[PM-11123] Service layer for Notification Center (#4741)

* PM-11123: Service layer * PM-11123: Service layer for Notification Center * PM-11123: Throw error on unsupported requirement * PM-11123: Missing await * PM-11123: Cleanup * PM-11123: Unit Test coverage * PM-11123: Flipping the authorization logic to be exact match of fail, formatting * PM-11123: Async warning * PM-11123: Using AuthorizeOrThrowAsync, removal of redundant set new id * PM-11123: UT typo * PM-11123: UT fix
2025-06-30 07:36:14 -05:00 · 2024-10-02 19:23:19 +02:00
parent 9cb99298fc
commit f3f81deb98
29 changed files with 1918 additions and 0 deletions
--- a/test/Core.Test/NotificationCenter/Authorization/NotificationAuthorizationHandlerTest.cs
+++ b/test/Core.Test/NotificationCenter/Authorization/NotificationAuthorizationHandlerTest.cs
@ -0,0 +1,419 @@
+#nullable enable
+using Bit.Core.Context;
+using Bit.Core.Test.NotificationCenter.AutoFixture;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+
+namespace Bit.Core.Test.NotificationCenter.Authorization;
+
+using System.Security.Claims;
+using Bit.Core.NotificationCenter.Authorization;
+using Bit.Core.NotificationCenter.Entities;
+using Microsoft.AspNetCore.Authorization;
+using NSubstitute;
+using Xunit;
+
+[SutProviderCustomize]
+[NotificationCustomize]
+public class NotificationAuthorizationHandlerTests
+{
+    private static void SetupUserPermission(SutProvider<NotificationAuthorizationHandler> sutProvider,
+        Guid? userId = null, Guid? organizationId = null, bool canAccessReports = false)
+    {
+        sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
+        sutProvider.GetDependency<ICurrentContext>().GetOrganization(organizationId.GetValueOrDefault(Guid.NewGuid()))
+            .Returns(new CurrentContextOrganization());
+        sutProvider.GetDependency<ICurrentContext>().AccessReports(organizationId.GetValueOrDefault(Guid.NewGuid()))
+            .Returns(canAccessReports);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task HandleAsync_UnsupportedNotificationOperationRequirement_Throws(
+        SutProvider<NotificationAuthorizationHandler> sutProvider,
+        Notification notification, ClaimsPrincipal claimsPrincipal)
+    {
+        SetupUserPermission(sutProvider, Guid.NewGuid());
+        var requirement = new NotificationOperationsRequirement("UnsupportedOperation");
+        var context = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement },
+            claimsPrincipal, notification);
+
+        await Assert.ThrowsAsync<ArgumentException>(() => sutProvider.Sut.HandleAsync(context));
+    }
+
+    [Theory]
+    [BitAutoData(nameof(NotificationOperations.Read))]
+    [BitAutoData(nameof(NotificationOperations.Create))]
+    [BitAutoData(nameof(NotificationOperations.Update))]
+    public async Task HandleAsync_NotLoggedIn_Unauthorized(
+        string requirementName,
+        SutProvider<NotificationAuthorizationHandler> sutProvider,
+        Notification notification, ClaimsPrincipal claimsPrincipal)
+    {
+        SetupUserPermission(sutProvider, userId: null);
+        var requirement = new NotificationOperationsRequirement(requirementName);
+        var context = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement },
+            claimsPrincipal, notification);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.False(context.HasSucceeded);
+    }
+
+    [Theory]
+    [BitAutoData(nameof(NotificationOperations.Read))]
+    [BitAutoData(nameof(NotificationOperations.Create))]
+    [BitAutoData(nameof(NotificationOperations.Update))]
+    public async Task HandleAsync_ResourceEmpty_Unauthorized(
+        string requirementName,
+        SutProvider<NotificationAuthorizationHandler> sutProvider,
+        ClaimsPrincipal claimsPrincipal)
+    {
+        SetupUserPermission(sutProvider, Guid.NewGuid());
+        var requirement = new NotificationOperationsRequirement(requirementName);
+        var context = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement },
+            claimsPrincipal, null);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.False(context.HasSucceeded);
+    }
+
+    [Theory]
+    [BitAutoData]
+    [NotificationCustomize(global: true)]
+    public async Task HandleAsync_ReadRequirementGlobalNotification_Authorized(
+        SutProvider<NotificationAuthorizationHandler> sutProvider,
+        Notification notification, ClaimsPrincipal claimsPrincipal)
+    {
+        SetupUserPermission(sutProvider, Guid.NewGuid());
+
+        var requirement = NotificationOperations.Read;
+        var context = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement },
+            claimsPrincipal, notification);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.True(context.HasSucceeded);
+    }
+
+    [Theory]
+    [BitAutoData(false)]
+    [BitAutoData(true)]
+    [NotificationCustomize(global: false)]
+    public async Task HandleAsync_ReadRequirementUserNotMatching_Unauthorized(
+        bool hasOrganizationId,
+        SutProvider<NotificationAuthorizationHandler> sutProvider,
+        Notification notification, ClaimsPrincipal claimsPrincipal)
+    {
+        SetupUserPermission(sutProvider, Guid.NewGuid(), notification.OrganizationId);
+
+        if (!hasOrganizationId)
+        {
+            notification.OrganizationId = null;
+        }
+
+        var requirement = NotificationOperations.Read;
+        var context = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement },
+            claimsPrincipal, notification);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.False(context.HasSucceeded);
+    }
+
+    [Theory]
+    [BitAutoData]
+    [BitAutoData(false)]
+    [BitAutoData(true)]
+    [NotificationCustomize(global: false)]
+    public async Task HandleAsync_ReadRequirementOrganizationNotMatching_Unauthorized(
+        bool hasUserId,
+        SutProvider<NotificationAuthorizationHandler> sutProvider,
+        Notification notification, ClaimsPrincipal claimsPrincipal)
+    {
+        SetupUserPermission(sutProvider, notification.UserId, Guid.NewGuid());
+
+        if (!hasUserId)
+        {
+            notification.UserId = null;
+        }
+
+        var requirement = NotificationOperations.Read;
+        var context = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement },
+            claimsPrincipal, notification);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.False(context.HasSucceeded);
+    }
+
+    [Theory]
+    [BitAutoData(false, true)]
+    [BitAutoData(true, false)]
+    [BitAutoData(true, true)]
+    [NotificationCustomize(global: false)]
+    public async Task HandleAsync_ReadRequirement_Authorized(
+        bool hasUserId,
+        bool hasOrganizationId,
+        SutProvider<NotificationAuthorizationHandler> sutProvider,
+        Notification notification, ClaimsPrincipal claimsPrincipal)
+    {
+        SetupUserPermission(sutProvider, notification.UserId, notification.OrganizationId);
+
+        if (!hasUserId)
+        {
+            notification.UserId = null;
+        }
+
+        if (!hasOrganizationId)
+        {
+            notification.OrganizationId = null;
+        }
+
+        var requirement = NotificationOperations.Read;
+        var context = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement },
+            claimsPrincipal, notification);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.True(context.HasSucceeded);
+    }
+
+    [Theory]
+    [BitAutoData]
+    [NotificationCustomize(global: true)]
+    public async Task HandleAsync_CreateRequirementGlobalNotification_Unauthorized(
+        SutProvider<NotificationAuthorizationHandler> sutProvider,
+        Notification notification, ClaimsPrincipal claimsPrincipal)
+    {
+        SetupUserPermission(sutProvider, Guid.NewGuid());
+        var requirement = NotificationOperations.Create;
+        var context = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement },
+            claimsPrincipal, notification);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.False(context.HasSucceeded);
+    }
+
+    [Theory]
+    [BitAutoData]
+    [NotificationCustomize(global: false)]
+    public async Task HandleAsync_CreateRequirementUserNotMatching_Unauthorized(
+        SutProvider<NotificationAuthorizationHandler> sutProvider,
+        Notification notification, ClaimsPrincipal claimsPrincipal)
+    {
+        SetupUserPermission(sutProvider, Guid.NewGuid(), notification.OrganizationId);
+
+        notification.OrganizationId = null;
+
+        var requirement = NotificationOperations.Create;
+        var context = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement },
+            claimsPrincipal, notification);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.False(context.HasSucceeded);
+    }
+
+    [Theory]
+    [BitAutoData]
+    [NotificationCustomize(global: false)]
+    public async Task HandleAsync_CreateRequirementOrganizationNotMatching_Unauthorized(
+        SutProvider<NotificationAuthorizationHandler> sutProvider,
+        Notification notification, ClaimsPrincipal claimsPrincipal)
+    {
+        SetupUserPermission(sutProvider, notification.UserId, Guid.NewGuid());
+
+        var requirement = NotificationOperations.Create;
+        var context = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement },
+            claimsPrincipal, notification);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.False(context.HasSucceeded);
+    }
+
+    [Theory]
+    [BitAutoData]
+    [NotificationCustomize(global: false)]
+    public async Task HandleAsync_CreateRequirementOrganizationUserNoAccessReportsPermission_Unauthorized(
+        SutProvider<NotificationAuthorizationHandler> sutProvider,
+        Notification notification, ClaimsPrincipal claimsPrincipal)
+    {
+        SetupUserPermission(sutProvider, notification.UserId, notification.OrganizationId, canAccessReports: false);
+
+        var requirement = NotificationOperations.Create;
+        var context = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement },
+            claimsPrincipal, notification);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.False(context.HasSucceeded);
+    }
+
+    [Theory]
+    [BitAutoData]
+    [NotificationCustomize(global: false)]
+    public async Task HandleAsync_CreateRequirementUserNotPartOfOrganization_Authorized(
+        SutProvider<NotificationAuthorizationHandler> sutProvider,
+        Notification notification, ClaimsPrincipal claimsPrincipal)
+    {
+        SetupUserPermission(sutProvider, notification.UserId);
+
+        notification.OrganizationId = null;
+
+        var requirement = NotificationOperations.Create;
+        var context = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement },
+            claimsPrincipal, notification);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.True(context.HasSucceeded);
+    }
+
+    [Theory]
+    [BitAutoData(false)]
+    [BitAutoData(true)]
+    [NotificationCustomize(global: false)]
+    public async Task HandleAsync_CreateRequirementOrganizationUserCanAccessReports_Authorized(
+        bool hasUserId,
+        SutProvider<NotificationAuthorizationHandler> sutProvider,
+        Notification notification, ClaimsPrincipal claimsPrincipal)
+    {
+        SetupUserPermission(sutProvider, notification.UserId, notification.OrganizationId, true);
+
+        if (!hasUserId)
+        {
+            notification.UserId = null;
+        }
+
+        var requirement = NotificationOperations.Create;
+        var context = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement },
+            claimsPrincipal, notification);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.True(context.HasSucceeded);
+    }
+
+    // TODO
+    [Theory]
+    [BitAutoData]
+    [NotificationCustomize(global: true)]
+    public async Task HandleAsync_UpdateRequirementGlobalNotification_Unauthorized(
+        SutProvider<NotificationAuthorizationHandler> sutProvider,
+        Notification notification, ClaimsPrincipal claimsPrincipal)
+    {
+        SetupUserPermission(sutProvider, Guid.NewGuid());
+        var requirement = NotificationOperations.Update;
+        var context = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement },
+            claimsPrincipal, notification);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.False(context.HasSucceeded);
+    }
+
+    [Theory]
+    [BitAutoData]
+    [NotificationCustomize(global: false)]
+    public async Task HandleAsync_UpdateRequirementUserNotMatching_Unauthorized(
+        SutProvider<NotificationAuthorizationHandler> sutProvider,
+        Notification notification, ClaimsPrincipal claimsPrincipal)
+    {
+        SetupUserPermission(sutProvider, Guid.NewGuid(), notification.OrganizationId);
+
+        notification.OrganizationId = null;
+
+        var requirement = NotificationOperations.Update;
+        var context = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement },
+            claimsPrincipal, notification);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.False(context.HasSucceeded);
+    }
+
+    [Theory]
+    [BitAutoData]
+    [NotificationCustomize(global: false)]
+    public async Task HandleAsync_UpdateRequirementOrganizationNotMatching_Unauthorized(
+        SutProvider<NotificationAuthorizationHandler> sutProvider,
+        Notification notification, ClaimsPrincipal claimsPrincipal)
+    {
+        SetupUserPermission(sutProvider, notification.UserId, Guid.NewGuid());
+
+        var requirement = NotificationOperations.Update;
+        var context = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement },
+            claimsPrincipal, notification);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.False(context.HasSucceeded);
+    }
+
+    [Theory]
+    [BitAutoData]
+    [NotificationCustomize(global: false)]
+    public async Task HandleAsync_UpdateRequirementOrganizationUserNoAccessReportsPermission_Unauthorized(
+        SutProvider<NotificationAuthorizationHandler> sutProvider,
+        Notification notification, ClaimsPrincipal claimsPrincipal)
+    {
+        SetupUserPermission(sutProvider, notification.UserId, notification.OrganizationId, canAccessReports: false);
+
+        var requirement = NotificationOperations.Update;
+        var context = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement },
+            claimsPrincipal, notification);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.False(context.HasSucceeded);
+    }
+
+    [Theory]
+    [BitAutoData]
+    [NotificationCustomize(global: false)]
+    public async Task HandleAsync_UpdateRequirementUserNotPartOfOrganization_Authorized(
+        SutProvider<NotificationAuthorizationHandler> sutProvider,
+        Notification notification, ClaimsPrincipal claimsPrincipal)
+    {
+        SetupUserPermission(sutProvider, notification.UserId);
+
+        notification.OrganizationId = null;
+
+        var requirement = NotificationOperations.Update;
+        var context = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement },
+            claimsPrincipal, notification);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.True(context.HasSucceeded);
+    }
+
+    [Theory]
+    [BitAutoData(false)]
+    [BitAutoData(true)]
+    [NotificationCustomize(global: false)]
+    public async Task HandleAsync_UpdateRequirementOrganizationUserCanAccessReports_Authorized(
+        bool hasUserId,
+        SutProvider<NotificationAuthorizationHandler> sutProvider,
+        Notification notification, ClaimsPrincipal claimsPrincipal)
+    {
+        SetupUserPermission(sutProvider, notification.UserId, notification.OrganizationId, true);
+
+        if (!hasUserId)
+        {
+            notification.UserId = null;
+        }
+
+        var requirement = NotificationOperations.Update;
+        var context = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement },
+            claimsPrincipal, notification);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.True(context.HasSucceeded);
+    }
+}
--- a/test/Core.Test/NotificationCenter/Authorization/NotificationStatusAuthorizationHandlerTest.cs
+++ b/test/Core.Test/NotificationCenter/Authorization/NotificationStatusAuthorizationHandlerTest.cs
@ -0,0 +1,179 @@
+#nullable enable
+using Bit.Core.Context;
+using Bit.Core.Test.NotificationCenter.AutoFixture;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+
+namespace Bit.Core.Test.NotificationCenter.Authorization;
+
+using System.Security.Claims;
+using Bit.Core.NotificationCenter.Authorization;
+using Bit.Core.NotificationCenter.Entities;
+using Microsoft.AspNetCore.Authorization;
+using NSubstitute;
+using Xunit;
+
+[SutProviderCustomize]
+[NotificationStatusCustomize]
+public class NotificationStatusAuthorizationHandlerTests
+{
+    private static void SetupUserPermission(SutProvider<NotificationStatusAuthorizationHandler> sutProvider,
+        Guid? userId = null)
+    {
+        sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task HandleAsync_UnsupportedNotificationOperationRequirement_Throws(
+        SutProvider<NotificationStatusAuthorizationHandler> sutProvider,
+        NotificationStatus notificationStatus, ClaimsPrincipal claimsPrincipal)
+    {
+        SetupUserPermission(sutProvider, Guid.NewGuid());
+        var requirement = new NotificationStatusOperationsRequirement("UnsupportedOperation");
+        var context = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement },
+            claimsPrincipal, notificationStatus);
+
+        await Assert.ThrowsAsync<ArgumentException>(() => sutProvider.Sut.HandleAsync(context));
+    }
+
+    [Theory]
+    [BitAutoData(nameof(NotificationStatusOperations.Read))]
+    [BitAutoData(nameof(NotificationStatusOperations.Create))]
+    [BitAutoData(nameof(NotificationStatusOperations.Update))]
+    public async Task HandleAsync_NotLoggedIn_Unauthorized(
+        string requirementName,
+        SutProvider<NotificationStatusAuthorizationHandler> sutProvider,
+        NotificationStatus notificationStatus, ClaimsPrincipal claimsPrincipal)
+    {
+        SetupUserPermission(sutProvider, userId: null);
+        var requirement = new NotificationStatusOperationsRequirement(requirementName);
+        var context = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement },
+            claimsPrincipal, notificationStatus);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.False(context.HasSucceeded);
+    }
+
+    [Theory]
+    [BitAutoData(nameof(NotificationStatusOperations.Read))]
+    [BitAutoData(nameof(NotificationStatusOperations.Create))]
+    [BitAutoData(nameof(NotificationStatusOperations.Update))]
+    public async Task HandleAsync_ResourceEmpty_Unauthorized(
+        string requirementName,
+        SutProvider<NotificationStatusAuthorizationHandler> sutProvider,
+        ClaimsPrincipal claimsPrincipal)
+    {
+        SetupUserPermission(sutProvider, Guid.NewGuid());
+        var requirement = new NotificationStatusOperationsRequirement(requirementName);
+        var context = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement },
+            claimsPrincipal, null);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.False(context.HasSucceeded);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task HandleAsync_ReadRequirementUserNotMatching_Unauthorized(
+        SutProvider<NotificationStatusAuthorizationHandler> sutProvider,
+        NotificationStatus notificationStatus, ClaimsPrincipal claimsPrincipal)
+    {
+        SetupUserPermission(sutProvider, Guid.NewGuid());
+
+        var requirement = NotificationStatusOperations.Read;
+        var context = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement },
+            claimsPrincipal, notificationStatus);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.False(context.HasSucceeded);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task HandleAsync_ReadRequirement_Authorized(
+        SutProvider<NotificationStatusAuthorizationHandler> sutProvider,
+        NotificationStatus notificationStatus, ClaimsPrincipal claimsPrincipal)
+    {
+        SetupUserPermission(sutProvider, notificationStatus.UserId);
+
+        var requirement = NotificationStatusOperations.Read;
+        var context = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement },
+            claimsPrincipal, notificationStatus);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.True(context.HasSucceeded);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task HandleAsync_CreateRequirementUserNotMatching_Unauthorized(
+        SutProvider<NotificationStatusAuthorizationHandler> sutProvider,
+        NotificationStatus notificationStatus, ClaimsPrincipal claimsPrincipal)
+    {
+        SetupUserPermission(sutProvider, Guid.NewGuid());
+
+        var requirement = NotificationStatusOperations.Create;
+        var context = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement },
+            claimsPrincipal, notificationStatus);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.False(context.HasSucceeded);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task HandleAsync_CreateRequirement_Authorized(
+        SutProvider<NotificationStatusAuthorizationHandler> sutProvider,
+        NotificationStatus notificationStatus, ClaimsPrincipal claimsPrincipal)
+    {
+        SetupUserPermission(sutProvider, notificationStatus.UserId);
+
+        var requirement = NotificationStatusOperations.Create;
+        var context = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement },
+            claimsPrincipal, notificationStatus);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.True(context.HasSucceeded);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task HandleAsync_UpdateRequirementUserNotMatching_Unauthorized(
+        SutProvider<NotificationStatusAuthorizationHandler> sutProvider,
+        NotificationStatus notificationStatus, ClaimsPrincipal claimsPrincipal)
+    {
+        SetupUserPermission(sutProvider, Guid.NewGuid());
+
+        var requirement = NotificationStatusOperations.Update;
+        var context = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement },
+            claimsPrincipal, notificationStatus);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.False(context.HasSucceeded);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task HandleAsync_UpdateRequirement_Authorized(
+        SutProvider<NotificationStatusAuthorizationHandler> sutProvider,
+        NotificationStatus notificationStatus, ClaimsPrincipal claimsPrincipal)
+    {
+        SetupUserPermission(sutProvider, notificationStatus.UserId);
+
+        var requirement = NotificationStatusOperations.Update;
+        var context = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement },
+            claimsPrincipal, notificationStatus);
+
+        await sutProvider.Sut.HandleAsync(context);
+
+        Assert.True(context.HasSucceeded);
+    }
+}
--- a/test/Core.Test/NotificationCenter/AutoFixture/NotificationFixtures.cs
+++ b/test/Core.Test/NotificationCenter/AutoFixture/NotificationFixtures.cs
@ -0,0 +1,31 @@
+using AutoFixture;
+using Bit.Core.NotificationCenter.Entities;
+using Bit.Test.Common.AutoFixture.Attributes;
+
+namespace Bit.Core.Test.NotificationCenter.AutoFixture;
+
+public class NotificationCustomization(bool global) : ICustomization
+{
+    public void Customize(IFixture fixture)
+    {
+        fixture.Customize<Notification>(composer =>
+        {
+            var postprocessComposer = composer.With(n => n.Id, Guid.NewGuid())
+                .With(n => n.Global, global);
+
+            postprocessComposer = global
+                ? postprocessComposer.Without(n => n.UserId)
+                : postprocessComposer.With(n => n.UserId, Guid.NewGuid());
+
+            return global
+                ? postprocessComposer.Without(n => n.OrganizationId)
+                : postprocessComposer.With(n => n.OrganizationId, Guid.NewGuid());
+        });
+    }
+}
+
+public class NotificationCustomizeAttribute(bool global = true)
+    : BitCustomizeAttribute
+{
+    public override ICustomization GetCustomization() => new NotificationCustomization(global);
+}
--- a/test/Core.Test/NotificationCenter/AutoFixture/NotificationStatusFixtures.cs
+++ b/test/Core.Test/NotificationCenter/AutoFixture/NotificationStatusFixtures.cs
@ -0,0 +1,19 @@
+using AutoFixture;
+using Bit.Core.NotificationCenter.Entities;
+using Bit.Test.Common.AutoFixture.Attributes;
+
+namespace Bit.Core.Test.NotificationCenter.AutoFixture;
+
+public class NotificationStatusCustomization : ICustomization
+{
+    public void Customize(IFixture fixture)
+    {
+        fixture.Customize<NotificationStatus>(composer => composer.With(ns => ns.NotificationId, Guid.NewGuid())
+            .With(ns => ns.UserId, Guid.NewGuid()));
+    }
+}
+
+public class NotificationStatusCustomizeAttribute : BitCustomizeAttribute
+{
+    public override ICustomization GetCustomization() => new NotificationStatusCustomization();
+}
--- a/test/Core.Test/NotificationCenter/Commands/CreateNotificationCommandTest.cs
+++ b/test/Core.Test/NotificationCenter/Commands/CreateNotificationCommandTest.cs
@ -0,0 +1,59 @@
+#nullable enable
+using System.Security.Claims;
+using Bit.Core.Exceptions;
+using Bit.Core.NotificationCenter.Authorization;
+using Bit.Core.NotificationCenter.Commands;
+using Bit.Core.NotificationCenter.Entities;
+using Bit.Core.NotificationCenter.Repositories;
+using Bit.Core.Test.NotificationCenter.AutoFixture;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using Microsoft.AspNetCore.Authorization;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Core.Test.NotificationCenter.Commands;
+
+[SutProviderCustomize]
+[NotificationCustomize]
+public class CreateNotificationCommandTest
+{
+    private static void Setup(SutProvider<CreateNotificationCommand> sutProvider,
+        Notification notification, bool authorized = false)
+    {
+        sutProvider.GetDependency<INotificationRepository>()
+            .CreateAsync(notification)
+            .Returns(notification);
+        sutProvider.GetDependency<IAuthorizationService>()
+            .AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), notification,
+                Arg.Is<IEnumerable<IAuthorizationRequirement>>(reqs =>
+                    reqs.Contains(NotificationOperations.Create)))
+            .Returns(authorized ? AuthorizationResult.Success() : AuthorizationResult.Failed());
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task CreateAsync_AuthorizationFailed_NotFoundException(
+        SutProvider<CreateNotificationCommand> sutProvider,
+        Notification notification)
+    {
+        Setup(sutProvider, notification, authorized: false);
+
+        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.CreateAsync(notification));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task CreateAsync_Authorized_NotificationCreated(
+        SutProvider<CreateNotificationCommand> sutProvider,
+        Notification notification)
+    {
+        Setup(sutProvider, notification, true);
+
+        var newNotification = await sutProvider.Sut.CreateAsync(notification);
+
+        Assert.Equal(notification, newNotification);
+        Assert.Equal(DateTime.UtcNow, notification.CreationDate, TimeSpan.FromMinutes(1));
+        Assert.Equal(notification.CreationDate, notification.RevisionDate);
+    }
+}
--- a/test/Core.Test/NotificationCenter/Commands/CreateNotificationStatusCommandTest.cs
+++ b/test/Core.Test/NotificationCenter/Commands/CreateNotificationStatusCommandTest.cs
@ -0,0 +1,89 @@
+#nullable enable
+using System.Security.Claims;
+using Bit.Core.Exceptions;
+using Bit.Core.NotificationCenter.Authorization;
+using Bit.Core.NotificationCenter.Commands;
+using Bit.Core.NotificationCenter.Entities;
+using Bit.Core.NotificationCenter.Repositories;
+using Bit.Core.Test.NotificationCenter.AutoFixture;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using Microsoft.AspNetCore.Authorization;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Core.Test.NotificationCenter.Commands;
+
+[SutProviderCustomize]
+[NotificationCustomize]
+[NotificationStatusCustomize]
+public class CreateNotificationStatusCommandTest
+{
+    private static void Setup(SutProvider<CreateNotificationStatusCommand> sutProvider,
+        Notification? notification, NotificationStatus notificationStatus,
+        bool authorizedNotification = false, bool authorizedCreate = false)
+    {
+        sutProvider.GetDependency<INotificationRepository>()
+            .GetByIdAsync(notificationStatus.NotificationId)
+            .Returns(notification);
+        sutProvider.GetDependency<INotificationStatusRepository>()
+            .CreateAsync(notificationStatus)
+            .Returns(notificationStatus);
+        sutProvider.GetDependency<IAuthorizationService>()
+            .AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), notification ?? Arg.Any<Notification>(),
+                Arg.Is<IEnumerable<IAuthorizationRequirement>>(reqs =>
+                    reqs.Contains(NotificationOperations.Read)))
+            .Returns(authorizedNotification ? AuthorizationResult.Success() : AuthorizationResult.Failed());
+        sutProvider.GetDependency<IAuthorizationService>()
+            .AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), notificationStatus,
+                Arg.Is<IEnumerable<IAuthorizationRequirement>>(reqs =>
+                    reqs.Contains(NotificationStatusOperations.Create)))
+            .Returns(authorizedCreate ? AuthorizationResult.Success() : AuthorizationResult.Failed());
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task CreateAsync_NotificationNotFound_NotFoundException(
+        SutProvider<CreateNotificationStatusCommand> sutProvider,
+        NotificationStatus notificationStatus)
+    {
+        Setup(sutProvider, notification: null, notificationStatus, true, true);
+
+        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.CreateAsync(notificationStatus));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task CreateAsync_NotificationReadNotAuthorized_NotFoundException(
+        SutProvider<CreateNotificationStatusCommand> sutProvider,
+        Notification notification, NotificationStatus notificationStatus)
+    {
+        Setup(sutProvider, notification, notificationStatus, authorizedNotification: false, true);
+
+        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.CreateAsync(notificationStatus));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task CreateAsync_CreateNotAuthorized_NotFoundException(
+        SutProvider<CreateNotificationStatusCommand> sutProvider,
+        Notification notification, NotificationStatus notificationStatus)
+    {
+        Setup(sutProvider, notification, notificationStatus, true, authorizedCreate: false);
+
+        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.CreateAsync(notificationStatus));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task CreateAsync_NotificationFoundAuthorized_NotificationStatusCreated(
+        SutProvider<CreateNotificationStatusCommand> sutProvider,
+        Notification notification, NotificationStatus notificationStatus)
+    {
+        Setup(sutProvider, notification, notificationStatus, true, true);
+
+        var newNotificationStatus = await sutProvider.Sut.CreateAsync(notificationStatus);
+
+        Assert.Equal(notificationStatus, newNotificationStatus);
+    }
+}
--- a/test/Core.Test/NotificationCenter/Commands/MarkNotificationDeletedCommandTest.cs
+++ b/test/Core.Test/NotificationCenter/Commands/MarkNotificationDeletedCommandTest.cs
@ -0,0 +1,151 @@
+#nullable enable
+using System.Security.Claims;
+using Bit.Core.Context;
+using Bit.Core.Exceptions;
+using Bit.Core.NotificationCenter.Authorization;
+using Bit.Core.NotificationCenter.Commands;
+using Bit.Core.NotificationCenter.Entities;
+using Bit.Core.NotificationCenter.Repositories;
+using Bit.Core.Test.NotificationCenter.AutoFixture;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using Microsoft.AspNetCore.Authorization;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Core.Test.NotificationCenter.Commands;
+
+[SutProviderCustomize]
+[NotificationCustomize]
+[NotificationStatusCustomize]
+public class MarkNotificationDeletedCommandTest
+{
+    private static void Setup(SutProvider<MarkNotificationDeletedCommand> sutProvider,
+        Guid notificationId, Guid? userId, Notification? notification, NotificationStatus? notificationStatus,
+        bool authorizedNotification = false, bool authorizedCreate = false, bool authorizedUpdate = false)
+    {
+        sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
+        sutProvider.GetDependency<INotificationRepository>()
+            .GetByIdAsync(notificationId)
+            .Returns(notification);
+        sutProvider.GetDependency<INotificationStatusRepository>()
+            .GetByNotificationIdAndUserIdAsync(notificationId, userId ?? Arg.Any<Guid>())
+            .Returns(notificationStatus);
+        sutProvider.GetDependency<INotificationStatusRepository>()
+            .CreateAsync(Arg.Any<NotificationStatus>());
+        sutProvider.GetDependency<INotificationStatusRepository>()
+            .UpdateAsync(notificationStatus ?? Arg.Any<NotificationStatus>());
+        sutProvider.GetDependency<IAuthorizationService>()
+            .AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), notification ?? Arg.Any<Notification>(),
+                Arg.Is<IEnumerable<IAuthorizationRequirement>>(reqs =>
+                    reqs.Contains(NotificationOperations.Read)))
+            .Returns(authorizedNotification ? AuthorizationResult.Success() : AuthorizationResult.Failed());
+        sutProvider.GetDependency<IAuthorizationService>()
+            .AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), notificationStatus ?? Arg.Any<NotificationStatus>(),
+                Arg.Is<IEnumerable<IAuthorizationRequirement>>(reqs =>
+                    reqs.Contains(NotificationStatusOperations.Create)))
+            .Returns(authorizedCreate ? AuthorizationResult.Success() : AuthorizationResult.Failed());
+        sutProvider.GetDependency<IAuthorizationService>()
+            .AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), notificationStatus ?? Arg.Any<NotificationStatus>(),
+                Arg.Is<IEnumerable<IAuthorizationRequirement>>(reqs =>
+                    reqs.Contains(NotificationStatusOperations.Update)))
+            .Returns(authorizedUpdate ? AuthorizationResult.Success() : AuthorizationResult.Failed());
+
+        sutProvider.GetDependency<INotificationStatusRepository>().ClearReceivedCalls();
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task MarkDeletedAsync_NotLoggedIn_NotFoundException(
+        SutProvider<MarkNotificationDeletedCommand> sutProvider,
+        Guid notificationId, Notification notification, NotificationStatus notificationStatus)
+    {
+        Setup(sutProvider, notificationId, userId: null, notification, notificationStatus, true, true, true);
+
+        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.MarkDeletedAsync(notificationId));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task MarkDeletedAsync_NotificationNotFound_NotFoundException(
+        SutProvider<MarkNotificationDeletedCommand> sutProvider,
+        Guid notificationId, Guid userId, NotificationStatus notificationStatus)
+    {
+        Setup(sutProvider, notificationId, userId, notification: null, notificationStatus, true, true, true);
+
+        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.MarkDeletedAsync(notificationId));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task MarkDeletedAsync_ReadRequirementNotificationNotAuthorized_NotFoundException(
+        SutProvider<MarkNotificationDeletedCommand> sutProvider,
+        Guid notificationId, Guid userId, Notification notification, NotificationStatus notificationStatus)
+    {
+        Setup(sutProvider, notificationId, userId, notification, notificationStatus, authorizedNotification: false,
+            true, true);
+
+        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.MarkDeletedAsync(notificationId));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task MarkDeletedAsync_CreateRequirementNotAuthorized_NotFoundException(
+        SutProvider<MarkNotificationDeletedCommand> sutProvider,
+        Guid notificationId, Guid userId, Notification notification)
+    {
+        Setup(sutProvider, notificationId, userId, notification, notificationStatus: null, true,
+            authorizedCreate: false, true);
+
+        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.MarkDeletedAsync(notificationId));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task MarkDeletedAsync_UpdateRequirementNotAuthorized_NotFoundException(
+        SutProvider<MarkNotificationDeletedCommand> sutProvider,
+        Guid notificationId, Guid userId, Notification notification, NotificationStatus notificationStatus)
+    {
+        Setup(sutProvider, notificationId, userId, notification, notificationStatus, true, true,
+            authorizedUpdate: false);
+
+        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.MarkDeletedAsync(notificationId));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task MarkDeletedAsync_NotificationStatusNotFoundCreateAuthorized_NotificationStatusCreated(
+        SutProvider<MarkNotificationDeletedCommand> sutProvider,
+        Guid notificationId, Guid userId, Notification notification)
+    {
+        Setup(sutProvider, notificationId, userId, notification, notificationStatus: null, true, true, true);
+
+        await sutProvider.Sut.MarkDeletedAsync(notificationId);
+
+        await sutProvider.GetDependency<INotificationStatusRepository>().Received(1)
+            .CreateAsync(Arg.Is<NotificationStatus>(ns =>
+                ns.NotificationId == notificationId && ns.UserId == userId && !ns.ReadDate.HasValue &&
+                ns.DeletedDate.HasValue && DateTime.UtcNow - ns.DeletedDate.Value < TimeSpan.FromMinutes(1)));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task MarkDeletedAsync_NotificationStatusFoundCreateAuthorized_NotificationStatusUpdated(
+        SutProvider<MarkNotificationDeletedCommand> sutProvider,
+        Guid notificationId, Guid userId, Notification notification, NotificationStatus notificationStatus)
+    {
+        var deletedDate = notificationStatus.DeletedDate;
+
+        Setup(sutProvider, notificationId, userId, notification, notificationStatus, true, true, true);
+
+        await sutProvider.Sut.MarkDeletedAsync(notificationId);
+
+        await sutProvider.GetDependency<INotificationStatusRepository>().Received(1)
+            .UpdateAsync(Arg.Is<NotificationStatus>(ns =>
+                ns.Equals(notificationStatus) &&
+                ns.NotificationId == notificationStatus.NotificationId && ns.UserId == notificationStatus.UserId &&
+                ns.ReadDate == notificationStatus.ReadDate && ns.DeletedDate != deletedDate &&
+                ns.DeletedDate.HasValue &&
+                DateTime.UtcNow - ns.DeletedDate.Value < TimeSpan.FromMinutes(1)));
+    }
+}
--- a/test/Core.Test/NotificationCenter/Commands/MarkNotificationReadCommandTest.cs
+++ b/test/Core.Test/NotificationCenter/Commands/MarkNotificationReadCommandTest.cs
@ -0,0 +1,151 @@
+#nullable enable
+using System.Security.Claims;
+using Bit.Core.Context;
+using Bit.Core.Exceptions;
+using Bit.Core.NotificationCenter.Authorization;
+using Bit.Core.NotificationCenter.Commands;
+using Bit.Core.NotificationCenter.Entities;
+using Bit.Core.NotificationCenter.Repositories;
+using Bit.Core.Test.NotificationCenter.AutoFixture;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using Microsoft.AspNetCore.Authorization;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Core.Test.NotificationCenter.Commands;
+
+[SutProviderCustomize]
+[NotificationCustomize]
+[NotificationStatusCustomize]
+public class MarkNotificationReadCommandTest
+{
+    private static void Setup(SutProvider<MarkNotificationReadCommand> sutProvider,
+        Guid notificationId, Guid? userId, Notification? notification, NotificationStatus? notificationStatus,
+        bool authorizedNotification = false, bool authorizedCreate = false, bool authorizedUpdate = false)
+    {
+        sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
+        sutProvider.GetDependency<INotificationRepository>()
+            .GetByIdAsync(notificationId)
+            .Returns(notification);
+        sutProvider.GetDependency<INotificationStatusRepository>()
+            .GetByNotificationIdAndUserIdAsync(notificationId, userId ?? Arg.Any<Guid>())
+            .Returns(notificationStatus);
+        sutProvider.GetDependency<INotificationStatusRepository>()
+            .CreateAsync(Arg.Any<NotificationStatus>());
+        sutProvider.GetDependency<INotificationStatusRepository>()
+            .UpdateAsync(notificationStatus ?? Arg.Any<NotificationStatus>());
+        sutProvider.GetDependency<IAuthorizationService>()
+            .AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), notification ?? Arg.Any<Notification>(),
+                Arg.Is<IEnumerable<IAuthorizationRequirement>>(reqs =>
+                    reqs.Contains(NotificationOperations.Read)))
+            .Returns(authorizedNotification ? AuthorizationResult.Success() : AuthorizationResult.Failed());
+        sutProvider.GetDependency<IAuthorizationService>()
+            .AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), notificationStatus ?? Arg.Any<NotificationStatus>(),
+                Arg.Is<IEnumerable<IAuthorizationRequirement>>(reqs =>
+                    reqs.Contains(NotificationStatusOperations.Create)))
+            .Returns(authorizedCreate ? AuthorizationResult.Success() : AuthorizationResult.Failed());
+        sutProvider.GetDependency<IAuthorizationService>()
+            .AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), notificationStatus ?? Arg.Any<NotificationStatus>(),
+                Arg.Is<IEnumerable<IAuthorizationRequirement>>(reqs =>
+                    reqs.Contains(NotificationStatusOperations.Update)))
+            .Returns(authorizedUpdate ? AuthorizationResult.Success() : AuthorizationResult.Failed());
+
+        sutProvider.GetDependency<INotificationStatusRepository>().ClearReceivedCalls();
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task MarkReadAsync_NotLoggedIn_NotFoundException(
+        SutProvider<MarkNotificationReadCommand> sutProvider,
+        Guid notificationId, Notification notification, NotificationStatus notificationStatus)
+    {
+        Setup(sutProvider, notificationId, userId: null, notification, notificationStatus, true, true, true);
+
+        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.MarkReadAsync(notificationId));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task MarkReadAsync_NotificationNotFound_NotFoundException(
+        SutProvider<MarkNotificationReadCommand> sutProvider,
+        Guid notificationId, Guid userId, NotificationStatus notificationStatus)
+    {
+        Setup(sutProvider, notificationId, userId, notification: null, notificationStatus, true, true, true);
+
+        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.MarkReadAsync(notificationId));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task MarkReadAsync_ReadRequirementNotificationNotAuthorized_NotFoundException(
+        SutProvider<MarkNotificationReadCommand> sutProvider,
+        Guid notificationId, Guid userId, Notification notification, NotificationStatus notificationStatus)
+    {
+        Setup(sutProvider, notificationId, userId, notification, notificationStatus, authorizedNotification: false,
+            true, true);
+
+        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.MarkReadAsync(notificationId));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task MarkReadAsync_CreateRequirementNotAuthorized_NotFoundException(
+        SutProvider<MarkNotificationReadCommand> sutProvider,
+        Guid notificationId, Guid userId, Notification notification)
+    {
+        Setup(sutProvider, notificationId, userId, notification, notificationStatus: null, true,
+            authorizedCreate: false, true);
+
+        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.MarkReadAsync(notificationId));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task MarkReadAsync_UpdateRequirementNotAuthorized_NotFoundException(
+        SutProvider<MarkNotificationReadCommand> sutProvider,
+        Guid notificationId, Guid userId, Notification notification, NotificationStatus notificationStatus)
+    {
+        Setup(sutProvider, notificationId, userId, notification, notificationStatus, true, true,
+            authorizedUpdate: false);
+
+        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.MarkReadAsync(notificationId));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task MarkReadAsync_NotificationStatusNotFoundCreateAuthorized_NotificationStatusCreated(
+        SutProvider<MarkNotificationReadCommand> sutProvider,
+        Guid notificationId, Guid userId, Notification notification)
+    {
+        Setup(sutProvider, notificationId, userId, notification, notificationStatus: null, true, true, true);
+
+        await sutProvider.Sut.MarkReadAsync(notificationId);
+
+        await sutProvider.GetDependency<INotificationStatusRepository>().Received(1)
+            .CreateAsync(Arg.Is<NotificationStatus>(ns =>
+                ns.NotificationId == notificationId && ns.UserId == userId && !ns.DeletedDate.HasValue &&
+                ns.ReadDate.HasValue && DateTime.UtcNow - ns.ReadDate.Value < TimeSpan.FromMinutes(1)));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task MarkReadAsync_NotificationStatusFoundCreateAuthorized_NotificationStatusUpdated(
+        SutProvider<MarkNotificationReadCommand> sutProvider,
+        Guid notificationId, Guid userId, Notification notification, NotificationStatus notificationStatus)
+    {
+        var readDate = notificationStatus.ReadDate;
+
+        Setup(sutProvider, notificationId, userId, notification, notificationStatus, true, true, true);
+
+        await sutProvider.Sut.MarkReadAsync(notificationId);
+
+        await sutProvider.GetDependency<INotificationStatusRepository>().Received(1)
+            .UpdateAsync(Arg.Is<NotificationStatus>(ns =>
+                ns.Equals(notificationStatus) &&
+                ns.NotificationId == notificationStatus.NotificationId && ns.UserId == notificationStatus.UserId &&
+                ns.DeletedDate == notificationStatus.DeletedDate && ns.ReadDate != readDate &&
+                ns.ReadDate.HasValue &&
+                DateTime.UtcNow - ns.ReadDate.Value < TimeSpan.FromMinutes(1)));
+    }
+}
--- a/test/Core.Test/NotificationCenter/Commands/UpdateNotificationCommandTest.cs
+++ b/test/Core.Test/NotificationCenter/Commands/UpdateNotificationCommandTest.cs
@ -0,0 +1,95 @@
+#nullable enable
+using System.Security.Claims;
+using Bit.Core.Enums;
+using Bit.Core.Exceptions;
+using Bit.Core.NotificationCenter.Authorization;
+using Bit.Core.NotificationCenter.Commands;
+using Bit.Core.NotificationCenter.Entities;
+using Bit.Core.NotificationCenter.Enums;
+using Bit.Core.NotificationCenter.Repositories;
+using Bit.Core.Test.NotificationCenter.AutoFixture;
+using Bit.Core.Utilities;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using Microsoft.AspNetCore.Authorization;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Core.Test.NotificationCenter.Commands;
+
+[SutProviderCustomize]
+[NotificationCustomize]
+public class UpdateNotificationCommandTest
+{
+    private static void Setup(SutProvider<UpdateNotificationCommand> sutProvider,
+        Guid notificationId, Notification? notification, bool authorized = false)
+    {
+        sutProvider.GetDependency<INotificationRepository>()
+            .GetByIdAsync(notificationId)
+            .Returns(notification);
+        sutProvider.GetDependency<IAuthorizationService>()
+            .AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), notification ?? Arg.Any<Notification>(),
+                Arg.Is<IEnumerable<IAuthorizationRequirement>>(reqs =>
+                    reqs.Contains(NotificationOperations.Update)))
+            .Returns(authorized ? AuthorizationResult.Success() : AuthorizationResult.Failed());
+
+        sutProvider.GetDependency<INotificationRepository>().ClearReceivedCalls();
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task UpdateAsync_NotificationNotFound_NotFoundException(
+        SutProvider<UpdateNotificationCommand> sutProvider,
+        Notification notification)
+    {
+        Setup(sutProvider, notification.Id, notification: null, true);
+
+        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.UpdateAsync(notification));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task UpdateAsync_AuthorizationFailed_NotFoundException(
+        SutProvider<UpdateNotificationCommand> sutProvider,
+        Notification notification)
+    {
+        Setup(sutProvider, notification.Id, notification, authorized: false);
+
+        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.UpdateAsync(notification));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task UpdateAsync_Authorized_NotificationCreated(
+        SutProvider<UpdateNotificationCommand> sutProvider,
+        Notification notification)
+    {
+        notification.Priority = Priority.Medium;
+        notification.ClientType = ClientType.Web;
+        notification.Title = "Title";
+        notification.Body = "Body";
+        notification.RevisionDate = DateTime.UtcNow.AddMinutes(-60);
+
+        Setup(sutProvider, notification.Id, notification, true);
+
+        var notificationToUpdate = CoreHelpers.CloneObject(notification);
+        notificationToUpdate.Priority = Priority.High;
+        notificationToUpdate.ClientType = ClientType.Mobile;
+        notificationToUpdate.Title = "Updated Title";
+        notificationToUpdate.Body = "Updated Body";
+        notificationToUpdate.RevisionDate = DateTime.UtcNow.AddMinutes(-30);
+
+        await sutProvider.Sut.UpdateAsync(notificationToUpdate);
+
+        await sutProvider.GetDependency<INotificationRepository>().Received(1)
+            .ReplaceAsync(Arg.Is<Notification>(n =>
+                // Not updated fields
+                n.Id == notificationToUpdate.Id && n.Global == notificationToUpdate.Global &&
+                n.UserId == notificationToUpdate.UserId && n.OrganizationId == notificationToUpdate.OrganizationId &&
+                n.CreationDate == notificationToUpdate.CreationDate &&
+                // Updated fields
+                n.Priority == notificationToUpdate.Priority && n.ClientType == notificationToUpdate.ClientType &&
+                n.Title == notificationToUpdate.Title && n.Body == notificationToUpdate.Body &&
+                DateTime.UtcNow - n.RevisionDate < TimeSpan.FromMinutes(1)));
+    }
+}
--- a/test/Core.Test/NotificationCenter/Queries/GetNotificationStatusForUserTest.cs
+++ b/test/Core.Test/NotificationCenter/Queries/GetNotificationStatusForUserTest.cs
@ -0,0 +1,85 @@
+#nullable enable
+using Bit.Core.Context;
+using Bit.Core.Exceptions;
+using Bit.Core.NotificationCenter.Queries;
+using Bit.Core.NotificationCenter.Repositories;
+using Bit.Core.Test.NotificationCenter.AutoFixture;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+
+namespace Bit.Core.Test.NotificationCenter.Queries;
+
+using System.Security.Claims;
+using Bit.Core.NotificationCenter.Authorization;
+using Bit.Core.NotificationCenter.Entities;
+using Microsoft.AspNetCore.Authorization;
+using NSubstitute;
+using Xunit;
+
+[SutProviderCustomize]
+[NotificationStatusCustomize]
+public class GetNotificationStatusForUserQueryTest
+{
+    private static void Setup(SutProvider<GetNotificationStatusForUserQuery> sutProvider,
+        Guid notificationId, NotificationStatus? notificationStatus, Guid? userId, bool authorized = false)
+    {
+        sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
+        sutProvider.GetDependency<INotificationStatusRepository>()
+            .GetByNotificationIdAndUserIdAsync(notificationId, userId.GetValueOrDefault(Guid.NewGuid()))
+            .Returns(notificationStatus);
+        sutProvider.GetDependency<IAuthorizationService>()
+            .AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), notificationStatus ?? Arg.Any<NotificationStatus>(),
+                Arg.Is<IEnumerable<IAuthorizationRequirement>>(reqs =>
+                    reqs.Contains(NotificationStatusOperations.Read)))
+            .Returns(authorized ? AuthorizationResult.Success() : AuthorizationResult.Failed());
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task GetByUserIdStatusFilterAsync_UserNotLoggedIn_NotFoundException(
+        SutProvider<GetNotificationStatusForUserQuery> sutProvider,
+        Guid notificationId, NotificationStatus notificationStatus)
+    {
+        Setup(sutProvider, notificationId, notificationStatus, userId: null, true);
+
+        await Assert.ThrowsAsync<NotFoundException>(() =>
+            sutProvider.Sut.GetByNotificationIdAndUserIdAsync(notificationId));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task GetByUserIdStatusFilterAsync_NotificationStatusNotFound_NotFoundException(
+        SutProvider<GetNotificationStatusForUserQuery> sutProvider,
+        Guid notificationId)
+    {
+        Setup(sutProvider, notificationId, notificationStatus: null, Guid.NewGuid(), true);
+
+        await Assert.ThrowsAsync<NotFoundException>(() =>
+            sutProvider.Sut.GetByNotificationIdAndUserIdAsync(notificationId));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task GetByUserIdStatusFilterAsync_AuthorizationFailed_NotFoundException(
+        SutProvider<GetNotificationStatusForUserQuery> sutProvider,
+        Guid notificationId, NotificationStatus notificationStatus)
+    {
+        Setup(sutProvider, notificationId, notificationStatus, Guid.NewGuid(), authorized: false);
+
+        await Assert.ThrowsAsync<NotFoundException>(() =>
+            sutProvider.Sut.GetByNotificationIdAndUserIdAsync(notificationId));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task GetByUserIdStatusFilterAsync_NotificationFoundAuthorized_Returned(
+        SutProvider<GetNotificationStatusForUserQuery> sutProvider,
+        Guid notificationId, NotificationStatus notificationStatus)
+    {
+        Setup(sutProvider, notificationId, notificationStatus, Guid.NewGuid(), true);
+
+        var actualNotificationStatus = await sutProvider.Sut.GetByNotificationIdAndUserIdAsync(notificationId);
+
+        Assert.Equal(notificationStatus, actualNotificationStatus);
+    }
+}
--- a/test/Core.Test/NotificationCenter/Queries/GetNotificationsForUserQueryTest.cs
+++ b/test/Core.Test/NotificationCenter/Queries/GetNotificationsForUserQueryTest.cs
@ -0,0 +1,55 @@
+#nullable enable
+using Bit.Core.Context;
+using Bit.Core.Enums;
+using Bit.Core.Exceptions;
+using Bit.Core.NotificationCenter.Models.Filter;
+using Bit.Core.NotificationCenter.Queries;
+using Bit.Core.NotificationCenter.Repositories;
+using Bit.Core.Test.NotificationCenter.AutoFixture;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+
+namespace Bit.Core.Test.NotificationCenter.Queries;
+
+using Bit.Core.NotificationCenter.Entities;
+using NSubstitute;
+using Xunit;
+
+[SutProviderCustomize]
+[NotificationCustomize]
+public class GetNotificationsForUserQueryTest
+{
+    private static void Setup(SutProvider<GetNotificationsForUserQuery> sutProvider,
+        List<Notification> notifications, NotificationStatusFilter statusFilter, Guid? userId)
+    {
+        sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
+        sutProvider.GetDependency<INotificationRepository>().GetByUserIdAndStatusAsync(
+                userId.GetValueOrDefault(Guid.NewGuid()), Arg.Any<ClientType>(), statusFilter)
+            .Returns(notifications);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task GetByUserIdStatusFilterAsync_NotLoggedIn_NotFoundException(
+        SutProvider<GetNotificationsForUserQuery> sutProvider,
+        List<Notification> notifications, NotificationStatusFilter notificationStatusFilter)
+    {
+        Setup(sutProvider, notifications, notificationStatusFilter, userId: null);
+
+        await Assert.ThrowsAsync<NotFoundException>(() =>
+            sutProvider.Sut.GetByUserIdStatusFilterAsync(notificationStatusFilter));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task GetByUserIdStatusFilterAsync_NotificationsFound_Returned(
+        SutProvider<GetNotificationsForUserQuery> sutProvider,
+        List<Notification> notifications, NotificationStatusFilter notificationStatusFilter)
+    {
+        Setup(sutProvider, notifications, notificationStatusFilter, Guid.NewGuid());
+
+        var actualNotifications = await sutProvider.Sut.GetByUserIdStatusFilterAsync(notificationStatusFilter);
+
+        Assert.Equal(notifications, actualNotifications);
+    }
+}