From 56d3c3a5d1d62bf6b096662276bd4b5d70cf8c8e Mon Sep 17 00:00:00 2001 From: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Date: Tue, 21 Mar 2023 17:12:13 -0500 Subject: [PATCH] Add in integration tests (#2806) --- .../Response/AccessTokenResponseModel.cs | 8 +- .../Controllers/SecretsControllerTest.cs | 102 +++++++++++ .../ServiceAccountsControllerTests.cs | 172 +++++++++++++++++- 3 files changed, 280 insertions(+), 2 deletions(-) diff --git a/src/Api/SecretsManager/Models/Response/AccessTokenResponseModel.cs b/src/Api/SecretsManager/Models/Response/AccessTokenResponseModel.cs index 1b0658af9a..72f9fcac64 100644 --- a/src/Api/SecretsManager/Models/Response/AccessTokenResponseModel.cs +++ b/src/Api/SecretsManager/Models/Response/AccessTokenResponseModel.cs @@ -5,7 +5,9 @@ namespace Bit.Api.SecretsManager.Models.Response; public class AccessTokenResponseModel : ResponseModel { - public AccessTokenResponseModel(ApiKey apiKey, string obj = "accessToken") + private const string _objectName = "accessToken"; + + public AccessTokenResponseModel(ApiKey apiKey, string obj = _objectName) : base(obj) { Id = apiKey.Id; @@ -17,6 +19,10 @@ public class AccessTokenResponseModel : ResponseModel RevisionDate = apiKey.RevisionDate; } + public AccessTokenResponseModel() : base(_objectName) + { + } + public Guid Id { get; set; } public string Name { get; set; } public ICollection Scopes { get; set; } diff --git a/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTest.cs b/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTest.cs index 8bb74bedac..110399243a 100644 --- a/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTest.cs +++ b/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTest.cs @@ -331,6 +331,108 @@ public class SecretsControllerTest : IClassFixture, IAsyn Assert.Equal(secret.CreationDate, result.CreationDate); } + [Theory] + [InlineData(false, false)] + [InlineData(true, false)] + [InlineData(false, true)] + public async Task GetSecretsByProject_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) + { + var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); + await LoginAsync(_email); + + var project = await _projectRepository.CreateAsync(new Project + { + OrganizationId = org.Id, + Name = _mockEncryptedString, + }); + + var response = await _client.GetAsync($"/projects/{project.Id}/secrets"); + Assert.Equal(HttpStatusCode.NotFound, response.StatusCode); + } + + [Fact] + public async Task GetSecretsByProject_UserWithNoPermission_EmptyList() + { + var (org, _) = await _organizationHelper.Initialize(true, true); + var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); + await LoginAsync(email); + + var project = await _projectRepository.CreateAsync(new Project() + { + Id = new Guid(), + OrganizationId = org.Id, + Name = _mockEncryptedString + }); + + var secret = await _secretRepository.CreateAsync(new Secret + { + OrganizationId = org.Id, + Key = _mockEncryptedString, + Value = _mockEncryptedString, + Note = _mockEncryptedString, + Projects = new List { project }, + }); + + var response = await _client.GetAsync($"/projects/{project.Id}/secrets"); + response.EnsureSuccessStatusCode(); + var result = await response.Content.ReadFromJsonAsync(); + Assert.NotNull(result); + Assert.Empty(result!.Secrets); + Assert.Empty(result!.Projects); + } + + [Theory] + [InlineData(PermissionType.RunAsAdmin)] + [InlineData(PermissionType.RunAsUserWithPermission)] + public async Task GetSecretsByProject_Success(PermissionType permissionType) + { + var (org, _) = await _organizationHelper.Initialize(true, true); + await LoginAsync(_email); + + var project = await _projectRepository.CreateAsync(new Project() + { + Id = new Guid(), + OrganizationId = org.Id, + Name = _mockEncryptedString + }); + + if (permissionType == PermissionType.RunAsUserWithPermission) + { + var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); + await LoginAsync(email); + + var accessPolicies = new List + { + new UserProjectAccessPolicy + { + GrantedProjectId = project.Id, OrganizationUserId = orgUser.Id, Read = true, Write = true, + }, + }; + await _accessPolicyRepository.CreateManyAsync(accessPolicies); + } + + var secret = await _secretRepository.CreateAsync(new Secret + { + OrganizationId = org.Id, + Key = _mockEncryptedString, + Value = _mockEncryptedString, + Note = _mockEncryptedString, + Projects = new List { project }, + }); + + var response = await _client.GetAsync($"/projects/{project.Id}/secrets"); + response.EnsureSuccessStatusCode(); + var result = await response.Content.ReadFromJsonAsync(); + Assert.NotEmpty(result!.Secrets); + Assert.Equal(secret.Id.ToString(), result.Secrets.First().Id); + Assert.Equal(secret.OrganizationId.ToString(), result.Secrets.First().OrganizationId); + Assert.Equal(secret.Key, result.Secrets.First().Key); + Assert.Equal(secret.CreationDate, result.Secrets.First().CreationDate); + Assert.Equal(secret.RevisionDate, result.Secrets.First().RevisionDate); + Assert.Equal(secret.Projects!.First().Id, result.Projects.First().Id); + Assert.Equal(secret.Projects!.First().Name, result.Projects.First().Name); + } + [Theory] [InlineData(false, false)] [InlineData(true, false)] diff --git a/test/Api.IntegrationTest/SecretsManager/Controllers/ServiceAccountsControllerTests.cs b/test/Api.IntegrationTest/SecretsManager/Controllers/ServiceAccountsControllerTests.cs index bf7a837043..bd14c794e8 100644 --- a/test/Api.IntegrationTest/SecretsManager/Controllers/ServiceAccountsControllerTests.cs +++ b/test/Api.IntegrationTest/SecretsManager/Controllers/ServiceAccountsControllerTests.cs @@ -120,6 +120,83 @@ public class ServiceAccountsControllerTest : IClassFixture { + new UserServiceAccountAccessPolicy + { + GrantedServiceAccountId = serviceAccount.Id, + OrganizationUserId = orgUser.Id, + Write = true, + Read = true, + }, + }); + } + + var response = await _client.GetAsync($"/service-accounts/{serviceAccount.Id}"); + response.EnsureSuccessStatusCode(); + var result = await response.Content.ReadFromJsonAsync(); + Assert.NotNull(result); + Assert.Equal(serviceAccount.Id.ToString(), result!.Id); + Assert.Equal(serviceAccount.OrganizationId.ToString(), result.OrganizationId); + Assert.Equal(serviceAccount.Name, result.Name); + Assert.Equal(serviceAccount.CreationDate, result.CreationDate); + Assert.Equal(serviceAccount.RevisionDate, result.RevisionDate); + } + [Theory] [InlineData(false, false)] [InlineData(true, false)] @@ -361,6 +438,99 @@ public class ServiceAccountsControllerTest : IClassFixture { + new UserServiceAccountAccessPolicy + { + GrantedServiceAccountId = serviceAccount.Id, + OrganizationUserId = orgUser.Id, + Write = true, + Read = true, + }, + }); + } + + var accessToken = await _apiKeyRepository.CreateAsync(new ApiKey + { + ServiceAccountId = serviceAccount.Id, + Name = _mockEncryptedString, + ExpireAt = DateTime.UtcNow.AddDays(30), + }); + + + var response = await _client.GetAsync($"/service-accounts/{serviceAccount.Id}/access-tokens"); + response.EnsureSuccessStatusCode(); + var results = await response.Content.ReadFromJsonAsync>(); + Assert.NotEmpty(results!.Data); + Assert.Equal(accessToken.Id, results.Data.First().Id); + Assert.Equal(accessToken.Name, results.Data.First().Name); + Assert.Equal(accessToken.GetScopes(), results.Data.First().Scopes); + Assert.Equal(accessToken.ExpireAt, results.Data.First().ExpireAt); + Assert.Equal(accessToken.CreationDate, results.Data.First().CreationDate); + Assert.Equal(accessToken.RevisionDate, results.Data.First().RevisionDate); + } + [Theory] [InlineData(false, false)] [InlineData(true, false)] @@ -626,7 +796,7 @@ public class ServiceAccountsControllerTest : IClassFixture