[PM-22098] Create default collection when organization member is confirmed (#5944)

* Add RequiresDefaultCollection method to PersonalOwnershipPolicyRequirement * Add CreateDefaultLocation feature flag to Constants.cs * Add DefaultUserCollectionName property to OrganizationUserConfirmRequestModel with encryption attributes * Update PersonalOwnershipPolicyRequirement instantiation in tests to use constructor with parameters instead of property assignment * Enhance ConfirmOrganizationUserCommand to support default user collection creation. Added logic to check if a default collection is required based on organization policies and feature flags. Updated ConfirmUserAsync method signature to include an optional defaultUserCollectionName parameter. Added corresponding tests to validate the new functionality. * Refactor Confirm method in OrganizationUsersController to use Guid parameters directly, simplifying the code. Updated ConfirmUserAsync call to include DefaultUserCollectionName from the input model. * Move logic for handling confirmation side effects into a separate method * Refactor PersonalOwnershipPolicyRequirement to use enum for ownership state - Introduced PersonalOwnershipState enum to represent allowed and restricted states. - Updated PersonalOwnershipPolicyRequirement constructor and properties to utilize the new enum. - Modified related classes and tests to reflect changes in ownership state handling.
2025-07-01 08:02:49 -05:00 · 2025-06-17 12:20:22 +01:00
parent b8244908ec
commit 5ffa937914
12 changed files with 254 additions and 21 deletions
--- a/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/ConfirmOrganizationUserCommandTests.cs
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/ConfirmOrganizationUserCommandTests.cs
@ -10,6 +10,7 @@ using Bit.Core.Billing.Enums;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
+using Bit.Core.Models.Data;
 using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
@ -442,4 +443,98 @@ public class ConfirmOrganizationUserCommandTests
        await sutProvider.GetDependency<IMailService>().Received(1).SendOrganizationConfirmedEmailAsync(org.DisplayName(), user.Email, orgUser.AccessSecretsManager);
        await organizationUserRepository.Received(1).ReplaceManyAsync(Arg.Is<List<OrganizationUser>>(users => users.Contains(orgUser) && users.Count == 1));
    }
+
+    [Theory, BitAutoData]
+    public async Task ConfirmUserAsync_WithCreateDefaultLocationEnabled_WithPersonalOwnershipPolicyApplicable_WithValidCollectionName_CreatesDefaultCollection(
+        Organization organization, OrganizationUser confirmingUser,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser orgUser, User user,
+        string key, string collectionName, SutProvider<ConfirmOrganizationUserCommand> sutProvider)
+    {
+        organization.PlanType = PlanType.EnterpriseAnnually;
+        orgUser.OrganizationId = confirmingUser.OrganizationId = organization.Id;
+        orgUser.UserId = user.Id;
+
+        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
+        sutProvider.GetDependency<IOrganizationUserRepository>().GetManyAsync(default).ReturnsForAnyArgs(new[] { orgUser });
+        sutProvider.GetDependency<IUserRepository>().GetManyAsync(default).ReturnsForAnyArgs(new[] { user });
+
+        sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.CreateDefaultLocation).Returns(true);
+
+        sutProvider.GetDependency<IPolicyRequirementQuery>()
+            .GetAsync<PersonalOwnershipPolicyRequirement>(user.Id)
+            .Returns(new PersonalOwnershipPolicyRequirement(
+                PersonalOwnershipState.Restricted,
+                [organization.Id]));
+
+        await sutProvider.Sut.ConfirmUserAsync(orgUser.OrganizationId, orgUser.Id, key, confirmingUser.Id, collectionName);
+
+        await sutProvider.GetDependency<ICollectionRepository>()
+            .Received(1)
+            .CreateAsync(
+                Arg.Is<Collection>(c => c.Name == collectionName &&
+                    c.OrganizationId == organization.Id &&
+                    c.Type == CollectionType.DefaultUserCollection),
+                Arg.Is<IEnumerable<CollectionAccessSelection>>(groups => groups == null),
+                Arg.Is<IEnumerable<CollectionAccessSelection>>(u =>
+                    u.Count() == 1 &&
+                    u.First().Id == orgUser.Id &&
+                    u.First().Manage == true));
+    }
+
+    [Theory, BitAutoData]
+    public async Task ConfirmUserAsync_WithCreateDefaultLocationEnabled_WithPersonalOwnershipPolicyApplicable_WithInvalidCollectionName_DoesNotCreateDefaultCollection(
+        Organization org, OrganizationUser confirmingUser,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser orgUser, User user,
+        string key, SutProvider<ConfirmOrganizationUserCommand> sutProvider)
+    {
+        org.PlanType = PlanType.EnterpriseAnnually;
+        orgUser.OrganizationId = confirmingUser.OrganizationId = org.Id;
+        orgUser.UserId = user.Id;
+
+        sutProvider.GetDependency<IOrganizationUserRepository>().GetManyAsync(default).ReturnsForAnyArgs(new[] { orgUser });
+        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(org.Id).Returns(org);
+        sutProvider.GetDependency<IUserRepository>().GetManyAsync(default).ReturnsForAnyArgs(new[] { user });
+
+        sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.CreateDefaultLocation).Returns(true);
+
+        sutProvider.GetDependency<IPolicyRequirementQuery>()
+            .GetAsync<PersonalOwnershipPolicyRequirement>(user.Id)
+            .Returns(new PersonalOwnershipPolicyRequirement(
+                PersonalOwnershipState.Restricted,
+                [org.Id]));
+
+        await sutProvider.Sut.ConfirmUserAsync(orgUser.OrganizationId, orgUser.Id, key, confirmingUser.Id, "");
+
+        await sutProvider.GetDependency<ICollectionRepository>()
+            .DidNotReceive()
+            .CreateAsync(Arg.Any<Collection>(), Arg.Any<IEnumerable<CollectionAccessSelection>>(), Arg.Any<IEnumerable<CollectionAccessSelection>>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task ConfirmUserAsync_WithCreateDefaultLocationEnabled_WithPersonalOwnershipPolicyNotApplicable_DoesNotCreateDefaultCollection(
+        Organization org, OrganizationUser confirmingUser,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser orgUser, User user,
+        string key, string collectionName, SutProvider<ConfirmOrganizationUserCommand> sutProvider)
+    {
+        org.PlanType = PlanType.EnterpriseAnnually;
+        orgUser.OrganizationId = confirmingUser.OrganizationId = org.Id;
+        orgUser.UserId = user.Id;
+
+        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(org.Id).Returns(org);
+        sutProvider.GetDependency<IOrganizationUserRepository>().GetManyAsync(default).ReturnsForAnyArgs(new[] { orgUser });
+        sutProvider.GetDependency<IUserRepository>().GetManyAsync(default).ReturnsForAnyArgs(new[] { user });
+        sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.CreateDefaultLocation).Returns(true);
+
+        sutProvider.GetDependency<IPolicyRequirementQuery>()
+            .GetAsync<PersonalOwnershipPolicyRequirement>(user.Id)
+            .Returns(new PersonalOwnershipPolicyRequirement(
+                PersonalOwnershipState.Restricted,
+                [Guid.NewGuid()]));
+
+        await sutProvider.Sut.ConfirmUserAsync(orgUser.OrganizationId, orgUser.Id, key, confirmingUser.Id, collectionName);
+
+        await sutProvider.GetDependency<ICollectionRepository>()
+            .DidNotReceive()
+            .CreateAsync(Arg.Any<Collection>(), Arg.Any<IEnumerable<CollectionAccessSelection>>(), Arg.Any<IEnumerable<CollectionAccessSelection>>());
+    }
 }
--- a/test/Core.Test/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/PersonalOwnershipPolicyRequirementFactoryTests.cs
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/PersonalOwnershipPolicyRequirementFactoryTests.cs
@ -12,20 +12,42 @@ namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.Policies.PolicyRequire
 public class PersonalOwnershipPolicyRequirementFactoryTests
 {
    [Theory, BitAutoData]
-    public void DisablePersonalOwnership_WithNoPolicies_ReturnsFalse(SutProvider<PersonalOwnershipPolicyRequirementFactory> sutProvider)
+    public void State_WithNoPolicies_ReturnsAllowed(SutProvider<PersonalOwnershipPolicyRequirementFactory> sutProvider)
    {
        var actual = sutProvider.Sut.Create([]);

-        Assert.False(actual.DisablePersonalOwnership);
+        Assert.Equal(PersonalOwnershipState.Allowed, actual.State);
    }

    [Theory, BitAutoData]
-    public void DisablePersonalOwnership_WithPersonalOwnershipPolicies_ReturnsTrue(
+    public void State_WithPersonalOwnershipPolicies_ReturnsRestricted(
        [PolicyDetails(PolicyType.PersonalOwnership)] PolicyDetails[] policies,
        SutProvider<PersonalOwnershipPolicyRequirementFactory> sutProvider)
    {
        var actual = sutProvider.Sut.Create(policies);

-        Assert.True(actual.DisablePersonalOwnership);
+        Assert.Equal(PersonalOwnershipState.Restricted, actual.State);
+    }
+
+    [Theory, BitAutoData]
+    public void RequiresDefaultCollection_WithNoPolicies_ReturnsFalse(
+        Guid organizationId,
+        SutProvider<PersonalOwnershipPolicyRequirementFactory> sutProvider)
+    {
+        var actual = sutProvider.Sut.Create([]);
+
+        Assert.False(actual.RequiresDefaultCollection(organizationId));
+    }
+
+    [Theory, BitAutoData]
+    public void RequiresDefaultCollection_WithPersonalOwnershipPolicies_ReturnsCorrectResult(
+        [PolicyDetails(PolicyType.PersonalOwnership)] PolicyDetails[] policies,
+        Guid nonPolicyOrganizationId,
+        SutProvider<PersonalOwnershipPolicyRequirementFactory> sutProvider)
+    {
+        var actual = sutProvider.Sut.Create(policies);
+
+        Assert.True(actual.RequiresDefaultCollection(policies[0].OrganizationId));
+        Assert.False(actual.RequiresDefaultCollection(nonPolicyOrganizationId));
    }
 }
--- a/test/Core.Test/Tools/ImportFeatures/ImportCiphersAsyncCommandTests.cs
+++ b/test/Core.Test/Tools/ImportFeatures/ImportCiphersAsyncCommandTests.cs
@ -62,7 +62,9 @@ public class ImportCiphersAsyncCommandTests

        sutProvider.GetDependency<IPolicyRequirementQuery>()
            .GetAsync<PersonalOwnershipPolicyRequirement>(importingUserId)
-            .Returns(new PersonalOwnershipPolicyRequirement { DisablePersonalOwnership = false });
+            .Returns(new PersonalOwnershipPolicyRequirement(
+                PersonalOwnershipState.Allowed,
+                []));

        sutProvider.GetDependency<IFolderRepository>()
            .GetManyByUserIdAsync(importingUserId)
@ -116,7 +118,9 @@ public class ImportCiphersAsyncCommandTests

        sutProvider.GetDependency<IPolicyRequirementQuery>()
            .GetAsync<PersonalOwnershipPolicyRequirement>(userId)
-            .Returns(new PersonalOwnershipPolicyRequirement { DisablePersonalOwnership = true });
+            .Returns(new PersonalOwnershipPolicyRequirement(
+                PersonalOwnershipState.Restricted,
+                [Guid.NewGuid()]));

        var folderRelationships = new List<KeyValuePair<int, int>>();

--- a/test/Core.Test/Vault/Services/CipherServiceTests.cs
+++ b/test/Core.Test/Vault/Services/CipherServiceTests.cs
@ -171,7 +171,9 @@ public class CipherServiceTests

        sutProvider.GetDependency<IPolicyRequirementQuery>()
            .GetAsync<PersonalOwnershipPolicyRequirement>(savingUserId)
-            .Returns(new PersonalOwnershipPolicyRequirement { DisablePersonalOwnership = true });
+            .Returns(new PersonalOwnershipPolicyRequirement(
+                PersonalOwnershipState.Restricted,
+                [Guid.NewGuid()]));

        var exception = await Assert.ThrowsAsync<BadRequestException>(
            () => sutProvider.Sut.SaveDetailsAsync(cipher, savingUserId, null));
@ -195,7 +197,9 @@ public class CipherServiceTests

        sutProvider.GetDependency<IPolicyRequirementQuery>()
            .GetAsync<PersonalOwnershipPolicyRequirement>(savingUserId)
-            .Returns(new PersonalOwnershipPolicyRequirement { DisablePersonalOwnership = false });
+            .Returns(new PersonalOwnershipPolicyRequirement(
+                PersonalOwnershipState.Allowed,
+                []));

        await sutProvider.Sut.SaveDetailsAsync(cipher, savingUserId, null);