admin/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2026-01-31 22:23:18 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
70703cb3b09fde1b8385402e615646acf358da65
server/test/Core.Test/KeyManagement/UserKey/RotateUserKeyCommandTests.cs

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

87 lines
3.1 KiB
C#
Raw Normal View History

[PM-4371] Implement PRF key rotation (#4157) * Send rotateable keyset on list webauthn keys * Implement basic prf key rotation * Add validator for webauthn rotation * Fix accounts controller tests * Add webauthn rotation validator tests * Introduce separate request model * Fix tests * Remove extra empty line * Remove filtering in validator * Don't send encrypted private key * Fix tests * Implement delegated webauthn db transactions * Add backward compatibility * Fix query not working * Update migration sql * Update dapper query * Remove unused helper * Rename webauthn to WebAuthnLogin * Fix linter errors * Fix tests * Fix tests
2024-06-17 20:46:57 +02:00
using Bit.Core.Auth.Entities;
using Bit.Core.Auth.Repositories;
[Pm 3797 Part 2] Add emergency access rotations (#3434) ## Type of change <!-- (mark with an `X`) --> ``` - [ ] Bug fix - [ ] New feature development - [x] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [ ] Build/deploy pipeline (DevOps) - [ ] Other ``` ## Objective <!--Describe what the purpose of this PR is. For example: what bug you're fixing or what new feature you're adding--> See #3425 for part 1 and background. This PR adds emergency access to the rotation. All new code is hidden behind a feature flag. The Accounts controller has also been moved to Auth ownership. ## Code changes <!--Explain the changes you've made to each file or major component. This should help the reviewer understand your changes--> <!--Also refer to any related changes or PRs in other repositories--> * **file.ext:** Description of what was changed and why * **AccountsController.cs:** Moved to Auth ownership. Emergency access validation was added (as well as initializing empty lists to avoid errors). * **EmergencyAccessRotationValidator.cs:** Performs validation on the provided list of new emergency access keys. * **EmergencyAccessRepository.cs:** Adds a method to rotate encryption keys. This is added to a list in the `RotateUserKeyCommand` that the `UserRepository` calls so it doesn't have to know about all the domains. ## Before you submit - Please check for formatting errors (`dotnet format --verify-no-changes`) (required) - If making database changes - make sure you also update Entity Framework queries and/or migrations - Please add **unit tests** where it makes sense to do so (encouraged but not required) - If this change requires a **documentation update** - notify the documentation team - If this change has particular **deployment requirements** - notify the DevOps team
2023-12-05 12:05:51 -05:00
using Bit.Core.Entities;
[PM-12607] Move key rotation & validators to km ownership (#4941) * Move key rotation & validators to km ownership * Fix build errors * Fix build errors * Fix import ordering * Update validator namespace * Move key rotation data to km ownership * Fix linting * Fix namespaces * Fix namespace * Fix namespaces * Move rotateuserkeycommandtests to km ownership
2024-11-21 10:17:04 -08:00
using Bit.Core.KeyManagement.Models.Data;
using Bit.Core.KeyManagement.UserKey.Implementations;
chore: move `Installation` and `Push` to platform's domain folders (#5085) * chore: set up a `CODEOWNERS` space for platform * chore: move sql objects for `Installation` to platform's domain * chore: move `Installation` and `PushRelay` code to platform's domain
2025-01-06 12:10:53 -05:00
using Bit.Core.Platform.Push;
[PM-3797 Part 1] Layout new key rotation methods (#3425) * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * formatting * rename account recovery to reset password * fix tests * remove extra endpoint * rename account recovery to reset password * fix tests and formatting * register db calls in command, removing list from user repo * formatting
2023-11-09 14:56:08 -05:00
using Bit.Core.Services;
using Bit.Test.Common.AutoFixture;
using Bit.Test.Common.AutoFixture.Attributes;
using Microsoft.AspNetCore.Identity;
using NSubstitute;
using Xunit;
[PM-16603] Add userkey rotation v2 (#5204) * Implement userkey rotation v2 * Update request models * Cleanup * Update tests * Improve test * Add tests * Fix formatting * Fix test * Remove whitespace * Fix namespace * Enable nullable on models * Fix build * Add tests and enable nullable on masterpasswordunlockdatamodel * Fix test * Remove rollback * Add tests * Make masterpassword hint optional * Update user query * Add EF test * Improve test * Cleanup * Set masterpassword hint * Remove connection close * Add tests for invalid kdf types * Update test/Core.Test/KeyManagement/UserKey/RotateUserAccountKeysCommandTests.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Fix formatting * Update src/Api/KeyManagement/Models/Requests/RotateAccountKeysAndDataRequestModel.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Api/Auth/Models/Request/Accounts/MasterPasswordUnlockDataModel.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Api/Auth/Models/Request/Accounts/MasterPasswordUnlockDataModel.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Api/KeyManagement/Models/Requests/AccountKeysRequestModel.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Fix imports * Fix tests * Remove null check * Add rollback --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
2025-03-25 15:23:01 +01:00
namespace Bit.Core.Test.KeyManagement.UserKey;
[PM-3797 Part 1] Layout new key rotation methods (#3425) * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * formatting * rename account recovery to reset password * fix tests * remove extra endpoint * rename account recovery to reset password * fix tests and formatting * register db calls in command, removing list from user repo * formatting
2023-11-09 14:56:08 -05:00
[SutProviderCustomize]
public class RotateUserKeyCommandTests
{
[Theory, BitAutoData]
[Pm 3797 Part 2] Add emergency access rotations (#3434) ## Type of change <!-- (mark with an `X`) --> ``` - [ ] Bug fix - [ ] New feature development - [x] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [ ] Build/deploy pipeline (DevOps) - [ ] Other ``` ## Objective <!--Describe what the purpose of this PR is. For example: what bug you're fixing or what new feature you're adding--> See #3425 for part 1 and background. This PR adds emergency access to the rotation. All new code is hidden behind a feature flag. The Accounts controller has also been moved to Auth ownership. ## Code changes <!--Explain the changes you've made to each file or major component. This should help the reviewer understand your changes--> <!--Also refer to any related changes or PRs in other repositories--> * **file.ext:** Description of what was changed and why * **AccountsController.cs:** Moved to Auth ownership. Emergency access validation was added (as well as initializing empty lists to avoid errors). * **EmergencyAccessRotationValidator.cs:** Performs validation on the provided list of new emergency access keys. * **EmergencyAccessRepository.cs:** Adds a method to rotate encryption keys. This is added to a list in the `RotateUserKeyCommand` that the `UserRepository` calls so it doesn't have to know about all the domains. ## Before you submit - Please check for formatting errors (`dotnet format --verify-no-changes`) (required) - If making database changes - make sure you also update Entity Framework queries and/or migrations - Please add **unit tests** where it makes sense to do so (encouraged but not required) - If this change requires a **documentation update** - notify the documentation team - If this change has particular **deployment requirements** - notify the DevOps team
2023-12-05 12:05:51 -05:00
public async Task RotateUserKeyAsync_Success(SutProvider<RotateUserKeyCommand> sutProvider, User user,
RotateUserKeyData model)
[PM-3797 Part 1] Layout new key rotation methods (#3425) * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * formatting * rename account recovery to reset password * fix tests * remove extra endpoint * rename account recovery to reset password * fix tests and formatting * register db calls in command, removing list from user repo * formatting
2023-11-09 14:56:08 -05:00
{
[Pm 3797 Part 2] Add emergency access rotations (#3434) ## Type of change <!-- (mark with an `X`) --> ``` - [ ] Bug fix - [ ] New feature development - [x] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [ ] Build/deploy pipeline (DevOps) - [ ] Other ``` ## Objective <!--Describe what the purpose of this PR is. For example: what bug you're fixing or what new feature you're adding--> See #3425 for part 1 and background. This PR adds emergency access to the rotation. All new code is hidden behind a feature flag. The Accounts controller has also been moved to Auth ownership. ## Code changes <!--Explain the changes you've made to each file or major component. This should help the reviewer understand your changes--> <!--Also refer to any related changes or PRs in other repositories--> * **file.ext:** Description of what was changed and why * **AccountsController.cs:** Moved to Auth ownership. Emergency access validation was added (as well as initializing empty lists to avoid errors). * **EmergencyAccessRotationValidator.cs:** Performs validation on the provided list of new emergency access keys. * **EmergencyAccessRepository.cs:** Adds a method to rotate encryption keys. This is added to a list in the `RotateUserKeyCommand` that the `UserRepository` calls so it doesn't have to know about all the domains. ## Before you submit - Please check for formatting errors (`dotnet format --verify-no-changes`) (required) - If making database changes - make sure you also update Entity Framework queries and/or migrations - Please add **unit tests** where it makes sense to do so (encouraged but not required) - If this change requires a **documentation update** - notify the documentation team - If this change has particular **deployment requirements** - notify the DevOps team
2023-12-05 12:05:51 -05:00
sutProvider.GetDependency<IUserService>().CheckPasswordAsync(user, model.MasterPasswordHash)
[PM-3797 Part 1] Layout new key rotation methods (#3425) * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * formatting * rename account recovery to reset password * fix tests * remove extra endpoint * rename account recovery to reset password * fix tests and formatting * register db calls in command, removing list from user repo * formatting
2023-11-09 14:56:08 -05:00
.Returns(true);
[PM-4371] Implement PRF key rotation (#4157) * Send rotateable keyset on list webauthn keys * Implement basic prf key rotation * Add validator for webauthn rotation * Fix accounts controller tests * Add webauthn rotation validator tests * Introduce separate request model * Fix tests * Remove extra empty line * Remove filtering in validator * Don't send encrypted private key * Fix tests * Implement delegated webauthn db transactions * Add backward compatibility * Fix query not working * Update migration sql * Update dapper query * Remove unused helper * Rename webauthn to WebAuthnLogin * Fix linter errors * Fix tests * Fix tests
2024-06-17 20:46:57 +02:00
foreach (var webauthnCred in model.WebAuthnKeys)
{
var dbWebauthnCred = new WebAuthnCredential
{
EncryptedPublicKey = "encryptedPublicKey",
EncryptedUserKey = "encryptedUserKey"
};
sutProvider.GetDependency<IWebAuthnCredentialRepository>().GetByIdAsync(webauthnCred.Id, user.Id)
.Returns(dbWebauthnCred);
}
[PM-3797 Part 1] Layout new key rotation methods (#3425) * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * formatting * rename account recovery to reset password * fix tests * remove extra endpoint * rename account recovery to reset password * fix tests and formatting * register db calls in command, removing list from user repo * formatting
2023-11-09 14:56:08 -05:00
[Pm 3797 Part 2] Add emergency access rotations (#3434) ## Type of change <!-- (mark with an `X`) --> ``` - [ ] Bug fix - [ ] New feature development - [x] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [ ] Build/deploy pipeline (DevOps) - [ ] Other ``` ## Objective <!--Describe what the purpose of this PR is. For example: what bug you're fixing or what new feature you're adding--> See #3425 for part 1 and background. This PR adds emergency access to the rotation. All new code is hidden behind a feature flag. The Accounts controller has also been moved to Auth ownership. ## Code changes <!--Explain the changes you've made to each file or major component. This should help the reviewer understand your changes--> <!--Also refer to any related changes or PRs in other repositories--> * **file.ext:** Description of what was changed and why * **AccountsController.cs:** Moved to Auth ownership. Emergency access validation was added (as well as initializing empty lists to avoid errors). * **EmergencyAccessRotationValidator.cs:** Performs validation on the provided list of new emergency access keys. * **EmergencyAccessRepository.cs:** Adds a method to rotate encryption keys. This is added to a list in the `RotateUserKeyCommand` that the `UserRepository` calls so it doesn't have to know about all the domains. ## Before you submit - Please check for formatting errors (`dotnet format --verify-no-changes`) (required) - If making database changes - make sure you also update Entity Framework queries and/or migrations - Please add **unit tests** where it makes sense to do so (encouraged but not required) - If this change requires a **documentation update** - notify the documentation team - If this change has particular **deployment requirements** - notify the DevOps team
2023-12-05 12:05:51 -05:00
var result = await sutProvider.Sut.RotateUserKeyAsync(user, model);
[PM-3797 Part 1] Layout new key rotation methods (#3425) * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * formatting * rename account recovery to reset password * fix tests * remove extra endpoint * rename account recovery to reset password * fix tests and formatting * register db calls in command, removing list from user repo * formatting
2023-11-09 14:56:08 -05:00
Assert.Equal(IdentityResult.Success, result);
}
[Theory, BitAutoData]
public async Task RotateUserKeyAsync_InvalidMasterPasswordHash_ReturnsFailedIdentityResult(
[Pm 3797 Part 2] Add emergency access rotations (#3434) ## Type of change <!-- (mark with an `X`) --> ``` - [ ] Bug fix - [ ] New feature development - [x] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [ ] Build/deploy pipeline (DevOps) - [ ] Other ``` ## Objective <!--Describe what the purpose of this PR is. For example: what bug you're fixing or what new feature you're adding--> See #3425 for part 1 and background. This PR adds emergency access to the rotation. All new code is hidden behind a feature flag. The Accounts controller has also been moved to Auth ownership. ## Code changes <!--Explain the changes you've made to each file or major component. This should help the reviewer understand your changes--> <!--Also refer to any related changes or PRs in other repositories--> * **file.ext:** Description of what was changed and why * **AccountsController.cs:** Moved to Auth ownership. Emergency access validation was added (as well as initializing empty lists to avoid errors). * **EmergencyAccessRotationValidator.cs:** Performs validation on the provided list of new emergency access keys. * **EmergencyAccessRepository.cs:** Adds a method to rotate encryption keys. This is added to a list in the `RotateUserKeyCommand` that the `UserRepository` calls so it doesn't have to know about all the domains. ## Before you submit - Please check for formatting errors (`dotnet format --verify-no-changes`) (required) - If making database changes - make sure you also update Entity Framework queries and/or migrations - Please add **unit tests** where it makes sense to do so (encouraged but not required) - If this change requires a **documentation update** - notify the documentation team - If this change has particular **deployment requirements** - notify the DevOps team
2023-12-05 12:05:51 -05:00
SutProvider<RotateUserKeyCommand> sutProvider, User user, RotateUserKeyData model)
[PM-3797 Part 1] Layout new key rotation methods (#3425) * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * formatting * rename account recovery to reset password * fix tests * remove extra endpoint * rename account recovery to reset password * fix tests and formatting * register db calls in command, removing list from user repo * formatting
2023-11-09 14:56:08 -05:00
{
[Pm 3797 Part 2] Add emergency access rotations (#3434) ## Type of change <!-- (mark with an `X`) --> ``` - [ ] Bug fix - [ ] New feature development - [x] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [ ] Build/deploy pipeline (DevOps) - [ ] Other ``` ## Objective <!--Describe what the purpose of this PR is. For example: what bug you're fixing or what new feature you're adding--> See #3425 for part 1 and background. This PR adds emergency access to the rotation. All new code is hidden behind a feature flag. The Accounts controller has also been moved to Auth ownership. ## Code changes <!--Explain the changes you've made to each file or major component. This should help the reviewer understand your changes--> <!--Also refer to any related changes or PRs in other repositories--> * **file.ext:** Description of what was changed and why * **AccountsController.cs:** Moved to Auth ownership. Emergency access validation was added (as well as initializing empty lists to avoid errors). * **EmergencyAccessRotationValidator.cs:** Performs validation on the provided list of new emergency access keys. * **EmergencyAccessRepository.cs:** Adds a method to rotate encryption keys. This is added to a list in the `RotateUserKeyCommand` that the `UserRepository` calls so it doesn't have to know about all the domains. ## Before you submit - Please check for formatting errors (`dotnet format --verify-no-changes`) (required) - If making database changes - make sure you also update Entity Framework queries and/or migrations - Please add **unit tests** where it makes sense to do so (encouraged but not required) - If this change requires a **documentation update** - notify the documentation team - If this change has particular **deployment requirements** - notify the DevOps team
2023-12-05 12:05:51 -05:00
sutProvider.GetDependency<IUserService>().CheckPasswordAsync(user, model.MasterPasswordHash)
[PM-3797 Part 1] Layout new key rotation methods (#3425) * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * formatting * rename account recovery to reset password * fix tests * remove extra endpoint * rename account recovery to reset password * fix tests and formatting * register db calls in command, removing list from user repo * formatting
2023-11-09 14:56:08 -05:00
.Returns(false);
[PM-4371] Implement PRF key rotation (#4157) * Send rotateable keyset on list webauthn keys * Implement basic prf key rotation * Add validator for webauthn rotation * Fix accounts controller tests * Add webauthn rotation validator tests * Introduce separate request model * Fix tests * Remove extra empty line * Remove filtering in validator * Don't send encrypted private key * Fix tests * Implement delegated webauthn db transactions * Add backward compatibility * Fix query not working * Update migration sql * Update dapper query * Remove unused helper * Rename webauthn to WebAuthnLogin * Fix linter errors * Fix tests * Fix tests
2024-06-17 20:46:57 +02:00
foreach (var webauthnCred in model.WebAuthnKeys)
{
var dbWebauthnCred = new WebAuthnCredential
{
EncryptedPublicKey = "encryptedPublicKey",
EncryptedUserKey = "encryptedUserKey"
};
sutProvider.GetDependency<IWebAuthnCredentialRepository>().GetByIdAsync(webauthnCred.Id, user.Id)
.Returns(dbWebauthnCred);
}
[PM-3797 Part 1] Layout new key rotation methods (#3425) * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * formatting * rename account recovery to reset password * fix tests * remove extra endpoint * rename account recovery to reset password * fix tests and formatting * register db calls in command, removing list from user repo * formatting
2023-11-09 14:56:08 -05:00
[Pm 3797 Part 2] Add emergency access rotations (#3434) ## Type of change <!-- (mark with an `X`) --> ``` - [ ] Bug fix - [ ] New feature development - [x] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [ ] Build/deploy pipeline (DevOps) - [ ] Other ``` ## Objective <!--Describe what the purpose of this PR is. For example: what bug you're fixing or what new feature you're adding--> See #3425 for part 1 and background. This PR adds emergency access to the rotation. All new code is hidden behind a feature flag. The Accounts controller has also been moved to Auth ownership. ## Code changes <!--Explain the changes you've made to each file or major component. This should help the reviewer understand your changes--> <!--Also refer to any related changes or PRs in other repositories--> * **file.ext:** Description of what was changed and why * **AccountsController.cs:** Moved to Auth ownership. Emergency access validation was added (as well as initializing empty lists to avoid errors). * **EmergencyAccessRotationValidator.cs:** Performs validation on the provided list of new emergency access keys. * **EmergencyAccessRepository.cs:** Adds a method to rotate encryption keys. This is added to a list in the `RotateUserKeyCommand` that the `UserRepository` calls so it doesn't have to know about all the domains. ## Before you submit - Please check for formatting errors (`dotnet format --verify-no-changes`) (required) - If making database changes - make sure you also update Entity Framework queries and/or migrations - Please add **unit tests** where it makes sense to do so (encouraged but not required) - If this change requires a **documentation update** - notify the documentation team - If this change has particular **deployment requirements** - notify the DevOps team
2023-12-05 12:05:51 -05:00
var result = await sutProvider.Sut.RotateUserKeyAsync(user, model);
[PM-3797 Part 1] Layout new key rotation methods (#3425) * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * formatting * rename account recovery to reset password * fix tests * remove extra endpoint * rename account recovery to reset password * fix tests and formatting * register db calls in command, removing list from user repo * formatting
2023-11-09 14:56:08 -05:00
Assert.False(result.Succeeded);
}
[Theory, BitAutoData]
public async Task RotateUserKeyAsync_LogsOutUser(
[Pm 3797 Part 2] Add emergency access rotations (#3434) ## Type of change <!-- (mark with an `X`) --> ``` - [ ] Bug fix - [ ] New feature development - [x] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [ ] Build/deploy pipeline (DevOps) - [ ] Other ``` ## Objective <!--Describe what the purpose of this PR is. For example: what bug you're fixing or what new feature you're adding--> See #3425 for part 1 and background. This PR adds emergency access to the rotation. All new code is hidden behind a feature flag. The Accounts controller has also been moved to Auth ownership. ## Code changes <!--Explain the changes you've made to each file or major component. This should help the reviewer understand your changes--> <!--Also refer to any related changes or PRs in other repositories--> * **file.ext:** Description of what was changed and why * **AccountsController.cs:** Moved to Auth ownership. Emergency access validation was added (as well as initializing empty lists to avoid errors). * **EmergencyAccessRotationValidator.cs:** Performs validation on the provided list of new emergency access keys. * **EmergencyAccessRepository.cs:** Adds a method to rotate encryption keys. This is added to a list in the `RotateUserKeyCommand` that the `UserRepository` calls so it doesn't have to know about all the domains. ## Before you submit - Please check for formatting errors (`dotnet format --verify-no-changes`) (required) - If making database changes - make sure you also update Entity Framework queries and/or migrations - Please add **unit tests** where it makes sense to do so (encouraged but not required) - If this change requires a **documentation update** - notify the documentation team - If this change has particular **deployment requirements** - notify the DevOps team
2023-12-05 12:05:51 -05:00
SutProvider<RotateUserKeyCommand> sutProvider, User user, RotateUserKeyData model)
[PM-3797 Part 1] Layout new key rotation methods (#3425) * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * formatting * rename account recovery to reset password * fix tests * remove extra endpoint * rename account recovery to reset password * fix tests and formatting * register db calls in command, removing list from user repo * formatting
2023-11-09 14:56:08 -05:00
{
[Pm 3797 Part 2] Add emergency access rotations (#3434) ## Type of change <!-- (mark with an `X`) --> ``` - [ ] Bug fix - [ ] New feature development - [x] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [ ] Build/deploy pipeline (DevOps) - [ ] Other ``` ## Objective <!--Describe what the purpose of this PR is. For example: what bug you're fixing or what new feature you're adding--> See #3425 for part 1 and background. This PR adds emergency access to the rotation. All new code is hidden behind a feature flag. The Accounts controller has also been moved to Auth ownership. ## Code changes <!--Explain the changes you've made to each file or major component. This should help the reviewer understand your changes--> <!--Also refer to any related changes or PRs in other repositories--> * **file.ext:** Description of what was changed and why * **AccountsController.cs:** Moved to Auth ownership. Emergency access validation was added (as well as initializing empty lists to avoid errors). * **EmergencyAccessRotationValidator.cs:** Performs validation on the provided list of new emergency access keys. * **EmergencyAccessRepository.cs:** Adds a method to rotate encryption keys. This is added to a list in the `RotateUserKeyCommand` that the `UserRepository` calls so it doesn't have to know about all the domains. ## Before you submit - Please check for formatting errors (`dotnet format --verify-no-changes`) (required) - If making database changes - make sure you also update Entity Framework queries and/or migrations - Please add **unit tests** where it makes sense to do so (encouraged but not required) - If this change requires a **documentation update** - notify the documentation team - If this change has particular **deployment requirements** - notify the DevOps team
2023-12-05 12:05:51 -05:00
sutProvider.GetDependency<IUserService>().CheckPasswordAsync(user, model.MasterPasswordHash)
[PM-3797 Part 1] Layout new key rotation methods (#3425) * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * formatting * rename account recovery to reset password * fix tests * remove extra endpoint * rename account recovery to reset password * fix tests and formatting * register db calls in command, removing list from user repo * formatting
2023-11-09 14:56:08 -05:00
.Returns(true);
[PM-4371] Implement PRF key rotation (#4157) * Send rotateable keyset on list webauthn keys * Implement basic prf key rotation * Add validator for webauthn rotation * Fix accounts controller tests * Add webauthn rotation validator tests * Introduce separate request model * Fix tests * Remove extra empty line * Remove filtering in validator * Don't send encrypted private key * Fix tests * Implement delegated webauthn db transactions * Add backward compatibility * Fix query not working * Update migration sql * Update dapper query * Remove unused helper * Rename webauthn to WebAuthnLogin * Fix linter errors * Fix tests * Fix tests
2024-06-17 20:46:57 +02:00
foreach (var webauthnCred in model.WebAuthnKeys)
{
var dbWebauthnCred = new WebAuthnCredential
{
EncryptedPublicKey = "encryptedPublicKey",
EncryptedUserKey = "encryptedUserKey"
};
sutProvider.GetDependency<IWebAuthnCredentialRepository>().GetByIdAsync(webauthnCred.Id, user.Id)
.Returns(dbWebauthnCred);
}
[PM-3797 Part 1] Layout new key rotation methods (#3425) * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * formatting * rename account recovery to reset password * fix tests * remove extra endpoint * rename account recovery to reset password * fix tests and formatting * register db calls in command, removing list from user repo * formatting
2023-11-09 14:56:08 -05:00
[Pm 3797 Part 2] Add emergency access rotations (#3434) ## Type of change <!-- (mark with an `X`) --> ``` - [ ] Bug fix - [ ] New feature development - [x] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [ ] Build/deploy pipeline (DevOps) - [ ] Other ``` ## Objective <!--Describe what the purpose of this PR is. For example: what bug you're fixing or what new feature you're adding--> See #3425 for part 1 and background. This PR adds emergency access to the rotation. All new code is hidden behind a feature flag. The Accounts controller has also been moved to Auth ownership. ## Code changes <!--Explain the changes you've made to each file or major component. This should help the reviewer understand your changes--> <!--Also refer to any related changes or PRs in other repositories--> * **file.ext:** Description of what was changed and why * **AccountsController.cs:** Moved to Auth ownership. Emergency access validation was added (as well as initializing empty lists to avoid errors). * **EmergencyAccessRotationValidator.cs:** Performs validation on the provided list of new emergency access keys. * **EmergencyAccessRepository.cs:** Adds a method to rotate encryption keys. This is added to a list in the `RotateUserKeyCommand` that the `UserRepository` calls so it doesn't have to know about all the domains. ## Before you submit - Please check for formatting errors (`dotnet format --verify-no-changes`) (required) - If making database changes - make sure you also update Entity Framework queries and/or migrations - Please add **unit tests** where it makes sense to do so (encouraged but not required) - If this change requires a **documentation update** - notify the documentation team - If this change has particular **deployment requirements** - notify the DevOps team
2023-12-05 12:05:51 -05:00
await sutProvider.Sut.RotateUserKeyAsync(user, model);
[PM-3797 Part 1] Layout new key rotation methods (#3425) * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * formatting * rename account recovery to reset password * fix tests * remove extra endpoint * rename account recovery to reset password * fix tests and formatting * register db calls in command, removing list from user repo * formatting
2023-11-09 14:56:08 -05:00
await sutProvider.GetDependency<IPushNotificationService>().ReceivedWithAnyArgs()
.PushLogOutAsync(default, default);
}
[PM-5938] Prevent permanent vault coruption on key-rotation with desycned vault (#4098) * Add check to verify the vault state for rotation is not obviously desynced (empty) * Add unit test for key rotation guardrail * Move de-synced vault detection to validators * Add tests
2024-05-30 11:08:26 +02:00
[PM-3797 Part 1] Layout new key rotation methods (#3425) * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * formatting * rename account recovery to reset password * fix tests * remove extra endpoint * rename account recovery to reset password * fix tests and formatting * register db calls in command, removing list from user repo * formatting
2023-11-09 14:56:08 -05:00
}
Reference in New Issue Copy Permalink