Merge branch 'main' into auth/pm-22975/client-version-validator

2026-01-02 00:23:40 +00:00 · 2025-12-15 18:03:41 -05:00
parent 6a5518a037 e646b91a50
commit fcd4b24442
46 changed files with 1780 additions and 873 deletions
--- a/test/Identity.IntegrationTest/Endpoints/IdentityServerTests.cs
+++ b/test/Identity.IntegrationTest/Endpoints/IdentityServerTests.cs
@@ -24,6 +24,13 @@ namespace Bit.Identity.IntegrationTest.Endpoints;
 [SutProviderCustomize]
 public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
 {
+    private static readonly KeysRequestModel TEST_ACCOUNT_KEYS = new KeysRequestModel
+    {
+        AccountKeys = null,
+        PublicKey = "public-key",
+        EncryptedPrivateKey = "encrypted-private-key",
+    };
+
    private const int SecondsInMinute = 60;
    private const int MinutesInHour = 60;
    private const int SecondsInHour = SecondsInMinute * MinutesInHour;
@@ -64,6 +71,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
    [Theory, BitAutoData, RegisterFinishRequestModelCustomize]
    public async Task TokenEndpoint_GrantTypePassword_Success(RegisterFinishRequestModel requestModel)
    {
+        requestModel.UserAsymmetricKeys = TEST_ACCOUNT_KEYS;
        var localFactory = new IdentityApplicationFactory();
        var user = await localFactory.RegisterNewIdentityFactoryUserAsync(requestModel);

@@ -89,6 +97,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
    public async Task TokenEndpoint_GrantTypePassword_WithAllUserTypes_WithSsoPolicyDisabled_WithEnforceSsoPolicyForAllUsersTrue_Success(
       OrganizationUserType organizationUserType, RegisterFinishRequestModel requestModel, Guid organizationId, int generatedUsername)
    {
+        requestModel.UserAsymmetricKeys = TEST_ACCOUNT_KEYS;
        requestModel.Email = $"{generatedUsername}@example.com";

        var localFactory = new IdentityApplicationFactory();
@@ -114,6 +123,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
    public async Task TokenEndpoint_GrantTypePassword_WithAllUserTypes_WithSsoPolicyDisabled_WithEnforceSsoPolicyForAllUsersFalse_Success(
        OrganizationUserType organizationUserType, RegisterFinishRequestModel requestModel, Guid organizationId, int generatedUsername)
    {
+        requestModel.UserAsymmetricKeys = TEST_ACCOUNT_KEYS;
        requestModel.Email = $"{generatedUsername}@example.com";

        var localFactory = new IdentityApplicationFactory();
@@ -140,6 +150,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
    public async Task TokenEndpoint_GrantTypePassword_WithAllUserTypes_WithSsoPolicyEnabled_WithEnforceSsoPolicyForAllUsersTrue_Throw(
        OrganizationUserType organizationUserType, RegisterFinishRequestModel requestModel, Guid organizationId, int generatedUsername)
    {
+        requestModel.UserAsymmetricKeys = TEST_ACCOUNT_KEYS;
        requestModel.Email = $"{generatedUsername}@example.com";

        var localFactory = new IdentityApplicationFactory();
@@ -163,6 +174,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
    public async Task TokenEndpoint_GrantTypePassword_WithOwnerOrAdmin_WithSsoPolicyEnabled_WithEnforceSsoPolicyForAllUsersFalse_Success(
        OrganizationUserType organizationUserType, RegisterFinishRequestModel requestModel, Guid organizationId, int generatedUsername)
    {
+        requestModel.UserAsymmetricKeys = TEST_ACCOUNT_KEYS;
        requestModel.Email = $"{generatedUsername}@example.com";

        var localFactory = new IdentityApplicationFactory();
@@ -186,6 +198,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
    public async Task TokenEndpoint_GrantTypePassword_WithNonOwnerOrAdmin_WithSsoPolicyEnabled_WithEnforceSsoPolicyForAllUsersFalse_Throws(
        OrganizationUserType organizationUserType, RegisterFinishRequestModel requestModel, Guid organizationId, int generatedUsername)
    {
+        requestModel.UserAsymmetricKeys = TEST_ACCOUNT_KEYS;
        requestModel.Email = $"{generatedUsername}@example.com";

        var localFactory = new IdentityApplicationFactory();
@@ -207,6 +220,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
    [Theory, BitAutoData, RegisterFinishRequestModelCustomize]
    public async Task TokenEndpoint_GrantTypeRefreshToken_Success(RegisterFinishRequestModel requestModel)
    {
+        requestModel.UserAsymmetricKeys = TEST_ACCOUNT_KEYS;
        var localFactory = new IdentityApplicationFactory();

        var user = await localFactory.RegisterNewIdentityFactoryUserAsync(requestModel);
@@ -229,6 +243,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
    [Theory, BitAutoData, RegisterFinishRequestModelCustomize]
    public async Task TokenEndpoint_GrantTypeClientCredentials_Success(RegisterFinishRequestModel model)
    {
+        model.UserAsymmetricKeys = TEST_ACCOUNT_KEYS;
        var localFactory = new IdentityApplicationFactory();
        var user = await localFactory.RegisterNewIdentityFactoryUserAsync(model);

@@ -253,6 +268,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
        RegisterFinishRequestModel model,
        string deviceId)
    {
+        model.UserAsymmetricKeys.AccountKeys = null;
        var localFactory = new IdentityApplicationFactory();
        var server = localFactory.WithWebHostBuilder(builder =>
        {
@@ -456,6 +472,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
    public async Task TokenEndpoint_TooQuickInOneSecond_BlockRequest(
        RegisterFinishRequestModel requestModel)
    {
+        requestModel.UserAsymmetricKeys = TEST_ACCOUNT_KEYS;
        const int AmountInOneSecondAllowed = 10;

        // The rule we are testing is 10 requests in 1 second