[AC-292] Public Api - allow configuration of custom permissions (#4022)

* Also refactor OrganizationService user invite methods
2025-07-03 09:02:48 -05:00 · 2024-05-31 09:23:31 +10:00
parent 0189952e1f
commit 357ac4f40a
23 changed files with 829 additions and 179 deletions
--- a/test/Api.IntegrationTest/Helpers/LoginHelper.cs
+++ b/test/Api.IntegrationTest/Helpers/LoginHelper.cs
@ -0,0 +1,37 @@
+using System.Net.Http.Headers;
+using Bit.Api.IntegrationTest.Factories;
+using Bit.Core.Repositories;
+using Bit.IntegrationTestCommon.Factories;
+
+namespace Bit.Api.IntegrationTest.Helpers;
+
+public class LoginHelper
+{
+    private readonly HttpClient _client;
+    private readonly ApiApplicationFactory _factory;
+
+    public LoginHelper(ApiApplicationFactory factory, HttpClient client)
+    {
+        _factory = factory;
+        _client = client;
+    }
+
+    public async Task LoginWithOrganizationApiKeyAsync(Guid organizationId)
+    {
+        var (clientId, apiKey) = await GetOrganizationApiKey(_factory, organizationId);
+        var token = await _factory.LoginWithOrganizationApiKeyAsync(clientId, apiKey);
+        _client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
+        _client.DefaultRequestHeaders.Add("client_id", clientId);
+    }
+
+    private async Task<(string clientId, string apiKey)> GetOrganizationApiKey<T>(
+        WebApplicationFactoryBase<T> factory,
+        Guid organizationId)
+        where T : class
+    {
+        var organizationApiKeyRepository = factory.GetService<IOrganizationApiKeyRepository>();
+        var apiKeys = await organizationApiKeyRepository.GetManyByOrganizationIdTypeAsync(organizationId);
+        var clientId = $"organization.{organizationId}";
+        return (clientId, apiKeys.SingleOrDefault().ApiKey);
+    }
+}
--- a/test/Api.IntegrationTest/Helpers/OrganizationTestHelpers.cs
+++ b/test/Api.IntegrationTest/Helpers/OrganizationTestHelpers.cs
@ -1,7 +1,9 @@
-using Bit.Core.AdminConsole.Entities;
+using Bit.Api.IntegrationTest.Factories;
+using Bit.Core.AdminConsole.Entities;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Models.Business;
+using Bit.Core.Models.Data;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
 using Bit.IntegrationTestCommon.Factories;
@ -15,7 +17,9 @@ public static class OrganizationTestHelpers
        string ownerEmail = "integration-test@bitwarden.com",
        string name = "Integration Test Org",
        string billingEmail = "integration-test@bitwarden.com",
-        string ownerKey = "test-key") where T : class
+        string ownerKey = "test-key",
+        int passwordManagerSeats = 0,
+        PaymentMethodType paymentMethod = PaymentMethodType.None) where T : class
    {
        var userRepository = factory.GetService<IUserRepository>();
        var organizationService = factory.GetService<IOrganizationService>();
@ -29,17 +33,23 @@ public static class OrganizationTestHelpers
            Plan = plan,
            OwnerKey = ownerKey,
            Owner = owner,
+            AdditionalSeats = passwordManagerSeats,
+            PaymentMethodType = paymentMethod
        });

        return new Tuple<Organization, OrganizationUser>(signUpResult.organization, signUpResult.organizationUser);
    }

+    /// <summary>
+    /// Creates an OrganizationUser. The user account must already be created.
+    /// </summary>
    public static async Task<OrganizationUser> CreateUserAsync<T>(
        WebApplicationFactoryBase<T> factory,
        Guid organizationId,
        string userEmail,
        OrganizationUserType type,
-        bool accessSecretsManager = false
+        bool accessSecretsManager = false,
+        Permissions? permissions = null
    ) where T : class
    {
        var userRepository = factory.GetService<IUserRepository>();
@ -59,8 +69,36 @@ public static class OrganizationTestHelpers
            AccessSecretsManager = accessSecretsManager,
        };

+        if (permissions != null)
+        {
+            orgUser.SetPermissions(permissions);
+        }
+
        await organizationUserRepository.CreateAsync(orgUser);

        return orgUser;
    }
+
+    /// <summary>
+    /// Creates a new User account with a unique email address and a corresponding OrganizationUser for
+    /// the specified organization.
+    /// </summary>
+    public static async Task<(string, OrganizationUser)> CreateNewUserWithAccountAsync(
+        ApiApplicationFactory factory,
+        Guid organizationId,
+        OrganizationUserType userType,
+        Permissions? permissions = null
+    )
+    {
+        var email = $"integration-test{Guid.NewGuid()}@bitwarden.com";
+
+        // Create user
+        await factory.LoginWithNewAccount(email);
+
+        // Create organizationUser
+        var organizationUser = await OrganizationTestHelpers.CreateUserAsync(factory, organizationId, email, userType,
+            permissions: permissions);
+
+        return (email, organizationUser);
+    }
 }