nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-01 16:12:49 -05:00
Code Activity

Block MSPs from creating orgs with SM

Browse Source
This commit is contained in:
Thomas Rittson
2023-08-31 15:19:31 +10:00
parent ba53208c93
commit 75fe220970
2 changed files with 38 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/Core/OrganizationFeatures/OrganizationSubscriptions/AddSecretsManagerSubscriptionCommand.cs
View File

@ -1,8 +1,10 @@
using Bit.Core.Entities; using Bit.Core.Entities;
using Bit.Core.Enums; using Bit.Core.Enums;
using Bit.Core.Enums.Provider;
using Bit.Core.Exceptions; using Bit.Core.Exceptions;
using Bit.Core.Models.Business; using Bit.Core.Models.Business;
using Bit.Core.OrganizationFeatures.OrganizationSubscriptions.Interface; using Bit.Core.OrganizationFeatures.OrganizationSubscriptions.Interface;
using Bit.Core.Repositories;
using Bit.Core.Services; using Bit.Core.Services;
using Bit.Core.Utilities; using Bit.Core.Utilities;
@ -12,17 +14,21 @@ public class AddSecretsManagerSubscriptionCommand : IAddSecretsManagerSubscripti
{ {
private readonly IPaymentService _paymentService; private readonly IPaymentService _paymentService;
private readonly IOrganizationService _organizationService; private readonly IOrganizationService _organizationService;
private readonly IProviderRepository _providerRepository;
public AddSecretsManagerSubscriptionCommand( public AddSecretsManagerSubscriptionCommand(
IPaymentService paymentService, IPaymentService paymentService,
IOrganizationService organizationService) IOrganizationService organizationService,
IProviderRepository providerRepository)
{ {
_paymentService = paymentService; _paymentService = paymentService;
_organizationService = organizationService; _organizationService = organizationService;
_providerRepository = providerRepository;
} }
public async Task SignUpAsync(Organization organization, int additionalSmSeats, public async Task SignUpAsync(Organization organization, int additionalSmSeats,
int additionalServiceAccounts) int additionalServiceAccounts)
{ {
ValidateOrganization(organization); await ValidateOrganization(organization);
var plan = StaticStore.GetSecretsManagerPlan(organization.PlanType); var plan = StaticStore.GetSecretsManagerPlan(organization.PlanType);
var signup = SetOrganizationUpgrade(organization, additionalSmSeats, additionalServiceAccounts); var signup = SetOrganizationUpgrade(organization, additionalSmSeats, additionalServiceAccounts);
@ -55,7 +61,7 @@ public class AddSecretsManagerSubscriptionCommand : IAddSecretsManagerSubscripti
return signup; return signup;
} }
private static void ValidateOrganization(Organization organization) private async Task ValidateOrganization(Organization organization)
{ {
if (organization == null) if (organization == null)
{ {
@ -83,5 +89,12 @@ public class AddSecretsManagerSubscriptionCommand : IAddSecretsManagerSubscripti
{ {
throw new BadRequestException("No subscription found."); throw new BadRequestException("No subscription found.");
} }
var provider = await _providerRepository.GetByOrganizationIdAsync(organization.Id);
if (provider is { Type: ProviderType.Msp })
{
throw new BadRequestException(
"Organizations with a Managed Service Provider do not support Secrets Manager.");
}
} }
} }

22
test/Core.Test/OrganizationFeatures/OrganizationSubscriptionUpdate/AddSecretsManagerSubscriptionCommandTests.cs
View File

@ -1,9 +1,12 @@
using Bit.Core.Entities; using Bit.Core.Entities;
using Bit.Core.Entities.Provider;
using Bit.Core.Enums; using Bit.Core.Enums;
using Bit.Core.Enums.Provider;
using Bit.Core.Exceptions; using Bit.Core.Exceptions;
using Bit.Core.Models.Business; using Bit.Core.Models.Business;
using Bit.Core.Models.StaticStore; using Bit.Core.Models.StaticStore;
using Bit.Core.OrganizationFeatures.OrganizationSubscriptions; using Bit.Core.OrganizationFeatures.OrganizationSubscriptions;
using Bit.Core.Repositories;
using Bit.Core.Services; using Bit.Core.Services;
using Bit.Core.Utilities; using Bit.Core.Utilities;
using Bit.Test.Common.AutoFixture; using Bit.Test.Common.AutoFixture;
@ -127,6 +130,25 @@ public class AddSecretsManagerSubscriptionCommandTests
await VerifyDependencyNotCalledAsync(sutProvider); await VerifyDependencyNotCalledAsync(sutProvider);
} }
[Theory]
[BitAutoData]
public async Task SignUpAsync_ThrowsException_WhenOrganizationIsManagedByMSP(
SutProvider<AddSecretsManagerSubscriptionCommand> sutProvider,
Organization organization,
Provider provider)
{
organization.UseSecretsManager = false;
organization.SecretsManagerBeta = false;
provider.Type = ProviderType.Msp;
sutProvider.GetDependency<IProviderRepository>().GetByOrganizationIdAsync(organization.Id).Returns(provider);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.SignUpAsync(organization, 10, 10));
Assert.Contains("Organizations with a Managed Service Provider do not support Secrets Manager.", exception.Message);
await VerifyDependencyNotCalledAsync(sutProvider);
}
private static async Task VerifyDependencyNotCalledAsync(SutProvider<AddSecretsManagerSubscriptionCommand> sutProvider) private static async Task VerifyDependencyNotCalledAsync(SutProvider<AddSecretsManagerSubscriptionCommand> sutProvider)
{ {
await sutProvider.GetDependency<IPaymentService>().DidNotReceive() await sutProvider.GetDependency<IPaymentService>().DidNotReceive()