[Key Connector] Fix policy checks and other pre-reqs (#1711)

* Require SSO Policy to enable Key Connector * Require that SSO is enabled to use Key Connector * Fix error messages "Key Connector" instead of "KeyConnector" * Refactor dependent policy checks to handle expansion * Block disabling Sso Policy if using Key Connector * Update tests for policies required by Key Connector * Fix tests * Add test for Key Connector to require Sso Policy * Add test: Sso config must be enabled to use Key Connector
2025-06-30 07:36:14 -05:00 · 2021-11-15 19:25:10 +10:00
parent f1c41257b3
commit c2975b003d
4 changed files with 134 additions and 33 deletions
--- a/test/Core.Test/Services/PolicyServiceTests.cs
+++ b/test/Core.Test/Services/PolicyServiceTests.cs
@ -126,12 +126,16 @@ namespace Bit.Core.Test.Services
                .UpsertAsync(default);
        }

-        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
-        public async Task SaveAsync_SingleOrg_KeyConnectorEnabled_ThrowsBadRequest(
-            [PolicyFixtures.Policy(Enums.PolicyType.SingleOrg)] Core.Models.Table.Policy policy,
+        [Theory]
+        [InlineCustomAutoData(new[] { typeof(SutProviderCustomization) }, Enums.PolicyType.SingleOrg)]
+        [InlineCustomAutoData(new[] { typeof(SutProviderCustomization) }, Enums.PolicyType.RequireSso)]
+        public async Task SaveAsync_PolicyRequiredByKeyConnector_DisablePolicy_ThrowsBadRequest(
+            Enums.PolicyType policyType,
+            Policy policy,
            SutProvider<PolicyService> sutProvider)
        {
            policy.Enabled = false;
+            policy.Type = policyType;

            SetupOrg(sutProvider, policy.OrganizationId, new Organization
            {
@ -153,7 +157,7 @@ namespace Bit.Core.Test.Services
                    Substitute.For<IOrganizationService>(),
                    Guid.NewGuid()));

-            Assert.Contains("KeyConnector is enabled.", badRequestException.Message, StringComparison.OrdinalIgnoreCase);
+            Assert.Contains("Key Connector is enabled.", badRequestException.Message, StringComparison.OrdinalIgnoreCase);

            await sutProvider.GetDependency<IPolicyRepository>()
                .DidNotReceiveWithAnyArgs()
--- a/test/Core.Test/Services/SsoConfigServiceTests.cs
+++ b/test/Core.Test/Services/SsoConfigServiceTests.cs
@ -145,7 +145,7 @@ namespace Bit.Core.Test.Services
        }

        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
-        public async Task SaveAsync_KeyConnector_SingleOrgNotEnabled(SutProvider<SsoConfigService> sutProvider)
+        public async Task SaveAsync_KeyConnector_SingleOrgNotEnabled_Throws(SutProvider<SsoConfigService> sutProvider)
        {
            var utcNow = DateTime.UtcNow;

@ -162,7 +162,67 @@ namespace Bit.Core.Test.Services
            var exception = await Assert.ThrowsAsync<BadRequestException>(
                () => sutProvider.Sut.SaveAsync(ssoConfig));

-            Assert.Contains("KeyConnector requires Single Organization to be enabled.", exception.Message);
+            Assert.Contains("Key Connector requires the Single Organization policy to be enabled.", exception.Message);
+
+            await sutProvider.GetDependency<ISsoConfigRepository>().DidNotReceiveWithAnyArgs()
+                .UpsertAsync(default);
+        }
+
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task SaveAsync_KeyConnector_SsoPolicyNotEnabled_Throws(SutProvider<SsoConfigService> sutProvider)
+        {
+            var utcNow = DateTime.UtcNow;
+
+            var ssoConfig = new SsoConfig
+            {
+                Id = default,
+                Data = "{\"useKeyConnector\": true}",
+                Enabled = true,
+                OrganizationId = Guid.NewGuid(),
+                CreationDate = utcNow.AddDays(-10),
+                RevisionDate = utcNow.AddDays(-10),
+            };
+
+            sutProvider.GetDependency<IPolicyRepository>().GetByOrganizationIdTypeAsync(
+                Arg.Any<Guid>(), Enums.PolicyType.SingleOrg).Returns(new Policy
+                {
+                    Enabled = true
+                });
+
+            var exception = await Assert.ThrowsAsync<BadRequestException>(
+                () => sutProvider.Sut.SaveAsync(ssoConfig));
+
+            Assert.Contains("Key Connector requires the Single Sign-On Authentication policy to be enabled.", exception.Message);
+
+            await sutProvider.GetDependency<ISsoConfigRepository>().DidNotReceiveWithAnyArgs()
+                .UpsertAsync(default);
+        }
+
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task SaveAsync_KeyConnector_SsoConfigNotEnabled_Throws(SutProvider<SsoConfigService> sutProvider)
+        {
+            var utcNow = DateTime.UtcNow;
+
+            var ssoConfig = new SsoConfig
+            {
+                Id = default,
+                Data = "{\"useKeyConnector\": true}",
+                Enabled = false,
+                OrganizationId = Guid.NewGuid(),
+                CreationDate = utcNow.AddDays(-10),
+                RevisionDate = utcNow.AddDays(-10),
+            };
+
+            sutProvider.GetDependency<IPolicyRepository>().GetByOrganizationIdTypeAsync(
+                Arg.Any<Guid>(), Arg.Any<Enums.PolicyType>()).Returns(new Policy
+                {
+                    Enabled = true
+                });
+
+            var exception = await Assert.ThrowsAsync<BadRequestException>(
+                () => sutProvider.Sut.SaveAsync(ssoConfig));
+
+            Assert.Contains("You must enable SSO to use Key Connector.", exception.Message);

            await sutProvider.GetDependency<ISsoConfigRepository>().DidNotReceiveWithAnyArgs()
                .UpsertAsync(default);