bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2025-12-27 21:53:24 +00:00
Code Issues Releases Wiki Activity

Added MasterPasswordUnlock to UserDecryptionOptions as part of identity response (#6093)

Browse Source
This commit is contained in:
Maciej Zieniuk
2025-07-28 17:34:42 +02:00
committed by GitHub
parent d407c164b6
commit 59e7bc7438
7 changed files with 247 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
test/Identity.IntegrationTest/Endpoints/IdentityServerTests.cs
View File

@@ -67,7 +67,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
Assert.Equal(0, kdf);
var kdfIterations = AssertHelper.AssertJsonProperty(root, "KdfIterations", JsonValueKind.Number).GetInt32();
Assert.Equal(AuthConstants.PBKDF2_ITERATIONS.Default, kdfIterations);
AssertUserDecryptionOptions(root);
AssertUserDecryptionOptions(root, user);
}
[Theory, RegisterFinishRequestModelCustomize]
@@ -601,14 +601,27 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
Assert.StartsWith("sso authentication", errorDescription.ToLowerInvariant());
}
private static void AssertUserDecryptionOptions(JsonElement tokenResponse)
private static void AssertUserDecryptionOptions(JsonElement tokenResponse, User expectedUser)
{
var userDecryptionOptions = AssertHelper.AssertJsonProperty(tokenResponse, "UserDecryptionOptions", JsonValueKind.Object)
.EnumerateObject();
var userDecryptionOptions =
AssertHelper.AssertJsonProperty(tokenResponse, "UserDecryptionOptions", JsonValueKind.Object);
Assert.Collection(userDecryptionOptions,
(prop) => { Assert.Equal("HasMasterPassword", prop.Name); Assert.Equal(JsonValueKind.True, prop.Value.ValueKind); },
(prop) => { Assert.Equal("Object", prop.Name); Assert.Equal("userDecryptionOptions", prop.Value.GetString()); });
AssertHelper.AssertJsonProperty(userDecryptionOptions, "HasMasterPassword", JsonValueKind.True);
var objectString = AssertHelper.AssertJsonProperty(userDecryptionOptions, "Object", JsonValueKind.String).ToString();
Assert.Equal("userDecryptionOptions", objectString);
var masterPasswordUnlock = AssertHelper.AssertJsonProperty(userDecryptionOptions, "MasterPasswordUnlock", JsonValueKind.Object);
// MasterPasswordUnlock.Kdf
var kdf = AssertHelper.AssertJsonProperty(masterPasswordUnlock, "Kdf", JsonValueKind.Object);
var kdfType = AssertHelper.AssertJsonProperty(kdf, "KdfType", JsonValueKind.Number).GetInt32();
Assert.Equal((int)expectedUser.Kdf, kdfType);
var kdfIterations = AssertHelper.AssertJsonProperty(kdf, "Iterations", JsonValueKind.Number).GetInt32();
Assert.Equal(expectedUser.KdfIterations, kdfIterations);
// MasterPasswordUnlock.MasterKeyEncryptedUserKey
var masterKeyEncryptedUserKey = AssertHelper.AssertJsonProperty(masterPasswordUnlock, "MasterKeyEncryptedUserKey", JsonValueKind.String).ToString();
Assert.Equal(expectedUser.Key, masterKeyEncryptedUserKey);
// MasterPasswordUnlock.Salt
var salt = AssertHelper.AssertJsonProperty(masterPasswordUnlock, "Salt", JsonValueKind.String).ToString();
Assert.Equal(expectedUser.Email.ToLower(), salt);
}
private void ReinitializeDbForTests(IdentityApplicationFactory factory)