fix(auth-validator): [PM-22975] Client Version Validator - Made enough changes so that it's ready for review by KM

2026-01-02 16:43:25 +00:00 · 2025-12-02 14:22:17 -05:00
parent 8b8694e589
commit ed89cf8161
7 changed files with 40 additions and 47 deletions
--- a/test/Identity.IntegrationTest/Endpoints/IdentityServerSsoTests.cs
+++ b/test/Identity.IntegrationTest/Endpoints/IdentityServerSsoTests.cs
@@ -342,8 +342,7 @@ public class IdentityServerSsoTests
            { "code", "test_code" },
            { "code_verifier", challenge },
            { "redirect_uri", "https://localhost:8080/sso-connector.html" }
-        }),
-        http => { http.Request.Headers.Append("Bitwarden-Client-Version", "2025.10.0"); });
+        }));

        // Assert
        // If the organization has selected TrustedDeviceEncryption but the user still has their master password
@@ -412,12 +411,7 @@ public class IdentityServerSsoTests
            { "code", "test_code" },
            { "code_verifier", challenge },
            { "redirect_uri", "https://localhost:8080/sso-connector.html" }
-        }),
-        http =>
-        {
-            http.Request.Headers.Append("Bitwarden-Client-Version", "2025.10.0");
-            http.Request.Headers.Append("Accept", "application/json");
-        });
+        }));

        // Assert
        // If the organization has selected TrustedDeviceEncryption but the user still has their master password
@@ -490,8 +484,7 @@ public class IdentityServerSsoTests
            { "code", "test_code" },
            { "code_verifier", challenge },
            { "redirect_uri", "https://localhost:8080/sso-connector.html" }
-        }),
-        http => { http.Request.Headers.Append("Bitwarden-Client-Version", "2025.10.0"); });
+        }));

        Assert.Equal(StatusCodes.Status200OK, context.Response.StatusCode);
        using var responseBody = await AssertHelper.AssertResponseTypeIs<JsonDocument>(context);
@@ -554,22 +547,22 @@ public class IdentityServerSsoTests
        }, challenge, trustedDeviceEnabled);

        await configureFactory(factory);
-        var context = await factory.Server.PostAsync("/connect/token", new FormUrlEncodedContent(new Dictionary<string, string>
-        {
-            { "scope", "api offline_access" },
-            { "client_id", "web" },
-            { "deviceType", "10" },
-            { "deviceIdentifier", "test_id" },
-            { "deviceName", "firefox" },
-            { "twoFactorToken", "TEST"},
-            { "twoFactorProvider", "5" }, // RememberMe Provider
-            { "twoFactorRemember", "0" },
-            { "grant_type", "authorization_code" },
-            { "code", "test_code" },
-            { "code_verifier", challenge },
-            { "redirect_uri", "https://localhost:8080/sso-connector.html" }
-        }),
-        http => { http.Request.Headers.Append("Bitwarden-Client-Version", "2025.10.0"); });
+        var context = await factory.Server.PostAsync("/connect/token", new FormUrlEncodedContent(
+            new Dictionary<string, string>
+            {
+                { "scope", "api offline_access" },
+                { "client_id", "web" },
+                { "deviceType", "10" },
+                { "deviceIdentifier", "test_id" },
+                { "deviceName", "firefox" },
+                { "twoFactorToken", "TEST" },
+                { "twoFactorProvider", "5" }, // RememberMe Provider
+                { "twoFactorRemember", "0" },
+                { "grant_type", "authorization_code" },
+                { "code", "test_code" },
+                { "code_verifier", challenge },
+                { "redirect_uri", "https://localhost:8080/sso-connector.html" }
+            }));

        // If this fails, surface detailed error information to aid debugging
        if (context.Response.StatusCode != StatusCodes.Status200OK)
--- a/test/Identity.IntegrationTest/Login/ClientVersionGateTests.cs
+++ b/test/Identity.IntegrationTest/Login/ClientVersionGateTests.cs
@@ -4,6 +4,7 @@ using Bit.Core.KeyManagement.Enums;
 using Bit.Core.Test.Auth.AutoFixture;
 using Bit.IntegrationTestCommon.Factories;
 using Bit.Test.Common.AutoFixture.Attributes;
+using Bit.Test.Common.Constants;
 using Microsoft.EntityFrameworkCore;
 using Xunit;

@@ -29,14 +30,14 @@ public class ClientVersionGateTests : IClassFixture<IdentityApplicationFactory>
        // Make user V2: set private key to COSE and add signature key pair
        var db = localFactory.GetDatabaseContext();
        var efUser = await db.Users.FirstAsync(u => u.Email == user.Email);
-        efUser.PrivateKey = "7.cose";
+        efUser.PrivateKey = TestEncryptionConstants.V2PrivateKey;
        db.UserSignatureKeyPairs.Add(new Bit.Infrastructure.EntityFramework.Models.UserSignatureKeyPair
        {
            Id = Core.Utilities.CoreHelpers.GenerateComb(),
            UserId = efUser.Id,
            SignatureAlgorithm = SignatureAlgorithm.Ed25519,
-            SigningKey = "7.cose_signing",
-            VerifyingKey = "vk"
+            SigningKey = TestEncryptionConstants.V2WrappedSigningKey,
+            VerifyingKey = TestEncryptionConstants.V2VerifyingKey,
        });
        await db.SaveChangesAsync();

@@ -74,14 +75,14 @@ public class ClientVersionGateTests : IClassFixture<IdentityApplicationFactory>
        // Make user V2
        var db = localFactory.GetDatabaseContext();
        var efUser = await db.Users.FirstAsync(u => u.Email == user.Email);
-        efUser.PrivateKey = "7.cose";
+        efUser.PrivateKey = TestEncryptionConstants.V2PrivateKey;
        db.UserSignatureKeyPairs.Add(new Bit.Infrastructure.EntityFramework.Models.UserSignatureKeyPair
        {
            Id = Core.Utilities.CoreHelpers.GenerateComb(),
            UserId = efUser.Id,
            SignatureAlgorithm = SignatureAlgorithm.Ed25519,
-            SigningKey = "7.cose_signing",
-            VerifyingKey = "vk"
+            SigningKey = TestEncryptionConstants.V2WrappedSigningKey,
+            VerifyingKey = TestEncryptionConstants.V2VerifyingKey,
        });
        await db.SaveChangesAsync();