[PM-27280] Support v2 encryption on key-connector signups (#6712)

* account v2 registration for key connector * use new user repository functions * test coverage * integration test coverage * documentation * code review * missing test coverage * fix failing test * failing test * incorrect ticket number * moved back request model to Api, created dedicated data class in Core * sql stored procedure type mismatch, simplification * key connector authorization handler
2025-12-31 15:43:16 +00:00 · 2025-12-18 19:43:03 +01:00
parent 2b742b0343
commit a92d7ac129
22 changed files with 1283 additions and 50 deletions
--- a/test/Infrastructure.IntegrationTest/Auth/Repositories/UserRepositoryTests.cs
+++ b/test/Infrastructure.IntegrationTest/Auth/Repositories/UserRepositoryTests.cs
@@ -1,9 +1,11 @@
-using Bit.Core.AdminConsole.Repositories;
+using Bit.Core;
+using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Models.Data;
 using Bit.Core.Repositories;
 using Bit.Infrastructure.IntegrationTest.AdminConsole;
+using Microsoft.Data.SqlClient;
 using Xunit;

 namespace Bit.Infrastructure.IntegrationTest.Repositories;
@@ -500,4 +502,54 @@ public class UserRepositoryTests
        // Assert
        Assert.Empty(results);
    }
+
+    [Theory, DatabaseData]
+    public async Task SetKeyConnectorUserKey_UpdatesUserKey(IUserRepository userRepository, Database database)
+    {
+        var user = await userRepository.CreateTestUserAsync();
+
+        const string keyConnectorWrappedKey = "key-connector-wrapped-user-key";
+
+        var setKeyConnectorUserKeyDelegate = userRepository.SetKeyConnectorUserKey(user.Id, keyConnectorWrappedKey);
+
+        await RunUpdateUserDataAsync(setKeyConnectorUserKeyDelegate, database);
+
+        var updatedUser = await userRepository.GetByIdAsync(user.Id);
+
+        Assert.NotNull(updatedUser);
+        Assert.Equal(keyConnectorWrappedKey, updatedUser.Key);
+        Assert.True(updatedUser.UsesKeyConnector);
+        Assert.Equal(KdfType.Argon2id, updatedUser.Kdf);
+        Assert.Equal(AuthConstants.ARGON2_ITERATIONS.Default, updatedUser.KdfIterations);
+        Assert.Equal(AuthConstants.ARGON2_MEMORY.Default, updatedUser.KdfMemory);
+        Assert.Equal(AuthConstants.ARGON2_PARALLELISM.Default, updatedUser.KdfParallelism);
+        Assert.Equal(DateTime.UtcNow, updatedUser.RevisionDate, TimeSpan.FromMinutes(1));
+        Assert.Equal(DateTime.UtcNow, updatedUser.AccountRevisionDate, TimeSpan.FromMinutes(1));
+    }
+
+    private static async Task RunUpdateUserDataAsync(UpdateUserData task, Database database)
+    {
+        if (database.Type == SupportedDatabaseProviders.SqlServer && !database.UseEf)
+        {
+            await using var connection = new SqlConnection(database.ConnectionString);
+            connection.Open();
+
+            await using var transaction = connection.BeginTransaction();
+            try
+            {
+                await task(connection, transaction);
+
+                transaction.Commit();
+            }
+            catch
+            {
+                transaction.Rollback();
+                throw;
+            }
+        }
+        else
+        {
+            await task();
+        }
+    }
 }