[PM-8107] Remove Duo v2 from server (#4934)

refactor(TwoFactorAuthentication): Remove references to old Duo SDK version 2 code and replace them with the Duo SDK version 4 supported library DuoUniversal code. Increased unit test coverage in the Two Factor Authentication code space. We opted to use DI instead of Inheritance for the Duo and OrganizaitonDuo two factor tokens to increase testability, since creating a testing mock of the Duo.Client was non-trivial. Reviewed-by: @JaredSnider-Bitwarden
2025-06-30 15:42:48 -05:00 · 2024-11-18 15:58:05 -08:00
parent e16cad50b1
commit ab5d4738d6
36 changed files with 1412 additions and 1369 deletions
--- a/test/Api.Test/Auth/Models/Response/OrganizationTwoFactorDuoResponseModelTests.cs
+++ b/test/Api.Test/Auth/Models/Response/OrganizationTwoFactorDuoResponseModelTests.cs
@ -8,42 +8,6 @@ namespace Bit.Api.Test.Auth.Models.Response;

 public class OrganizationTwoFactorDuoResponseModelTests
 {
-    [Theory]
-    [BitAutoData]
-    public void Organization_WithDuoV4_ShouldBuildModel(Organization organization)
-    {
-        // Arrange
-        organization.TwoFactorProviders = GetTwoFactorOrganizationDuoV4ProvidersJson();
-
-        // Act
-        var model = new TwoFactorDuoResponseModel(organization);
-
-        // Assert if v4 data Ikey and Skey are set to clientId and clientSecret
-        Assert.NotNull(model);
-        Assert.Equal("clientId", model.ClientId);
-        Assert.Equal("secret************", model.ClientSecret);
-        Assert.Equal("clientId", model.IntegrationKey);
-        Assert.Equal("secret************", model.SecretKey);
-    }
-
-    [Theory]
-    [BitAutoData]
-    public void Organization_WithDuoV2_ShouldBuildModel(Organization organization)
-    {
-        // Arrange
-        organization.TwoFactorProviders = GetTwoFactorOrganizationDuoV2ProvidersJson();
-
-        // Act
-        var model = new TwoFactorDuoResponseModel(organization);
-
-        // Assert if only v2 data clientId and clientSecret are set to Ikey and Sk
-        Assert.NotNull(model);
-        Assert.Equal("IKey", model.ClientId);
-        Assert.Equal("SKey", model.ClientSecret);
-        Assert.Equal("IKey", model.IntegrationKey);
-        Assert.Equal("SKey", model.SecretKey);
-    }
-
    [Theory]
    [BitAutoData]
    public void Organization_WithDuo_ShouldBuildModel(Organization organization)
@ -54,12 +18,10 @@ public class OrganizationTwoFactorDuoResponseModelTests
        // Act
        var model = new TwoFactorDuoResponseModel(organization);

-        /// Assert Even if both versions are present priority is given to v4 data
+        // Assert
        Assert.NotNull(model);
        Assert.Equal("clientId", model.ClientId);
        Assert.Equal("secret************", model.ClientSecret);
-        Assert.Equal("clientId", model.IntegrationKey);
-        Assert.Equal("secret************", model.SecretKey);
    }

    [Theory]
@ -72,38 +34,33 @@ public class OrganizationTwoFactorDuoResponseModelTests
        // Act
        var model = new TwoFactorDuoResponseModel(organization);

-        /// Assert
+        // Assert
        Assert.False(model.Enabled);
    }

    [Theory]
    [BitAutoData]
-    public void Organization_WithTwoFactorProvidersNull_ShouldFail(Organization organization)
+    public void Organization_WithTwoFactorProvidersNull_ShouldThrow(Organization organization)
    {
        // Arrange
-        organization.TwoFactorProviders = "{\"6\" : {}}";
+        organization.TwoFactorProviders = null;

        // Act
-        var model = new TwoFactorDuoResponseModel(organization);
+        try
+        {
+            var model = new TwoFactorDuoResponseModel(organization);

-        /// Assert
-        Assert.False(model.Enabled);
+        }
+        catch (Exception ex)
+        {
+            // Assert
+            Assert.IsType<ArgumentNullException>(ex);
+        }
    }

    private string GetTwoFactorOrganizationDuoProvidersJson()
-    {
-        return
-            "{\"6\":{\"Enabled\":true,\"MetaData\":{\"SKey\":\"SKey\",\"IKey\":\"IKey\",\"ClientSecret\":\"secretClientSecret\",\"ClientId\":\"clientId\",\"Host\":\"example.com\"}}}";
-    }
-
-    private string GetTwoFactorOrganizationDuoV4ProvidersJson()
    {
        return
            "{\"6\":{\"Enabled\":true,\"MetaData\":{\"ClientSecret\":\"secretClientSecret\",\"ClientId\":\"clientId\",\"Host\":\"example.com\"}}}";
    }
-
-    private string GetTwoFactorOrganizationDuoV2ProvidersJson()
-    {
-        return "{\"6\":{\"Enabled\":true,\"MetaData\":{\"SKey\":\"SKey\",\"IKey\":\"IKey\",\"Host\":\"example.com\"}}}";
-    }
 }
--- a/test/Api.Test/Auth/Models/Response/UserTwoFactorDuoResponseModelTests.cs
+++ b/test/Api.Test/Auth/Models/Response/UserTwoFactorDuoResponseModelTests.cs
@ -10,38 +10,21 @@ public class UserTwoFactorDuoResponseModelTests
 {
    [Theory]
    [BitAutoData]
-    public void User_WithDuoV4_ShouldBuildModel(User user)
+    public void User_WithDuo_UserNull_ThrowsArgumentException(User user)
    {
        // Arrange
-        user.TwoFactorProviders = GetTwoFactorDuoV4ProvidersJson();
+        user.TwoFactorProviders = GetTwoFactorDuoProvidersJson();

        // Act
-        var model = new TwoFactorDuoResponseModel(user);
-
-        // Assert if v4 data Ikey and Skey are set to clientId and clientSecret
-        Assert.NotNull(model);
-        Assert.Equal("clientId", model.ClientId);
-        Assert.Equal("secret************", model.ClientSecret);
-        Assert.Equal("clientId", model.IntegrationKey);
-        Assert.Equal("secret************", model.SecretKey);
-    }
-
-    [Theory]
-    [BitAutoData]
-    public void User_WithDuov2_ShouldBuildModel(User user)
-    {
-        // Arrange
-        user.TwoFactorProviders = GetTwoFactorDuoV2ProvidersJson();
-
-        // Act
-        var model = new TwoFactorDuoResponseModel(user);
-
-        // Assert if only v2 data clientId and clientSecret are set to Ikey and Skey
-        Assert.NotNull(model);
-        Assert.Equal("IKey", model.ClientId);
-        Assert.Equal("SKey", model.ClientSecret);
-        Assert.Equal("IKey", model.IntegrationKey);
-        Assert.Equal("SKey", model.SecretKey);
+        try
+        {
+            var model = new TwoFactorDuoResponseModel(null as User);
+        }
+        catch (ArgumentNullException e)
+        {
+            // Assert
+            Assert.Equal("Value cannot be null. (Parameter 'user')", e.Message);
+        }
    }

    [Theory]
@ -54,12 +37,10 @@ public class UserTwoFactorDuoResponseModelTests
        // Act
        var model = new TwoFactorDuoResponseModel(user);

-        // Assert Even if both versions are present priority is given to v4 data
+        // Assert
        Assert.NotNull(model);
        Assert.Equal("clientId", model.ClientId);
        Assert.Equal("secret************", model.ClientSecret);
-        Assert.Equal("clientId", model.IntegrationKey);
-        Assert.Equal("secret************", model.SecretKey);
    }

    [Theory]
@ -84,26 +65,23 @@ public class UserTwoFactorDuoResponseModelTests
        user.TwoFactorProviders = null;

        // Act
-        var model = new TwoFactorDuoResponseModel(user);
+        try
+        {
+            var model = new TwoFactorDuoResponseModel(user);
+
+        }
+        catch (Exception ex)
+        {
+            // Assert
+            Assert.IsType<ArgumentNullException>(ex);
+
+        }

-        /// Assert
-        Assert.False(model.Enabled);
    }

    private string GetTwoFactorDuoProvidersJson()
-    {
-        return
-            "{\"2\":{\"Enabled\":true,\"MetaData\":{\"SKey\":\"SKey\",\"IKey\":\"IKey\",\"ClientSecret\":\"secretClientSecret\",\"ClientId\":\"clientId\",\"Host\":\"example.com\"}}}";
-    }
-
-    private string GetTwoFactorDuoV4ProvidersJson()
    {
        return
            "{\"2\":{\"Enabled\":true,\"MetaData\":{\"ClientSecret\":\"secretClientSecret\",\"ClientId\":\"clientId\",\"Host\":\"example.com\"}}}";
    }
-
-    private string GetTwoFactorDuoV2ProvidersJson()
-    {
-        return "{\"2\":{\"Enabled\":true,\"MetaData\":{\"SKey\":\"SKey\",\"IKey\":\"IKey\",\"Host\":\"example.com\"}}}";
-    }
 }