nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-02 16:42:50 -05:00
Code Activity

[PM-18876] Refine PolicyRequirements API (#5445)

Browse Source 
* make the PolicyRequirements API more granular, e.g.
  replace factory methods with a factory interface
* update Send to use the new API
This commit is contained in:
Thomas Rittson
2025-03-11 10:46:09 +10:00
committed by GitHub
parent 29dc69a77b
commit 224ef1272e
17 changed files with 429 additions and 313 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
test/Core.Test/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/BasePolicyRequirementFactoryTests.cs Normal file
View File

@ -0,0 +1,90 @@
using AutoFixture.Xunit2;
using Bit.Core.AdminConsole.Enums;
using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
using Bit.Core.Enums;
using Bit.Core.Test.AdminConsole.AutoFixture;
using Xunit;
namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
public class BasePolicyRequirementFactoryTests
{
[Theory, AutoData]
public void ExemptRoles_DoesNotEnforceAgainstThoseRoles(
[PolicyDetails(PolicyType.SingleOrg, OrganizationUserType.Owner)] PolicyDetails ownerPolicy,
[PolicyDetails(PolicyType.SingleOrg, OrganizationUserType.Admin)] PolicyDetails adminPolicy,
[PolicyDetails(PolicyType.SingleOrg, OrganizationUserType.Custom)] PolicyDetails customPolicy,
[PolicyDetails(PolicyType.SingleOrg)] PolicyDetails userPolicy)
{
var sut = new TestPolicyRequirementFactory(
// These exempt roles are intentionally unusual to make sure we're properly testing the sut
[OrganizationUserType.User, OrganizationUserType.Custom],
[],
false);
Assert.True(sut.Enforce(ownerPolicy));
Assert.True(sut.Enforce(adminPolicy));
Assert.False(sut.Enforce(customPolicy));
Assert.False(sut.Enforce(userPolicy));
}
[Theory, AutoData]
public void ExemptStatuses_DoesNotEnforceAgainstThoseStatuses(
[PolicyDetails(PolicyType.SingleOrg, userStatus: OrganizationUserStatusType.Invited)] PolicyDetails invitedPolicy,
[PolicyDetails(PolicyType.SingleOrg, userStatus: OrganizationUserStatusType.Accepted)] PolicyDetails acceptedPolicy,
[PolicyDetails(PolicyType.SingleOrg, userStatus: OrganizationUserStatusType.Confirmed)] PolicyDetails confirmedPolicy,
[PolicyDetails(PolicyType.SingleOrg, userStatus: OrganizationUserStatusType.Revoked)] PolicyDetails revokedPolicy)
{
var sut = new TestPolicyRequirementFactory(
[],
// These exempt statuses are intentionally unusual to make sure we're properly testing the sut
[OrganizationUserStatusType.Confirmed, OrganizationUserStatusType.Accepted],
false);
Assert.True(sut.Enforce(invitedPolicy));
Assert.True(sut.Enforce(revokedPolicy));
Assert.False(sut.Enforce(confirmedPolicy));
Assert.False(sut.Enforce(acceptedPolicy));
}
[Theory, AutoData]
public void ExemptProviders_DoesNotEnforceAgainstProviders(
[PolicyDetails(PolicyType.SingleOrg, isProvider: true)] PolicyDetails policy)
{
var sut = new TestPolicyRequirementFactory(
[],
[],
true);
Assert.False(sut.Enforce(policy));
}
[Theory, AutoData]
public void NoExemptions_EnforcesAgainstAdminsAndProviders(
[PolicyDetails(PolicyType.SingleOrg, OrganizationUserType.Owner, isProvider: true)] PolicyDetails policy)
{
var sut = new TestPolicyRequirementFactory(
[],
[],
false);
Assert.True(sut.Enforce(policy));
}
private class TestPolicyRequirementFactory(
IEnumerable<OrganizationUserType> exemptRoles,
IEnumerable<OrganizationUserStatusType> exemptStatuses,
bool exemptProviders
) : BasePolicyRequirementFactory<TestPolicyRequirement>
{
public override PolicyType PolicyType => PolicyType.SingleOrg;
protected override IEnumerable<OrganizationUserType> ExemptRoles => exemptRoles;
protected override IEnumerable<OrganizationUserStatusType> ExemptStatuses => exemptStatuses;
protected override bool ExemptProviders => exemptProviders;
public override TestPolicyRequirement Create(IEnumerable<PolicyDetails> policyDetails)
=> new() { Policies = policyDetails };
}
}

32
test/Core.Test/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/DisableSendPolicyRequirementFactoryTests.cs Normal file
View File

@ -0,0 +1,32 @@
using Bit.Core.AdminConsole.Enums;
using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
using Bit.Core.Test.AdminConsole.AutoFixture;
using Bit.Test.Common.AutoFixture;
using Bit.Test.Common.AutoFixture.Attributes;
using Xunit;
namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
[SutProviderCustomize]
public class DisableSendPolicyRequirementFactoryTests
{
[Theory, BitAutoData]
public void DisableSend_IsFalse_IfNoPolicies(SutProvider<DisableSendPolicyRequirementFactory> sutProvider)
{
var actual = sutProvider.Sut.Create([]);
Assert.False(actual.DisableSend);
}
[Theory, BitAutoData]
public void DisableSend_IsTrue_IfAnyDisableSendPolicies(
[PolicyDetails(PolicyType.DisableSend)] PolicyDetails[] policies,
SutProvider<DisableSendPolicyRequirementFactory> sutProvider
)
{
var actual = sutProvider.Sut.Create(policies);
Assert.True(actual.DisableSend);
}
}

49
test/Core.Test/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/SendOptionsPolicyRequirementFactoryTests.cs Normal file
View File

@ -0,0 +1,49 @@
using Bit.Core.AdminConsole.Enums;
using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
using Bit.Core.Test.AdminConsole.AutoFixture;
using Bit.Test.Common.AutoFixture;
using Bit.Test.Common.AutoFixture.Attributes;
using Xunit;
namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
[SutProviderCustomize]
public class SendOptionsPolicyRequirementFactoryTests
{
[Theory, BitAutoData]
public void DisableHideEmail_IsFalse_IfNoPolicies(SutProvider<SendOptionsPolicyRequirementFactory> sutProvider)
{
var actual = sutProvider.Sut.Create([]);
Assert.False(actual.DisableHideEmail);
}
[Theory, BitAutoData]
public void DisableHideEmail_IsFalse_IfNotConfigured(
[PolicyDetails(PolicyType.SendOptions)] PolicyDetails[] policies,
SutProvider<SendOptionsPolicyRequirementFactory> sutProvider
)
{
policies[0].SetDataModel(new SendOptionsPolicyData { DisableHideEmail = false });
policies[1].SetDataModel(new SendOptionsPolicyData { DisableHideEmail = false });
var actual = sutProvider.Sut.Create(policies);
Assert.False(actual.DisableHideEmail);
}
[Theory, BitAutoData]
public void DisableHideEmail_IsTrue_IfAnyConfigured(
[PolicyDetails(PolicyType.SendOptions)] PolicyDetails[] policies,
SutProvider<SendOptionsPolicyRequirementFactory> sutProvider
)
{
policies[0].SetDataModel(new SendOptionsPolicyData { DisableHideEmail = true });
policies[1].SetDataModel(new SendOptionsPolicyData { DisableHideEmail = false });
var actual = sutProvider.Sut.Create(policies);
Assert.True(actual.DisableHideEmail);
}
}

138
test/Core.Test/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/SendPolicyRequirementTests.cs
View File

@ -1,138 +0,0 @@
using AutoFixture.Xunit2;
using Bit.Core.AdminConsole.Enums;
using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
using Bit.Core.Enums;
using Bit.Core.Test.AdminConsole.AutoFixture;
using Xunit;
namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
public class SendPolicyRequirementTests
{
[Theory, AutoData]
public void DisableSend_IsFalse_IfNoDisableSendPolicies(
[PolicyDetails(PolicyType.RequireSso)] PolicyDetails otherPolicy1,
[PolicyDetails(PolicyType.SendOptions)] PolicyDetails otherPolicy2)
{
EnableDisableHideEmail(otherPolicy2);
var actual = SendPolicyRequirement.Create([otherPolicy1, otherPolicy2]);
Assert.False(actual.DisableSend);
}
[Theory]
[InlineAutoData(OrganizationUserType.Owner, false)]
[InlineAutoData(OrganizationUserType.Admin, false)]
[InlineAutoData(OrganizationUserType.User, true)]
[InlineAutoData(OrganizationUserType.Custom, true)]
public void DisableSend_TestRoles(
OrganizationUserType userType,
bool shouldBeEnforced,
[PolicyDetails(PolicyType.DisableSend)] PolicyDetails policyDetails)
{
policyDetails.OrganizationUserType = userType;
var actual = SendPolicyRequirement.Create([policyDetails]);
Assert.Equal(shouldBeEnforced, actual.DisableSend);
}
[Theory, AutoData]
public void DisableSend_Not_EnforcedAgainstProviders(
[PolicyDetails(PolicyType.DisableSend, isProvider: true)] PolicyDetails policyDetails)
{
var actual = SendPolicyRequirement.Create([policyDetails]);
Assert.False(actual.DisableSend);
}
[Theory]
[InlineAutoData(OrganizationUserStatusType.Confirmed, true)]
[InlineAutoData(OrganizationUserStatusType.Accepted, true)]
[InlineAutoData(OrganizationUserStatusType.Invited, false)]
[InlineAutoData(OrganizationUserStatusType.Revoked, false)]
public void DisableSend_TestStatuses(
OrganizationUserStatusType userStatus,
bool shouldBeEnforced,
[PolicyDetails(PolicyType.DisableSend)] PolicyDetails policyDetails)
{
policyDetails.OrganizationUserStatus = userStatus;
var actual = SendPolicyRequirement.Create([policyDetails]);
Assert.Equal(shouldBeEnforced, actual.DisableSend);
}
[Theory, AutoData]
public void DisableHideEmail_IsFalse_IfNoSendOptionsPolicies(
[PolicyDetails(PolicyType.RequireSso)] PolicyDetails otherPolicy1,
[PolicyDetails(PolicyType.DisableSend)] PolicyDetails otherPolicy2)
{
var actual = SendPolicyRequirement.Create([otherPolicy1, otherPolicy2]);
Assert.False(actual.DisableHideEmail);
}
[Theory]
[InlineAutoData(OrganizationUserType.Owner, false)]
[InlineAutoData(OrganizationUserType.Admin, false)]
[InlineAutoData(OrganizationUserType.User, true)]
[InlineAutoData(OrganizationUserType.Custom, true)]
public void DisableHideEmail_TestRoles(
OrganizationUserType userType,
bool shouldBeEnforced,
[PolicyDetails(PolicyType.SendOptions)] PolicyDetails policyDetails)
{
EnableDisableHideEmail(policyDetails);
policyDetails.OrganizationUserType = userType;
var actual = SendPolicyRequirement.Create([policyDetails]);
Assert.Equal(shouldBeEnforced, actual.DisableHideEmail);
}
[Theory, AutoData]
public void DisableHideEmail_Not_EnforcedAgainstProviders(
[PolicyDetails(PolicyType.SendOptions, isProvider: true)] PolicyDetails policyDetails)
{
EnableDisableHideEmail(policyDetails);
var actual = SendPolicyRequirement.Create([policyDetails]);
Assert.False(actual.DisableHideEmail);
}
[Theory]
[InlineAutoData(OrganizationUserStatusType.Confirmed, true)]
[InlineAutoData(OrganizationUserStatusType.Accepted, true)]
[InlineAutoData(OrganizationUserStatusType.Invited, false)]
[InlineAutoData(OrganizationUserStatusType.Revoked, false)]
public void DisableHideEmail_TestStatuses(
OrganizationUserStatusType userStatus,
bool shouldBeEnforced,
[PolicyDetails(PolicyType.SendOptions)] PolicyDetails policyDetails)
{
EnableDisableHideEmail(policyDetails);
policyDetails.OrganizationUserStatus = userStatus;
var actual = SendPolicyRequirement.Create([policyDetails]);
Assert.Equal(shouldBeEnforced, actual.DisableHideEmail);
}
[Theory, AutoData]
public void DisableHideEmail_HandlesNullData(
[PolicyDetails(PolicyType.SendOptions)] PolicyDetails policyDetails)
{
policyDetails.PolicyData = null;
var actual = SendPolicyRequirement.Create([policyDetails]);
Assert.False(actual.DisableHideEmail);
}
private static void EnableDisableHideEmail(PolicyDetails policyDetails)
=> policyDetails.SetDataModel(new SendOptionsPolicyData { DisableHideEmail = true });
}