nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-01 16:12:49 -05:00
Code Activity

[AC-1139] Changed GroupAuthorizationHandler and OrganizationUserAuthorizationHandler to fail if no OrganizationId is passed as a parameter

Browse Source
This commit is contained in:
Rui Tome
2023-11-24 13:17:18 +00:00
parent e0955a1695
commit 22a90dee77
4 changed files with 47 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/Api/Vault/AuthorizationHandlers/Groups/GroupAuthorizationHandler.cs
View File

@ -45,6 +45,7 @@ public class GroupAuthorizationHandler : AuthorizationHandler<GroupOperationRequ
if (requirement.OrganizationId == default)
{
context.Fail();
return;
}

1
src/Api/Vault/AuthorizationHandlers/OrganizationUsers/OrganizationUserAuthorizationHandler.cs
View File

@ -44,6 +44,7 @@ public class OrganizationUserAuthorizationHandler : AuthorizationHandler<Organiz
if (requirement.OrganizationId == default)
{
context.Fail();
return;
}

45
test/Api.Test/Vault/AuthorizationHandlers/GroupAuthorizationHandlerTests.cs
View File

@ -108,7 +108,7 @@ public class GroupAuthorizationHandlerTests
[Theory]
[BitAutoData(OrganizationUserType.User)]
[BitAutoData(OrganizationUserType.Custom)]
public async Task CanReadAllAsync_WhenMissingAccess_Failure(
public async Task CanReadAllAsync_WhenMissingPermissions_NoSuccess(
OrganizationUserType userType,
SutProvider<GroupAuthorizationHandler> sutProvider,
CurrentContextOrganization organization)
@ -140,25 +140,7 @@ public class GroupAuthorizationHandlerTests
}
[Theory, BitAutoData]
public async Task HandleRequirementAsync_MissingUserId_Failure(
Guid organizationId,
SutProvider<GroupAuthorizationHandler> sutProvider)
{
var context = new AuthorizationHandlerContext(
new[] { GroupOperations.ReadAll(organizationId) },
new ClaimsPrincipal(),
null
);
// Simulate missing user id
sutProvider.GetDependency<ICurrentContext>().UserId.Returns((Guid?)null);
await sutProvider.Sut.HandleAsync(context);
Assert.False(context.HasSucceeded);
}
[Theory, BitAutoData]
public async Task HandleRequirementAsync_MissingOrg_Failure(
public async Task CanReadAllAsync_WhenMissingOrgAccess_NoSuccess(
Guid userId,
Guid organizationId,
SutProvider<GroupAuthorizationHandler> sutProvider)
@ -177,7 +159,26 @@ public class GroupAuthorizationHandlerTests
}
[Theory, BitAutoData]
public async Task HandleRequirementAsync_NoSpecifiedOrgId_NoSuccessOrFailure(
public async Task HandleRequirementAsync_MissingUserId_Failure(
Guid organizationId,
SutProvider<GroupAuthorizationHandler> sutProvider)
{
var context = new AuthorizationHandlerContext(
new[] { GroupOperations.ReadAll(organizationId) },
new ClaimsPrincipal(),
null
);
// Simulate missing user id
sutProvider.GetDependency<ICurrentContext>().UserId.Returns((Guid?)null);
await sutProvider.Sut.HandleAsync(context);
Assert.False(context.HasSucceeded);
Assert.True(context.HasFailed);
}
[Theory, BitAutoData]
public async Task HandleRequirementAsync_NoSpecifiedOrgId_Failure(
SutProvider<GroupAuthorizationHandler> sutProvider)
{
var context = new AuthorizationHandlerContext(
@ -191,6 +192,6 @@ public class GroupAuthorizationHandlerTests
await sutProvider.Sut.HandleAsync(context);
Assert.False(context.HasSucceeded);
Assert.False(context.HasFailed);
Assert.True(context.HasFailed);
}
}

45
test/Api.Test/Vault/AuthorizationHandlers/OrganizationUserAuthorizationHandlerTests.cs
View File

@ -108,7 +108,7 @@ public class OrganizationUserAuthorizationHandlerTests
[Theory]
[BitAutoData(OrganizationUserType.User)]
[BitAutoData(OrganizationUserType.Custom)]
public async Task CanReadAllAsync_WhenMissingAccess_Failure(
public async Task CanReadAllAsync_WhenMissingPermissions_NoSuccess(
OrganizationUserType userType,
SutProvider<OrganizationUserAuthorizationHandler> sutProvider,
CurrentContextOrganization organization)
@ -139,25 +139,7 @@ public class OrganizationUserAuthorizationHandlerTests
}
[Theory, BitAutoData]
public async Task HandleRequirementAsync_MissingUserId_Failure(
Guid organizationId,
SutProvider<OrganizationUserAuthorizationHandler> sutProvider)
{
var context = new AuthorizationHandlerContext(
new[] { OrganizationUserOperations.ReadAll(organizationId) },
new ClaimsPrincipal(),
null
);
// Simulate missing user id
sutProvider.GetDependency<ICurrentContext>().UserId.Returns((Guid?)null);
await sutProvider.Sut.HandleAsync(context);
Assert.False(context.HasSucceeded);
}
[Theory, BitAutoData]
public async Task HandleRequirementAsync_MissingOrg_Failure(
public async Task HandleRequirementAsync_WhenMissingOrgAccess_NoSuccess(
Guid userId,
Guid organizationId,
SutProvider<OrganizationUserAuthorizationHandler> sutProvider)
@ -176,7 +158,25 @@ public class OrganizationUserAuthorizationHandlerTests
}
[Theory, BitAutoData]
public async Task HandleRequirementAsync_NoSpecifiedOrgId_NoSuccessOrFailure(
public async Task HandleRequirementAsync_MissingUserId_Failure(
Guid organizationId,
SutProvider<OrganizationUserAuthorizationHandler> sutProvider)
{
var context = new AuthorizationHandlerContext(
new[] { OrganizationUserOperations.ReadAll(organizationId) },
new ClaimsPrincipal(),
null
);
// Simulate missing user id
sutProvider.GetDependency<ICurrentContext>().UserId.Returns((Guid?)null);
await sutProvider.Sut.HandleAsync(context);
Assert.True(context.HasFailed);
}
[Theory, BitAutoData]
public async Task HandleRequirementAsync_NoSpecifiedOrgId_Failure(
SutProvider<OrganizationUserAuthorizationHandler> sutProvider)
{
var context = new AuthorizationHandlerContext(
@ -189,7 +189,6 @@ public class OrganizationUserAuthorizationHandlerTests
await sutProvider.Sut.HandleAsync(context);
Assert.False(context.HasSucceeded);
Assert.False(context.HasFailed);
Assert.True(context.HasFailed);
}
}