From e3143271d7fd2d82fe2002fee3a2aab7b66135a6 Mon Sep 17 00:00:00 2001 From: Thomas Rittson <31796059+eliykat@users.noreply.github.com> Date: Mon, 15 Nov 2021 19:46:13 +1000 Subject: [PATCH] [Key Connector] Prevent user from leaving org (#1715) * Block user from leaving org using Key Connector * Add tests --- .../Controllers/OrganizationsController.cs | 6 ++ .../OrganizationsControllerTests.cs | 81 +++++++++++++++++++ 2 files changed, 87 insertions(+) create mode 100644 test/Api.Test/Controllers/OrganizationsControllerTests.cs diff --git a/src/Api/Controllers/OrganizationsController.cs b/src/Api/Controllers/OrganizationsController.cs index 3d90231373..74a59d021f 100644 --- a/src/Api/Controllers/OrganizationsController.cs +++ b/src/Api/Controllers/OrganizationsController.cs @@ -384,6 +384,12 @@ namespace Bit.Api.Controllers throw new NotFoundException(); } + var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(orgGuidId); + if (ssoConfig?.GetData()?.UseKeyConnector == true) + { + throw new BadRequestException("You cannot leave an Organization that is using Key Connector."); + } + var userId = _userService.GetProperUserId(User); await _organizationService.DeleteUserAsync(orgGuidId, userId.Value); } diff --git a/test/Api.Test/Controllers/OrganizationsControllerTests.cs b/test/Api.Test/Controllers/OrganizationsControllerTests.cs new file mode 100644 index 0000000000..9fa3b8ca6d --- /dev/null +++ b/test/Api.Test/Controllers/OrganizationsControllerTests.cs @@ -0,0 +1,81 @@ +using AutoFixture.Xunit2; +using Bit.Api.Controllers; +using Bit.Core.Context; +using Bit.Core.Exceptions; +using Bit.Core.Models.Table; +using Bit.Core.Repositories; +using Bit.Core.Services; +using Bit.Core.Settings; +using NSubstitute; +using System.Threading.Tasks; +using System.Security.Claims; +using System; +using Xunit; + +namespace Bit.Api.Test.Controllers +{ + public class OrganizationsControllerTests: IDisposable + { + private readonly GlobalSettings _globalSettings; + private readonly ICurrentContext _currentContext; + private readonly IOrganizationRepository _organizationRepository; + private readonly IOrganizationService _organizationService; + private readonly IOrganizationUserRepository _organizationUserRepository; + private readonly IPaymentService _paymentService; + private readonly IPolicyRepository _policyRepository; + private readonly ISsoConfigRepository _ssoConfigRepository; + private readonly ISsoConfigService _ssoConfigService; + private readonly IUserService _userService; + + private readonly OrganizationsController _sut; + + public OrganizationsControllerTests() + { + _currentContext = Substitute.For(); + _globalSettings = Substitute.For(); + _organizationRepository = Substitute.For(); + _organizationService = Substitute.For(); + _organizationUserRepository = Substitute.For(); + _paymentService = Substitute.For(); + _policyRepository = Substitute.For(); + _ssoConfigRepository = Substitute.For(); + _ssoConfigService = Substitute.For(); + _userService = Substitute.For(); + + _sut = new OrganizationsController(_organizationRepository, _organizationUserRepository, + _policyRepository, _organizationService, _userService, _paymentService, _currentContext, + _ssoConfigRepository, _ssoConfigService, _globalSettings); + } + + public void Dispose() + { + _sut?.Dispose(); + } + + [Theory, AutoData] + public async Task OrganizationsController_WhenUserTriestoLeaveOrganizationUsingKeyConnector_Throws( + Guid orgId) + { + var ssoConfig = new SsoConfig + { + Id = default, + Data = "{\"useKeyConnector\": true}", + Enabled = true, + OrganizationId = orgId, + }; + + _currentContext.OrganizationUser(orgId).Returns(true); + _ssoConfigRepository.GetByOrganizationIdAsync(orgId).Returns(ssoConfig); + _userService.GetProperUserId(Arg.Any()).Returns(new Guid()); + + var exception = await Assert.ThrowsAsync( + () => _sut.Leave(orgId.ToString())); + + Assert.Contains("You cannot leave an Organization that is using Key Connector.", + exception.Message); + + await _organizationService.DidNotReceiveWithAnyArgs().DeleteUserAsync(default, default); + } + } +} +