mirror of
https://github.com/bitwarden/server.git
synced 2025-04-05 05:00:19 -05:00
Merge branch 'main' into feature/phishing-detection
This commit is contained in:
Conner Turnbull
commit
ce36a0e478
23
.github/workflows/test-database.yml
vendored
23
.github/workflows/test-database.yml
vendored
@ -32,28 +32,9 @@ on:
|
||||
- "src/**/Entities/**/*.cs" # Database entity definitions
|
||||
|
||||
jobs:
|
||||
check-test-secrets:
|
||||
name: Check for test secrets
|
||||
runs-on: ubuntu-22.04
|
||||
outputs:
|
||||
available: ${{ steps.check-test-secrets.outputs.available }}
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
steps:
|
||||
- name: Check
|
||||
id: check-test-secrets
|
||||
run: |
|
||||
if [ "${{ secrets.CODECOV_TOKEN }}" != '' ]; then
|
||||
echo "available=true" >> $GITHUB_OUTPUT;
|
||||
else
|
||||
echo "available=false" >> $GITHUB_OUTPUT;
|
||||
fi
|
||||
|
||||
test:
|
||||
name: Run tests
|
||||
runs-on: ubuntu-22.04
|
||||
needs: check-test-secrets
|
||||
steps:
|
||||
- name: Check out repo
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
@ -166,8 +147,8 @@ jobs:
|
||||
run: 'docker logs $(docker ps --quiet --filter "name=mssql")'
|
||||
|
||||
- name: Report test results
|
||||
uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5 # v1.9.1
|
||||
if: ${{ needs.check-test-secrets.outputs.available == 'true' && !cancelled() }}
|
||||
uses: dorny/test-reporter@6e6a65b7a0bd2c9197df7d0ae36ac5cee784230c # v2.0.0
|
||||
if: ${{ github.event.pull_request.head.repo.full_name == github.repository && !cancelled() }}
|
||||
with:
|
||||
name: Test Results
|
||||
path: "**/*-test-results.trx"
|
||||
|
||||
23
.github/workflows/test.yml
vendored
23
.github/workflows/test.yml
vendored
@ -13,29 +13,10 @@ env:
|
||||
_AZ_REGISTRY: "bitwardenprod.azurecr.io"
|
||||
|
||||
jobs:
|
||||
check-test-secrets:
|
||||
name: Check for test secrets
|
||||
runs-on: ubuntu-22.04
|
||||
outputs:
|
||||
available: ${{ steps.check-test-secrets.outputs.available }}
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
steps:
|
||||
- name: Check
|
||||
id: check-test-secrets
|
||||
run: |
|
||||
if [ "${{ secrets.CODECOV_TOKEN }}" != '' ]; then
|
||||
echo "available=true" >> $GITHUB_OUTPUT;
|
||||
else
|
||||
echo "available=false" >> $GITHUB_OUTPUT;
|
||||
fi
|
||||
|
||||
testing:
|
||||
name: Run tests
|
||||
if: ${{ startsWith(github.head_ref, 'version_bump_') == false }}
|
||||
runs-on: ubuntu-22.04
|
||||
needs: check-test-secrets
|
||||
permissions:
|
||||
checks: write
|
||||
contents: read
|
||||
@ -68,8 +49,8 @@ jobs:
|
||||
run: dotnet test ./bitwarden_license/test --configuration Debug --logger "trx;LogFileName=bw-test-results.trx" /p:CoverletOutputFormatter="cobertura" --collect:"XPlat Code Coverage"
|
||||
|
||||
- name: Report test results
|
||||
uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5 # v1.9.1
|
||||
if: ${{ needs.check-test-secrets.outputs.available == 'true' && !cancelled() }}
|
||||
uses: dorny/test-reporter@6e6a65b7a0bd2c9197df7d0ae36ac5cee784230c # v2.0.0
|
||||
if: ${{ github.event.pull_request.head.repo.full_name == github.repository && !cancelled() }}
|
||||
with:
|
||||
name: Test Results
|
||||
path: "**/*-test-results.trx"
|
||||
|
||||
@ -11,6 +11,7 @@ using Bit.Core.AdminConsole.Services;
|
||||
using Bit.Core.Billing.Entities;
|
||||
using Bit.Core.Billing.Enums;
|
||||
using Bit.Core.Billing.Extensions;
|
||||
using Bit.Core.Billing.Pricing;
|
||||
using Bit.Core.Billing.Repositories;
|
||||
using Bit.Core.Billing.Services;
|
||||
using Bit.Core.Billing.Services.Contracts;
|
||||
@ -42,6 +43,7 @@ public class ProvidersController : Controller
|
||||
private readonly IFeatureService _featureService;
|
||||
private readonly IProviderPlanRepository _providerPlanRepository;
|
||||
private readonly IProviderBillingService _providerBillingService;
|
||||
private readonly IPricingClient _pricingClient;
|
||||
private readonly string _stripeUrl;
|
||||
private readonly string _braintreeMerchantUrl;
|
||||
private readonly string _braintreeMerchantId;
|
||||
@ -60,7 +62,8 @@ public class ProvidersController : Controller
|
||||
IFeatureService featureService,
|
||||
IProviderPlanRepository providerPlanRepository,
|
||||
IProviderBillingService providerBillingService,
|
||||
IWebHostEnvironment webHostEnvironment)
|
||||
IWebHostEnvironment webHostEnvironment,
|
||||
IPricingClient pricingClient)
|
||||
{
|
||||
_organizationRepository = organizationRepository;
|
||||
_organizationService = organizationService;
|
||||
@ -75,6 +78,7 @@ public class ProvidersController : Controller
|
||||
_featureService = featureService;
|
||||
_providerPlanRepository = providerPlanRepository;
|
||||
_providerBillingService = providerBillingService;
|
||||
_pricingClient = pricingClient;
|
||||
_stripeUrl = webHostEnvironment.GetStripeUrl();
|
||||
_braintreeMerchantUrl = webHostEnvironment.GetBraintreeMerchantUrl();
|
||||
_braintreeMerchantId = globalSettings.Braintree.MerchantId;
|
||||
@ -415,7 +419,9 @@ public class ProvidersController : Controller
|
||||
return RedirectToAction("Index");
|
||||
}
|
||||
|
||||
return View(new OrganizationEditModel(provider));
|
||||
var plans = await _pricingClient.ListPlans();
|
||||
|
||||
return View(new OrganizationEditModel(provider, plans));
|
||||
}
|
||||
|
||||
[HttpPost]
|
||||
|
||||
@ -22,13 +22,14 @@ public class OrganizationEditModel : OrganizationViewModel
|
||||
|
||||
public OrganizationEditModel() { }
|
||||
|
||||
public OrganizationEditModel(Provider provider)
|
||||
public OrganizationEditModel(Provider provider, List<Plan> plans)
|
||||
{
|
||||
Provider = provider;
|
||||
BillingEmail = provider.Type == ProviderType.Reseller ? provider.BillingEmail : string.Empty;
|
||||
PlanType = Core.Billing.Enums.PlanType.TeamsMonthly;
|
||||
Plan = Core.Billing.Enums.PlanType.TeamsMonthly.GetDisplayAttribute()?.GetName();
|
||||
LicenseKey = RandomLicenseKey;
|
||||
_plans = plans;
|
||||
}
|
||||
|
||||
public OrganizationEditModel(
|
||||
|
||||
@ -8,21 +8,25 @@ namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies.Implementations;
|
||||
|
||||
public class PolicyRequirementQuery(
|
||||
IPolicyRepository policyRepository,
|
||||
IEnumerable<RequirementFactory<IPolicyRequirement>> factories)
|
||||
IEnumerable<IPolicyRequirementFactory<IPolicyRequirement>> factories)
|
||||
: IPolicyRequirementQuery
|
||||
{
|
||||
public async Task<T> GetAsync<T>(Guid userId) where T : IPolicyRequirement
|
||||
{
|
||||
var factory = factories.OfType<RequirementFactory<T>>().SingleOrDefault();
|
||||
var factory = factories.OfType<IPolicyRequirementFactory<T>>().SingleOrDefault();
|
||||
if (factory is null)
|
||||
{
|
||||
throw new NotImplementedException("No Policy Requirement found for " + typeof(T));
|
||||
throw new NotImplementedException("No Requirement Factory found for " + typeof(T));
|
||||
}
|
||||
|
||||
return factory(await GetPolicyDetails(userId));
|
||||
var policyDetails = await GetPolicyDetails(userId);
|
||||
var filteredPolicies = policyDetails
|
||||
.Where(p => p.PolicyType == factory.PolicyType)
|
||||
.Where(factory.Enforce);
|
||||
var requirement = factory.Create(filteredPolicies);
|
||||
return requirement;
|
||||
}
|
||||
|
||||
private Task<IEnumerable<PolicyDetails>> GetPolicyDetails(Guid userId) =>
|
||||
policyRepository.GetPolicyDetailsByUserId(userId);
|
||||
private Task<IEnumerable<PolicyDetails>> GetPolicyDetails(Guid userId)
|
||||
=> policyRepository.GetPolicyDetailsByUserId(userId);
|
||||
}
|
||||
|
||||
|
||||
@ -0,0 +1,44 @@
|
||||
using Bit.Core.AdminConsole.Enums;
|
||||
using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
|
||||
using Bit.Core.Enums;
|
||||
|
||||
namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
|
||||
|
||||
/// <summary>
|
||||
/// A simple base implementation of <see cref="IPolicyRequirementFactory{T}"/> which will be suitable for most policies.
|
||||
/// It provides sensible defaults to help teams to implement their own Policy Requirements.
|
||||
/// </summary>
|
||||
/// <typeparam name="T"></typeparam>
|
||||
public abstract class BasePolicyRequirementFactory<T> : IPolicyRequirementFactory<T> where T : IPolicyRequirement
|
||||
{
|
||||
/// <summary>
|
||||
/// User roles that are exempt from policy enforcement.
|
||||
/// Owners and Admins are exempt by default but this may be overridden.
|
||||
/// </summary>
|
||||
protected virtual IEnumerable<OrganizationUserType> ExemptRoles { get; } =
|
||||
[OrganizationUserType.Owner, OrganizationUserType.Admin];
|
||||
|
||||
/// <summary>
|
||||
/// User statuses that are exempt from policy enforcement.
|
||||
/// Invited and Revoked users are exempt by default, which is appropriate in the majority of cases.
|
||||
/// </summary>
|
||||
protected virtual IEnumerable<OrganizationUserStatusType> ExemptStatuses { get; } =
|
||||
[OrganizationUserStatusType.Invited, OrganizationUserStatusType.Revoked];
|
||||
|
||||
/// <summary>
|
||||
/// Whether a Provider User for the organization is exempt from policy enforcement.
|
||||
/// Provider Users are exempt by default, which is appropriate in the majority of cases.
|
||||
/// </summary>
|
||||
protected virtual bool ExemptProviders { get; } = true;
|
||||
|
||||
/// <inheritdoc />
|
||||
public abstract PolicyType PolicyType { get; }
|
||||
|
||||
public bool Enforce(PolicyDetails policyDetails)
|
||||
=> !policyDetails.HasRole(ExemptRoles) &&
|
||||
!policyDetails.HasStatus(ExemptStatuses) &&
|
||||
(!policyDetails.IsProvider || !ExemptProviders);
|
||||
|
||||
/// <inheritdoc />
|
||||
public abstract T Create(IEnumerable<PolicyDetails> policyDetails);
|
||||
}
|
||||
@ -0,0 +1,27 @@
|
||||
using Bit.Core.AdminConsole.Enums;
|
||||
using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
|
||||
|
||||
namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
|
||||
|
||||
/// <summary>
|
||||
/// Policy requirements for the Disable Send policy.
|
||||
/// </summary>
|
||||
public class DisableSendPolicyRequirement : IPolicyRequirement
|
||||
{
|
||||
/// <summary>
|
||||
/// Indicates whether Send is disabled for the user. If true, the user should not be able to create or edit Sends.
|
||||
/// They may still delete existing Sends.
|
||||
/// </summary>
|
||||
public bool DisableSend { get; init; }
|
||||
}
|
||||
|
||||
public class DisableSendPolicyRequirementFactory : BasePolicyRequirementFactory<DisableSendPolicyRequirement>
|
||||
{
|
||||
public override PolicyType PolicyType => PolicyType.DisableSend;
|
||||
|
||||
public override DisableSendPolicyRequirement Create(IEnumerable<PolicyDetails> policyDetails)
|
||||
{
|
||||
var result = new DisableSendPolicyRequirement { DisableSend = policyDetails.Any() };
|
||||
return result;
|
||||
}
|
||||
}
|
||||
@ -1,24 +1,11 @@
|
||||
#nullable enable
|
||||
|
||||
using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
|
||||
using Bit.Core.AdminConsole.Entities;
|
||||
using Bit.Core.AdminConsole.Enums;
|
||||
|
||||
namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
|
||||
|
||||
/// <summary>
|
||||
/// Represents the business requirements of how one or more enterprise policies will be enforced against a user.
|
||||
/// The implementation of this interface will depend on how the policies are enforced in the relevant domain.
|
||||
/// An object that represents how a <see cref="PolicyType"/> will be enforced against a user.
|
||||
/// This acts as a bridge between the <see cref="Policy"/> entity saved to the database and the domain that the policy
|
||||
/// affects. You may represent the impact of the policy in any way that makes sense for the domain.
|
||||
/// </summary>
|
||||
public interface IPolicyRequirement;
|
||||
|
||||
/// <summary>
|
||||
/// A factory function that takes a sequence of <see cref="PolicyDetails"/> and transforms them into a single
|
||||
/// <see cref="IPolicyRequirement"/> for consumption by the relevant domain. This will receive *all* policy types
|
||||
/// that may be enforced against a user; when implementing this delegate, you must filter out irrelevant policy types
|
||||
/// as well as policies that should not be enforced against a user (e.g. due to the user's role or status).
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// See <see cref="PolicyRequirementHelpers"/> for extension methods to handle common requirements when implementing
|
||||
/// this delegate.
|
||||
/// </remarks>
|
||||
public delegate T RequirementFactory<out T>(IEnumerable<PolicyDetails> policyDetails)
|
||||
where T : IPolicyRequirement;
|
||||
|
||||
@ -0,0 +1,39 @@
|
||||
#nullable enable
|
||||
|
||||
using Bit.Core.AdminConsole.Enums;
|
||||
using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
|
||||
|
||||
namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
|
||||
|
||||
/// <summary>
|
||||
/// An interface that defines how to create a single <see cref="IPolicyRequirement"/> from a sequence of
|
||||
/// <see cref="PolicyDetails"/>.
|
||||
/// </summary>
|
||||
/// <typeparam name="T">The <see cref="IPolicyRequirement"/> that the factory produces.</typeparam>
|
||||
/// <remarks>
|
||||
/// See <see cref="BasePolicyRequirementFactory{T}"/> for a simple base implementation suitable for most policies.
|
||||
/// </remarks>
|
||||
public interface IPolicyRequirementFactory<out T> where T : IPolicyRequirement
|
||||
{
|
||||
/// <summary>
|
||||
/// The <see cref="PolicyType"/> that the requirement relates to.
|
||||
/// </summary>
|
||||
PolicyType PolicyType { get; }
|
||||
|
||||
/// <summary>
|
||||
/// A predicate that determines whether a policy should be enforced against the user.
|
||||
/// </summary>
|
||||
/// <remarks>Use this to exempt users based on their role, status or other attributes.</remarks>
|
||||
/// <param name="policyDetails">Policy details for the defined PolicyType.</param>
|
||||
/// <returns>True if the policy should be enforced against the user, false otherwise.</returns>
|
||||
bool Enforce(PolicyDetails policyDetails);
|
||||
|
||||
/// <summary>
|
||||
/// A reducer method that creates a single <see cref="IPolicyRequirement"/> from a set of PolicyDetails.
|
||||
/// </summary>
|
||||
/// <param name="policyDetails">
|
||||
/// PolicyDetails for the specified PolicyType, after they have been filtered by the Enforce predicate. That is,
|
||||
/// this is the final interface to be called.
|
||||
/// </param>
|
||||
T Create(IEnumerable<PolicyDetails> policyDetails);
|
||||
}
|
||||
@ -1,5 +1,4 @@
|
||||
using Bit.Core.AdminConsole.Enums;
|
||||
using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
|
||||
using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
|
||||
using Bit.Core.Enums;
|
||||
|
||||
namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
|
||||
@ -7,35 +6,16 @@ namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements
|
||||
public static class PolicyRequirementHelpers
|
||||
{
|
||||
/// <summary>
|
||||
/// Filters the PolicyDetails by PolicyType. This is generally required to only get the PolicyDetails that your
|
||||
/// IPolicyRequirement relates to.
|
||||
/// Returns true if the <see cref="PolicyDetails"/> is for one of the specified roles, false otherwise.
|
||||
/// </summary>
|
||||
public static IEnumerable<PolicyDetails> GetPolicyType(
|
||||
this IEnumerable<PolicyDetails> policyDetails,
|
||||
PolicyType type)
|
||||
=> policyDetails.Where(x => x.PolicyType == type);
|
||||
|
||||
/// <summary>
|
||||
/// Filters the PolicyDetails to remove the specified user roles. This can be used to exempt
|
||||
/// owners and admins from policy enforcement.
|
||||
/// </summary>
|
||||
public static IEnumerable<PolicyDetails> ExemptRoles(
|
||||
this IEnumerable<PolicyDetails> policyDetails,
|
||||
public static bool HasRole(
|
||||
this PolicyDetails policyDetails,
|
||||
IEnumerable<OrganizationUserType> roles)
|
||||
=> policyDetails.Where(x => !roles.Contains(x.OrganizationUserType));
|
||||
=> roles.Contains(policyDetails.OrganizationUserType);
|
||||
|
||||
/// <summary>
|
||||
/// Filters the PolicyDetails to remove organization users who are also provider users for the organization.
|
||||
/// This can be used to exempt provider users from policy enforcement.
|
||||
/// Returns true if the <see cref="PolicyDetails"/> relates to one of the specified statuses, false otherwise.
|
||||
/// </summary>
|
||||
public static IEnumerable<PolicyDetails> ExemptProviders(this IEnumerable<PolicyDetails> policyDetails)
|
||||
=> policyDetails.Where(x => !x.IsProvider);
|
||||
|
||||
/// <summary>
|
||||
/// Filters the PolicyDetails to remove the specified organization user statuses. For example, this can be used
|
||||
/// to exempt users in the invited and revoked statuses from policy enforcement.
|
||||
/// </summary>
|
||||
public static IEnumerable<PolicyDetails> ExemptStatus(
|
||||
this IEnumerable<PolicyDetails> policyDetails, IEnumerable<OrganizationUserStatusType> status)
|
||||
=> policyDetails.Where(x => !status.Contains(x.OrganizationUserStatus));
|
||||
public static bool HasStatus(this PolicyDetails policyDetails, IEnumerable<OrganizationUserStatusType> status)
|
||||
=> status.Contains(policyDetails.OrganizationUserStatus);
|
||||
}
|
||||
|
||||
@ -0,0 +1,34 @@
|
||||
using Bit.Core.AdminConsole.Enums;
|
||||
using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
|
||||
|
||||
namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
|
||||
|
||||
/// <summary>
|
||||
/// Policy requirements for the Send Options policy.
|
||||
/// </summary>
|
||||
public class SendOptionsPolicyRequirement : IPolicyRequirement
|
||||
{
|
||||
/// <summary>
|
||||
/// Indicates whether the user is prohibited from hiding their email from the recipient of a Send.
|
||||
/// </summary>
|
||||
public bool DisableHideEmail { get; init; }
|
||||
}
|
||||
|
||||
public class SendOptionsPolicyRequirementFactory : BasePolicyRequirementFactory<SendOptionsPolicyRequirement>
|
||||
{
|
||||
public override PolicyType PolicyType => PolicyType.SendOptions;
|
||||
|
||||
public override SendOptionsPolicyRequirement Create(IEnumerable<PolicyDetails> policyDetails)
|
||||
{
|
||||
var result = policyDetails
|
||||
.Select(p => p.GetDataModel<SendOptionsPolicyData>())
|
||||
.Aggregate(
|
||||
new SendOptionsPolicyRequirement(),
|
||||
(result, data) => new SendOptionsPolicyRequirement
|
||||
{
|
||||
DisableHideEmail = result.DisableHideEmail || data.DisableHideEmail
|
||||
});
|
||||
|
||||
return result;
|
||||
}
|
||||
}
|
||||
@ -1,54 +0,0 @@
|
||||
using Bit.Core.AdminConsole.Enums;
|
||||
using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
|
||||
using Bit.Core.Enums;
|
||||
|
||||
namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
|
||||
|
||||
/// <summary>
|
||||
/// Policy requirements for the Disable Send and Send Options policies.
|
||||
/// </summary>
|
||||
public class SendPolicyRequirement : IPolicyRequirement
|
||||
{
|
||||
/// <summary>
|
||||
/// Indicates whether Send is disabled for the user. If true, the user should not be able to create or edit Sends.
|
||||
/// They may still delete existing Sends.
|
||||
/// </summary>
|
||||
public bool DisableSend { get; init; }
|
||||
/// <summary>
|
||||
/// Indicates whether the user is prohibited from hiding their email from the recipient of a Send.
|
||||
/// </summary>
|
||||
public bool DisableHideEmail { get; init; }
|
||||
|
||||
/// <summary>
|
||||
/// Create a new SendPolicyRequirement.
|
||||
/// </summary>
|
||||
/// <param name="policyDetails">All PolicyDetails relating to the user.</param>
|
||||
/// <remarks>
|
||||
/// This is a <see cref="RequirementFactory{T}"/> for the SendPolicyRequirement.
|
||||
/// </remarks>
|
||||
public static SendPolicyRequirement Create(IEnumerable<PolicyDetails> policyDetails)
|
||||
{
|
||||
var filteredPolicies = policyDetails
|
||||
.ExemptRoles([OrganizationUserType.Owner, OrganizationUserType.Admin])
|
||||
.ExemptStatus([OrganizationUserStatusType.Invited, OrganizationUserStatusType.Revoked])
|
||||
.ExemptProviders()
|
||||
.ToList();
|
||||
|
||||
var result = filteredPolicies
|
||||
.GetPolicyType(PolicyType.SendOptions)
|
||||
.Select(p => p.GetDataModel<SendOptionsPolicyData>())
|
||||
.Aggregate(
|
||||
new SendPolicyRequirement
|
||||
{
|
||||
// Set Disable Send requirement in the initial seed
|
||||
DisableSend = filteredPolicies.GetPolicyType(PolicyType.DisableSend).Any()
|
||||
},
|
||||
(result, data) => new SendPolicyRequirement
|
||||
{
|
||||
DisableSend = result.DisableSend,
|
||||
DisableHideEmail = result.DisableHideEmail || data.DisableHideEmail
|
||||
});
|
||||
|
||||
return result;
|
||||
}
|
||||
}
|
||||
@ -31,32 +31,7 @@ public static class PolicyServiceCollectionExtensions
|
||||
|
||||
private static void AddPolicyRequirements(this IServiceCollection services)
|
||||
{
|
||||
// Register policy requirement factories here
|
||||
services.AddPolicyRequirement(SendPolicyRequirement.Create);
|
||||
services.AddScoped<IPolicyRequirementFactory<IPolicyRequirement>, DisableSendPolicyRequirementFactory>();
|
||||
services.AddScoped<IPolicyRequirementFactory<IPolicyRequirement>, SendOptionsPolicyRequirementFactory>();
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Used to register simple policy requirements where its factory method implements CreateRequirement.
|
||||
/// This MUST be used rather than calling AddScoped directly, because it will ensure the factory method has
|
||||
/// the correct type to be injected and then identified by <see cref="PolicyRequirementQuery"/> at runtime.
|
||||
/// </summary>
|
||||
/// <typeparam name="T">The specific PolicyRequirement being registered.</typeparam>
|
||||
private static void AddPolicyRequirement<T>(this IServiceCollection serviceCollection, RequirementFactory<T> factory)
|
||||
where T : class, IPolicyRequirement
|
||||
=> serviceCollection.AddPolicyRequirement(_ => factory);
|
||||
|
||||
/// <summary>
|
||||
/// Used to register policy requirements where you need to access additional dependencies (usually to return a
|
||||
/// curried factory method).
|
||||
/// This MUST be used rather than calling AddScoped directly, because it will ensure the factory method has
|
||||
/// the correct type to be injected and then identified by <see cref="PolicyRequirementQuery"/> at runtime.
|
||||
/// </summary>
|
||||
/// <typeparam name="T">
|
||||
/// A callback that takes IServiceProvider and returns a RequirementFactory for
|
||||
/// your policy requirement.
|
||||
/// </typeparam>
|
||||
private static void AddPolicyRequirement<T>(this IServiceCollection serviceCollection,
|
||||
Func<IServiceProvider, RequirementFactory<T>> factory)
|
||||
where T : class, IPolicyRequirement
|
||||
=> serviceCollection.AddScoped<RequirementFactory<IPolicyRequirement>>(factory);
|
||||
}
|
||||
|
||||
@ -114,6 +114,16 @@ public static class FeatureFlagKeys
|
||||
public const string ItemShare = "item-share";
|
||||
public const string RiskInsightsCriticalApplication = "pm-14466-risk-insights-critical-application";
|
||||
public const string EnableRiskInsightsNotifications = "enable-risk-insights-notifications";
|
||||
public const string DesktopSendUIRefresh = "desktop-send-ui-refresh";
|
||||
public const string ExportAttachments = "export-attachments";
|
||||
|
||||
/* Vault Team */
|
||||
public const string PM9111ExtensionPersistAddEditForm = "pm-9111-extension-persist-add-edit-form";
|
||||
public const string NewDeviceVerificationPermanentDismiss = "new-device-permanent-dismiss";
|
||||
public const string NewDeviceVerificationTemporaryDismiss = "new-device-temporary-dismiss";
|
||||
public const string VaultBulkManagementAction = "vault-bulk-management-action";
|
||||
public const string RestrictProviderAccess = "restrict-provider-access";
|
||||
public const string SecurityTasks = "security-tasks";
|
||||
|
||||
public const string ReturnErrorOnExistingKeypair = "return-error-on-existing-keypair";
|
||||
public const string UseTreeWalkerApiForPageDetailsCollection = "use-tree-walker-api-for-page-details-collection";
|
||||
@ -121,9 +131,7 @@ public static class FeatureFlagKeys
|
||||
public const string AC2101UpdateTrialInitiationEmail = "AC-2101-update-trial-initiation-email";
|
||||
public const string EmailVerification = "email-verification";
|
||||
public const string EmailVerificationDisableTimingDelays = "email-verification-disable-timing-delays";
|
||||
public const string RestrictProviderAccess = "restrict-provider-access";
|
||||
public const string PM4154BulkEncryptionService = "PM-4154-bulk-encryption-service";
|
||||
public const string VaultBulkManagementAction = "vault-bulk-management-action";
|
||||
public const string InlineMenuFieldQualification = "inline-menu-field-qualification";
|
||||
public const string InlineMenuPositioningImprovements = "inline-menu-positioning-improvements";
|
||||
public const string DeviceTrustLogging = "pm-8285-device-trust-logging";
|
||||
@ -148,11 +156,7 @@ public static class FeatureFlagKeys
|
||||
public const string RemoveServerVersionHeader = "remove-server-version-header";
|
||||
public const string GeneratorToolsModernization = "generator-tools-modernization";
|
||||
public const string NewDeviceVerification = "new-device-verification";
|
||||
public const string NewDeviceVerificationTemporaryDismiss = "new-device-temporary-dismiss";
|
||||
public const string NewDeviceVerificationPermanentDismiss = "new-device-permanent-dismiss";
|
||||
public const string SecurityTasks = "security-tasks";
|
||||
public const string MacOsNativeCredentialSync = "macos-native-credential-sync";
|
||||
public const string PM9111ExtensionPersistAddEditForm = "pm-9111-extension-persist-add-edit-form";
|
||||
public const string InlineMenuTotp = "inline-menu-totp";
|
||||
public const string PrivateKeyRegeneration = "pm-12241-private-key-regeneration";
|
||||
public const string AppReviewPrompt = "app-review-prompt";
|
||||
|
||||
@ -326,14 +326,14 @@ public class SendService : ISendService
|
||||
return;
|
||||
}
|
||||
|
||||
var sendPolicyRequirement = await _policyRequirementQuery.GetAsync<SendPolicyRequirement>(userId.Value);
|
||||
|
||||
if (sendPolicyRequirement.DisableSend)
|
||||
var disableSendRequirement = await _policyRequirementQuery.GetAsync<DisableSendPolicyRequirement>(userId.Value);
|
||||
if (disableSendRequirement.DisableSend)
|
||||
{
|
||||
throw new BadRequestException("Due to an Enterprise Policy, you are only able to delete an existing Send.");
|
||||
}
|
||||
|
||||
if (sendPolicyRequirement.DisableHideEmail && send.HideEmail.GetValueOrDefault())
|
||||
var sendOptionsRequirement = await _policyRequirementQuery.GetAsync<SendOptionsPolicyRequirement>(userId.Value);
|
||||
if (sendOptionsRequirement.DisableHideEmail && send.HideEmail.GetValueOrDefault())
|
||||
{
|
||||
throw new BadRequestException("Due to an Enterprise Policy, you are not allowed to hide your email address from recipients when creating or editing a Send.");
|
||||
}
|
||||
|
||||
@ -252,19 +252,19 @@ public class DeviceValidator(
|
||||
{
|
||||
case DeviceValidationResultType.InvalidUser:
|
||||
result.ErrorDescription = "Invalid user";
|
||||
customResponse.Add("ErrorModel", new ErrorResponseModel("invalid user"));
|
||||
customResponse.Add("ErrorModel", new ErrorResponseModel("Invalid user."));
|
||||
break;
|
||||
case DeviceValidationResultType.InvalidNewDeviceOtp:
|
||||
result.ErrorDescription = "Invalid New Device OTP";
|
||||
customResponse.Add("ErrorModel", new ErrorResponseModel("invalid new device otp"));
|
||||
customResponse.Add("ErrorModel", new ErrorResponseModel("Invalid new device OTP. Try again."));
|
||||
break;
|
||||
case DeviceValidationResultType.NewDeviceVerificationRequired:
|
||||
result.ErrorDescription = "New device verification required";
|
||||
customResponse.Add("ErrorModel", new ErrorResponseModel("new device verification required"));
|
||||
customResponse.Add("ErrorModel", new ErrorResponseModel("New device verification required."));
|
||||
break;
|
||||
case DeviceValidationResultType.NoDeviceInformationProvided:
|
||||
result.ErrorDescription = "No device information provided";
|
||||
customResponse.Add("ErrorModel", new ErrorResponseModel("no device information provided"));
|
||||
customResponse.Add("ErrorModel", new ErrorResponseModel("No device information provided."));
|
||||
break;
|
||||
}
|
||||
return (result, customResponse);
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,23 @@
|
||||
using Bit.Core.AdminConsole.Enums;
|
||||
using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
|
||||
using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
|
||||
|
||||
namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.Policies;
|
||||
|
||||
/// <summary>
|
||||
/// Intentionally simplified PolicyRequirement that just holds the input PolicyDetails for us to assert against.
|
||||
/// </summary>
|
||||
public class TestPolicyRequirement : IPolicyRequirement
|
||||
{
|
||||
public IEnumerable<PolicyDetails> Policies { get; init; } = [];
|
||||
}
|
||||
|
||||
public class TestPolicyRequirementFactory(Func<PolicyDetails, bool> enforce) : IPolicyRequirementFactory<TestPolicyRequirement>
|
||||
{
|
||||
public PolicyType PolicyType => PolicyType.SingleOrg;
|
||||
|
||||
public bool Enforce(PolicyDetails policyDetails) => enforce(policyDetails);
|
||||
|
||||
public TestPolicyRequirement Create(IEnumerable<PolicyDetails> policyDetails)
|
||||
=> new() { Policies = policyDetails };
|
||||
}
|
||||
@ -1,6 +1,6 @@
|
||||
using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
|
||||
using Bit.Core.AdminConsole.Enums;
|
||||
using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
|
||||
using Bit.Core.AdminConsole.OrganizationFeatures.Policies.Implementations;
|
||||
using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
|
||||
using Bit.Core.AdminConsole.Repositories;
|
||||
using Bit.Test.Common.AutoFixture.Attributes;
|
||||
using NSubstitute;
|
||||
@ -11,50 +11,72 @@ namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.Policies;
|
||||
[SutProviderCustomize]
|
||||
public class PolicyRequirementQueryTests
|
||||
{
|
||||
/// <summary>
|
||||
/// Tests that the query correctly registers, retrieves and instantiates arbitrary IPolicyRequirements
|
||||
/// according to their provided CreateRequirement delegate.
|
||||
/// </summary>
|
||||
[Theory, BitAutoData]
|
||||
public async Task GetAsync_Works(Guid userId, Guid organizationId)
|
||||
public async Task GetAsync_IgnoresOtherPolicyTypes(Guid userId)
|
||||
{
|
||||
var thisPolicy = new PolicyDetails { PolicyType = PolicyType.SingleOrg };
|
||||
var otherPolicy = new PolicyDetails { PolicyType = PolicyType.RequireSso };
|
||||
var policyRepository = Substitute.For<IPolicyRepository>();
|
||||
var factories = new List<RequirementFactory<IPolicyRequirement>>
|
||||
{
|
||||
// In prod this cast is handled when the CreateRequirement delegate is registered in DI
|
||||
(RequirementFactory<TestPolicyRequirement>)TestPolicyRequirement.Create
|
||||
};
|
||||
policyRepository.GetPolicyDetailsByUserId(userId).Returns([otherPolicy, thisPolicy]);
|
||||
|
||||
var sut = new PolicyRequirementQuery(policyRepository, factories);
|
||||
policyRepository.GetPolicyDetailsByUserId(userId).Returns([
|
||||
new PolicyDetails
|
||||
{
|
||||
OrganizationId = organizationId
|
||||
}
|
||||
]);
|
||||
var factory = new TestPolicyRequirementFactory(_ => true);
|
||||
var sut = new PolicyRequirementQuery(policyRepository, [factory]);
|
||||
|
||||
var requirement = await sut.GetAsync<TestPolicyRequirement>(userId);
|
||||
Assert.Equal(organizationId, requirement.OrganizationId);
|
||||
|
||||
Assert.Contains(thisPolicy, requirement.Policies);
|
||||
Assert.DoesNotContain(otherPolicy, requirement.Policies);
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task GetAsync_ThrowsIfNoRequirementRegistered(Guid userId)
|
||||
public async Task GetAsync_CallsEnforceCallback(Guid userId)
|
||||
{
|
||||
// Arrange policies
|
||||
var policyRepository = Substitute.For<IPolicyRepository>();
|
||||
var thisPolicy = new PolicyDetails { PolicyType = PolicyType.SingleOrg };
|
||||
var otherPolicy = new PolicyDetails { PolicyType = PolicyType.SingleOrg };
|
||||
policyRepository.GetPolicyDetailsByUserId(userId).Returns([thisPolicy, otherPolicy]);
|
||||
|
||||
// Arrange a substitute Enforce function so that we can inspect the received calls
|
||||
var callback = Substitute.For<Func<PolicyDetails, bool>>();
|
||||
callback(Arg.Any<PolicyDetails>()).Returns(x => x.Arg<PolicyDetails>() == thisPolicy);
|
||||
|
||||
// Arrange the sut
|
||||
var factory = new TestPolicyRequirementFactory(callback);
|
||||
var sut = new PolicyRequirementQuery(policyRepository, [factory]);
|
||||
|
||||
// Act
|
||||
var requirement = await sut.GetAsync<TestPolicyRequirement>(userId);
|
||||
|
||||
// Assert
|
||||
Assert.Contains(thisPolicy, requirement.Policies);
|
||||
Assert.DoesNotContain(otherPolicy, requirement.Policies);
|
||||
callback.Received()(Arg.Is(thisPolicy));
|
||||
callback.Received()(Arg.Is(otherPolicy));
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task GetAsync_ThrowsIfNoFactoryRegistered(Guid userId)
|
||||
{
|
||||
var policyRepository = Substitute.For<IPolicyRepository>();
|
||||
var sut = new PolicyRequirementQuery(policyRepository, []);
|
||||
|
||||
var exception = await Assert.ThrowsAsync<NotImplementedException>(()
|
||||
=> sut.GetAsync<TestPolicyRequirement>(userId));
|
||||
Assert.Contains("No Policy Requirement found", exception.Message);
|
||||
Assert.Contains("No Requirement Factory found", exception.Message);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Intentionally simplified PolicyRequirement that just holds the Policy.OrganizationId for us to assert against.
|
||||
/// </summary>
|
||||
private class TestPolicyRequirement : IPolicyRequirement
|
||||
[Theory, BitAutoData]
|
||||
public async Task GetAsync_HandlesNoPolicies(Guid userId)
|
||||
{
|
||||
public Guid OrganizationId { get; init; }
|
||||
public static TestPolicyRequirement Create(IEnumerable<PolicyDetails> policyDetails)
|
||||
=> new() { OrganizationId = policyDetails.Single().OrganizationId };
|
||||
var policyRepository = Substitute.For<IPolicyRepository>();
|
||||
policyRepository.GetPolicyDetailsByUserId(userId).Returns([]);
|
||||
|
||||
var factory = new TestPolicyRequirementFactory(x => x.IsProvider);
|
||||
var sut = new PolicyRequirementQuery(policyRepository, [factory]);
|
||||
|
||||
var requirement = await sut.GetAsync<TestPolicyRequirement>(userId);
|
||||
|
||||
Assert.Empty(requirement.Policies);
|
||||
}
|
||||
}
|
||||
|
||||
@ -0,0 +1,90 @@
|
||||
using AutoFixture.Xunit2;
|
||||
using Bit.Core.AdminConsole.Enums;
|
||||
using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
|
||||
using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Test.AdminConsole.AutoFixture;
|
||||
using Xunit;
|
||||
|
||||
namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
|
||||
|
||||
public class BasePolicyRequirementFactoryTests
|
||||
{
|
||||
[Theory, AutoData]
|
||||
public void ExemptRoles_DoesNotEnforceAgainstThoseRoles(
|
||||
[PolicyDetails(PolicyType.SingleOrg, OrganizationUserType.Owner)] PolicyDetails ownerPolicy,
|
||||
[PolicyDetails(PolicyType.SingleOrg, OrganizationUserType.Admin)] PolicyDetails adminPolicy,
|
||||
[PolicyDetails(PolicyType.SingleOrg, OrganizationUserType.Custom)] PolicyDetails customPolicy,
|
||||
[PolicyDetails(PolicyType.SingleOrg)] PolicyDetails userPolicy)
|
||||
{
|
||||
var sut = new TestPolicyRequirementFactory(
|
||||
// These exempt roles are intentionally unusual to make sure we're properly testing the sut
|
||||
[OrganizationUserType.User, OrganizationUserType.Custom],
|
||||
[],
|
||||
false);
|
||||
|
||||
Assert.True(sut.Enforce(ownerPolicy));
|
||||
Assert.True(sut.Enforce(adminPolicy));
|
||||
Assert.False(sut.Enforce(customPolicy));
|
||||
Assert.False(sut.Enforce(userPolicy));
|
||||
}
|
||||
|
||||
[Theory, AutoData]
|
||||
public void ExemptStatuses_DoesNotEnforceAgainstThoseStatuses(
|
||||
[PolicyDetails(PolicyType.SingleOrg, userStatus: OrganizationUserStatusType.Invited)] PolicyDetails invitedPolicy,
|
||||
[PolicyDetails(PolicyType.SingleOrg, userStatus: OrganizationUserStatusType.Accepted)] PolicyDetails acceptedPolicy,
|
||||
[PolicyDetails(PolicyType.SingleOrg, userStatus: OrganizationUserStatusType.Confirmed)] PolicyDetails confirmedPolicy,
|
||||
[PolicyDetails(PolicyType.SingleOrg, userStatus: OrganizationUserStatusType.Revoked)] PolicyDetails revokedPolicy)
|
||||
{
|
||||
var sut = new TestPolicyRequirementFactory(
|
||||
[],
|
||||
// These exempt statuses are intentionally unusual to make sure we're properly testing the sut
|
||||
[OrganizationUserStatusType.Confirmed, OrganizationUserStatusType.Accepted],
|
||||
false);
|
||||
|
||||
Assert.True(sut.Enforce(invitedPolicy));
|
||||
Assert.True(sut.Enforce(revokedPolicy));
|
||||
Assert.False(sut.Enforce(confirmedPolicy));
|
||||
Assert.False(sut.Enforce(acceptedPolicy));
|
||||
}
|
||||
|
||||
[Theory, AutoData]
|
||||
public void ExemptProviders_DoesNotEnforceAgainstProviders(
|
||||
[PolicyDetails(PolicyType.SingleOrg, isProvider: true)] PolicyDetails policy)
|
||||
{
|
||||
var sut = new TestPolicyRequirementFactory(
|
||||
[],
|
||||
[],
|
||||
true);
|
||||
|
||||
Assert.False(sut.Enforce(policy));
|
||||
}
|
||||
|
||||
[Theory, AutoData]
|
||||
public void NoExemptions_EnforcesAgainstAdminsAndProviders(
|
||||
[PolicyDetails(PolicyType.SingleOrg, OrganizationUserType.Owner, isProvider: true)] PolicyDetails policy)
|
||||
{
|
||||
var sut = new TestPolicyRequirementFactory(
|
||||
[],
|
||||
[],
|
||||
false);
|
||||
|
||||
Assert.True(sut.Enforce(policy));
|
||||
}
|
||||
|
||||
private class TestPolicyRequirementFactory(
|
||||
IEnumerable<OrganizationUserType> exemptRoles,
|
||||
IEnumerable<OrganizationUserStatusType> exemptStatuses,
|
||||
bool exemptProviders
|
||||
) : BasePolicyRequirementFactory<TestPolicyRequirement>
|
||||
{
|
||||
public override PolicyType PolicyType => PolicyType.SingleOrg;
|
||||
protected override IEnumerable<OrganizationUserType> ExemptRoles => exemptRoles;
|
||||
protected override IEnumerable<OrganizationUserStatusType> ExemptStatuses => exemptStatuses;
|
||||
|
||||
protected override bool ExemptProviders => exemptProviders;
|
||||
|
||||
public override TestPolicyRequirement Create(IEnumerable<PolicyDetails> policyDetails)
|
||||
=> new() { Policies = policyDetails };
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,32 @@
|
||||
using Bit.Core.AdminConsole.Enums;
|
||||
using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
|
||||
using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
|
||||
using Bit.Core.Test.AdminConsole.AutoFixture;
|
||||
using Bit.Test.Common.AutoFixture;
|
||||
using Bit.Test.Common.AutoFixture.Attributes;
|
||||
using Xunit;
|
||||
|
||||
namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
|
||||
|
||||
[SutProviderCustomize]
|
||||
public class DisableSendPolicyRequirementFactoryTests
|
||||
{
|
||||
[Theory, BitAutoData]
|
||||
public void DisableSend_IsFalse_IfNoPolicies(SutProvider<DisableSendPolicyRequirementFactory> sutProvider)
|
||||
{
|
||||
var actual = sutProvider.Sut.Create([]);
|
||||
|
||||
Assert.False(actual.DisableSend);
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public void DisableSend_IsTrue_IfAnyDisableSendPolicies(
|
||||
[PolicyDetails(PolicyType.DisableSend)] PolicyDetails[] policies,
|
||||
SutProvider<DisableSendPolicyRequirementFactory> sutProvider
|
||||
)
|
||||
{
|
||||
var actual = sutProvider.Sut.Create(policies);
|
||||
|
||||
Assert.True(actual.DisableSend);
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,49 @@
|
||||
using Bit.Core.AdminConsole.Enums;
|
||||
using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
|
||||
using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
|
||||
using Bit.Core.Test.AdminConsole.AutoFixture;
|
||||
using Bit.Test.Common.AutoFixture;
|
||||
using Bit.Test.Common.AutoFixture.Attributes;
|
||||
using Xunit;
|
||||
|
||||
namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
|
||||
|
||||
[SutProviderCustomize]
|
||||
public class SendOptionsPolicyRequirementFactoryTests
|
||||
{
|
||||
[Theory, BitAutoData]
|
||||
public void DisableHideEmail_IsFalse_IfNoPolicies(SutProvider<SendOptionsPolicyRequirementFactory> sutProvider)
|
||||
{
|
||||
var actual = sutProvider.Sut.Create([]);
|
||||
|
||||
Assert.False(actual.DisableHideEmail);
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public void DisableHideEmail_IsFalse_IfNotConfigured(
|
||||
[PolicyDetails(PolicyType.SendOptions)] PolicyDetails[] policies,
|
||||
SutProvider<SendOptionsPolicyRequirementFactory> sutProvider
|
||||
)
|
||||
{
|
||||
policies[0].SetDataModel(new SendOptionsPolicyData { DisableHideEmail = false });
|
||||
policies[1].SetDataModel(new SendOptionsPolicyData { DisableHideEmail = false });
|
||||
|
||||
var actual = sutProvider.Sut.Create(policies);
|
||||
|
||||
Assert.False(actual.DisableHideEmail);
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public void DisableHideEmail_IsTrue_IfAnyConfigured(
|
||||
[PolicyDetails(PolicyType.SendOptions)] PolicyDetails[] policies,
|
||||
SutProvider<SendOptionsPolicyRequirementFactory> sutProvider
|
||||
)
|
||||
{
|
||||
policies[0].SetDataModel(new SendOptionsPolicyData { DisableHideEmail = true });
|
||||
policies[1].SetDataModel(new SendOptionsPolicyData { DisableHideEmail = false });
|
||||
|
||||
var actual = sutProvider.Sut.Create(policies);
|
||||
|
||||
Assert.True(actual.DisableHideEmail);
|
||||
}
|
||||
}
|
||||
@ -1,138 +0,0 @@
|
||||
using AutoFixture.Xunit2;
|
||||
using Bit.Core.AdminConsole.Enums;
|
||||
using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
|
||||
using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Test.AdminConsole.AutoFixture;
|
||||
using Xunit;
|
||||
|
||||
namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
|
||||
|
||||
public class SendPolicyRequirementTests
|
||||
{
|
||||
[Theory, AutoData]
|
||||
public void DisableSend_IsFalse_IfNoDisableSendPolicies(
|
||||
[PolicyDetails(PolicyType.RequireSso)] PolicyDetails otherPolicy1,
|
||||
[PolicyDetails(PolicyType.SendOptions)] PolicyDetails otherPolicy2)
|
||||
{
|
||||
EnableDisableHideEmail(otherPolicy2);
|
||||
|
||||
var actual = SendPolicyRequirement.Create([otherPolicy1, otherPolicy2]);
|
||||
|
||||
Assert.False(actual.DisableSend);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[InlineAutoData(OrganizationUserType.Owner, false)]
|
||||
[InlineAutoData(OrganizationUserType.Admin, false)]
|
||||
[InlineAutoData(OrganizationUserType.User, true)]
|
||||
[InlineAutoData(OrganizationUserType.Custom, true)]
|
||||
public void DisableSend_TestRoles(
|
||||
OrganizationUserType userType,
|
||||
bool shouldBeEnforced,
|
||||
[PolicyDetails(PolicyType.DisableSend)] PolicyDetails policyDetails)
|
||||
{
|
||||
policyDetails.OrganizationUserType = userType;
|
||||
|
||||
var actual = SendPolicyRequirement.Create([policyDetails]);
|
||||
|
||||
Assert.Equal(shouldBeEnforced, actual.DisableSend);
|
||||
}
|
||||
|
||||
[Theory, AutoData]
|
||||
public void DisableSend_Not_EnforcedAgainstProviders(
|
||||
[PolicyDetails(PolicyType.DisableSend, isProvider: true)] PolicyDetails policyDetails)
|
||||
{
|
||||
var actual = SendPolicyRequirement.Create([policyDetails]);
|
||||
|
||||
Assert.False(actual.DisableSend);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[InlineAutoData(OrganizationUserStatusType.Confirmed, true)]
|
||||
[InlineAutoData(OrganizationUserStatusType.Accepted, true)]
|
||||
[InlineAutoData(OrganizationUserStatusType.Invited, false)]
|
||||
[InlineAutoData(OrganizationUserStatusType.Revoked, false)]
|
||||
public void DisableSend_TestStatuses(
|
||||
OrganizationUserStatusType userStatus,
|
||||
bool shouldBeEnforced,
|
||||
[PolicyDetails(PolicyType.DisableSend)] PolicyDetails policyDetails)
|
||||
{
|
||||
policyDetails.OrganizationUserStatus = userStatus;
|
||||
|
||||
var actual = SendPolicyRequirement.Create([policyDetails]);
|
||||
|
||||
Assert.Equal(shouldBeEnforced, actual.DisableSend);
|
||||
}
|
||||
|
||||
[Theory, AutoData]
|
||||
public void DisableHideEmail_IsFalse_IfNoSendOptionsPolicies(
|
||||
[PolicyDetails(PolicyType.RequireSso)] PolicyDetails otherPolicy1,
|
||||
[PolicyDetails(PolicyType.DisableSend)] PolicyDetails otherPolicy2)
|
||||
{
|
||||
var actual = SendPolicyRequirement.Create([otherPolicy1, otherPolicy2]);
|
||||
|
||||
Assert.False(actual.DisableHideEmail);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[InlineAutoData(OrganizationUserType.Owner, false)]
|
||||
[InlineAutoData(OrganizationUserType.Admin, false)]
|
||||
[InlineAutoData(OrganizationUserType.User, true)]
|
||||
[InlineAutoData(OrganizationUserType.Custom, true)]
|
||||
public void DisableHideEmail_TestRoles(
|
||||
OrganizationUserType userType,
|
||||
bool shouldBeEnforced,
|
||||
[PolicyDetails(PolicyType.SendOptions)] PolicyDetails policyDetails)
|
||||
{
|
||||
EnableDisableHideEmail(policyDetails);
|
||||
policyDetails.OrganizationUserType = userType;
|
||||
|
||||
var actual = SendPolicyRequirement.Create([policyDetails]);
|
||||
|
||||
Assert.Equal(shouldBeEnforced, actual.DisableHideEmail);
|
||||
}
|
||||
|
||||
[Theory, AutoData]
|
||||
public void DisableHideEmail_Not_EnforcedAgainstProviders(
|
||||
[PolicyDetails(PolicyType.SendOptions, isProvider: true)] PolicyDetails policyDetails)
|
||||
{
|
||||
EnableDisableHideEmail(policyDetails);
|
||||
|
||||
var actual = SendPolicyRequirement.Create([policyDetails]);
|
||||
|
||||
Assert.False(actual.DisableHideEmail);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[InlineAutoData(OrganizationUserStatusType.Confirmed, true)]
|
||||
[InlineAutoData(OrganizationUserStatusType.Accepted, true)]
|
||||
[InlineAutoData(OrganizationUserStatusType.Invited, false)]
|
||||
[InlineAutoData(OrganizationUserStatusType.Revoked, false)]
|
||||
public void DisableHideEmail_TestStatuses(
|
||||
OrganizationUserStatusType userStatus,
|
||||
bool shouldBeEnforced,
|
||||
[PolicyDetails(PolicyType.SendOptions)] PolicyDetails policyDetails)
|
||||
{
|
||||
EnableDisableHideEmail(policyDetails);
|
||||
policyDetails.OrganizationUserStatus = userStatus;
|
||||
|
||||
var actual = SendPolicyRequirement.Create([policyDetails]);
|
||||
|
||||
Assert.Equal(shouldBeEnforced, actual.DisableHideEmail);
|
||||
}
|
||||
|
||||
[Theory, AutoData]
|
||||
public void DisableHideEmail_HandlesNullData(
|
||||
[PolicyDetails(PolicyType.SendOptions)] PolicyDetails policyDetails)
|
||||
{
|
||||
policyDetails.PolicyData = null;
|
||||
|
||||
var actual = SendPolicyRequirement.Create([policyDetails]);
|
||||
|
||||
Assert.False(actual.DisableHideEmail);
|
||||
}
|
||||
|
||||
private static void EnableDisableHideEmail(PolicyDetails policyDetails)
|
||||
=> policyDetails.SetDataModel(new SendOptionsPolicyData { DisableHideEmail = true });
|
||||
}
|
||||
@ -123,10 +123,12 @@ public class SendServiceTests
|
||||
|
||||
// Disable Send policy check - vNext
|
||||
private void SaveSendAsync_Setup_vNext(SutProvider<SendService> sutProvider, Send send,
|
||||
SendPolicyRequirement sendPolicyRequirement)
|
||||
DisableSendPolicyRequirement disableSendPolicyRequirement, SendOptionsPolicyRequirement sendOptionsPolicyRequirement)
|
||||
{
|
||||
sutProvider.GetDependency<IPolicyRequirementQuery>().GetAsync<SendPolicyRequirement>(send.UserId!.Value)
|
||||
.Returns(sendPolicyRequirement);
|
||||
sutProvider.GetDependency<IPolicyRequirementQuery>().GetAsync<DisableSendPolicyRequirement>(send.UserId!.Value)
|
||||
.Returns(disableSendPolicyRequirement);
|
||||
sutProvider.GetDependency<IPolicyRequirementQuery>().GetAsync<SendOptionsPolicyRequirement>(send.UserId!.Value)
|
||||
.Returns(sendOptionsPolicyRequirement);
|
||||
sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.PolicyRequirements).Returns(true);
|
||||
|
||||
// Should not be called in these tests
|
||||
@ -141,7 +143,7 @@ public class SendServiceTests
|
||||
SutProvider<SendService> sutProvider, [NewUserSendCustomize] Send send)
|
||||
{
|
||||
send.Type = sendType;
|
||||
SaveSendAsync_Setup_vNext(sutProvider, send, new SendPolicyRequirement { DisableSend = true });
|
||||
SaveSendAsync_Setup_vNext(sutProvider, send, new DisableSendPolicyRequirement { DisableSend = true }, new SendOptionsPolicyRequirement());
|
||||
|
||||
var exception = await Assert.ThrowsAsync<BadRequestException>(() => sutProvider.Sut.SaveSendAsync(send));
|
||||
Assert.Contains("Due to an Enterprise Policy, you are only able to delete an existing Send.",
|
||||
@ -155,7 +157,7 @@ public class SendServiceTests
|
||||
SutProvider<SendService> sutProvider, [NewUserSendCustomize] Send send)
|
||||
{
|
||||
send.Type = sendType;
|
||||
SaveSendAsync_Setup_vNext(sutProvider, send, new SendPolicyRequirement());
|
||||
SaveSendAsync_Setup_vNext(sutProvider, send, new DisableSendPolicyRequirement(), new SendOptionsPolicyRequirement());
|
||||
|
||||
await sutProvider.Sut.SaveSendAsync(send);
|
||||
|
||||
@ -171,7 +173,7 @@ public class SendServiceTests
|
||||
SutProvider<SendService> sutProvider, [NewUserSendCustomize] Send send)
|
||||
{
|
||||
send.Type = sendType;
|
||||
SaveSendAsync_Setup_vNext(sutProvider, send, new SendPolicyRequirement { DisableHideEmail = true });
|
||||
SaveSendAsync_Setup_vNext(sutProvider, send, new DisableSendPolicyRequirement(), new SendOptionsPolicyRequirement { DisableHideEmail = true });
|
||||
send.HideEmail = true;
|
||||
|
||||
var exception = await Assert.ThrowsAsync<BadRequestException>(() => sutProvider.Sut.SaveSendAsync(send));
|
||||
@ -185,7 +187,7 @@ public class SendServiceTests
|
||||
SutProvider<SendService> sutProvider, [NewUserSendCustomize] Send send)
|
||||
{
|
||||
send.Type = sendType;
|
||||
SaveSendAsync_Setup_vNext(sutProvider, send, new SendPolicyRequirement { DisableHideEmail = true });
|
||||
SaveSendAsync_Setup_vNext(sutProvider, send, new DisableSendPolicyRequirement(), new SendOptionsPolicyRequirement { DisableHideEmail = true });
|
||||
send.HideEmail = false;
|
||||
|
||||
await sutProvider.Sut.SaveSendAsync(send);
|
||||
@ -200,7 +202,7 @@ public class SendServiceTests
|
||||
SutProvider<SendService> sutProvider, [NewUserSendCustomize] Send send)
|
||||
{
|
||||
send.Type = sendType;
|
||||
SaveSendAsync_Setup_vNext(sutProvider, send, new SendPolicyRequirement());
|
||||
SaveSendAsync_Setup_vNext(sutProvider, send, new DisableSendPolicyRequirement(), new SendOptionsPolicyRequirement());
|
||||
send.HideEmail = true;
|
||||
|
||||
await sutProvider.Sut.SaveSendAsync(send);
|
||||
|
||||
@ -602,6 +602,78 @@ public class CipherServiceTests
|
||||
Assert.NotEqual(initialRevisionDate, cipher.RevisionDate);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[BitAutoData]
|
||||
public async Task RestoreAsync_WithAlreadyRestoredCipher_SkipsOperation(
|
||||
Guid restoringUserId, Cipher cipher, SutProvider<CipherService> sutProvider)
|
||||
{
|
||||
cipher.DeletedDate = null;
|
||||
|
||||
await sutProvider.Sut.RestoreAsync(cipher, restoringUserId, true);
|
||||
|
||||
await sutProvider.GetDependency<ICipherRepository>().DidNotReceiveWithAnyArgs().UpsertAsync(default);
|
||||
await sutProvider.GetDependency<IEventService>().DidNotReceiveWithAnyArgs().LogCipherEventAsync(default, default);
|
||||
await sutProvider.GetDependency<IPushNotificationService>().DidNotReceiveWithAnyArgs().PushSyncCipherUpdateAsync(default, default);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[BitAutoData]
|
||||
public async Task RestoreAsync_WithPersonalCipherBelongingToDifferentUser_ThrowsBadRequestException(
|
||||
Guid restoringUserId, Cipher cipher, SutProvider<CipherService> sutProvider)
|
||||
{
|
||||
cipher.UserId = Guid.NewGuid();
|
||||
cipher.OrganizationId = null;
|
||||
|
||||
var exception = await Assert.ThrowsAsync<BadRequestException>(
|
||||
() => sutProvider.Sut.RestoreAsync(cipher, restoringUserId));
|
||||
|
||||
Assert.Contains("do not have permissions", exception.Message);
|
||||
await sutProvider.GetDependency<ICipherRepository>().DidNotReceiveWithAnyArgs().UpsertAsync(default);
|
||||
await sutProvider.GetDependency<IEventService>().DidNotReceiveWithAnyArgs().LogCipherEventAsync(default, default);
|
||||
await sutProvider.GetDependency<IPushNotificationService>().DidNotReceiveWithAnyArgs().PushSyncCipherUpdateAsync(default, default);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[OrganizationCipherCustomize]
|
||||
[BitAutoData]
|
||||
public async Task RestoreAsync_WithOrgCipherLackingEditPermission_ThrowsBadRequestException(
|
||||
Guid restoringUserId, Cipher cipher, SutProvider<CipherService> sutProvider)
|
||||
{
|
||||
sutProvider.GetDependency<ICipherRepository>()
|
||||
.GetCanEditByIdAsync(restoringUserId, cipher.Id)
|
||||
.Returns(false);
|
||||
|
||||
var exception = await Assert.ThrowsAsync<BadRequestException>(
|
||||
() => sutProvider.Sut.RestoreAsync(cipher, restoringUserId));
|
||||
|
||||
Assert.Contains("do not have permissions", exception.Message);
|
||||
await sutProvider.GetDependency<ICipherRepository>().DidNotReceiveWithAnyArgs().UpsertAsync(default);
|
||||
await sutProvider.GetDependency<IEventService>().DidNotReceiveWithAnyArgs().LogCipherEventAsync(default, default);
|
||||
await sutProvider.GetDependency<IPushNotificationService>().DidNotReceiveWithAnyArgs().PushSyncCipherUpdateAsync(default, default);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[BitAutoData]
|
||||
public async Task RestoreAsync_WithCipherDetailsType_RestoresCipherDetails(
|
||||
Guid restoringUserId, CipherDetails cipherDetails, SutProvider<CipherService> sutProvider)
|
||||
{
|
||||
sutProvider.GetDependency<ICipherRepository>()
|
||||
.GetCanEditByIdAsync(restoringUserId, cipherDetails.Id)
|
||||
.Returns(true);
|
||||
|
||||
var initialRevisionDate = new DateTime(1970, 1, 1, 0, 0, 0);
|
||||
cipherDetails.DeletedDate = initialRevisionDate;
|
||||
cipherDetails.RevisionDate = initialRevisionDate;
|
||||
|
||||
await sutProvider.Sut.RestoreAsync(cipherDetails, restoringUserId);
|
||||
|
||||
Assert.Null(cipherDetails.DeletedDate);
|
||||
Assert.NotEqual(initialRevisionDate, cipherDetails.RevisionDate);
|
||||
await sutProvider.GetDependency<ICipherRepository>().Received(1).UpsertAsync(cipherDetails);
|
||||
await sutProvider.GetDependency<IEventService>().Received(1).LogCipherEventAsync(cipherDetails, EventType.Cipher_Restored);
|
||||
await sutProvider.GetDependency<IPushNotificationService>().Received(1).PushSyncCipherUpdateAsync(cipherDetails, null);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[BitAutoData]
|
||||
public async Task RestoreManyAsync_UpdatesCiphers(ICollection<CipherDetails> ciphers,
|
||||
@ -725,6 +797,188 @@ public class CipherServiceTests
|
||||
Arg.Is<IEnumerable<Cipher>>(arg => !arg.Except(ciphers).Any()));
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[BitAutoData]
|
||||
public async Task DeleteAsync_WithPersonalCipherOwner_DeletesCipher(
|
||||
Guid deletingUserId, Cipher cipher, SutProvider<CipherService> sutProvider)
|
||||
{
|
||||
cipher.UserId = deletingUserId;
|
||||
cipher.OrganizationId = null;
|
||||
|
||||
await sutProvider.Sut.DeleteAsync(cipher, deletingUserId);
|
||||
|
||||
await sutProvider.GetDependency<ICipherRepository>().Received(1).DeleteAsync(cipher);
|
||||
await sutProvider.GetDependency<IAttachmentStorageService>().Received(1).DeleteAttachmentsForCipherAsync(cipher.Id);
|
||||
await sutProvider.GetDependency<IEventService>().Received(1).LogCipherEventAsync(cipher, EventType.Cipher_Deleted);
|
||||
await sutProvider.GetDependency<IPushNotificationService>().Received(1).PushSyncCipherDeleteAsync(cipher);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[OrganizationCipherCustomize]
|
||||
[BitAutoData]
|
||||
public async Task DeleteAsync_WithOrgCipherAndEditPermission_DeletesCipher(
|
||||
Guid deletingUserId, Cipher cipher, SutProvider<CipherService> sutProvider)
|
||||
{
|
||||
sutProvider.GetDependency<ICipherRepository>()
|
||||
.GetCanEditByIdAsync(deletingUserId, cipher.Id)
|
||||
.Returns(true);
|
||||
|
||||
await sutProvider.Sut.DeleteAsync(cipher, deletingUserId);
|
||||
|
||||
await sutProvider.GetDependency<ICipherRepository>().Received(1).DeleteAsync(cipher);
|
||||
await sutProvider.GetDependency<IAttachmentStorageService>().Received(1).DeleteAttachmentsForCipherAsync(cipher.Id);
|
||||
await sutProvider.GetDependency<IEventService>().Received(1).LogCipherEventAsync(cipher, EventType.Cipher_Deleted);
|
||||
await sutProvider.GetDependency<IPushNotificationService>().Received(1).PushSyncCipherDeleteAsync(cipher);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[BitAutoData]
|
||||
public async Task DeleteAsync_WithPersonalCipherBelongingToDifferentUser_ThrowsBadRequestException(
|
||||
Guid deletingUserId, Cipher cipher, SutProvider<CipherService> sutProvider)
|
||||
{
|
||||
cipher.UserId = Guid.NewGuid();
|
||||
cipher.OrganizationId = null;
|
||||
|
||||
var exception = await Assert.ThrowsAsync<BadRequestException>(
|
||||
() => sutProvider.Sut.DeleteAsync(cipher, deletingUserId));
|
||||
|
||||
Assert.Contains("do not have permissions", exception.Message);
|
||||
await sutProvider.GetDependency<ICipherRepository>().DidNotReceiveWithAnyArgs().DeleteAsync(default);
|
||||
await sutProvider.GetDependency<IAttachmentStorageService>().DidNotReceiveWithAnyArgs().DeleteAttachmentsForCipherAsync(default);
|
||||
await sutProvider.GetDependency<IEventService>().DidNotReceiveWithAnyArgs().LogCipherEventAsync(default, default);
|
||||
await sutProvider.GetDependency<IPushNotificationService>().DidNotReceiveWithAnyArgs().PushSyncCipherDeleteAsync(default);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[OrganizationCipherCustomize]
|
||||
[BitAutoData]
|
||||
public async Task DeleteAsync_WithOrgCipherLackingEditPermission_ThrowsBadRequestException(
|
||||
Guid deletingUserId, Cipher cipher, SutProvider<CipherService> sutProvider)
|
||||
{
|
||||
sutProvider.GetDependency<ICipherRepository>()
|
||||
.GetCanEditByIdAsync(deletingUserId, cipher.Id)
|
||||
.Returns(false);
|
||||
|
||||
var exception = await Assert.ThrowsAsync<BadRequestException>(
|
||||
() => sutProvider.Sut.DeleteAsync(cipher, deletingUserId));
|
||||
|
||||
Assert.Contains("do not have permissions", exception.Message);
|
||||
await sutProvider.GetDependency<ICipherRepository>().DidNotReceiveWithAnyArgs().DeleteAsync(default);
|
||||
await sutProvider.GetDependency<IAttachmentStorageService>().DidNotReceiveWithAnyArgs().DeleteAttachmentsForCipherAsync(default);
|
||||
await sutProvider.GetDependency<IEventService>().DidNotReceiveWithAnyArgs().LogCipherEventAsync(default, default);
|
||||
await sutProvider.GetDependency<IPushNotificationService>().DidNotReceiveWithAnyArgs().PushSyncCipherDeleteAsync(default);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[BitAutoData]
|
||||
public async Task SoftDeleteAsync_WithPersonalCipherOwner_SoftDeletesCipher(
|
||||
Guid deletingUserId, Cipher cipher, SutProvider<CipherService> sutProvider)
|
||||
{
|
||||
cipher.UserId = deletingUserId;
|
||||
cipher.OrganizationId = null;
|
||||
cipher.DeletedDate = null;
|
||||
|
||||
sutProvider.GetDependency<ICipherRepository>()
|
||||
.GetCanEditByIdAsync(deletingUserId, cipher.Id)
|
||||
.Returns(true);
|
||||
|
||||
await sutProvider.Sut.SoftDeleteAsync(cipher, deletingUserId);
|
||||
|
||||
Assert.NotNull(cipher.DeletedDate);
|
||||
Assert.Equal(cipher.RevisionDate, cipher.DeletedDate);
|
||||
await sutProvider.GetDependency<ICipherRepository>().Received(1).UpsertAsync(cipher);
|
||||
await sutProvider.GetDependency<IEventService>().Received(1).LogCipherEventAsync(cipher, EventType.Cipher_SoftDeleted);
|
||||
await sutProvider.GetDependency<IPushNotificationService>().Received(1).PushSyncCipherUpdateAsync(cipher, null);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[OrganizationCipherCustomize]
|
||||
[BitAutoData]
|
||||
public async Task SoftDeleteAsync_WithOrgCipherAndEditPermission_SoftDeletesCipher(
|
||||
Guid deletingUserId, Cipher cipher, SutProvider<CipherService> sutProvider)
|
||||
{
|
||||
cipher.DeletedDate = null;
|
||||
|
||||
sutProvider.GetDependency<ICipherRepository>()
|
||||
.GetCanEditByIdAsync(deletingUserId, cipher.Id)
|
||||
.Returns(true);
|
||||
|
||||
await sutProvider.Sut.SoftDeleteAsync(cipher, deletingUserId);
|
||||
|
||||
Assert.NotNull(cipher.DeletedDate);
|
||||
Assert.Equal(cipher.DeletedDate, cipher.RevisionDate);
|
||||
await sutProvider.GetDependency<ICipherRepository>().Received(1).UpsertAsync(cipher);
|
||||
await sutProvider.GetDependency<IEventService>().Received(1).LogCipherEventAsync(cipher, EventType.Cipher_SoftDeleted);
|
||||
await sutProvider.GetDependency<IPushNotificationService>().Received(1).PushSyncCipherUpdateAsync(cipher, null);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[BitAutoData]
|
||||
public async Task SoftDeleteAsync_WithPersonalCipherBelongingToDifferentUser_ThrowsBadRequestException(
|
||||
Guid deletingUserId, Cipher cipher, SutProvider<CipherService> sutProvider)
|
||||
{
|
||||
cipher.UserId = Guid.NewGuid();
|
||||
cipher.OrganizationId = null;
|
||||
|
||||
sutProvider.GetDependency<ICipherRepository>()
|
||||
.GetCanEditByIdAsync(deletingUserId, cipher.Id)
|
||||
.Returns(false);
|
||||
|
||||
var exception = await Assert.ThrowsAsync<BadRequestException>(
|
||||
() => sutProvider.Sut.SoftDeleteAsync(cipher, deletingUserId));
|
||||
|
||||
Assert.Contains("do not have permissions", exception.Message);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[OrganizationCipherCustomize]
|
||||
[BitAutoData]
|
||||
public async Task SoftDeleteAsync_WithOrgCipherLackingEditPermission_ThrowsBadRequestException(
|
||||
Guid deletingUserId, Cipher cipher, SutProvider<CipherService> sutProvider)
|
||||
{
|
||||
sutProvider.GetDependency<ICipherRepository>()
|
||||
.GetCanEditByIdAsync(deletingUserId, cipher.Id)
|
||||
.Returns(false);
|
||||
|
||||
var exception = await Assert.ThrowsAsync<BadRequestException>(
|
||||
() => sutProvider.Sut.SoftDeleteAsync(cipher, deletingUserId));
|
||||
|
||||
Assert.Contains("do not have permissions", exception.Message);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[BitAutoData]
|
||||
public async Task SoftDeleteAsync_WithCipherDetailsType_SoftDeletesCipherDetails(
|
||||
Guid deletingUserId, CipherDetails cipher, SutProvider<CipherService> sutProvider)
|
||||
{
|
||||
cipher.DeletedDate = null;
|
||||
|
||||
await sutProvider.Sut.SoftDeleteAsync(cipher, deletingUserId, true);
|
||||
|
||||
Assert.NotNull(cipher.DeletedDate);
|
||||
Assert.Equal(cipher.DeletedDate, cipher.RevisionDate);
|
||||
await sutProvider.GetDependency<ICipherRepository>().Received(1).UpsertAsync(cipher);
|
||||
await sutProvider.GetDependency<IEventService>().Received(1).LogCipherEventAsync(cipher, EventType.Cipher_SoftDeleted);
|
||||
await sutProvider.GetDependency<IPushNotificationService>().Received(1).PushSyncCipherUpdateAsync(cipher, null);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[BitAutoData]
|
||||
public async Task SoftDeleteAsync_WithAlreadySoftDeletedCipher_SkipsOperation(
|
||||
Guid deletingUserId, Cipher cipher, SutProvider<CipherService> sutProvider)
|
||||
{
|
||||
sutProvider.GetDependency<ICipherRepository>()
|
||||
.GetCanEditByIdAsync(deletingUserId, cipher.Id)
|
||||
.Returns(true);
|
||||
cipher.DeletedDate = DateTime.UtcNow.AddDays(-1);
|
||||
|
||||
await sutProvider.Sut.SoftDeleteAsync(cipher, deletingUserId);
|
||||
|
||||
await sutProvider.GetDependency<ICipherRepository>().DidNotReceive().UpsertAsync(Arg.Any<Cipher>());
|
||||
await sutProvider.GetDependency<IEventService>().DidNotReceive().LogCipherEventAsync(Arg.Any<Cipher>(), Arg.Any<EventType>());
|
||||
await sutProvider.GetDependency<IPushNotificationService>().DidNotReceive().PushSyncCipherUpdateAsync(Arg.Any<Cipher>(), Arg.Any<IEnumerable<Guid>>());
|
||||
}
|
||||
|
||||
private async Task AssertNoActionsAsync(SutProvider<CipherService> sutProvider)
|
||||
{
|
||||
await sutProvider.GetDependency<ICipherRepository>().DidNotReceiveWithAnyArgs().GetManyOrganizationDetailsByOrganizationIdAsync(default);
|
||||
|
||||
@ -172,7 +172,7 @@ public class DeviceValidatorTests
|
||||
|
||||
Assert.False(result);
|
||||
Assert.NotNull(context.CustomResponse["ErrorModel"]);
|
||||
var expectedErrorModel = new ErrorResponseModel("no device information provided");
|
||||
var expectedErrorModel = new ErrorResponseModel("No device information provided.");
|
||||
var actualResponse = (ErrorResponseModel)context.CustomResponse["ErrorModel"];
|
||||
Assert.Equal(expectedErrorModel.Message, actualResponse.Message);
|
||||
}
|
||||
@ -418,7 +418,7 @@ public class DeviceValidatorTests
|
||||
Assert.False(result);
|
||||
Assert.NotNull(context.CustomResponse["ErrorModel"]);
|
||||
// PM-13340: The error message should be "invalid user" instead of "no device information provided"
|
||||
var expectedErrorMessage = "no device information provided";
|
||||
var expectedErrorMessage = "No device information provided.";
|
||||
var actualResponse = (ErrorResponseModel)context.CustomResponse["ErrorModel"];
|
||||
Assert.Equal(expectedErrorMessage, actualResponse.Message);
|
||||
}
|
||||
@ -552,7 +552,7 @@ public class DeviceValidatorTests
|
||||
|
||||
Assert.False(result);
|
||||
Assert.NotNull(context.CustomResponse["ErrorModel"]);
|
||||
var expectedErrorMessage = "invalid new device otp";
|
||||
var expectedErrorMessage = "Invalid new device OTP. Try again.";
|
||||
var actualResponse = (ErrorResponseModel)context.CustomResponse["ErrorModel"];
|
||||
Assert.Equal(expectedErrorMessage, actualResponse.Message);
|
||||
}
|
||||
@ -604,7 +604,7 @@ public class DeviceValidatorTests
|
||||
|
||||
Assert.False(result);
|
||||
Assert.NotNull(context.CustomResponse["ErrorModel"]);
|
||||
var expectedErrorMessage = "new device verification required";
|
||||
var expectedErrorMessage = "New device verification required.";
|
||||
var actualResponse = (ErrorResponseModel)context.CustomResponse["ErrorModel"];
|
||||
Assert.Equal(expectedErrorMessage, actualResponse.Message);
|
||||
}
|
||||
|
||||
@ -15,7 +15,7 @@
|
||||
|
||||
services:
|
||||
mssql:
|
||||
image: bitwarden/mssql:{{{CoreVersion}}}
|
||||
image: ghcr.io/bitwarden/mssql:{{{CoreVersion}}}
|
||||
container_name: bitwarden-mssql
|
||||
restart: always
|
||||
stop_grace_period: 60s
|
||||
@ -33,7 +33,7 @@ services:
|
||||
- ../env/mssql.override.env
|
||||
|
||||
web:
|
||||
image: bitwarden/web:{{{WebVersion}}}
|
||||
image: ghcr.io/bitwarden/web:{{{WebVersion}}}
|
||||
container_name: bitwarden-web
|
||||
restart: always
|
||||
volumes:
|
||||
@ -43,7 +43,7 @@ services:
|
||||
- ../env/uid.env
|
||||
|
||||
attachments:
|
||||
image: bitwarden/attachments:{{{CoreVersion}}}
|
||||
image: ghcr.io/bitwarden/attachments:{{{CoreVersion}}}
|
||||
container_name: bitwarden-attachments
|
||||
restart: always
|
||||
volumes:
|
||||
@ -53,7 +53,7 @@ services:
|
||||
- ../env/uid.env
|
||||
|
||||
api:
|
||||
image: bitwarden/api:{{{CoreVersion}}}
|
||||
image: ghcr.io/bitwarden/api:{{{CoreVersion}}}
|
||||
container_name: bitwarden-api
|
||||
restart: always
|
||||
volumes:
|
||||
@ -69,7 +69,7 @@ services:
|
||||
- public
|
||||
|
||||
identity:
|
||||
image: bitwarden/identity:{{{CoreVersion}}}
|
||||
image: ghcr.io/bitwarden/identity:{{{CoreVersion}}}
|
||||
container_name: bitwarden-identity
|
||||
restart: always
|
||||
volumes:
|
||||
@ -86,7 +86,7 @@ services:
|
||||
- public
|
||||
|
||||
sso:
|
||||
image: bitwarden/sso:{{{CoreVersion}}}
|
||||
image: ghcr.io/bitwarden/sso:{{{CoreVersion}}}
|
||||
container_name: bitwarden-sso
|
||||
restart: always
|
||||
volumes:
|
||||
@ -103,7 +103,7 @@ services:
|
||||
- public
|
||||
|
||||
admin:
|
||||
image: bitwarden/admin:{{{CoreVersion}}}
|
||||
image: ghcr.io/bitwarden/admin:{{{CoreVersion}}}
|
||||
container_name: bitwarden-admin
|
||||
restart: always
|
||||
depends_on:
|
||||
@ -121,7 +121,7 @@ services:
|
||||
- public
|
||||
|
||||
icons:
|
||||
image: bitwarden/icons:{{{CoreVersion}}}
|
||||
image: ghcr.io/bitwarden/icons:{{{CoreVersion}}}
|
||||
container_name: bitwarden-icons
|
||||
restart: always
|
||||
volumes:
|
||||
@ -135,7 +135,7 @@ services:
|
||||
- public
|
||||
|
||||
notifications:
|
||||
image: bitwarden/notifications:{{{CoreVersion}}}
|
||||
image: ghcr.io/bitwarden/notifications:{{{CoreVersion}}}
|
||||
container_name: bitwarden-notifications
|
||||
restart: always
|
||||
volumes:
|
||||
@ -150,7 +150,7 @@ services:
|
||||
- public
|
||||
|
||||
events:
|
||||
image: bitwarden/events:{{{CoreVersion}}}
|
||||
image: ghcr.io/bitwarden/events:{{{CoreVersion}}}
|
||||
container_name: bitwarden-events
|
||||
restart: always
|
||||
volumes:
|
||||
@ -165,7 +165,7 @@ services:
|
||||
- public
|
||||
|
||||
nginx:
|
||||
image: bitwarden/nginx:{{{CoreVersion}}}
|
||||
image: ghcr.io/bitwarden/nginx:{{{CoreVersion}}}
|
||||
container_name: bitwarden-nginx
|
||||
restart: always
|
||||
depends_on:
|
||||
@ -195,7 +195,7 @@ services:
|
||||
|
||||
{{#if EnableKeyConnector}}
|
||||
key-connector:
|
||||
image: bitwarden/key-connector:{{{KeyConnectorVersion}}}
|
||||
image: ghcr.io/bitwarden/key-connector:{{{KeyConnectorVersion}}}
|
||||
container_name: bitwarden-key-connector
|
||||
restart: always
|
||||
volumes:
|
||||
@ -212,7 +212,7 @@ services:
|
||||
{{#if EnableScim}}
|
||||
|
||||
scim:
|
||||
image: bitwarden/scim:{{{CoreVersion}}}
|
||||
image: ghcr.io/bitwarden/scim:{{{CoreVersion}}}
|
||||
container_name: bitwarden-scim
|
||||
restart: always
|
||||
volumes:
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user