bitwarden/mobile
1
0
Fork 0
mirror of https://github.com/bitwarden/mobile synced 2025-12-05 23:53:33 +00:00
Code Issues Releases Wiki Activity

[PM-5731] feat: add rp mismatch test

Browse Source
This commit is contained in:
Andreas Coroiu
2024-01-18 10:15:21 +01:00
parent 32c2f2aac4
commit cc89b6a5d5
2 changed files with 52 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/Core/Services/Fido2AuthenticatorService.cs
View File

@@ -5,6 +5,13 @@ namespace Bit.Core.Services
{
public class Fido2AuthenticatorService : IFido2AuthenticatorService
{
private ICipherService _cipherService;
public Fido2AuthenticatorService(ICipherService cipherService)
{
_cipherService = cipherService;
}
public Task<Fido2AuthenticatorGetAssertionResult> GetAssertionAsync(Fido2AuthenticatorGetAssertionParams assertionParams)
{
throw new NotAllowedError();

58
test/Core.Test/Services/Fido2AuthenticatorTests.cs
View File

@@ -1,7 +1,10 @@
using System;
using System.Threading.Tasks;
using Bit.Core.Abstractions;
using Bit.Core.Exceptions;
using Bit.Core.Services;
using Bit.Core.Models.Domain;
using Bit.Core.Models.View;
using Bit.Core.Test.AutoFixture;
using Bit.Core.Utilities.Fido2;
using Bit.Test.Common.AutoFixture;
@@ -9,29 +12,58 @@ using Bit.Test.Common.AutoFixture.Attributes;
using NSubstitute;
using NSubstitute.ExceptionExtensions;
using Xunit;
using Bit.Core.Utilities;
using System.Collections.Generic;
namespace Bit.Core.Test.Services
{
public class Fido2AuthenticatorTests
{
#region missing non-discoverable credential
// Spec: If credentialOptions is now empty, return an error code equivalent to "NotAllowedError" and terminate the operation.
[Theory, SutAutoData]
public async Task GetAssertionAsync_Throws_NoCredentialExists(Fido2AuthenticatorService sut)
[Theory]
[InlineCustomAutoData(new[] { typeof(SutProviderCustomization) })]
public async Task GetAssertionAsync_Throws_NoCredentialExists(SutProvider<Fido2AuthenticatorService> sutProvider, Fido2AuthenticatorGetAssertionParams aParams)
{
var assertionParams = CreateAssertionParams();
var exception = await Assert.ThrowsAsync<NotAllowedError>(() => sut.GetAssertionAsync(assertionParams));
var exception = await Assert.ThrowsAsync<NotAllowedError>(() => sutProvider.Sut.GetAssertionAsync(aParams));
}
private Fido2AuthenticatorGetAssertionParams CreateAssertionParams()
[Theory]
[InlineCustomAutoData(new[] { typeof(SutProviderCustomization) })]
public async Task GetAssertionAsync_Throws_CredentialExistsButRpIdDoesNotMatch(SutProvider<Fido2AuthenticatorService> sutProvider, Fido2AuthenticatorGetAssertionParams aParams)
{
return new Fido2AuthenticatorGetAssertionParams
{
RpId = "bitwarden.com",
Hash = new byte[32],
AllowCredentialDescriptorList = new PublicKeyCredentialDescriptor[0],
RequireUserVerification = true,
Extensions = new object()
};
var credentialId = RandomBytes(32);
aParams.RpId = "bitwarden.com";
aParams.AllowCredentialDescriptorList = [
new PublicKeyCredentialDescriptor {
Id = credentialId,
Type = "public-key"
}
];
sutProvider.GetDependency<ICipherService>().GetAllDecryptedAsync().Returns(new List<CipherView> {
new CipherView {
Login = new LoginView {
Fido2Credentials = new List<Fido2CredentialView> {
new Fido2CredentialView {
CredentialId = CoreHelpers.Base64UrlEncode(credentialId),
RpId = "mismatch-rpid"
}
}
}
}
});
var exception = await Assert.ThrowsAsync<NotAllowedError>(() => sutProvider.Sut.GetAssertionAsync(aParams));
}
#endregion
private byte[] RandomBytes(int length)
{
var bytes = new byte[length];
new Random().NextBytes(bytes);
return bytes;
}
}
}