nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-05 21:18:13 -05:00
Code

[PM-5424] fix TDE provider user (#3771)

Browse Source 
* Add Test Asserting Problem

* Fix Test

---------

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
This commit is contained in:
Ike 2024-02-09 12:08:22 -08:00 committed by GitHub
parent de294b8299
commit a19ae0159f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 79 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/Core/Context/CurrentContext.cs
View File

@ -489,6 +489,10 @@ public class CurrentContext : ICurrentContext
{ {
if (Organizations == null) if (Organizations == null)
{ {
// If we haven't had our user id set, take the one passed in since we are about to get information
// for them anyways.
UserId ??= userId;
var userOrgs = await organizationUserRepository.GetManyDetailsByUserAsync(userId); var userOrgs = await organizationUserRepository.GetManyDetailsByUserAsync(userId);
Organizations = userOrgs.Where(ou => ou.Status == OrganizationUserStatusType.Confirmed) Organizations = userOrgs.Where(ou => ou.Status == OrganizationUserStatusType.Confirmed)
.Select(ou => new CurrentContextOrganization(ou)).ToList(); .Select(ou => new CurrentContextOrganization(ou)).ToList();
@ -501,6 +505,10 @@ public class CurrentContext : ICurrentContext
{ {
if (Providers == null) if (Providers == null)
{ {
// If we haven't had our user id set, take the one passed in since we are about to get information
// for them anyways.
UserId ??= userId;
var userProviders = await providerUserRepository.GetManyByUserAsync(userId); var userProviders = await providerUserRepository.GetManyByUserAsync(userId);
Providers = userProviders.Where(ou => ou.Status == ProviderUserStatusType.Confirmed) Providers = userProviders.Where(ou => ou.Status == ProviderUserStatusType.Confirmed)
.Select(ou => new CurrentContextProvider(ou)).ToList(); .Select(ou => new CurrentContextProvider(ou)).ToList();

71
test/Identity.IntegrationTest/Endpoints/IdentityServerSsoTests.cs
View File

@ -1,6 +1,9 @@
using System.Security.Claims; using System.Security.Claims;
using System.Text.Json; using System.Text.Json;
using Bit.Core.AdminConsole.Entities; using Bit.Core.AdminConsole.Entities;
using Bit.Core.AdminConsole.Entities.Provider;
using Bit.Core.AdminConsole.Enums.Provider;
using Bit.Core.AdminConsole.Repositories;
using Bit.Core.Auth.Entities; using Bit.Core.Auth.Entities;
using Bit.Core.Auth.Enums; using Bit.Core.Auth.Enums;
using Bit.Core.Auth.Models.Api.Request.Accounts; using Bit.Core.Auth.Models.Api.Request.Accounts;
@ -380,6 +383,74 @@ public class IdentityServerSsoTests
} }
[Fact]
public async Task SsoLogin_TrustedDeviceEncryption_ProviderUserHasManageResetPassword_ReturnsCorrectOptions()
{
var challenge = new string('c', 50);
var factory = await CreateFactoryAsync(new SsoConfigurationData
{
MemberDecryptionType = MemberDecryptionType.TrustedDeviceEncryption,
}, challenge);
var user = await factory.Services.GetRequiredService<IUserRepository>().GetByEmailAsync(TestEmail);
var providerRepository = factory.Services.GetRequiredService<IProviderRepository>();
var provider = await providerRepository.CreateAsync(new Provider
{
Name = "Test Provider",
});
var providerUserRepository = factory.Services.GetRequiredService<IProviderUserRepository>();
await providerUserRepository.CreateAsync(new ProviderUser
{
ProviderId = provider.Id,
UserId = user.Id,
Status = ProviderUserStatusType.Confirmed,
Permissions = CoreHelpers.ClassToJsonData(new Permissions
{
ManageResetPassword = true,
}),
});
var organizationUserRepository = factory.Services.GetRequiredService<IOrganizationUserRepository>();
var organizationUser = (await organizationUserRepository.GetManyByUserAsync(user.Id)).Single();
var providerOrganizationRepository = factory.Services.GetRequiredService<IProviderOrganizationRepository>();
await providerOrganizationRepository.CreateAsync(new ProviderOrganization
{
ProviderId = provider.Id,
OrganizationId = organizationUser.OrganizationId,
});
// Act
var context = await factory.Server.PostAsync("/connect/token", new FormUrlEncodedContent(new Dictionary<string, string>
{
{ "scope", "api offline_access" },
{ "client_id", "web" },
{ "deviceType", "10" },
{ "deviceIdentifier", "test_id" },
{ "deviceName", "firefox" },
{ "twoFactorToken", "TEST"},
{ "twoFactorProvider", "5" }, // RememberMe Provider
{ "twoFactorRemember", "0" },
{ "grant_type", "authorization_code" },
{ "code", "test_code" },
{ "code_verifier", challenge },
{ "redirect_uri", "https://localhost:8080/sso-connector.html" }
}));
Assert.Equal(StatusCodes.Status200OK, context.Response.StatusCode);
using var responseBody = await AssertHelper.AssertResponseTypeIs<JsonDocument>(context);
var root = responseBody.RootElement;
AssertHelper.AssertJsonProperty(root, "access_token", JsonValueKind.String);
var userDecryptionOptions = AssertHelper.AssertJsonProperty(root, "UserDecryptionOptions", JsonValueKind.Object);
var trustedDeviceOption = AssertHelper.AssertJsonProperty(userDecryptionOptions, "TrustedDeviceOption", JsonValueKind.Object);
AssertHelper.AssertJsonProperty(trustedDeviceOption, "HasAdminApproval", JsonValueKind.False);
AssertHelper.AssertJsonProperty(trustedDeviceOption, "HasManageResetPasswordPermission", JsonValueKind.True);
}
[Fact] [Fact]
public async Task SsoLogin_KeyConnector_ReturnsOptions() public async Task SsoLogin_KeyConnector_ReturnsOptions()
{ {