Organization Service permission refactor fix (#1432)

2025-04-05 21:18:13 -05:00 · 2021-07-07 17:08:18 +02:00 · 2021-07-07 17:08:18 +02:00 · 8f0ef49d7f
commit 8f0ef49d7f
parent 898c7baf89
2 changed files with 43 additions and 1 deletions
--- a/src/Core/Services/Implementations/OrganizationService.cs
+++ b/src/Core/Services/Implementations/OrganizationService.cs
@ -1961,7 +1961,7 @@ namespace Bit.Core.Services
        public async Task<Organization> UpdateOrganizationKeysAsync(Guid orgId, string publicKey, string privateKey)
        {
-            if (_currentContext.ManageResetPassword(orgId))
+            if (!_currentContext.ManageResetPassword(orgId))
            {
                throw new UnauthorizedAccessException();
            }
--- a/test/Core.Test/Services/OrganizationServiceTests.cs
+++ b/test/Core.Test/Services/OrganizationServiceTests.cs
@ -699,5 +699,47 @@ namespace Bit.Core.Test.Services
            Assert.Contains("User does not have two-step login enabled.", result[1].Item2);
            Assert.Contains("User is a member of another organization.", result[2].Item2);
        }
        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
        public async Task UpdateOrganizationKeysAsync_WithoutManageResetPassword_Throws(Guid orgId, string publicKey,
            string privateKey, SutProvider<OrganizationService> sutProvider)
        {
            var currentContext = Substitute.For<ICurrentContext>();
            currentContext.ManageResetPassword(orgId).Returns(false);
            await Assert.ThrowsAsync<UnauthorizedAccessException>(
                () => sutProvider.Sut.UpdateOrganizationKeysAsync(orgId, publicKey, privateKey));
        }
        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
        public async Task UpdateOrganizationKeysAsync_KeysAlreadySet_Throws(Organization org, string publicKey,
            string privateKey, SutProvider<OrganizationService> sutProvider)
        {
            var currentContext = sutProvider.GetDependency<ICurrentContext>();
            currentContext.ManageResetPassword(org.Id).Returns(true);
            var organizationRepository = sutProvider.GetDependency<IOrganizationRepository>();
            organizationRepository.GetByIdAsync(org.Id).Returns(org);
            var exception = await Assert.ThrowsAsync<BadRequestException>(
                () => sutProvider.Sut.UpdateOrganizationKeysAsync(org.Id, publicKey, privateKey));
            Assert.Contains("Organization Keys already exist", exception.Message);
        }
        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
        public async Task UpdateOrganizationKeysAsync_KeysAlreadySet_Success(Organization org, string publicKey,
            string privateKey, SutProvider<OrganizationService> sutProvider)
        {
            org.PublicKey = null;
            org.PrivateKey = null;
            var currentContext = sutProvider.GetDependency<ICurrentContext>();
            currentContext.ManageResetPassword(org.Id).Returns(true);
            var organizationRepository = sutProvider.GetDependency<IOrganizationRepository>();
            organizationRepository.GetByIdAsync(org.Id).Returns(org);
            await sutProvider.Sut.UpdateOrganizationKeysAsync(org.Id, publicKey, privateKey);
        }
    }
 }