[PM-14419] At-risk passwords change password service (#13279)

* [PM-14419] Introduce the change-login-password service and its default implementation * [PM-14419] Use the change login password service on the at-risk passwords page * [PM-14419] Add unit tests * [PM-14419] Use existing fixed test environment * [PM-14419] Add mock implementation for ChangeLoginPasswordService in at-risk passwords tests * [PM-14419] Linter
2025-12-18 17:23:37 +00:00 · 2025-02-13 10:58:44 -08:00
parent a0c38543ac
commit c67e6df839
7 changed files with 319 additions and 15 deletions
--- a/libs/vault/src/services/default-change-login-password.service.spec.ts
+++ b/libs/vault/src/services/default-change-login-password.service.spec.ts
@@ -0,0 +1,157 @@
+/**
+ * Jest needs to run in custom environment to mock Request/Response objects
+ * @jest-environment ../../libs/shared/test.environment.ts
+ */
+
+import { mock } from "jest-mock-extended";
+
+import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { CipherType } from "@bitwarden/common/vault/enums";
+import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
+import { LoginUriView } from "@bitwarden/common/vault/models/view/login-uri.view";
+import { LoginView } from "@bitwarden/common/vault/models/view/login.view";
+
+import { DefaultChangeLoginPasswordService } from "./default-change-login-password.service";
+
+describe("DefaultChangeLoginPasswordService", () => {
+  let service: DefaultChangeLoginPasswordService;
+
+  let mockShouldNotExistResponse: Response;
+  let mockWellKnownResponse: Response;
+
+  const mockApiService = mock<ApiService>();
+
+  beforeEach(() => {
+    mockApiService.nativeFetch.mockClear();
+
+    // Default responses to success state
+    mockShouldNotExistResponse = new Response("Not Found", { status: 404 });
+    mockWellKnownResponse = new Response("OK", { status: 200 });
+
+    mockApiService.nativeFetch.mockImplementation((request) => {
+      if (
+        request.url.endsWith("resource-that-should-not-exist-whose-status-code-should-not-be-200")
+      ) {
+        return Promise.resolve(mockShouldNotExistResponse);
+      }
+
+      if (request.url.endsWith(".well-known/change-password")) {
+        return Promise.resolve(mockWellKnownResponse);
+      }
+
+      throw new Error("Unexpected request");
+    });
+    service = new DefaultChangeLoginPasswordService(mockApiService);
+  });
+
+  it("should return null for non-login ciphers", async () => {
+    const cipher = {
+      type: CipherType.Card,
+    } as CipherView;
+
+    const url = await service.getChangePasswordUrl(cipher);
+
+    expect(url).toBeNull();
+  });
+
+  it("should return null for logins with no URIs", async () => {
+    const cipher = {
+      type: CipherType.Login,
+      login: Object.assign(new LoginView(), { uris: [] as LoginUriView[] }),
+    } as CipherView;
+
+    const url = await service.getChangePasswordUrl(cipher);
+
+    expect(url).toBeNull();
+  });
+
+  it("should return null for logins with no valid HTTP/HTTPS URIs", async () => {
+    const cipher = {
+      type: CipherType.Login,
+      login: Object.assign(new LoginView(), {
+        uris: [{ uri: "ftp://example.com" }],
+      }),
+    } as CipherView;
+
+    const url = await service.getChangePasswordUrl(cipher);
+
+    expect(url).toBeNull();
+  });
+
+  it("should check the origin for a reliable status code", async () => {
+    const cipher = {
+      type: CipherType.Login,
+      login: Object.assign(new LoginView(), {
+        uris: [{ uri: "https://example.com" }],
+      }),
+    } as CipherView;
+
+    await service.getChangePasswordUrl(cipher);
+
+    expect(mockApiService.nativeFetch).toHaveBeenCalledWith(
+      expect.objectContaining({
+        url: "https://example.com/.well-known/resource-that-should-not-exist-whose-status-code-should-not-be-200",
+      }),
+    );
+  });
+
+  it("should attempt to fetch the well-known change password URL", async () => {
+    const cipher = {
+      type: CipherType.Login,
+      login: Object.assign(new LoginView(), {
+        uris: [{ uri: "https://example.com" }],
+      }),
+    } as CipherView;
+
+    await service.getChangePasswordUrl(cipher);
+
+    expect(mockApiService.nativeFetch).toHaveBeenCalledWith(
+      expect.objectContaining({
+        url: "https://example.com/.well-known/change-password",
+      }),
+    );
+  });
+
+  it("should return the well-known change password URL when successful at verifying the response", async () => {
+    const cipher = {
+      type: CipherType.Login,
+      login: Object.assign(new LoginView(), {
+        uris: [{ uri: "https://example.com" }],
+      }),
+    } as CipherView;
+
+    const url = await service.getChangePasswordUrl(cipher);
+
+    expect(url).toBe("https://example.com/.well-known/change-password");
+  });
+
+  it("should return the original URI when unable to verify the response", async () => {
+    mockShouldNotExistResponse = new Response("Ok", { status: 200 });
+
+    const cipher = {
+      type: CipherType.Login,
+      login: Object.assign(new LoginView(), {
+        uris: [{ uri: "https://example.com" }],
+      }),
+    } as CipherView;
+
+    const url = await service.getChangePasswordUrl(cipher);
+
+    expect(url).toBe("https://example.com");
+  });
+
+  it("should return the original URI when the well-known URL is not found", async () => {
+    mockWellKnownResponse = new Response("Not Found", { status: 404 });
+
+    const cipher = {
+      type: CipherType.Login,
+      login: Object.assign(new LoginView(), {
+        uris: [{ uri: "https://example.com" }],
+      }),
+    } as CipherView;
+
+    const url = await service.getChangePasswordUrl(cipher);
+
+    expect(url).toBe("https://example.com");
+  });
+});