mirror of
https://github.com/bitwarden/server.git
synced 2025-04-05 21:18:13 -05:00
9f4aa1ab2b
* PM-10600: Notification push notification * PM-10600: Sending to specific client types for relay push notifications * PM-10600: Sending to specific client types for other clients * PM-10600: Send push notification on notification creation * PM-10600: Explicit group names * PM-10600: Id typos * PM-10600: Revert global push notifications * PM-10600: Added DeviceType claim * PM-10600: Sent to organization typo * PM-10600: UT coverage * PM-10600: Small refactor, UTs coverage * PM-10600: UTs coverage * PM-10600: Startup fix * PM-10600: Test fix * PM-10600: Required attribute, organization group for push notification fix * PM-10600: UT coverage * PM-10600: Fix Mobile devices not registering to organization push notifications We only register devices for organization push notifications when the organization is being created. This does not work, since we have a use case (Notification Center) of delivering notifications to all users of organization. This fixes it, by adding the organization id tag when device registers for push notifications. * PM-10600: Unit Test coverage for NotificationHubPushRegistrationService Fixed IFeatureService substitute mocking for Android tests. Added user part of organization test with organizationId tags expectation. * PM-10600: Unit Tests fix to NotificationHubPushRegistrationService after merge conflict * PM-10600: Organization push notifications not sending to mobile device from self-hosted. Self-hosted instance uses relay to register the mobile device against Bitwarden Cloud Api. Only the self-hosted server knows client's organization membership, which means it needs to pass in the organization id's information to the relay. Similarly, for Bitwarden Cloud, the organizaton id will come directly from the server. * PM-10600: Fix self-hosted organization notification not being received by mobile device. When mobile device registers on self-hosted through the relay, every single id, like user id, device id and now organization id needs to be prefixed with the installation id. This have been missing in the PushController that handles this for organization id. * PM-10600: Broken NotificationsController integration test Device type is now part of JWT access token, so the notification center results in the integration test are now scoped to client type web and all. * PM-10600: Merge conflicts fix * merge conflict fix * PM-10600: Push notification with full notification center content. Notification Center push notification now includes all the fields. * PM-10564: Push notification updates to other clients Cherry-picked and squashed commits: d9711b6031a1bc1d96b920e521e6f37de1b434ec 6e69c8a0ce9a5ee29df9988b20c6e531c0b4e4a3 01c814595e572911574066802b661c83b116a865 3885885d5f4be39fdc2b8d258867c8a7536491cd 1285a7e994921b0e6f9ba78f9b84d8e7a6ceda2f fcf346985f367c462ef7b65ce7d5d2612f7345cc 28ff53c293f4d37de5fa40d2964f924368e13c95 57804ae27cbf25d88d148f399ce81c1c09997e10 1c9339b6869926e59076202e06341e5d4a403cc7 * PM-15084: Push global notification creation to affected clients Cherry-picked and squashed commits: ed5051e0ebc578ac6c5fce1f406d66bede3fa2b6 181f3e4ae643072c737ac00bf44a2fbbdd458ee8 49fe7c93fd5eb6fd5df680194403cf4b2beabace a8efb45a63d685cce83a6e5ea28f2320c3e52dae 7b4122c8379df5444e839297b4e7f9163550861a d21d4a67b32af85f5cd4d7dff2491852fd7d2028 186a09bb9206417616d8645cbbd18478f31a305c 1531f564b54ec1a031399fc1e2754e59dbd7e743 * PM-15084: Log warning when invalid notification push notification sent * explicit Guid default value * push notification tests in wrong namespace * Installation push notification not received for on global notification center message * wrong merge conflict * wrong merge conflict * installation id type Guid in push registration request
311 lines
13 KiB
C#
311 lines
13 KiB
C#
using System.Runtime.CompilerServices;
|
|
using Bit.Core.Auth.Models.Api.Request;
|
|
using Bit.Core.Entities;
|
|
using Bit.Core.Enums;
|
|
using Bit.Core.Exceptions;
|
|
using Bit.Core.Models.Data.Organizations.OrganizationUsers;
|
|
using Bit.Core.Platform.Push;
|
|
using Bit.Core.Repositories;
|
|
using Bit.Core.Services;
|
|
using Bit.Core.Settings;
|
|
using Bit.Test.Common.AutoFixture;
|
|
using Bit.Test.Common.AutoFixture.Attributes;
|
|
using NSubstitute;
|
|
using Xunit;
|
|
|
|
namespace Bit.Core.Test.Services;
|
|
|
|
[SutProviderCustomize]
|
|
public class DeviceServiceTests
|
|
{
|
|
[Theory]
|
|
[BitAutoData]
|
|
public async Task SaveAsync_IdProvided_UpdatedRevisionDateAndPushRegistration(Guid id, Guid userId,
|
|
Guid organizationId1, Guid organizationId2, Guid installationId,
|
|
OrganizationUserOrganizationDetails organizationUserOrganizationDetails1,
|
|
OrganizationUserOrganizationDetails organizationUserOrganizationDetails2)
|
|
{
|
|
organizationUserOrganizationDetails1.OrganizationId = organizationId1;
|
|
organizationUserOrganizationDetails2.OrganizationId = organizationId2;
|
|
|
|
var deviceRepo = Substitute.For<IDeviceRepository>();
|
|
var pushRepo = Substitute.For<IPushRegistrationService>();
|
|
var organizationUserRepository = Substitute.For<IOrganizationUserRepository>();
|
|
organizationUserRepository.GetManyDetailsByUserAsync(Arg.Any<Guid>(), Arg.Any<OrganizationUserStatusType?>())
|
|
.Returns([organizationUserOrganizationDetails1, organizationUserOrganizationDetails2]);
|
|
var globalSettings = Substitute.For<IGlobalSettings>();
|
|
globalSettings.Installation.Id.Returns(installationId);
|
|
var deviceService = new DeviceService(deviceRepo, pushRepo, organizationUserRepository, globalSettings);
|
|
|
|
var device = new Device
|
|
{
|
|
Id = id,
|
|
Name = "test device",
|
|
Type = DeviceType.Android,
|
|
UserId = userId,
|
|
PushToken = "testtoken",
|
|
Identifier = "testid"
|
|
};
|
|
await deviceService.SaveAsync(device);
|
|
|
|
Assert.True(device.RevisionDate - DateTime.UtcNow < TimeSpan.FromSeconds(1));
|
|
await pushRepo.Received(1).CreateOrUpdateRegistrationAsync("testtoken", id.ToString(),
|
|
userId.ToString(), "testid", DeviceType.Android,
|
|
Arg.Do<IEnumerable<string>>(organizationIds =>
|
|
{
|
|
var organizationIdsList = organizationIds.ToList();
|
|
Assert.Equal(2, organizationIdsList.Count);
|
|
Assert.Contains(organizationId1.ToString(), organizationIdsList);
|
|
Assert.Contains(organizationId2.ToString(), organizationIdsList);
|
|
}), installationId);
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
public async Task SaveAsync_IdNotProvided_CreatedAndPushRegistration(Guid userId, Guid organizationId1,
|
|
Guid organizationId2, Guid installationId,
|
|
OrganizationUserOrganizationDetails organizationUserOrganizationDetails1,
|
|
OrganizationUserOrganizationDetails organizationUserOrganizationDetails2)
|
|
{
|
|
organizationUserOrganizationDetails1.OrganizationId = organizationId1;
|
|
organizationUserOrganizationDetails2.OrganizationId = organizationId2;
|
|
|
|
var deviceRepo = Substitute.For<IDeviceRepository>();
|
|
var pushRepo = Substitute.For<IPushRegistrationService>();
|
|
var organizationUserRepository = Substitute.For<IOrganizationUserRepository>();
|
|
organizationUserRepository.GetManyDetailsByUserAsync(Arg.Any<Guid>(), Arg.Any<OrganizationUserStatusType?>())
|
|
.Returns([organizationUserOrganizationDetails1, organizationUserOrganizationDetails2]);
|
|
var globalSettings = Substitute.For<IGlobalSettings>();
|
|
globalSettings.Installation.Id.Returns(installationId);
|
|
var deviceService = new DeviceService(deviceRepo, pushRepo, organizationUserRepository, globalSettings);
|
|
|
|
var device = new Device
|
|
{
|
|
Name = "test device",
|
|
Type = DeviceType.Android,
|
|
UserId = userId,
|
|
PushToken = "testtoken",
|
|
Identifier = "testid"
|
|
};
|
|
await deviceService.SaveAsync(device);
|
|
|
|
await pushRepo.Received(1).CreateOrUpdateRegistrationAsync("testtoken",
|
|
Arg.Do<string>(id => Guid.TryParse(id, out var _)), userId.ToString(), "testid", DeviceType.Android,
|
|
Arg.Do<IEnumerable<string>>(organizationIds =>
|
|
{
|
|
var organizationIdsList = organizationIds.ToList();
|
|
Assert.Equal(2, organizationIdsList.Count);
|
|
Assert.Contains(organizationId1.ToString(), organizationIdsList);
|
|
Assert.Contains(organizationId2.ToString(), organizationIdsList);
|
|
}), installationId);
|
|
}
|
|
|
|
/// <summary>
|
|
/// Story: A user chose to keep trust in one of their current trusted devices, but not in another one of their
|
|
/// devices. We will rotate the trust of the currently signed in device as well as the device they chose but will
|
|
/// remove the trust of the device they didn't give new keys for.
|
|
/// </summary>
|
|
[Theory, BitAutoData]
|
|
public async Task UpdateDevicesTrustAsync_Works(
|
|
SutProvider<DeviceService> sutProvider,
|
|
Guid currentUserId,
|
|
Device deviceOne,
|
|
Device deviceTwo,
|
|
Device deviceThree)
|
|
{
|
|
SetupOldTrust(deviceOne);
|
|
SetupOldTrust(deviceTwo);
|
|
SetupOldTrust(deviceThree);
|
|
|
|
deviceOne.Identifier = "current_device";
|
|
|
|
sutProvider.GetDependency<IDeviceRepository>()
|
|
.GetManyByUserIdAsync(currentUserId)
|
|
.Returns(new List<Device> { deviceOne, deviceTwo, deviceThree, });
|
|
|
|
var currentDeviceModel = new DeviceKeysUpdateRequestModel
|
|
{
|
|
EncryptedPublicKey = "current_encrypted_public_key",
|
|
EncryptedUserKey = "current_encrypted_user_key",
|
|
};
|
|
|
|
var alteredDeviceModels = new List<OtherDeviceKeysUpdateRequestModel>
|
|
{
|
|
new OtherDeviceKeysUpdateRequestModel
|
|
{
|
|
DeviceId = deviceTwo.Id,
|
|
EncryptedPublicKey = "encrypted_public_key_two",
|
|
EncryptedUserKey = "encrypted_user_key_two",
|
|
},
|
|
};
|
|
|
|
await sutProvider.Sut.UpdateDevicesTrustAsync("current_device", currentUserId, currentDeviceModel,
|
|
alteredDeviceModels);
|
|
|
|
// Updating trust, "current" or "other" only needs to change the EncryptedPublicKey & EncryptedUserKey
|
|
await sutProvider.GetDependency<IDeviceRepository>()
|
|
.Received(1)
|
|
.UpsertAsync(Arg.Is<Device>(d =>
|
|
d.Id == deviceOne.Id &&
|
|
d.EncryptedPublicKey == "current_encrypted_public_key" &&
|
|
d.EncryptedUserKey == "current_encrypted_user_key" &&
|
|
d.EncryptedPrivateKey == "old_private_deviceOne"));
|
|
|
|
await sutProvider.GetDependency<IDeviceRepository>()
|
|
.Received(1)
|
|
.UpsertAsync(Arg.Is<Device>(d =>
|
|
d.Id == deviceTwo.Id &&
|
|
d.EncryptedPublicKey == "encrypted_public_key_two" &&
|
|
d.EncryptedUserKey == "encrypted_user_key_two" &&
|
|
d.EncryptedPrivateKey == "old_private_deviceTwo"));
|
|
|
|
// Clearing trust should remove all key values
|
|
await sutProvider.GetDependency<IDeviceRepository>()
|
|
.Received(1)
|
|
.UpsertAsync(Arg.Is<Device>(d =>
|
|
d.Id == deviceThree.Id &&
|
|
d.EncryptedPublicKey == null &&
|
|
d.EncryptedUserKey == null &&
|
|
d.EncryptedPrivateKey == null));
|
|
|
|
// Should have recieved a total of 3 calls, the ones asserted above
|
|
await sutProvider.GetDependency<IDeviceRepository>()
|
|
.Received(3)
|
|
.UpsertAsync(Arg.Any<Device>());
|
|
|
|
static void SetupOldTrust(Device device, [CallerArgumentExpression(nameof(device))] string expression = null)
|
|
{
|
|
device.EncryptedPublicKey = $"old_public_{expression}";
|
|
device.EncryptedPrivateKey = $"old_private_{expression}";
|
|
device.EncryptedUserKey = $"old_user_{expression}";
|
|
}
|
|
}
|
|
|
|
/// <summary>
|
|
/// Story: This could result from a poor implementation of this method, if they attempt add trust to a device
|
|
/// that doesn't already have trust. They would have to create brand new values and for that values to be accurate
|
|
/// they would technically have all the values needed to trust a device, that is why we don't consider this bad
|
|
/// enough to throw but do skip it because we'd rather keep number of ways for trust to be added to the endpoint we
|
|
/// already have.
|
|
/// </summary>
|
|
[Theory, BitAutoData]
|
|
public async Task UpdateDevicesTrustAsync_DoesNotUpdateUntrustedDevices(
|
|
SutProvider<DeviceService> sutProvider,
|
|
Guid currentUserId,
|
|
Device deviceOne,
|
|
Device deviceTwo)
|
|
{
|
|
deviceOne.Identifier = "current_device";
|
|
|
|
// Make deviceTwo untrusted
|
|
deviceTwo.EncryptedUserKey = string.Empty;
|
|
deviceTwo.EncryptedPublicKey = string.Empty;
|
|
deviceTwo.EncryptedPrivateKey = string.Empty;
|
|
|
|
sutProvider.GetDependency<IDeviceRepository>()
|
|
.GetManyByUserIdAsync(currentUserId)
|
|
.Returns(new List<Device> { deviceOne, deviceTwo, });
|
|
|
|
var currentDeviceModel = new DeviceKeysUpdateRequestModel
|
|
{
|
|
EncryptedPublicKey = "current_encrypted_public_key",
|
|
EncryptedUserKey = "current_encrypted_user_key",
|
|
};
|
|
|
|
var alteredDeviceModels = new List<OtherDeviceKeysUpdateRequestModel>
|
|
{
|
|
new OtherDeviceKeysUpdateRequestModel
|
|
{
|
|
DeviceId = deviceTwo.Id,
|
|
EncryptedPublicKey = "encrypted_public_key_two",
|
|
EncryptedUserKey = "encrypted_user_key_two",
|
|
},
|
|
};
|
|
|
|
await sutProvider.Sut.UpdateDevicesTrustAsync("current_device", currentUserId, currentDeviceModel,
|
|
alteredDeviceModels);
|
|
|
|
// Check that UpsertAsync was called for the trusted device
|
|
await sutProvider.GetDependency<IDeviceRepository>()
|
|
.Received(1)
|
|
.UpsertAsync(Arg.Is<Device>(d =>
|
|
d.Id == deviceOne.Id &&
|
|
d.EncryptedPublicKey == "current_encrypted_public_key" &&
|
|
d.EncryptedUserKey == "current_encrypted_user_key"));
|
|
|
|
// Check that UpsertAsync was not called for the untrusted device
|
|
await sutProvider.GetDependency<IDeviceRepository>()
|
|
.DidNotReceive()
|
|
.UpsertAsync(Arg.Is<Device>(d => d.Id == deviceTwo.Id));
|
|
}
|
|
|
|
/// <summary>
|
|
/// Story: This should only happen if someone were to take the access token from a different device and try to rotate
|
|
/// a device that they don't actually have.
|
|
/// </summary>
|
|
[Theory, BitAutoData]
|
|
public async Task UpdateDevicesTrustAsync_ThrowsNotFoundException_WhenCurrentDeviceIdentifierDoesNotExist(
|
|
SutProvider<DeviceService> sutProvider,
|
|
Guid currentUserId,
|
|
Device deviceOne,
|
|
Device deviceTwo)
|
|
{
|
|
deviceOne.Identifier = "some_other_device";
|
|
deviceTwo.Identifier = "another_device";
|
|
|
|
sutProvider.GetDependency<IDeviceRepository>()
|
|
.GetManyByUserIdAsync(currentUserId)
|
|
.Returns(new List<Device> { deviceOne, deviceTwo, });
|
|
|
|
var currentDeviceModel = new DeviceKeysUpdateRequestModel
|
|
{
|
|
EncryptedPublicKey = "current_encrypted_public_key",
|
|
EncryptedUserKey = "current_encrypted_user_key",
|
|
};
|
|
|
|
await Assert.ThrowsAsync<NotFoundException>(() =>
|
|
sutProvider.Sut.UpdateDevicesTrustAsync("current_device", currentUserId, currentDeviceModel,
|
|
Enumerable.Empty<OtherDeviceKeysUpdateRequestModel>()));
|
|
}
|
|
|
|
/// <summary>
|
|
/// Story: This should only happen from a poorly implemented user of this method but important to enforce someone
|
|
/// using the method correctly, a device should only be rotated intentionally and including it as both the current
|
|
/// device and one of the users other device would mean they could rotate it twice and we aren't sure
|
|
/// which one they would want to win out.
|
|
/// </summary>
|
|
[Theory, BitAutoData]
|
|
public async Task UpdateDevicesTrustAsync_ThrowsBadRequestException_WhenCurrentDeviceIsIncludedInAlteredDevices(
|
|
SutProvider<DeviceService> sutProvider,
|
|
Guid currentUserId,
|
|
Device deviceOne,
|
|
Device deviceTwo)
|
|
{
|
|
deviceOne.Identifier = "current_device";
|
|
|
|
sutProvider.GetDependency<IDeviceRepository>()
|
|
.GetManyByUserIdAsync(currentUserId)
|
|
.Returns(new List<Device> { deviceOne, deviceTwo, });
|
|
|
|
var currentDeviceModel = new DeviceKeysUpdateRequestModel
|
|
{
|
|
EncryptedPublicKey = "current_encrypted_public_key",
|
|
EncryptedUserKey = "current_encrypted_user_key",
|
|
};
|
|
|
|
var alteredDeviceModels = new List<OtherDeviceKeysUpdateRequestModel>
|
|
{
|
|
new OtherDeviceKeysUpdateRequestModel
|
|
{
|
|
DeviceId = deviceOne.Id, // current device is included in alteredDevices
|
|
EncryptedPublicKey = "encrypted_public_key_one",
|
|
EncryptedUserKey = "encrypted_user_key_one",
|
|
},
|
|
};
|
|
|
|
await Assert.ThrowsAsync<BadRequestException>(() =>
|
|
sutProvider.Sut.UpdateDevicesTrustAsync("current_device", currentUserId, currentDeviceModel,
|
|
alteredDeviceModels));
|
|
}
|
|
}
|