Merge branch 'feature/flexible-collections' into flexible-collections/deprecate-custom-collection-perm

2026-01-04 09:33:40 +00:00 · 2023-10-31 14:55:19 +00:00
parent c62922842f 96ed67ac3f
commit b2e4a39ef0
50 changed files with 1354 additions and 96 deletions
--- a/test/Core.Test/Auth/Models/Business/Tokenables/WebAuthnCredentialCreateOptionsTokenableTests.cs
+++ b/test/Core.Test/Auth/Models/Business/Tokenables/WebAuthnCredentialCreateOptionsTokenableTests.cs
@@ -0,0 +1,81 @@
+using Bit.Core.Auth.Models.Business.Tokenables;
+using Bit.Core.Entities;
+using Bit.Test.Common.AutoFixture.Attributes;
+using Fido2NetLib;
+using Xunit;
+
+namespace Bit.Core.Test.Auth.Models.Business.Tokenables;
+
+public class WebAuthnCredentialCreateOptionsTokenableTests
+{
+    [Theory, BitAutoData]
+    public void Valid_TokenWithoutUser_ReturnsFalse(CredentialCreateOptions createOptions)
+    {
+        var token = new WebAuthnCredentialCreateOptionsTokenable(null, createOptions);
+
+        var isValid = token.Valid;
+
+        Assert.False(isValid);
+    }
+
+    [Theory, BitAutoData]
+    public void Valid_TokenWithoutOptions_ReturnsFalse(User user)
+    {
+        var token = new WebAuthnCredentialCreateOptionsTokenable(user, null);
+
+        var isValid = token.Valid;
+
+        Assert.False(isValid);
+    }
+
+    [Theory, BitAutoData]
+    public void Valid_NewlyCreatedToken_ReturnsTrue(User user, CredentialCreateOptions createOptions)
+    {
+        var token = new WebAuthnCredentialCreateOptionsTokenable(user, createOptions);
+
+        var isValid = token.Valid;
+
+        Assert.True(isValid);
+    }
+
+    [Theory, BitAutoData]
+    public void ValidIsValid_TokenWithoutUser_ReturnsFalse(User user, CredentialCreateOptions createOptions)
+    {
+        var token = new WebAuthnCredentialCreateOptionsTokenable(null, createOptions);
+
+        var isValid = token.TokenIsValid(user);
+
+        Assert.False(isValid);
+    }
+
+    [Theory, BitAutoData]
+    public void ValidIsValid_TokenWithoutOptions_ReturnsFalse(User user)
+    {
+        var token = new WebAuthnCredentialCreateOptionsTokenable(user, null);
+
+        var isValid = token.TokenIsValid(user);
+
+        Assert.False(isValid);
+    }
+
+    [Theory, BitAutoData]
+    public void ValidIsValid_NonMatchingUsers_ReturnsFalse(User user1, User user2, CredentialCreateOptions createOptions)
+    {
+        var token = new WebAuthnCredentialCreateOptionsTokenable(user1, createOptions);
+
+        var isValid = token.TokenIsValid(user2);
+
+        Assert.False(isValid);
+    }
+
+    [Theory, BitAutoData]
+    public void ValidIsValid_SameUser_ReturnsTrue(User user, CredentialCreateOptions createOptions)
+    {
+        var token = new WebAuthnCredentialCreateOptionsTokenable(user, createOptions);
+
+        var isValid = token.TokenIsValid(user);
+
+        Assert.True(isValid);
+    }
+}
+
--- a/test/Core.Test/Services/UserServiceTests.cs
+++ b/test/Core.Test/Services/UserServiceTests.cs
@@ -1,7 +1,11 @@
 using System.Text.Json;
+using AutoFixture;
 using Bit.Core.AdminConsole.Repositories;
+using Bit.Core.Auth.Entities;
 using Bit.Core.Auth.Enums;
 using Bit.Core.Auth.Models;
+using Bit.Core.Auth.Models.Business.Tokenables;
+using Bit.Core.Auth.Repositories;
 using Bit.Core.Context;
 using Bit.Core.Entities;
 using Bit.Core.Models.Business;
@@ -9,6 +13,7 @@ using Bit.Core.Models.Data.Organizations;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
 using Bit.Core.Settings;
+using Bit.Core.Tokens;
 using Bit.Core.Tools.Services;
 using Bit.Core.Vault.Repositories;
 using Bit.Test.Common.AutoFixture;
@@ -180,6 +185,21 @@ public class UserServiceTests
        Assert.True(await sutProvider.Sut.HasPremiumFromOrganization(user));
    }

+    [Theory, BitAutoData]
+    public async void CompleteWebAuthLoginRegistrationAsync_ExceedsExistingCredentialsLimit_ReturnsFalse(SutProvider<UserService> sutProvider, User user, CredentialCreateOptions options, AuthenticatorAttestationRawResponse response, Generator<WebAuthnCredential> credentialGenerator)
+    {
+        // Arrange
+        var existingCredentials = credentialGenerator.Take(5).ToList();
+        sutProvider.GetDependency<IWebAuthnCredentialRepository>().GetManyByUserIdAsync(user.Id).Returns(existingCredentials);
+
+        // Act
+        var result = await sutProvider.Sut.CompleteWebAuthLoginRegistrationAsync(user, "name", options, response);
+
+        // Assert
+        Assert.False(result);
+        sutProvider.GetDependency<IWebAuthnCredentialRepository>().DidNotReceive();
+    }
+
    [Flags]
    public enum ShouldCheck
    {
@@ -254,7 +274,10 @@ public class UserServiceTests
            sutProvider.GetDependency<IGlobalSettings>(),
            sutProvider.GetDependency<IOrganizationService>(),
            sutProvider.GetDependency<IProviderUserRepository>(),
-            sutProvider.GetDependency<IStripeSyncService>());
+            sutProvider.GetDependency<IStripeSyncService>(),
+            sutProvider.GetDependency<IWebAuthnCredentialRepository>(),
+            sutProvider.GetDependency<IDataProtectorTokenFactory<WebAuthnLoginTokenable>>()
+            );

        var actualIsVerified = await sut.VerifySecretAsync(user, secret);