nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-05-22 12:04:27 -05:00
Code

Implement CanBeRestored method in RequireTwoFactorPolicyRequirement to determine user restoration eligibility based on two-factor authentication status; add corresponding unit tests for various scenarios.

Browse Source
This commit is contained in:
Rui Tome 2025-05-20 17:29:54 +01:00
parent 82188c58e5
commit 30490ca383
No known key found for this signature in database
GPG Key ID: 526239D96A8EC066
2 changed files with 73 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/RequireTwoFactorPolicyRequirement.cs
View File

@ -42,12 +42,28 @@ public class RequireTwoFactorPolicyRequirement : IPolicyRequirement
(p.OrganizationUserStatus is
OrganizationUserStatusType.Accepted or
OrganizationUserStatusType.Confirmed));
/// <summary>
/// Determines if the user can be restored in an organization.
/// </summary>
/// <param name="twoFactorEnabled">Whether the user has two-step login enabled.</param>
/// <param name="organizationId">The ID of the organization.</param>
/// <returns>True if the user can be restored, false otherwise.</returns>
public bool CanBeRestored(bool twoFactorEnabled, Guid organizationId) =>
twoFactorEnabled ||
!_policyDetails.Any(p => p.OrganizationId == organizationId &&
(p.OrganizationUserStatus is
OrganizationUserStatusType.Revoked or
OrganizationUserStatusType.Invited or
OrganizationUserStatusType.Accepted or
OrganizationUserStatusType.Confirmed));
}
public class RequireTwoFactorPolicyRequirementFactory : BasePolicyRequirementFactory<RequireTwoFactorPolicyRequirement>
{
public override PolicyType PolicyType => PolicyType.TwoFactorAuthentication;
protected override IEnumerable<OrganizationUserStatusType> ExemptStatuses => [OrganizationUserStatusType.Revoked];
protected override IEnumerable<OrganizationUserStatusType> ExemptStatuses => [];
public override RequireTwoFactorPolicyRequirement Create(IEnumerable<PolicyDetails> policyDetails)
{

56
test/Core.Test/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/RequireTwoFactorPolicyRequirementFactoryTests.cs
View File

@ -155,4 +155,60 @@ public class RequireTwoFactorPolicyRequirementFactoryTests
Assert.False(actual.CanBeConfirmed(false, organizationId));
}
[Theory]
[BitAutoData(true)]
[BitAutoData(false)]
public void CanBeRestored_WithNoPolicies_ReturnsTrue(
bool twoFactorEnabled, Guid organizationId,
SutProvider<RequireTwoFactorPolicyRequirementFactory> sutProvider)
{
var actual = sutProvider.Sut.Create([]);
Assert.True(actual.CanBeRestored(twoFactorEnabled, organizationId));
}
[Theory]
[BitAutoData(OrganizationUserStatusType.Revoked)]
[BitAutoData(OrganizationUserStatusType.Invited)]
[BitAutoData(OrganizationUserStatusType.Accepted)]
[BitAutoData(OrganizationUserStatusType.Confirmed)]
public void CanBeRestored_WithTwoFactorEnabled_ReturnsTrue(
OrganizationUserStatusType userStatus, Guid organizationId,
SutProvider<RequireTwoFactorPolicyRequirementFactory> sutProvider)
{
var actual = sutProvider.Sut.Create(
[
new PolicyDetails
{
OrganizationId = organizationId,
PolicyType = PolicyType.TwoFactorAuthentication,
OrganizationUserStatus = userStatus
}
]);
Assert.True(actual.CanBeRestored(true, organizationId));
}
[Theory]
[BitAutoData(OrganizationUserStatusType.Revoked)]
[BitAutoData(OrganizationUserStatusType.Invited)]
[BitAutoData(OrganizationUserStatusType.Accepted)]
[BitAutoData(OrganizationUserStatusType.Confirmed)]
public void CanBeRestored_WithAnyStatus_ReturnsFalse(
OrganizationUserStatusType userStatus, Guid organizationId,
SutProvider<RequireTwoFactorPolicyRequirementFactory> sutProvider)
{
var actual = sutProvider.Sut.Create(
[
new PolicyDetails
{
OrganizationId = organizationId,
PolicyType = PolicyType.TwoFactorAuthentication,
OrganizationUserStatus = userStatus
}
]);
Assert.False(actual.CanBeRestored(false, organizationId));
}
}