fix: update integration test user registration to match current registration; We need to keep the IRegistrationCommand.RegisterUser method to JIT user.

Author: ike-kottlowski

src/Core/Auth/UserFeatures/Registration/IRegisterUserCommand.cs

@@ -8,6 +8,7 @@ public interface IRegisterUserCommand
 
     /// <summary>
     /// Creates a new user, sends a welcome email, and raises the signup reference event.
+    /// This method is used for JIT of organization Users.
     /// </summary>
     /// <param name="user">The <see cref="User"/> to create</param>
     /// <returns><see cref="IdentityResult"/></returns>

test/Api.IntegrationTest/Factories/ApiApplicationFactory.cs

@@ -1,4 +1,6 @@
-using Bit.Identity.Models.Request.Accounts;
+using Bit.Core;
+using Bit.Core.Auth.Models.Api.Request.Accounts;
+using Bit.Core.Enums;
 using Bit.IntegrationTestCommon.Factories;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.TestHost;
@@ -42,13 +44,23 @@ protected override void ConfigureWebHost(IWebHostBuilder builder)
     /// <summary>
     /// Helper for registering and logging in to a new account
     /// </summary>
-    public async Task<(string Token, string RefreshToken)> LoginWithNewAccount(string email = "integration-test@bitwarden.com", string masterPasswordHash = "master_password_hash")
+    public async Task<(string Token, string RefreshToken)> LoginWithNewAccount(
+        string email = "integration-test@bitwarden.com", string masterPasswordHash = "master_password_hash")
     {
-        await _identityApplicationFactory.RegisterAsync(new RegisterRequestModel
-        {
-            Email = email,
-            MasterPasswordHash = masterPasswordHash,
-        });
+        await _identityApplicationFactory.RegisterNewIdentityFactoryUserAsync(
+            new RegisterFinishRequestModel
+            {
+                Email = email,
+                MasterPasswordHash = masterPasswordHash,
+                Kdf = KdfType.PBKDF2_SHA256,
+                KdfIterations = AuthConstants.PBKDF2_ITERATIONS.Default,
+                UserAsymmetricKeys = new KeysRequestModel()
+                {
+                    PublicKey = "public_key",
+                    EncryptedPrivateKey = "private_key"
+                },
+                UserSymmetricKey = "sym_key",
+            });
 
         return await _identityApplicationFactory.TokenFromPasswordAsync(email, masterPasswordHash);
     }

test/Core.Test/Auth/AutoFixture/RegisterFinishRequestModelFixtures.cs

@@ -0,0 +1,58 @@
+using System.ComponentModel.DataAnnotations;
+using AutoFixture;
+using Bit.Core.Auth.Models.Api.Request.Accounts;
+using Bit.Core.Enums;
+using Bit.Core.Utilities;
+using Bit.Test.Common.AutoFixture.Attributes;
+
+namespace Bit.Core.Test.Auth.AutoFixture;
+
+internal class RegisterFinishRequestModelCustomization : ICustomization
+{
+    [StrictEmailAddress, StringLength(256)]
+    public required string Email { get; set; }
+    public required KdfType Kdf { get; set; }
+    public required int KdfIterations { get; set; }
+    public string? EmailVerificationToken { get; set; }
+    public string? OrgInviteToken { get; set; }
+    public string? OrgSponsoredFreeFamilyPlanToken { get; set; }
+    public string? AcceptEmergencyAccessInviteToken { get; set; }
+    public string? ProviderInviteToken { get; set; }
+
+    public void Customize(IFixture fixture)
+    {
+        fixture.Customize<RegisterFinishRequestModel>(composer => composer
+            .With(o => o.Email, Email)
+            .With(o => o.Kdf, Kdf)
+            .With(o => o.KdfIterations, KdfIterations)
+            .With(o => o.EmailVerificationToken, EmailVerificationToken)
+            .With(o => o.OrgInviteToken, OrgInviteToken)
+            .With(o => o.OrgSponsoredFreeFamilyPlanToken, OrgSponsoredFreeFamilyPlanToken)
+            .With(o => o.AcceptEmergencyAccessInviteToken, AcceptEmergencyAccessInviteToken)
+            .With(o => o.ProviderInviteToken, ProviderInviteToken));
+    }
+}
+
+public class RegisterFinishRequestModelCustomizeAttribute : BitCustomizeAttribute
+{
+    public string _email { get; set; } = "{0}@email.com";
+    public KdfType _kdf { get; set; } = KdfType.PBKDF2_SHA256;
+    public int _kdfIterations { get; set; } = AuthConstants.PBKDF2_ITERATIONS.Default;
+    public string? _emailVerificationToken { get; set; }
+    public string? _orgInviteToken { get; set; }
+    public string? _orgSponsoredFreeFamilyPlanToken { get; set; }
+    public string? _acceptEmergencyAccessInviteToken { get; set; }
+    public string? _providerInviteToken { get; set; }
+
+    public override ICustomization GetCustomization() => new RegisterFinishRequestModelCustomization()
+    {
+        Email = _email,
+        Kdf = _kdf,
+        KdfIterations = _kdfIterations,
+        EmailVerificationToken = _emailVerificationToken,
+        OrgInviteToken = _orgInviteToken,
+        OrgSponsoredFreeFamilyPlanToken = _orgSponsoredFreeFamilyPlanToken,
+        AcceptEmergencyAccessInviteToken = _acceptEmergencyAccessInviteToken,
+        ProviderInviteToken = _providerInviteToken
+    };
+}

test/Events.IntegrationTest/EventsApplicationFactory.cs

@@ -1,4 +1,6 @@
-using Bit.Identity.Models.Request.Accounts;
+using Bit.Core;
+using Bit.Core.Auth.Models.Api.Request.Accounts;
+using Bit.Core.Enums;
 using Bit.IntegrationTestCommon.Factories;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Hosting;
@@ -40,11 +42,20 @@ protected override void ConfigureWebHost(IWebHostBuilder builder)
     /// </summary>
     public async Task<(string Token, string RefreshToken)> LoginWithNewAccount(string email = "integration-test@bitwarden.com", string masterPasswordHash = "master_password_hash")
     {
-        await _identityApplicationFactory.RegisterAsync(new RegisterRequestModel
-        {
-            Email = email,
-            MasterPasswordHash = masterPasswordHash,
-        });
+        await _identityApplicationFactory.RegisterNewIdentityFactoryUserAsync(
+            new RegisterFinishRequestModel
+            {
+                Email = email,
+                MasterPasswordHash = masterPasswordHash,
+                Kdf = KdfType.PBKDF2_SHA256,
+                KdfIterations = AuthConstants.PBKDF2_ITERATIONS.Default,
+                UserAsymmetricKeys = new KeysRequestModel()
+                {
+                    PublicKey = "public_key",
+                    EncryptedPrivateKey = "private_key"
+                },
+                UserSymmetricKey = "sym_key",
+            });
 
         return await _identityApplicationFactory.TokenFromPasswordAsync(email, masterPasswordHash);
     }

test/Identity.IntegrationTest/Controllers/AccountsControllerTests.cs

@@ -8,10 +8,8 @@
 using Bit.Core.Enums;
 using Bit.Core.Models.Business.Tokenables;
 using Bit.Core.Repositories;
-using Bit.Core.Services;
 using Bit.Core.Tokens;
 using Bit.Core.Utilities;
-using Bit.Identity.Models.Request.Accounts;
 using Bit.IntegrationTestCommon.Factories;
 using Bit.Test.Common.AutoFixture.Attributes;
 using Microsoft.AspNetCore.DataProtection;
@@ -31,24 +29,6 @@ public AccountsControllerTests(IdentityApplicationFactory factory)
         _factory = factory;
     }
 
-    [Fact]
-    public async Task PostRegister_Success()
-    {
-        var context = await _factory.RegisterAsync(new RegisterRequestModel
-        {
-            Email = "test+register@email.com",
-            MasterPasswordHash = "master_password_hash"
-        });
-
-        Assert.Equal(StatusCodes.Status200OK, context.Response.StatusCode);
-
-        var database = _factory.GetDatabaseContext();
-        var user = await database.Users
-            .SingleAsync(u => u.Email == "test+register@email.com");
-
-        Assert.NotNull(user);
-    }
-
     [Theory]
     [BitAutoData("invalidEmail")]
     [BitAutoData("")]
@@ -154,23 +134,14 @@ public async Task PostRegisterSendEmailVerification_WhenGivenNewOrExistingUser_W
     }
 
     [Theory, BitAutoData]
+    // marketing emails can stay at top level
     public async Task RegistrationWithEmailVerification_WithEmailVerificationToken_Succeeds([Required] string name, bool receiveMarketingEmails,
          [StringLength(1000), Required] string masterPasswordHash, [StringLength(50)] string masterPasswordHint, [Required] string userSymmetricKey,
          [Required] KeysRequestModel userAsymmetricKeys, int kdfMemory, int kdfParallelism)
     {
         // Localize substitutions to this test.
         var localFactory = new IdentityApplicationFactory();
 
-        // First we must substitute the mail service in order to be able to get a valid email verification token
-        // for the complete registration step
-        string capturedEmailVerificationToken = null;
-        localFactory.SubstituteService<IMailService>(mailService =>
-        {
-            mailService.SendRegistrationVerificationEmailAsync(Arg.Any<string>(), Arg.Do<string>(t => capturedEmailVerificationToken = t))
-                .Returns(Task.CompletedTask);
-
-        });
-
         // we must first call the send verification email endpoint to trigger the first part of the process
         var email = $"test+register+{name}@email.com";
         var sendVerificationEmailReqModel = new RegisterSendVerificationEmailRequestModel
@@ -183,15 +154,15 @@ public async Task RegistrationWithEmailVerification_WithEmailVerificationToken_S
         var sendEmailVerificationResponseHttpContext = await localFactory.PostRegisterSendEmailVerificationAsync(sendVerificationEmailReqModel);
 
         Assert.Equal(StatusCodes.Status204NoContent, sendEmailVerificationResponseHttpContext.Response.StatusCode);
-        Assert.NotNull(capturedEmailVerificationToken);
+        Assert.NotNull(localFactory.RegistrationTokens[email]);
 
         // Now we call the finish registration endpoint with the email verification token
         var registerFinishReqModel = new RegisterFinishRequestModel
         {
             Email = email,
             MasterPasswordHash = masterPasswordHash,
             MasterPasswordHint = masterPasswordHint,
-            EmailVerificationToken = capturedEmailVerificationToken,
+            EmailVerificationToken = localFactory.RegistrationTokens[email],
             Kdf = KdfType.PBKDF2_SHA256,
             KdfIterations = AuthConstants.PBKDF2_ITERATIONS.Default,
             UserSymmetricKey = userSymmetricKey,

test/Identity.IntegrationTest/Endpoints/IdentityServerSsoTests.cs

@@ -1,19 +1,20 @@
 using System.Security.Claims;
 using System.Text.Json;
+using Bit.Core;
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Entities.Provider;
 using Bit.Core.AdminConsole.Enums.Provider;
 using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Auth.Entities;
 using Bit.Core.Auth.Enums;
+using Bit.Core.Auth.Models.Api.Request.Accounts;
 using Bit.Core.Auth.Models.Data;
 using Bit.Core.Auth.Repositories;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Models.Data;
 using Bit.Core.Repositories;
 using Bit.Core.Utilities;
-using Bit.Identity.Models.Request.Accounts;
 using Bit.IntegrationTestCommon.Factories;
 using Bit.Test.Common.Helpers;
 using Duende.IdentityModel;
@@ -545,16 +546,15 @@ private static async Task<IdentityApplicationFactory> CreateFactoryAsync(
     {
         var factory = new IdentityApplicationFactory();
 
-
         var authorizationCode = new AuthorizationCode
         {
             ClientId = "web",
             CreationTime = DateTime.UtcNow,
             Lifetime = (int)TimeSpan.FromMinutes(5).TotalSeconds,
             RedirectUri = "https://localhost:8080/sso-connector.html",
-            RequestedScopes = new[] { "api", "offline_access" },
+            RequestedScopes = ["api", "offline_access"],
             CodeChallenge = challenge.Sha256(),
-            CodeChallengeMethod = "plain", //
+            CodeChallengeMethod = "plain",
             Subject = null!, // Temporarily set it to null
         };
 
@@ -564,16 +564,20 @@ private static async Task<IdentityApplicationFactory> CreateFactoryAsync(
                 .Returns(authorizationCode);
         });
 
-        // This starts the server and finalizes services
-        var registerResponse = await factory.RegisterAsync(new RegisterRequestModel
-        {
-            Email = TestEmail,
-            MasterPasswordHash = "master_password_hash",
-        });
-
-        var userRepository = factory.Services.GetRequiredService<IUserRepository>();
-        var user = await userRepository.GetByEmailAsync(TestEmail);
-        Assert.NotNull(user);
+        var user = await factory.RegisterNewIdentityFactoryUserAsync(
+            new RegisterFinishRequestModel
+            {
+                Email = TestEmail,
+                MasterPasswordHash = "masterPasswordHash",
+                Kdf = KdfType.PBKDF2_SHA256,
+                KdfIterations = AuthConstants.PBKDF2_ITERATIONS.Default,
+                UserAsymmetricKeys = new KeysRequestModel()
+                {
+                    PublicKey = "public_key",
+                    EncryptedPrivateKey = "private_key"
+                },
+                UserSymmetricKey = "sym_key",
+            });
 
         var organizationRepository = factory.Services.GetRequiredService<IOrganizationRepository>();
         var organization = await organizationRepository.CreateAsync(new Organization