1
0
mirror of https://github.com/bitwarden/server.git synced 2025-07-01 16:12:49 -05:00

Merge branch 'ac/ac-2323/sql-automatic-data-migrations' into ac/ac-1682/ef-migrations

# Conflicts:
#	src/Core/Constants.cs
This commit is contained in:
Rui Tome
2024-04-10 15:41:52 +01:00
55 changed files with 939 additions and 226 deletions

View File

@ -7,7 +7,6 @@ using Bit.Core.Services;
using Bit.Test.Common.AutoFixture;
using Bit.Test.Common.AutoFixture.Attributes;
using NSubstitute;
using NSubstitute.ExceptionExtensions;
using NSubstitute.ReturnsExtensions;
using Xunit;
@ -25,9 +24,6 @@ public class CreateOrganizationDomainCommandTests
sutProvider.GetDependency<IOrganizationDomainRepository>()
.GetDomainByOrgIdAndDomainNameAsync(orgDomain.OrganizationId, orgDomain.DomainName)
.ReturnsNull();
sutProvider.GetDependency<IDnsResolverService>()
.ResolveAsync(orgDomain.DomainName, orgDomain.Txt)
.Returns(false);
orgDomain.SetNextRunDate(12);
sutProvider.GetDependency<IOrganizationDomainRepository>()
.CreateAsync(orgDomain)
@ -38,12 +34,12 @@ public class CreateOrganizationDomainCommandTests
Assert.Equal(orgDomain.Id, result.Id);
Assert.Equal(orgDomain.OrganizationId, result.OrganizationId);
Assert.NotNull(result.LastCheckedDate);
Assert.Null(result.LastCheckedDate);
Assert.Equal(orgDomain.Txt, result.Txt);
Assert.Equal(orgDomain.Txt.Length == 47, result.Txt.Length == 47);
Assert.Equal(orgDomain.NextRunDate, result.NextRunDate);
await sutProvider.GetDependency<IEventService>().Received(1)
.LogOrganizationDomainEventAsync(Arg.Any<OrganizationDomain>(), EventType.OrganizationDomain_Added);
await sutProvider.GetDependency<IEventService>().Received(1)
.LogOrganizationDomainEventAsync(Arg.Any<OrganizationDomain>(), Arg.Is<EventType>(x => x == EventType.OrganizationDomain_NotVerified));
}
[Theory, BitAutoData]
@ -79,52 +75,4 @@ public class CreateOrganizationDomainCommandTests
var exception = await Assert.ThrowsAsync<ConflictException>(requestAction);
Assert.Contains("A domain already exists for this organization.", exception.Message);
}
[Theory, BitAutoData]
public async Task CreateAsync_ShouldNotSetVerifiedDate_WhenDomainCannotBeResolved(OrganizationDomain orgDomain,
SutProvider<CreateOrganizationDomainCommand> sutProvider)
{
sutProvider.GetDependency<IOrganizationDomainRepository>()
.GetClaimedDomainsByDomainNameAsync(orgDomain.DomainName)
.Returns(new List<OrganizationDomain>());
sutProvider.GetDependency<IOrganizationDomainRepository>()
.GetDomainByOrgIdAndDomainNameAsync(orgDomain.OrganizationId, orgDomain.DomainName)
.ReturnsNull();
sutProvider.GetDependency<IDnsResolverService>()
.ResolveAsync(orgDomain.DomainName, orgDomain.Txt)
.Throws(new DnsQueryException(""));
sutProvider.GetDependency<IOrganizationDomainRepository>()
.CreateAsync(orgDomain)
.Returns(orgDomain);
await sutProvider.Sut.CreateAsync(orgDomain);
Assert.Null(orgDomain.VerifiedDate);
}
[Theory, BitAutoData]
public async Task CreateAsync_ShouldSetVerifiedDateAndLogEvent_WhenDomainIsResolved(OrganizationDomain orgDomain,
SutProvider<CreateOrganizationDomainCommand> sutProvider)
{
sutProvider.GetDependency<IOrganizationDomainRepository>()
.GetClaimedDomainsByDomainNameAsync(orgDomain.DomainName)
.Returns(new List<OrganizationDomain>());
sutProvider.GetDependency<IOrganizationDomainRepository>()
.GetDomainByOrgIdAndDomainNameAsync(orgDomain.OrganizationId, orgDomain.DomainName)
.ReturnsNull();
sutProvider.GetDependency<IDnsResolverService>()
.ResolveAsync(orgDomain.DomainName, orgDomain.Txt)
.Returns(true);
sutProvider.GetDependency<IOrganizationDomainRepository>()
.CreateAsync(orgDomain)
.Returns(orgDomain);
var result = await sutProvider.Sut.CreateAsync(orgDomain);
Assert.NotNull(result.VerifiedDate);
await sutProvider.GetDependency<IEventService>().Received(1)
.LogOrganizationDomainEventAsync(Arg.Any<OrganizationDomain>(), EventType.OrganizationDomain_Added);
await sutProvider.GetDependency<IEventService>().Received(1)
.LogOrganizationDomainEventAsync(Arg.Any<OrganizationDomain>(), Arg.Is<EventType>(x => x == EventType.OrganizationDomain_Verified));
}
}

View File

@ -410,7 +410,7 @@ public class OrganizationServiceTests
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.SignUpAsync(signup));
Assert.Contains("Plan does not allow additional Service Accounts.", exception.Message);
Assert.Contains("Plan does not allow additional Machine Accounts.", exception.Message);
}
[Theory]
@ -444,7 +444,7 @@ public class OrganizationServiceTests
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.SignUpAsync(signup));
Assert.Contains("You can't subtract Service Accounts!", exception.Message);
Assert.Contains("You can't subtract Machine Accounts!", exception.Message);
}
[Theory]
@ -2208,7 +2208,7 @@ OrganizationUserInvite invite, SutProvider<OrganizationService> sutProvider)
AdditionalSeats = 3
};
var exception = Assert.Throws<BadRequestException>(() => sutProvider.Sut.ValidateSecretsManagerPlan(plan, signup));
Assert.Contains("Plan does not allow additional Service Accounts.", exception.Message);
Assert.Contains("Plan does not allow additional Machine Accounts.", exception.Message);
}
[Theory]
@ -2249,7 +2249,7 @@ OrganizationUserInvite invite, SutProvider<OrganizationService> sutProvider)
AdditionalSeats = 5
};
var exception = Assert.Throws<BadRequestException>(() => sutProvider.Sut.ValidateSecretsManagerPlan(plan, signup));
Assert.Contains("You can't subtract Service Accounts!", exception.Message);
Assert.Contains("You can't subtract Machine Accounts!", exception.Message);
}
[Theory]

View File

@ -447,7 +447,7 @@ public class UpdateSecretsManagerSubscriptionCommandTests
var update = new SecretsManagerSubscriptionUpdate(organization, false).AdjustServiceAccounts(1);
var exception = await Assert.ThrowsAsync<BadRequestException>(() => sutProvider.Sut.UpdateSubscriptionAsync(update));
Assert.Contains("Organization has no service accounts limit, no need to adjust service accounts", exception.Message);
Assert.Contains("Organization has no machine accounts limit, no need to adjust machine accounts", exception.Message);
await VerifyDependencyNotCalledAsync(sutProvider);
}
@ -460,7 +460,7 @@ public class UpdateSecretsManagerSubscriptionCommandTests
var update = new SecretsManagerSubscriptionUpdate(organization, true).AdjustServiceAccounts(-2);
var exception = await Assert.ThrowsAsync<BadRequestException>(() => sutProvider.Sut.UpdateSubscriptionAsync(update));
Assert.Contains("Cannot use autoscaling to subtract service accounts.", exception.Message);
Assert.Contains("Cannot use autoscaling to subtract machine accounts.", exception.Message);
await VerifyDependencyNotCalledAsync(sutProvider);
}
@ -475,7 +475,7 @@ public class UpdateSecretsManagerSubscriptionCommandTests
var update = new SecretsManagerSubscriptionUpdate(organization, false).AdjustServiceAccounts(1);
var exception = await Assert.ThrowsAsync<BadRequestException>(() => sutProvider.Sut.UpdateSubscriptionAsync(update));
Assert.Contains("You have reached the maximum number of service accounts (3) for this plan",
Assert.Contains("You have reached the maximum number of machine accounts (3) for this plan",
exception.Message, StringComparison.InvariantCultureIgnoreCase);
await VerifyDependencyNotCalledAsync(sutProvider);
}
@ -492,7 +492,7 @@ public class UpdateSecretsManagerSubscriptionCommandTests
var update = new SecretsManagerSubscriptionUpdate(organization, true).AdjustServiceAccounts(2);
var exception = await Assert.ThrowsAsync<BadRequestException>(() => sutProvider.Sut.UpdateSubscriptionAsync(update));
Assert.Contains("Secrets Manager service account limit has been reached.", exception.Message);
Assert.Contains("Secrets Manager machine account limit has been reached.", exception.Message);
await VerifyDependencyNotCalledAsync(sutProvider);
}
@ -516,7 +516,7 @@ public class UpdateSecretsManagerSubscriptionCommandTests
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.UpdateSubscriptionAsync(update));
Assert.Contains("Cannot set max service accounts autoscaling below service account amount", exception.Message);
Assert.Contains("Cannot set max machine accounts autoscaling below machine account amount", exception.Message);
await VerifyDependencyNotCalledAsync(sutProvider);
}
@ -526,7 +526,7 @@ public class UpdateSecretsManagerSubscriptionCommandTests
Organization organization,
SutProvider<UpdateSecretsManagerSubscriptionCommand> sutProvider)
{
const int newSmServiceAccounts = 199;
const int newSmServiceAccounts = 49;
organization.SmServiceAccounts = newSmServiceAccounts - 10;
@ -537,7 +537,7 @@ public class UpdateSecretsManagerSubscriptionCommandTests
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.UpdateSubscriptionAsync(update));
Assert.Contains("Plan has a minimum of 200 service accounts", exception.Message);
Assert.Contains("Plan has a minimum of 50 machine accounts", exception.Message);
await VerifyDependencyNotCalledAsync(sutProvider);
}
@ -570,7 +570,7 @@ public class UpdateSecretsManagerSubscriptionCommandTests
.Returns(currentServiceAccounts);
var exception = await Assert.ThrowsAsync<BadRequestException>(() => sutProvider.Sut.UpdateSubscriptionAsync(update));
Assert.Contains("Your organization currently has 301 service accounts. You cannot decrease your subscription below your current service account usage", exception.Message);
Assert.Contains("Your organization currently has 301 machine accounts. You cannot decrease your subscription below your current machine account usage", exception.Message);
await VerifyDependencyNotCalledAsync(sutProvider);
}
@ -648,7 +648,7 @@ public class UpdateSecretsManagerSubscriptionCommandTests
var update = new SecretsManagerSubscriptionUpdate(organization, false) { MaxAutoscaleSmServiceAccounts = 3 };
var exception = await Assert.ThrowsAsync<BadRequestException>(() => sutProvider.Sut.UpdateSubscriptionAsync(update));
Assert.Contains("Your plan does not allow service accounts autoscaling.", exception.Message);
Assert.Contains("Your plan does not allow machine accounts autoscaling.", exception.Message);
await VerifyDependencyNotCalledAsync(sutProvider);
}

View File

@ -192,7 +192,7 @@ public class UpgradeOrganizationPlanCommandTests
.GetServiceAccountCountByOrganizationIdAsync(organization.Id).Returns(currentServiceAccounts);
var exception = await Assert.ThrowsAsync<BadRequestException>(() => sutProvider.Sut.UpgradePlanAsync(organization.Id, upgrade));
Assert.Contains($"Your organization currently has {currentServiceAccounts} service accounts. Your new plan only allows", exception.Message);
Assert.Contains($"Your organization currently has {currentServiceAccounts} machine accounts. Your new plan only allows", exception.Message);
sutProvider.GetDependency<IOrganizationService>().DidNotReceiveWithAnyArgs().ReplaceAndUpdateCacheAsync(default);
}

View File

@ -1,6 +1,7 @@
using Bit.Core.Repositories;
using Bit.Core.Services;
using Bit.Core.Settings;
using Microsoft.Extensions.Logging;
using NSubstitute;
using Xunit;
@ -11,16 +12,19 @@ public class NotificationHubPushRegistrationServiceTests
private readonly NotificationHubPushRegistrationService _sut;
private readonly IInstallationDeviceRepository _installationDeviceRepository;
private readonly ILogger<NotificationHubPushRegistrationService> _logger;
private readonly GlobalSettings _globalSettings;
public NotificationHubPushRegistrationServiceTests()
{
_installationDeviceRepository = Substitute.For<IInstallationDeviceRepository>();
_logger = Substitute.For<ILogger<NotificationHubPushRegistrationService>>();
_globalSettings = new GlobalSettings();
_sut = new NotificationHubPushRegistrationService(
_installationDeviceRepository,
_globalSettings
_globalSettings,
_logger
);
}

View File

@ -13,7 +13,7 @@ public class StaticStoreTests
var plans = StaticStore.Plans.ToList();
Assert.NotNull(plans);
Assert.NotEmpty(plans);
Assert.Equal(17, plans.Count);
Assert.Equal(22, plans.Count);
}
[Theory]

View File

@ -0,0 +1,141 @@
using System.Text.Json;
using Bit.Core.AdminConsole.Entities;
using Bit.Core.Auth.Enums;
using Bit.Core.Auth.Models.Api.Request.Accounts;
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Repositories;
using Bit.Core.Services;
using Bit.IntegrationTestCommon.Factories;
using Bit.Test.Common.AutoFixture.Attributes;
using Bit.Test.Common.Helpers;
using Microsoft.AspNetCore.TestHost;
using Xunit;
namespace Bit.Identity.IntegrationTest.Endpoints;
public class IdentityServerTwoFactorTests : IClassFixture<IdentityApplicationFactory>
{
private readonly IdentityApplicationFactory _factory;
private readonly IUserRepository _userRepository;
private readonly IUserService _userService;
public IdentityServerTwoFactorTests(IdentityApplicationFactory factory)
{
_factory = factory;
_userRepository = _factory.GetService<IUserRepository>();
_userService = _factory.GetService<IUserService>();
}
[Theory, BitAutoData]
public async Task TokenEndpoint_UserTwoFactorRequired_NoTwoFactorProvided_Fails(string deviceId)
{
// Arrange
var username = "test+2farequired@email.com";
var twoFactor = """{"1": { "Enabled": true, "MetaData": { "Email": "test+2farequired@email.com"}}}""";
await CreateUserAsync(_factory.Server, username, deviceId, async () =>
{
var user = await _userRepository.GetByEmailAsync(username);
user.TwoFactorProviders = twoFactor;
await _userService.UpdateTwoFactorProviderAsync(user, TwoFactorProviderType.Email);
});
// Act
var context = await PostLoginAsync(_factory.Server, username, deviceId);
// Assert
var body = await AssertHelper.AssertResponseTypeIs<JsonDocument>(context);
var root = body.RootElement;
var error = AssertHelper.AssertJsonProperty(root, "error_description", JsonValueKind.String).GetString();
Assert.Equal("Two factor required.", error);
}
[Theory, BitAutoData]
public async Task TokenEndpoint_OrgTwoFactorRequired_NoTwoFactorProvided_Fails(string deviceId)
{
// Arrange
var username = "test+org2farequired@email.com";
// use valid length keys so DuoWeb.SignRequest doesn't throw
// ikey: 20, skey: 40, akey: 40
var orgTwoFactor =
"""{"6":{"Enabled":true,"MetaData":{"IKey":"DIEFB13LB49IEB3459N2","SKey":"0ZnsZHav0KcNPBZTS6EOUwqLPoB0sfMd5aJeWExQ","Host":"api-example.duosecurity.com"}}}""";
var server = _factory.WithWebHostBuilder(builder =>
{
builder.UseSetting("globalSettings:Duo:AKey", "WJHB374KM3N5hglO9hniwbkibg$789EfbhNyLpNq1");
}).Server;
await CreateUserAsync(server, username, deviceId, async () =>
{
var user = await _userRepository.GetByEmailAsync(username);
var organizationRepository = _factory.Services.GetService<IOrganizationRepository>();
var organization = await organizationRepository.CreateAsync(new Organization
{
Name = "Test Org",
Use2fa = true,
TwoFactorProviders = orgTwoFactor,
});
await _factory.Services.GetService<IOrganizationUserRepository>()
.CreateAsync(new OrganizationUser
{
UserId = user.Id,
OrganizationId = organization.Id,
Status = OrganizationUserStatusType.Confirmed,
Type = OrganizationUserType.User,
});
});
// Act
var context = await PostLoginAsync(server, username, deviceId);
// Assert
var body = await AssertHelper.AssertResponseTypeIs<JsonDocument>(context);
var root = body.RootElement;
var error = AssertHelper.AssertJsonProperty(root, "error_description", JsonValueKind.String).GetString();
Assert.Equal("Two factor required.", error);
}
private async Task CreateUserAsync(TestServer server, string username, string deviceId,
Func<Task> twoFactorSetup)
{
// Register user
await _factory.RegisterAsync(new RegisterRequestModel
{
Email = username,
MasterPasswordHash = "master_password_hash"
});
// Add two factor
if (twoFactorSetup != null)
{
await twoFactorSetup();
}
}
private async Task<HttpContext> PostLoginAsync(TestServer server, string username, string deviceId,
Action<HttpContext> extraConfiguration = null)
{
return await server.PostAsync("/connect/token", new FormUrlEncodedContent(new Dictionary<string, string>
{
{ "scope", "api offline_access" },
{ "client_id", "web" },
{ "deviceType", DeviceTypeAsString(DeviceType.FirefoxBrowser) },
{ "deviceIdentifier", deviceId },
{ "deviceName", "firefox" },
{ "grant_type", "password" },
{ "username", username },
{ "password", "master_password_hash" },
}), context => context.SetAuthEmail(username));
}
private static string DeviceTypeAsString(DeviceType deviceType)
{
return ((int)deviceType).ToString();
}
}

View File

@ -1,9 +1,11 @@
using Bit.Core.Entities;
using AutoMapper;
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Models.Data.Organizations;
using Bit.Core.Test.AutoFixture.Attributes;
using Bit.Infrastructure.EFIntegration.Test.AutoFixture;
using Bit.Infrastructure.EFIntegration.Test.Repositories.EqualityComparers;
using Bit.Infrastructure.EntityFramework.AdminConsole.Models;
using Xunit;
using EfRepo = Bit.Infrastructure.EntityFramework.Repositories;
using Organization = Bit.Core.AdminConsole.Entities.Organization;
@ -13,6 +15,13 @@ namespace Bit.Infrastructure.EFIntegration.Test.Repositories;
public class OrganizationRepositoryTests
{
[Fact]
public void ValidateOrganizationMappings_ReturnsSuccess()
{
var config = new MapperConfiguration(cfg => cfg.AddProfile<OrganizationMapperProfile>());
config.AssertConfigurationIsValid();
}
[CiSkippedTheory, EfOrganizationAutoData]
public async Task CreateAsync_Works_DataMatches(
Organization organization,