nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-01 16:12:49 -05:00
Code Activity

[AC-1139] Changed GroupAuthorizationHandler and OrganizationUserAuthorizationHandler to fail if no OrganizationId is passed as a parameter

Browse Source
This commit is contained in:
Rui Tome
2023-11-24 13:17:18 +00:00
parent e0955a1695
commit 22a90dee77
4 changed files with 47 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/Api/Vault/AuthorizationHandlers/Groups/GroupAuthorizationHandler.cs
View File

@ -45,6 +45,7 @@ public class GroupAuthorizationHandler : AuthorizationHandler<GroupOperationRequ
if (requirement.OrganizationId == default) if (requirement.OrganizationId == default)
{ {
context.Fail();
return; return;
} }

1
src/Api/Vault/AuthorizationHandlers/OrganizationUsers/OrganizationUserAuthorizationHandler.cs
View File

@ -44,6 +44,7 @@ public class OrganizationUserAuthorizationHandler : AuthorizationHandler<Organiz
if (requirement.OrganizationId == default) if (requirement.OrganizationId == default)
{ {
context.Fail();
return; return;
} }

45
test/Api.Test/Vault/AuthorizationHandlers/GroupAuthorizationHandlerTests.cs
View File

@ -108,7 +108,7 @@ public class GroupAuthorizationHandlerTests
[Theory] [Theory]
[BitAutoData(OrganizationUserType.User)] [BitAutoData(OrganizationUserType.User)]
[BitAutoData(OrganizationUserType.Custom)] [BitAutoData(OrganizationUserType.Custom)]
public async Task CanReadAllAsync_WhenMissingAccess_Failure( public async Task CanReadAllAsync_WhenMissingPermissions_NoSuccess(
OrganizationUserType userType, OrganizationUserType userType,
SutProvider<GroupAuthorizationHandler> sutProvider, SutProvider<GroupAuthorizationHandler> sutProvider,
CurrentContextOrganization organization) CurrentContextOrganization organization)
@ -140,25 +140,7 @@ public class GroupAuthorizationHandlerTests
} }
[Theory, BitAutoData] [Theory, BitAutoData]
public async Task HandleRequirementAsync_MissingUserId_Failure( public async Task CanReadAllAsync_WhenMissingOrgAccess_NoSuccess(
Guid organizationId,
SutProvider<GroupAuthorizationHandler> sutProvider)
{
var context = new AuthorizationHandlerContext(
new[] { GroupOperations.ReadAll(organizationId) },
new ClaimsPrincipal(),
null
);
// Simulate missing user id
sutProvider.GetDependency<ICurrentContext>().UserId.Returns((Guid?)null);
await sutProvider.Sut.HandleAsync(context);
Assert.False(context.HasSucceeded);
}
[Theory, BitAutoData]
public async Task HandleRequirementAsync_MissingOrg_Failure(
Guid userId, Guid userId,
Guid organizationId, Guid organizationId,
SutProvider<GroupAuthorizationHandler> sutProvider) SutProvider<GroupAuthorizationHandler> sutProvider)
@ -177,7 +159,26 @@ public class GroupAuthorizationHandlerTests
} }
[Theory, BitAutoData] [Theory, BitAutoData]
public async Task HandleRequirementAsync_NoSpecifiedOrgId_NoSuccessOrFailure( public async Task HandleRequirementAsync_MissingUserId_Failure(
Guid organizationId,
SutProvider<GroupAuthorizationHandler> sutProvider)
{
var context = new AuthorizationHandlerContext(
new[] { GroupOperations.ReadAll(organizationId) },
new ClaimsPrincipal(),
null
);
// Simulate missing user id
sutProvider.GetDependency<ICurrentContext>().UserId.Returns((Guid?)null);
await sutProvider.Sut.HandleAsync(context);
Assert.False(context.HasSucceeded);
Assert.True(context.HasFailed);
}
[Theory, BitAutoData]
public async Task HandleRequirementAsync_NoSpecifiedOrgId_Failure(
SutProvider<GroupAuthorizationHandler> sutProvider) SutProvider<GroupAuthorizationHandler> sutProvider)
{ {
var context = new AuthorizationHandlerContext( var context = new AuthorizationHandlerContext(
@ -191,6 +192,6 @@ public class GroupAuthorizationHandlerTests
await sutProvider.Sut.HandleAsync(context); await sutProvider.Sut.HandleAsync(context);
Assert.False(context.HasSucceeded); Assert.False(context.HasSucceeded);
Assert.False(context.HasFailed); Assert.True(context.HasFailed);
} }
} }

45
test/Api.Test/Vault/AuthorizationHandlers/OrganizationUserAuthorizationHandlerTests.cs
View File

@ -108,7 +108,7 @@ public class OrganizationUserAuthorizationHandlerTests
[Theory] [Theory]
[BitAutoData(OrganizationUserType.User)] [BitAutoData(OrganizationUserType.User)]
[BitAutoData(OrganizationUserType.Custom)] [BitAutoData(OrganizationUserType.Custom)]
public async Task CanReadAllAsync_WhenMissingAccess_Failure( public async Task CanReadAllAsync_WhenMissingPermissions_NoSuccess(
OrganizationUserType userType, OrganizationUserType userType,
SutProvider<OrganizationUserAuthorizationHandler> sutProvider, SutProvider<OrganizationUserAuthorizationHandler> sutProvider,
CurrentContextOrganization organization) CurrentContextOrganization organization)
@ -139,25 +139,7 @@ public class OrganizationUserAuthorizationHandlerTests
} }
[Theory, BitAutoData] [Theory, BitAutoData]
public async Task HandleRequirementAsync_MissingUserId_Failure( public async Task HandleRequirementAsync_WhenMissingOrgAccess_NoSuccess(
Guid organizationId,
SutProvider<OrganizationUserAuthorizationHandler> sutProvider)
{
var context = new AuthorizationHandlerContext(
new[] { OrganizationUserOperations.ReadAll(organizationId) },
new ClaimsPrincipal(),
null
);
// Simulate missing user id
sutProvider.GetDependency<ICurrentContext>().UserId.Returns((Guid?)null);
await sutProvider.Sut.HandleAsync(context);
Assert.False(context.HasSucceeded);
}
[Theory, BitAutoData]
public async Task HandleRequirementAsync_MissingOrg_Failure(
Guid userId, Guid userId,
Guid organizationId, Guid organizationId,
SutProvider<OrganizationUserAuthorizationHandler> sutProvider) SutProvider<OrganizationUserAuthorizationHandler> sutProvider)
@ -176,7 +158,25 @@ public class OrganizationUserAuthorizationHandlerTests
} }
[Theory, BitAutoData] [Theory, BitAutoData]
public async Task HandleRequirementAsync_NoSpecifiedOrgId_NoSuccessOrFailure( public async Task HandleRequirementAsync_MissingUserId_Failure(
Guid organizationId,
SutProvider<OrganizationUserAuthorizationHandler> sutProvider)
{
var context = new AuthorizationHandlerContext(
new[] { OrganizationUserOperations.ReadAll(organizationId) },
new ClaimsPrincipal(),
null
);
// Simulate missing user id
sutProvider.GetDependency<ICurrentContext>().UserId.Returns((Guid?)null);
await sutProvider.Sut.HandleAsync(context);
Assert.True(context.HasFailed);
}
[Theory, BitAutoData]
public async Task HandleRequirementAsync_NoSpecifiedOrgId_Failure(
SutProvider<OrganizationUserAuthorizationHandler> sutProvider) SutProvider<OrganizationUserAuthorizationHandler> sutProvider)
{ {
var context = new AuthorizationHandlerContext( var context = new AuthorizationHandlerContext(
@ -189,7 +189,6 @@ public class OrganizationUserAuthorizationHandlerTests
await sutProvider.Sut.HandleAsync(context); await sutProvider.Sut.HandleAsync(context);
Assert.False(context.HasSucceeded); Assert.True(context.HasFailed);
Assert.False(context.HasFailed);
} }
} }