Improve DataProtectorTokenFactory test coverage (#1884)

* Add encstring to server * Test factory Co-authored-by: Carlos Muentes <cmuentes@bitwarden.com> * Format * Remove SymmetricKeyProtectedString Not needed * Set ForcInvalid Co-authored-by: Carlos Muentes <cmuentes@bitwarden.com>
2026-01-31 14:13:18 +08:00 · 2022-02-24 14:26:12 -06:00
parent b3981a738a
commit 05ea5d5841
4 changed files with 88 additions and 13 deletions
--- a/src/Core/Tokens/DataProtectorTokenFactory.cs
+++ b/src/Core/Tokens/DataProtectorTokenFactory.cs
@@ -16,6 +16,13 @@ namespace Bit.Core.Tokens
        public string Protect(T data) =>
            data.ToToken().ProtectWith(_dataProtector).WithPrefix(_clearTextPrefix).ToString();

+        /// <summary>
+        /// Unprotect token
+        /// </summary>
+        /// <param name="token">The token to parse</param>
+        /// <typeparam name="T">The tokenable type to parse to</typeparam>
+        /// <returns>The parsed tokenable</returns>
+        /// <exception>Throws CryptographicException if fails to unprotect</exception>
        public T Unprotect(string token) =>
            Tokenable.FromToken<T>(new Token(token).RemovePrefix(_clearTextPrefix).UnprotectWith(_dataProtector).ToString());

--- a/src/Core/Tokens/ISymmetricKeyProtectedTokenFactory.cs
+++ b/src/Core/Tokens/ISymmetricKeyProtectedTokenFactory.cs
@@ -1,10 +0,0 @@
-namespace Bit.Core.Tokens
-{
-    public interface ISymmetricKeyProtectedTokenFactory<T> where T : Tokenable
-    {
-        string Protect(string key, T data);
-        T Unprotect(string key, string token);
-        bool TryUnprotect(string key, string token, out T data);
-        bool TokenValid(string key, string token);
-    }
-}
--- a/test/Core.Test/Tokens/DataProtectorTokenFactoryTests.cs
+++ b/test/Core.Test/Tokens/DataProtectorTokenFactoryTests.cs
@@ -1,4 +1,5 @@
-using AutoFixture;
+using System.Security.Cryptography;
+using AutoFixture;
 using Bit.Core.Tokens;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
@@ -50,5 +51,78 @@ namespace Bit.Core.Test.Tokens

            Assert.NotEqual(new Token(token).RemovePrefix(prefix), tokenable.ToToken());
        }
+
+        [Theory, BitAutoData]
+        public void ThrowsIfUnprotectFails(TestTokenable tokenable)
+        {
+            var sutProvider = GetSutProvider();
+
+            var token = sutProvider.Sut.Protect(tokenable);
+            token += "stuff to make sure decryption fails";
+
+            Assert.Throws<CryptographicException>(() => sutProvider.Sut.Unprotect(token));
+        }
+
+        [Theory, BitAutoData]
+        public void TryUnprotect_FalseIfUnprotectFails(TestTokenable tokenable)
+        {
+            var sutProvider = GetSutProvider();
+            var token = sutProvider.Sut.Protect(tokenable) + "fail decryption";
+
+            var result = sutProvider.Sut.TryUnprotect(token, out var data);
+
+            Assert.False(result);
+            Assert.Null(data);
+        }
+
+        [Theory, BitAutoData]
+        public void TokenValid_FalseIfUnprotectFails(TestTokenable tokenable)
+        {
+            var sutProvider = GetSutProvider();
+            var token = sutProvider.Sut.Protect(tokenable) + "fail decryption";
+
+            var result = sutProvider.Sut.TokenValid(token);
+
+            Assert.False(result);
+        }
+
+
+        [Theory, BitAutoData]
+        public void TokenValid_FalseIfTokenInvalid(TestTokenable tokenable)
+        {
+            var sutProvider = GetSutProvider();
+
+            tokenable.ForceInvalid = true;
+            var token = sutProvider.Sut.Protect(tokenable);
+
+            var result = sutProvider.Sut.TokenValid(token);
+
+            Assert.False(result);
+        }
+
+        [Theory, BitAutoData]
+        public void TryUnprotect_TrueIfSuccess(TestTokenable tokenable)
+        {
+            var sutProvider = GetSutProvider();
+            var token = sutProvider.Sut.Protect(tokenable);
+
+            var result = sutProvider.Sut.TryUnprotect(token, out var data);
+
+            Assert.True(result);
+            AssertHelper.AssertPropertyEqual(tokenable, data);
+        }
+
+        [Theory, BitAutoData]
+        public void TokenValid_TrueIfSuccess(TestTokenable tokenable)
+        {
+            tokenable.ForceInvalid = false;
+            var sutProvider = GetSutProvider();
+            var token = sutProvider.Sut.Protect(tokenable);
+
+            var result = sutProvider.Sut.TokenValid(token);
+
+            Assert.True(result);
+        }
+
    }
 }
--- a/test/Core.Test/Tokens/TestTokenable.cs
+++ b/test/Core.Test/Tokens/TestTokenable.cs
@@ -1,10 +1,14 @@
-using Bit.Core.Tokens;
+using System.Text.Json.Serialization;
+using Bit.Core.Tokens;

 namespace Bit.Core.Test.Tokens
 {
    public class TestTokenable : Tokenable
    {
-        public override bool Valid => true;
+        public bool ForceInvalid { get; set; } = false;
+
+        [JsonIgnore]
+        public override bool Valid => !ForceInvalid;
    }

    public class TestExpiringTokenable : ExpiringTokenable