From 43b34c433c0f820a0a1a2d26882c7d17cd99831b Mon Sep 17 00:00:00 2001 From: cd-bitwarden <106776772+cd-bitwarden@users.noreply.github.com> Date: Fri, 14 Jun 2024 13:23:23 -0400 Subject: [PATCH] =?UTF-8?q?[SM-1197]=20-=20Duplicate=20GUIDS=20Show=20a=20?= =?UTF-8?q?more=20detailed=20error=20message=20if=20duplicate=20GUIDS=20ar?= =?UTF-8?q?e=20passed=20ot=20g=E2=80=A6=20(#4161)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Show a more detailed error message if duplicate GUIDS are passed ot get by Ids * Update test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Api/SecretsManager/Models/Request/GetSecretsRequestModel.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Api/SecretsManager/Models/Request/GetSecretsRequestModel.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Making requested changes to tests * lint fix * fixing whitespace --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> --- .../Models/Request/GetSecretsRequestModel.cs | 17 +++++++- .../Controllers/SecretsControllerTests.cs | 41 +++++++++++++++++++ 2 files changed, 56 insertions(+), 2 deletions(-) diff --git a/src/Api/SecretsManager/Models/Request/GetSecretsRequestModel.cs b/src/Api/SecretsManager/Models/Request/GetSecretsRequestModel.cs index 42dbce5232..5eec3a7a6c 100644 --- a/src/Api/SecretsManager/Models/Request/GetSecretsRequestModel.cs +++ b/src/Api/SecretsManager/Models/Request/GetSecretsRequestModel.cs @@ -1,9 +1,22 @@ using System.ComponentModel.DataAnnotations; - namespace Bit.Api.SecretsManager.Models.Request; -public class GetSecretsRequestModel +public class GetSecretsRequestModel : IValidatableObject { [Required] public IEnumerable Ids { get; set; } + public IEnumerable Validate(ValidationContext validationContext) + { + var isDistinct = Ids.Distinct().Count() == Ids.Count(); + if (!isDistinct) + { + var duplicateGuids = Ids.GroupBy(x => x) + .Where(g => g.Count() > 1) + .Select(g => g.Key); + + yield return new ValidationResult( + $"The following GUIDs were duplicated {string.Join(", ", duplicateGuids)} ", + new[] { nameof(GetSecretsRequestModel) }); + } + } } diff --git a/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs b/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs index afe6ddeac9..61034c85e0 100644 --- a/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs +++ b/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs @@ -788,6 +788,47 @@ public class SecretsControllerTests : IClassFixture, IAsy Assert.Equal(secretIds.Count, result.Data.Count()); } + + [Theory] + [InlineData(PermissionType.RunAsAdmin)] + [InlineData(PermissionType.RunAsUserWithPermission)] + public async Task GetSecretsByIds_DuplicateIds_BadRequest(PermissionType permissionType) + { + var (org, _) = await _organizationHelper.Initialize(true, true, true); + await _loginHelper.LoginAsync(_email); + + var (project, secretIds) = await CreateSecretsAsync(org.Id); + + secretIds.Add(secretIds[0]); + + if (permissionType == PermissionType.RunAsUserWithPermission) + { + var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); + await _loginHelper.LoginAsync(email); + + var accessPolicies = new List + { + new UserProjectAccessPolicy + { + GrantedProjectId = project.Id, OrganizationUserId = orgUser.Id, Read = true, Write = true, + }, + }; + await _accessPolicyRepository.CreateManyAsync(accessPolicies); + } + else + { + var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.Admin, true); + await _loginHelper.LoginAsync(email); + } + + var request = new GetSecretsRequestModel { Ids = secretIds }; + var response = await _client.PostAsJsonAsync("/secrets/get-by-ids", request); + var content = await response.Content.ReadAsStringAsync(); + + Assert.True(response.StatusCode == HttpStatusCode.BadRequest); + Assert.Contains("The following GUIDs were duplicated", content); + } + [Theory] [InlineData(false, false, false)] [InlineData(false, false, true)]