Skip to content

Commit

Permalink
Merge branch 'main' into shield_builder_value_type_semantics
Browse files Browse the repository at this point in the history
  • Loading branch information
@danvleju-rdx
danvleju-rdx committed Dec 20, 2024
2 parents ce09c60 + 4870dd8 commit 918daa2
Show file tree
Hide file tree
Showing 6 changed files with 515 additions and 84 deletions.
18 changes: 13 additions & 5 deletions apple/Tests/TestCases/Profile/MFA/SecurityShieldsBuilderTests.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,10 @@ struct ShieldTests {
builder = builder.addFactorSourceToPrimaryThreshold(factorSourceId: .sampleDevice)
.addFactorSourceToPrimaryThreshold(factorSourceId: .sampleDevice) // did not get added, duplicates are not allowed
#expect(builder.primaryRoleThresholdFactors == [.sampleDevice])
builder = builder.addFactorSourceToPrimaryThreshold(factorSourceId: .sampleDeviceOther)

builder = builder.addFactorSourceToPrimaryThreshold(factorSourceId: .sampleDeviceOther) // actually this is added
#expect(builder.validate() == .PrimaryCannotHaveMultipleDevices)
builder = builder.removeFactorFromPrimary(factorSourceId: .sampleDeviceOther)

#expect(builder.validate() == .RecoveryRoleMustHaveAtLeastOneFactor)
builder = builder.removeFactorFromPrimary(factorSourceId: .sampleDeviceOther)
Expand Down Expand Up @@ -134,21 +137,25 @@ struct ShieldTests {
#expect(builder.confirmationRoleFactors.isEmpty)
}

@Test("Primary can only contain one DeviceFactorSource")
@Test("Primary can contain two DeviceFactorSource while building - but is never valid")
func primaryCanOnlyContainOneDeviceFactorSourceThreshold() throws {
let factor = FactorSourceId.sampleDevice
let other = FactorSourceId.sampleDeviceOther
var builder = SecurityShieldBuilder()
.addFactorSourceToPrimaryThreshold(factorSourceId: factor)
.addFactorSourceToPrimaryOverride(factorSourceId: other)
#expect(builder.primaryRoleThresholdFactors == [factor])
#expect(builder.primaryRoleOverrideFactors == [])
#expect(builder.primaryRoleOverrideFactors == [other])

builder = builder.removeFactorFromPrimary(factorSourceId: factor)
.addFactorSourceToPrimaryOverride(factorSourceId: factor)
.addFactorSourceToPrimaryThreshold(factorSourceId: other)
#expect(builder.primaryRoleThresholdFactors == [])
#expect(builder.primaryRoleThresholdFactors == [other])
#expect(builder.primaryRoleOverrideFactors == [factor])

// But when validated/built is err
#expect(builder.validate() != nil)
#expect((try? builder.build()) == nil)
}

@Test("Primary password never alone")
Expand All @@ -158,8 +165,9 @@ struct ShieldTests {
#expect(builder.primaryRoleOverrideFactors.isEmpty)

builder = builder.addFactorSourceToPrimaryThreshold(factorSourceId: .samplePassword)
#expect(builder.validate() == .PrimaryRoleWithThresholdFactorsCannotHaveAThresholdValueOfZero)
#expect(builder.validate() == .PrimaryRoleWithPasswordInThresholdListMustHaveAnotherFactor)
builder = builder.setThreshold(threshold: 0)

#expect(builder.validate() == .PrimaryRoleWithThresholdFactorsCannotHaveAThresholdValueOfZero)
builder = builder.setThreshold(threshold: 1)
#expect(builder.validate() == .PrimaryRoleWithPasswordInThresholdListMustHaveAnotherFactor)
Expand Down
4 changes: 2 additions & 2 deletions crates/sargon-uniffi/src/profile/mfa/security_structures/security_shield_builder.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ impl SecurityShieldBuilder {
#[uniffi::constructor]
pub fn new() -> Arc<Self> {
Arc::new(Self {
wrapped: Arc::new(sargon::SecurityShieldBuilder::new()),
wrapped: Arc::new(sargon::SecurityShieldBuilder::lenient()),
})
}
}
Expand Down Expand Up @@ -772,7 +772,7 @@ mod tests {
])
);

assert_ne!(
assert_eq!( // we use lenient builder, so we say state has not changed
sim_prim_threshold,
sut.clone().validation_for_addition_of_factor_source_to_primary_threshold_for_each(
vec![
Expand Down
2 changes: 1 addition & 1 deletion .../src/profile/mfa/security_structures/automatic_shield_builder/automatic_shield_builder.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -464,7 +464,7 @@ mod tests {
SecurityStructureOfFactorSourceIDs,
AutoBuildOutcomeForTesting,
)> {
let shield_builder = SecurityShieldBuilder::new();
let shield_builder = SecurityShieldBuilder::default();
shield_builder.set_threshold(pick_primary_role_factors.len() as u8);
pick_primary_role_factors.into_iter().for_each(|f| {
shield_builder.add_factor_source_to_primary_threshold(f);
Expand Down
119 changes: 109 additions & 10 deletions crates/sargon/src/profile/mfa/security_structures/matrices/builder/matrix_builder.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,64 +90,118 @@ impl MatrixBuilder {
pub fn validation_for_addition_of_factor_source_to_primary_threshold_for_each(
&self,
factor_sources: &IndexSet<FactorSourceID>,
) -> IndexSet<FactorSourceInRoleBuilderValidationStatus> {
self.validation_for_addition_of_factor_source_to_primary_threshold_for_each_with_mode(factor_sources, SecurityShieldBuilderMode::Strict)
}

pub fn validation_for_addition_of_factor_source_to_primary_threshold_for_each_with_mode(
&self,
factor_sources: &IndexSet<FactorSourceID>,
mode: SecurityShieldBuilderMode,
) -> IndexSet<FactorSourceInRoleBuilderValidationStatus> {
self.primary_role
.validation_for_addition_of_factor_source_for_each(
.validation_for_addition_of_factor_source_for_each_with_mode(
FactorListKind::Threshold,
factor_sources,
mode,
)
}

pub fn validation_for_addition_of_factor_source_to_primary_override_for_each(
&self,
factor_sources: &IndexSet<FactorSourceID>,
) -> IndexSet<FactorSourceInRoleBuilderValidationStatus> {
self.validation_for_addition_of_factor_source_to_primary_override_for_each_with_mode(factor_sources, SecurityShieldBuilderMode::Strict)
}

pub fn validation_for_addition_of_factor_source_to_primary_override_for_each_with_mode(
&self,
factor_sources: &IndexSet<FactorSourceID>,
mode: SecurityShieldBuilderMode,
) -> IndexSet<FactorSourceInRoleBuilderValidationStatus> {
self.primary_role
.validation_for_addition_of_factor_source_for_each(
.validation_for_addition_of_factor_source_for_each_with_mode(
FactorListKind::Override,
factor_sources,
mode,
)
}

pub fn validation_for_addition_of_factor_source_of_kind_to_recovery_override(
&self,
factor_source_kind: FactorSourceKind,
) -> RoleBuilderMutateResult {
self.validation_for_addition_of_factor_source_of_kind_to_recovery_override_with_mode(factor_source_kind, SecurityShieldBuilderMode::Strict)
}

pub fn validation_for_addition_of_factor_source_of_kind_to_recovery_override_with_mode(
&self,
factor_source_kind: FactorSourceKind,
mode: SecurityShieldBuilderMode,
) -> RoleBuilderMutateResult {
self.recovery_role
.validation_for_addition_of_factor_source_of_kind_to_override(
.validation_for_addition_of_factor_source_of_kind_to_override_with_mode(
factor_source_kind,
mode
)
}

pub fn validation_for_addition_of_factor_source_to_recovery_override_for_each(
&self,
factor_sources: &IndexSet<FactorSourceID>,
) -> IndexSet<FactorSourceInRoleBuilderValidationStatus> {
self.validation_for_addition_of_factor_source_to_recovery_override_for_each_with_mode(factor_sources, SecurityShieldBuilderMode::Strict)
}

pub fn validation_for_addition_of_factor_source_to_recovery_override_for_each_with_mode(
&self,
factor_sources: &IndexSet<FactorSourceID>,
mode: SecurityShieldBuilderMode,
) -> IndexSet<FactorSourceInRoleBuilderValidationStatus> {
self.recovery_role
.validation_for_addition_of_factor_source_for_each(
.validation_for_addition_of_factor_source_for_each_with_mode(
FactorListKind::Override,
factor_sources,
mode,
)
}

pub fn validation_for_addition_of_factor_source_of_kind_to_confirmation_override(
&self,
factor_source_kind: FactorSourceKind,
) -> RoleBuilderMutateResult {
self.validation_for_addition_of_factor_source_of_kind_to_confirmation_override_with_mode(factor_source_kind, SecurityShieldBuilderMode::Strict)
}

pub fn validation_for_addition_of_factor_source_of_kind_to_confirmation_override_with_mode(
&self,
factor_source_kind: FactorSourceKind,
mode: SecurityShieldBuilderMode,
) -> RoleBuilderMutateResult {
self.confirmation_role
.validation_for_addition_of_factor_source_of_kind_to_override(
.validation_for_addition_of_factor_source_of_kind_to_override_with_mode(
factor_source_kind,
mode
)
}

pub fn validation_for_addition_of_factor_source_to_confirmation_override_for_each(
&self,
factor_sources: &IndexSet<FactorSourceID>,
) -> IndexSet<FactorSourceInRoleBuilderValidationStatus> {
self.validation_for_addition_of_factor_source_to_confirmation_override_for_each_with_mode(factor_sources, SecurityShieldBuilderMode::Strict)
}

pub fn validation_for_addition_of_factor_source_to_confirmation_override_for_each_with_mode(
&self,
factor_sources: &IndexSet<FactorSourceID>,
mode: SecurityShieldBuilderMode,
) -> IndexSet<FactorSourceInRoleBuilderValidationStatus> {
self.confirmation_role
.validation_for_addition_of_factor_source_for_each(
.validation_for_addition_of_factor_source_for_each_with_mode(
FactorListKind::Override,
factor_sources,
mode,
)
}

Expand Down Expand Up @@ -198,9 +252,20 @@ impl MatrixBuilder {
pub fn add_factor_source_to_primary_threshold(
&mut self,
factor_source_id: FactorSourceID,
) -> MatrixBuilderMutateResult {
self.add_factor_source_to_primary_threshold_with_mode(
factor_source_id,
SecurityShieldBuilderMode::Strict,
)
}

pub fn add_factor_source_to_primary_threshold_with_mode(
&mut self,
factor_source_id: FactorSourceID,
mode: SecurityShieldBuilderMode,
) -> MatrixBuilderMutateResult {
self.primary_role
.add_factor_source_to_threshold(factor_source_id)
.add_factor_source_to_threshold_with_mode(factor_source_id, mode)
.into_matrix_err(RoleKind::Primary)
}

Expand All @@ -218,27 +283,61 @@ impl MatrixBuilder {
pub fn add_factor_source_to_primary_override(
&mut self,
factor_source_id: FactorSourceID,
) -> MatrixBuilderMutateResult {
self.add_factor_source_to_primary_override_with_mode(
factor_source_id,
SecurityShieldBuilderMode::Strict,
)
}

/// Adds the factor source to the primary role override list.
pub fn add_factor_source_to_primary_override_with_mode(
&mut self,
factor_source_id: FactorSourceID,
mode: SecurityShieldBuilderMode,
) -> MatrixBuilderMutateResult {
self.primary_role
.add_factor_source_to_override(factor_source_id)
.add_factor_source_to_override_with_mode(factor_source_id, mode)
.into_matrix_err(RoleKind::Primary)
}

pub fn add_factor_source_to_recovery_override(
&mut self,
factor_source_id: FactorSourceID,
) -> MatrixBuilderMutateResult {
self.add_factor_source_to_recovery_override_with_mode(
factor_source_id,
SecurityShieldBuilderMode::Strict,
)
}

pub fn add_factor_source_to_recovery_override_with_mode(
&mut self,
factor_source_id: FactorSourceID,
mode: SecurityShieldBuilderMode,
) -> MatrixBuilderMutateResult {
self.recovery_role
.add_factor_source_to_override(factor_source_id)
.add_factor_source_to_override_with_mode(factor_source_id, mode)
.into_matrix_err(RoleKind::Recovery)
}

pub fn add_factor_source_to_confirmation_override(
&mut self,
factor_source_id: FactorSourceID,
) -> MatrixBuilderMutateResult {
self.add_factor_source_to_confirmation_override_with_mode(
factor_source_id,
SecurityShieldBuilderMode::Strict,
)
}

pub fn add_factor_source_to_confirmation_override_with_mode(
&mut self,
factor_source_id: FactorSourceID,
mode: SecurityShieldBuilderMode,
) -> MatrixBuilderMutateResult {
self.confirmation_role
.add_factor_source_to_override(factor_source_id)
.add_factor_source_to_override_with_mode(factor_source_id, mode)
.into_matrix_err(RoleKind::Confirmation)
}

Expand Down
Loading

0 comments on commit 918daa2

Please sign in to comment.