[PM-23249] Prevent log-out when changing KDF settings (#6349)

* Prevent log-out when changing KDF settings with feature flag. * validate salt unchanged for user to throw bad request (400), not internal server error (500) * change kdf integration tests * failing tests * iuncorrect tests wording * conditional logout * log out reason as enum * explicit naming
2026-01-10 04:23:31 +00:00 · 2025-10-21 19:03:25 +02:00
parent 8d52ae869c
commit 6324f692b8
18 changed files with 675 additions and 115 deletions
--- a/test/Identity.Test/AutoFixture/ProfileServiceFixtures.cs
+++ b/test/Identity.Test/AutoFixture/ProfileServiceFixtures.cs
@@ -15,8 +15,8 @@ internal class ProfileDataRequestContextCustomization : ICustomization
        fixture.Customize<ProfileDataRequestContext>(composer => composer
            .With(o => o.Subject, new ClaimsPrincipal(new ClaimsIdentity([
                new Claim("sub", Guid.NewGuid().ToString()),
-                  new Claim("name", "Test User"),
-                  new Claim("email", "test@example.com")
+                new Claim("name", "Test User"),
+                new Claim("email", "test@example.com")
            ])))
            .With(o => o.Client, new Client { ClientId = "web" })
            .With(o => o.ValidatedRequest, () => null)
@@ -41,7 +41,7 @@ internal class IsActiveContextCustomization : ICustomization
        fixture.Customize<IsActiveContext>(composer => composer
            .With(o => o.Subject, new ClaimsPrincipal(new ClaimsIdentity([
                new Claim("sub", Guid.NewGuid().ToString()),
-                  new Claim(Claims.SecurityStamp, "test-security-stamp")
+                new Claim(Claims.SecurityStamp, "test-security-stamp")
            ])))
            .With(o => o.Client, new Client { ClientId = "web" })
            .With(o => o.IsActive, false)
--- a/test/Identity.Test/IdentityServer/ProfileServiceTests.cs
+++ b/test/Identity.Test/IdentityServer/ProfileServiceTests.cs
@@ -452,7 +452,8 @@ public class ProfileServiceTests
        user.SecurityStamp = securityStamp;

        context.Subject = new ClaimsPrincipal(new ClaimsIdentity([
-            new Claim("sub", user.Id.ToString()), new Claim(Claims.SecurityStamp, securityStamp)
+            new Claim("sub", user.Id.ToString()),
+            new Claim(Claims.SecurityStamp, securityStamp)
        ]));

        _userService.GetUserByPrincipalAsync(context.Subject).Returns(user);
@@ -486,7 +487,8 @@ public class ProfileServiceTests
        user.SecurityStamp = "current-security-stamp";

        context.Subject = new ClaimsPrincipal(new ClaimsIdentity([
-            new Claim("sub", user.Id.ToString()), new Claim(Claims.SecurityStamp, "old-security-stamp")
+            new Claim("sub", user.Id.ToString()),
+            new Claim(Claims.SecurityStamp, "old-security-stamp")
        ]));

        _userService.GetUserByPrincipalAsync(context.Subject).Returns(user);
@@ -517,7 +519,8 @@ public class ProfileServiceTests
        user.SecurityStamp = "current-stamp";

        context.Subject = new ClaimsPrincipal(new ClaimsIdentity([
-            new Claim("sub", user.Id.ToString()), new Claim(Claims.SecurityStamp, claimStamp)
+            new Claim("sub", user.Id.ToString()),
+            new Claim(Claims.SecurityStamp, claimStamp)
        ]));

        _userService.GetUserByPrincipalAsync(context.Subject).Returns(user);
@@ -546,7 +549,8 @@ public class ProfileServiceTests
    {
        context.Client.ClientId = client;
        context.Subject = new ClaimsPrincipal(new ClaimsIdentity([
-            new Claim("sub", user.Id.ToString()), new Claim("email", user.Email)
+            new Claim("sub", user.Id.ToString()),
+            new Claim("email", user.Email)
        ]));

        _userService.GetUserByPrincipalAsync(context.Subject).Returns(user);