bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2026-02-12 06:23:28 +00:00
Code Issues Releases Wiki Activity

[PM-31684] Remove email hashing for send access (#6945)

Browse Source 
* [PM-31684] Remove email hashing for send access

* [PM-31684] switching the order of migration files

* [PM-31684] adding more migrations

* [PM-31684] Removing anon access emails field  and reusing emails field

* [PM-31684] cleanup before adding migrations back

* [PM-31684] restore original snapshots

* [PM-31684] restore original postgres snapshots

* [PM-31684] adding migrations

* [PM-31684] removing encryption attributes from emails request model

* [PM-31684] adding missing stored proc alters

* [PM-31684] Improved formatting for stored proc defs

* [PM-31684] adding necessary comment back

* [PM-31684] adding case-insensitive check on the server for send auth
This commit is contained in:
Alex Dragovich
2026-02-09 12:58:57 -08:00
committed by GitHub
parent 40c64a51d5
commit 6d43cc43e3
24 changed files with 10788 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
test/Core.Test/Tools/Services/SendAuthenticationQueryTests.cs
View File

@@ -43,12 +43,12 @@ public class SendAuthenticationQueryTests
}
[Theory]
[MemberData(nameof(EmailHashesParsingTestCases))]
public async Task GetAuthenticationMethod_WithEmailHashes_ParsesEmailHashesCorrectly(string emailHashString, string[] expectedEmailHashes)
[MemberData(nameof(EmailsParsingTestCases))]
public async Task GetAuthenticationMethod_WithEmails_ParsesEmailsCorrectly(string emailString, string[] expectedEmails)
{
// Arrange
var sendId = Guid.NewGuid();
var send = CreateSend(accessCount: 0, maxAccessCount: 10, emailHashes: emailHashString, password: null, AuthType.Email);
var send = CreateSend(accessCount: 0, maxAccessCount: 10, emails: emailString, password: null, AuthType.Email);
_sendRepository.GetByIdAsync(sendId).Returns(send);
// Act
@@ -56,15 +56,15 @@ public class SendAuthenticationQueryTests
// Assert
var emailOtp = Assert.IsType<EmailOtp>(result);
Assert.Equal(expectedEmailHashes, emailOtp.EmailHashes);
Assert.Equal(expectedEmails, emailOtp.emails);
}
[Fact]
public async Task GetAuthenticationMethod_WithBothEmailHashesAndPassword_ReturnsEmailOtp()
public async Task GetAuthenticationMethod_WithBothEmailsAndPassword_ReturnsEmailOtp()
{
// Arrange
var sendId = Guid.NewGuid();
var send = CreateSend(accessCount: 0, maxAccessCount: 10, emailHashes: "hashedemail", password: "hashedpassword", AuthType.Email);
var send = CreateSend(accessCount: 0, maxAccessCount: 10, emails: "person@company.com", password: "hashedpassword", AuthType.Email);
_sendRepository.GetByIdAsync(sendId).Returns(send);
// Act
@@ -79,7 +79,7 @@ public class SendAuthenticationQueryTests
{
// Arrange
var sendId = Guid.NewGuid();
var send = CreateSend(accessCount: 0, maxAccessCount: 10, emailHashes: null, password: null, AuthType.None);
var send = CreateSend(accessCount: 0, maxAccessCount: 10, emails: null, password: null, AuthType.None);
_sendRepository.GetByIdAsync(sendId).Returns(send);
// Act
@@ -106,11 +106,11 @@ public class SendAuthenticationQueryTests
public static IEnumerable<object[]> AuthenticationMethodTestCases()
{
yield return new object[] { null, typeof(NeverAuthenticate) };
yield return new object[] { CreateSend(accessCount: 5, maxAccessCount: 5, emailHashes: null, password: null, AuthType.None), typeof(NeverAuthenticate) };
yield return new object[] { CreateSend(accessCount: 6, maxAccessCount: 5, emailHashes: null, password: null, AuthType.None), typeof(NeverAuthenticate) };
yield return new object[] { CreateSend(accessCount: 0, maxAccessCount: 10, emailHashes: "hashedemail", password: null, AuthType.Email), typeof(EmailOtp) };
yield return new object[] { CreateSend(accessCount: 0, maxAccessCount: 10, emailHashes: null, password: "hashedpassword", AuthType.Password), typeof(ResourcePassword) };
yield return new object[] { CreateSend(accessCount: 0, maxAccessCount: 10, emailHashes: null, password: null, AuthType.None), typeof(NotAuthenticated) };
yield return new object[] { CreateSend(accessCount: 5, maxAccessCount: 5, emails: null, password: null, AuthType.None), typeof(NeverAuthenticate) };
yield return new object[] { CreateSend(accessCount: 6, maxAccessCount: 5, emails: null, password: null, AuthType.None), typeof(NeverAuthenticate) };
yield return new object[] { CreateSend(accessCount: 0, maxAccessCount: 10, emails: "person@company.com", password: null, AuthType.Email), typeof(EmailOtp) };
yield return new object[] { CreateSend(accessCount: 0, maxAccessCount: 10, emails: null, password: "hashedpassword", AuthType.Password), typeof(ResourcePassword) };
yield return new object[] { CreateSend(accessCount: 0, maxAccessCount: 10, emails: null, password: null, AuthType.None), typeof(NotAuthenticated) };
}
[Fact]
@@ -123,7 +123,7 @@ public class SendAuthenticationQueryTests
Id = sendId,
AccessCount = 0,
MaxAccessCount = 10,
EmailHashes = "hashedemail",
Emails = "person@company.com",
Password = null,
AuthType = AuthType.Email,
Disabled = true,
@@ -149,7 +149,7 @@ public class SendAuthenticationQueryTests
Id = sendId,
AccessCount = 0,
MaxAccessCount = 10,
EmailHashes = "hashedemail",
Emails = "person@company.com",
Password = null,
AuthType = AuthType.Email,
Disabled = false,
@@ -175,7 +175,7 @@ public class SendAuthenticationQueryTests
Id = sendId,
AccessCount = 0,
MaxAccessCount = 10,
EmailHashes = "hashedemail",
Emails = "person@company.com",
Password = null,
AuthType = AuthType.Email,
Disabled = false,
@@ -202,7 +202,7 @@ public class SendAuthenticationQueryTests
Id = sendId,
AccessCount = 0,
MaxAccessCount = 10,
EmailHashes = "hashedemail",
Emails = "person@company.com",
Password = null,
AuthType = AuthType.Email,
Disabled = false,
@@ -228,7 +228,7 @@ public class SendAuthenticationQueryTests
Id = sendId,
AccessCount = 5,
MaxAccessCount = 5,
EmailHashes = "hashedemail",
Emails = "person@company.com",
Password = null,
AuthType = AuthType.Email,
Disabled = false,
@@ -254,7 +254,7 @@ public class SendAuthenticationQueryTests
Id = sendId,
AccessCount = 1000,
MaxAccessCount = null, // No limit
EmailHashes = "hashedemail",
Emails = "person@company.com",
Password = null,
AuthType = AuthType.Email,
Disabled = false,
@@ -280,7 +280,7 @@ public class SendAuthenticationQueryTests
Id = sendId,
AccessCount = 0,
MaxAccessCount = 10,
EmailHashes = "hashedemail",
Emails = "person@company.com",
Password = null,
AuthType = AuthType.Email,
Disabled = false,
@@ -296,23 +296,23 @@ public class SendAuthenticationQueryTests
Assert.IsType<EmailOtp>(result);
}
public static IEnumerable<object[]> EmailHashesParsingTestCases()
public static IEnumerable<object[]> EmailsParsingTestCases()
{
yield return new object[] { "hash1", new[] { "hash1" } };
yield return new object[] { "hash1,hash2", new[] { "hash1", "hash2" } };
yield return new object[] { " hash1 , hash2 ", new[] { "hash1", "hash2" } };
yield return new object[] { "hash1,,hash2", new[] { "hash1", "hash2" } };
yield return new object[] { " , hash1, ,hash2, ", new[] { "hash1", "hash2" } };
yield return new object[] { "person@company.com", new[] { "person@company.com" } };
yield return new object[] { "person1@company.com,person2@company.com", new[] { "person1@company.com", "person2@company.com" } };
yield return new object[] { " person1@company.com , person2@company.com ", new[] { "person1@company.com", "person2@company.com" } };
yield return new object[] { "person1@company.com,,person2@company.com", new[] { "person1@company.com", "person2@company.com" } };
yield return new object[] { " , person1@company.com, ,person2@company.com, ", new[] { "person1@company.com", "person2@company.com" } };
}
private static Send CreateSend(int accessCount, int? maxAccessCount, string? emailHashes, string? password, AuthType? authType)
private static Send CreateSend(int accessCount, int? maxAccessCount, string? emails, string? password, AuthType? authType)
{
return new Send
{
Id = Guid.NewGuid(),
AccessCount = accessCount,
MaxAccessCount = maxAccessCount,
EmailHashes = emailHashes,
Emails = emails,
Password = password,
AuthType = authType,
Disabled = false,