bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2026-02-23 16:12:57 +00:00
Code Issues Releases Wiki Activity

[PM-31052][PM-32469] Add V2UpgradeToken for key rotation without logout (#6995)

Browse Source 
* User V2UpgradeToken for key rotation without logout

* reset old v2 upgrade token on manual key rotation

* sql migration fix

* missing table column

* missing view update

* tests for V2UpgradeToken clearing on manual key rotation

* V2 to V2 rotation causes logout. Updated wrapped key 1 to be a valid V2 encrypted string in tests.

* integration tests failures - increase assert recent for date time type from 2 to 5 seconds (usually for UpdatedAt assertions)

* repository test coverage

* migration script update

* new EF migration scripts

* broken EF migration scripts fixed

* refresh views due to User table alternation
This commit is contained in:
Maciej Zieniuk
2026-02-20 20:19:14 +01:00
committed by GitHub
parent a961626957
commit 6a7b8f5a89
35 changed files with 12395 additions and 242 deletions
Download Patch File Download Diff File Expand all files Collapse all files

125
test/Api.Test/KeyManagement/Models/Request/V2UpgradeTokenRequestModelTests.cs Normal file
View File

@@ -0,0 +1,125 @@
using System.ComponentModel.DataAnnotations;
using Bit.Api.KeyManagement.Models.Requests;
using Xunit;
namespace Bit.Api.Test.KeyManagement.Models.Request;
public class V2UpgradeTokenRequestModelTests
{
private const string _validWrappedKey1 = "7.AOs41Hd8OQiCPXjyJKCiDA==";
private const string _validWrappedKey2 = "2.BPt52Ie9PQjDQYkzKLDjEB==|P7PIiu3V3iKHCTOHojnKnh==|jE44t9C79D9KiZZiTb5W2uBskwMs9fFbHrPW8CSp6Kl=";
[Fact]
public void Validate_WithValidEncStrings_ReturnsNoErrors()
{
// Arrange
var model = new V2UpgradeTokenRequestModel
{
WrappedUserKey1 = _validWrappedKey1,
WrappedUserKey2 = _validWrappedKey2
};
// Act
var results = Validate(model);
// Assert
Assert.Empty(results);
}
[Fact]
public void Validate_WithMissingWrappedUserKey1_ReturnsValidationError()
{
// Arrange
var model = new V2UpgradeTokenRequestModel
{
WrappedUserKey1 = null!,
WrappedUserKey2 = _validWrappedKey2
};
// Act
var results = Validate(model);
// Assert
Assert.Single(results);
Assert.Contains(results, r => r.MemberNames.Contains("WrappedUserKey1"));
}
[Fact]
public void Validate_WithMissingWrappedUserKey2_ReturnsValidationError()
{
// Arrange
var model = new V2UpgradeTokenRequestModel
{
WrappedUserKey1 = _validWrappedKey1,
WrappedUserKey2 = null!
};
// Act
var results = Validate(model);
// Assert
Assert.Single(results);
Assert.Contains(results, r => r.MemberNames.Contains("WrappedUserKey2"));
}
[Fact]
public void Validate_WithInvalidEncStringFormatKey1_ReturnsValidationError()
{
// Arrange
var model = new V2UpgradeTokenRequestModel
{
WrappedUserKey1 = "not-an-encrypted-string",
WrappedUserKey2 = _validWrappedKey2
};
// Act
var results = Validate(model);
// Assert
Assert.Single(results);
Assert.Contains(results, r => r.ErrorMessage == "WrappedUserKey1 is not a valid encrypted string.");
}
[Fact]
public void Validate_WithInvalidEncStringFormatKey2_ReturnsValidationError()
{
// Arrange
var model = new V2UpgradeTokenRequestModel
{
WrappedUserKey1 = _validWrappedKey1,
WrappedUserKey2 = "not-an-encrypted-string"
};
// Act
var results = Validate(model);
// Assert
Assert.Single(results);
Assert.Contains(results, r => r.ErrorMessage == "WrappedUserKey2 is not a valid encrypted string.");
}
[Fact]
public void ToData_WithValidModel_MapsPropertiesCorrectly()
{
// Arrange
var model = new V2UpgradeTokenRequestModel
{
WrappedUserKey1 = _validWrappedKey1,
WrappedUserKey2 = _validWrappedKey2
};
// Act
var data = model.ToData();
// Assert
Assert.Equal(_validWrappedKey1, data.WrappedUserKey1);
Assert.Equal(_validWrappedKey2, data.WrappedUserKey2);
}
private static List<ValidationResult> Validate(V2UpgradeTokenRequestModel model)
{
var results = new List<ValidationResult>();
Validator.TryValidateObject(model, new ValidationContext(model), results, true);
return results;
}
}