[PM-22696] send enumeration protection (#6352)

* feat: add static enumeration helper class * test: add enumeration helper class unit tests * feat: implement NeverAuthenticateValidator * test: unit and integration tests SendNeverAuthenticateValidator * test: use static class for common integration test setup for Send Access unit and integration tests * test: update tests to use static helper
2025-12-17 08:43:27 +00:00 · 2025-09-23 06:38:22 -04:00
parent c6f5d5e36e
commit 3b54fea309
19 changed files with 989 additions and 290 deletions
--- a/test/Identity.IntegrationTest/RequestValidation/SendAccess/SendAccessTestUtilities.cs
+++ b/test/Identity.IntegrationTest/RequestValidation/SendAccess/SendAccessTestUtilities.cs
@@ -0,0 +1,45 @@
+using Bit.Core.Auth.IdentityServer;
+using Bit.Core.Enums;
+using Bit.Core.Utilities;
+using Bit.Identity.IdentityServer.Enums;
+using Bit.Identity.IdentityServer.RequestValidators.SendAccess;
+using Duende.IdentityModel;
+
+namespace Bit.Identity.IntegrationTest.RequestValidation.SendAccess;
+
+public static class SendAccessTestUtilities
+{
+    public static FormUrlEncodedContent CreateTokenRequestBody(
+        Guid sendId,
+        string email = null,
+        string emailOtp = null,
+        string password = null)
+    {
+        var sendIdBase64 = CoreHelpers.Base64UrlEncode(sendId.ToByteArray());
+        var parameters = new List<KeyValuePair<string, string>>
+        {
+            new(OidcConstants.TokenRequest.GrantType, CustomGrantTypes.SendAccess),
+            new(OidcConstants.TokenRequest.ClientId, BitwardenClient.Send),
+            new(SendAccessConstants.TokenRequest.SendId, sendIdBase64),
+            new(OidcConstants.TokenRequest.Scope, ApiScopes.ApiSendAccess),
+            new("device_type", "10")
+        };
+
+        if (!string.IsNullOrEmpty(email))
+        {
+            parameters.Add(new KeyValuePair<string, string>(SendAccessConstants.TokenRequest.Email, email));
+        }
+
+        if (!string.IsNullOrEmpty(emailOtp))
+        {
+            parameters.Add(new KeyValuePair<string, string>(SendAccessConstants.TokenRequest.Otp, emailOtp));
+        }
+
+        if (!string.IsNullOrEmpty(password))
+        {
+            parameters.Add(new KeyValuePair<string, string>(SendAccessConstants.TokenRequest.ClientB64HashedPassword, password));
+        }
+
+        return new FormUrlEncodedContent(parameters);
+    }
+}