mirror of
https://github.com/bitwarden/server.git
synced 2025-07-01 08:02:49 -05:00
[AC-1139] Unit tests refactors and added tests
This commit is contained in:
Rui Tome
@ -42,21 +42,13 @@ public class BulkCollectionAuthorizationHandler : BulkAuthorizationHandler<Colle
|
||||
}
|
||||
|
||||
// Establish pattern of authorization handler null checking passed resources
|
||||
if (resources == null)
|
||||
if (resources == null || !resources.Any() || !_currentContext.UserId.HasValue)
|
||||
{
|
||||
context.Fail();
|
||||
return;
|
||||
}
|
||||
|
||||
if (!_currentContext.UserId.HasValue)
|
||||
{
|
||||
context.Fail();
|
||||
return;
|
||||
}
|
||||
|
||||
var targetOrganizationId = requirement.OrganizationId != default
|
||||
? requirement.OrganizationId : resources.FirstOrDefault()?.OrganizationId ?? default;
|
||||
|
||||
var targetOrganizationId = resources.FirstOrDefault()?.OrganizationId ?? default;
|
||||
if (targetOrganizationId == default)
|
||||
{
|
||||
context.Fail();
|
||||
@ -123,6 +115,7 @@ public class BulkCollectionAuthorizationHandler : BulkAuthorizationHandler<Colle
|
||||
ICollection<Collection> targetCollections, CurrentContextOrganization org)
|
||||
{
|
||||
if (org.Type is OrganizationUserType.Owner or OrganizationUserType.Admin ||
|
||||
org.Permissions.EditAnyCollection || org.Permissions.DeleteAnyCollection ||
|
||||
await _currentContext.ProviderUserForOrgAsync(org.Id))
|
||||
{
|
||||
context.Succeed(requirement);
|
||||
|
||||
@ -61,8 +61,6 @@ public class CollectionAuthorizationHandler : AuthorizationHandler<CollectionOpe
|
||||
{
|
||||
// Acting user is a member of the target organization, check permissions
|
||||
if (org.Type is OrganizationUserType.Owner or OrganizationUserType.Admin ||
|
||||
org.Permissions.ManageGroups ||
|
||||
org.Permissions.ManageUsers ||
|
||||
org.Permissions.EditAnyCollection ||
|
||||
org.Permissions.DeleteAnyCollection ||
|
||||
org.Permissions.AccessImportExport)
|
||||
@ -86,8 +84,6 @@ public class CollectionAuthorizationHandler : AuthorizationHandler<CollectionOpe
|
||||
{
|
||||
// Acting user is a member of the target organization, check permissions
|
||||
if (org.Type is OrganizationUserType.Owner or OrganizationUserType.Admin ||
|
||||
org.Permissions.ManageGroups ||
|
||||
org.Permissions.ManageUsers ||
|
||||
org.Permissions.EditAnyCollection ||
|
||||
org.Permissions.DeleteAnyCollection)
|
||||
{
|
||||
@ -101,6 +97,5 @@ public class CollectionAuthorizationHandler : AuthorizationHandler<CollectionOpe
|
||||
{
|
||||
context.Succeed(requirement);
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@ -21,6 +21,448 @@ namespace Bit.Api.Test.Vault.AuthorizationHandlers;
|
||||
[FeatureServiceCustomize(FeatureFlagKeys.FlexibleCollections)]
|
||||
public class BulkCollectionAuthorizationHandlerTests
|
||||
{
|
||||
[Theory, CollectionCustomization]
|
||||
[BitAutoData(OrganizationUserType.User, false, false)]
|
||||
[BitAutoData(OrganizationUserType.Admin, false, true)]
|
||||
[BitAutoData(OrganizationUserType.Owner, false, true)]
|
||||
[BitAutoData(OrganizationUserType.Custom, true, true)]
|
||||
public async Task CanCreateAsync_Success(
|
||||
OrganizationUserType userType, bool createNewCollection, bool limitCollectionCreateDelete,
|
||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||
ICollection<Collection> collections,
|
||||
CurrentContextOrganization organization)
|
||||
{
|
||||
var actingUserId = Guid.NewGuid();
|
||||
|
||||
organization.Type = userType;
|
||||
organization.Permissions.CreateNewCollections = createNewCollection;
|
||||
organization.LimitCollectionCreationDeletion = limitCollectionCreateDelete;
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { CollectionOperations.Create },
|
||||
new ClaimsPrincipal(),
|
||||
collections);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
Assert.True(context.HasSucceeded);
|
||||
}
|
||||
|
||||
[Theory, BitAutoData, CollectionCustomization]
|
||||
public async Task CanCreateAsync_WhenProviderUser_Success(
|
||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||
ICollection<CollectionDetails> collections,
|
||||
CurrentContextOrganization organization)
|
||||
{
|
||||
var actingUserId = Guid.NewGuid();
|
||||
|
||||
organization.Type = OrganizationUserType.User;
|
||||
organization.Permissions.CreateNewCollections = false;
|
||||
organization.LimitCollectionCreationDeletion = true;
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { CollectionOperations.Create },
|
||||
new ClaimsPrincipal(),
|
||||
collections);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
sutProvider.GetDependency<ICurrentContext>().ProviderUserForOrgAsync(organization.Id).Returns(true);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
Assert.True(context.HasSucceeded);
|
||||
}
|
||||
|
||||
[Theory, CollectionCustomization]
|
||||
[BitAutoData(OrganizationUserType.User)]
|
||||
[BitAutoData(OrganizationUserType.Custom)]
|
||||
public async Task CanCreateAsync_WhenMissingCreateCollectionPermission_Failure(
|
||||
OrganizationUserType userType,
|
||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||
ICollection<Collection> collections,
|
||||
CurrentContextOrganization organization)
|
||||
{
|
||||
var actingUserId = Guid.NewGuid();
|
||||
|
||||
organization.Type = userType;
|
||||
organization.Permissions.CreateNewCollections = false;
|
||||
organization.LimitCollectionCreationDeletion = true;
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { CollectionOperations.Create },
|
||||
new ClaimsPrincipal(),
|
||||
collections);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
Assert.False(context.HasSucceeded);
|
||||
}
|
||||
|
||||
[Theory, CollectionCustomization]
|
||||
[BitAutoData(OrganizationUserType.Admin)]
|
||||
[BitAutoData(OrganizationUserType.Owner)]
|
||||
public async Task CanReadAsync_WhenAdminOrOwner_Success(
|
||||
OrganizationUserType userType,
|
||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||
ICollection<CollectionDetails> collections,
|
||||
CurrentContextOrganization organization)
|
||||
{
|
||||
var actingUserId = Guid.NewGuid();
|
||||
|
||||
organization.Type = userType;
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { CollectionOperations.Read },
|
||||
new ClaimsPrincipal(),
|
||||
collections);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
Assert.True(context.HasSucceeded);
|
||||
}
|
||||
|
||||
[Theory, BitAutoData, CollectionCustomization]
|
||||
public async Task CanReadAsync_WhenProviderUser_Success(
|
||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||
ICollection<CollectionDetails> collections,
|
||||
CurrentContextOrganization organization)
|
||||
{
|
||||
var actingUserId = Guid.NewGuid();
|
||||
|
||||
organization.Type = OrganizationUserType.User;
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { CollectionOperations.Read },
|
||||
new ClaimsPrincipal(),
|
||||
collections);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
sutProvider.GetDependency<ICurrentContext>().ProviderUserForOrgAsync(organization.Id).Returns(true);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
Assert.True(context.HasSucceeded);
|
||||
}
|
||||
|
||||
[Theory, CollectionCustomization]
|
||||
[BitAutoData(true, false)]
|
||||
[BitAutoData(false, true)]
|
||||
public async Task CanReadAsync_WhenCustomUserWithRequiredPermissions_Success(
|
||||
bool editAnyCollection, bool deleteAnyCollection,
|
||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||
ICollection<CollectionDetails> collections,
|
||||
CurrentContextOrganization organization)
|
||||
{
|
||||
var actingUserId = Guid.NewGuid();
|
||||
|
||||
organization.Type = OrganizationUserType.Custom;
|
||||
organization.Permissions.EditAnyCollection = editAnyCollection;
|
||||
organization.Permissions.DeleteAnyCollection = deleteAnyCollection;
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { CollectionOperations.Read },
|
||||
new ClaimsPrincipal(),
|
||||
collections);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
Assert.True(context.HasSucceeded);
|
||||
}
|
||||
|
||||
[Theory, BitAutoData, CollectionCustomization]
|
||||
public async Task CanReadAsync_WhenUserAssigned_Success(
|
||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||
ICollection<CollectionDetails> collections,
|
||||
CurrentContextOrganization organization)
|
||||
{
|
||||
var actingUserId = Guid.NewGuid();
|
||||
|
||||
organization.Type = OrganizationUserType.User;
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { CollectionOperations.Read },
|
||||
new ClaimsPrincipal(),
|
||||
collections);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
sutProvider.GetDependency<ICollectionRepository>().GetManyByUserIdAsync(actingUserId).Returns(collections);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
Assert.True(context.HasSucceeded);
|
||||
}
|
||||
|
||||
[Theory, CollectionCustomization]
|
||||
[BitAutoData(OrganizationUserType.User)]
|
||||
[BitAutoData(OrganizationUserType.Custom)]
|
||||
public async Task CanReadAsync_WhenMissingAccess_Failure(
|
||||
OrganizationUserType userType,
|
||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||
ICollection<CollectionDetails> collections,
|
||||
CurrentContextOrganization organization)
|
||||
{
|
||||
var actingUserId = Guid.NewGuid();
|
||||
|
||||
organization.Type = userType;
|
||||
organization.Permissions.EditAnyCollection = false;
|
||||
organization.Permissions.DeleteAnyCollection = false;
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { CollectionOperations.Read },
|
||||
new ClaimsPrincipal(),
|
||||
collections);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
Assert.False(context.HasSucceeded);
|
||||
}
|
||||
|
||||
[Theory, CollectionCustomization]
|
||||
[BitAutoData(OrganizationUserType.Admin)]
|
||||
[BitAutoData(OrganizationUserType.Owner)]
|
||||
public async Task CanReadAccessAsync_WhenAdminOrOwner_Success(
|
||||
OrganizationUserType userType,
|
||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||
ICollection<CollectionDetails> collections,
|
||||
CurrentContextOrganization organization)
|
||||
{
|
||||
var actingUserId = Guid.NewGuid();
|
||||
|
||||
organization.Type = userType;
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { CollectionOperations.ReadAccess },
|
||||
new ClaimsPrincipal(),
|
||||
collections);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
Assert.True(context.HasSucceeded);
|
||||
}
|
||||
|
||||
[Theory, BitAutoData, CollectionCustomization]
|
||||
public async Task CanReadAccessAsync_WhenProviderUser_Success(
|
||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||
ICollection<CollectionDetails> collections,
|
||||
CurrentContextOrganization organization)
|
||||
{
|
||||
var actingUserId = Guid.NewGuid();
|
||||
|
||||
organization.Type = OrganizationUserType.User;
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { CollectionOperations.ReadAccess },
|
||||
new ClaimsPrincipal(),
|
||||
collections);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
sutProvider.GetDependency<ICurrentContext>().ProviderUserForOrgAsync(organization.Id).Returns(true);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
Assert.True(context.HasSucceeded);
|
||||
}
|
||||
|
||||
[Theory, CollectionCustomization]
|
||||
[BitAutoData(true, false)]
|
||||
[BitAutoData(false, true)]
|
||||
public async Task CanReadAccessAsync_WhenCustomUserWithRequiredPermissions_Success(
|
||||
bool editAnyCollection, bool deleteAnyCollection,
|
||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||
ICollection<CollectionDetails> collections,
|
||||
CurrentContextOrganization organization)
|
||||
{
|
||||
var actingUserId = Guid.NewGuid();
|
||||
|
||||
organization.Type = OrganizationUserType.Custom;
|
||||
organization.Permissions.EditAnyCollection = editAnyCollection;
|
||||
organization.Permissions.DeleteAnyCollection = deleteAnyCollection;
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { CollectionOperations.ReadAccess },
|
||||
new ClaimsPrincipal(),
|
||||
collections);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
Assert.True(context.HasSucceeded);
|
||||
}
|
||||
|
||||
[Theory, BitAutoData, CollectionCustomization]
|
||||
public async Task CanReadAccessAsync_WhenUserAssigned_Success(
|
||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||
ICollection<CollectionDetails> collections,
|
||||
CurrentContextOrganization organization)
|
||||
{
|
||||
var actingUserId = Guid.NewGuid();
|
||||
|
||||
organization.Type = OrganizationUserType.User;
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { CollectionOperations.ReadAccess },
|
||||
new ClaimsPrincipal(),
|
||||
collections);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
sutProvider.GetDependency<ICollectionRepository>().GetManyByUserIdAsync(actingUserId).Returns(collections);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
Assert.True(context.HasSucceeded);
|
||||
}
|
||||
|
||||
[Theory, CollectionCustomization]
|
||||
[BitAutoData(OrganizationUserType.User)]
|
||||
[BitAutoData(OrganizationUserType.Custom)]
|
||||
public async Task CanReadAccessAsync_WhenMissingAccess_Failure(
|
||||
OrganizationUserType userType,
|
||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||
ICollection<CollectionDetails> collections,
|
||||
CurrentContextOrganization organization)
|
||||
{
|
||||
var actingUserId = Guid.NewGuid();
|
||||
|
||||
organization.Type = userType;
|
||||
organization.Permissions.EditAnyCollection = false;
|
||||
organization.Permissions.DeleteAnyCollection = false;
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { CollectionOperations.ReadAccess },
|
||||
new ClaimsPrincipal(),
|
||||
collections);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
Assert.False(context.HasSucceeded);
|
||||
}
|
||||
|
||||
[Theory, CollectionCustomization]
|
||||
[BitAutoData(OrganizationUserType.User, false, true)]
|
||||
[BitAutoData(OrganizationUserType.Admin, false, false)]
|
||||
[BitAutoData(OrganizationUserType.Owner, false, false)]
|
||||
[BitAutoData(OrganizationUserType.Custom, true, false)]
|
||||
[BitAutoData(OrganizationUserType.Owner, true, true)]
|
||||
public async Task CanUpdateAsync_Success(
|
||||
OrganizationUserType userType, bool editAnyCollection, bool manageCollections,
|
||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||
ICollection<Collection> collections,
|
||||
ICollection<CollectionDetails> collectionDetails,
|
||||
CurrentContextOrganization organization)
|
||||
{
|
||||
var actingUserId = Guid.NewGuid();
|
||||
foreach (var collectionDetail in collectionDetails)
|
||||
{
|
||||
collectionDetail.Manage = manageCollections;
|
||||
}
|
||||
|
||||
organization.Type = userType;
|
||||
organization.Permissions.EditAnyCollection = editAnyCollection;
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { CollectionOperations.Update },
|
||||
new ClaimsPrincipal(),
|
||||
collections);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
sutProvider.GetDependency<ICollectionRepository>().GetManyByUserIdAsync(actingUserId).Returns(collectionDetails);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
Assert.True(context.HasSucceeded);
|
||||
}
|
||||
|
||||
[Theory, BitAutoData, CollectionCustomization]
|
||||
public async Task CanUpdateAsync_WhenProviderUser_Success(
|
||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||
ICollection<Collection> collections,
|
||||
CurrentContextOrganization organization)
|
||||
{
|
||||
var actingUserId = Guid.NewGuid();
|
||||
|
||||
organization.Type = OrganizationUserType.User;
|
||||
organization.Permissions.EditAnyCollection = false;
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { CollectionOperations.Update },
|
||||
new ClaimsPrincipal(),
|
||||
collections);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
sutProvider.GetDependency<ICurrentContext>().ProviderUserForOrgAsync(organization.Id).Returns(true);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
Assert.True(context.HasSucceeded);
|
||||
}
|
||||
|
||||
[Theory, BitAutoData, CollectionCustomization]
|
||||
public async Task CanUpdateAsync_WhenMissingManageCollectionPermission_Failure(
|
||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||
ICollection<Collection> collections,
|
||||
ICollection<CollectionDetails> collectionDetails,
|
||||
CurrentContextOrganization organization)
|
||||
{
|
||||
var actingUserId = Guid.NewGuid();
|
||||
|
||||
foreach (var collectionDetail in collectionDetails)
|
||||
{
|
||||
collectionDetail.Manage = true;
|
||||
}
|
||||
// Simulate one collection missing the manage permission
|
||||
collectionDetails.First().Manage = false;
|
||||
|
||||
// Ensure the user is not an owner/admin and does not have edit any collection permission
|
||||
organization.Type = OrganizationUserType.User;
|
||||
organization.Permissions.EditAnyCollection = false;
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { CollectionOperations.Update },
|
||||
new ClaimsPrincipal(),
|
||||
collections
|
||||
);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(Arg.Any<Guid>()).Returns(organization);
|
||||
sutProvider.GetDependency<ICollectionRepository>().GetManyByUserIdAsync(actingUserId).Returns(collectionDetails);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
Assert.False(context.HasSucceeded);
|
||||
sutProvider.GetDependency<ICurrentContext>().ReceivedWithAnyArgs().GetOrganization(default);
|
||||
await sutProvider.GetDependency<ICollectionRepository>().ReceivedWithAnyArgs()
|
||||
.GetManyByUserIdAsync(default);
|
||||
}
|
||||
|
||||
[Theory, CollectionCustomization]
|
||||
[BitAutoData(OrganizationUserType.User, false, true)]
|
||||
[BitAutoData(OrganizationUserType.Admin, false, false)]
|
||||
@ -57,36 +499,68 @@ public class BulkCollectionAuthorizationHandlerTests
|
||||
Assert.True(context.HasSucceeded);
|
||||
}
|
||||
|
||||
[Theory, CollectionCustomization]
|
||||
[BitAutoData(OrganizationUserType.User, false, false)]
|
||||
[BitAutoData(OrganizationUserType.Admin, false, true)]
|
||||
[BitAutoData(OrganizationUserType.Owner, false, true)]
|
||||
[BitAutoData(OrganizationUserType.Custom, true, true)]
|
||||
public async Task CanCreateAsync_Success(
|
||||
OrganizationUserType userType, bool createNewCollection, bool limitCollectionCreateDelete,
|
||||
[Theory, BitAutoData, CollectionCustomization]
|
||||
public async Task CanManageCollectionAccessAsync_WhenProviderUser_Success(
|
||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||
ICollection<Collection> collections,
|
||||
CurrentContextOrganization organization)
|
||||
{
|
||||
var actingUserId = Guid.NewGuid();
|
||||
|
||||
organization.Type = userType;
|
||||
organization.Permissions.CreateNewCollections = createNewCollection;
|
||||
organization.LimitCollectionCreationDeletion = limitCollectionCreateDelete;
|
||||
organization.Type = OrganizationUserType.User;
|
||||
organization.Permissions.EditAnyCollection = false;
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { CollectionOperations.Create },
|
||||
new[] { CollectionOperations.ModifyAccess },
|
||||
new ClaimsPrincipal(),
|
||||
collections);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
sutProvider.GetDependency<ICurrentContext>().ProviderUserForOrgAsync(organization.Id).Returns(true);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
Assert.True(context.HasSucceeded);
|
||||
}
|
||||
|
||||
[Theory, BitAutoData, CollectionCustomization]
|
||||
public async Task CanManageCollectionAccessAsync_WhenMissingManageCollectionPermission_Failure(
|
||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||
ICollection<Collection> collections,
|
||||
ICollection<CollectionDetails> collectionDetails,
|
||||
CurrentContextOrganization organization)
|
||||
{
|
||||
var actingUserId = Guid.NewGuid();
|
||||
|
||||
foreach (var collectionDetail in collectionDetails)
|
||||
{
|
||||
collectionDetail.Manage = true;
|
||||
}
|
||||
// Simulate one collection missing the manage permission
|
||||
collectionDetails.First().Manage = false;
|
||||
|
||||
// Ensure the user is not an owner/admin and does not have edit any collection permission
|
||||
organization.Type = OrganizationUserType.User;
|
||||
organization.Permissions.EditAnyCollection = false;
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { CollectionOperations.ModifyAccess },
|
||||
new ClaimsPrincipal(),
|
||||
collections
|
||||
);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(Arg.Any<Guid>()).Returns(organization);
|
||||
sutProvider.GetDependency<ICollectionRepository>().GetManyByUserIdAsync(actingUserId).Returns(collectionDetails);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
Assert.False(context.HasSucceeded);
|
||||
sutProvider.GetDependency<ICurrentContext>().ReceivedWithAnyArgs().GetOrganization(default);
|
||||
await sutProvider.GetDependency<ICollectionRepository>().ReceivedWithAnyArgs()
|
||||
.GetManyByUserIdAsync(default);
|
||||
}
|
||||
|
||||
[Theory, CollectionCustomization]
|
||||
[BitAutoData(OrganizationUserType.User, false, false, true)]
|
||||
[BitAutoData(OrganizationUserType.Admin, false, true, false)]
|
||||
@ -123,6 +597,82 @@ public class BulkCollectionAuthorizationHandlerTests
|
||||
Assert.True(context.HasSucceeded);
|
||||
}
|
||||
|
||||
[Theory, BitAutoData, CollectionCustomization]
|
||||
public async Task CanDeleteAsync_WithProviderUser_Success(
|
||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||
ICollection<Collection> collections,
|
||||
CurrentContextOrganization organization)
|
||||
{
|
||||
var actingUserId = Guid.NewGuid();
|
||||
|
||||
organization.Type = OrganizationUserType.User;
|
||||
organization.Permissions.DeleteAnyCollection = false;
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { CollectionOperations.Delete },
|
||||
new ClaimsPrincipal(),
|
||||
collections);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
sutProvider.GetDependency<ICurrentContext>().ProviderUserForOrgAsync(organization.Id).Returns(true);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
Assert.True(context.HasSucceeded);
|
||||
}
|
||||
|
||||
[Theory, BitAutoData, CollectionCustomization]
|
||||
public async Task CanDeleteAsync_WhenCustomUserWithRequiredPermissions_Success(
|
||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||
ICollection<CollectionDetails> collections,
|
||||
CurrentContextOrganization organization)
|
||||
{
|
||||
var actingUserId = Guid.NewGuid();
|
||||
|
||||
organization.Type = OrganizationUserType.Custom;
|
||||
organization.Permissions.DeleteAnyCollection = true;
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { CollectionOperations.Delete },
|
||||
new ClaimsPrincipal(),
|
||||
collections);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
Assert.True(context.HasSucceeded);
|
||||
}
|
||||
|
||||
[Theory, CollectionCustomization]
|
||||
[BitAutoData(OrganizationUserType.User)]
|
||||
[BitAutoData(OrganizationUserType.Custom)]
|
||||
public async Task CanDeleteAsync_WhenMissingPermissions_Failure(
|
||||
OrganizationUserType userType,
|
||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||
ICollection<Collection> collections,
|
||||
CurrentContextOrganization organization)
|
||||
{
|
||||
var actingUserId = Guid.NewGuid();
|
||||
|
||||
organization.Type = userType;
|
||||
organization.Permissions.DeleteAnyCollection = false;
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { CollectionOperations.Delete },
|
||||
new ClaimsPrincipal(),
|
||||
collections);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
Assert.False(context.HasSucceeded);
|
||||
}
|
||||
|
||||
[Theory, BitAutoData, CollectionCustomization]
|
||||
public async Task HandleRequirementAsync_MissingUserId_Failure(
|
||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||
@ -184,41 +734,4 @@ public class BulkCollectionAuthorizationHandlerTests
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
Assert.True(context.HasFailed);
|
||||
}
|
||||
|
||||
[Theory, BitAutoData, CollectionCustomization]
|
||||
public async Task CanManageCollectionAccessAsync_MissingManageCollectionPermission_Failure(
|
||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||
ICollection<Collection> collections,
|
||||
ICollection<CollectionDetails> collectionDetails,
|
||||
CurrentContextOrganization organization)
|
||||
{
|
||||
var actingUserId = Guid.NewGuid();
|
||||
|
||||
foreach (var collectionDetail in collectionDetails)
|
||||
{
|
||||
collectionDetail.Manage = true;
|
||||
}
|
||||
// Simulate one collection missing the manage permission
|
||||
collectionDetails.First().Manage = false;
|
||||
|
||||
// Ensure the user is not an owner/admin and does not have edit any collection permission
|
||||
organization.Type = OrganizationUserType.User;
|
||||
organization.Permissions.EditAnyCollection = false;
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { CollectionOperations.ModifyAccess },
|
||||
new ClaimsPrincipal(),
|
||||
collections
|
||||
);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(Arg.Any<Guid>()).Returns(organization);
|
||||
sutProvider.GetDependency<ICollectionRepository>().GetManyByUserIdAsync(actingUserId).Returns(collectionDetails);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
Assert.False(context.HasSucceeded);
|
||||
sutProvider.GetDependency<ICurrentContext>().ReceivedWithAnyArgs().GetOrganization(default);
|
||||
await sutProvider.GetDependency<ICollectionRepository>().ReceivedWithAnyArgs()
|
||||
.GetManyByUserIdAsync(default);
|
||||
}
|
||||
}
|
||||
|
||||
@ -18,32 +18,14 @@ namespace Bit.Api.Test.Vault.AuthorizationHandlers;
|
||||
public class CollectionAuthorizationHandlerTests
|
||||
{
|
||||
[Theory]
|
||||
[BitAutoData(OrganizationUserType.Admin, false, false, false, false, false, true)]
|
||||
[BitAutoData(OrganizationUserType.Owner, false, false, false, false, false, true)]
|
||||
[BitAutoData(OrganizationUserType.User, false, false, false, false, false, false)]
|
||||
[BitAutoData(OrganizationUserType.Custom, true, false, false, false, false, true)]
|
||||
[BitAutoData(OrganizationUserType.Custom, false, true, false, false, false, true)]
|
||||
[BitAutoData(OrganizationUserType.Custom, false, false, true, false, false, true)]
|
||||
[BitAutoData(OrganizationUserType.Custom, false, false, false, true, false, true)]
|
||||
[BitAutoData(OrganizationUserType.Custom, false, false, false, false, true, true)]
|
||||
[BitAutoData(OrganizationUserType.Custom, false, false, false, false, false, false)]
|
||||
public async Task CanReadAllAccessAsync_ReturnsExpectedResult(
|
||||
OrganizationUserType userType, bool editAnyCollection, bool deleteAnyCollection,
|
||||
bool manageGroups, bool manageUsers, bool accessImportExport, bool expectedSuccess,
|
||||
[BitAutoData(OrganizationUserType.Admin)]
|
||||
[BitAutoData(OrganizationUserType.Owner)]
|
||||
public async Task CanReadAllAsync_WhenAdminOrOwner_Success(
|
||||
OrganizationUserType userType,
|
||||
Guid userId, SutProvider<CollectionAuthorizationHandler> sutProvider,
|
||||
CurrentContextOrganization organization)
|
||||
{
|
||||
var permissions = new Permissions
|
||||
{
|
||||
EditAnyCollection = editAnyCollection,
|
||||
DeleteAnyCollection = deleteAnyCollection,
|
||||
ManageGroups = manageGroups,
|
||||
ManageUsers = manageUsers,
|
||||
AccessImportExport = accessImportExport
|
||||
};
|
||||
|
||||
organization.Type = userType;
|
||||
organization.Permissions = permissions;
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { CollectionOperations.ReadAll(organization.Id) },
|
||||
@ -55,14 +37,16 @@ public class CollectionAuthorizationHandlerTests
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
Assert.Equal(expectedSuccess, context.HasSucceeded);
|
||||
Assert.True(context.HasSucceeded);
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task CanReadAllAccessAsync_WithProviderUser_Success(
|
||||
public async Task CanReadAllAsync_WhenProviderUser_Success(
|
||||
Guid userId,
|
||||
SutProvider<CollectionAuthorizationHandler> sutProvider, CurrentContextOrganization organization)
|
||||
{
|
||||
organization.Type = OrganizationUserType.User;
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { CollectionOperations.ReadAll(organization.Id) },
|
||||
new ClaimsPrincipal(),
|
||||
@ -80,6 +64,167 @@ public class CollectionAuthorizationHandlerTests
|
||||
Assert.True(context.HasSucceeded);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[BitAutoData(true, false, false)]
|
||||
[BitAutoData(false, true, false)]
|
||||
[BitAutoData(false, false, true)]
|
||||
public async Task CanReadAllAsync_WhenCustomUserWithRequiredPermissions_Success(
|
||||
bool editAnyCollection, bool deleteAnyCollection, bool accessImportExport,
|
||||
SutProvider<CollectionAuthorizationHandler> sutProvider,
|
||||
CurrentContextOrganization organization)
|
||||
{
|
||||
var actingUserId = Guid.NewGuid();
|
||||
|
||||
organization.Type = OrganizationUserType.Custom;
|
||||
organization.Permissions.EditAnyCollection = editAnyCollection;
|
||||
organization.Permissions.DeleteAnyCollection = deleteAnyCollection;
|
||||
organization.Permissions.AccessImportExport = accessImportExport;
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { CollectionOperations.ReadAll(organization.Id) },
|
||||
new ClaimsPrincipal(),
|
||||
null);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
Assert.True(context.HasSucceeded);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[BitAutoData(OrganizationUserType.User)]
|
||||
[BitAutoData(OrganizationUserType.Custom)]
|
||||
public async Task CanReadAllAsync_WhenMissingAccess_Failure(
|
||||
OrganizationUserType userType,
|
||||
SutProvider<CollectionAuthorizationHandler> sutProvider,
|
||||
CurrentContextOrganization organization)
|
||||
{
|
||||
var actingUserId = Guid.NewGuid();
|
||||
|
||||
organization.Type = userType;
|
||||
organization.Permissions.EditAnyCollection = false;
|
||||
organization.Permissions.DeleteAnyCollection = false;
|
||||
organization.Permissions.AccessImportExport = false;
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { CollectionOperations.ReadAll(organization.Id) },
|
||||
new ClaimsPrincipal(),
|
||||
null);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
Assert.False(context.HasSucceeded);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[BitAutoData(OrganizationUserType.Admin)]
|
||||
[BitAutoData(OrganizationUserType.Owner)]
|
||||
public async Task CanReadAllWithAccessAsync_WhenAdminOrOwner_Success(
|
||||
OrganizationUserType userType,
|
||||
Guid userId, SutProvider<CollectionAuthorizationHandler> sutProvider,
|
||||
CurrentContextOrganization organization)
|
||||
{
|
||||
organization.Type = userType;
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { CollectionOperations.ReadAllWithAccess(organization.Id) },
|
||||
new ClaimsPrincipal(),
|
||||
null);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
Assert.True(context.HasSucceeded);
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task CanReadAllWithAccessAsync_WhenProviderUser_Success(
|
||||
Guid userId,
|
||||
SutProvider<CollectionAuthorizationHandler> sutProvider, CurrentContextOrganization organization)
|
||||
{
|
||||
organization.Type = OrganizationUserType.User;
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { CollectionOperations.ReadAllWithAccess(organization.Id) },
|
||||
new ClaimsPrincipal(),
|
||||
null);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>()
|
||||
.UserId
|
||||
.Returns(userId);
|
||||
sutProvider.GetDependency<ICurrentContext>()
|
||||
.ProviderUserForOrgAsync(organization.Id)
|
||||
.Returns(true);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
Assert.True(context.HasSucceeded);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[BitAutoData(true, false, false)]
|
||||
[BitAutoData(false, true, false)]
|
||||
[BitAutoData(false, false, true)]
|
||||
public async Task CanReadAllWithAccessAsync_WhenCustomUserWithRequiredPermissions_Success(
|
||||
bool editAnyCollection, bool deleteAnyCollection, bool accessImportExport,
|
||||
SutProvider<CollectionAuthorizationHandler> sutProvider,
|
||||
CurrentContextOrganization organization)
|
||||
{
|
||||
var actingUserId = Guid.NewGuid();
|
||||
|
||||
organization.Type = OrganizationUserType.Custom;
|
||||
organization.Permissions.EditAnyCollection = editAnyCollection;
|
||||
organization.Permissions.DeleteAnyCollection = deleteAnyCollection;
|
||||
organization.Permissions.AccessImportExport = accessImportExport;
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { CollectionOperations.ReadAllWithAccess(organization.Id) },
|
||||
new ClaimsPrincipal(),
|
||||
null);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
Assert.True(context.HasSucceeded);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[BitAutoData(OrganizationUserType.User)]
|
||||
[BitAutoData(OrganizationUserType.Custom)]
|
||||
public async Task CanReadAllWithAccessAsync_WhenMissingAccess_Failure(
|
||||
OrganizationUserType userType,
|
||||
SutProvider<CollectionAuthorizationHandler> sutProvider,
|
||||
CurrentContextOrganization organization)
|
||||
{
|
||||
var actingUserId = Guid.NewGuid();
|
||||
|
||||
organization.Type = userType;
|
||||
organization.Permissions.EditAnyCollection = false;
|
||||
organization.Permissions.DeleteAnyCollection = false;
|
||||
organization.Permissions.AccessImportExport = false;
|
||||
|
||||
var context = new AuthorizationHandlerContext(
|
||||
new[] { CollectionOperations.ReadAllWithAccess(organization.Id) },
|
||||
new ClaimsPrincipal(),
|
||||
null);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
|
||||
await sutProvider.Sut.HandleAsync(context);
|
||||
|
||||
Assert.False(context.HasSucceeded);
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task HandleRequirementAsync_MissingUserId_Failure(
|
||||
Guid organizationId,
|
||||
|
||||
Reference in New Issue
Block a user