[PM-22696] send enumeration protection (#6352)

* feat: add static enumeration helper class * test: add enumeration helper class unit tests * feat: implement NeverAuthenticateValidator * test: unit and integration tests SendNeverAuthenticateValidator * test: use static class for common integration test setup for Send Access unit and integration tests * test: update tests to use static helper
2025-12-23 19:53:40 +00:00 · 2025-09-23 06:38:22 -04:00
parent c6f5d5e36e
commit 3b54fea309
19 changed files with 989 additions and 290 deletions
--- a/test/Identity.Test/IdentityServer/SendAccess/SendEmailOtpRequestValidatorTests.cs
+++ b/test/Identity.Test/IdentityServer/SendAccess/SendEmailOtpRequestValidatorTests.cs
@@ -1,12 +1,7 @@
-using System.Collections.Specialized;
-using Bit.Core.Auth.Identity;
+using Bit.Core.Auth.Identity;
 using Bit.Core.Auth.Identity.TokenProviders;
-using Bit.Core.Auth.IdentityServer;
-using Bit.Core.Enums;
 using Bit.Core.Services;
 using Bit.Core.Tools.Models.Data;
-using Bit.Core.Utilities;
-using Bit.Identity.IdentityServer.Enums;
 using Bit.Identity.IdentityServer.RequestValidators.SendAccess;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
@@ -28,7 +23,7 @@ public class SendEmailOtpRequestValidatorTests
        Guid sendId)
    {
        // Arrange
-        tokenRequest.Raw = CreateValidatedTokenRequest(sendId);
+        tokenRequest.Raw = SendAccessTestUtilities.CreateValidatedTokenRequest(sendId);
        var context = new ExtensionGrantValidationContext
        {
            Request = tokenRequest
@@ -61,8 +56,7 @@ public class SendEmailOtpRequestValidatorTests
        Guid sendId)
    {
        // Arrange
-        tokenRequest.Raw = CreateValidatedTokenRequest(sendId, email);
-        var emailOTP = new EmailOtp(["user@test.dev"]);
+        tokenRequest.Raw = SendAccessTestUtilities.CreateValidatedTokenRequest(sendId, email);
        var context = new ExtensionGrantValidationContext
        {
            Request = tokenRequest
@@ -96,7 +90,7 @@ public class SendEmailOtpRequestValidatorTests
        string generatedToken)
    {
        // Arrange
-        tokenRequest.Raw = CreateValidatedTokenRequest(sendId, email);
+        tokenRequest.Raw = SendAccessTestUtilities.CreateValidatedTokenRequest(sendId, email);
        var context = new ExtensionGrantValidationContext
        {
            Request = tokenRequest
@@ -144,7 +138,7 @@ public class SendEmailOtpRequestValidatorTests
        string email)
    {
        // Arrange
-        tokenRequest.Raw = CreateValidatedTokenRequest(sendId, email);
+        tokenRequest.Raw = SendAccessTestUtilities.CreateValidatedTokenRequest(sendId, email);
        var context = new ExtensionGrantValidationContext
        {
            Request = tokenRequest
@@ -179,7 +173,7 @@ public class SendEmailOtpRequestValidatorTests
        string otp)
    {
        // Arrange
-        tokenRequest.Raw = CreateValidatedTokenRequest(sendId, email, otp);
+        tokenRequest.Raw = SendAccessTestUtilities.CreateValidatedTokenRequest(sendId, email, otp);
        var context = new ExtensionGrantValidationContext
        {
            Request = tokenRequest
@@ -231,7 +225,7 @@ public class SendEmailOtpRequestValidatorTests
        string invalidOtp)
    {
        // Arrange
-        tokenRequest.Raw = CreateValidatedTokenRequest(sendId, email, invalidOtp);
+        tokenRequest.Raw = SendAccessTestUtilities.CreateValidatedTokenRequest(sendId, email, invalidOtp);
        var context = new ExtensionGrantValidationContext
        {
            Request = tokenRequest
@@ -278,33 +272,4 @@ public class SendEmailOtpRequestValidatorTests
        // Assert
        Assert.NotNull(validator);
    }
-
-    private static NameValueCollection CreateValidatedTokenRequest(
-        Guid sendId,
-        string sendEmail = null,
-        string otpCode = null)
-    {
-        var sendIdBase64 = CoreHelpers.Base64UrlEncode(sendId.ToByteArray());
-
-        var rawRequestParameters = new NameValueCollection
-        {
-            { OidcConstants.TokenRequest.GrantType, CustomGrantTypes.SendAccess },
-            { OidcConstants.TokenRequest.ClientId, BitwardenClient.Send },
-            { OidcConstants.TokenRequest.Scope, ApiScopes.ApiSendAccess },
-            { "device_type", ((int)DeviceType.FirefoxBrowser).ToString() },
-            { SendAccessConstants.TokenRequest.SendId, sendIdBase64 }
-        };
-
-        if (sendEmail != null)
-        {
-            rawRequestParameters.Add(SendAccessConstants.TokenRequest.Email, sendEmail);
-        }
-
-        if (otpCode != null && sendEmail != null)
-        {
-            rawRequestParameters.Add(SendAccessConstants.TokenRequest.Otp, otpCode);
-        }
-
-        return rawRequestParameters;
-    }
 }