nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-28 06:36:15 -05:00
Code

Add validation to CreateCollectionCommand to prevent creation of DefaultUserCollection type

Browse Source 
* Implemented a check in CreateCollectionCommand to throw a BadRequestException if a collection of type DefaultUserCollection is attempted to be created.
* Added a unit test to verify that the exception is thrown with the correct message when attempting to create a collection of this type.
This commit is contained in:
Rui Tome 2025-06-13 14:48:28 +01:00
parent 136200b333
commit 4ef64db486
No known key found for this signature in database
GPG Key ID: 526239D96A8EC066
2 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/Core/OrganizationFeatures/OrganizationCollections/CreateCollectionCommand.cs
View File

@ -1,4 +1,5 @@
using Bit.Core.Entities; using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Exceptions; using Bit.Core.Exceptions;
using Bit.Core.Models.Data; using Bit.Core.Models.Data;
using Bit.Core.OrganizationFeatures.OrganizationCollections.Interfaces; using Bit.Core.OrganizationFeatures.OrganizationCollections.Interfaces;
@ -26,6 +27,11 @@ public class CreateCollectionCommand : ICreateCollectionCommand
public async Task<Collection> CreateAsync(Collection collection, IEnumerable<CollectionAccessSelection> groups = null, public async Task<Collection> CreateAsync(Collection collection, IEnumerable<CollectionAccessSelection> groups = null,
IEnumerable<CollectionAccessSelection> users = null) IEnumerable<CollectionAccessSelection> users = null)
{ {
if (collection.Type == CollectionType.DefaultUserCollection)
{
throw new BadRequestException("You cannot create a collection with the type as DefaultUserCollection.");
}
var org = await _organizationRepository.GetByIdAsync(collection.OrganizationId); var org = await _organizationRepository.GetByIdAsync(collection.OrganizationId);
if (org == null) if (org == null)
{ {

23
test/Core.Test/OrganizationFeatures/OrganizationCollections/CreateCollectionCommandTests.cs
View File

@ -199,4 +199,27 @@ public class CreateCollectionCommandTests
.DidNotReceiveWithAnyArgs() .DidNotReceiveWithAnyArgs()
.LogCollectionEventAsync(default, default); .LogCollectionEventAsync(default, default);
} }
[Theory, BitAutoData]
public async Task CreateAsync_WithDefaultUserCollectionType_ThrowsBadRequest(
Organization organization, Collection collection, SutProvider<CreateCollectionCommand> sutProvider)
{
collection.Id = default;
collection.Type = CollectionType.DefaultUserCollection;
sutProvider.GetDependency<IOrganizationRepository>()
.GetByIdAsync(organization.Id)
.Returns(organization);
var ex = await Assert.ThrowsAsync<BadRequestException>(() => sutProvider.Sut.CreateAsync(collection));
Assert.Contains("You cannot create a collection with the type as DefaultUserCollection.", ex.Message);
await sutProvider.GetDependency<ICollectionRepository>()
.DidNotReceiveWithAnyArgs()
.CreateAsync(default);
await sutProvider.GetDependency<ICollectionRepository>()
.DidNotReceiveWithAnyArgs()
.CreateAsync(default, default, default);
await sutProvider.GetDependency<IEventService>()
.DidNotReceiveWithAnyArgs()
.LogCollectionEventAsync(default, default);
}
} }