feat(auth-request) [PM-24211]: Add tests for AuthRequest.IsValidForAuthentication.

2025-12-06 00:03:34 +00:00 · 2025-12-04 12:10:04 -05:00
parent d32f5cf7c8
commit 1f85df17b7
1 changed files with 224 additions and 0 deletions
--- a/test/Core.Test/Auth/Entities/AuthRequestTests.cs
+++ b/test/Core.Test/Auth/Entities/AuthRequestTests.cs
@@ -0,0 +1,224 @@
+using Bit.Core.Auth.Entities;
+using Bit.Core.Auth.Enums;
+using Xunit;
+
+namespace Bit.Core.Test.Auth.Entities;
+
+public class AuthRequestTests
+{
+    [Fact]
+    public void IsValidForAuthentication_WithValidRequest_ReturnsTrue()
+    {
+        // Arrange
+        var userId = Guid.NewGuid();
+        var accessCode = "test-access-code";
+        var authRequest = new AuthRequest
+        {
+            UserId = userId,
+            Type = AuthRequestType.AuthenticateAndUnlock,
+            ResponseDate = DateTime.UtcNow,
+            Approved = true,
+            CreationDate = DateTime.UtcNow,
+            AuthenticationDate = null,
+            AccessCode = accessCode
+        };
+
+        // Act
+        var result = authRequest.IsValidForAuthentication(userId, accessCode);
+
+        // Assert
+        Assert.True(result);
+    }
+
+    [Fact]
+    public void IsValidForAuthentication_WithWrongUserId_ReturnsFalse()
+    {
+        // Arrange
+        var userId = Guid.NewGuid();
+        var differentUserId = Guid.NewGuid();
+        var accessCode = "test-access-code";
+        var authRequest = new AuthRequest
+        {
+            UserId = userId,
+            Type = AuthRequestType.AuthenticateAndUnlock,
+            ResponseDate = DateTime.UtcNow,
+            Approved = true,
+            CreationDate = DateTime.UtcNow,
+            AuthenticationDate = null,
+            AccessCode = accessCode
+        };
+
+        // Act
+        var result = authRequest.IsValidForAuthentication(differentUserId, accessCode);
+
+        // Assert
+        Assert.False(result, "Auth request should not validate for a different user");
+    }
+
+    [Fact]
+    public void IsValidForAuthentication_WithWrongAccessCode_ReturnsFalse()
+    {
+        // Arrange
+        var userId = Guid.NewGuid();
+        var authRequest = new AuthRequest
+        {
+            UserId = userId,
+            Type = AuthRequestType.AuthenticateAndUnlock,
+            ResponseDate = DateTime.UtcNow,
+            Approved = true,
+            CreationDate = DateTime.UtcNow,
+            AuthenticationDate = null,
+            AccessCode = "correct-code"
+        };
+
+        // Act
+        var result = authRequest.IsValidForAuthentication(userId, "wrong-code");
+
+        // Assert
+        Assert.False(result);
+    }
+
+    [Fact]
+    public void IsValidForAuthentication_WithoutResponseDate_ReturnsFalse()
+    {
+        // Arrange
+        var userId = Guid.NewGuid();
+        var accessCode = "test-access-code";
+        var authRequest = new AuthRequest
+        {
+            UserId = userId,
+            Type = AuthRequestType.AuthenticateAndUnlock,
+            ResponseDate = null, // Not responded to
+            Approved = true,
+            CreationDate = DateTime.UtcNow,
+            AuthenticationDate = null,
+            AccessCode = accessCode
+        };
+
+        // Act
+        var result = authRequest.IsValidForAuthentication(userId, accessCode);
+
+        // Assert
+        Assert.False(result, "Unanswered auth requests should not be valid");
+    }
+
+    [Fact]
+    public void IsValidForAuthentication_WithApprovedFalse_ReturnsFalse()
+    {
+        // Arrange
+        var userId = Guid.NewGuid();
+        var accessCode = "test-access-code";
+        var authRequest = new AuthRequest
+        {
+            UserId = userId,
+            Type = AuthRequestType.AuthenticateAndUnlock,
+            ResponseDate = DateTime.UtcNow,
+            Approved = false, // Denied
+            CreationDate = DateTime.UtcNow,
+            AuthenticationDate = null,
+            AccessCode = accessCode
+        };
+
+        // Act
+        var result = authRequest.IsValidForAuthentication(userId, accessCode);
+
+        // Assert
+        Assert.False(result, "Denied auth requests should not be valid");
+    }
+
+    [Fact]
+    public void IsValidForAuthentication_WithApprovedNull_ReturnsFalse()
+    {
+        // Arrange
+        var userId = Guid.NewGuid();
+        var accessCode = "test-access-code";
+        var authRequest = new AuthRequest
+        {
+            UserId = userId,
+            Type = AuthRequestType.AuthenticateAndUnlock,
+            ResponseDate = DateTime.UtcNow,
+            Approved = null, // Pending
+            CreationDate = DateTime.UtcNow,
+            AuthenticationDate = null,
+            AccessCode = accessCode
+        };
+
+        // Act
+        var result = authRequest.IsValidForAuthentication(userId, accessCode);
+
+        // Assert
+        Assert.False(result, "Pending auth requests should not be valid");
+    }
+
+    [Fact]
+    public void IsValidForAuthentication_WithExpiredRequest_ReturnsFalse()
+    {
+        // Arrange
+        var userId = Guid.NewGuid();
+        var accessCode = "test-access-code";
+        var authRequest = new AuthRequest
+        {
+            UserId = userId,
+            Type = AuthRequestType.AuthenticateAndUnlock,
+            ResponseDate = DateTime.UtcNow,
+            Approved = true,
+            CreationDate = DateTime.UtcNow.AddMinutes(-20), // Expired (15 min timeout)
+            AuthenticationDate = null,
+            AccessCode = accessCode
+        };
+
+        // Act
+        var result = authRequest.IsValidForAuthentication(userId, accessCode);
+
+        // Assert
+        Assert.False(result, "Expired auth requests should not be valid");
+    }
+
+    [Fact]
+    public void IsValidForAuthentication_WithWrongType_ReturnsFalse()
+    {
+        // Arrange
+        var userId = Guid.NewGuid();
+        var accessCode = "test-access-code";
+        var authRequest = new AuthRequest
+        {
+            UserId = userId,
+            Type = AuthRequestType.Unlock, // Wrong type
+            ResponseDate = DateTime.UtcNow,
+            Approved = true,
+            CreationDate = DateTime.UtcNow,
+            AuthenticationDate = null,
+            AccessCode = accessCode
+        };
+
+        // Act
+        var result = authRequest.IsValidForAuthentication(userId, accessCode);
+
+        // Assert
+        Assert.False(result, "Only AuthenticateAndUnlock type should be valid");
+    }
+
+    [Fact]
+    public void IsValidForAuthentication_WithAlreadyUsed_ReturnsFalse()
+    {
+        // Arrange
+        var userId = Guid.NewGuid();
+        var accessCode = "test-access-code";
+        var authRequest = new AuthRequest
+        {
+            UserId = userId,
+            Type = AuthRequestType.AuthenticateAndUnlock,
+            ResponseDate = DateTime.UtcNow,
+            Approved = true,
+            CreationDate = DateTime.UtcNow,
+            AuthenticationDate = DateTime.UtcNow, // Already used
+            AccessCode = accessCode
+        };
+
+        // Act
+        var result = authRequest.IsValidForAuthentication(userId, accessCode);
+
+        // Assert
+        Assert.False(result, "Auth requests should only be valid for one-time use");
+    }
+}