nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-17 09:33:51 -05:00
Code

Support use of organizationId parameter in authorization (#5758)

Browse Source
This commit is contained in:
Thomas Rittson 2025-05-02 07:00:48 +10:00 committed by GitHub
parent 9da98d8e97
commit 41001fefae
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 55 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/Api/AdminConsole/Authorization/HttpContextExtensions.cs
View File

@ -9,7 +9,7 @@ namespace Bit.Api.AdminConsole.Authorization;
public static class HttpContextExtensions
{
public const string NoOrgIdError =
"A route decorated with with '[Authorize<Requirement>]' must include a route value named 'orgId' either through the [Controller] attribute or through a '[Http*]' attribute.";
"A route decorated with with '[Authorize<Requirement>]' must include a route value named 'orgId' or 'organizationId' either through the [Controller] attribute or through a '[Http*]' attribute.";
/// <summary>
/// Returns the result of the callback, caching it in HttpContext.Features for the lifetime of the request.
@ -61,19 +61,27 @@ public static class HttpContextExtensions
/// <summary>
/// Parses the {orgId} route parameter into a Guid, or throws if the {orgId} is not present or not a valid guid.
/// Parses the {orgId} or {organizationId} route parameter into a Guid, or throws if neither are present or are not valid guids.
/// </summary>
/// <param name="httpContext"></param>
/// <returns></returns>
/// <exception cref="InvalidOperationException"></exception>
public static Guid GetOrganizationId(this HttpContext httpContext)
{
httpContext.GetRouteData().Values.TryGetValue("orgId", out var orgIdParam);
if (orgIdParam == null || !Guid.TryParse(orgIdParam.ToString(), out var orgId))
var routeValues = httpContext.GetRouteData().Values;
routeValues.TryGetValue("orgId", out var orgIdParam);
if (orgIdParam != null && Guid.TryParse(orgIdParam.ToString(), out var orgId))
{
throw new InvalidOperationException(NoOrgIdError);
return orgId;
}
return orgId;
routeValues.TryGetValue("organizationId", out var organizationIdParam);
if (organizationIdParam != null && Guid.TryParse(organizationIdParam.ToString(), out var organizationId))
{
return organizationId;
}
throw new InvalidOperationException(NoOrgIdError);
}
}

42
test/Api.Test/AdminConsole/Authorization/HttpContextExtensionsTests.cs
View File

@ -1,5 +1,7 @@
using Bit.Api.AdminConsole.Authorization;
using AutoFixture.Xunit2;
using Bit.Api.AdminConsole.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Routing;
using NSubstitute;
using Xunit;
@ -25,4 +27,42 @@ public class HttpContextExtensionsTests
await callback.ReceivedWithAnyArgs(1).Invoke();
}
[Theory]
[InlineAutoData("orgId")]
[InlineAutoData("organizationId")]
public void GetOrganizationId_GivenValidParameter_ReturnsOrganizationId(string paramName, Guid orgId)
{
var httpContext = new DefaultHttpContext
{
Request = { RouteValues = new RouteValueDictionary
{
{ "userId", "someGuid" },
{ paramName, orgId.ToString() }
}
}
};
var result = httpContext.GetOrganizationId();
Assert.Equal(orgId, result);
}
[Theory]
[InlineAutoData("orgId")]
[InlineAutoData("organizationId")]
[InlineAutoData("missingParameter")]
public void GetOrganizationId_GivenMissingOrInvalidGuid_Throws(string paramName)
{
var httpContext = new DefaultHttpContext
{
Request = { RouteValues = new RouteValueDictionary
{
{ "userId", "someGuid" },
{ paramName, "invalidGuid" }
}
}
};
var exception = Assert.Throws<InvalidOperationException>(() => httpContext.GetOrganizationId());
Assert.Equal(HttpContextExtensions.NoOrgIdError, exception.Message);
}
}