test: fix tests to match new expectations that Auth and Unlock data need to have the same data.

2026-04-20 11:42:29 -05:00 · 2026-04-10 00:18:09 -04:00
parent 9ebf430b3d
commit b6a94e273e
3 changed files with 9 additions and 33 deletions
--- a/src/Core/Utilities/KdfSettingsValidator.cs
+++ b/src/Core/Utilities/KdfSettingsValidator.cs
@@ -24,10 +24,11 @@ public static class KdfSettingsValidator
            yield break;
        }

+        // Salt must be equal for authentication and unlock to prevent de-synced salt value
        if (authentication.Salt != unlock.Salt)
        {
            yield return new ValidationResult(
-                "Salt must be equal for authentication and unlock.",
+                "Invalid master password salt.",
                [nameof(authentication.Salt)]);
        }

--- a/test/Api.Test/Auth/Models/Request/Accounts/PasswordRequestModelTests.cs
+++ b/test/Api.Test/Auth/Models/Request/Accounts/PasswordRequestModelTests.cs
@@ -122,7 +122,7 @@ public class PasswordRequestModelTests
        var result = model.Validate(new ValidationContext(model)).ToList();

        // Assert
-        Assert.Contains(result, r => r.ErrorMessage != null && r.ErrorMessage.Contains("Salt must be equal"));
+        Assert.Contains(result, r => r.ErrorMessage != null && r.ErrorMessage.Contains("Invalid master password salt."));
    }

    [Fact]
@@ -163,31 +163,6 @@ public class PasswordRequestModelTests

    #endregion

-    #region Both-or-Neither Tests
-
-    /// <summary>
-    /// This test proves backwards compatibility for clients that don't send either AuthenticationData or UnlockData
-    /// </summary>
-    [Fact]
-    public void Validate_WhenBothNull_NoAuthUnlockErrors()
-    {
-        // Arrange
-        var model = new PasswordRequestModel
-        {
-            MasterPasswordHash = "masterPasswordHash",
-            NewMasterPasswordHash = "newHash",
-            Key = "key",
-            AuthenticationData = null,
-            UnlockData = null
-        };
-
-        // Act
-        var result = model.Validate(new ValidationContext(model)).ToList();
-
-        // Assert — no auth/unlock-related errors
-        Assert.Empty(result);
-    }
-
    [Fact]
    public void Validate_WhenOnlyAuthPresent_ReturnsError()
    {
@@ -246,8 +221,6 @@ public class PasswordRequestModelTests
        Assert.Contains(result, r => r.ErrorMessage != null && r.ErrorMessage.Contains(nameof(PasswordRequestModel.AuthenticationData)));
    }

-    #endregion
-
    #region Base Validation Preserved

    [Fact]
--- a/test/Identity.Test/Controllers/AccountsControllerTests.cs
+++ b/test/Identity.Test/Controllers/AccountsControllerTests.cs
@@ -953,8 +953,9 @@ public class AccountsControllerTests : IDisposable
        // Act
        var results = model.Validate(ctx).ToList();

-        // Assert mismatched auth/unlock is allowed
-        Assert.Empty(results);
+        // Assert mismatched auth/unlock KDF settings are rejected
+        Assert.Single(results);
+        Assert.Equal("KDF settings must be equal for authentication and unlock.", results[0].ErrorMessage);
    }

    [Theory, BitAutoData]
@@ -1004,8 +1005,9 @@ public class AccountsControllerTests : IDisposable
        // Act
        var results = model.Validate(ctx).ToList();

-        // Assert mismatched salts between auth/unlock are allowed
-        Assert.Empty(results);
+        // Assert mismatched salts between auth/unlock are rejected
+        Assert.Single(results);
+        Assert.Equal("Invalid master password salt.", results[0].ErrorMessage);
    }

    [Theory, BitAutoData]