[PM-23249] Prevent log-out when changing KDF settings (#6349)

* Prevent log-out when changing KDF settings with feature flag. * validate salt unchanged for user to throw bad request (400), not internal server error (500) * change kdf integration tests * failing tests * iuncorrect tests wording * conditional logout * log out reason as enum * explicit naming
2025-12-21 18:53:41 +00:00 · 2025-10-21 19:03:25 +02:00
parent 8d52ae869c
commit 6324f692b8
18 changed files with 675 additions and 115 deletions
--- a/test/Api.Test/Auth/Controllers/AccountsControllerTests.cs
+++ b/test/Api.Test/Auth/Controllers/AccountsControllerTests.cs
@@ -11,6 +11,7 @@ using Bit.Core.Auth.UserFeatures.UserMasterPassword.Interfaces;
 using Bit.Core.Entities;
 using Bit.Core.Exceptions;
 using Bit.Core.KeyManagement.Kdf;
+using Bit.Core.KeyManagement.Models.Data;
 using Bit.Core.KeyManagement.Queries.Interfaces;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
@@ -617,6 +618,16 @@ public class AccountsControllerTests : IDisposable
        await _twoFactorEmailService.Received(1).SendNewDeviceVerificationEmailAsync(user);
    }

+    [Theory]
+    [BitAutoData]
+    public async Task PostKdf_UserNotFound_ShouldFail(PasswordRequestModel model)
+    {
+        _userService.GetUserByPrincipalAsync(Arg.Any<ClaimsPrincipal>()).Returns(Task.FromResult<User>(null));
+
+        // Act
+        await Assert.ThrowsAsync<UnauthorizedAccessException>(() => _sut.PostKdf(model));
+    }
+
    [Theory]
    [BitAutoData]
    public async Task PostKdf_WithNullAuthenticationData_ShouldFail(
@@ -626,7 +637,9 @@ public class AccountsControllerTests : IDisposable
        model.AuthenticationData = null;

        // Act
-        await Assert.ThrowsAsync<BadRequestException>(() => _sut.PostKdf(model));
+        var exception = await Assert.ThrowsAsync<BadRequestException>(() => _sut.PostKdf(model));
+
+        Assert.Contains("AuthenticationData and UnlockData must be provided.", exception.Message);
    }

    [Theory]
@@ -638,7 +651,41 @@ public class AccountsControllerTests : IDisposable
        model.UnlockData = null;

        // Act
-        await Assert.ThrowsAsync<BadRequestException>(() => _sut.PostKdf(model));
+        var exception = await Assert.ThrowsAsync<BadRequestException>(() => _sut.PostKdf(model));
+
+        Assert.Contains("AuthenticationData and UnlockData must be provided.", exception.Message);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task PostKdf_ChangeKdfFailed_ShouldFail(
+        User user, PasswordRequestModel model)
+    {
+        _userService.GetUserByPrincipalAsync(Arg.Any<ClaimsPrincipal>()).Returns(Task.FromResult(user));
+        _changeKdfCommand.ChangeKdfAsync(Arg.Any<User>(), Arg.Any<string>(),
+                Arg.Any<MasterPasswordAuthenticationData>(), Arg.Any<MasterPasswordUnlockData>())
+            .Returns(Task.FromResult(IdentityResult.Failed(new IdentityError { Description = "Change KDF failed" })));
+
+        // Act
+        var exception = await Assert.ThrowsAsync<BadRequestException>(() => _sut.PostKdf(model));
+
+        Assert.NotNull(exception.ModelState);
+        Assert.Contains("Change KDF failed",
+            exception.ModelState.Values.SelectMany(x => x.Errors).Select(x => x.ErrorMessage));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task PostKdf_ChangeKdfSuccess_NoError(
+        User user, PasswordRequestModel model)
+    {
+        _userService.GetUserByPrincipalAsync(Arg.Any<ClaimsPrincipal>()).Returns(Task.FromResult(user));
+        _changeKdfCommand.ChangeKdfAsync(Arg.Any<User>(), Arg.Any<string>(),
+                Arg.Any<MasterPasswordAuthenticationData>(), Arg.Any<MasterPasswordUnlockData>())
+            .Returns(Task.FromResult(IdentityResult.Success));
+
+        // Act
+        await _sut.PostKdf(model);
    }

    // Below are helper functions that currently belong to this