nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-05-22 12:04:27 -05:00
Code

Implement CanAcceptInvitation and CanBeConfirmed methods in RequireTwoFactorPolicyRequirement; update tests to reflect new logic for two-factor authentication policy handling.

Browse Source
This commit is contained in:
Rui Tome 2025-05-20 16:47:52 +01:00
parent 06a5888c7b
commit f4bfa0baf0
No known key found for this signature in database
GPG Key ID: 526239D96A8EC066
2 changed files with 141 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/RequireTwoFactorPolicyRequirement.cs
View File

@ -8,10 +8,40 @@ using Bit.Core.Enums;
/// </summary>
public class RequireTwoFactorPolicyRequirement : IPolicyRequirement
{
private readonly IEnumerable<PolicyDetails> _policyDetails;
public RequireTwoFactorPolicyRequirement(IEnumerable<PolicyDetails> policyDetails)
{
_policyDetails = policyDetails;
}
/// <summary>
/// Indicates whether two-factor authentication is required for the user.
/// Determines if the user can accept an invitation to an organization.
/// </summary>
public bool RequireTwoFactor { get; init; }
/// <param name="twoFactorEnabled">Whether the user has two-step login enabled.</param>
/// <param name="organizationId">The ID of the organization.</param>
/// <returns>True if the user can accept the invitation, false otherwise.</returns>
public bool CanAcceptInvitation(bool twoFactorEnabled, Guid organizationId) =>
twoFactorEnabled ||
!_policyDetails.Any(p => p.OrganizationId == organizationId &&
(p.OrganizationUserStatus is
OrganizationUserStatusType.Invited or
OrganizationUserStatusType.Accepted or
OrganizationUserStatusType.Confirmed));
/// <summary>
/// Determines if the user can be confirmed in an organization.
/// </summary>
/// <param name="twoFactorEnabled">Whether the user has two-step login enabled.</param>
/// <param name="organizationId">The ID of the organization.</param>
/// <returns>True if the user can be confirmed, false otherwise.</returns>
public bool CanBeConfirmed(bool twoFactorEnabled, Guid organizationId) =>
twoFactorEnabled ||
!_policyDetails.Any(p => p.OrganizationId == organizationId &&
(p.OrganizationUserStatus is
OrganizationUserStatusType.Accepted or
OrganizationUserStatusType.Confirmed));
}
public class RequireTwoFactorPolicyRequirementFactory : BasePolicyRequirementFactory<RequireTwoFactorPolicyRequirement>
@ -21,9 +51,6 @@ public class RequireTwoFactorPolicyRequirementFactory : BasePolicyRequirementFac
public override RequireTwoFactorPolicyRequirement Create(IEnumerable<PolicyDetails> policyDetails)
{
return new RequireTwoFactorPolicyRequirement
{
RequireTwoFactor = policyDetails.Any(p => p.PolicyType == PolicyType.TwoFactorAuthentication)
};
return new RequireTwoFactorPolicyRequirement(policyDetails);
}
}

117
test/Core.Test/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/RequireTwoFactorPolicyRequirementFactoryTests.cs
View File

@ -11,49 +11,148 @@ namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.Policies.PolicyRequire
public class RequireTwoFactorPolicyRequirementFactoryTests
{
[Theory]
[BitAutoData]
public void RequireTwoFactor_WithNoPolicies_ReturnsFalse(SutProvider<RequireTwoFactorPolicyRequirementFactory> sutProvider)
[BitAutoData(true)]
[BitAutoData(false)]
public void CanAcceptInvitation_WithNoPolicies_ReturnsTrue(
bool twoFactorEnabled, Guid organizationId,
SutProvider<RequireTwoFactorPolicyRequirementFactory> sutProvider)
{
var actual = sutProvider.Sut.Create([]);
Assert.False(actual.RequireTwoFactor);
Assert.True(actual.CanAcceptInvitation(twoFactorEnabled, organizationId));
}
[Theory]
[BitAutoData(OrganizationUserStatusType.Revoked)]
[BitAutoData(OrganizationUserStatusType.Invited)]
[BitAutoData(OrganizationUserStatusType.Accepted)]
[BitAutoData(OrganizationUserStatusType.Confirmed)]
public void CanAcceptInvitation_WithTwoFactorEnabled_ReturnsTrue(
OrganizationUserStatusType userStatus, Guid organizationId,
SutProvider<RequireTwoFactorPolicyRequirementFactory> sutProvider)
{
var actual = sutProvider.Sut.Create(
[
new PolicyDetails
{
OrganizationId = organizationId,
PolicyType = PolicyType.TwoFactorAuthentication,
OrganizationUserStatus = userStatus
}
]);
Assert.True(actual.CanAcceptInvitation(true, organizationId));
}
[Theory]
[BitAutoData(OrganizationUserStatusType.Revoked)]
public void CanAcceptInvitation_WithExemptStatus_ReturnsTrue(
OrganizationUserStatusType userStatus, Guid organizationId,
SutProvider<RequireTwoFactorPolicyRequirementFactory> sutProvider)
{
var actual = sutProvider.Sut.Create(
[
new PolicyDetails
{
OrganizationId = organizationId,
PolicyType = PolicyType.TwoFactorAuthentication,
OrganizationUserStatus = userStatus
}
]);
Assert.True(actual.CanAcceptInvitation(false, organizationId));
}
[Theory]
[BitAutoData(OrganizationUserStatusType.Invited)]
[BitAutoData(OrganizationUserStatusType.Accepted)]
[BitAutoData(OrganizationUserStatusType.Confirmed)]
public void RequireTwoFactor_WithNonExemptStatus_ReturnsTrue(
OrganizationUserStatusType userStatus,
public void CanAcceptInvitation_WithNonExemptStatus_ReturnsFalse(
OrganizationUserStatusType userStatus, Guid organizationId,
SutProvider<RequireTwoFactorPolicyRequirementFactory> sutProvider)
{
var actual = sutProvider.Sut.Create(
[
new PolicyDetails
{
OrganizationId = organizationId,
PolicyType = PolicyType.TwoFactorAuthentication,
OrganizationUserStatus = userStatus
}
]);
Assert.True(actual.RequireTwoFactor);
Assert.False(actual.CanAcceptInvitation(false, organizationId));
}
[Theory]
[BitAutoData(true)]
[BitAutoData(false)]
public void CanBeConfirmed_WithNoPolicies_ReturnsTrue(
bool twoFactorEnabled, Guid organizationId,
SutProvider<RequireTwoFactorPolicyRequirementFactory> sutProvider)
{
var actual = sutProvider.Sut.Create([]);
Assert.True(actual.CanBeConfirmed(twoFactorEnabled, organizationId));
}
[Theory]
[BitAutoData(OrganizationUserStatusType.Accepted)]
[BitAutoData(OrganizationUserStatusType.Confirmed)]
public void CanBeConfirmed_WithTwoFactorEnabled_ReturnsTrue(
OrganizationUserStatusType userStatus, Guid organizationId,
SutProvider<RequireTwoFactorPolicyRequirementFactory> sutProvider)
{
var actual = sutProvider.Sut.Create(
[
new PolicyDetails
{
OrganizationId = organizationId,
PolicyType = PolicyType.TwoFactorAuthentication,
OrganizationUserStatus = userStatus
}
]);
Assert.True(actual.CanBeConfirmed(true, organizationId));
}
[Theory]
[BitAutoData(OrganizationUserStatusType.Revoked)]
public void RequireTwoFactor_WithExemptStatus_ReturnsFalse(
OrganizationUserStatusType userStatus,
[BitAutoData(OrganizationUserStatusType.Invited)]
public void CanBeConfirmed_WithExemptStatus_ReturnsTrue(
OrganizationUserStatusType userStatus, Guid organizationId,
SutProvider<RequireTwoFactorPolicyRequirementFactory> sutProvider)
{
var actual = sutProvider.Sut.Create(
[
new PolicyDetails
{
OrganizationId = organizationId,
PolicyType = PolicyType.TwoFactorAuthentication,
OrganizationUserStatus = userStatus
}
]);
Assert.False(actual.RequireTwoFactor);
Assert.True(actual.CanBeConfirmed(false, organizationId));
}
[Theory]
[BitAutoData(OrganizationUserStatusType.Accepted)]
[BitAutoData(OrganizationUserStatusType.Confirmed)]
public void CanBeConfirmed_WithNonExemptStatus_ReturnsFalse(
OrganizationUserStatusType userStatus, Guid organizationId,
SutProvider<RequireTwoFactorPolicyRequirementFactory> sutProvider)
{
var actual = sutProvider.Sut.Create(
[
new PolicyDetails
{
OrganizationId = organizationId,
PolicyType = PolicyType.TwoFactorAuthentication,
OrganizationUserStatus = userStatus
}
]);
Assert.False(actual.CanBeConfirmed(false, organizationId));
}
}