nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-20 10:58:07 -05:00
Code

Add error message validation

Browse Source
This commit is contained in:
Bernd Schoolmann 2025-06-09 14:27:58 +02:00
parent 0675505f3c
commit c305af7ed6
No known key found for this signature in database
1 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
test/Core.Test/KeyManagement/UserKey/RotateUserAccountKeysCommandTests.cs
View File

@ -174,13 +174,12 @@ public class RotateUserAccountKeysCommandTests
user.KdfIterations = 3; user.KdfIterations = 3;
user.KdfMemory = 64; user.KdfMemory = 64;
user.KdfParallelism = 4; user.KdfParallelism = 4;
user.PublicKey = "v2-public-key"; user.PublicKey = "public-key";
user.PrivateKey = "2.xxx"; user.PrivateKey = "2.xxx";
// Ensure signature key pair is present // Ensure signature key pair is present
if (model.AccountKeys != null) if (model.AccountKeys != null)
{ {
model.AccountKeys.SignatureKeyPairData = new SignatureKeyPairData( model.AccountKeys.SignatureKeyPairData = new SignatureKeyPairData(SignatureAlgorithm.Ed25519, "dummyWrappedSigningKey", "dummyVerifyingKey");
Bit.Core.KeyManagement.Enums.SignatureAlgorithm.Ed25519, "dummyWrappedSigningKey", "dummyVerifyingKey");
} }
model.MasterPasswordUnlockData.Email = user.Email; model.MasterPasswordUnlockData.Email = user.Email;
model.MasterPasswordUnlockData.KdfType = Enums.KdfType.Argon2id; model.MasterPasswordUnlockData.KdfType = Enums.KdfType.Argon2id;
@ -264,8 +263,8 @@ public class RotateUserAccountKeysCommandTests
model.AccountKeys.SignatureKeyPairData = new SignatureKeyPairData(SignatureAlgorithm.Ed25519, "signingKey", "verifyingKey"); model.AccountKeys.SignatureKeyPairData = new SignatureKeyPairData(SignatureAlgorithm.Ed25519, "signingKey", "verifyingKey");
model.AccountKeys.PublicKeyEncryptionKeyPairData.SignedPublicKey = null; model.AccountKeys.PublicKeyEncryptionKeyPairData.SignedPublicKey = null;
var encryptedDataActions = new List<Core.KeyManagement.UserKey.UpdateEncryptedDataForKeyRotation>(); var encryptedDataActions = new List<Core.KeyManagement.UserKey.UpdateEncryptedDataForKeyRotation>();
var excepction = Assert.Throws<InvalidOperationException>(() => sutProvider.Sut.ValidateRotationModelSignatureKeyPairForV1UserAndUpgradeToV2(model, user, encryptedDataActions)); var exception = Assert.Throws<InvalidOperationException>(() => sutProvider.Sut.ValidateRotationModelSignatureKeyPairForV1UserAndUpgradeToV2(model, user, encryptedDataActions));
Assert.Equal("The provided public key encryption key pair data does not contain a valid signed public key.", excepction.Message); Assert.Equal("The provided public key encryption key pair data does not contain a valid signed public key.", exception.Message);
} }
[Theory, BitAutoData] [Theory, BitAutoData]
@ -290,7 +289,8 @@ public class RotateUserAccountKeysCommandTests
.Returns(new SignatureKeyPairData(SignatureAlgorithm.Ed25519, "dummyWrappedSigningKey", "dummyVerifyingKey")); .Returns(new SignatureKeyPairData(SignatureAlgorithm.Ed25519, "dummyWrappedSigningKey", "dummyVerifyingKey"));
sutProvider.GetDependency<IUserService>().CheckPasswordAsync(user, model.OldMasterKeyAuthenticationHash) sutProvider.GetDependency<IUserService>().CheckPasswordAsync(user, model.OldMasterKeyAuthenticationHash)
.Returns(true); .Returns(true);
await Assert.ThrowsAsync<InvalidOperationException>(async () => await sutProvider.Sut.RotateUserAccountKeysAsync(user, model)); var ex = await Assert.ThrowsAsync<InvalidOperationException>(async () => await sutProvider.Sut.RotateUserAccountKeysAsync(user, model));
Assert.Equal("The provided signature key pair data is missing.", ex.Message);
} }
[Theory, BitAutoData] [Theory, BitAutoData]
@ -325,7 +325,8 @@ public class RotateUserAccountKeysCommandTests
.Returns(repoKeyPair); .Returns(repoKeyPair);
sutProvider.GetDependency<IUserService>().CheckPasswordAsync(user, model.OldMasterKeyAuthenticationHash) sutProvider.GetDependency<IUserService>().CheckPasswordAsync(user, model.OldMasterKeyAuthenticationHash)
.Returns(true); .Returns(true);
await Assert.ThrowsAsync<InvalidOperationException>(async () => await sutProvider.Sut.RotateUserAccountKeysAsync(user, model)); var ex = await Assert.ThrowsAsync<InvalidOperationException>(async () => await sutProvider.Sut.RotateUserAccountKeysAsync(user, model));
Assert.Equal("The provided verifying key does not match the expected value.", ex.Message);
} }
[Theory, BitAutoData] [Theory, BitAutoData]
@ -359,7 +360,8 @@ public class RotateUserAccountKeysCommandTests
.Returns(keyPair); .Returns(keyPair);
sutProvider.GetDependency<IUserService>().CheckPasswordAsync(user, model.OldMasterKeyAuthenticationHash) sutProvider.GetDependency<IUserService>().CheckPasswordAsync(user, model.OldMasterKeyAuthenticationHash)
.Returns(true); .Returns(true);
await Assert.ThrowsAsync<InvalidOperationException>(async () => await sutProvider.Sut.RotateUserAccountKeysAsync(user, model)); var ex = await Assert.ThrowsAsync<InvalidOperationException>(async () => await sutProvider.Sut.RotateUserAccountKeysAsync(user, model));
Assert.Equal("The provided public key encryption key pair data does not contain a valid signed public key.", ex.Message);
} }
[Theory, BitAutoData] [Theory, BitAutoData]
@ -393,6 +395,7 @@ public class RotateUserAccountKeysCommandTests
.Returns(keyPair); .Returns(keyPair);
sutProvider.GetDependency<IUserService>().CheckPasswordAsync(user, model.OldMasterKeyAuthenticationHash) sutProvider.GetDependency<IUserService>().CheckPasswordAsync(user, model.OldMasterKeyAuthenticationHash)
.Returns(true); .Returns(true);
await Assert.ThrowsAsync<InvalidOperationException>(async () => await sutProvider.Sut.RotateUserAccountKeysAsync(user, model)); var ex = await Assert.ThrowsAsync<InvalidOperationException>(async () => await sutProvider.Sut.RotateUserAccountKeysAsync(user, model));
Assert.Equal("The provided wrapped signing key is not XChaCha20-encrypted.", ex.Message);
} }
} }