[PM-15637] Notify Custom Users with “Manage Account Recovery” permission for Device Approval Requests (#5359)

* Add stored procedure to read organization user details by role * Add OrganizationUserRepository method to retrieve OrganizationUser details by role * Enhance AuthRequestService to send notifications to custom users with ManageResetPassword permission * Enhance AuthRequestServiceTests to include custom user permissions and validate notification email recipients
2025-06-30 15:42:48 -05:00 · 2025-02-05 14:47:06 +00:00
parent 617bb5015f
commit 03c390de74
7 changed files with 131 additions and 5 deletions
--- a/test/Core.Test/Auth/Services/AuthRequestServiceTests.cs
+++ b/test/Core.Test/Auth/Services/AuthRequestServiceTests.cs
@ -7,11 +7,13 @@ using Bit.Core.Context;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
+using Bit.Core.Models.Data;
 using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 using Bit.Core.Platform.Push;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
 using Bit.Core.Settings;
+using Bit.Core.Utilities;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
 using Bit.Test.Common.Helpers;
@ -347,14 +349,24 @@ public class AuthRequestServiceTests
        User user,
        OrganizationUser organizationUser1,
        OrganizationUserUserDetails admin1,
+        OrganizationUserUserDetails customUser1,
        OrganizationUser organizationUser2,
        OrganizationUserUserDetails admin2,
-        OrganizationUserUserDetails admin3)
+        OrganizationUserUserDetails admin3,
+        OrganizationUserUserDetails customUser2)
    {
        createModel.Type = AuthRequestType.AdminApproval;
        user.Email = createModel.Email;
        organizationUser1.UserId = user.Id;
        organizationUser2.UserId = user.Id;
+        customUser1.Permissions = CoreHelpers.ClassToJsonData(new Permissions
+        {
+            ManageResetPassword = false,
+        });
+        customUser2.Permissions = CoreHelpers.ClassToJsonData(new Permissions
+        {
+            ManageResetPassword = true,
+        });

        sutProvider.GetDependency<IFeatureService>()
            .IsEnabled(FeatureFlagKeys.DeviceApprovalRequestAdminNotifications)
@ -392,6 +404,13 @@ public class AuthRequestServiceTests
                admin1,
            ]);

+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyDetailsByRoleAsync(organizationUser1.OrganizationId, OrganizationUserType.Custom)
+            .Returns(
+            [
+                customUser1,
+            ]);
+
        sutProvider.GetDependency<IOrganizationUserRepository>()
            .GetManyByMinimumRoleAsync(organizationUser2.OrganizationId, OrganizationUserType.Admin)
            .Returns(
@ -400,6 +419,13 @@ public class AuthRequestServiceTests
                admin3,
            ]);

+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyDetailsByRoleAsync(organizationUser2.OrganizationId, OrganizationUserType.Custom)
+            .Returns(
+            [
+                customUser2,
+            ]);
+
        sutProvider.GetDependency<IAuthRequestRepository>()
            .CreateAsync(Arg.Any<AuthRequest>())
            .Returns(c => c.ArgAt<AuthRequest>(0));
@ -435,7 +461,9 @@ public class AuthRequestServiceTests
        await sutProvider.GetDependency<IMailService>()
            .Received(1)
            .SendDeviceApprovalRequestedNotificationEmailAsync(
-                Arg.Is<IEnumerable<string>>(emails => emails.Count() == 2 && emails.Contains(admin2.Email) && emails.Contains(admin3.Email)),
+                Arg.Is<IEnumerable<string>>(emails => emails.Count() == 3 &&
+                                                      emails.Contains(admin2.Email) && emails.Contains(admin3.Email) &&
+                                                      emails.Contains(customUser2.Email)),
                organizationUser2.OrganizationId,
                user.Email,
                user.Name);