From cc89b6a5d54eb102c0821da6e99f10a08e28853e Mon Sep 17 00:00:00 2001 From: Andreas Coroiu Date: Thu, 18 Jan 2024 10:15:21 +0100 Subject: [PATCH] [PM-5731] feat: add rp mismatch test --- .../Services/Fido2AuthenticatorService.cs | 7 +++ .../Services/Fido2AuthenticatorTests.cs | 58 ++++++++++++++----- 2 files changed, 52 insertions(+), 13 deletions(-) diff --git a/src/Core/Services/Fido2AuthenticatorService.cs b/src/Core/Services/Fido2AuthenticatorService.cs index 38659b1bd..26a8024f1 100644 --- a/src/Core/Services/Fido2AuthenticatorService.cs +++ b/src/Core/Services/Fido2AuthenticatorService.cs @@ -5,6 +5,13 @@ namespace Bit.Core.Services { public class Fido2AuthenticatorService : IFido2AuthenticatorService { + private ICipherService _cipherService; + + public Fido2AuthenticatorService(ICipherService cipherService) + { + _cipherService = cipherService; + } + public Task GetAssertionAsync(Fido2AuthenticatorGetAssertionParams assertionParams) { throw new NotAllowedError(); diff --git a/test/Core.Test/Services/Fido2AuthenticatorTests.cs b/test/Core.Test/Services/Fido2AuthenticatorTests.cs index 993cd914f..76b144bf4 100644 --- a/test/Core.Test/Services/Fido2AuthenticatorTests.cs +++ b/test/Core.Test/Services/Fido2AuthenticatorTests.cs @@ -1,7 +1,10 @@ +using System; using System.Threading.Tasks; using Bit.Core.Abstractions; using Bit.Core.Exceptions; using Bit.Core.Services; +using Bit.Core.Models.Domain; +using Bit.Core.Models.View; using Bit.Core.Test.AutoFixture; using Bit.Core.Utilities.Fido2; using Bit.Test.Common.AutoFixture; @@ -9,29 +12,58 @@ using Bit.Test.Common.AutoFixture.Attributes; using NSubstitute; using NSubstitute.ExceptionExtensions; using Xunit; +using Bit.Core.Utilities; +using System.Collections.Generic; namespace Bit.Core.Test.Services { public class Fido2AuthenticatorTests { + #region missing non-discoverable credential + // Spec: If credentialOptions is now empty, return an error code equivalent to "NotAllowedError" and terminate the operation. - [Theory, SutAutoData] - public async Task GetAssertionAsync_Throws_NoCredentialExists(Fido2AuthenticatorService sut) + [Theory] + [InlineCustomAutoData(new[] { typeof(SutProviderCustomization) })] + public async Task GetAssertionAsync_Throws_NoCredentialExists(SutProvider sutProvider, Fido2AuthenticatorGetAssertionParams aParams) { - var assertionParams = CreateAssertionParams(); - var exception = await Assert.ThrowsAsync(() => sut.GetAssertionAsync(assertionParams)); + var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.GetAssertionAsync(aParams)); } - private Fido2AuthenticatorGetAssertionParams CreateAssertionParams() + [Theory] + [InlineCustomAutoData(new[] { typeof(SutProviderCustomization) })] + public async Task GetAssertionAsync_Throws_CredentialExistsButRpIdDoesNotMatch(SutProvider sutProvider, Fido2AuthenticatorGetAssertionParams aParams) { - return new Fido2AuthenticatorGetAssertionParams - { - RpId = "bitwarden.com", - Hash = new byte[32], - AllowCredentialDescriptorList = new PublicKeyCredentialDescriptor[0], - RequireUserVerification = true, - Extensions = new object() - }; + var credentialId = RandomBytes(32); + aParams.RpId = "bitwarden.com"; + aParams.AllowCredentialDescriptorList = [ + new PublicKeyCredentialDescriptor { + Id = credentialId, + Type = "public-key" + } + ]; + sutProvider.GetDependency().GetAllDecryptedAsync().Returns(new List { + new CipherView { + Login = new LoginView { + Fido2Credentials = new List { + new Fido2CredentialView { + CredentialId = CoreHelpers.Base64UrlEncode(credentialId), + RpId = "mismatch-rpid" + } + } + } + } + }); + + var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.GetAssertionAsync(aParams)); + } + + #endregion + + private byte[] RandomBytes(int length) + { + var bytes = new byte[length]; + new Random().NextBytes(bytes); + return bytes; } } }