bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2025-12-06 00:03:34 +00:00
Code Issues Releases Wiki Activity
Files
8a67aafbe5e01a738b479ebb82185fbc947866f8
server/test/Identity.Test/Wrappers/BaseRequestValidatorTestWrapper.cs
Ike 8a67aafbe5 [PM-1632] Redirect on SsoRequired - return SsoOrganizationIdentifier (#6597) 
feat: add SSO request validation and organization identifier lookup

- Implement SsoRequestValidator to validate SSO requirements
- Add UserSsoOrganizationIdentifierQuery to fetch organization identifiers
- Create SsoOrganizationIdentifier custom response for SSO redirects
- Add feature flag (RedirectOnSsoRequired) for gradual rollout
- Register validators and queries in dependency injection
- Create RequestValidationConstants to reduce magic strings
- Add comprehensive test coverage for validation logic
- Update BaseRequestValidator to consume SsoRequestValidator
2025-11-30 16:55:47 -05:00

156 lines
5.2 KiB
C#
Raw Blame History

using System.Security.Claims;
using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
using Bit.Core.AdminConsole.Services;
using Bit.Core.Auth.Repositories;
using Bit.Core.Context;
using Bit.Core.Entities;
using Bit.Core.KeyManagement.Queries.Interfaces;
using Bit.Core.Repositories;
using Bit.Core.Services;
using Bit.Core.Settings;
using Bit.Identity.IdentityServer;
using Bit.Identity.IdentityServer.RequestValidators;
using Duende.IdentityServer.Models;
using Duende.IdentityServer.Validation;
using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.Logging;
namespace Bit.Identity.Test.Wrappers;
public class BaseRequestValidationContextFake
{
public ValidatedTokenRequest ValidatedTokenRequest;
public CustomValidatorRequestContext CustomValidatorRequestContext;
public GrantValidationResult GrantResult;
public BaseRequestValidationContextFake(
ValidatedTokenRequest tokenRequest,
CustomValidatorRequestContext customValidatorRequestContext,
GrantValidationResult grantResult)
{
ValidatedTokenRequest = tokenRequest;
CustomValidatorRequestContext = customValidatorRequestContext;
GrantResult = grantResult;
}
}
interface IBaseRequestValidatorTestWrapper
{
Task ValidateAsync(BaseRequestValidationContextFake context);
}
public class BaseRequestValidatorTestWrapper : BaseRequestValidator<BaseRequestValidationContextFake>,
IBaseRequestValidatorTestWrapper
{
/*
* Some of the logic trees call `ValidateContextAsync`. Since this is a test wrapper, we set the return value
* of ValidateContextAsync() to whatever we need for the specific test case.
*/
public bool isValid { get; set; }
public BaseRequestValidatorTestWrapper(
UserManager<User> userManager,
IUserService userService,
IEventService eventService,
IDeviceValidator deviceValidator,
ITwoFactorAuthenticationValidator twoFactorAuthenticationValidator,
ISsoRequestValidator ssoRequestValidator,
IOrganizationUserRepository organizationUserRepository,
ILogger logger,
ICurrentContext currentContext,
GlobalSettings globalSettings,
IUserRepository userRepository,
IPolicyService policyService,
IFeatureService featureService,
ISsoConfigRepository ssoConfigRepository,
IUserDecryptionOptionsBuilder userDecryptionOptionsBuilder,
IPolicyRequirementQuery policyRequirementQuery,
IAuthRequestRepository authRequestRepository,
IMailService mailService,
IUserAccountKeysQuery userAccountKeysQuery) :
base(
userManager,
userService,
eventService,
deviceValidator,
twoFactorAuthenticationValidator,
ssoRequestValidator,
organizationUserRepository,
logger,
currentContext,
globalSettings,
userRepository,
policyService,
featureService,
ssoConfigRepository,
userDecryptionOptionsBuilder,
policyRequirementQuery,
authRequestRepository,
mailService,
userAccountKeysQuery)
{
}
public async Task ValidateAsync(
BaseRequestValidationContextFake context)
{
await ValidateAsync(context, context.ValidatedTokenRequest, context.CustomValidatorRequestContext);
}
protected override ClaimsPrincipal GetSubject(
BaseRequestValidationContextFake context)
{
return context.ValidatedTokenRequest.Subject ?? new ClaimsPrincipal();
}
[Obsolete]
protected override void SetErrorResult(
BaseRequestValidationContextFake context,
Dictionary<string, object> customResponse)
{
context.GrantResult = new GrantValidationResult(TokenRequestErrors.InvalidGrant, customResponse: customResponse);
}
[Obsolete]
protected override void SetSsoResult(
BaseRequestValidationContextFake context,
Dictionary<string, object> customResponse)
{
context.GrantResult = new GrantValidationResult(
TokenRequestErrors.InvalidGrant, "Sso authentication required.", customResponse);
}
protected override Task SetSuccessResult(
BaseRequestValidationContextFake context,
User user,
List<Claim> claims,
Dictionary<string, object> customResponse)
{
context.GrantResult = new GrantValidationResult(customResponse: customResponse);
return Task.CompletedTask;
}
[Obsolete]
protected override void SetTwoFactorResult(
BaseRequestValidationContextFake context,
Dictionary<string, object> customResponse)
{
context.GrantResult = new GrantValidationResult(
TokenRequestErrors.InvalidGrant, "Two-factor authentication required.", customResponse);
}
protected override void SetValidationErrorResult(
BaseRequestValidationContextFake context,
CustomValidatorRequestContext requestContext)
{
context.GrantResult.IsError = true;
}
protected override Task<bool> ValidateContextAsync(
BaseRequestValidationContextFake context,
CustomValidatorRequestContext validatorContext)
{
return Task.FromResult(isValid);
}
}
Reference in New Issue View Git Blame Copy Permalink