Fix tests

2026-02-09 05:00:10 +00:00 · 2025-12-12 16:53:00 +01:00
parent 5477859018
commit c5eaf17253
8 changed files with 35 additions and 57 deletions
--- a/apps/web/src/app/admin-console/organizations/members/services/member-actions/member-actions.service.spec.ts
+++ b/apps/web/src/app/admin-console/organizations/members/services/member-actions/member-actions.service.spec.ts
@@ -12,7 +12,6 @@ import {
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { OrganizationMetadataServiceAbstraction } from "@bitwarden/common/billing/abstractions/organization-metadata.service.abstraction";
 import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service";
-import { EncString } from "@bitwarden/common/key-management/crypto/models/enc-string";
 import { ListResponse } from "@bitwarden/common/models/response/list.response";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { FakeAccountService, mockAccountServiceWith } from "@bitwarden/common/spec";
@@ -20,6 +19,7 @@ import { OrganizationId, UserId } from "@bitwarden/common/types/guid";
 import { OrgKey } from "@bitwarden/common/types/key";
 import { newGuid } from "@bitwarden/guid";
 import { KeyService } from "@bitwarden/key-management";
+import { UnsignedSharedKey } from "@bitwarden/sdk-internal";

 import { OrganizationUserView } from "../../../core/views/organization-user.view";
 import { OrganizationUserService } from "../organization-user/organization-user.service";
@@ -264,7 +264,7 @@ describe("MemberActionsService", () => {
      const mockOrgKeys = { [organizationId]: mockOrgKey };
      keyService.orgKeys$.mockReturnValue(of(mockOrgKeys));

-      const mockEncryptedKey = new EncString("encrypted-key-data");
+      const mockEncryptedKey = "encrypted-key-data" as UnsignedSharedKey;
      encryptService.encapsulateKeyUnsigned.mockResolvedValue(mockEncryptedKey);

      organizationUserApiService.postOrganizationUserConfirm.mockResolvedValue(undefined);
--- a/apps/web/src/app/auth/emergency-access/services/emergency-access.service.spec.ts
+++ b/apps/web/src/app/auth/emergency-access/services/emergency-access.service.spec.ts
@@ -19,6 +19,7 @@ import { UserKey, MasterKey, UserPrivateKey } from "@bitwarden/common/types/key"
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { newGuid } from "@bitwarden/guid";
 import { Argon2KdfConfig, KdfType, KeyService, PBKDF2KdfConfig } from "@bitwarden/key-management";
+import { UnsignedSharedKey } from "@bitwarden/sdk-internal";

 import { EmergencyAccessStatusType } from "../enums/emergency-access-status-type";
 import { EmergencyAccessType } from "../enums/emergency-access-type";
@@ -122,10 +123,8 @@ describe("EmergencyAccessService", () => {

        const publicKey = new Uint8Array(64);

-        const mockUserPublicKeyEncryptedUserKey = new EncString(
-          EncryptionType.AesCbc256_HmacSha256_B64,
-          "mockUserPublicKeyEncryptedUserKey",
-        );
+        const mockUserPublicKeyEncryptedUserKey =
+          "2.mockUserPublicKeyEncryptedUserKey" as UnsignedSharedKey;

        keyService.userKey$.mockReturnValue(of(mockUserKey));

@@ -140,7 +139,7 @@ describe("EmergencyAccessService", () => {

        // Assert
        expect(emergencyAccessApiService.postEmergencyAccessConfirm).toHaveBeenCalledWith(id, {
-          key: mockUserPublicKeyEncryptedUserKey.encryptedString,
+          key: mockUserPublicKeyEncryptedUserKey,
        });
      });
    });
@@ -208,7 +207,7 @@ describe("EmergencyAccessService", () => {
      expect(emergencyAccessApiService.postEmergencyAccessView).toHaveBeenCalledWith(params.id);
      expect(keyService.userPrivateKey$).toHaveBeenCalledWith(params.activeUserId);
      expect(encryptService.decapsulateKeyUnsigned).toHaveBeenCalledWith(
-        new EncString(emergencyAccessViewResponse.keyEncrypted),
+        emergencyAccessViewResponse.keyEncrypted,
        mockPrivateKey,
      );
      expect(cipherService.getLocaleSortingFunction).toHaveBeenCalled();
@@ -276,7 +275,7 @@ describe("EmergencyAccessService", () => {
      // Assert
      expect(keyService.userPrivateKey$).toHaveBeenCalledWith(params.activeUserId);
      expect(encryptService.decapsulateKeyUnsigned).toHaveBeenCalledWith(
-        new EncString(takeoverResponse.keyEncrypted),
+        takeoverResponse.keyEncrypted,
        userPrivateKey,
      );
      expect(keyService.makeMasterKey).toHaveBeenCalledWith(
@@ -327,7 +326,7 @@ describe("EmergencyAccessService", () => {

      expect(keyService.userPrivateKey$).toHaveBeenCalledWith(params.activeUserId);
      expect(encryptService.decapsulateKeyUnsigned).toHaveBeenCalledWith(
-        new EncString(argon2TakeoverResponse.keyEncrypted),
+        argon2TakeoverResponse.keyEncrypted,
        userPrivateKey,
      );
      expect(keyService.makeMasterKey).toHaveBeenCalledWith(
@@ -362,7 +361,7 @@ describe("EmergencyAccessService", () => {

      expect(keyService.userPrivateKey$).toHaveBeenCalledWith(params.activeUserId);
      expect(encryptService.decapsulateKeyUnsigned).toHaveBeenCalledWith(
-        new EncString(takeoverResponse.keyEncrypted),
+        takeoverResponse.keyEncrypted,
        userPrivateKey,
      );
      expect(keyService.makeMasterKey).toHaveBeenCalledWith(
@@ -394,7 +393,7 @@ describe("EmergencyAccessService", () => {

      expect(keyService.userPrivateKey$).toHaveBeenCalledWith(params.activeUserId);
      expect(encryptService.decapsulateKeyUnsigned).toHaveBeenCalledWith(
-        new EncString(takeoverResponse.keyEncrypted),
+        takeoverResponse.keyEncrypted,
        userPrivateKey,
      );
      expect(keyService.makeMasterKey).not.toHaveBeenCalled();
@@ -420,7 +419,7 @@ describe("EmergencyAccessService", () => {

      expect(keyService.userPrivateKey$).toHaveBeenCalledWith(params.activeUserId);
      expect(encryptService.decapsulateKeyUnsigned).toHaveBeenCalledWith(
-        new EncString(takeoverResponse.keyEncrypted),
+        takeoverResponse.keyEncrypted,
        userPrivateKey,
      );
      expect(keyService.makeMasterKey).not.toHaveBeenCalled();
@@ -483,9 +482,7 @@ describe("EmergencyAccessService", () => {
      } as UserKeyResponse);

      encryptService.encapsulateKeyUnsigned.mockImplementation((plainValue, publicKey) => {
-        return Promise.resolve(
-          new EncString(EncryptionType.Rsa2048_OaepSha1_B64, "Encrypted: " + plainValue),
-        );
+        return Promise.resolve(("4.Encrypted: " + plainValue) as UnsignedSharedKey);
      });
    });

--- a/libs/auth/src/common/services/auth-request/auth-request.service.spec.ts
+++ b/libs/auth/src/common/services/auth-request/auth-request.service.spec.ts
@@ -5,7 +5,6 @@ import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { AuthRequestResponse } from "@bitwarden/common/auth/models/response/auth-request.response";
 import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service";
-import { EncString } from "@bitwarden/common/key-management/crypto/models/enc-string";
 import { FakeMasterPasswordService } from "@bitwarden/common/key-management/master-password/services/fake-master-password.service";
 import { ListResponse } from "@bitwarden/common/models/response/list.response";
 import { AuthRequestPushNotification } from "@bitwarden/common/models/response/notification.response";
@@ -228,7 +227,7 @@ describe("AuthRequestService", () => {

      // Assert
      expect(encryptService.decapsulateKeyUnsigned).toBeCalledWith(
-        new EncString(mockPubKeyEncryptedUserKey),
+        mockPubKeyEncryptedUserKey,
        mockPrivateKey,
      );
      expect(result).toEqual(mockDecryptedUserKey);
--- a/libs/common/src/auth/models/request/webauthn-rotate-credential.request.ts
+++ b/libs/common/src/auth/models/request/webauthn-rotate-credential.request.ts
@@ -1,9 +1,6 @@
-// FIXME: Update this file to be type safe and remove this and next line
-// @ts-strict-ignore
 import { UnsignedSharedKey } from "@bitwarden/sdk-internal";

 import { EncString } from "../../../key-management/crypto/models/enc-string";
-import { RotateableKeySet } from "../../../key-management/keys/models/rotateable-key-set";

 export class WebauthnRotateCredentialRequest {
  id: string;
@@ -15,15 +12,4 @@ export class WebauthnRotateCredentialRequest {
    this.encryptedPublicKey = encryptedPublicKey;
    this.encryptedUserKey = encryptedUserKey;
  }
-
-  static fromRotateableKeyset(
-    id: string,
-    keyset: RotateableKeySet,
-  ): WebauthnRotateCredentialRequest {
-    return new WebauthnRotateCredentialRequest(
-      id,
-      keyset.encryptedPublicKey,
-      keyset.encryptedPrivateKey,
-    );
-  }
 }
--- a/libs/common/src/auth/services/password-reset-enrollment.service.implementation.spec.ts
+++ b/libs/common/src/auth/services/password-reset-enrollment.service.implementation.spec.ts
@@ -93,7 +93,7 @@ describe("PasswordResetEnrollmentServiceImplementation", () => {
        publicKey: "publicKey",
        privateKey: "privateKey",
      };
-      const encryptedKey = { encryptedString: "encryptedString" };
+      const encryptedKey = "encryptedString";
      organizationApiService.getKeys.mockResolvedValue(orgKeyResponse as any);

      const user1AccountInfo: AccountInfo = {
@@ -114,7 +114,7 @@ describe("PasswordResetEnrollmentServiceImplementation", () => {
        "orgId",
        "userId",
        expect.objectContaining({
-          resetPasswordKey: encryptedKey.encryptedString,
+          resetPasswordKey: encryptedKey,
        }),
      );
    });
@@ -124,7 +124,7 @@ describe("PasswordResetEnrollmentServiceImplementation", () => {
        publicKey: "publicKey",
        privateKey: "privateKey",
      };
-      const encryptedKey = { encryptedString: "encryptedString" };
+      const encryptedKey = "encryptedString";
      organizationApiService.getKeys.mockResolvedValue(orgKeyResponse as any);
      encryptService.encapsulateKeyUnsigned.mockResolvedValue(encryptedKey as any);

@@ -136,7 +136,7 @@ describe("PasswordResetEnrollmentServiceImplementation", () => {
        "orgId",
        "userId",
        expect.objectContaining({
-          resetPasswordKey: encryptedKey.encryptedString,
+          resetPasswordKey: encryptedKey,
        }),
      );
    });
--- a/libs/common/src/key-management/crypto/models/enc-string.spec.ts
+++ b/libs/common/src/key-management/crypto/models/enc-string.spec.ts
@@ -44,7 +44,6 @@ describe("EncString", () => {
        const encString = new EncString("3.data");

        expect(encString).toEqual({
-          data: "data",
          encryptedString: "3.data",
          encryptionType: 3,
        });
@@ -63,10 +62,6 @@ describe("EncString", () => {
        "aXY=|Y3Q=", // AesCbc256_B64 w/out header
        "0.QmFzZTY0UGFydA==|QmFzZTY0UGFydA==", // AesCbc256_B64 with header
        "2.QmFzZTY0UGFydA==|QmFzZTY0UGFydA==|QmFzZTY0UGFydA==", // AesCbc256_HmacSha256_B64
-        "3.QmFzZTY0UGFydA==", // Rsa2048_OaepSha256_B64
-        "4.QmFzZTY0UGFydA==", // Rsa2048_OaepSha1_B64
-        "5.QmFzZTY0UGFydA==|QmFzZTY0UGFydA==", // Rsa2048_OaepSha256_HmacSha256_B64
-        "6.QmFzZTY0UGFydA==|QmFzZTY0UGFydA==", // Rsa2048_OaepSha1_HmacSha256_B64
      ];

      it.each(cases)("can retrieve data bytes for %s", (encryptedString) => {
--- a/libs/common/src/key-management/device-trust/services/device-trust.service.spec.ts
+++ b/libs/common/src/key-management/device-trust/services/device-trust.service.spec.ts
@@ -13,6 +13,7 @@ import { ListResponse } from "@bitwarden/common/models/response/list.response";
 // This import has been flagged as unallowed for this class. It may be involved in a circular dependency loop.
 // eslint-disable-next-line no-restricted-imports
 import { KeyService } from "@bitwarden/key-management";
+import { UnsignedSharedKey } from "@bitwarden/sdk-internal";

 import { FakeAccountService, mockAccountServiceWith } from "../../../../spec/fake-account-service";
 import { FakeActiveUserState } from "../../../../spec/fake-state";
@@ -40,7 +41,6 @@ import { KeyGenerationService } from "../../crypto";
 import { CryptoFunctionService } from "../../crypto/abstractions/crypto-function.service";
 import { EncryptService } from "../../crypto/abstractions/encrypt.service";
 import { EncString } from "../../crypto/models/enc-string";
-import { UnsignedSharedKey } from "@bitwarden/sdk-internal";

 import {
  SHOULD_TRUST_DEVICE,
@@ -493,11 +493,6 @@ describe("deviceTrustService", () => {
          spy: () => rsaGenerateKeyPairSpy,
          errorText: "rsaGenerateKeyPair error",
        },
-        {
-          method: "rsaEncrypt",
-          spy: () => cryptoSvcRsaEncryptSpy,
-          errorText: "rsaEncrypt error",
-        },
        {
          method: "encryptService.wrapEncapsulationKey",
          spy: () => encryptServiceWrapEncapsulationKeySpy,
--- a/libs/key-management/src/key.service.spec.ts
+++ b/libs/key-management/src/key.service.spec.ts
@@ -519,13 +519,19 @@ describe("keyService", () => {

    function fakeOrgKeyDecryption(encryptedString: UnsignedSharedKey, userPrivateKey: Uint8Array) {
      const output = new Uint8Array(64);
-      const dataBytes = encryptedString.split(".")[1];
+      // UnsignedSharedKey format is "4.base64data" - extract the base64 portion
+      const parts = encryptedString.split(".");
+      const dataBytes = parts.length > 1 ? parts[1] : encryptedString;
      const dataBytesArray = Uint8Array.from(atob(dataBytes), (c) => c.charCodeAt(0));
      output.set(dataBytesArray);
-      output.set(userPrivateKey.subarray(0, 64 - dataBytes.length), dataBytes.length);
+      output.set(userPrivateKey.subarray(0, 64 - dataBytesArray.length), dataBytesArray.length);
      return output;
    }

+    // Base64-encoded test key data for UnsignedSharedKey format (4.base64data)
+    const org1KeyUnsigned = "4.b3JnMUtleQ==" as UnsignedSharedKey; // "org1Key" in base64
+    const provider1KeyUnsigned = "4.cHJvdmlkZXIxS2V5" as UnsignedSharedKey; // "provider1Key" in base64
+
    const org1Id = "org1" as OrganizationId;

    type UpdateKeysParams = {
@@ -595,7 +601,7 @@ describe("keyService", () => {
        userKey: makeSymmetricCryptoKey<UserKey>(64),
        encryptedPrivateKey: makeEncString("privateKey"),
        orgKeys: {
-          [org1Id]: { type: "organization", key: "org1Key" as UnsignedSharedKey },
+          [org1Id]: { type: "organization", key: org1KeyUnsigned },
        },
      });

@@ -607,7 +613,7 @@ describe("keyService", () => {
      expect(Object.keys(decryptionKeys!.orgKeys!)).toHaveLength(1);
      expect(decryptionKeys!.orgKeys![org1Id]).not.toBeNull();
      const orgKey = decryptionKeys!.orgKeys![org1Id];
-      expect(orgKey.keyB64).toContain("org1Key");
+      expect(orgKey.toEncoded()).toHaveLength(64);
    });

    it("returns decryption keys when there is an empty record for provider keys", async () => {
@@ -615,7 +621,7 @@ describe("keyService", () => {
        userKey: makeSymmetricCryptoKey<UserKey>(64),
        encryptedPrivateKey: makeEncString("privateKey"),
        orgKeys: {
-          [org1Id]: { type: "organization", key: "org1Key" as UnsignedSharedKey },
+          [org1Id]: { type: "organization", key: org1KeyUnsigned },
        },
        providerKeys: {},
      });
@@ -628,7 +634,7 @@ describe("keyService", () => {
      expect(Object.keys(decryptionKeys!.orgKeys!)).toHaveLength(1);
      expect(decryptionKeys!.orgKeys![org1Id]).not.toBeNull();
      const orgKey = decryptionKeys!.orgKeys![org1Id];
-      expect(orgKey.keyB64).toContain("org1Key");
+      expect(orgKey.toEncoded()).toHaveLength(64);
    });

    it("returns decryption keys when some of the org keys are providers", async () => {
@@ -637,7 +643,7 @@ describe("keyService", () => {
        userKey: makeSymmetricCryptoKey<UserKey>(64),
        encryptedPrivateKey: makeEncString("privateKey"),
        orgKeys: {
-          [org1Id]: { type: "organization", key: "org1Key" as UnsignedSharedKey },
+          [org1Id]: { type: "organization", key: org1KeyUnsigned },
          [org2Id]: {
            type: "provider",
            key: makeEncString("provider1Key").encryptedString!,
@@ -645,7 +651,7 @@ describe("keyService", () => {
          },
        },
        providerKeys: {
-          provider1: "provider1Key" as UnsignedSharedKey,
+          provider1: provider1KeyUnsigned,
        },
      });

@@ -658,7 +664,7 @@ describe("keyService", () => {

      const orgKey = decryptionKeys!.orgKeys![org1Id];
      expect(orgKey).not.toBeNull();
-      expect(orgKey.keyB64).toContain("org1Key");
+      expect(orgKey.toEncoded()).toHaveLength(64);

      const org2Key = decryptionKeys!.orgKeys![org2Id];
      expect(org2Key).not.toBeNull();
@@ -700,7 +706,7 @@ describe("keyService", () => {
      // User has their org keys set
      updateKeys({
        orgKeys: {
-          [org1Id]: { type: "organization", key: "org1Key" as UnsignedSharedKey },
+          [org1Id]: { type: "organization", key: org1KeyUnsigned },
        },
      });