nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-05 05:00:19 -05:00
Code

[Emergency Access] Add premium check (#1815)

Browse Source
This commit is contained in:
Oscar Hinton 2022-01-18 16:05:12 +01:00 committed by GitHub
parent 0def1830af
commit 68a8092235
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 34 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Api/Controllers/EmergencyAccessController.cs
View File

@ -85,8 +85,8 @@ namespace Bit.Api.Controllers
throw new NotFoundException();
}
var userId = _userService.GetProperUserId(User);
await _emergencyAccessService.SaveAsync(model.ToEmergencyAccess(emergencyAccess), userId.Value);
var user = await _userService.GetUserByPrincipalAsync(User);
await _emergencyAccessService.SaveAsync(model.ToEmergencyAccess(emergencyAccess), user);
}
[HttpDelete("{id}")]

2
src/Core/Services/IEmergencyAccessService.cs
View File

@ -15,7 +15,7 @@ namespace Bit.Core.Services
Task DeleteAsync(Guid emergencyAccessId, Guid grantorId);
Task<EmergencyAccess> ConfirmUserAsync(Guid emergencyAccessId, string key, Guid grantorId);
Task<EmergencyAccessDetails> GetAsync(Guid emergencyAccessId, Guid userId);
Task SaveAsync(EmergencyAccess emergencyAccess, Guid savingUserId);
Task SaveAsync(EmergencyAccess emergencyAccess, User savingUser);
Task InitiateAsync(Guid id, User initiatingUser);
Task ApproveAsync(Guid id, User approvingUser);
Task RejectAsync(Guid id, User rejectingUser);

9
src/Core/Services/Implementations/EmergencyAccessService.cs
View File

@ -189,9 +189,14 @@ namespace Bit.Core.Services
return emergencyAccess;
}
public async Task SaveAsync(EmergencyAccess emergencyAccess, Guid savingUserId)
public async Task SaveAsync(EmergencyAccess emergencyAccess, User savingUser)
{
if (emergencyAccess.GrantorId != savingUserId)
if (!await _userService.CanAccessPremium(savingUser))
{
throw new BadRequestException("Not a premium user.");
}
if (emergencyAccess.GrantorId != savingUser.Id)
{
throw new BadRequestException("Emergency Access not valid.");
}

26
test/Core.Test/Services/EmergencyAccessServiceTests.cs
View File

@ -15,6 +15,26 @@ namespace Bit.Core.Test.Services
{
public class EmergencyAccessServiceTests
{
[Theory, CustomAutoData(typeof(SutProviderCustomization))]
public async Task SaveAsync_PremiumCannotUpdate(
SutProvider<EmergencyAccessService> sutProvider, User savingUser)
{
savingUser.Premium = false;
var emergencyAccess = new EmergencyAccess
{
Type = Enums.EmergencyAccessType.Takeover,
GrantorId = savingUser.Id,
};
sutProvider.GetDependency<IUserService>().GetUserByIdAsync(savingUser.Id).Returns(savingUser);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.SaveAsync(emergencyAccess, savingUser));
Assert.Contains("Not a premium user.", exception.Message);
await sutProvider.GetDependency<IEmergencyAccessRepository>().DidNotReceiveWithAnyArgs().ReplaceAsync(default);
}
[Theory, CustomAutoData(typeof(SutProviderCustomization))]
public async Task InviteAsync_UserWithKeyConnectorCannotUseTakeover(
SutProvider<EmergencyAccessService> sutProvider, User invitingUser, string email, int waitTime)
@ -62,10 +82,12 @@ namespace Bit.Core.Test.Services
GrantorId = savingUser.Id,
};
sutProvider.GetDependency<IUserService>().GetUserByIdAsync(savingUser.Id).Returns(savingUser);
var userService = sutProvider.GetDependency<IUserService>();
userService.GetUserByIdAsync(savingUser.Id).Returns(savingUser);
userService.CanAccessPremium(savingUser).Returns(true);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.SaveAsync(emergencyAccess, savingUser.Id));
() => sutProvider.Sut.SaveAsync(emergencyAccess, savingUser));
Assert.Contains("You cannot use Emergency Access Takeover because you are using Key Connector", exception.Message);
await sutProvider.GetDependency<IEmergencyAccessRepository>().DidNotReceiveWithAnyArgs().ReplaceAsync(default);