[PM-23229] Add extra validation to kdf changes + authentication data + unlock data (#6121)

* Added MasterPasswordUnlock to UserDecryptionOptions as part of identity response * Implement support for authentication data and unlock data in kdf change * Extract to kdf command and add tests * Fix namespace * Delete empty file * Fix build * Clean up tests * Fix tests * Add comments * Cleanup * Cleanup * Cleanup * Clean-up and fix build * Address feedback; force new parameters on KDF change request * Clean-up and add tests * Re-add logger * Update logger to interface * Clean up, remove Kdf Request Model * Remove kdf request model tests * Fix types in test * Address feedback to rename request model and re-add tests * Fix namespace * Move comments * Rename InnerKdfRequestModel to KdfRequestModel --------- Co-authored-by: Maciej Zieniuk <mzieniuk@bitwarden.com>
2025-12-29 14:43:39 +00:00 · 2025-09-24 05:10:46 +09:00
parent 744f11733d
commit ff092a031e
25 changed files with 729 additions and 173 deletions
--- a/test/Api.Test/Models/Request/Accounts/KdfRequestModelTests.cs
+++ b/test/Api.Test/Models/Request/Accounts/KdfRequestModelTests.cs
@@ -1,65 +0,0 @@
-using System.ComponentModel.DataAnnotations;
-using Bit.Api.Auth.Models.Request.Accounts;
-using Bit.Core.Enums;
-using Xunit;
-
-namespace Bit.Api.Test.Models.Request.Accounts;
-
-public class KdfRequestModelTests
-{
-    [Theory]
-    [InlineData(KdfType.PBKDF2_SHA256, 1_000_000, null, null)] // Somewhere in the middle
-    [InlineData(KdfType.PBKDF2_SHA256, 600_000, null, null)] // Right on the lower boundary
-    [InlineData(KdfType.PBKDF2_SHA256, 2_000_000, null, null)] // Right on the upper boundary
-    [InlineData(KdfType.Argon2id, 5, 500, 8)] // Somewhere in the middle
-    [InlineData(KdfType.Argon2id, 2, 15, 1)] // Right on the lower boundary
-    [InlineData(KdfType.Argon2id, 10, 1024, 16)] // Right on the upper boundary
-    public void Validate_IsValid(KdfType kdfType, int? kdfIterations, int? kdfMemory, int? kdfParallelism)
-    {
-        var model = new KdfRequestModel
-        {
-            Kdf = kdfType,
-            KdfIterations = kdfIterations,
-            KdfMemory = kdfMemory,
-            KdfParallelism = kdfParallelism,
-            Key = "TEST",
-            NewMasterPasswordHash = "TEST",
-        };
-
-        var results = Validate(model);
-        Assert.Empty(results);
-    }
-
-    [Theory]
-    [InlineData(null, 350_000, null, null, 1)] // Although KdfType is nullable, it's marked as [Required]
-    [InlineData(KdfType.PBKDF2_SHA256, 500_000, null, null, 1)] // Too few iterations
-    [InlineData(KdfType.PBKDF2_SHA256, 2_000_001, null, null, 1)] // Too many iterations
-    [InlineData(KdfType.Argon2id, 0, 30, 8, 1)] // Iterations must be greater than 0
-    [InlineData(KdfType.Argon2id, 10, 14, 8, 1)] // Too little memory
-    [InlineData(KdfType.Argon2id, 10, 14, 0, 1)] // Too small of a parallelism value
-    [InlineData(KdfType.Argon2id, 10, 1025, 8, 1)] // Too much memory
-    [InlineData(KdfType.Argon2id, 10, 512, 17, 1)] // Too big of a parallelism value
-    public void Validate_Fails(KdfType? kdfType, int? kdfIterations, int? kdfMemory, int? kdfParallelism, int expectedFailures)
-    {
-        var model = new KdfRequestModel
-        {
-            Kdf = kdfType,
-            KdfIterations = kdfIterations,
-            KdfMemory = kdfMemory,
-            KdfParallelism = kdfParallelism,
-            Key = "TEST",
-            NewMasterPasswordHash = "TEST",
-        };
-
-        var results = Validate(model);
-        Assert.NotEmpty(results);
-        Assert.Equal(expectedFailures, results.Count);
-    }
-
-    public static List<ValidationResult> Validate(KdfRequestModel model)
-    {
-        var results = new List<ValidationResult>();
-        Validator.TryValidateObject(model, new ValidationContext(model), results);
-        return results;
-    }
-}