Ac/pm 18240 implement policy requirement for reset password policy (#5521)

* wip * fix test * fix test * refactor * fix factory method and tests * cleanup * refactor * update copy * cleanup
2025-06-30 15:42:48 -05:00 · 2025-03-21 10:07:55 -04:00
parent 5d549402c7
commit c7c6528faa
8 changed files with 277 additions and 10 deletions
--- a/test/Api.Test/AdminConsole/Controllers/OrganizationsControllerTests.cs
+++ b/test/Api.Test/AdminConsole/Controllers/OrganizationsControllerTests.cs
@ -4,12 +4,15 @@ using Bit.Api.AdminConsole.Controllers;
 using Bit.Api.Auth.Models.Request.Accounts;
 using Bit.Core;
 using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.Enums;
 using Bit.Core.AdminConsole.Enums.Provider;
 using Bit.Core.AdminConsole.Models.Business.Tokenables;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationApiKeys.Interfaces;
 using Bit.Core.AdminConsole.OrganizationFeatures.Organizations;
 using Bit.Core.AdminConsole.OrganizationFeatures.Organizations.Interfaces;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
 using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Auth.Entities;
 using Bit.Core.Auth.Enums;
@ -55,6 +58,7 @@ public class OrganizationsControllerTests : IDisposable
    private readonly IRemoveOrganizationUserCommand _removeOrganizationUserCommand;
    private readonly ICloudOrganizationSignUpCommand _cloudOrganizationSignUpCommand;
    private readonly IOrganizationDeleteCommand _organizationDeleteCommand;
+    private readonly IPolicyRequirementQuery _policyRequirementQuery;
    private readonly IPricingClient _pricingClient;
    private readonly OrganizationsController _sut;

@ -80,6 +84,7 @@ public class OrganizationsControllerTests : IDisposable
        _removeOrganizationUserCommand = Substitute.For<IRemoveOrganizationUserCommand>();
        _cloudOrganizationSignUpCommand = Substitute.For<ICloudOrganizationSignUpCommand>();
        _organizationDeleteCommand = Substitute.For<IOrganizationDeleteCommand>();
+        _policyRequirementQuery = Substitute.For<IPolicyRequirementQuery>();
        _pricingClient = Substitute.For<IPricingClient>();

        _sut = new OrganizationsController(
@ -103,6 +108,7 @@ public class OrganizationsControllerTests : IDisposable
            _removeOrganizationUserCommand,
            _cloudOrganizationSignUpCommand,
            _organizationDeleteCommand,
+            _policyRequirementQuery,
            _pricingClient);
    }

@ -236,4 +242,55 @@ public class OrganizationsControllerTests : IDisposable

        await _organizationDeleteCommand.Received(1).DeleteAsync(organization);
    }
+
+    [Theory, AutoData]
+    public async Task GetAutoEnrollStatus_WithPolicyRequirementsEnabled_ReturnsOrganizationAutoEnrollStatus_WithResetPasswordEnabledTrue(
+        User user,
+        Organization organization,
+        OrganizationUser organizationUser
+    )
+    {
+        var policyRequirement = new ResetPasswordPolicyRequirement() { AutoEnrollOrganizations = [organization.Id] };
+
+        _userService.GetUserByPrincipalAsync(Arg.Any<ClaimsPrincipal>()).Returns(user);
+        _organizationRepository.GetByIdentifierAsync(organization.Id.ToString()).Returns(organization);
+        _featureService.IsEnabled(FeatureFlagKeys.PolicyRequirements).Returns(true);
+        _organizationUserRepository.GetByOrganizationAsync(organization.Id, user.Id).Returns(organizationUser);
+        _policyRequirementQuery.GetAsync<ResetPasswordPolicyRequirement>(user.Id).Returns(policyRequirement);
+
+        var result = await _sut.GetAutoEnrollStatus(organization.Id.ToString());
+
+        await _userService.Received(1).GetUserByPrincipalAsync(Arg.Any<ClaimsPrincipal>());
+        await _organizationRepository.Received(1).GetByIdentifierAsync(organization.Id.ToString());
+        await _policyRequirementQuery.Received(1).GetAsync<ResetPasswordPolicyRequirement>(user.Id);
+
+        Assert.True(result.ResetPasswordEnabled);
+        Assert.Equal(result.Id, organization.Id);
+    }
+
+    [Theory, AutoData]
+    public async Task GetAutoEnrollStatus_WithPolicyRequirementsDisabled_ReturnsOrganizationAutoEnrollStatus_WithResetPasswordEnabledTrue(
+    User user,
+    Organization organization,
+    OrganizationUser organizationUser
+)
+    {
+
+        var policy = new Policy() { Type = PolicyType.ResetPassword, Enabled = true, Data = "{\"AutoEnrollEnabled\": true}", OrganizationId = organization.Id };
+
+        _userService.GetUserByPrincipalAsync(Arg.Any<ClaimsPrincipal>()).Returns(user);
+        _organizationRepository.GetByIdentifierAsync(organization.Id.ToString()).Returns(organization);
+        _featureService.IsEnabled(FeatureFlagKeys.PolicyRequirements).Returns(false);
+        _organizationUserRepository.GetByOrganizationAsync(organization.Id, user.Id).Returns(organizationUser);
+        _policyRepository.GetByOrganizationIdTypeAsync(organization.Id, PolicyType.ResetPassword).Returns(policy);
+
+        var result = await _sut.GetAutoEnrollStatus(organization.Id.ToString());
+
+        await _userService.Received(1).GetUserByPrincipalAsync(Arg.Any<ClaimsPrincipal>());
+        await _organizationRepository.Received(1).GetByIdentifierAsync(organization.Id.ToString());
+        await _policyRequirementQuery.Received(0).GetAsync<ResetPasswordPolicyRequirement>(user.Id);
+        await _policyRepository.Received(1).GetByOrganizationIdTypeAsync(organization.Id, PolicyType.ResetPassword);
+
+        Assert.True(result.ResetPasswordEnabled);
+    }
 }