nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-30 15:42:48 -05:00
Code Activity

[Pm 3797 Part 2] Add emergency access rotations (#3434)

Browse Source 
## Type of change

<!-- (mark with an `X`) -->

```
- [ ] Bug fix
- [ ] New feature development
- [x] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other
```

## Objective
<!--Describe what the purpose of this PR is. For example: what bug you're fixing or what new feature you're adding-->
See #3425 for part 1 and background.

This PR adds emergency access to the rotation. All new code is hidden behind a feature flag.

The Accounts controller has also been moved to Auth ownership.

## Code changes
<!--Explain the changes you've made to each file or major component. This should help the reviewer understand your changes-->
<!--Also refer to any related changes or PRs in other repositories-->

* **file.ext:** Description of what was changed and why
* **AccountsController.cs:** Moved to Auth ownership. Emergency access validation was added (as well as initializing empty lists to avoid errors).
* **EmergencyAccessRotationValidator.cs:** Performs validation on the provided list of new emergency access keys.
* **EmergencyAccessRepository.cs:** Adds a method to rotate encryption keys. This is added to a list in the `RotateUserKeyCommand` that the `UserRepository` calls so it doesn't have to know about all the domains.

## Before you submit

- Please check for formatting errors (`dotnet format --verify-no-changes`) (required)
- If making database changes - make sure you also update Entity Framework queries and/or migrations
- Please add **unit tests** where it makes sense to do so (encouraged but not required)
- If this change requires a **documentation update** - notify the documentation team
- If this change has particular **deployment requirements** - notify the DevOps team
This commit is contained in:
Jake Fink
2023-12-05 12:05:51 -05:00
committed by GitHub
parent eedc96263a
commit 989603ddd3
19 changed files with 423 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
test/Core.Test/Auth/UserFeatures/UserKey/RotateUserKeyCommandTests.cs
View File

@ -1,5 +1,6 @@
using Bit.Core.Auth.Models.Data;
using Bit.Core.Auth.UserFeatures.UserKey.Implementations;
using Bit.Core.Entities;
using Bit.Core.Services;
using Bit.Test.Common.AutoFixture;
using Bit.Test.Common.AutoFixture.Attributes;
@ -13,36 +14,37 @@ namespace Bit.Core.Test.Auth.UserFeatures.UserKey;
public class RotateUserKeyCommandTests
{
[Theory, BitAutoData]
public async Task RotateUserKeyAsync_Success(SutProvider<RotateUserKeyCommand> sutProvider, RotateUserKeyData model)
public async Task RotateUserKeyAsync_Success(SutProvider<RotateUserKeyCommand> sutProvider, User user,
RotateUserKeyData model)
{
sutProvider.GetDependency<IUserService>().CheckPasswordAsync(model.User, model.MasterPasswordHash)
sutProvider.GetDependency<IUserService>().CheckPasswordAsync(user, model.MasterPasswordHash)
.Returns(true);
var result = await sutProvider.Sut.RotateUserKeyAsync(model);
var result = await sutProvider.Sut.RotateUserKeyAsync(user, model);
Assert.Equal(IdentityResult.Success, result);
}
[Theory, BitAutoData]
public async Task RotateUserKeyAsync_InvalidMasterPasswordHash_ReturnsFailedIdentityResult(
SutProvider<RotateUserKeyCommand> sutProvider, RotateUserKeyData model)
SutProvider<RotateUserKeyCommand> sutProvider, User user, RotateUserKeyData model)
{
sutProvider.GetDependency<IUserService>().CheckPasswordAsync(model.User, model.MasterPasswordHash)
sutProvider.GetDependency<IUserService>().CheckPasswordAsync(user, model.MasterPasswordHash)
.Returns(false);
var result = await sutProvider.Sut.RotateUserKeyAsync(model);
var result = await sutProvider.Sut.RotateUserKeyAsync(user, model);
Assert.False(result.Succeeded);
}
[Theory, BitAutoData]
public async Task RotateUserKeyAsync_LogsOutUser(
SutProvider<RotateUserKeyCommand> sutProvider, RotateUserKeyData model)
SutProvider<RotateUserKeyCommand> sutProvider, User user, RotateUserKeyData model)
{
sutProvider.GetDependency<IUserService>().CheckPasswordAsync(model.User, model.MasterPasswordHash)
sutProvider.GetDependency<IUserService>().CheckPasswordAsync(user, model.MasterPasswordHash)
.Returns(true);
await sutProvider.Sut.RotateUserKeyAsync(model);
await sutProvider.Sut.RotateUserKeyAsync(user, model);
await sutProvider.GetDependency<IPushNotificationService>().ReceivedWithAnyArgs()
.PushLogOutAsync(default, default);