diff --git a/test/Api.Test/Tools/Controllers/ImportCiphersControllerTests.cs b/test/Api.Test/Tools/Controllers/ImportCiphersControllerTests.cs index dcb7fa69cd..7306938fc3 100644 --- a/test/Api.Test/Tools/Controllers/ImportCiphersControllerTests.cs +++ b/test/Api.Test/Tools/Controllers/ImportCiphersControllerTests.cs @@ -2,6 +2,7 @@ using AutoFixture; using Bit.Api.Models.Request; using Bit.Api.Tools.Controllers; +using Bit.Api.Tools.Models.Request.Accounts; using Bit.Api.Tools.Models.Request.Organizations; using Bit.Api.Vault.AuthorizationHandlers.Collections; using Bit.Api.Vault.Models.Request; @@ -10,6 +11,7 @@ using Bit.Core.Entities; using Bit.Core.Exceptions; using Bit.Core.Repositories; using Bit.Core.Tools.ImportFeatures.Interfaces; +using Bit.Core.Vault.Entities; using Bit.Core.Vault.Models.Data; using Bit.Test.Common.AutoFixture; using Bit.Test.Common.AutoFixture.Attributes; @@ -29,58 +31,58 @@ public class ImportCiphersControllerTests /************************* * PostImport - Individual *************************/ - // [Theory, BitAutoData] - // public async Task PostImportIndividual_ImportCiphersRequestModel_BadRequestException(SutProvider sutProvider, IFixture fixture) - // { - // // Arrange - // sutProvider.GetDependency() - // .SelfHosted = false; - // var ciphers = fixture.CreateMany(7001).ToArray(); - // var model = new ImportCiphersRequestModel - // { - // Ciphers = ciphers, - // FolderRelationships = null, - // Folders = null - // }; + [Theory, BitAutoData] + public async Task PostImportIndividual_ImportCiphersRequestModel_BadRequestException(SutProvider sutProvider, IFixture fixture) + { + // Arrange + sutProvider.GetDependency() + .SelfHosted = false; + var ciphers = fixture.CreateMany(7001).ToArray(); + var model = new ImportCiphersRequestModel + { + Ciphers = ciphers, + FolderRelationships = null, + Folders = null + }; - // // Act - // var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.PostImport(model)); + // Act + var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.PostImport(model)); - // // Assert - // Assert.Equal("You cannot import this much data at once.", exception.Message); - // } + // Assert + Assert.Equal("You cannot import this much data at once.", exception.Message); + } - // [Theory, BitAutoData] - // public async Task PostImportIndividual_ImportCiphersRequestModel_Success(User user, - // IFixture fixture, SutProvider sutProvider) - // { - // // Arrange - // sutProvider.GetDependency() - // .SelfHosted = false; + [Theory, BitAutoData] + public async Task PostImportIndividual_ImportCiphersRequestModel_Success(User user, + IFixture fixture, SutProvider sutProvider) + { + // Arrange + sutProvider.GetDependency() + .SelfHosted = false; - // sutProvider.GetDependency() - // .GetProperUserId(Arg.Any()) - // .Returns(user.Id); + sutProvider.GetDependency() + .GetProperUserId(Arg.Any()) + .Returns(user.Id); - // var request = fixture.Build() - // .With(x => x.Ciphers, fixture.Build() - // .With(c => c.OrganizationId, Guid.NewGuid().ToString()) - // .With(c => c.FolderId, Guid.NewGuid().ToString()) - // .CreateMany(1).ToArray()) - // .Create(); + var request = fixture.Build() + .With(x => x.Ciphers, fixture.Build() + .With(c => c.OrganizationId, Guid.NewGuid().ToString()) + .With(c => c.FolderId, Guid.NewGuid().ToString()) + .CreateMany(1).ToArray()) + .Create(); - // // Act - // await sutProvider.Sut.PostImport(request); + // Act + await sutProvider.Sut.PostImport(request); - // // Assert - // await sutProvider.GetDependency() - // .Received() - // .ImportIntoIndividualVaultAsync( - // Arg.Any>(), - // Arg.Any>(), - // Arg.Any>>() - // ); - // } + // Assert + await sutProvider.GetDependency() + .Received() + .ImportIntoIndividualVaultAsync( + Arg.Any>(), + Arg.Any>(), + Arg.Any>>() + ); + } /**************************** * PostImport - Organization @@ -246,7 +248,7 @@ public class ImportCiphersControllerTests } [Theory, BitAutoData] - public async Task PostImportOrganization_WithExistingCollectionsAndWithoutImportCiphersPermissions_NotFoundException( + public async Task PostImportOrganization_WithExistingCollectionsAndWithoutImportCiphersPermissions_ThrowsException( SutProvider sutProvider, IFixture fixture, User user) @@ -258,9 +260,7 @@ public class ImportCiphersControllerTests sutProvider.GetDependency().SelfHosted = false; - sutProvider.GetDependency() - .GetProperUserId(Arg.Any()) - .Returns(user.Id); + SetupUserService(sutProvider, user); var request = fixture.Build() .With(x => x.Ciphers, fixture.Build() @@ -306,7 +306,7 @@ public class ImportCiphersControllerTests } [Theory, BitAutoData] - public async Task PostImportOrganization_WithoutCreatePermissions_NotFoundException( + public async Task PostImportOrganization_WithoutCreatePermissions_ThrowsException( SutProvider sutProvider, IFixture fixture, User user) @@ -367,22 +367,21 @@ public class ImportCiphersControllerTests [Theory, BitAutoData] public async Task PostImportOrganization_CanCreateChildCollectionsWithCreateAndImportPermissionsAsync( - SutProvider sutProvider, - IFixture fixture, - User user) + SutProvider sutProvider, + IFixture fixture, + User user) { // Arrange var orgId = Guid.NewGuid(); sutProvider.GetDependency().SelfHosted = false; - sutProvider.GetDependency() - .GetProperUserId(Arg.Any()) - .Returns(user.Id); + SetupUserService(sutProvider, user); // Create new collections var newCollections = fixture.Build() .CreateMany(2).ToArray(); + // define existing collections var existingCollections = fixture.CreateMany(2).ToArray(); @@ -425,9 +424,8 @@ public class ImportCiphersControllerTests .ToList()); // Act - // User import consists of new and existing collections + // User imports into collections and creates new collections // User has ImportCiphers and Create ciphers permission - // expected to be successful. await sutProvider.Sut.PostImport(orgId.ToString(), request); // Assert @@ -451,13 +449,12 @@ public class ImportCiphersControllerTests sutProvider.GetDependency().SelfHosted = false; - sutProvider.GetDependency() - .GetProperUserId(Arg.Any()) - .Returns(user.Id); + SetupUserService(sutProvider, user); // Create new collections var newCollections = fixture.Build() .CreateMany(2).ToArray(); + // define existing collections var existingCollections = fixture.CreateMany(2).ToArray(); @@ -500,9 +497,8 @@ public class ImportCiphersControllerTests .ToList()); // Act - // User import consists of new and existing collections - // User has ImportCiphers and Create ciphers permission - // expected to throw an error + // User imports into an existing collection and creates new collections + // User has ImportCiphers permission only and doesn't have Create permission var exception = await Assert.ThrowsAsync(async () => { await sutProvider.Sut.PostImport(orgId.ToString(), request); @@ -520,7 +516,7 @@ public class ImportCiphersControllerTests } [Theory, BitAutoData] - public async Task PostImportOrganization_NoNewCollectionsBeingImportedSoOnlyImportPermissionNeededAsync( + public async Task PostImportOrganization_ImportIntoNewCollectionWithCreatePermissionsOnlyAsync( SutProvider sutProvider, IFixture fixture, User user) @@ -532,6 +528,76 @@ public class ImportCiphersControllerTests SetupUserService(sutProvider, user); // Create new collections + var newCollections = fixture.CreateMany(1).ToArray(); + + // Define existing collections + var existingCollections = new List(); + + // Import model includes new and existing collection + var request = new ImportOrganizationCiphersRequestModel + { + Collections = newCollections.Concat(existingCollections).ToArray(), + Ciphers = fixture.Build() + .With(_ => _.OrganizationId, orgId.ToString()) + .With(_ => _.FolderId, Guid.NewGuid().ToString()) + .CreateMany(2).ToArray(), + CollectionRelationships = new List>().ToArray(), + }; + + // AccessImportExport permission - false + sutProvider.GetDependency() + .AccessImportExport(Arg.Any()) + .Returns(false); + + // BulkCollectionOperations.ImportCiphers permission - FALSE + sutProvider.GetDependency() + .AuthorizeAsync(Arg.Any(), + Arg.Any>(), + Arg.Is>(reqs => + reqs.Contains(BulkCollectionOperations.ImportCiphers))) + .Returns(AuthorizationResult.Failed()); + + // BulkCollectionOperations.Create permission - TRUE + sutProvider.GetDependency() + .AuthorizeAsync(Arg.Any(), + Arg.Any>(), + Arg.Is>(reqs => + reqs.Contains(BulkCollectionOperations.Create))) + .Returns(AuthorizationResult.Success()); + + sutProvider.GetDependency() + .GetManyByOrganizationIdAsync(orgId) + .Returns(new List()); + + // Act + // User imports/creates a new collection - existing collections not affected + // User has create permissions and doesn't need import permissions + await sutProvider.Sut.PostImport(orgId.ToString(), request); + + // Assert + await sutProvider.GetDependency() + .Received(1) + .ImportIntoOrganizationalVaultAsync( + Arg.Any>(), + Arg.Any>(), + Arg.Any>>(), + Arg.Any()); + } + + [Theory, BitAutoData] + public async Task PostImportOrganization_ImportIntoExistingCollectionWithImportPermissionsOnlySuccessAsync( + SutProvider sutProvider, + IFixture fixture, + User user) + { + // Arrange + var orgId = Guid.NewGuid(); + + sutProvider.GetDependency().SelfHosted = false; + + SetupUserService(sutProvider, user); + + // No new collections var newCollections = new List(); // Define existing collections @@ -576,9 +642,73 @@ public class ImportCiphersControllerTests .ToList()); // Act - // User import consists of new and existing collections - // User has ImportCiphers and Create ciphers permission - // expected to throw an error + // User import into existing collection + // User has ImportCiphers permission only and doesn't need create permission + await sutProvider.Sut.PostImport(orgId.ToString(), request); + + // Assert + await sutProvider.GetDependency() + .Received(1) + .ImportIntoOrganizationalVaultAsync( + Arg.Any>(), + Arg.Any>(), + Arg.Any>>(), + Arg.Any()); + } + + [Theory, BitAutoData] + public async Task PostImportOrganization_ImportWithNoCollectionsWithCreatePermissionsOnlySuccessAsync( + SutProvider sutProvider, + IFixture fixture, + User user) + { + // Arrange + var orgId = Guid.NewGuid(); + + sutProvider.GetDependency().SelfHosted = false; + + SetupUserService(sutProvider, user); + + // Import model includes new and existing collection + var request = new ImportOrganizationCiphersRequestModel + { + Collections = new List().ToArray(), // No collections + Ciphers = fixture.Build() + .With(_ => _.OrganizationId, orgId.ToString()) + .With(_ => _.FolderId, Guid.NewGuid().ToString()) + .CreateMany(2).ToArray(), + CollectionRelationships = new List>().ToArray(), + }; + + // AccessImportExport permission - false + sutProvider.GetDependency() + .AccessImportExport(Arg.Any()) + .Returns(false); + + // BulkCollectionOperations.ImportCiphers permission - false + sutProvider.GetDependency() + .AuthorizeAsync(Arg.Any(), + Arg.Any>(), + Arg.Is>(reqs => + reqs.Contains(BulkCollectionOperations.ImportCiphers))) + .Returns(AuthorizationResult.Failed()); + + // BulkCollectionOperations.Create permission - TRUE + sutProvider.GetDependency() + .AuthorizeAsync(Arg.Any(), + Arg.Any>(), + Arg.Is>(reqs => + reqs.Contains(BulkCollectionOperations.Create))) + .Returns(AuthorizationResult.Success()); + + sutProvider.GetDependency() + .GetManyByOrganizationIdAsync(orgId) + .Returns(new List()); + + // Act + // import ciphers only and no collections + // User has Create permissions + // expected to be successful await sutProvider.Sut.PostImport(orgId.ToString(), request); // Assert @@ -593,6 +723,10 @@ public class ImportCiphersControllerTests private static void SetupUserService(SutProvider sutProvider, User user) { + // This is a workaround for the NSubstitute issue with ambiguous arguments + // when using Arg.Any() in the GetProperUserId method + // It clears the previous calls to the userService and sets up a new call + // with the same argument var userService = sutProvider.GetDependency(); try {