bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-11 22:03:36 +00:00
Code Issues Releases Wiki Activity

add tests (#13923)

Browse Source
This commit is contained in:
Jordan Aasen
2025-03-27 10:46:39 -07:00
committed by GitHub
parent 7d3e43abd8
commit 93a289bfa8
2 changed files with 57 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
libs/common/src/vault/services/cipher.service.spec.ts
View File

@@ -305,52 +305,87 @@ describe("Cipher Service", () => {
}); });
describe("cipher.key", () => { describe("cipher.key", () => {
it("is null when feature flag is false", async () => { beforeEach(() => {
configService.getFeatureFlag.mockResolvedValue(false);
keyService.getOrgKey.mockReturnValue( keyService.getOrgKey.mockReturnValue(
Promise.resolve<any>(new SymmetricCryptoKey(new Uint8Array(32)) as OrgKey), Promise.resolve<any>(new SymmetricCryptoKey(new Uint8Array(32)) as OrgKey),
); );
});
it("is null when feature flag is false", async () => {
configService.getFeatureFlag.mockResolvedValue(false);
const cipher = await cipherService.encrypt(cipherView, userId); const cipher = await cipherService.encrypt(cipherView, userId);
expect(cipher.key).toBeNull(); expect(cipher.key).toBeNull();
}); });
it("is defined when feature flag flag is true", async () => { describe("when feature flag is true", () => {
beforeEach(() => {
configService.getFeatureFlag.mockResolvedValue(true); configService.getFeatureFlag.mockResolvedValue(true);
});
it("is null when the cipher is not viewPassword", async () => {
cipherView.viewPassword = false;
const cipher = await cipherService.encrypt(cipherView, userId);
expect(cipher.key).toBeNull();
});
it("is defined when the cipher is viewPassword", async () => {
cipherView.viewPassword = true;
const cipher = await cipherService.encrypt(cipherView, userId); const cipher = await cipherService.encrypt(cipherView, userId);
expect(cipher.key).toBeDefined(); expect(cipher.key).toBeDefined();
}); });
}); });
});
describe("encryptWithCipherKey", () => { describe("encryptWithCipherKey", () => {
beforeEach(() => { beforeEach(() => {
jest.spyOn<any, string>(cipherService, "encryptCipherWithCipherKey"); jest.spyOn<any, string>(cipherService, "encryptCipherWithCipherKey");
keyService.getOrgKey.mockReturnValue(
Promise.resolve<any>(new SymmetricCryptoKey(new Uint8Array(32)) as OrgKey),
);
}); });
it("is not called when feature flag is false", async () => { it("is not called when feature flag is false", async () => {
configService.getFeatureFlag.mockResolvedValue(false); configService.getFeatureFlag.mockResolvedValue(false);
keyService.getOrgKey.mockReturnValue(
Promise.resolve<any>(new SymmetricCryptoKey(new Uint8Array(32)) as OrgKey),
);
await cipherService.encrypt(cipherView, userId); await cipherService.encrypt(cipherView, userId);
expect(cipherService["encryptCipherWithCipherKey"]).not.toHaveBeenCalled(); expect(cipherService["encryptCipherWithCipherKey"]).not.toHaveBeenCalled();
}); });
it("is called when feature flag is true", async () => { describe("when feature flag is true", () => {
beforeEach(() => {
configService.getFeatureFlag.mockResolvedValue(true); configService.getFeatureFlag.mockResolvedValue(true);
keyService.getOrgKey.mockReturnValue( });
Promise.resolve<any>(new SymmetricCryptoKey(new Uint8Array(32)) as OrgKey),
); it("is called when cipher viewPassword is true", async () => {
cipherView.viewPassword = true;
await cipherService.encrypt(cipherView, userId); await cipherService.encrypt(cipherView, userId);
expect(cipherService["encryptCipherWithCipherKey"]).toHaveBeenCalled(); expect(cipherService["encryptCipherWithCipherKey"]).toHaveBeenCalled();
}); });
it("is not called when cipher viewPassword is false and original cipher has no key", async () => {
cipherView.viewPassword = false;
await cipherService.encrypt(cipherView, userId, undefined, undefined, new Cipher());
expect(cipherService["encryptCipherWithCipherKey"]).not.toHaveBeenCalled();
});
it("is called when cipher viewPassword is false and original cipher has a key", async () => {
cipherView.viewPassword = false;
await cipherService.encrypt(cipherView, userId, undefined, undefined, cipherObj);
expect(cipherService["encryptCipherWithCipherKey"]).toHaveBeenCalled();
});
});
}); });
}); });

6
libs/common/src/vault/services/cipher.service.ts
View File

@@ -222,7 +222,11 @@ export class CipherService implements CipherServiceAbstraction {
cipher.reprompt = model.reprompt; cipher.reprompt = model.reprompt;
cipher.edit = model.edit; cipher.edit = model.edit;
if (await this.getCipherKeyEncryptionEnabled()) { if (
// prevent unprivileged users from migrating to cipher key encryption
(model.viewPassword || originalCipher?.key) &&
(await this.getCipherKeyEncryptionEnabled())
) {
cipher.key = originalCipher?.key ?? null; cipher.key = originalCipher?.key ?? null;
const userOrOrgKey = await this.getKeyForCipherKeyDecryption(cipher, userId); const userOrOrgKey = await this.getKeyForCipherKeyDecryption(cipher, userId);
// The keyForEncryption is only used for encrypting the cipher key, not the cipher itself, since cipher key encryption is enabled. // The keyForEncryption is only used for encrypting the cipher key, not the cipher itself, since cipher key encryption is enabled.