[PM-2032] Server endpoints to support authentication with a passkey (#3361)

* [PM-2032] feat: add assertion options tokenable * [PM-2032] feat: add request and response models * [PM-2032] feat: implement `assertion-options` identity endpoint * [PM-2032] feat: implement authentication with passkey * [PM-2032] chore: rename to `WebAuthnGrantValidator` * [PM-2032] fix: add missing subsitute * [PM-2032] feat: start adding builder * [PM-2032] feat: add support for KeyConnector * [PM-2032] feat: add first version of TDE * [PM-2032] chore: refactor WithSso * [PM-2023] feat: add support for TDE feature flag * [PM-2023] feat: add support for approving devices * [PM-2023] feat: add support for hasManageResetPasswordPermission * [PM-2032] feat: add support for hasAdminApproval * [PM-2032] chore: don't supply device if not necessary * [PM-2032] chore: clean up imports * [PM-2023] feat: extract interface * [PM-2023] chore: add clarifying comment * [PM-2023] feat: use new builder in production code * [PM-2032] feat: add support for PRF * [PM-2032] chore: clean-up todos * [PM-2023] chore: remove token which is no longer used * [PM-2032] chore: remove todo * [PM-2032] feat: improve assertion error handling * [PM-2032] fix: linting issues * [PM-2032] fix: revert changes to `launchSettings.json` * [PM-2023] chore: clean up assertion endpoint * [PM-2032] feat: bypass 2FA * [PM-2032] fix: rename prf option to singular * [PM-2032] fix: lint * [PM-2032] fix: typo * [PM-2032] chore: improve builder tests Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com> * [PM-2032] chore: clarify why we don't require 2FA * [PM-2023] feat: move `identityProvider` constant to common class * [PM-2032] fix: lint * [PM-2023] fix: move `IdentityProvider` to core.Constants * [PM-2032] fix: missing import * [PM-2032] chore: refactor token timespan to use `TimeSpan` * [PM-2032] chore: make `StartWebAuthnLoginAssertion` sync * [PM-2032] chore: use `FromMinutes` * [PM-2032] fix: change to 17 minutes to cover webauthn assertion * [PM-2032] chore: do not use `async void` * [PM-2032] fix: comment saying wrong amount of minutes * [PM-2032] feat: put validator behind feature flag * [PM-2032] fix: lint --------- Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
2025-06-30 07:36:14 -05:00 · 2023-11-20 15:55:31 +01:00
parent 07c202ecaf
commit 80740aa4ba
24 changed files with 855 additions and 223 deletions
--- a/test/Core.Test/Auth/Models/Business/Tokenables/WebAuthnLoginAssertionOptionsTokenableTests.cs
+++ b/test/Core.Test/Auth/Models/Business/Tokenables/WebAuthnLoginAssertionOptionsTokenableTests.cs
@ -0,0 +1,61 @@
+using Bit.Core.Auth.Enums;
+using Bit.Core.Auth.Models.Business.Tokenables;
+using Bit.Test.Common.AutoFixture.Attributes;
+using Fido2NetLib;
+using Xunit;
+
+namespace Bit.Core.Test.Auth.Models.Business.Tokenables;
+
+public class WebAuthnLoginAssertionOptionsTokenableTests
+{
+    [Theory, BitAutoData]
+    public void Valid_TokenWithoutOptions_ReturnsFalse(WebAuthnLoginAssertionOptionsScope scope)
+    {
+        var token = new WebAuthnLoginAssertionOptionsTokenable(scope, null);
+
+        var isValid = token.Valid;
+
+        Assert.False(isValid);
+    }
+
+    [Theory, BitAutoData]
+    public void Valid_NewlyCreatedToken_ReturnsTrue(WebAuthnLoginAssertionOptionsScope scope, AssertionOptions createOptions)
+    {
+        var token = new WebAuthnLoginAssertionOptionsTokenable(scope, createOptions);
+
+
+        var isValid = token.Valid;
+
+        Assert.True(isValid);
+    }
+
+    [Theory, BitAutoData]
+    public void ValidIsValid_TokenWithoutOptions_ReturnsFalse(WebAuthnLoginAssertionOptionsScope scope)
+    {
+        var token = new WebAuthnLoginAssertionOptionsTokenable(scope, null);
+
+        var isValid = token.TokenIsValid(scope);
+
+        Assert.False(isValid);
+    }
+
+    [Theory, BitAutoData]
+    public void ValidIsValid_NonMatchingScope_ReturnsFalse(WebAuthnLoginAssertionOptionsScope scope1, WebAuthnLoginAssertionOptionsScope scope2, AssertionOptions createOptions)
+    {
+        var token = new WebAuthnLoginAssertionOptionsTokenable(scope1, createOptions);
+
+        var isValid = token.TokenIsValid(scope2);
+
+        Assert.False(isValid);
+    }
+
+    [Theory, BitAutoData]
+    public void ValidIsValid_SameScope_ReturnsTrue(WebAuthnLoginAssertionOptionsScope scope, AssertionOptions createOptions)
+    {
+        var token = new WebAuthnLoginAssertionOptionsTokenable(scope, createOptions);
+
+        var isValid = token.TokenIsValid(scope);
+
+        Assert.True(isValid);
+    }
+}