nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-05 21:18:13 -05:00
Code

[EC-284] Prevent duplicate organization invites (#2113)

Browse Source 
* prevent duplicate organization invites with test

* formatting
This commit is contained in:
Jake Fink 2022-07-13 09:21:28 -04:00 committed by GitHub
parent 62bf4c2385
commit 54cf3de11b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 25 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/Api/Models/Request/Accounts/UpdateProfileRequestModel.cs
View File

@ -1,5 +1,4 @@
using System; using System.ComponentModel.DataAnnotations;
using System.ComponentModel.DataAnnotations;
using Bit.Core.Entities; using Bit.Core.Entities;
namespace Bit.Api.Models.Request.Accounts namespace Bit.Api.Models.Request.Accounts

3
src/Core/Services/Implementations/OrganizationService.cs
View File

@ -1135,7 +1135,8 @@ namespace Bit.Core.Services
var events = new List<(OrganizationUser, EventType, DateTime?)>(); var events = new List<(OrganizationUser, EventType, DateTime?)>();
foreach (var (invite, externalId) in invites) foreach (var (invite, externalId) in invites)
{ {
foreach (var email in invite.Emails) // Prevent duplicate invitations
foreach (var email in invite.Emails.Distinct())
{ {
try try
{ {

22
test/Core.Test/Services/OrganizationServiceTests.cs
View File

@ -195,6 +195,28 @@ namespace Bit.Core.Test.Services
() => sutProvider.Sut.InviteUsersAsync(organization.Id, invitor.UserId, new (OrganizationUserInvite, string)[] { (invite, null) })); () => sutProvider.Sut.InviteUsersAsync(organization.Id, invitor.UserId, new (OrganizationUserInvite, string)[] { (invite, null) }));
} }
[Theory]
[OrganizationInviteAutoData]
public async Task InviteUser_DuplicateEmails_PassesWithoutDuplicates(Organization organization, OrganizationUser invitor,
[OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.Owner)] OrganizationUser owner,
OrganizationUserInvite invite, SutProvider<OrganizationService> sutProvider)
{
invite.Emails = invite.Emails.Append(invite.Emails.First());
sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
sutProvider.GetDependency<ICurrentContext>().OrganizationOwner(organization.Id).Returns(true);
sutProvider.GetDependency<ICurrentContext>().ManageUsers(organization.Id).Returns(true);
var organizationUserRepository = sutProvider.GetDependency<IOrganizationUserRepository>();
organizationUserRepository.GetManyByOrganizationAsync(organization.Id, OrganizationUserType.Owner)
.Returns(new[] { owner });
await sutProvider.Sut.InviteUsersAsync(organization.Id, invitor.UserId, new (OrganizationUserInvite, string)[] { (invite, null) });
await sutProvider.GetDependency<IMailService>().Received(1)
.BulkSendOrganizationInviteEmailAsync(organization.Name,
Arg.Is<IEnumerable<(OrganizationUser, ExpiringToken)>>(v => v.Count() == invite.Emails.Distinct().Count()));
}
[Theory] [Theory]
[OrganizationInviteAutoData( [OrganizationInviteAutoData(
inviteeUserType: (int)OrganizationUserType.Admin, inviteeUserType: (int)OrganizationUserType.Admin,