[PM-31394] use email address hash for send access email verification (#6921)

* [PM-31394] use email address hash for send access email verification * [PM-31394] fixing identity server tests for send access * [PM-31394] fixing more identity server tests for send access
2026-01-31 14:13:18 +08:00 · 2026-01-29 11:48:12 -08:00
parent 7855c4ee6e
commit 0544ec41d5
6 changed files with 41 additions and 13 deletions
--- a/test/Identity.IntegrationTest/RequestValidation/SendAccess/SendEmailOtpReqestValidatorIntegrationTests.cs
+++ b/test/Identity.IntegrationTest/RequestValidation/SendAccess/SendEmailOtpReqestValidatorIntegrationTests.cs
@@ -3,6 +3,7 @@ using Bit.Core.Services;
 using Bit.Core.Tools.Models.Data;
 using Bit.Core.Tools.SendFeatures.Queries.Interfaces;
 using Bit.IntegrationTestCommon.Factories;
+using Bit.Test.Common.Helpers;
 using Duende.IdentityModel;
 using NSubstitute;
 using Xunit;
@@ -60,7 +61,7 @@ public class SendEmailOtpRequestValidatorIntegrationTests(IdentityApplicationFac

                var sendAuthQuery = Substitute.For<ISendAuthenticationQuery>();
                sendAuthQuery.GetAuthenticationMethod(sendId)
-                    .Returns(new EmailOtp([email]));
+                    .Returns(new EmailOtp([CryptographyHelper.HashAndEncode(email)]));
                services.AddSingleton(sendAuthQuery);

                // Mock OTP token provider
@@ -75,6 +76,7 @@ public class SendEmailOtpRequestValidatorIntegrationTests(IdentityApplicationFac
            });
        }).CreateClient();

+
        var requestBody = SendAccessTestUtilities.CreateTokenRequestBody(sendId, email: email); // Email but no OTP

        // Act
@@ -104,7 +106,7 @@ public class SendEmailOtpRequestValidatorIntegrationTests(IdentityApplicationFac

                var sendAuthQuery = Substitute.For<ISendAuthenticationQuery>();
                sendAuthQuery.GetAuthenticationMethod(sendId)
-                    .Returns(new EmailOtp(new[] { email }));
+                    .Returns(new EmailOtp(new[] { CryptographyHelper.HashAndEncode(email) }));
                services.AddSingleton(sendAuthQuery);

                // Mock OTP token provider to validate successfully
@@ -148,7 +150,7 @@ public class SendEmailOtpRequestValidatorIntegrationTests(IdentityApplicationFac

                var sendAuthQuery = Substitute.For<ISendAuthenticationQuery>();
                sendAuthQuery.GetAuthenticationMethod(sendId)
-                    .Returns(new EmailOtp(new[] { email }));
+                    .Returns(new EmailOtp(new[] { CryptographyHelper.HashAndEncode(email) }));
                services.AddSingleton(sendAuthQuery);

                // Mock OTP token provider to validate as false
@@ -190,7 +192,7 @@ public class SendEmailOtpRequestValidatorIntegrationTests(IdentityApplicationFac

                var sendAuthQuery = Substitute.For<ISendAuthenticationQuery>();
                sendAuthQuery.GetAuthenticationMethod(sendId)
-                    .Returns(new EmailOtp(new[] { email }));
+                    .Returns(new EmailOtp(new[] { CryptographyHelper.HashAndEncode(email) }));
                services.AddSingleton(sendAuthQuery);

                // Mock OTP token provider to fail generation