From c5eaf1725349b82f83360a76640d7c2fa8983ecb Mon Sep 17 00:00:00 2001 From: Bernd Schoolmann Date: Fri, 12 Dec 2025 16:53:00 +0100 Subject: [PATCH] Fix tests --- .../member-actions.service.spec.ts | 4 +-- .../services/emergency-access.service.spec.ts | 25 ++++++++---------- .../auth-request/auth-request.service.spec.ts | 3 +-- .../webauthn-rotate-credential.request.ts | 14 ---------- ...-enrollment.service.implementation.spec.ts | 8 +++--- .../crypto/models/enc-string.spec.ts | 5 ---- .../services/device-trust.service.spec.ts | 7 +---- libs/key-management/src/key.service.spec.ts | 26 ++++++++++++------- 8 files changed, 35 insertions(+), 57 deletions(-) diff --git a/apps/web/src/app/admin-console/organizations/members/services/member-actions/member-actions.service.spec.ts b/apps/web/src/app/admin-console/organizations/members/services/member-actions/member-actions.service.spec.ts index e856ab7afd1..d87f9c58bf3 100644 --- a/apps/web/src/app/admin-console/organizations/members/services/member-actions/member-actions.service.spec.ts +++ b/apps/web/src/app/admin-console/organizations/members/services/member-actions/member-actions.service.spec.ts @@ -12,7 +12,6 @@ import { import { Organization } from "@bitwarden/common/admin-console/models/domain/organization"; import { OrganizationMetadataServiceAbstraction } from "@bitwarden/common/billing/abstractions/organization-metadata.service.abstraction"; import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service"; -import { EncString } from "@bitwarden/common/key-management/crypto/models/enc-string"; import { ListResponse } from "@bitwarden/common/models/response/list.response"; import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service"; import { FakeAccountService, mockAccountServiceWith } from "@bitwarden/common/spec"; @@ -20,6 +19,7 @@ import { OrganizationId, UserId } from "@bitwarden/common/types/guid"; import { OrgKey } from "@bitwarden/common/types/key"; import { newGuid } from "@bitwarden/guid"; import { KeyService } from "@bitwarden/key-management"; +import { UnsignedSharedKey } from "@bitwarden/sdk-internal"; import { OrganizationUserView } from "../../../core/views/organization-user.view"; import { OrganizationUserService } from "../organization-user/organization-user.service"; @@ -264,7 +264,7 @@ describe("MemberActionsService", () => { const mockOrgKeys = { [organizationId]: mockOrgKey }; keyService.orgKeys$.mockReturnValue(of(mockOrgKeys)); - const mockEncryptedKey = new EncString("encrypted-key-data"); + const mockEncryptedKey = "encrypted-key-data" as UnsignedSharedKey; encryptService.encapsulateKeyUnsigned.mockResolvedValue(mockEncryptedKey); organizationUserApiService.postOrganizationUserConfirm.mockResolvedValue(undefined); diff --git a/apps/web/src/app/auth/emergency-access/services/emergency-access.service.spec.ts b/apps/web/src/app/auth/emergency-access/services/emergency-access.service.spec.ts index 05d6094745c..3fe455a68c7 100644 --- a/apps/web/src/app/auth/emergency-access/services/emergency-access.service.spec.ts +++ b/apps/web/src/app/auth/emergency-access/services/emergency-access.service.spec.ts @@ -19,6 +19,7 @@ import { UserKey, MasterKey, UserPrivateKey } from "@bitwarden/common/types/key" import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service"; import { newGuid } from "@bitwarden/guid"; import { Argon2KdfConfig, KdfType, KeyService, PBKDF2KdfConfig } from "@bitwarden/key-management"; +import { UnsignedSharedKey } from "@bitwarden/sdk-internal"; import { EmergencyAccessStatusType } from "../enums/emergency-access-status-type"; import { EmergencyAccessType } from "../enums/emergency-access-type"; @@ -122,10 +123,8 @@ describe("EmergencyAccessService", () => { const publicKey = new Uint8Array(64); - const mockUserPublicKeyEncryptedUserKey = new EncString( - EncryptionType.AesCbc256_HmacSha256_B64, - "mockUserPublicKeyEncryptedUserKey", - ); + const mockUserPublicKeyEncryptedUserKey = + "2.mockUserPublicKeyEncryptedUserKey" as UnsignedSharedKey; keyService.userKey$.mockReturnValue(of(mockUserKey)); @@ -140,7 +139,7 @@ describe("EmergencyAccessService", () => { // Assert expect(emergencyAccessApiService.postEmergencyAccessConfirm).toHaveBeenCalledWith(id, { - key: mockUserPublicKeyEncryptedUserKey.encryptedString, + key: mockUserPublicKeyEncryptedUserKey, }); }); }); @@ -208,7 +207,7 @@ describe("EmergencyAccessService", () => { expect(emergencyAccessApiService.postEmergencyAccessView).toHaveBeenCalledWith(params.id); expect(keyService.userPrivateKey$).toHaveBeenCalledWith(params.activeUserId); expect(encryptService.decapsulateKeyUnsigned).toHaveBeenCalledWith( - new EncString(emergencyAccessViewResponse.keyEncrypted), + emergencyAccessViewResponse.keyEncrypted, mockPrivateKey, ); expect(cipherService.getLocaleSortingFunction).toHaveBeenCalled(); @@ -276,7 +275,7 @@ describe("EmergencyAccessService", () => { // Assert expect(keyService.userPrivateKey$).toHaveBeenCalledWith(params.activeUserId); expect(encryptService.decapsulateKeyUnsigned).toHaveBeenCalledWith( - new EncString(takeoverResponse.keyEncrypted), + takeoverResponse.keyEncrypted, userPrivateKey, ); expect(keyService.makeMasterKey).toHaveBeenCalledWith( @@ -327,7 +326,7 @@ describe("EmergencyAccessService", () => { expect(keyService.userPrivateKey$).toHaveBeenCalledWith(params.activeUserId); expect(encryptService.decapsulateKeyUnsigned).toHaveBeenCalledWith( - new EncString(argon2TakeoverResponse.keyEncrypted), + argon2TakeoverResponse.keyEncrypted, userPrivateKey, ); expect(keyService.makeMasterKey).toHaveBeenCalledWith( @@ -362,7 +361,7 @@ describe("EmergencyAccessService", () => { expect(keyService.userPrivateKey$).toHaveBeenCalledWith(params.activeUserId); expect(encryptService.decapsulateKeyUnsigned).toHaveBeenCalledWith( - new EncString(takeoverResponse.keyEncrypted), + takeoverResponse.keyEncrypted, userPrivateKey, ); expect(keyService.makeMasterKey).toHaveBeenCalledWith( @@ -394,7 +393,7 @@ describe("EmergencyAccessService", () => { expect(keyService.userPrivateKey$).toHaveBeenCalledWith(params.activeUserId); expect(encryptService.decapsulateKeyUnsigned).toHaveBeenCalledWith( - new EncString(takeoverResponse.keyEncrypted), + takeoverResponse.keyEncrypted, userPrivateKey, ); expect(keyService.makeMasterKey).not.toHaveBeenCalled(); @@ -420,7 +419,7 @@ describe("EmergencyAccessService", () => { expect(keyService.userPrivateKey$).toHaveBeenCalledWith(params.activeUserId); expect(encryptService.decapsulateKeyUnsigned).toHaveBeenCalledWith( - new EncString(takeoverResponse.keyEncrypted), + takeoverResponse.keyEncrypted, userPrivateKey, ); expect(keyService.makeMasterKey).not.toHaveBeenCalled(); @@ -483,9 +482,7 @@ describe("EmergencyAccessService", () => { } as UserKeyResponse); encryptService.encapsulateKeyUnsigned.mockImplementation((plainValue, publicKey) => { - return Promise.resolve( - new EncString(EncryptionType.Rsa2048_OaepSha1_B64, "Encrypted: " + plainValue), - ); + return Promise.resolve(("4.Encrypted: " + plainValue) as UnsignedSharedKey); }); }); diff --git a/libs/auth/src/common/services/auth-request/auth-request.service.spec.ts b/libs/auth/src/common/services/auth-request/auth-request.service.spec.ts index c4c7b240dc6..8aaedfc03cf 100644 --- a/libs/auth/src/common/services/auth-request/auth-request.service.spec.ts +++ b/libs/auth/src/common/services/auth-request/auth-request.service.spec.ts @@ -5,7 +5,6 @@ import { ApiService } from "@bitwarden/common/abstractions/api.service"; import { AccountService } from "@bitwarden/common/auth/abstractions/account.service"; import { AuthRequestResponse } from "@bitwarden/common/auth/models/response/auth-request.response"; import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service"; -import { EncString } from "@bitwarden/common/key-management/crypto/models/enc-string"; import { FakeMasterPasswordService } from "@bitwarden/common/key-management/master-password/services/fake-master-password.service"; import { ListResponse } from "@bitwarden/common/models/response/list.response"; import { AuthRequestPushNotification } from "@bitwarden/common/models/response/notification.response"; @@ -228,7 +227,7 @@ describe("AuthRequestService", () => { // Assert expect(encryptService.decapsulateKeyUnsigned).toBeCalledWith( - new EncString(mockPubKeyEncryptedUserKey), + mockPubKeyEncryptedUserKey, mockPrivateKey, ); expect(result).toEqual(mockDecryptedUserKey); diff --git a/libs/common/src/auth/models/request/webauthn-rotate-credential.request.ts b/libs/common/src/auth/models/request/webauthn-rotate-credential.request.ts index fbf8b178067..fa73f0185ee 100644 --- a/libs/common/src/auth/models/request/webauthn-rotate-credential.request.ts +++ b/libs/common/src/auth/models/request/webauthn-rotate-credential.request.ts @@ -1,9 +1,6 @@ -// FIXME: Update this file to be type safe and remove this and next line -// @ts-strict-ignore import { UnsignedSharedKey } from "@bitwarden/sdk-internal"; import { EncString } from "../../../key-management/crypto/models/enc-string"; -import { RotateableKeySet } from "../../../key-management/keys/models/rotateable-key-set"; export class WebauthnRotateCredentialRequest { id: string; @@ -15,15 +12,4 @@ export class WebauthnRotateCredentialRequest { this.encryptedPublicKey = encryptedPublicKey; this.encryptedUserKey = encryptedUserKey; } - - static fromRotateableKeyset( - id: string, - keyset: RotateableKeySet, - ): WebauthnRotateCredentialRequest { - return new WebauthnRotateCredentialRequest( - id, - keyset.encryptedPublicKey, - keyset.encryptedPrivateKey, - ); - } } diff --git a/libs/common/src/auth/services/password-reset-enrollment.service.implementation.spec.ts b/libs/common/src/auth/services/password-reset-enrollment.service.implementation.spec.ts index 7e6e0d53f57..0e4416df2c6 100644 --- a/libs/common/src/auth/services/password-reset-enrollment.service.implementation.spec.ts +++ b/libs/common/src/auth/services/password-reset-enrollment.service.implementation.spec.ts @@ -93,7 +93,7 @@ describe("PasswordResetEnrollmentServiceImplementation", () => { publicKey: "publicKey", privateKey: "privateKey", }; - const encryptedKey = { encryptedString: "encryptedString" }; + const encryptedKey = "encryptedString"; organizationApiService.getKeys.mockResolvedValue(orgKeyResponse as any); const user1AccountInfo: AccountInfo = { @@ -114,7 +114,7 @@ describe("PasswordResetEnrollmentServiceImplementation", () => { "orgId", "userId", expect.objectContaining({ - resetPasswordKey: encryptedKey.encryptedString, + resetPasswordKey: encryptedKey, }), ); }); @@ -124,7 +124,7 @@ describe("PasswordResetEnrollmentServiceImplementation", () => { publicKey: "publicKey", privateKey: "privateKey", }; - const encryptedKey = { encryptedString: "encryptedString" }; + const encryptedKey = "encryptedString"; organizationApiService.getKeys.mockResolvedValue(orgKeyResponse as any); encryptService.encapsulateKeyUnsigned.mockResolvedValue(encryptedKey as any); @@ -136,7 +136,7 @@ describe("PasswordResetEnrollmentServiceImplementation", () => { "orgId", "userId", expect.objectContaining({ - resetPasswordKey: encryptedKey.encryptedString, + resetPasswordKey: encryptedKey, }), ); }); diff --git a/libs/common/src/key-management/crypto/models/enc-string.spec.ts b/libs/common/src/key-management/crypto/models/enc-string.spec.ts index 1be28d58963..53c65cdd06c 100644 --- a/libs/common/src/key-management/crypto/models/enc-string.spec.ts +++ b/libs/common/src/key-management/crypto/models/enc-string.spec.ts @@ -44,7 +44,6 @@ describe("EncString", () => { const encString = new EncString("3.data"); expect(encString).toEqual({ - data: "data", encryptedString: "3.data", encryptionType: 3, }); @@ -63,10 +62,6 @@ describe("EncString", () => { "aXY=|Y3Q=", // AesCbc256_B64 w/out header "0.QmFzZTY0UGFydA==|QmFzZTY0UGFydA==", // AesCbc256_B64 with header "2.QmFzZTY0UGFydA==|QmFzZTY0UGFydA==|QmFzZTY0UGFydA==", // AesCbc256_HmacSha256_B64 - "3.QmFzZTY0UGFydA==", // Rsa2048_OaepSha256_B64 - "4.QmFzZTY0UGFydA==", // Rsa2048_OaepSha1_B64 - "5.QmFzZTY0UGFydA==|QmFzZTY0UGFydA==", // Rsa2048_OaepSha256_HmacSha256_B64 - "6.QmFzZTY0UGFydA==|QmFzZTY0UGFydA==", // Rsa2048_OaepSha1_HmacSha256_B64 ]; it.each(cases)("can retrieve data bytes for %s", (encryptedString) => { diff --git a/libs/common/src/key-management/device-trust/services/device-trust.service.spec.ts b/libs/common/src/key-management/device-trust/services/device-trust.service.spec.ts index fb0496d4573..ff96d14581e 100644 --- a/libs/common/src/key-management/device-trust/services/device-trust.service.spec.ts +++ b/libs/common/src/key-management/device-trust/services/device-trust.service.spec.ts @@ -13,6 +13,7 @@ import { ListResponse } from "@bitwarden/common/models/response/list.response"; // This import has been flagged as unallowed for this class. It may be involved in a circular dependency loop. // eslint-disable-next-line no-restricted-imports import { KeyService } from "@bitwarden/key-management"; +import { UnsignedSharedKey } from "@bitwarden/sdk-internal"; import { FakeAccountService, mockAccountServiceWith } from "../../../../spec/fake-account-service"; import { FakeActiveUserState } from "../../../../spec/fake-state"; @@ -40,7 +41,6 @@ import { KeyGenerationService } from "../../crypto"; import { CryptoFunctionService } from "../../crypto/abstractions/crypto-function.service"; import { EncryptService } from "../../crypto/abstractions/encrypt.service"; import { EncString } from "../../crypto/models/enc-string"; -import { UnsignedSharedKey } from "@bitwarden/sdk-internal"; import { SHOULD_TRUST_DEVICE, @@ -493,11 +493,6 @@ describe("deviceTrustService", () => { spy: () => rsaGenerateKeyPairSpy, errorText: "rsaGenerateKeyPair error", }, - { - method: "rsaEncrypt", - spy: () => cryptoSvcRsaEncryptSpy, - errorText: "rsaEncrypt error", - }, { method: "encryptService.wrapEncapsulationKey", spy: () => encryptServiceWrapEncapsulationKeySpy, diff --git a/libs/key-management/src/key.service.spec.ts b/libs/key-management/src/key.service.spec.ts index af4146f38e0..58fc15d3135 100644 --- a/libs/key-management/src/key.service.spec.ts +++ b/libs/key-management/src/key.service.spec.ts @@ -519,13 +519,19 @@ describe("keyService", () => { function fakeOrgKeyDecryption(encryptedString: UnsignedSharedKey, userPrivateKey: Uint8Array) { const output = new Uint8Array(64); - const dataBytes = encryptedString.split(".")[1]; + // UnsignedSharedKey format is "4.base64data" - extract the base64 portion + const parts = encryptedString.split("."); + const dataBytes = parts.length > 1 ? parts[1] : encryptedString; const dataBytesArray = Uint8Array.from(atob(dataBytes), (c) => c.charCodeAt(0)); output.set(dataBytesArray); - output.set(userPrivateKey.subarray(0, 64 - dataBytes.length), dataBytes.length); + output.set(userPrivateKey.subarray(0, 64 - dataBytesArray.length), dataBytesArray.length); return output; } + // Base64-encoded test key data for UnsignedSharedKey format (4.base64data) + const org1KeyUnsigned = "4.b3JnMUtleQ==" as UnsignedSharedKey; // "org1Key" in base64 + const provider1KeyUnsigned = "4.cHJvdmlkZXIxS2V5" as UnsignedSharedKey; // "provider1Key" in base64 + const org1Id = "org1" as OrganizationId; type UpdateKeysParams = { @@ -595,7 +601,7 @@ describe("keyService", () => { userKey: makeSymmetricCryptoKey(64), encryptedPrivateKey: makeEncString("privateKey"), orgKeys: { - [org1Id]: { type: "organization", key: "org1Key" as UnsignedSharedKey }, + [org1Id]: { type: "organization", key: org1KeyUnsigned }, }, }); @@ -607,7 +613,7 @@ describe("keyService", () => { expect(Object.keys(decryptionKeys!.orgKeys!)).toHaveLength(1); expect(decryptionKeys!.orgKeys![org1Id]).not.toBeNull(); const orgKey = decryptionKeys!.orgKeys![org1Id]; - expect(orgKey.keyB64).toContain("org1Key"); + expect(orgKey.toEncoded()).toHaveLength(64); }); it("returns decryption keys when there is an empty record for provider keys", async () => { @@ -615,7 +621,7 @@ describe("keyService", () => { userKey: makeSymmetricCryptoKey(64), encryptedPrivateKey: makeEncString("privateKey"), orgKeys: { - [org1Id]: { type: "organization", key: "org1Key" as UnsignedSharedKey }, + [org1Id]: { type: "organization", key: org1KeyUnsigned }, }, providerKeys: {}, }); @@ -628,7 +634,7 @@ describe("keyService", () => { expect(Object.keys(decryptionKeys!.orgKeys!)).toHaveLength(1); expect(decryptionKeys!.orgKeys![org1Id]).not.toBeNull(); const orgKey = decryptionKeys!.orgKeys![org1Id]; - expect(orgKey.keyB64).toContain("org1Key"); + expect(orgKey.toEncoded()).toHaveLength(64); }); it("returns decryption keys when some of the org keys are providers", async () => { @@ -637,7 +643,7 @@ describe("keyService", () => { userKey: makeSymmetricCryptoKey(64), encryptedPrivateKey: makeEncString("privateKey"), orgKeys: { - [org1Id]: { type: "organization", key: "org1Key" as UnsignedSharedKey }, + [org1Id]: { type: "organization", key: org1KeyUnsigned }, [org2Id]: { type: "provider", key: makeEncString("provider1Key").encryptedString!, @@ -645,7 +651,7 @@ describe("keyService", () => { }, }, providerKeys: { - provider1: "provider1Key" as UnsignedSharedKey, + provider1: provider1KeyUnsigned, }, }); @@ -658,7 +664,7 @@ describe("keyService", () => { const orgKey = decryptionKeys!.orgKeys![org1Id]; expect(orgKey).not.toBeNull(); - expect(orgKey.keyB64).toContain("org1Key"); + expect(orgKey.toEncoded()).toHaveLength(64); const org2Key = decryptionKeys!.orgKeys![org2Id]; expect(org2Key).not.toBeNull(); @@ -700,7 +706,7 @@ describe("keyService", () => { // User has their org keys set updateKeys({ orgKeys: { - [org1Id]: { type: "organization", key: "org1Key" as UnsignedSharedKey }, + [org1Id]: { type: "organization", key: org1KeyUnsigned }, }, });