Organization Service permission refactor fix (#1432)

2025-04-05 05:00:19 -05:00 · 2021-07-07 17:08:18 +02:00 · 2021-07-07 17:08:18 +02:00 · 8f0ef49d7f
commit 8f0ef49d7f
parent 898c7baf89
2 changed files with 43 additions and 1 deletions
--- a/src/Core/Services/Implementations/OrganizationService.cs
+++ b/src/Core/Services/Implementations/OrganizationService.cs
@ -1961,7 +1961,7 @@ namespace Bit.Core.Services

        public async Task<Organization> UpdateOrganizationKeysAsync(Guid orgId, string publicKey, string privateKey)
        {
-            if (_currentContext.ManageResetPassword(orgId))
+            if (!_currentContext.ManageResetPassword(orgId))
            {
                throw new UnauthorizedAccessException();
            }
--- a/test/Core.Test/Services/OrganizationServiceTests.cs
+++ b/test/Core.Test/Services/OrganizationServiceTests.cs
@ -699,5 +699,47 @@ namespace Bit.Core.Test.Services
            Assert.Contains("User does not have two-step login enabled.", result[1].Item2);
            Assert.Contains("User is a member of another organization.", result[2].Item2);
        }
+
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task UpdateOrganizationKeysAsync_WithoutManageResetPassword_Throws(Guid orgId, string publicKey,
+            string privateKey, SutProvider<OrganizationService> sutProvider)
+        {
+            var currentContext = Substitute.For<ICurrentContext>();
+            currentContext.ManageResetPassword(orgId).Returns(false);
+
+            await Assert.ThrowsAsync<UnauthorizedAccessException>(
+                () => sutProvider.Sut.UpdateOrganizationKeysAsync(orgId, publicKey, privateKey));
+        }
+
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task UpdateOrganizationKeysAsync_KeysAlreadySet_Throws(Organization org, string publicKey,
+            string privateKey, SutProvider<OrganizationService> sutProvider)
+        {
+            var currentContext = sutProvider.GetDependency<ICurrentContext>();
+            currentContext.ManageResetPassword(org.Id).Returns(true);
+
+            var organizationRepository = sutProvider.GetDependency<IOrganizationRepository>();
+            organizationRepository.GetByIdAsync(org.Id).Returns(org);
+
+            var exception = await Assert.ThrowsAsync<BadRequestException>(
+                () => sutProvider.Sut.UpdateOrganizationKeysAsync(org.Id, publicKey, privateKey));
+            Assert.Contains("Organization Keys already exist", exception.Message);
+        }
+
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task UpdateOrganizationKeysAsync_KeysAlreadySet_Success(Organization org, string publicKey,
+            string privateKey, SutProvider<OrganizationService> sutProvider)
+        {
+            org.PublicKey = null;
+            org.PrivateKey = null;
+
+            var currentContext = sutProvider.GetDependency<ICurrentContext>();
+            currentContext.ManageResetPassword(org.Id).Returns(true);
+
+            var organizationRepository = sutProvider.GetDependency<IOrganizationRepository>();
+            organizationRepository.GetByIdAsync(org.Id).Returns(org);
+
+            await sutProvider.Sut.UpdateOrganizationKeysAsync(org.Id, publicKey, privateKey);
+        }
    }
 }