordHint = masterPasswordHint,
+            OrgSponsoredFreeFamilyPlanToken = orgSponsoredFreeFamilyPlanToken,
+            Kdf = KdfType.PBKDF2_SHA256,
+            KdfIterations = AuthConstants.PBKDF2_ITERATIONS.Default,
+            UserSymmetricKey = userSymmetricKey,
+            UserAsymmetricKeys = userAsymmetricKeys,
+            KdfMemory = kdfMemory,
+            KdfParallelism = kdfParallelism
+        };
+
+        var postRegisterFinishHttpContext = await localFactory.PostRegisterFinishAsync(registerFinishReqModel);
+
+        Assert.Equal(StatusCodes.Status200OK, postRegisterFinishHttpContext.Response.StatusCode);
+
+        var database = localFactory.GetDatabaseContext();
+        var user = await database.Users
+            .SingleAsync(u => u.Email == email);
+
+        Assert.NotNull(user);
+
+        // Assert user properties match the request model
+        Assert.Equal(email, user.Email);
+        Assert.NotEqual(masterPasswordHash, user.MasterPassword);  // We execute server side hashing
+        Assert.NotNull(user.MasterPassword);
+        Assert.Equal(masterPasswordHint, user.MasterPasswordHint);
+        Assert.Equal(userSymmetricKey, user.Key);
+        Assert.Equal(userAsymmetricKeys.EncryptedPrivateKey, user.PrivateKey);
+        Assert.Equal(userAsymmetricKeys.PublicKey, user.PublicKey);
+        Assert.Equal(KdfType.PBKDF2_SHA256, user.Kdf);
+        Assert.Equal(AuthConstants.PBKDF2_ITERATIONS.Default, user.KdfIterations);
+        Assert.Equal(kdfMemory, user.KdfMemory);
+        Assert.Equal(kdfParallelism, user.KdfParallelism);
+    }
+
+
    [Theory, BitAutoData]
    public async Task PostRegisterVerificationEmailClicked_Success(
        [Required, StringLength(20)] string name,