bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2025-12-21 10:43:44 +00:00
Code Issues Releases Wiki Activity

[PM-29161] Remove ReturnErrorOnExistingKeypair feature flag (#6726)

Browse Source 
* Remove feature flag

* Add unit test coverage
This commit is contained in:
Thomas Avery
2025-12-15 13:52:34 -06:00
committed by GitHub
parent 7cfdb4ddfc
commit 3c44430979
3 changed files with 35 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/Api/Auth/Controllers/AccountsController.cs
View File

@@ -436,12 +436,9 @@ public class AccountsController : Controller
throw new UnauthorizedAccessException(); throw new UnauthorizedAccessException();
} }
if (_featureService.IsEnabled(FeatureFlagKeys.ReturnErrorOnExistingKeypair)) if (!string.IsNullOrWhiteSpace(user.PrivateKey) || !string.IsNullOrWhiteSpace(user.PublicKey))
{ {
if (!string.IsNullOrWhiteSpace(user.PrivateKey) || !string.IsNullOrWhiteSpace(user.PublicKey)) throw new BadRequestException("User has existing keypair");
{
throw new BadRequestException("User has existing keypair");
}
} }
if (model.AccountKeys != null) if (model.AccountKeys != null)

1
src/Core/Constants.cs
View File

@@ -198,7 +198,6 @@ public static class FeatureFlagKeys
public const string PM28265_ReconcileAdditionalStorageJobEnableLiveMode = "pm-28265-reconcile-additional-storage-job-enable-live-mode"; public const string PM28265_ReconcileAdditionalStorageJobEnableLiveMode = "pm-28265-reconcile-additional-storage-job-enable-live-mode";
/* Key Management Team */ /* Key Management Team */
public const string ReturnErrorOnExistingKeypair = "return-error-on-existing-keypair";
public const string PrivateKeyRegeneration = "pm-12241-private-key-regeneration"; public const string PrivateKeyRegeneration = "pm-12241-private-key-regeneration";
public const string Argon2Default = "argon2-default"; public const string Argon2Default = "argon2-default";
public const string SSHKeyItemVaultItem = "ssh-key-vault-item"; public const string SSHKeyItemVaultItem = "ssh-key-vault-item";

37
test/Api.Test/Auth/Controllers/AccountsControllerTests.cs
View File

@@ -692,6 +692,37 @@ public class AccountsControllerTests : IDisposable
await _sut.PostKdf(model); await _sut.PostKdf(model);
} }
[Theory]
[BitAutoData]
public async Task PostKeys_NoUser_Errors(KeysRequestModel model)
{
_userService.GetUserByPrincipalAsync(Arg.Any<ClaimsPrincipal>()).Returns(Task.FromResult<User>(null));
await Assert.ThrowsAsync<UnauthorizedAccessException>(() => _sut.PostKeys(model));
}
[Theory]
[BitAutoData("existing", "existing")]
[BitAutoData((string)null, "existing")]
[BitAutoData("", "existing")]
[BitAutoData(" ", "existing")]
[BitAutoData("existing", null)]
[BitAutoData("existing", "")]
[BitAutoData("existing", " ")]
public async Task PostKeys_UserAlreadyHasKeys_Errors(string? existingPrivateKey, string? existingPublicKey,
KeysRequestModel model)
{
var user = GenerateExampleUser();
user.PrivateKey = existingPrivateKey;
user.PublicKey = existingPublicKey;
_userService.GetUserByPrincipalAsync(Arg.Any<ClaimsPrincipal>()).Returns(Task.FromResult(user));
var exception = await Assert.ThrowsAsync<BadRequestException>(() => _sut.PostKeys(model));
Assert.NotNull(exception.Message);
Assert.Contains("User has existing keypair", exception.Message);
}
// Below are helper functions that currently belong to this // Below are helper functions that currently belong to this
// test class, but ultimately may need to be split out into // test class, but ultimately may need to be split out into
// something greater in order to share common test steps with // something greater in order to share common test steps with
@@ -749,8 +780,8 @@ public class AccountsControllerTests : IDisposable
KeysRequestModel model) KeysRequestModel model)
{ {
// Arrange // Arrange
user.PublicKey = "public-key"; user.PublicKey = null;
user.PrivateKey = "encrypted-private-key"; user.PrivateKey = null;
model.AccountKeys = new AccountKeysRequestModel model.AccountKeys = new AccountKeysRequestModel
{ {
UserKeyEncryptedAccountPrivateKey = "wrapped-private-key", UserKeyEncryptedAccountPrivateKey = "wrapped-private-key",
@@ -775,7 +806,6 @@ public class AccountsControllerTests : IDisposable
}; };
_userService.GetUserByPrincipalAsync(Arg.Any<ClaimsPrincipal>()).Returns(user); _userService.GetUserByPrincipalAsync(Arg.Any<ClaimsPrincipal>()).Returns(user);
_featureService.IsEnabled(Bit.Core.FeatureFlagKeys.ReturnErrorOnExistingKeypair).Returns(false);
// Act // Act
var result = await _sut.PostKeys(model); var result = await _sut.PostKeys(model);
@@ -802,7 +832,6 @@ public class AccountsControllerTests : IDisposable
model.EncryptedPrivateKey = "encrypted-private-key"; model.EncryptedPrivateKey = "encrypted-private-key";
_userService.GetUserByPrincipalAsync(Arg.Any<ClaimsPrincipal>()).Returns(user); _userService.GetUserByPrincipalAsync(Arg.Any<ClaimsPrincipal>()).Returns(user);
_featureService.IsEnabled(Bit.Core.FeatureFlagKeys.ReturnErrorOnExistingKeypair).Returns(false);
// Act // Act
var result = await _sut.PostKeys(model); var result = await _sut.PostKeys(model);