mirror of
https://github.com/bitwarden/server.git
synced 2025-06-30 07:36:14 -05:00
[SM-460] Isolate SecretsManager files (#2616)
Move SecretsManager files to directories called SecretsManager and add CodeOwners
This commit is contained in:
Oscar Hinton
@ -0,0 +1,186 @@
|
||||
using System.Net.Http.Headers;
|
||||
using Bit.Api.IntegrationTest.Factories;
|
||||
using Bit.Api.IntegrationTest.Helpers;
|
||||
using Bit.Api.SecretsManager.Models.Request;
|
||||
using Bit.Api.SecretsManager.Models.Response;
|
||||
using Bit.Core.Entities;
|
||||
using Bit.Core.SecretsManager.Entities;
|
||||
using Bit.Core.SecretsManager.Repositories;
|
||||
using Bit.Test.Common.Helpers;
|
||||
using Xunit;
|
||||
|
||||
namespace Bit.Api.IntegrationTest.SecretsManager.Controllers;
|
||||
|
||||
public class AccessPoliciesControllerTest : IClassFixture<ApiApplicationFactory>, IAsyncLifetime
|
||||
{
|
||||
private readonly IAccessPolicyRepository _accessPolicyRepository;
|
||||
|
||||
private readonly HttpClient _client;
|
||||
private readonly ApiApplicationFactory _factory;
|
||||
|
||||
private const string _mockEncryptedString = "2.3Uk+WNBIoU5xzmVFNcoWzz==|1MsPIYuRfdOHfu/0uY6H2Q==|/98sp4wb6pHP1VTZ9JcNCYgQjEUMFPlqJgCwRk1YXKg=";
|
||||
|
||||
private readonly IProjectRepository _projectRepository;
|
||||
private readonly IServiceAccountRepository _serviceAccountRepository;
|
||||
private Organization _organization = null!;
|
||||
|
||||
public AccessPoliciesControllerTest(ApiApplicationFactory factory)
|
||||
{
|
||||
_factory = factory;
|
||||
_client = _factory.CreateClient();
|
||||
_accessPolicyRepository = _factory.GetService<IAccessPolicyRepository>();
|
||||
_serviceAccountRepository = _factory.GetService<IServiceAccountRepository>();
|
||||
_projectRepository = _factory.GetService<IProjectRepository>();
|
||||
}
|
||||
|
||||
public async Task InitializeAsync()
|
||||
{
|
||||
var ownerEmail = $"integration-test{Guid.NewGuid()}@bitwarden.com";
|
||||
var tokens = await _factory.LoginWithNewAccount(ownerEmail);
|
||||
var (organization, _) =
|
||||
await OrganizationTestHelpers.SignUpAsync(_factory, ownerEmail: ownerEmail, billingEmail: ownerEmail);
|
||||
_client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token);
|
||||
_organization = organization;
|
||||
}
|
||||
|
||||
public Task DisposeAsync() => Task.CompletedTask;
|
||||
|
||||
[Fact]
|
||||
public async Task CreateProjectAccessPolicies()
|
||||
{
|
||||
var initialProject = await _projectRepository.CreateAsync(new Project
|
||||
{
|
||||
OrganizationId = _organization.Id,
|
||||
Name = _mockEncryptedString
|
||||
});
|
||||
|
||||
var initialServiceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
OrganizationId = _organization.Id,
|
||||
Name = _mockEncryptedString
|
||||
});
|
||||
|
||||
var request = new AccessPoliciesCreateRequest
|
||||
{
|
||||
ServiceAccountAccessPolicyRequests = new List<AccessPolicyRequest>
|
||||
{
|
||||
new() { GranteeId = initialServiceAccount.Id, Read = true, Write = true }
|
||||
}
|
||||
};
|
||||
|
||||
var response = await _client.PostAsJsonAsync($"/projects/{initialProject.Id}/access-policies", request);
|
||||
response.EnsureSuccessStatusCode();
|
||||
|
||||
var result = await response.Content.ReadFromJsonAsync<ProjectAccessPoliciesResponseModel>();
|
||||
|
||||
Assert.NotNull(result);
|
||||
Assert.Equal(initialServiceAccount.Id, result!.ServiceAccountAccessPolicies.First().ServiceAccountId);
|
||||
Assert.True(result.ServiceAccountAccessPolicies.First().Read);
|
||||
Assert.True(result.ServiceAccountAccessPolicies.First().Write);
|
||||
AssertHelper.AssertRecent(result.ServiceAccountAccessPolicies.First().RevisionDate);
|
||||
AssertHelper.AssertRecent(result.ServiceAccountAccessPolicies.First().CreationDate);
|
||||
|
||||
var createdAccessPolicy =
|
||||
await _accessPolicyRepository.GetByIdAsync(result.ServiceAccountAccessPolicies.First().Id);
|
||||
Assert.NotNull(createdAccessPolicy);
|
||||
Assert.Equal(result.ServiceAccountAccessPolicies.First().Read, createdAccessPolicy!.Read);
|
||||
Assert.Equal(result.ServiceAccountAccessPolicies.First().Write, createdAccessPolicy.Write);
|
||||
Assert.Equal(result.ServiceAccountAccessPolicies.First().Id, createdAccessPolicy.Id);
|
||||
AssertHelper.AssertRecent(createdAccessPolicy.CreationDate);
|
||||
AssertHelper.AssertRecent(createdAccessPolicy.RevisionDate);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task UpdateAccessPolicy()
|
||||
{
|
||||
var initData = await SetupAccessPolicyRequest();
|
||||
|
||||
const bool expectedRead = true;
|
||||
const bool expectedWrite = false;
|
||||
var request = new AccessPolicyUpdateRequest { Read = expectedRead, Write = expectedWrite };
|
||||
|
||||
var response = await _client.PutAsJsonAsync($"/access-policies/{initData.InitialAccessPolicyId}", request);
|
||||
response.EnsureSuccessStatusCode();
|
||||
|
||||
var result = await response.Content.ReadFromJsonAsync<ServiceAccountProjectAccessPolicyResponseModel>();
|
||||
|
||||
Assert.NotNull(result);
|
||||
Assert.Equal(expectedRead, result!.Read);
|
||||
Assert.Equal(expectedWrite, result.Write);
|
||||
AssertHelper.AssertRecent(result.RevisionDate);
|
||||
|
||||
var updatedAccessPolicy = await _accessPolicyRepository.GetByIdAsync(result.Id);
|
||||
Assert.NotNull(updatedAccessPolicy);
|
||||
Assert.Equal(expectedRead, updatedAccessPolicy!.Read);
|
||||
Assert.Equal(expectedWrite, updatedAccessPolicy.Write);
|
||||
AssertHelper.AssertRecent(updatedAccessPolicy.RevisionDate);
|
||||
}
|
||||
|
||||
|
||||
[Fact]
|
||||
public async Task DeleteAccessPolicy()
|
||||
{
|
||||
var initData = await SetupAccessPolicyRequest();
|
||||
|
||||
var response = await _client.DeleteAsync($"/access-policies/{initData.InitialAccessPolicyId}");
|
||||
response.EnsureSuccessStatusCode();
|
||||
|
||||
var test = await _accessPolicyRepository.GetByIdAsync(initData.InitialAccessPolicyId);
|
||||
Assert.Null(test);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task GetProjectAccessPolicies()
|
||||
{
|
||||
var initData = await SetupAccessPolicyRequest();
|
||||
|
||||
var response = await _client.GetAsync($"/projects/{initData.InitialProjectId}/access-policies");
|
||||
response.EnsureSuccessStatusCode();
|
||||
|
||||
var result = await response.Content.ReadFromJsonAsync<ProjectAccessPoliciesResponseModel>();
|
||||
|
||||
Assert.NotNull(result?.ServiceAccountAccessPolicies);
|
||||
Assert.Single(result!.ServiceAccountAccessPolicies);
|
||||
}
|
||||
|
||||
private async Task<RequestSetupData> SetupAccessPolicyRequest()
|
||||
{
|
||||
var initialProject = await _projectRepository.CreateAsync(new Project
|
||||
{
|
||||
OrganizationId = _organization.Id,
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
|
||||
var initialServiceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
OrganizationId = _organization.Id,
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
|
||||
var initialAccessPolicy = await _accessPolicyRepository.CreateManyAsync(
|
||||
new List<BaseAccessPolicy>
|
||||
{
|
||||
new ServiceAccountProjectAccessPolicy
|
||||
{
|
||||
Read = true,
|
||||
Write = true,
|
||||
ServiceAccountId = initialServiceAccount.Id,
|
||||
GrantedProjectId = initialProject.Id,
|
||||
}
|
||||
});
|
||||
|
||||
return new RequestSetupData
|
||||
{
|
||||
InitialProjectId = initialProject.Id,
|
||||
InitialServiceAccountId = initialServiceAccount.Id,
|
||||
InitialAccessPolicyId = initialAccessPolicy.First().Id,
|
||||
};
|
||||
}
|
||||
|
||||
private class RequestSetupData
|
||||
{
|
||||
public Guid InitialProjectId { get; set; }
|
||||
public Guid InitialAccessPolicyId { get; set; }
|
||||
public Guid InitialServiceAccountId { get; set; }
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,232 @@
|
||||
using System.Net;
|
||||
using System.Net.Http.Headers;
|
||||
using Bit.Api.IntegrationTest.Factories;
|
||||
using Bit.Api.IntegrationTest.Helpers;
|
||||
using Bit.Api.Models.Response;
|
||||
using Bit.Api.SecretsManager.Models.Request;
|
||||
using Bit.Api.SecretsManager.Models.Response;
|
||||
using Bit.Core.Entities;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.SecretsManager.Entities;
|
||||
using Bit.Core.SecretsManager.Repositories;
|
||||
using Bit.Test.Common.Helpers;
|
||||
using Xunit;
|
||||
|
||||
namespace Bit.Api.IntegrationTest.SecretsManager.Controllers;
|
||||
|
||||
public class ProjectsControllerTest : IClassFixture<ApiApplicationFactory>, IAsyncLifetime
|
||||
{
|
||||
private readonly string _mockEncryptedString =
|
||||
"2.3Uk+WNBIoU5xzmVFNcoWzz==|1MsPIYuRfdOHfu/0uY6H2Q==|/98sp4wb6pHP1VTZ9JcNCYgQjEUMFPlqJgCwRk1YXKg=";
|
||||
|
||||
private readonly HttpClient _client;
|
||||
private readonly ApiApplicationFactory _factory;
|
||||
private readonly IProjectRepository _projectRepository;
|
||||
private Organization _organization = null!;
|
||||
|
||||
public ProjectsControllerTest(ApiApplicationFactory factory)
|
||||
{
|
||||
_factory = factory;
|
||||
_client = _factory.CreateClient();
|
||||
_projectRepository = _factory.GetService<IProjectRepository>();
|
||||
}
|
||||
|
||||
public async Task InitializeAsync()
|
||||
{
|
||||
var ownerEmail = $"integration-test{Guid.NewGuid()}@bitwarden.com";
|
||||
await _factory.LoginWithNewAccount(ownerEmail);
|
||||
(_organization, _) = await OrganizationTestHelpers.SignUpAsync(_factory, ownerEmail: ownerEmail, billingEmail: ownerEmail);
|
||||
var tokens = await _factory.LoginAsync(ownerEmail);
|
||||
_client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token);
|
||||
}
|
||||
|
||||
public async Task LoginAsNewOrgUser(OrganizationUserType type = OrganizationUserType.User)
|
||||
{
|
||||
var email = $"integration-test{Guid.NewGuid()}@bitwarden.com";
|
||||
await _factory.LoginWithNewAccount(email);
|
||||
await OrganizationTestHelpers.CreateUserAsync(_factory, _organization.Id, email, type);
|
||||
var tokens = await _factory.LoginAsync(email);
|
||||
_client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token);
|
||||
}
|
||||
|
||||
public Task DisposeAsync()
|
||||
{
|
||||
_client.Dispose();
|
||||
return Task.CompletedTask;
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task CreateProject_Success()
|
||||
{
|
||||
var request = new ProjectCreateRequestModel { Name = _mockEncryptedString };
|
||||
|
||||
var response = await _client.PostAsJsonAsync($"/organizations/{_organization.Id}/projects", request);
|
||||
response.EnsureSuccessStatusCode();
|
||||
var result = await response.Content.ReadFromJsonAsync<ProjectResponseModel>();
|
||||
|
||||
Assert.NotNull(result);
|
||||
Assert.Equal(request.Name, result!.Name);
|
||||
AssertHelper.AssertRecent(result.RevisionDate);
|
||||
AssertHelper.AssertRecent(result.CreationDate);
|
||||
|
||||
var createdProject = await _projectRepository.GetByIdAsync(new Guid(result.Id));
|
||||
Assert.NotNull(result);
|
||||
Assert.Equal(request.Name, createdProject.Name);
|
||||
AssertHelper.AssertRecent(createdProject.RevisionDate);
|
||||
AssertHelper.AssertRecent(createdProject.CreationDate);
|
||||
Assert.Null(createdProject.DeletedDate);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task CreateProject_NoPermission()
|
||||
{
|
||||
var request = new ProjectCreateRequestModel { Name = _mockEncryptedString };
|
||||
|
||||
var response = await _client.PostAsJsonAsync("/organizations/911d9106-7cf1-4d55-a3f9-f9abdeadecb3/projects", request);
|
||||
|
||||
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task UpdateProject_Success()
|
||||
{
|
||||
var initialProject = await _projectRepository.CreateAsync(new Project
|
||||
{
|
||||
OrganizationId = _organization.Id,
|
||||
Name = _mockEncryptedString
|
||||
});
|
||||
|
||||
var mockEncryptedString2 = "2.3Uk+WNBIoU5xzmVFNcoWzz==|1MsPIYuRfdOHfu/0uY6H2Q==|/98xy4wb6pHP1VTZ9JcNCYgQjEUMFPlqJgCwRk1YXKg=";
|
||||
|
||||
var request = new ProjectUpdateRequestModel()
|
||||
{
|
||||
Name = mockEncryptedString2
|
||||
};
|
||||
|
||||
var response = await _client.PutAsJsonAsync($"/projects/{initialProject.Id}", request);
|
||||
response.EnsureSuccessStatusCode();
|
||||
var result = await response.Content.ReadFromJsonAsync<ProjectResponseModel>();
|
||||
Assert.NotEqual(initialProject.Name, result!.Name);
|
||||
AssertHelper.AssertRecent(result.RevisionDate);
|
||||
Assert.NotEqual(initialProject.RevisionDate, result.RevisionDate);
|
||||
|
||||
var updatedProject = await _projectRepository.GetByIdAsync(new Guid(result.Id));
|
||||
Assert.NotNull(result);
|
||||
Assert.Equal(request.Name, updatedProject.Name);
|
||||
AssertHelper.AssertRecent(updatedProject.RevisionDate);
|
||||
AssertHelper.AssertRecent(updatedProject.CreationDate);
|
||||
Assert.Null(updatedProject.DeletedDate);
|
||||
Assert.NotEqual(initialProject.Name, updatedProject.Name);
|
||||
Assert.NotEqual(initialProject.RevisionDate, updatedProject.RevisionDate);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task UpdateProject_NotFound()
|
||||
{
|
||||
var request = new ProjectUpdateRequestModel()
|
||||
{
|
||||
Name = "2.3Uk+WNBIoU5xzmVFNcoWzz==|1MsPIYuRfdOHfu/0uY6H2Q==|/98xy4wb6pHP1VTZ9JcNCYgQjEUMFPlqJgCwRk1YXKg=",
|
||||
};
|
||||
|
||||
var response = await _client.PutAsJsonAsync("/projects/c53de509-4581-402c-8cbd-f26d2c516fba", request);
|
||||
|
||||
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task UpdateProject_MissingPermission()
|
||||
{
|
||||
// Create a new account as a user
|
||||
await LoginAsNewOrgUser();
|
||||
|
||||
var project = await _projectRepository.CreateAsync(new Project
|
||||
{
|
||||
OrganizationId = _organization.Id,
|
||||
Name = _mockEncryptedString
|
||||
});
|
||||
|
||||
|
||||
var request = new ProjectUpdateRequestModel()
|
||||
{
|
||||
Name = "2.3Uk+WNBIoU5xzmVFNcoWzz==|1MsPIYuRfdOHfu/0uY6H2Q==|/98xy4wb6pHP1VTZ9JcNCYgQjEUMFPlqJgCwRk1YXKg=",
|
||||
};
|
||||
|
||||
var response = await _client.PutAsJsonAsync($"/projects/{project.Id}", request);
|
||||
|
||||
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task GetProject()
|
||||
{
|
||||
var createdProject = await _projectRepository.CreateAsync(new Project
|
||||
{
|
||||
OrganizationId = _organization.Id,
|
||||
Name = _mockEncryptedString
|
||||
});
|
||||
|
||||
var response = await _client.GetAsync($"/projects/{createdProject.Id}");
|
||||
response.EnsureSuccessStatusCode();
|
||||
var result = await response.Content.ReadFromJsonAsync<ProjectResponseModel>();
|
||||
Assert.Equal(createdProject.Name, result!.Name);
|
||||
Assert.Equal(createdProject.RevisionDate, result.RevisionDate);
|
||||
Assert.Equal(createdProject.CreationDate, result.CreationDate);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task GetProjectsByOrganization()
|
||||
{
|
||||
var projectsToCreate = 3;
|
||||
var projectIds = new List<Guid>();
|
||||
for (var i = 0; i < projectsToCreate; i++)
|
||||
{
|
||||
var project = await _projectRepository.CreateAsync(new Project
|
||||
{
|
||||
OrganizationId = _organization.Id,
|
||||
Name = _mockEncryptedString
|
||||
});
|
||||
projectIds.Add(project.Id);
|
||||
}
|
||||
|
||||
var response = await _client.GetAsync($"/organizations/{_organization.Id}/projects");
|
||||
response.EnsureSuccessStatusCode();
|
||||
|
||||
var result = await response.Content.ReadFromJsonAsync<ListResponseModel<ProjectResponseModel>>();
|
||||
Assert.NotNull(result);
|
||||
Assert.NotEmpty(result!.Data);
|
||||
Assert.Equal(projectIds.Count, result.Data.Count());
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task DeleteProjects()
|
||||
{
|
||||
var projectsToDelete = 3;
|
||||
var projectIds = new List<Guid>();
|
||||
for (var i = 0; i < projectsToDelete; i++)
|
||||
{
|
||||
var project = await _projectRepository.CreateAsync(new Project
|
||||
{
|
||||
OrganizationId = _organization.Id,
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
projectIds.Add(project.Id);
|
||||
}
|
||||
|
||||
var response = await _client.PostAsync("/projects/delete", JsonContent.Create(projectIds));
|
||||
response.EnsureSuccessStatusCode();
|
||||
|
||||
var results = await response.Content.ReadFromJsonAsync<ListResponseModel<BulkDeleteResponseModel>>();
|
||||
Assert.NotNull(results);
|
||||
|
||||
var index = 0;
|
||||
foreach (var result in results!.Data)
|
||||
{
|
||||
Assert.Equal(projectIds[index], result.Id);
|
||||
Assert.Null(result.Error);
|
||||
index++;
|
||||
}
|
||||
|
||||
var projects = await _projectRepository.GetManyByIds(projectIds);
|
||||
Assert.Empty(projects);
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,234 @@
|
||||
using System.Net.Http.Headers;
|
||||
using Bit.Api.IntegrationTest.Factories;
|
||||
using Bit.Api.IntegrationTest.Helpers;
|
||||
using Bit.Api.Models.Response;
|
||||
using Bit.Api.SecretsManager.Models.Request;
|
||||
using Bit.Api.SecretsManager.Models.Response;
|
||||
using Bit.Core.Entities;
|
||||
using Bit.Core.SecretsManager.Entities;
|
||||
using Bit.Core.SecretsManager.Repositories;
|
||||
using Bit.Test.Common.Helpers;
|
||||
using Xunit;
|
||||
|
||||
namespace Bit.Api.IntegrationTest.SecretsManager.Controllers;
|
||||
|
||||
public class SecretsControllerTest : IClassFixture<ApiApplicationFactory>, IAsyncLifetime
|
||||
{
|
||||
private readonly string _mockEncryptedString =
|
||||
"2.3Uk+WNBIoU5xzmVFNcoWzz==|1MsPIYuRfdOHfu/0uY6H2Q==|/98sp4wb6pHP1VTZ9JcNCYgQjEUMFPlqJgCwRk1YXKg=";
|
||||
|
||||
private readonly HttpClient _client;
|
||||
private readonly ApiApplicationFactory _factory;
|
||||
private readonly ISecretRepository _secretRepository;
|
||||
private readonly IProjectRepository _projectRepository;
|
||||
private Organization _organization = null!;
|
||||
|
||||
public SecretsControllerTest(ApiApplicationFactory factory)
|
||||
{
|
||||
_factory = factory;
|
||||
_client = _factory.CreateClient();
|
||||
_secretRepository = _factory.GetService<ISecretRepository>();
|
||||
_projectRepository = _factory.GetService<IProjectRepository>();
|
||||
}
|
||||
|
||||
public async Task InitializeAsync()
|
||||
{
|
||||
var ownerEmail = $"integration-test{Guid.NewGuid()}@bitwarden.com";
|
||||
var tokens = await _factory.LoginWithNewAccount(ownerEmail);
|
||||
var (organization, _) = await OrganizationTestHelpers.SignUpAsync(_factory, ownerEmail: ownerEmail, billingEmail: ownerEmail);
|
||||
_client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token);
|
||||
_organization = organization;
|
||||
}
|
||||
|
||||
public Task DisposeAsync()
|
||||
{
|
||||
return Task.CompletedTask;
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task CreateSecret()
|
||||
{
|
||||
var request = new SecretCreateRequestModel()
|
||||
{
|
||||
Key = _mockEncryptedString,
|
||||
Value = _mockEncryptedString,
|
||||
Note = _mockEncryptedString
|
||||
};
|
||||
|
||||
var response = await _client.PostAsJsonAsync($"/organizations/{_organization.Id}/secrets", request);
|
||||
response.EnsureSuccessStatusCode();
|
||||
var result = await response.Content.ReadFromJsonAsync<SecretResponseModel>();
|
||||
|
||||
Assert.NotNull(result);
|
||||
Assert.Equal(request.Key, result!.Key);
|
||||
Assert.Equal(request.Value, result.Value);
|
||||
Assert.Equal(request.Note, result.Note);
|
||||
AssertHelper.AssertRecent(result.RevisionDate);
|
||||
AssertHelper.AssertRecent(result.CreationDate);
|
||||
|
||||
var createdSecret = await _secretRepository.GetByIdAsync(new Guid(result.Id));
|
||||
Assert.NotNull(result);
|
||||
Assert.Equal(request.Key, createdSecret.Key);
|
||||
Assert.Equal(request.Value, createdSecret.Value);
|
||||
Assert.Equal(request.Note, createdSecret.Note);
|
||||
AssertHelper.AssertRecent(createdSecret.RevisionDate);
|
||||
AssertHelper.AssertRecent(createdSecret.CreationDate);
|
||||
Assert.Null(createdSecret.DeletedDate);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task CreateSecretWithProject()
|
||||
{
|
||||
var project = await _projectRepository.CreateAsync(new Project()
|
||||
{
|
||||
Id = new Guid(),
|
||||
OrganizationId = _organization.Id,
|
||||
Name = _mockEncryptedString
|
||||
});
|
||||
var projectIds = new[] { project.Id };
|
||||
var secretRequest = new SecretCreateRequestModel()
|
||||
{
|
||||
Key = _mockEncryptedString,
|
||||
Value = _mockEncryptedString,
|
||||
Note = _mockEncryptedString,
|
||||
ProjectIds = projectIds,
|
||||
};
|
||||
var secretResponse = await _client.PostAsJsonAsync($"/organizations/{_organization.Id}/secrets", secretRequest);
|
||||
secretResponse.EnsureSuccessStatusCode();
|
||||
var secretResult = await secretResponse.Content.ReadFromJsonAsync<SecretResponseModel>();
|
||||
|
||||
var secret = (await _secretRepository.GetManyByProjectIdAsync(project.Id)).First();
|
||||
|
||||
Assert.NotNull(secretResult);
|
||||
Assert.Equal(secret.Id.ToString(), secretResult!.Id);
|
||||
Assert.Equal(secret.OrganizationId.ToString(), secretResult.OrganizationId);
|
||||
Assert.Equal(secret.Key, secretResult.Key);
|
||||
Assert.Equal(secret.Value, secretResult.Value);
|
||||
Assert.Equal(secret.Note, secretResult.Note);
|
||||
Assert.Equal(secret.CreationDate, secretResult.CreationDate);
|
||||
Assert.Equal(secret.RevisionDate, secretResult.RevisionDate);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task UpdateSecret()
|
||||
{
|
||||
var initialSecret = await _secretRepository.CreateAsync(new Secret
|
||||
{
|
||||
OrganizationId = _organization.Id,
|
||||
Key = _mockEncryptedString,
|
||||
Value = _mockEncryptedString,
|
||||
Note = _mockEncryptedString
|
||||
});
|
||||
|
||||
var request = new SecretUpdateRequestModel()
|
||||
{
|
||||
Key = _mockEncryptedString,
|
||||
Value = "2.3Uk+WNBIoU5xzmVFNcoWzz==|1MsPIYuRfdOHfu/0uY6H2Q==|/98xy4wb6pHP1VTZ9JcNCYgQjEUMFPlqJgCwRk1YXKg=",
|
||||
Note = _mockEncryptedString
|
||||
};
|
||||
|
||||
var response = await _client.PutAsJsonAsync($"/secrets/{initialSecret.Id}", request);
|
||||
response.EnsureSuccessStatusCode();
|
||||
var result = await response.Content.ReadFromJsonAsync<SecretResponseModel>();
|
||||
Assert.Equal(request.Key, result!.Key);
|
||||
Assert.Equal(request.Value, result.Value);
|
||||
Assert.NotEqual(initialSecret.Value, result.Value);
|
||||
Assert.Equal(request.Note, result.Note);
|
||||
AssertHelper.AssertRecent(result.RevisionDate);
|
||||
Assert.NotEqual(initialSecret.RevisionDate, result.RevisionDate);
|
||||
|
||||
var updatedSecret = await _secretRepository.GetByIdAsync(new Guid(result.Id));
|
||||
Assert.NotNull(result);
|
||||
Assert.Equal(request.Key, updatedSecret.Key);
|
||||
Assert.Equal(request.Value, updatedSecret.Value);
|
||||
Assert.Equal(request.Note, updatedSecret.Note);
|
||||
AssertHelper.AssertRecent(updatedSecret.RevisionDate);
|
||||
AssertHelper.AssertRecent(updatedSecret.CreationDate);
|
||||
Assert.Null(updatedSecret.DeletedDate);
|
||||
Assert.NotEqual(initialSecret.Value, updatedSecret.Value);
|
||||
Assert.NotEqual(initialSecret.RevisionDate, updatedSecret.RevisionDate);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task DeleteSecrets()
|
||||
{
|
||||
var secretsToDelete = 3;
|
||||
var secretIds = new List<Guid>();
|
||||
for (var i = 0; i < secretsToDelete; i++)
|
||||
{
|
||||
var secret = await _secretRepository.CreateAsync(new Secret
|
||||
{
|
||||
OrganizationId = _organization.Id,
|
||||
Key = _mockEncryptedString,
|
||||
Value = _mockEncryptedString,
|
||||
Note = _mockEncryptedString
|
||||
});
|
||||
secretIds.Add(secret.Id);
|
||||
}
|
||||
|
||||
var response = await _client.PostAsync("/secrets/delete", JsonContent.Create(secretIds));
|
||||
response.EnsureSuccessStatusCode();
|
||||
|
||||
var results = await response.Content.ReadFromJsonAsync<ListResponseModel<BulkDeleteResponseModel>>();
|
||||
Assert.NotNull(results);
|
||||
|
||||
var index = 0;
|
||||
foreach (var result in results!.Data)
|
||||
{
|
||||
Assert.Equal(secretIds[index], result.Id);
|
||||
Assert.Null(result.Error);
|
||||
index++;
|
||||
}
|
||||
|
||||
var secrets = await _secretRepository.GetManyByIds(secretIds);
|
||||
Assert.Empty(secrets);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task GetSecret()
|
||||
{
|
||||
var createdSecret = await _secretRepository.CreateAsync(new Secret
|
||||
{
|
||||
OrganizationId = _organization.Id,
|
||||
Key = _mockEncryptedString,
|
||||
Value = _mockEncryptedString,
|
||||
Note = _mockEncryptedString
|
||||
});
|
||||
|
||||
|
||||
var response = await _client.GetAsync($"/secrets/{createdSecret.Id}");
|
||||
response.EnsureSuccessStatusCode();
|
||||
var result = await response.Content.ReadFromJsonAsync<SecretResponseModel>();
|
||||
Assert.Equal(createdSecret.Key, result!.Key);
|
||||
Assert.Equal(createdSecret.Value, result.Value);
|
||||
Assert.Equal(createdSecret.Note, result.Note);
|
||||
Assert.Equal(createdSecret.RevisionDate, result.RevisionDate);
|
||||
Assert.Equal(createdSecret.CreationDate, result.CreationDate);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task GetSecretsByOrganization()
|
||||
{
|
||||
var secretsToCreate = 3;
|
||||
var secretIds = new List<Guid>();
|
||||
for (var i = 0; i < secretsToCreate; i++)
|
||||
{
|
||||
var secret = await _secretRepository.CreateAsync(new Secret
|
||||
{
|
||||
OrganizationId = _organization.Id,
|
||||
Key = _mockEncryptedString,
|
||||
Value = _mockEncryptedString,
|
||||
Note = _mockEncryptedString
|
||||
});
|
||||
secretIds.Add(secret.Id);
|
||||
}
|
||||
|
||||
var response = await _client.GetAsync($"/organizations/{_organization.Id}/secrets");
|
||||
response.EnsureSuccessStatusCode();
|
||||
|
||||
var result = await response.Content.ReadFromJsonAsync<SecretWithProjectsListResponseModel>();
|
||||
Assert.NotNull(result);
|
||||
Assert.NotEmpty(result!.Secrets);
|
||||
Assert.Equal(secretIds.Count, result.Secrets.Count());
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,444 @@
|
||||
using System.Net;
|
||||
using System.Net.Http.Headers;
|
||||
using Bit.Api.IntegrationTest.Factories;
|
||||
using Bit.Api.IntegrationTest.Helpers;
|
||||
using Bit.Api.Models.Response;
|
||||
using Bit.Api.SecretsManager.Models.Request;
|
||||
using Bit.Api.SecretsManager.Models.Response;
|
||||
using Bit.Core.Entities;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.SecretsManager.Entities;
|
||||
using Bit.Core.SecretsManager.Repositories;
|
||||
using Bit.Test.Common.Helpers;
|
||||
using Xunit;
|
||||
|
||||
namespace Bit.Api.IntegrationTest.SecretsManager.Controllers;
|
||||
|
||||
public class ServiceAccountsControllerTest : IClassFixture<ApiApplicationFactory>, IAsyncLifetime
|
||||
{
|
||||
private const string _mockEncryptedString =
|
||||
"2.3Uk+WNBIoU5xzmVFNcoWzz==|1MsPIYuRfdOHfu/0uY6H2Q==|/98sp4wb6pHP1VTZ9JcNCYgQjEUMFPlqJgCwRk1YXKg=";
|
||||
|
||||
private const string _mockNewName =
|
||||
"2.3AZ+WNBIoU5xzmVFNcoWzz==|1MsPIYuRfdOHfu/0uY6H2Q==|/98xy4wb6pHP1VTZ9JcNCYgQjEUMFPlqJgCwRk1YXKg=";
|
||||
|
||||
private readonly IAccessPolicyRepository _accessPolicyRepository;
|
||||
private readonly HttpClient _client;
|
||||
private readonly ApiApplicationFactory _factory;
|
||||
private readonly IServiceAccountRepository _serviceAccountRepository;
|
||||
private Organization _organization = null!;
|
||||
|
||||
|
||||
public ServiceAccountsControllerTest(ApiApplicationFactory factory)
|
||||
{
|
||||
_factory = factory;
|
||||
_client = _factory.CreateClient();
|
||||
_serviceAccountRepository = _factory.GetService<IServiceAccountRepository>();
|
||||
_accessPolicyRepository = _factory.GetService<IAccessPolicyRepository>();
|
||||
}
|
||||
|
||||
public async Task InitializeAsync()
|
||||
{
|
||||
var ownerEmail = $"integration-test{Guid.NewGuid()}@bitwarden.com";
|
||||
await _factory.LoginWithNewAccount(ownerEmail);
|
||||
(_organization, _) =
|
||||
await OrganizationTestHelpers.SignUpAsync(_factory, ownerEmail: ownerEmail, billingEmail: ownerEmail);
|
||||
var tokens = await _factory.LoginAsync(ownerEmail);
|
||||
_client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token);
|
||||
}
|
||||
|
||||
public Task DisposeAsync() => Task.CompletedTask;
|
||||
|
||||
[Fact]
|
||||
public async Task GetServiceAccountsByOrganization_Admin()
|
||||
{
|
||||
var serviceAccountIds = await SetupGetServiceAccountsByOrganizationAsync();
|
||||
|
||||
var response = await _client.GetAsync($"/organizations/{_organization.Id}/service-accounts");
|
||||
response.EnsureSuccessStatusCode();
|
||||
var result = await response.Content.ReadFromJsonAsync<ListResponseModel<ServiceAccountResponseModel>>();
|
||||
|
||||
Assert.NotNull(result);
|
||||
Assert.NotEmpty(result!.Data);
|
||||
Assert.Equal(serviceAccountIds.Count, result.Data.Count());
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task GetServiceAccountsByOrganization_User_Success()
|
||||
{
|
||||
// Create a new account as a user
|
||||
var user = await LoginAsNewOrgUserAsync();
|
||||
|
||||
var serviceAccountIds = await SetupGetServiceAccountsByOrganizationAsync();
|
||||
|
||||
var accessPolicies = serviceAccountIds.Select(
|
||||
id => new UserServiceAccountAccessPolicy
|
||||
{
|
||||
OrganizationUserId = user.Id,
|
||||
GrantedServiceAccountId = id,
|
||||
Read = true,
|
||||
Write = false,
|
||||
}).Cast<BaseAccessPolicy>().ToList();
|
||||
|
||||
|
||||
await _accessPolicyRepository.CreateManyAsync(accessPolicies);
|
||||
|
||||
|
||||
var response = await _client.GetAsync($"/organizations/{_organization.Id}/service-accounts");
|
||||
response.EnsureSuccessStatusCode();
|
||||
var result = await response.Content.ReadFromJsonAsync<ListResponseModel<ServiceAccountResponseModel>>();
|
||||
|
||||
Assert.NotNull(result);
|
||||
Assert.NotEmpty(result!.Data);
|
||||
Assert.Equal(serviceAccountIds.Count, result.Data.Count());
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task GetServiceAccountsByOrganization_User_NoPermission()
|
||||
{
|
||||
// Create a new account as a user
|
||||
await LoginAsNewOrgUserAsync();
|
||||
await SetupGetServiceAccountsByOrganizationAsync();
|
||||
|
||||
var response = await _client.GetAsync($"/organizations/{_organization.Id}/service-accounts");
|
||||
response.EnsureSuccessStatusCode();
|
||||
var result = await response.Content.ReadFromJsonAsync<ListResponseModel<ServiceAccountResponseModel>>();
|
||||
|
||||
Assert.NotNull(result);
|
||||
Assert.Empty(result!.Data);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task CreateServiceAccount_Admin()
|
||||
{
|
||||
var request = new ServiceAccountCreateRequestModel { Name = _mockEncryptedString };
|
||||
|
||||
var response = await _client.PostAsJsonAsync($"/organizations/{_organization.Id}/service-accounts", request);
|
||||
response.EnsureSuccessStatusCode();
|
||||
var result = await response.Content.ReadFromJsonAsync<ServiceAccountResponseModel>();
|
||||
|
||||
Assert.NotNull(result);
|
||||
Assert.Equal(request.Name, result!.Name);
|
||||
AssertHelper.AssertRecent(result.RevisionDate);
|
||||
AssertHelper.AssertRecent(result.CreationDate);
|
||||
|
||||
var createdServiceAccount = await _serviceAccountRepository.GetByIdAsync(new Guid(result.Id));
|
||||
Assert.NotNull(result);
|
||||
Assert.Equal(request.Name, createdServiceAccount.Name);
|
||||
AssertHelper.AssertRecent(createdServiceAccount.RevisionDate);
|
||||
AssertHelper.AssertRecent(createdServiceAccount.CreationDate);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task CreateServiceAccount_User_NoPermissions()
|
||||
{
|
||||
// Create a new account as a user
|
||||
await LoginAsNewOrgUserAsync();
|
||||
|
||||
var request = new ServiceAccountCreateRequestModel { Name = _mockEncryptedString };
|
||||
|
||||
var response = await _client.PostAsJsonAsync($"/organizations/{_organization.Id}/service-accounts", request);
|
||||
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task UpdateServiceAccount_Admin()
|
||||
{
|
||||
var initialServiceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
OrganizationId = _organization.Id,
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
|
||||
var request = new ServiceAccountUpdateRequestModel { Name = _mockNewName };
|
||||
|
||||
var response = await _client.PutAsJsonAsync($"/service-accounts/{initialServiceAccount.Id}", request);
|
||||
response.EnsureSuccessStatusCode();
|
||||
var result = await response.Content.ReadFromJsonAsync<ServiceAccountResponseModel>();
|
||||
Assert.NotNull(result);
|
||||
Assert.Equal(request.Name, result!.Name);
|
||||
Assert.NotEqual(initialServiceAccount.Name, result.Name);
|
||||
AssertHelper.AssertRecent(result.RevisionDate);
|
||||
Assert.NotEqual(initialServiceAccount.RevisionDate, result.RevisionDate);
|
||||
|
||||
var updatedServiceAccount = await _serviceAccountRepository.GetByIdAsync(initialServiceAccount.Id);
|
||||
Assert.NotNull(result);
|
||||
Assert.Equal(request.Name, updatedServiceAccount.Name);
|
||||
AssertHelper.AssertRecent(updatedServiceAccount.RevisionDate);
|
||||
AssertHelper.AssertRecent(updatedServiceAccount.CreationDate);
|
||||
Assert.NotEqual(initialServiceAccount.Name, updatedServiceAccount.Name);
|
||||
Assert.NotEqual(initialServiceAccount.RevisionDate, updatedServiceAccount.RevisionDate);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task UpdateServiceAccount_User_WithPermission()
|
||||
{
|
||||
// Create a new account as a user
|
||||
var user = await LoginAsNewOrgUserAsync();
|
||||
|
||||
var initialServiceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
OrganizationId = _organization.Id,
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
|
||||
await CreateUserServiceAccountAccessPolicyAsync(user.Id, initialServiceAccount.Id, true, true);
|
||||
|
||||
var request = new ServiceAccountUpdateRequestModel { Name = _mockNewName };
|
||||
|
||||
var response = await _client.PutAsJsonAsync($"/service-accounts/{initialServiceAccount.Id}", request);
|
||||
response.EnsureSuccessStatusCode();
|
||||
var result = await response.Content.ReadFromJsonAsync<ServiceAccountResponseModel>();
|
||||
Assert.NotNull(result);
|
||||
Assert.Equal(request.Name, result!.Name);
|
||||
Assert.NotEqual(initialServiceAccount.Name, result.Name);
|
||||
AssertHelper.AssertRecent(result.RevisionDate);
|
||||
Assert.NotEqual(initialServiceAccount.RevisionDate, result.RevisionDate);
|
||||
|
||||
var updatedServiceAccount = await _serviceAccountRepository.GetByIdAsync(initialServiceAccount.Id);
|
||||
Assert.NotNull(result);
|
||||
Assert.Equal(request.Name, updatedServiceAccount.Name);
|
||||
AssertHelper.AssertRecent(updatedServiceAccount.RevisionDate);
|
||||
AssertHelper.AssertRecent(updatedServiceAccount.CreationDate);
|
||||
Assert.NotEqual(initialServiceAccount.Name, updatedServiceAccount.Name);
|
||||
Assert.NotEqual(initialServiceAccount.RevisionDate, updatedServiceAccount.RevisionDate);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task UpdateServiceAccount_User_NoPermissions()
|
||||
{
|
||||
// Create a new account as a user
|
||||
await LoginAsNewOrgUserAsync();
|
||||
|
||||
var initialServiceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
OrganizationId = _organization.Id,
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
|
||||
var request = new ServiceAccountUpdateRequestModel { Name = _mockNewName };
|
||||
|
||||
var response = await _client.PutAsJsonAsync($"/service-accounts/{initialServiceAccount.Id}", request);
|
||||
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task CreateServiceAccountAccessToken_Admin()
|
||||
{
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
OrganizationId = _organization.Id,
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
|
||||
var mockExpiresAt = DateTime.UtcNow.AddDays(30);
|
||||
var request = new AccessTokenCreateRequestModel
|
||||
{
|
||||
Name = _mockEncryptedString,
|
||||
EncryptedPayload = _mockEncryptedString,
|
||||
Key = _mockEncryptedString,
|
||||
ExpireAt = mockExpiresAt,
|
||||
};
|
||||
|
||||
var response = await _client.PostAsJsonAsync($"/service-accounts/{serviceAccount.Id}/access-tokens", request);
|
||||
response.EnsureSuccessStatusCode();
|
||||
var result = await response.Content.ReadFromJsonAsync<AccessTokenCreationResponseModel>();
|
||||
|
||||
Assert.NotNull(result);
|
||||
Assert.Equal(request.Name, result!.Name);
|
||||
Assert.NotNull(result.ClientSecret);
|
||||
Assert.Equal(mockExpiresAt, result.ExpireAt);
|
||||
AssertHelper.AssertRecent(result.RevisionDate);
|
||||
AssertHelper.AssertRecent(result.CreationDate);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task CreateServiceAccountAccessToken_User_WithPermission()
|
||||
{
|
||||
// Create a new account as a user
|
||||
var user = await LoginAsNewOrgUserAsync();
|
||||
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
OrganizationId = _organization.Id,
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
|
||||
await CreateUserServiceAccountAccessPolicyAsync(user.Id, serviceAccount.Id, true, true);
|
||||
|
||||
var mockExpiresAt = DateTime.UtcNow.AddDays(30);
|
||||
var request = new AccessTokenCreateRequestModel
|
||||
{
|
||||
Name = _mockEncryptedString,
|
||||
EncryptedPayload = _mockEncryptedString,
|
||||
Key = _mockEncryptedString,
|
||||
ExpireAt = mockExpiresAt,
|
||||
};
|
||||
|
||||
var response = await _client.PostAsJsonAsync($"/service-accounts/{serviceAccount.Id}/access-tokens", request);
|
||||
response.EnsureSuccessStatusCode();
|
||||
var result = await response.Content.ReadFromJsonAsync<AccessTokenCreationResponseModel>();
|
||||
|
||||
Assert.NotNull(result);
|
||||
Assert.Equal(request.Name, result!.Name);
|
||||
Assert.NotNull(result.ClientSecret);
|
||||
Assert.Equal(mockExpiresAt, result.ExpireAt);
|
||||
AssertHelper.AssertRecent(result.RevisionDate);
|
||||
AssertHelper.AssertRecent(result.CreationDate);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task CreateServiceAccountAccessToken_User_NoPermission()
|
||||
{
|
||||
// Create a new account as a user
|
||||
await LoginAsNewOrgUserAsync();
|
||||
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
OrganizationId = _organization.Id,
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
|
||||
var mockExpiresAt = DateTime.UtcNow.AddDays(30);
|
||||
var request = new AccessTokenCreateRequestModel
|
||||
{
|
||||
Name = _mockEncryptedString,
|
||||
EncryptedPayload = _mockEncryptedString,
|
||||
Key = _mockEncryptedString,
|
||||
ExpireAt = mockExpiresAt,
|
||||
};
|
||||
|
||||
var response = await _client.PostAsJsonAsync($"/service-accounts/{serviceAccount.Id}/access-tokens", request);
|
||||
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task CreateServiceAccountAccessTokenExpireAtNullAsync_Admin()
|
||||
{
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
OrganizationId = _organization.Id,
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
|
||||
var request = new AccessTokenCreateRequestModel
|
||||
{
|
||||
Name = _mockEncryptedString,
|
||||
EncryptedPayload = _mockEncryptedString,
|
||||
Key = _mockEncryptedString,
|
||||
ExpireAt = null,
|
||||
};
|
||||
|
||||
var response = await _client.PostAsJsonAsync($"/service-accounts/{serviceAccount.Id}/access-tokens", request);
|
||||
response.EnsureSuccessStatusCode();
|
||||
var result = await response.Content.ReadFromJsonAsync<AccessTokenCreationResponseModel>();
|
||||
|
||||
Assert.NotNull(result);
|
||||
Assert.Equal(request.Name, result!.Name);
|
||||
Assert.NotNull(result.ClientSecret);
|
||||
Assert.Null(result.ExpireAt);
|
||||
AssertHelper.AssertRecent(result.RevisionDate);
|
||||
AssertHelper.AssertRecent(result.CreationDate);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task CreateServiceAccountAccessTokenExpireAtNullAsync_User_WithPermission()
|
||||
{
|
||||
// Create a new account as a user
|
||||
var user = await LoginAsNewOrgUserAsync();
|
||||
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
OrganizationId = _organization.Id,
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
|
||||
await CreateUserServiceAccountAccessPolicyAsync(user.Id, serviceAccount.Id, true, true);
|
||||
|
||||
var request = new AccessTokenCreateRequestModel
|
||||
{
|
||||
Name = _mockEncryptedString,
|
||||
EncryptedPayload = _mockEncryptedString,
|
||||
Key = _mockEncryptedString,
|
||||
ExpireAt = null,
|
||||
};
|
||||
|
||||
var response = await _client.PostAsJsonAsync($"/service-accounts/{serviceAccount.Id}/access-tokens", request);
|
||||
response.EnsureSuccessStatusCode();
|
||||
var result = await response.Content.ReadFromJsonAsync<AccessTokenCreationResponseModel>();
|
||||
|
||||
Assert.NotNull(result);
|
||||
Assert.Equal(request.Name, result!.Name);
|
||||
Assert.NotNull(result.ClientSecret);
|
||||
Assert.Null(result.ExpireAt);
|
||||
AssertHelper.AssertRecent(result.RevisionDate);
|
||||
AssertHelper.AssertRecent(result.CreationDate);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task CreateServiceAccountAccessTokenExpireAtNullAsync_User_NoPermission()
|
||||
{
|
||||
// Create a new account as a user
|
||||
await LoginAsNewOrgUserAsync();
|
||||
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
OrganizationId = _organization.Id,
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
|
||||
var request = new AccessTokenCreateRequestModel
|
||||
{
|
||||
Name = _mockEncryptedString,
|
||||
EncryptedPayload = _mockEncryptedString,
|
||||
Key = _mockEncryptedString,
|
||||
ExpireAt = null,
|
||||
};
|
||||
|
||||
var response = await _client.PostAsJsonAsync($"/service-accounts/{serviceAccount.Id}/access-tokens", request);
|
||||
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
|
||||
}
|
||||
|
||||
private async Task<List<Guid>> SetupGetServiceAccountsByOrganizationAsync()
|
||||
{
|
||||
const int serviceAccountsToCreate = 3;
|
||||
var serviceAccountIds = new List<Guid>();
|
||||
for (var i = 0; i < serviceAccountsToCreate; i++)
|
||||
{
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
OrganizationId = _organization.Id,
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
serviceAccountIds.Add(serviceAccount.Id);
|
||||
}
|
||||
|
||||
return serviceAccountIds;
|
||||
}
|
||||
|
||||
private async Task CreateUserServiceAccountAccessPolicyAsync(Guid userId, Guid serviceAccountId, bool read,
|
||||
bool write)
|
||||
{
|
||||
var accessPolicies = new List<BaseAccessPolicy>
|
||||
{
|
||||
new UserServiceAccountAccessPolicy
|
||||
{
|
||||
OrganizationUserId = userId,
|
||||
GrantedServiceAccountId = serviceAccountId,
|
||||
Read = read,
|
||||
Write = write,
|
||||
},
|
||||
};
|
||||
await _accessPolicyRepository.CreateManyAsync(accessPolicies);
|
||||
}
|
||||
|
||||
private async Task<OrganizationUser> LoginAsNewOrgUserAsync(OrganizationUserType type = OrganizationUserType.User)
|
||||
{
|
||||
var email = $"integration-test{Guid.NewGuid()}@bitwarden.com";
|
||||
await _factory.LoginWithNewAccount(email);
|
||||
var orgUser = await OrganizationTestHelpers.CreateUserAsync(_factory, _organization.Id, email, type);
|
||||
var tokens = await _factory.LoginAsync(email);
|
||||
_client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token);
|
||||
return orgUser;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user