129 lines
5.0 KiB
TypeScript
129 lines
5.0 KiB
TypeScript
// eslint-disable-next-line no-restricted-imports
|
|
import { Arg, Substitute, SubstituteOf } from "@fluffy-spoon/substitute";
|
|
|
|
import { ApiService } from "@bitwarden/common/abstractions/api.service";
|
|
import { AppIdService } from "@bitwarden/common/abstractions/appId.service";
|
|
import { CryptoService } from "@bitwarden/common/abstractions/crypto.service";
|
|
import { KeyConnectorService } from "@bitwarden/common/abstractions/keyConnector.service";
|
|
import { LogService } from "@bitwarden/common/abstractions/log.service";
|
|
import { MessagingService } from "@bitwarden/common/abstractions/messaging.service";
|
|
import { PlatformUtilsService } from "@bitwarden/common/abstractions/platformUtils.service";
|
|
import { StateService } from "@bitwarden/common/abstractions/state.service";
|
|
import { TokenService } from "@bitwarden/common/abstractions/token.service";
|
|
import { TwoFactorService } from "@bitwarden/common/abstractions/twoFactor.service";
|
|
import { SsoLogInStrategy } from "@bitwarden/common/misc/logInStrategies/ssoLogin.strategy";
|
|
import { Utils } from "@bitwarden/common/misc/utils";
|
|
import { SsoLogInCredentials } from "@bitwarden/common/models/domain/logInCredentials";
|
|
|
|
import { identityTokenResponseFactory } from "./logIn.strategy.spec";
|
|
|
|
describe("SsoLogInStrategy", () => {
|
|
let cryptoService: SubstituteOf<CryptoService>;
|
|
let apiService: SubstituteOf<ApiService>;
|
|
let tokenService: SubstituteOf<TokenService>;
|
|
let appIdService: SubstituteOf<AppIdService>;
|
|
let platformUtilsService: SubstituteOf<PlatformUtilsService>;
|
|
let messagingService: SubstituteOf<MessagingService>;
|
|
let logService: SubstituteOf<LogService>;
|
|
let keyConnectorService: SubstituteOf<KeyConnectorService>;
|
|
let stateService: SubstituteOf<StateService>;
|
|
let twoFactorService: SubstituteOf<TwoFactorService>;
|
|
|
|
let ssoLogInStrategy: SsoLogInStrategy;
|
|
let credentials: SsoLogInCredentials;
|
|
|
|
const deviceId = Utils.newGuid();
|
|
const encKey = "ENC_KEY";
|
|
const privateKey = "PRIVATE_KEY";
|
|
const keyConnectorUrl = "KEY_CONNECTOR_URL";
|
|
|
|
const ssoCode = "SSO_CODE";
|
|
const ssoCodeVerifier = "SSO_CODE_VERIFIER";
|
|
const ssoRedirectUrl = "SSO_REDIRECT_URL";
|
|
const ssoOrgId = "SSO_ORG_ID";
|
|
|
|
beforeEach(async () => {
|
|
cryptoService = Substitute.for<CryptoService>();
|
|
apiService = Substitute.for<ApiService>();
|
|
tokenService = Substitute.for<TokenService>();
|
|
appIdService = Substitute.for<AppIdService>();
|
|
platformUtilsService = Substitute.for<PlatformUtilsService>();
|
|
messagingService = Substitute.for<MessagingService>();
|
|
logService = Substitute.for<LogService>();
|
|
stateService = Substitute.for<StateService>();
|
|
keyConnectorService = Substitute.for<KeyConnectorService>();
|
|
twoFactorService = Substitute.for<TwoFactorService>();
|
|
|
|
tokenService.getTwoFactorToken().resolves(null);
|
|
appIdService.getAppId().resolves(deviceId);
|
|
|
|
ssoLogInStrategy = new SsoLogInStrategy(
|
|
cryptoService,
|
|
apiService,
|
|
tokenService,
|
|
appIdService,
|
|
platformUtilsService,
|
|
messagingService,
|
|
logService,
|
|
stateService,
|
|
twoFactorService,
|
|
keyConnectorService
|
|
);
|
|
credentials = new SsoLogInCredentials(ssoCode, ssoCodeVerifier, ssoRedirectUrl, ssoOrgId);
|
|
});
|
|
|
|
it("sends SSO information to server", async () => {
|
|
apiService.postIdentityToken(Arg.any()).resolves(identityTokenResponseFactory());
|
|
|
|
await ssoLogInStrategy.logIn(credentials);
|
|
|
|
apiService.received(1).postIdentityToken(
|
|
Arg.is((actual) => {
|
|
const ssoTokenRequest = actual as any;
|
|
return (
|
|
ssoTokenRequest.code === ssoCode &&
|
|
ssoTokenRequest.codeVerifier === ssoCodeVerifier &&
|
|
ssoTokenRequest.redirectUri === ssoRedirectUrl &&
|
|
ssoTokenRequest.device.identifier === deviceId &&
|
|
ssoTokenRequest.twoFactor.provider == null &&
|
|
ssoTokenRequest.twoFactor.token == null
|
|
);
|
|
})
|
|
);
|
|
});
|
|
|
|
it("does not set keys for new SSO user flow", async () => {
|
|
const tokenResponse = identityTokenResponseFactory();
|
|
tokenResponse.key = null;
|
|
apiService.postIdentityToken(Arg.any()).resolves(tokenResponse);
|
|
|
|
await ssoLogInStrategy.logIn(credentials);
|
|
|
|
cryptoService.didNotReceive().setEncPrivateKey(privateKey);
|
|
cryptoService.didNotReceive().setEncKey(encKey);
|
|
});
|
|
|
|
it("gets and sets KeyConnector key for enrolled user", async () => {
|
|
const tokenResponse = identityTokenResponseFactory();
|
|
tokenResponse.keyConnectorUrl = keyConnectorUrl;
|
|
|
|
apiService.postIdentityToken(Arg.any()).resolves(tokenResponse);
|
|
|
|
await ssoLogInStrategy.logIn(credentials);
|
|
|
|
keyConnectorService.received(1).getAndSetKey(keyConnectorUrl);
|
|
});
|
|
|
|
it("converts new SSO user to Key Connector on first login", async () => {
|
|
const tokenResponse = identityTokenResponseFactory();
|
|
tokenResponse.keyConnectorUrl = keyConnectorUrl;
|
|
tokenResponse.key = null;
|
|
|
|
apiService.postIdentityToken(Arg.any()).resolves(tokenResponse);
|
|
|
|
await ssoLogInStrategy.logIn(credentials);
|
|
|
|
keyConnectorService.received(1).convertNewSsoUserToKeyConnector(tokenResponse, ssoOrgId);
|
|
});
|
|
});
|