[AC-1435] Single Organization policy prerequisite for Account Recovery policy (#3082)

* [AC-1435] Automatically enable Single Org policy when selecting TDE * [AC-1435] Add test for automatic policy enablement * [AC-1435] Prevent disabling single org when account recovery is enabled * [AC-1435] Require Single Org policy when enabling Account recovery * [AC-1435] Add unit test to check for account recovery policy when attempting to disable single org * [AC-1435] Add test to verify single org policy is enabled for account recovery policy * [AC-1435] Fix failing test
2025-06-30 15:42:48 -05:00 · 2023-07-18 08:00:49 -07:00
parent fe570cb6c8
commit a095e02e86
4 changed files with 129 additions and 1 deletions
--- a/test/Core.Test/Auth/Services/SsoConfigServiceTests.cs
+++ b/test/Core.Test/Auth/Services/SsoConfigServiceTests.cs
@ -6,7 +6,9 @@ using Bit.Core.Auth.Services;
 using Bit.Core.Entities;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Data.Organizations.OrganizationUsers;
+using Bit.Core.Models.Data.Organizations.Policies;
 using Bit.Core.Repositories;
+using Bit.Core.Services;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
 using NSubstitute;
@ -317,4 +319,40 @@ public class SsoConfigServiceTests
        await sutProvider.GetDependency<ISsoConfigRepository>().ReceivedWithAnyArgs()
            .UpsertAsync(default);
    }
+
+    [Theory, BitAutoData]
+    public async Task SaveAsync_Tde_Enable_Required_Policies(SutProvider<SsoConfigService> sutProvider, Organization organization)
+    {
+        var ssoConfig = new SsoConfig
+        {
+            Id = default,
+            Data = new SsoConfigurationData
+            {
+                MemberDecryptionType = MemberDecryptionType.TrustedDeviceEncryption,
+            }.Serialize(),
+            Enabled = true,
+            OrganizationId = organization.Id,
+        };
+
+        await sutProvider.Sut.SaveAsync(ssoConfig, organization);
+
+        await sutProvider.GetDependency<IPolicyService>().Received(1)
+            .SaveAsync(
+                Arg.Is<Policy>(t => t.Type == Enums.PolicyType.SingleOrg),
+                Arg.Any<IUserService>(),
+                Arg.Any<IOrganizationService>(),
+                null
+            );
+
+        await sutProvider.GetDependency<IPolicyService>().Received(1)
+            .SaveAsync(
+                Arg.Is<Policy>(t => t.Type == Enums.PolicyType.ResetPassword && t.GetDataModel<ResetPasswordDataModel>().AutoEnrollEnabled),
+                Arg.Any<IUserService>(),
+                Arg.Any<IOrganizationService>(),
+                null
+            );
+
+        await sutProvider.GetDependency<ISsoConfigRepository>().ReceivedWithAnyArgs()
+            .UpsertAsync(default);
+    }
 }