[PS-616] [PS-795] Fix/auto enroll master password reset without user verification (#2038)

* Fix parameter name to match entity * Deserialize policy data in object * Add policy with config type to fixtures * Return policy with deserialized config * Use CoreHelper serializers * Add master password reset on accept request * Simplify policy data parsing * Linter
2025-06-30 07:36:14 -05:00 · 2022-06-08 08:44:28 -05:00
parent 194b76c13d
commit ef403b4362
18 changed files with 182 additions and 39 deletions
--- a/test/Api.Test/Controllers/OrganizationUsersControllerTests.cs
+++ b/test/Api.Test/Controllers/OrganizationUsersControllerTests.cs
@ -0,0 +1,68 @@
+using System;
+using System.Threading.Tasks;
+using Bit.Api.Controllers;
+using Bit.Api.Models.Request.Organizations;
+using Bit.Api.Test.AutoFixture.Attributes;
+using Bit.Core.Entities;
+using Bit.Core.Models.Data.Organizations.Policies;
+using Bit.Core.Repositories;
+using Bit.Core.Services;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Api.Test.Controllers
+{
+    [ControllerCustomize(typeof(OrganizationUsersController))]
+    [SutProviderCustomize]
+    public class OrganizationUsersControllerTests
+    {
+        [Theory]
+        [BitAutoData]
+        public async Task Accept_RequiresKnownUser(Guid orgId, Guid orgUserId, OrganizationUserAcceptRequestModel model,
+            SutProvider<OrganizationUsersController> sutProvider)
+        {
+            sutProvider.GetDependency<IUserService>().GetUserByPrincipalAsync(default).ReturnsForAnyArgs((User)null);
+
+            await Assert.ThrowsAsync<UnauthorizedAccessException>(() => sutProvider.Sut.Accept(orgId, orgUserId, model));
+        }
+
+        [Theory]
+        [BitAutoData]
+        public async Task Accept_NoMasterPasswordReset(Guid orgId, Guid orgUserId,
+            OrganizationUserAcceptRequestModel model, User user, SutProvider<OrganizationUsersController> sutProvider)
+        {
+            sutProvider.GetDependency<IUserService>().GetUserByPrincipalAsync(default).ReturnsForAnyArgs(user);
+
+            await sutProvider.Sut.Accept(orgId, orgUserId, model);
+
+            await sutProvider.GetDependency<IOrganizationService>().Received(1)
+                .AcceptUserAsync(orgUserId, user, model.Token, sutProvider.GetDependency<IUserService>());
+            await sutProvider.GetDependency<IOrganizationService>().DidNotReceiveWithAnyArgs()
+                .UpdateUserResetPasswordEnrollmentAsync(default, default, default, default);
+        }
+
+        [Theory]
+        [BitAutoData]
+        public async Task Accept_RequireMasterPasswordReset(Guid orgId, Guid orgUserId,
+            OrganizationUserAcceptRequestModel model, User user, SutProvider<OrganizationUsersController> sutProvider)
+        {
+            var policy = new Policy<ResetPasswordDataModel>
+            {
+                Enabled = true,
+                DataModel = new ResetPasswordDataModel { AutoEnrollEnabled = true, },
+            };
+            sutProvider.GetDependency<IUserService>().GetUserByPrincipalAsync(default).ReturnsForAnyArgs(user);
+            sutProvider.GetDependency<IPolicyRepository>().GetByOrganizationIdTypeAsync<ResetPasswordDataModel>(orgId,
+                Core.Enums.PolicyType.MasterPassword).Returns(policy);
+
+            await sutProvider.Sut.Accept(orgId, orgUserId, model);
+
+            await sutProvider.GetDependency<IOrganizationService>().Received(1)
+                .AcceptUserAsync(orgUserId, user, model.Token, sutProvider.GetDependency<IUserService>());
+            await sutProvider.GetDependency<IOrganizationService>().Received(1)
+                .UpdateUserResetPasswordEnrollmentAsync(orgId, user.Id, model.ResetPasswordKey, user.Id);
+        }
+    }
+}