mirror of
https://github.com/bitwarden/server.git
synced 2025-05-23 04:21:05 -05:00
Implement CanAcceptInvitation and CanBeConfirmed methods in RequireTwoFactorPolicyRequirement; update tests to reflect new logic for two-factor authentication policy handling.
This commit is contained in:
Rui Tome
parent
06a5888c7b
commit
f4bfa0baf0
@ -8,10 +8,40 @@ using Bit.Core.Enums;
|
|||||||
/// </summary>
|
/// </summary>
|
||||||
public class RequireTwoFactorPolicyRequirement : IPolicyRequirement
|
public class RequireTwoFactorPolicyRequirement : IPolicyRequirement
|
||||||
{
|
{
|
||||||
|
private readonly IEnumerable<PolicyDetails> _policyDetails;
|
||||||
|
|
||||||
|
public RequireTwoFactorPolicyRequirement(IEnumerable<PolicyDetails> policyDetails)
|
||||||
|
{
|
||||||
|
_policyDetails = policyDetails;
|
||||||
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Indicates whether two-factor authentication is required for the user.
|
/// Determines if the user can accept an invitation to an organization.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
public bool RequireTwoFactor { get; init; }
|
/// <param name="twoFactorEnabled">Whether the user has two-step login enabled.</param>
|
||||||
|
/// <param name="organizationId">The ID of the organization.</param>
|
||||||
|
/// <returns>True if the user can accept the invitation, false otherwise.</returns>
|
||||||
|
public bool CanAcceptInvitation(bool twoFactorEnabled, Guid organizationId) =>
|
||||||
|
twoFactorEnabled ||
|
||||||
|
!_policyDetails.Any(p => p.OrganizationId == organizationId &&
|
||||||
|
(p.OrganizationUserStatus is
|
||||||
|
OrganizationUserStatusType.Invited or
|
||||||
|
OrganizationUserStatusType.Accepted or
|
||||||
|
OrganizationUserStatusType.Confirmed));
|
||||||
|
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Determines if the user can be confirmed in an organization.
|
||||||
|
/// </summary>
|
||||||
|
/// <param name="twoFactorEnabled">Whether the user has two-step login enabled.</param>
|
||||||
|
/// <param name="organizationId">The ID of the organization.</param>
|
||||||
|
/// <returns>True if the user can be confirmed, false otherwise.</returns>
|
||||||
|
public bool CanBeConfirmed(bool twoFactorEnabled, Guid organizationId) =>
|
||||||
|
twoFactorEnabled ||
|
||||||
|
!_policyDetails.Any(p => p.OrganizationId == organizationId &&
|
||||||
|
(p.OrganizationUserStatus is
|
||||||
|
OrganizationUserStatusType.Accepted or
|
||||||
|
OrganizationUserStatusType.Confirmed));
|
||||||
}
|
}
|
||||||
|
|
||||||
public class RequireTwoFactorPolicyRequirementFactory : BasePolicyRequirementFactory<RequireTwoFactorPolicyRequirement>
|
public class RequireTwoFactorPolicyRequirementFactory : BasePolicyRequirementFactory<RequireTwoFactorPolicyRequirement>
|
||||||
@ -21,9 +51,6 @@ public class RequireTwoFactorPolicyRequirementFactory : BasePolicyRequirementFac
|
|||||||
|
|
||||||
public override RequireTwoFactorPolicyRequirement Create(IEnumerable<PolicyDetails> policyDetails)
|
public override RequireTwoFactorPolicyRequirement Create(IEnumerable<PolicyDetails> policyDetails)
|
||||||
{
|
{
|
||||||
return new RequireTwoFactorPolicyRequirement
|
return new RequireTwoFactorPolicyRequirement(policyDetails);
|
||||||
{
|
|
||||||
RequireTwoFactor = policyDetails.Any(p => p.PolicyType == PolicyType.TwoFactorAuthentication)
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -11,49 +11,148 @@ namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.Policies.PolicyRequire
|
|||||||
public class RequireTwoFactorPolicyRequirementFactoryTests
|
public class RequireTwoFactorPolicyRequirementFactoryTests
|
||||||
{
|
{
|
||||||
[Theory]
|
[Theory]
|
||||||
[BitAutoData]
|
[BitAutoData(true)]
|
||||||
public void RequireTwoFactor_WithNoPolicies_ReturnsFalse(SutProvider<RequireTwoFactorPolicyRequirementFactory> sutProvider)
|
[BitAutoData(false)]
|
||||||
|
public void CanAcceptInvitation_WithNoPolicies_ReturnsTrue(
|
||||||
|
bool twoFactorEnabled, Guid organizationId,
|
||||||
|
SutProvider<RequireTwoFactorPolicyRequirementFactory> sutProvider)
|
||||||
{
|
{
|
||||||
var actual = sutProvider.Sut.Create([]);
|
var actual = sutProvider.Sut.Create([]);
|
||||||
|
|
||||||
Assert.False(actual.RequireTwoFactor);
|
Assert.True(actual.CanAcceptInvitation(twoFactorEnabled, organizationId));
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[BitAutoData(OrganizationUserStatusType.Revoked)]
|
||||||
|
[BitAutoData(OrganizationUserStatusType.Invited)]
|
||||||
|
[BitAutoData(OrganizationUserStatusType.Accepted)]
|
||||||
|
[BitAutoData(OrganizationUserStatusType.Confirmed)]
|
||||||
|
public void CanAcceptInvitation_WithTwoFactorEnabled_ReturnsTrue(
|
||||||
|
OrganizationUserStatusType userStatus, Guid organizationId,
|
||||||
|
SutProvider<RequireTwoFactorPolicyRequirementFactory> sutProvider)
|
||||||
|
{
|
||||||
|
var actual = sutProvider.Sut.Create(
|
||||||
|
[
|
||||||
|
new PolicyDetails
|
||||||
|
{
|
||||||
|
OrganizationId = organizationId,
|
||||||
|
PolicyType = PolicyType.TwoFactorAuthentication,
|
||||||
|
OrganizationUserStatus = userStatus
|
||||||
|
}
|
||||||
|
]);
|
||||||
|
|
||||||
|
Assert.True(actual.CanAcceptInvitation(true, organizationId));
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[BitAutoData(OrganizationUserStatusType.Revoked)]
|
||||||
|
public void CanAcceptInvitation_WithExemptStatus_ReturnsTrue(
|
||||||
|
OrganizationUserStatusType userStatus, Guid organizationId,
|
||||||
|
SutProvider<RequireTwoFactorPolicyRequirementFactory> sutProvider)
|
||||||
|
{
|
||||||
|
var actual = sutProvider.Sut.Create(
|
||||||
|
[
|
||||||
|
new PolicyDetails
|
||||||
|
{
|
||||||
|
OrganizationId = organizationId,
|
||||||
|
PolicyType = PolicyType.TwoFactorAuthentication,
|
||||||
|
OrganizationUserStatus = userStatus
|
||||||
|
}
|
||||||
|
]);
|
||||||
|
|
||||||
|
Assert.True(actual.CanAcceptInvitation(false, organizationId));
|
||||||
}
|
}
|
||||||
|
|
||||||
[Theory]
|
[Theory]
|
||||||
[BitAutoData(OrganizationUserStatusType.Invited)]
|
[BitAutoData(OrganizationUserStatusType.Invited)]
|
||||||
[BitAutoData(OrganizationUserStatusType.Accepted)]
|
[BitAutoData(OrganizationUserStatusType.Accepted)]
|
||||||
[BitAutoData(OrganizationUserStatusType.Confirmed)]
|
[BitAutoData(OrganizationUserStatusType.Confirmed)]
|
||||||
public void RequireTwoFactor_WithNonExemptStatus_ReturnsTrue(
|
public void CanAcceptInvitation_WithNonExemptStatus_ReturnsFalse(
|
||||||
OrganizationUserStatusType userStatus,
|
OrganizationUserStatusType userStatus, Guid organizationId,
|
||||||
SutProvider<RequireTwoFactorPolicyRequirementFactory> sutProvider)
|
SutProvider<RequireTwoFactorPolicyRequirementFactory> sutProvider)
|
||||||
{
|
{
|
||||||
var actual = sutProvider.Sut.Create(
|
var actual = sutProvider.Sut.Create(
|
||||||
[
|
[
|
||||||
new PolicyDetails
|
new PolicyDetails
|
||||||
{
|
{
|
||||||
|
OrganizationId = organizationId,
|
||||||
PolicyType = PolicyType.TwoFactorAuthentication,
|
PolicyType = PolicyType.TwoFactorAuthentication,
|
||||||
OrganizationUserStatus = userStatus
|
OrganizationUserStatus = userStatus
|
||||||
}
|
}
|
||||||
]);
|
]);
|
||||||
|
|
||||||
Assert.True(actual.RequireTwoFactor);
|
Assert.False(actual.CanAcceptInvitation(false, organizationId));
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[BitAutoData(true)]
|
||||||
|
[BitAutoData(false)]
|
||||||
|
public void CanBeConfirmed_WithNoPolicies_ReturnsTrue(
|
||||||
|
bool twoFactorEnabled, Guid organizationId,
|
||||||
|
SutProvider<RequireTwoFactorPolicyRequirementFactory> sutProvider)
|
||||||
|
{
|
||||||
|
var actual = sutProvider.Sut.Create([]);
|
||||||
|
|
||||||
|
Assert.True(actual.CanBeConfirmed(twoFactorEnabled, organizationId));
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[BitAutoData(OrganizationUserStatusType.Accepted)]
|
||||||
|
[BitAutoData(OrganizationUserStatusType.Confirmed)]
|
||||||
|
public void CanBeConfirmed_WithTwoFactorEnabled_ReturnsTrue(
|
||||||
|
OrganizationUserStatusType userStatus, Guid organizationId,
|
||||||
|
SutProvider<RequireTwoFactorPolicyRequirementFactory> sutProvider)
|
||||||
|
{
|
||||||
|
var actual = sutProvider.Sut.Create(
|
||||||
|
[
|
||||||
|
new PolicyDetails
|
||||||
|
{
|
||||||
|
OrganizationId = organizationId,
|
||||||
|
PolicyType = PolicyType.TwoFactorAuthentication,
|
||||||
|
OrganizationUserStatus = userStatus
|
||||||
|
}
|
||||||
|
]);
|
||||||
|
|
||||||
|
Assert.True(actual.CanBeConfirmed(true, organizationId));
|
||||||
}
|
}
|
||||||
|
|
||||||
[Theory]
|
[Theory]
|
||||||
[BitAutoData(OrganizationUserStatusType.Revoked)]
|
[BitAutoData(OrganizationUserStatusType.Revoked)]
|
||||||
public void RequireTwoFactor_WithExemptStatus_ReturnsFalse(
|
[BitAutoData(OrganizationUserStatusType.Invited)]
|
||||||
OrganizationUserStatusType userStatus,
|
public void CanBeConfirmed_WithExemptStatus_ReturnsTrue(
|
||||||
|
OrganizationUserStatusType userStatus, Guid organizationId,
|
||||||
SutProvider<RequireTwoFactorPolicyRequirementFactory> sutProvider)
|
SutProvider<RequireTwoFactorPolicyRequirementFactory> sutProvider)
|
||||||
{
|
{
|
||||||
var actual = sutProvider.Sut.Create(
|
var actual = sutProvider.Sut.Create(
|
||||||
[
|
[
|
||||||
new PolicyDetails
|
new PolicyDetails
|
||||||
{
|
{
|
||||||
|
OrganizationId = organizationId,
|
||||||
PolicyType = PolicyType.TwoFactorAuthentication,
|
PolicyType = PolicyType.TwoFactorAuthentication,
|
||||||
OrganizationUserStatus = userStatus
|
OrganizationUserStatus = userStatus
|
||||||
}
|
}
|
||||||
]);
|
]);
|
||||||
|
|
||||||
Assert.False(actual.RequireTwoFactor);
|
Assert.True(actual.CanBeConfirmed(false, organizationId));
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[BitAutoData(OrganizationUserStatusType.Accepted)]
|
||||||
|
[BitAutoData(OrganizationUserStatusType.Confirmed)]
|
||||||
|
public void CanBeConfirmed_WithNonExemptStatus_ReturnsFalse(
|
||||||
|
OrganizationUserStatusType userStatus, Guid organizationId,
|
||||||
|
SutProvider<RequireTwoFactorPolicyRequirementFactory> sutProvider)
|
||||||
|
{
|
||||||
|
var actual = sutProvider.Sut.Create(
|
||||||
|
[
|
||||||
|
new PolicyDetails
|
||||||
|
{
|
||||||
|
OrganizationId = organizationId,
|
||||||
|
PolicyType = PolicyType.TwoFactorAuthentication,
|
||||||
|
OrganizationUserStatus = userStatus
|
||||||
|
}
|
||||||
|
]);
|
||||||
|
|
||||||
|
Assert.False(actual.CanBeConfirmed(false, organizationId));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user