mirror of
https://github.com/bitwarden/server.git
synced 2025-06-30 15:42:48 -05:00
[PM-17449] Add logic to handle email updates for managed users. (#5422)
This commit is contained in:
Jimmy Vo
@ -1,6 +1,4 @@
|
||||
using System.Net;
|
||||
using System.Net.Http.Headers;
|
||||
using Bit.Api.Auth.Models.Request.Accounts;
|
||||
using System.Net.Http.Headers;
|
||||
using Bit.Api.IntegrationTest.Factories;
|
||||
using Bit.Api.IntegrationTest.Helpers;
|
||||
using Bit.Api.Models.Response;
|
||||
@ -45,61 +43,6 @@ public class AccountsControllerTest : IClassFixture<ApiApplicationFactory>
|
||||
Assert.NotNull(content.SecurityStamp);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task PostEmailToken_WhenAccountDeprovisioningEnabled_WithManagedAccount_ThrowsBadRequest()
|
||||
{
|
||||
var email = await SetupOrganizationManagedAccount();
|
||||
|
||||
var tokens = await _factory.LoginAsync(email);
|
||||
var client = _factory.CreateClient();
|
||||
|
||||
var model = new EmailTokenRequestModel
|
||||
{
|
||||
NewEmail = $"{Guid.NewGuid()}@example.com",
|
||||
MasterPasswordHash = "master_password_hash"
|
||||
};
|
||||
|
||||
using var message = new HttpRequestMessage(HttpMethod.Post, "/accounts/email-token")
|
||||
{
|
||||
Content = JsonContent.Create(model)
|
||||
};
|
||||
message.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token);
|
||||
var response = await client.SendAsync(message);
|
||||
|
||||
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
|
||||
var content = await response.Content.ReadAsStringAsync();
|
||||
Assert.Contains("Cannot change emails for accounts owned by an organization", content);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task PostEmail_WhenAccountDeprovisioningEnabled_WithManagedAccount_ThrowsBadRequest()
|
||||
{
|
||||
var email = await SetupOrganizationManagedAccount();
|
||||
|
||||
var tokens = await _factory.LoginAsync(email);
|
||||
var client = _factory.CreateClient();
|
||||
|
||||
var model = new EmailRequestModel
|
||||
{
|
||||
NewEmail = $"{Guid.NewGuid()}@example.com",
|
||||
MasterPasswordHash = "master_password_hash",
|
||||
NewMasterPasswordHash = "master_password_hash",
|
||||
Token = "validtoken",
|
||||
Key = "key"
|
||||
};
|
||||
|
||||
using var message = new HttpRequestMessage(HttpMethod.Post, "/accounts/email")
|
||||
{
|
||||
Content = JsonContent.Create(model)
|
||||
};
|
||||
message.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token);
|
||||
var response = await client.SendAsync(message);
|
||||
|
||||
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
|
||||
var content = await response.Content.ReadAsStringAsync();
|
||||
Assert.Contains("Cannot change emails for accounts owned by an organization", content);
|
||||
}
|
||||
|
||||
private async Task<string> SetupOrganizationManagedAccount()
|
||||
{
|
||||
_factory.SubstituteService<IFeatureService>(featureService =>
|
||||
|
||||
@ -181,22 +181,6 @@ public class AccountsControllerTests : IDisposable
|
||||
);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task PostEmailToken_WithAccountDeprovisioningEnabled_WhenUserIsManagedByAnOrganization_ShouldThrowBadRequestException()
|
||||
{
|
||||
var user = GenerateExampleUser();
|
||||
ConfigureUserServiceToReturnValidPrincipalFor(user);
|
||||
ConfigureUserServiceToAcceptPasswordFor(user);
|
||||
_featureService.IsEnabled(FeatureFlagKeys.AccountDeprovisioning).Returns(true);
|
||||
_userService.IsManagedByAnyOrganizationAsync(user.Id).Returns(true);
|
||||
|
||||
var result = await Assert.ThrowsAsync<BadRequestException>(
|
||||
() => _sut.PostEmailToken(new EmailTokenRequestModel())
|
||||
);
|
||||
|
||||
Assert.Equal("Cannot change emails for accounts owned by an organization. Contact your organization administrator for additional details.", result.Message);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task PostEmail_ShouldChangeUserEmail()
|
||||
{
|
||||
@ -248,20 +232,6 @@ public class AccountsControllerTests : IDisposable
|
||||
);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task PostEmail_WithAccountDeprovisioningEnabled_WhenUserIsManagedByAnOrganization_ShouldThrowBadRequestException()
|
||||
{
|
||||
var user = GenerateExampleUser();
|
||||
ConfigureUserServiceToReturnValidPrincipalFor(user);
|
||||
_featureService.IsEnabled(FeatureFlagKeys.AccountDeprovisioning).Returns(true);
|
||||
_userService.IsManagedByAnyOrganizationAsync(user.Id).Returns(true);
|
||||
|
||||
var result = await Assert.ThrowsAsync<BadRequestException>(
|
||||
() => _sut.PostEmail(new EmailRequestModel())
|
||||
);
|
||||
|
||||
Assert.Equal("Cannot change emails for accounts owned by an organization. Contact your organization administrator for additional details.", result.Message);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task PostVerifyEmail_ShouldSendEmailVerification()
|
||||
|
||||
@ -248,6 +248,7 @@ public class UserServiceTests
|
||||
sutProvider.GetDependency<ICipherRepository>(),
|
||||
sutProvider.GetDependency<IOrganizationUserRepository>(),
|
||||
sutProvider.GetDependency<IOrganizationRepository>(),
|
||||
sutProvider.GetDependency<IOrganizationDomainRepository>(),
|
||||
sutProvider.GetDependency<IMailService>(),
|
||||
sutProvider.GetDependency<IPushNotificationService>(),
|
||||
sutProvider.GetDependency<IUserStore<User>>(),
|
||||
@ -829,6 +830,7 @@ public class UserServiceTests
|
||||
sutProvider.GetDependency<ICipherRepository>(),
|
||||
sutProvider.GetDependency<IOrganizationUserRepository>(),
|
||||
sutProvider.GetDependency<IOrganizationRepository>(),
|
||||
sutProvider.GetDependency<IOrganizationDomainRepository>(),
|
||||
sutProvider.GetDependency<IMailService>(),
|
||||
sutProvider.GetDependency<IPushNotificationService>(),
|
||||
sutProvider.GetDependency<IUserStore<User>>(),
|
||||
|
||||
Reference in New Issue
Block a user