nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-04 01:22:50 -05:00
Code Activity

[SM-378] Enable SM on a user basis (#2590)

Browse Source 
* Add support for giving individual users access to secrets manager
This commit is contained in:
Oscar Hinton
2023-01-31 18:38:53 +01:00
committed by GitHub
parent 54353f8b6c
commit cf25d55090
57 changed files with 1419 additions and 400 deletions
Download Patch File Download Diff File Expand all files Collapse all files

221
test/Api.IntegrationTest/SecretsManager/Controllers/ProjectsControllerTest.cs
View File

@ -1,11 +1,9 @@
using System.Net;
using System.Net.Http.Headers;
using Bit.Api.IntegrationTest.Factories;
using Bit.Api.IntegrationTest.Helpers;
using Bit.Api.Models.Response;
using Bit.Api.SecretsManager.Models.Request;
using Bit.Api.SecretsManager.Models.Response;
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.SecretsManager.Entities;
using Bit.Core.SecretsManager.Repositories;
@ -22,7 +20,9 @@ public class ProjectsControllerTest : IClassFixture<ApiApplicationFactory>, IAsy
private readonly HttpClient _client;
private readonly ApiApplicationFactory _factory;
private readonly IProjectRepository _projectRepository;
private Organization _organization = null!;
private string _email = null!;
private SecretsManagerOrganizationHelper _organizationHelper = null!;
public ProjectsControllerTest(ApiApplicationFactory factory)
{
@ -33,20 +33,9 @@ public class ProjectsControllerTest : IClassFixture<ApiApplicationFactory>, IAsy
public async Task InitializeAsync()
{
var ownerEmail = $"integration-test{Guid.NewGuid()}@bitwarden.com";
await _factory.LoginWithNewAccount(ownerEmail);
(_organization, _) = await OrganizationTestHelpers.SignUpAsync(_factory, ownerEmail: ownerEmail, billingEmail: ownerEmail);
var tokens = await _factory.LoginAsync(ownerEmail);
_client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token);
}
public async Task LoginAsNewOrgUser(OrganizationUserType type = OrganizationUserType.User)
{
var email = $"integration-test{Guid.NewGuid()}@bitwarden.com";
await _factory.LoginWithNewAccount(email);
await OrganizationTestHelpers.CreateUserAsync(_factory, _organization.Id, email, type);
var tokens = await _factory.LoginAsync(email);
_client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token);
_email = $"integration-test{Guid.NewGuid()}@bitwarden.com";
await _factory.LoginWithNewAccount(_email);
_organizationHelper = new SecretsManagerOrganizationHelper(_factory, _email);
}
public Task DisposeAsync()
@ -55,12 +44,74 @@ public class ProjectsControllerTest : IClassFixture<ApiApplicationFactory>, IAsy
return Task.CompletedTask;
}
[Fact]
public async Task CreateProject_Success()
private async Task LoginAsync(string email)
{
var tokens = await _factory.LoginAsync(email);
_client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token);
}
[Theory]
[InlineData(false, false)]
[InlineData(true, false)]
[InlineData(false, true)]
public async Task ListByOrganization_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets);
await LoginAsync(_email);
var response = await _client.GetAsync($"/organizations/{org.Id}/projects");
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
}
[Fact]
public async Task ListByOrganization_Success()
{
var (org, _) = await _organizationHelper.Initialize(true, true);
await LoginAsync(_email);
var projectIds = new List<Guid>();
for (var i = 0; i < 3; i++)
{
var project = await _projectRepository.CreateAsync(new Project
{
OrganizationId = org.Id,
Name = _mockEncryptedString
});
projectIds.Add(project.Id);
}
var response = await _client.GetAsync($"/organizations/{org.Id}/projects");
response.EnsureSuccessStatusCode();
var result = await response.Content.ReadFromJsonAsync<ListResponseModel<ProjectResponseModel>>();
Assert.NotNull(result);
Assert.NotEmpty(result!.Data);
Assert.Equal(projectIds.Count, result.Data.Count());
}
[Theory]
[InlineData(false, false)]
[InlineData(true, false)]
[InlineData(false, true)]
public async Task Create_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets);
await LoginAsync(_email);
var request = new ProjectCreateRequestModel { Name = _mockEncryptedString };
var response = await _client.PostAsJsonAsync($"/organizations/{_organization.Id}/projects", request);
var response = await _client.PostAsJsonAsync($"/organizations/{org.Id}/projects", request);
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
}
[Fact]
public async Task Create_Success()
{
var (org, _) = await _organizationHelper.Initialize(true, true);
await LoginAsync(_email);
var request = new ProjectCreateRequestModel { Name = _mockEncryptedString };
var response = await _client.PostAsJsonAsync($"/organizations/{org.Id}/projects", request);
response.EnsureSuccessStatusCode();
var result = await response.Content.ReadFromJsonAsync<ProjectResponseModel>();
@ -77,28 +128,43 @@ public class ProjectsControllerTest : IClassFixture<ApiApplicationFactory>, IAsy
Assert.Null(createdProject.DeletedDate);
}
[Fact]
public async Task CreateProject_NoPermission()
[Theory]
[InlineData(false, false)]
[InlineData(true, false)]
[InlineData(false, true)]
public async Task Update_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets)
{
var request = new ProjectCreateRequestModel { Name = _mockEncryptedString };
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets);
await LoginAsync(_email);
var response = await _client.PostAsJsonAsync("/organizations/911d9106-7cf1-4d55-a3f9-f9abdeadecb3/projects", request);
var initialProject = await _projectRepository.CreateAsync(new Project
{
OrganizationId = org.Id,
Name = _mockEncryptedString
});
var mockEncryptedString2 = "2.3Uk+WNBIoU5xzmVFNcoWzz==|1MsPIYuRfdOHfu/0uY6H2Q==|/98xy4wb6pHP1VTZ9JcNCYgQjEUMFPlqJgCwRk1YXKg=";
var request = new ProjectCreateRequestModel { Name = mockEncryptedString2 };
var response = await _client.PutAsJsonAsync($"/projects/{initialProject.Id}", request);
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
}
[Fact]
public async Task UpdateProject_Success()
public async Task Update_Success()
{
var (org, _) = await _organizationHelper.Initialize(true, true);
await LoginAsync(_email);
var initialProject = await _projectRepository.CreateAsync(new Project
{
OrganizationId = _organization.Id,
OrganizationId = org.Id,
Name = _mockEncryptedString
});
var mockEncryptedString2 = "2.3Uk+WNBIoU5xzmVFNcoWzz==|1MsPIYuRfdOHfu/0uY6H2Q==|/98xy4wb6pHP1VTZ9JcNCYgQjEUMFPlqJgCwRk1YXKg=";
var request = new ProjectUpdateRequestModel()
var request = new ProjectUpdateRequestModel
{
Name = mockEncryptedString2
};
@ -121,9 +187,12 @@ public class ProjectsControllerTest : IClassFixture<ApiApplicationFactory>, IAsy
}
[Fact]
public async Task UpdateProject_NotFound()
public async Task Update_NonExistingProject_Throws_NotFound()
{
var request = new ProjectUpdateRequestModel()
await _organizationHelper.Initialize(true, true);
await LoginAsync(_email);
var request = new ProjectUpdateRequestModel
{
Name = "2.3Uk+WNBIoU5xzmVFNcoWzz==|1MsPIYuRfdOHfu/0uY6H2Q==|/98xy4wb6pHP1VTZ9JcNCYgQjEUMFPlqJgCwRk1YXKg=",
};
@ -134,34 +203,59 @@ public class ProjectsControllerTest : IClassFixture<ApiApplicationFactory>, IAsy
}
[Fact]
public async Task UpdateProject_MissingPermission()
public async Task Update_MissingAccessPolicy_Throws_NotFound()
{
// Create a new account as a user
await LoginAsNewOrgUser();
var (org, _) = await _organizationHelper.Initialize(true, true);
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
var project = await _projectRepository.CreateAsync(new Project
{
OrganizationId = _organization.Id,
OrganizationId = org.Id,
Name = _mockEncryptedString
});
var request = new ProjectUpdateRequestModel()
var request = new ProjectUpdateRequestModel
{
Name = "2.3Uk+WNBIoU5xzmVFNcoWzz==|1MsPIYuRfdOHfu/0uY6H2Q==|/98xy4wb6pHP1VTZ9JcNCYgQjEUMFPlqJgCwRk1YXKg=",
};
var response = await _client.PutAsJsonAsync($"/projects/{project.Id}", request);
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
}
[Theory]
[InlineData(false, false)]
[InlineData(true, false)]
[InlineData(false, true)]
public async Task Get_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets);
await LoginAsync(_email);
var project = await _projectRepository.CreateAsync(new Project
{
OrganizationId = org.Id,
Name = _mockEncryptedString
});
var mockEncryptedString2 = "2.3Uk+WNBIoU5xzmVFNcoWzz==|1MsPIYuRfdOHfu/0uY6H2Q==|/98xy4wb6pHP1VTZ9JcNCYgQjEUMFPlqJgCwRk1YXKg=";
var request = new ProjectCreateRequestModel { Name = mockEncryptedString2 };
var response = await _client.PutAsJsonAsync($"/projects/{project.Id}", request);
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
}
[Fact]
public async Task GetProject()
public async Task Get_Success()
{
var (org, _) = await _organizationHelper.Initialize(true, true);
await LoginAsync(_email);
var createdProject = await _projectRepository.CreateAsync(new Project
{
OrganizationId = _organization.Id,
OrganizationId = org.Id,
Name = _mockEncryptedString
});
@ -174,39 +268,58 @@ public class ProjectsControllerTest : IClassFixture<ApiApplicationFactory>, IAsy
}
[Fact]
public async Task GetProjectsByOrganization()
public async Task Get_MissingAccessPolicy_Throws_NotFound()
{
var projectsToCreate = 3;
var (org, _) = await _organizationHelper.Initialize(true, true);
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
var createdProject = await _projectRepository.CreateAsync(new Project
{
OrganizationId = org.Id,
Name = _mockEncryptedString
});
var response = await _client.GetAsync($"/projects/{createdProject.Id}");
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
}
[Theory]
[InlineData(false, false)]
[InlineData(true, false)]
[InlineData(false, true)]
public async Task Delete_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets);
await LoginAsync(_email);
var projectIds = new List<Guid>();
for (var i = 0; i < projectsToCreate; i++)
for (var i = 0; i < 3; i++)
{
var project = await _projectRepository.CreateAsync(new Project
{
OrganizationId = _organization.Id,
Name = _mockEncryptedString
OrganizationId = org.Id,
Name = _mockEncryptedString,
});
projectIds.Add(project.Id);
}
var response = await _client.GetAsync($"/organizations/{_organization.Id}/projects");
response.EnsureSuccessStatusCode();
var result = await response.Content.ReadFromJsonAsync<ListResponseModel<ProjectResponseModel>>();
Assert.NotNull(result);
Assert.NotEmpty(result!.Data);
Assert.Equal(projectIds.Count, result.Data.Count());
var response = await _client.PostAsync("/projects/delete", JsonContent.Create(projectIds));
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
}
[Fact]
public async Task DeleteProjects()
public async Task Delete_Success()
{
var projectsToDelete = 3;
var (org, _) = await _organizationHelper.Initialize(true, true);
await LoginAsync(_email);
var projectIds = new List<Guid>();
for (var i = 0; i < projectsToDelete; i++)
for (var i = 0; i < 3; i++)
{
var project = await _projectRepository.CreateAsync(new Project
{
OrganizationId = _organization.Id,
OrganizationId = org.Id,
Name = _mockEncryptedString,
});
projectIds.Add(project.Id);