mirror of
https://github.com/bitwarden/server
synced 2026-01-02 00:23:40 +00:00
test(auth-validator): [PM-22975] Client Version Validator - Fixed tests a little.
This commit is contained in:
Patrick Pimentel
@@ -6,7 +6,6 @@ public static class EncryptionParsing
|
||||
{
|
||||
/// <summary>
|
||||
/// Helper method to convert an encryption type string to an enum value.
|
||||
/// Accepts formats like "Header.iv|ct|mac" or "Header" COSE format.
|
||||
/// </summary>
|
||||
public static EncryptionType GetEncryptionType(string encString)
|
||||
{
|
||||
|
||||
@@ -111,7 +111,8 @@ public abstract class BaseRequestValidator<T> where T : class
|
||||
}
|
||||
else
|
||||
{
|
||||
// 1. We need to check if the user is legitimate via the appropriate mechanism through.
|
||||
// 1. We need to check if the user is legitimate via the contextually appropriate mechanism
|
||||
// (webauthn, password, custom token, etc.).
|
||||
var valid = await ValidateContextAsync(context, validatorContext);
|
||||
var user = validatorContext.User;
|
||||
if (!valid)
|
||||
@@ -123,8 +124,10 @@ public abstract class BaseRequestValidator<T> where T : class
|
||||
}
|
||||
|
||||
// 1.5 Now check the version number of the client. Do this after ValidateContextAsync so that
|
||||
// we prevent account enumeration. If we were to do this before we would validate that a given user
|
||||
// could exist
|
||||
// we prevent account enumeration. If we were to do this before ValidateContextAsync, then attackers
|
||||
// could use a known invalid client version and make a request for a user (before we know if they have
|
||||
// demonstrated ownership of the account via correct credentials) and identify if they exist by getting
|
||||
// an error response back from the validator saying the user is not compatible with the client.
|
||||
await ValidateClientVersionAsync(context, validatorContext);
|
||||
|
||||
// 2. Decide if this user belongs to an organization that requires SSO.
|
||||
|
||||
@@ -55,6 +55,7 @@ public class BaseRequestValidatorTests
|
||||
private readonly IAuthRequestRepository _authRequestRepository;
|
||||
private readonly IMailService _mailService;
|
||||
private readonly IUserAccountKeysQuery _userAccountKeysQuery;
|
||||
private readonly IClientVersionValidator _clientVersionValidator;
|
||||
|
||||
private readonly BaseRequestValidatorTestWrapper _sut;
|
||||
|
||||
@@ -78,6 +79,7 @@ public class BaseRequestValidatorTests
|
||||
_authRequestRepository = Substitute.For<IAuthRequestRepository>();
|
||||
_mailService = Substitute.For<IMailService>();
|
||||
_userAccountKeysQuery = Substitute.For<IUserAccountKeysQuery>();
|
||||
_clientVersionValidator = Substitute.For<IClientVersionValidator>();
|
||||
|
||||
_sut = new BaseRequestValidatorTestWrapper(
|
||||
_userManager,
|
||||
@@ -97,7 +99,8 @@ public class BaseRequestValidatorTests
|
||||
_policyRequirementQuery,
|
||||
_authRequestRepository,
|
||||
_mailService,
|
||||
_userAccountKeysQuery);
|
||||
_userAccountKeysQuery,
|
||||
_clientVersionValidator);
|
||||
}
|
||||
|
||||
private void SetupRecoveryCodeSupportForSsoRequiredUsersFeatureFlag(bool recoveryCodeSupportEnabled)
|
||||
|
||||
@@ -40,7 +40,7 @@ public class ClientVersionValidatorTests
|
||||
Assert.False(ok);
|
||||
Assert.NotNull(ctx.ValidationErrorResult);
|
||||
Assert.True(ctx.ValidationErrorResult.IsError);
|
||||
Assert.Equal("invalid_grant", ctx.ValidationErrorResult.Error);
|
||||
Assert.Equal("invalid_client_version", ctx.ValidationErrorResult.Error);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
|
||||
@@ -66,8 +66,8 @@ IBaseRequestValidatorTestWrapper
|
||||
IPolicyRequirementQuery policyRequirementQuery,
|
||||
IAuthRequestRepository authRequestRepository,
|
||||
IMailService mailService,
|
||||
IClientVersionValidator clientVersionValidator,
|
||||
IUserAccountKeysQuery userAccountKeysQuery) :
|
||||
IUserAccountKeysQuery userAccountKeysQuery,
|
||||
IClientVersionValidator clientVersionValidator) :
|
||||
base(
|
||||
userManager,
|
||||
userService,
|
||||
|
||||
Reference in New Issue
Block a user