mirror of
https://github.com/bitwarden/server
synced 2025-12-30 15:14:02 +00:00
[PM-27279] Implement TDE Registration with V2 Keys (#6671)
* Implement TDE v2 signup * Clean up fallback logic for account keys * Fix broken v2 logic * Add comment * Update comment
This commit is contained in:
Bernd Schoolmann
GitHub
@@ -139,6 +139,7 @@ public class AccountsControllerTests : IClassFixture<IdentityApplicationFactory>
|
||||
[StringLength(1000), Required] string masterPasswordHash, [StringLength(50)] string masterPasswordHint, [Required] string userSymmetricKey,
|
||||
[Required] KeysRequestModel userAsymmetricKeys, int kdfMemory, int kdfParallelism)
|
||||
{
|
||||
userAsymmetricKeys.AccountKeys = null;
|
||||
// Localize substitutions to this test.
|
||||
var localFactory = new IdentityApplicationFactory();
|
||||
|
||||
@@ -202,6 +203,7 @@ public class AccountsControllerTests : IClassFixture<IdentityApplicationFactory>
|
||||
[StringLength(1000), Required] string masterPasswordHash, [StringLength(50)] string masterPasswordHint, [Required] string userSymmetricKey,
|
||||
[Required] KeysRequestModel userAsymmetricKeys, int kdfMemory, int kdfParallelism)
|
||||
{
|
||||
userAsymmetricKeys.AccountKeys = null;
|
||||
// Localize substitutions to this test.
|
||||
var localFactory = new IdentityApplicationFactory();
|
||||
localFactory.UpdateConfiguration("globalSettings:disableUserRegistration", "true");
|
||||
@@ -233,6 +235,7 @@ public class AccountsControllerTests : IClassFixture<IdentityApplicationFactory>
|
||||
[StringLength(1000)] string masterPasswordHash, [StringLength(50)] string masterPasswordHint, string userSymmetricKey,
|
||||
KeysRequestModel userAsymmetricKeys, int kdfMemory, int kdfParallelism)
|
||||
{
|
||||
userAsymmetricKeys.AccountKeys = null;
|
||||
|
||||
// Localize factory to just this test.
|
||||
var localFactory = new IdentityApplicationFactory();
|
||||
@@ -310,6 +313,7 @@ public class AccountsControllerTests : IClassFixture<IdentityApplicationFactory>
|
||||
[StringLength(1000)] string masterPasswordHash, [StringLength(50)] string masterPasswordHint, string userSymmetricKey,
|
||||
KeysRequestModel userAsymmetricKeys, int kdfMemory, int kdfParallelism, Guid orgSponsorshipId)
|
||||
{
|
||||
userAsymmetricKeys.AccountKeys = null;
|
||||
|
||||
// Localize factory to just this test.
|
||||
var localFactory = new IdentityApplicationFactory();
|
||||
@@ -386,6 +390,7 @@ public class AccountsControllerTests : IClassFixture<IdentityApplicationFactory>
|
||||
[StringLength(1000)] string masterPasswordHash, [StringLength(50)] string masterPasswordHint, string userSymmetricKey,
|
||||
KeysRequestModel userAsymmetricKeys, int kdfMemory, int kdfParallelism, EmergencyAccess emergencyAccess)
|
||||
{
|
||||
userAsymmetricKeys.AccountKeys = null;
|
||||
|
||||
// Localize factory to just this test.
|
||||
var localFactory = new IdentityApplicationFactory();
|
||||
@@ -455,6 +460,7 @@ public class AccountsControllerTests : IClassFixture<IdentityApplicationFactory>
|
||||
[StringLength(1000)] string masterPasswordHash, [StringLength(50)] string masterPasswordHint, string userSymmetricKey,
|
||||
KeysRequestModel userAsymmetricKeys, int kdfMemory, int kdfParallelism)
|
||||
{
|
||||
userAsymmetricKeys.AccountKeys = null;
|
||||
|
||||
// Localize factory to just this test.
|
||||
var localFactory = new IdentityApplicationFactory();
|
||||
|
||||
@@ -21,6 +21,13 @@ namespace Bit.Identity.IntegrationTest.Endpoints;
|
||||
[SutProviderCustomize]
|
||||
public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
|
||||
{
|
||||
private static readonly KeysRequestModel TEST_ACCOUNT_KEYS = new KeysRequestModel
|
||||
{
|
||||
AccountKeys = null,
|
||||
PublicKey = "public-key",
|
||||
EncryptedPrivateKey = "encrypted-private-key",
|
||||
};
|
||||
|
||||
private const int SecondsInMinute = 60;
|
||||
private const int MinutesInHour = 60;
|
||||
private const int SecondsInHour = SecondsInMinute * MinutesInHour;
|
||||
@@ -53,6 +60,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
|
||||
[Theory, BitAutoData, RegisterFinishRequestModelCustomize]
|
||||
public async Task TokenEndpoint_GrantTypePassword_Success(RegisterFinishRequestModel requestModel)
|
||||
{
|
||||
requestModel.UserAsymmetricKeys = TEST_ACCOUNT_KEYS;
|
||||
var localFactory = new IdentityApplicationFactory();
|
||||
var user = await localFactory.RegisterNewIdentityFactoryUserAsync(requestModel);
|
||||
|
||||
@@ -78,6 +86,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
|
||||
public async Task TokenEndpoint_GrantTypePassword_WithAllUserTypes_WithSsoPolicyDisabled_WithEnforceSsoPolicyForAllUsersTrue_Success(
|
||||
OrganizationUserType organizationUserType, RegisterFinishRequestModel requestModel, Guid organizationId, int generatedUsername)
|
||||
{
|
||||
requestModel.UserAsymmetricKeys = TEST_ACCOUNT_KEYS;
|
||||
requestModel.Email = $"{generatedUsername}@example.com";
|
||||
|
||||
var localFactory = new IdentityApplicationFactory();
|
||||
@@ -103,6 +112,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
|
||||
public async Task TokenEndpoint_GrantTypePassword_WithAllUserTypes_WithSsoPolicyDisabled_WithEnforceSsoPolicyForAllUsersFalse_Success(
|
||||
OrganizationUserType organizationUserType, RegisterFinishRequestModel requestModel, Guid organizationId, int generatedUsername)
|
||||
{
|
||||
requestModel.UserAsymmetricKeys = TEST_ACCOUNT_KEYS;
|
||||
requestModel.Email = $"{generatedUsername}@example.com";
|
||||
|
||||
var localFactory = new IdentityApplicationFactory();
|
||||
@@ -129,6 +139,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
|
||||
public async Task TokenEndpoint_GrantTypePassword_WithAllUserTypes_WithSsoPolicyEnabled_WithEnforceSsoPolicyForAllUsersTrue_Throw(
|
||||
OrganizationUserType organizationUserType, RegisterFinishRequestModel requestModel, Guid organizationId, int generatedUsername)
|
||||
{
|
||||
requestModel.UserAsymmetricKeys = TEST_ACCOUNT_KEYS;
|
||||
requestModel.Email = $"{generatedUsername}@example.com";
|
||||
|
||||
var localFactory = new IdentityApplicationFactory();
|
||||
@@ -152,6 +163,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
|
||||
public async Task TokenEndpoint_GrantTypePassword_WithOwnerOrAdmin_WithSsoPolicyEnabled_WithEnforceSsoPolicyForAllUsersFalse_Success(
|
||||
OrganizationUserType organizationUserType, RegisterFinishRequestModel requestModel, Guid organizationId, int generatedUsername)
|
||||
{
|
||||
requestModel.UserAsymmetricKeys = TEST_ACCOUNT_KEYS;
|
||||
requestModel.Email = $"{generatedUsername}@example.com";
|
||||
|
||||
var localFactory = new IdentityApplicationFactory();
|
||||
@@ -175,6 +187,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
|
||||
public async Task TokenEndpoint_GrantTypePassword_WithNonOwnerOrAdmin_WithSsoPolicyEnabled_WithEnforceSsoPolicyForAllUsersFalse_Throws(
|
||||
OrganizationUserType organizationUserType, RegisterFinishRequestModel requestModel, Guid organizationId, int generatedUsername)
|
||||
{
|
||||
requestModel.UserAsymmetricKeys = TEST_ACCOUNT_KEYS;
|
||||
requestModel.Email = $"{generatedUsername}@example.com";
|
||||
|
||||
var localFactory = new IdentityApplicationFactory();
|
||||
@@ -196,6 +209,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
|
||||
[Theory, BitAutoData, RegisterFinishRequestModelCustomize]
|
||||
public async Task TokenEndpoint_GrantTypeRefreshToken_Success(RegisterFinishRequestModel requestModel)
|
||||
{
|
||||
requestModel.UserAsymmetricKeys = TEST_ACCOUNT_KEYS;
|
||||
var localFactory = new IdentityApplicationFactory();
|
||||
|
||||
var user = await localFactory.RegisterNewIdentityFactoryUserAsync(requestModel);
|
||||
@@ -218,6 +232,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
|
||||
[Theory, BitAutoData, RegisterFinishRequestModelCustomize]
|
||||
public async Task TokenEndpoint_GrantTypeClientCredentials_Success(RegisterFinishRequestModel model)
|
||||
{
|
||||
model.UserAsymmetricKeys = TEST_ACCOUNT_KEYS;
|
||||
var localFactory = new IdentityApplicationFactory();
|
||||
var user = await localFactory.RegisterNewIdentityFactoryUserAsync(model);
|
||||
|
||||
@@ -242,6 +257,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
|
||||
RegisterFinishRequestModel model,
|
||||
string deviceId)
|
||||
{
|
||||
model.UserAsymmetricKeys.AccountKeys = null;
|
||||
var localFactory = new IdentityApplicationFactory();
|
||||
var server = localFactory.WithWebHostBuilder(builder =>
|
||||
{
|
||||
@@ -445,6 +461,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
|
||||
public async Task TokenEndpoint_TooQuickInOneSecond_BlockRequest(
|
||||
RegisterFinishRequestModel requestModel)
|
||||
{
|
||||
requestModel.UserAsymmetricKeys = TEST_ACCOUNT_KEYS;
|
||||
const int AmountInOneSecondAllowed = 10;
|
||||
|
||||
// The rule we are testing is 10 requests in 1 second
|
||||
|
||||
Reference in New Issue
Block a user