nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-30 07:36:14 -05:00
Code Activity

[EC-635] Extract organizationService.UpdateLicenseAsync to a command (#2408)

Browse Source 
* move UpdateLicenseAsync from service to command
* create new SelfHostedOrganizationDetails view model and move license validation logic there
* move occupied seat count logic to database level
This commit is contained in:
Thomas Rittson
2023-02-24 07:54:19 +10:00
committed by GitHub
parent 7d0bba3a29
commit 4643f5960e
30 changed files with 967 additions and 239 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
test/Api.Test/Controllers/OrganizationsControllerTests.cs
View File

@ -32,6 +32,7 @@ public class OrganizationsControllerTests : IDisposable
private readonly IOrganizationApiKeyRepository _organizationApiKeyRepository;
private readonly ICloudGetOrganizationLicenseQuery _cloudGetOrganizationLicenseQuery;
private readonly ICreateOrganizationApiKeyCommand _createOrganizationApiKeyCommand;
private readonly IUpdateOrganizationLicenseCommand _updateOrganizationLicenseCommand;
private readonly IOrganizationDomainRepository _organizationDomainRepository;
private readonly OrganizationsController _sut;
@ -53,11 +54,13 @@ public class OrganizationsControllerTests : IDisposable
_userService = Substitute.For<IUserService>();
_cloudGetOrganizationLicenseQuery = Substitute.For<ICloudGetOrganizationLicenseQuery>();
_createOrganizationApiKeyCommand = Substitute.For<ICreateOrganizationApiKeyCommand>();
_updateOrganizationLicenseCommand = Substitute.For<IUpdateOrganizationLicenseCommand>();
_sut = new OrganizationsController(_organizationRepository, _organizationUserRepository,
_policyRepository, _organizationService, _userService, _paymentService, _currentContext,
_ssoConfigRepository, _ssoConfigService, _getOrganizationApiKeyQuery, _rotateOrganizationApiKeyCommand,
_createOrganizationApiKeyCommand, _organizationApiKeyRepository, _cloudGetOrganizationLicenseQuery, _globalSettings);
_createOrganizationApiKeyCommand, _organizationApiKeyRepository, _updateOrganizationLicenseCommand,
_cloudGetOrganizationLicenseQuery, _globalSettings);
}
public void Dispose()

379
test/Core.Test/Models/Data/SelfHostedOrganizationDetailsTests.cs Normal file
View File

@ -0,0 +1,379 @@
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Models.Business;
using Bit.Core.Models.Data;
using Bit.Core.Models.Data.Organizations;
using Bit.Core.Models.OrganizationConnectionConfigs;
using Bit.Core.Test.AutoFixture;
using Bit.Test.Common.AutoFixture.Attributes;
using Xunit;
namespace Bit.Core.Test.Models.Data;
public class SelfHostedOrganizationDetailsTests
{
[Theory]
[BitAutoData]
[OrganizationLicenseCustomize]
public async Task ValidateForOrganization_Success(List<OrganizationUser> orgUsers,
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
{
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
var result = orgDetails.CanUseLicense(license, out var exception);
Assert.True(result);
Assert.True(string.IsNullOrEmpty(exception));
}
[Theory]
[BitAutoData]
[OrganizationLicenseCustomize]
public async Task ValidateForOrganization_OccupiedSeatCount_ExceedsLicense_Fail(List<OrganizationUser> orgUsers,
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
{
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
orgLicense.Seats = 1;
var result = orgDetails.CanUseLicense(license, out var exception);
Assert.False(result);
Assert.Contains("Remove some users", exception);
}
[Theory]
[BitAutoData]
[OrganizationLicenseCustomize]
public async Task ValidateForOrganization_MaxCollections_ExceedsLicense_Fail(List<OrganizationUser> orgUsers,
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
{
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
orgLicense.MaxCollections = 1;
var result = orgDetails.CanUseLicense(license, out var exception);
Assert.False(result);
Assert.Contains("Remove some collections", exception);
}
[Theory]
[BitAutoData]
[OrganizationLicenseCustomize]
public async Task ValidateForOrganization_Groups_NotAllowedByLicense_Fail(List<OrganizationUser> orgUsers,
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
{
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
orgLicense.UseGroups = false;
var result = orgDetails.CanUseLicense(license, out var exception);
Assert.False(result);
Assert.Contains("Your new license does not allow for the use of groups", exception);
}
[Theory]
[BitAutoData]
[OrganizationLicenseCustomize]
public async Task ValidateForOrganization_Policies_NotAllowedByLicense_Fail(List<OrganizationUser> orgUsers,
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
{
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
orgLicense.UsePolicies = false;
var result = orgDetails.CanUseLicense(license, out var exception);
Assert.False(result);
Assert.Contains("Your new license does not allow for the use of policies", exception);
}
[Theory]
[BitAutoData]
[OrganizationLicenseCustomize]
public async Task ValidateForOrganization_DisabledPolicies_NotAllowedByLicense_Success(List<OrganizationUser> orgUsers,
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
{
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
orgLicense.UsePolicies = false;
((List<Policy>)orgDetails.Policies).ForEach(p => p.Enabled = false);
var result = orgDetails.CanUseLicense(license, out var exception);
Assert.True(result);
Assert.True(string.IsNullOrEmpty(exception));
}
[Theory]
[BitAutoData]
[OrganizationLicenseCustomize]
public async Task ValidateForOrganization_Sso_NotAllowedByLicense_Fail(List<OrganizationUser> orgUsers,
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
{
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
orgLicense.UseSso = false;
var result = orgDetails.CanUseLicense(license, out var exception);
Assert.False(result);
Assert.Contains("Your new license does not allow for the use of SSO", exception);
}
[Theory]
[BitAutoData]
[OrganizationLicenseCustomize]
public async Task ValidateForOrganization_DisabledSso_NotAllowedByLicense_Success(List<OrganizationUser> orgUsers,
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
{
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
orgLicense.UseSso = false;
orgDetails.SsoConfig.Enabled = false;
var result = orgDetails.CanUseLicense(license, out var exception);
Assert.True(result);
Assert.True(string.IsNullOrEmpty(exception));
}
[Theory]
[BitAutoData]
[OrganizationLicenseCustomize]
public async Task ValidateForOrganization_NoSso_NotAllowedByLicense_Success(List<OrganizationUser> orgUsers,
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
{
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
orgLicense.UseSso = false;
orgDetails.SsoConfig = null;
var result = orgDetails.CanUseLicense(license, out var exception);
Assert.True(result);
Assert.True(string.IsNullOrEmpty(exception));
}
[Theory]
[BitAutoData]
[OrganizationLicenseCustomize]
public async Task ValidateForOrganization_KeyConnector_NotAllowedByLicense_Fail(List<OrganizationUser> orgUsers,
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
{
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
orgLicense.UseKeyConnector = false;
var result = orgDetails.CanUseLicense(license, out var exception);
Assert.False(result);
Assert.Contains("Your new license does not allow for the use of Key Connector", exception);
}
[Theory]
[BitAutoData]
[OrganizationLicenseCustomize]
public async Task ValidateForOrganization_DisabledKeyConnector_NotAllowedByLicense_Success(List<OrganizationUser> orgUsers,
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
{
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
orgLicense.UseKeyConnector = false;
orgDetails.SsoConfig.SetData(new SsoConfigurationData() { KeyConnectorEnabled = false });
var result = orgDetails.CanUseLicense(license, out var exception);
Assert.True(result);
Assert.True(string.IsNullOrEmpty(exception));
}
[Theory]
[BitAutoData]
[OrganizationLicenseCustomize]
public async Task ValidateForOrganization_NoSsoKeyConnector_NotAllowedByLicense_Success(List<OrganizationUser> orgUsers,
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
{
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
orgLicense.UseKeyConnector = false;
orgDetails.SsoConfig = null;
var result = orgDetails.CanUseLicense(license, out var exception);
Assert.True(result);
Assert.True(string.IsNullOrEmpty(exception));
}
[Theory]
[BitAutoData]
[OrganizationLicenseCustomize]
public async Task ValidateForOrganization_Scim_NotAllowedByLicense_Fail(List<OrganizationUser> orgUsers,
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
{
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
orgLicense.UseScim = false;
var result = orgDetails.CanUseLicense(license, out var exception);
Assert.False(result);
Assert.Contains("Your new plan does not allow the SCIM feature", exception);
}
[Theory]
[BitAutoData]
[OrganizationLicenseCustomize]
public async Task ValidateForOrganization_DisabledScim_NotAllowedByLicense_Success(List<OrganizationUser> orgUsers,
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
{
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
orgLicense.UseScim = false;
((List<OrganizationConnection<ScimConfig>>)orgDetails.ScimConnections)
.ForEach(c => c.SetConfig(new ScimConfig() { Enabled = false }));
var result = orgDetails.CanUseLicense(license, out var exception);
Assert.True(result);
Assert.True(string.IsNullOrEmpty(exception));
}
[Theory]
[BitAutoData]
[OrganizationLicenseCustomize]
public async Task ValidateForOrganization_NoScimConfig_NotAllowedByLicense_Success(List<OrganizationUser> orgUsers,
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
{
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
orgLicense.UseScim = false;
orgDetails.ScimConnections = null;
var result = orgDetails.CanUseLicense(license, out var exception);
Assert.True(result);
Assert.True(string.IsNullOrEmpty(exception));
}
[Theory]
[BitAutoData]
[OrganizationLicenseCustomize]
public async Task ValidateForOrganization_CustomPermissions_NotAllowedByLicense_Fail(List<OrganizationUser> orgUsers,
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
{
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
orgLicense.UseCustomPermissions = false;
var result = orgDetails.CanUseLicense(license, out var exception);
Assert.False(result);
Assert.Contains("Your new plan does not allow the Custom Permissions feature", exception);
}
[Theory]
[BitAutoData]
[OrganizationLicenseCustomize]
public async Task ValidateForOrganization_NoCustomPermissions_NotAllowedByLicense_Success(List<OrganizationUser> orgUsers,
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
{
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
orgLicense.UseCustomPermissions = false;
((List<OrganizationUser>)orgDetails.OrganizationUsers).ForEach(ou => ou.Type = OrganizationUserType.User);
var result = orgDetails.CanUseLicense(license, out var exception);
Assert.True(result);
Assert.True(string.IsNullOrEmpty(exception));
}
[Theory]
[BitAutoData]
[OrganizationLicenseCustomize]
public async Task ValidateForOrganization_ResetPassword_NotAllowedByLicense_Fail(List<OrganizationUser> orgUsers,
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
{
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
orgLicense.UseResetPassword = false;
var result = orgDetails.CanUseLicense(license, out var exception);
Assert.False(result);
Assert.Contains("Your new license does not allow the Password Reset feature", exception);
}
[Theory]
[BitAutoData]
[OrganizationLicenseCustomize]
public async Task ValidateForOrganization_DisabledResetPassword_NotAllowedByLicense_Success(List<OrganizationUser> orgUsers,
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
{
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
orgLicense.UseResetPassword = false;
((List<Policy>)orgDetails.Policies).ForEach(p => p.Enabled = false);
var result = orgDetails.CanUseLicense(license, out var exception);
Assert.True(result);
Assert.True(string.IsNullOrEmpty(exception));
}
private (SelfHostedOrganizationDetails organization, OrganizationLicense license) GetOrganizationAndLicense(List<OrganizationUser> orgUsers,
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
{
// The default state is that all features are used by Org and allowed by License
// Each test then toggles on/off as necessary
policies.ForEach(p => p.Enabled = true);
policies.First().Type = PolicyType.ResetPassword;
ssoConfig.Enabled = true;
ssoConfig.SetData(new SsoConfigurationData()
{
KeyConnectorEnabled = true
});
var enabledScimConfig = new ScimConfig() { Enabled = true };
scimConnections.ForEach(c => c.Config = enabledScimConfig);
orgUsers.First().Type = OrganizationUserType.Custom;
var organization = new SelfHostedOrganizationDetails()
{
OccupiedSeatCount = 10,
CollectionCount = 5,
GroupCount = 5,
OrganizationUsers = orgUsers,
Policies = policies,
SsoConfig = ssoConfig,
ScimConnections = scimConnections,
UsePolicies = true,
UseSso = true,
UseKeyConnector = true,
UseScim = true,
UseGroups = true,
UseDirectory = true,
UseEvents = true,
UseTotp = true,
Use2fa = true,
UseApi = true,
UseResetPassword = true,
SelfHost = true,
UsersGetPremium = true,
UseCustomPermissions = true,
};
license.Enabled = true;
license.PlanType = PlanType.EnterpriseAnnually;
license.Seats = 10;
license.MaxCollections = 5;
license.UsePolicies = true;
license.UseSso = true;
license.UseKeyConnector = true;
license.UseScim = true;
license.UseGroups = true;
license.UseEvents = true;
license.UseDirectory = true;
license.UseTotp = true;
license.Use2fa = true;
license.UseApi = true;
license.UseResetPassword = true;
license.MaxStorageGb = 1;
license.SelfHost = true;
license.UsersGetPremium = true;
license.UseCustomPermissions = true;
license.Version = 11;
license.Issued = DateTime.Now;
license.Expires = DateTime.Now.AddYears(1);
return (organization, license);
}
}