mirror of
https://github.com/bitwarden/server.git
synced 2025-06-30 15:42:48 -05:00
290fa3ded4
* Add CreateCollectionCommand and associated interface with validation logic * Implement CreateCollectionCommand to handle collection creation with organization checks and access permissions. * Introduce ICreateCollectionCommand interface for defining the collection creation contract. * Add unit tests for CreateCollectionCommand to validate various scenarios including permission checks and error handling. * Add UpdateCollectionCommand and associated interface with validation logic * Implement UpdateCollectionCommand to handle collection updates with organization checks and access permissions. * Introduce IUpdateCollectionCommand interface for defining the collection update contract. * Add unit tests for UpdateCollectionCommand to validate various scenarios including permission checks and error handling. * Add scoped services for collection commands * Register ICreateCollectionCommand and IUpdateCollectionCommand in the service collection for handling collection creation and updates. * Refactor CollectionsController to use command interfaces for collection creation and updates * Updated CollectionsController to utilize ICreateCollectionCommand and IUpdateCollectionCommand for handling collection creation and updates, replacing calls to ICollectionService. * Adjusted related unit tests to verify the new command implementations. * Refactor ICollectionService and CollectionService to remove SaveAsync method * Removed the SaveAsync method from ICollectionService and its implementation in CollectionService. * Updated related tests in CollectionServiceTests to reflect the removal of SaveAsync, ensuring existing functionality remains intact. * Remove unused organization repository dependency from CollectionServiceTests * Add validation to CreateCollectionCommand to prevent creation of DefaultUserCollection type * Implemented a check in CreateCollectionCommand to throw a BadRequestException if a collection of type DefaultUserCollection is attempted to be created. * Added a unit test to verify that the exception is thrown with the correct message when attempting to create a collection of this type. * Add validation to DeleteCollectionCommand to prevent deletion of DefaultUserCollection type * Implemented checks in DeleteAsync and DeleteManyAsync methods to throw a BadRequestException if a collection of type DefaultUserCollection is attempted to be deleted. * Added unit tests to verify that the exceptions are thrown with the correct messages when attempting to delete collections of this type. * Add validation in UpdateCollectionCommand to prevent editing DefaultUserCollection type * Implemented a check in UpdateAsync to throw a BadRequestException if a collection of type DefaultUserCollection is attempted to be updated. * Added a unit test to verify that the exception is thrown with the correct message when attempting to update a collection of this type. * Add validation in UpdateOrganizationUserCommand to prevent modification of DefaultUserCollection type * Implemented a check to throw a BadRequestException if an attempt is made to modify member access for collections of type DefaultUserCollection. * Added a unit test to ensure the exception is thrown with the correct message when this condition is met. * Add validation in UpdateGroupCommand to prevent modification of DefaultUserCollection type * Implemented a check to throw a BadRequestException if an attempt is made to modify group access for collections of type DefaultUserCollection. * Added a unit test to ensure the exception is thrown with the correct message when this condition is met. * Add validation in BulkAddCollectionAccessCommand to prevent addition of collections of DefaultUserCollection type * Implemented a check to throw a BadRequestException if an attempt is made to add access to collections of type DefaultUserCollection. * Added a unit test to ensure the exception is thrown with the correct message when this condition is met. * Add validation in CollectionService to prevent modification of DefaultUserCollection type * Implemented a check in DeleteUserAsync to throw a BadRequestException if an attempt is made to modify member access for collections of type DefaultUserCollection. * Added a unit test to ensure the exception is thrown with the correct message when this condition is met. * Implement a check to throw a BadRequestException if an attempt is made to modify member access for collections of type DefaultUserCollection. * Add validation in CollectionsController to prevent deletion of DefaultUserCollection type * Implemented a check to return a BadRequestObjectResult if an attempt is made to delete a collection of type DefaultUserCollection. * Remove unused test method for handling DefaultUserCollection in CollectionsControllerTests * Update UpdateOrganizationUserCommandTests to use OrganizationUserType for user updates
285 lines
14 KiB
C#
285 lines
14 KiB
C#
using System.Text.Json;
|
|
using Bit.Core.AdminConsole.Entities;
|
|
using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers;
|
|
using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
|
|
using Bit.Core.AdminConsole.Repositories;
|
|
using Bit.Core.Billing.Enums;
|
|
using Bit.Core.Entities;
|
|
using Bit.Core.Enums;
|
|
using Bit.Core.Exceptions;
|
|
using Bit.Core.Models.Data;
|
|
using Bit.Core.Repositories;
|
|
using Bit.Core.Services;
|
|
using Bit.Core.Test.AutoFixture.OrganizationUserFixtures;
|
|
using Bit.Core.Utilities;
|
|
using Bit.Test.Common.AutoFixture;
|
|
using Bit.Test.Common.AutoFixture.Attributes;
|
|
using NSubstitute;
|
|
using Xunit;
|
|
|
|
namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.OrganizationUsers;
|
|
|
|
[SutProviderCustomize]
|
|
public class UpdateOrganizationUserCommandTests
|
|
{
|
|
[Theory, BitAutoData]
|
|
public async Task UpdateUserAsync_NoUserId_Throws(OrganizationUser user, Guid? savingUserId,
|
|
List<CollectionAccessSelection> collections, List<Guid> groups, SutProvider<UpdateOrganizationUserCommand> sutProvider)
|
|
{
|
|
user.Id = default(Guid);
|
|
var existingUserType = OrganizationUserType.User;
|
|
|
|
var exception = await Assert.ThrowsAsync<BadRequestException>(
|
|
() => sutProvider.Sut.UpdateUserAsync(user, existingUserType, savingUserId, collections, groups));
|
|
Assert.Contains("invite the user first", exception.Message.ToLowerInvariant());
|
|
}
|
|
|
|
[Theory, BitAutoData]
|
|
public async Task UpdateUserAsync_DifferentOrganizationId_Throws(OrganizationUser user, OrganizationUser originalUser,
|
|
Guid? savingUserId, SutProvider<UpdateOrganizationUserCommand> sutProvider)
|
|
{
|
|
sutProvider.GetDependency<IOrganizationUserRepository>().GetByIdAsync(user.Id).Returns(originalUser);
|
|
var existingUserType = OrganizationUserType.User;
|
|
|
|
await Assert.ThrowsAsync<NotFoundException>(
|
|
() => sutProvider.Sut.UpdateUserAsync(user, existingUserType, savingUserId, null, null));
|
|
}
|
|
|
|
[Theory, BitAutoData]
|
|
public async Task UpdateUserAsync_CollectionsBelongToDifferentOrganization_Throws(OrganizationUser user, OrganizationUser originalUser,
|
|
List<CollectionAccessSelection> collectionAccess, Guid? savingUserId, SutProvider<UpdateOrganizationUserCommand> sutProvider,
|
|
Organization organization)
|
|
{
|
|
Setup(sutProvider, organization, user, originalUser);
|
|
|
|
// Return collections with different organizationIds from the repository
|
|
sutProvider.GetDependency<ICollectionRepository>()
|
|
.GetManyByManyIdsAsync(Arg.Any<IEnumerable<Guid>>())
|
|
.Returns(callInfo => callInfo.Arg<IEnumerable<Guid>>()
|
|
.Select(guid => new Collection { Id = guid, OrganizationId = CoreHelpers.GenerateComb() }).ToList());
|
|
|
|
var existingUserType = OrganizationUserType.User;
|
|
|
|
await Assert.ThrowsAsync<NotFoundException>(
|
|
() => sutProvider.Sut.UpdateUserAsync(user, existingUserType, savingUserId, collectionAccess, null));
|
|
}
|
|
|
|
[Theory, BitAutoData]
|
|
public async Task UpdateUserAsync_CollectionsDoNotExist_Throws(OrganizationUser user, OrganizationUser originalUser,
|
|
List<CollectionAccessSelection> collectionAccess, Guid? savingUserId, SutProvider<UpdateOrganizationUserCommand> sutProvider,
|
|
Organization organization)
|
|
{
|
|
Setup(sutProvider, organization, user, originalUser);
|
|
|
|
// Return matching collections, except that 1 is missing
|
|
sutProvider.GetDependency<ICollectionRepository>()
|
|
.GetManyByManyIdsAsync(Arg.Any<IEnumerable<Guid>>())
|
|
.Returns(callInfo =>
|
|
{
|
|
var result = callInfo.Arg<IEnumerable<Guid>>()
|
|
.Select(guid => new Collection { Id = guid, OrganizationId = user.OrganizationId }).ToList();
|
|
result.RemoveAt(0);
|
|
return result;
|
|
});
|
|
var existingUserType = OrganizationUserType.User;
|
|
await Assert.ThrowsAsync<NotFoundException>(
|
|
() => sutProvider.Sut.UpdateUserAsync(user, existingUserType, savingUserId, collectionAccess, null));
|
|
}
|
|
|
|
[Theory, BitAutoData]
|
|
public async Task UpdateUserAsync_GroupsBelongToDifferentOrganization_Throws(OrganizationUser user, OrganizationUser originalUser,
|
|
ICollection<Guid> groupAccess, Guid? savingUserId, SutProvider<UpdateOrganizationUserCommand> sutProvider,
|
|
Organization organization)
|
|
{
|
|
Setup(sutProvider, organization, user, originalUser);
|
|
|
|
// Return collections with different organizationIds from the repository
|
|
sutProvider.GetDependency<IGroupRepository>()
|
|
.GetManyByManyIds(Arg.Any<IEnumerable<Guid>>())
|
|
.Returns(callInfo => callInfo.Arg<IEnumerable<Guid>>()
|
|
.Select(guid => new Group { Id = guid, OrganizationId = CoreHelpers.GenerateComb() }).ToList());
|
|
|
|
var existingUserType = OrganizationUserType.User;
|
|
|
|
await Assert.ThrowsAsync<NotFoundException>(
|
|
() => sutProvider.Sut.UpdateUserAsync(user, existingUserType, savingUserId, null, groupAccess));
|
|
}
|
|
|
|
[Theory, BitAutoData]
|
|
public async Task UpdateUserAsync_GroupsDoNotExist_Throws(OrganizationUser user, OrganizationUser originalUser,
|
|
ICollection<Guid> groupAccess, Guid? savingUserId, SutProvider<UpdateOrganizationUserCommand> sutProvider,
|
|
Organization organization)
|
|
{
|
|
Setup(sutProvider, organization, user, originalUser);
|
|
|
|
// Return matching collections, except that 1 is missing
|
|
sutProvider.GetDependency<IGroupRepository>()
|
|
.GetManyByManyIds(Arg.Any<IEnumerable<Guid>>())
|
|
.Returns(callInfo =>
|
|
{
|
|
var result = callInfo.Arg<IEnumerable<Guid>>()
|
|
.Select(guid => new Group { Id = guid, OrganizationId = CoreHelpers.GenerateComb() }).ToList();
|
|
result.RemoveAt(0);
|
|
return result;
|
|
});
|
|
var existingUserType = OrganizationUserType.User;
|
|
await Assert.ThrowsAsync<NotFoundException>(
|
|
() => sutProvider.Sut.UpdateUserAsync(user, existingUserType, savingUserId, null, groupAccess));
|
|
}
|
|
|
|
[Theory, BitAutoData]
|
|
public async Task UpdateUserAsync_Passes(
|
|
Organization organization,
|
|
OrganizationUser oldUserData,
|
|
OrganizationUser newUserData,
|
|
List<CollectionAccessSelection> collections,
|
|
List<Guid> groups,
|
|
Permissions permissions,
|
|
[OrganizationUser(type: OrganizationUserType.Owner)] OrganizationUser savingUser,
|
|
SutProvider<UpdateOrganizationUserCommand> sutProvider)
|
|
{
|
|
Setup(sutProvider, organization, newUserData, oldUserData);
|
|
|
|
// Arrange list of collections to make sure Manage is mutually exclusive
|
|
for (var i = 0; i < collections.Count; i++)
|
|
{
|
|
var cas = collections[i];
|
|
cas.Manage = i != collections.Count - 1;
|
|
cas.HidePasswords = i == collections.Count - 1;
|
|
cas.ReadOnly = i == collections.Count - 1;
|
|
}
|
|
|
|
newUserData.Id = oldUserData.Id;
|
|
newUserData.UserId = oldUserData.UserId;
|
|
newUserData.OrganizationId = savingUser.OrganizationId = oldUserData.OrganizationId = organization.Id;
|
|
newUserData.Type = OrganizationUserType.Admin;
|
|
newUserData.Permissions = JsonSerializer.Serialize(permissions, new JsonSerializerOptions
|
|
{
|
|
PropertyNamingPolicy = JsonNamingPolicy.CamelCase,
|
|
});
|
|
|
|
sutProvider.GetDependency<ICollectionRepository>()
|
|
.GetManyByManyIdsAsync(Arg.Any<IEnumerable<Guid>>())
|
|
.Returns(callInfo => callInfo.Arg<IEnumerable<Guid>>()
|
|
.Select(guid => new Collection { Id = guid, OrganizationId = oldUserData.OrganizationId }).ToList());
|
|
|
|
sutProvider.GetDependency<IGroupRepository>()
|
|
.GetManyByManyIds(Arg.Any<IEnumerable<Guid>>())
|
|
.Returns(callInfo => callInfo.Arg<IEnumerable<Guid>>()
|
|
.Select(guid => new Group { Id = guid, OrganizationId = oldUserData.OrganizationId }).ToList());
|
|
|
|
sutProvider.GetDependency<IOrganizationUserRepository>()
|
|
.GetCountByFreeOrganizationAdminUserAsync(newUserData.Id)
|
|
.Returns(0);
|
|
|
|
var existingUserType = OrganizationUserType.User;
|
|
|
|
await sutProvider.Sut.UpdateUserAsync(newUserData, existingUserType, savingUser.UserId, collections, groups);
|
|
|
|
var organizationService = sutProvider.GetDependency<IOrganizationService>();
|
|
await organizationService.Received(1).ValidateOrganizationUserUpdatePermissions(
|
|
newUserData.OrganizationId,
|
|
newUserData.Type,
|
|
oldUserData.Type,
|
|
Arg.Any<Permissions>());
|
|
await organizationService.Received(1).ValidateOrganizationCustomPermissionsEnabledAsync(
|
|
newUserData.OrganizationId,
|
|
newUserData.Type);
|
|
await sutProvider.GetDependency<IHasConfirmedOwnersExceptQuery>().Received(1).HasConfirmedOwnersExceptAsync(
|
|
newUserData.OrganizationId,
|
|
Arg.Is<IEnumerable<Guid>>(i => i.Contains(newUserData.Id)));
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData(OrganizationUserType.Admin)]
|
|
[BitAutoData(OrganizationUserType.Owner)]
|
|
public async Task UpdateUserAsync_WhenUpdatingUserToAdminOrOwner_AndExistingUserTypeIsNotAdminOrOwner_WithUserAlreadyAdminOfAnotherFreeOrganization_Throws(
|
|
OrganizationUserType userType,
|
|
OrganizationUser oldUserData,
|
|
OrganizationUser newUserData,
|
|
Organization organization,
|
|
SutProvider<UpdateOrganizationUserCommand> sutProvider)
|
|
{
|
|
organization.PlanType = PlanType.Free;
|
|
newUserData.Type = userType;
|
|
|
|
Setup(sutProvider, organization, newUserData, oldUserData);
|
|
|
|
sutProvider.GetDependency<IOrganizationUserRepository>()
|
|
.GetCountByFreeOrganizationAdminUserAsync(newUserData.UserId!.Value)
|
|
.Returns(1);
|
|
var existingUserType = OrganizationUserType.User;
|
|
|
|
// Assert
|
|
var exception = await Assert.ThrowsAsync<BadRequestException>(
|
|
() => sutProvider.Sut.UpdateUserAsync(newUserData, existingUserType, null, null, null));
|
|
Assert.Contains("User can only be an admin of one free organization.", exception.Message);
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData(OrganizationUserType.Admin, OrganizationUserType.Admin)]
|
|
[BitAutoData(OrganizationUserType.Admin, OrganizationUserType.Owner)]
|
|
[BitAutoData(OrganizationUserType.Owner, OrganizationUserType.Admin)]
|
|
[BitAutoData(OrganizationUserType.Owner, OrganizationUserType.Owner)]
|
|
public async Task UpdateUserAsync_WhenUpdatingUserToAdminOrOwner_AndExistingUserTypeIsAdminOrOwner_WithUserAlreadyAdminOfAnotherFreeOrganization_Throws(
|
|
OrganizationUserType newUserType,
|
|
OrganizationUserType existingUserType,
|
|
OrganizationUser oldUserData,
|
|
OrganizationUser newUserData,
|
|
Organization organization,
|
|
SutProvider<UpdateOrganizationUserCommand> sutProvider)
|
|
{
|
|
organization.PlanType = PlanType.Free;
|
|
newUserData.Type = newUserType;
|
|
|
|
Setup(sutProvider, organization, newUserData, oldUserData);
|
|
|
|
sutProvider.GetDependency<IOrganizationUserRepository>()
|
|
.GetCountByFreeOrganizationAdminUserAsync(newUserData.UserId!.Value)
|
|
.Returns(2);
|
|
|
|
// Assert
|
|
var exception = await Assert.ThrowsAsync<BadRequestException>(
|
|
() => sutProvider.Sut.UpdateUserAsync(newUserData, existingUserType, null, null, null));
|
|
Assert.Contains("User can only be an admin of one free organization.", exception.Message);
|
|
}
|
|
|
|
[Theory, BitAutoData]
|
|
public async Task UpdateUserAsync_WithDefaultUserCollectionType_Throws(OrganizationUser user, OrganizationUser originalUser,
|
|
List<CollectionAccessSelection> collectionAccess, Guid? savingUserId, SutProvider<UpdateOrganizationUserCommand> sutProvider,
|
|
Organization organization)
|
|
{
|
|
Setup(sutProvider, organization, user, originalUser);
|
|
|
|
// Return collections with DefaultUserCollection type
|
|
sutProvider.GetDependency<ICollectionRepository>()
|
|
.GetManyByManyIdsAsync(Arg.Any<IEnumerable<Guid>>())
|
|
.Returns(callInfo => callInfo.Arg<IEnumerable<Guid>>()
|
|
.Select(guid => new Collection { Id = guid, OrganizationId = user.OrganizationId, Type = CollectionType.DefaultUserCollection }).ToList());
|
|
|
|
var exception = await Assert.ThrowsAsync<BadRequestException>(
|
|
() => sutProvider.Sut.UpdateUserAsync(user, OrganizationUserType.User, savingUserId, collectionAccess, null));
|
|
Assert.Contains("You cannot modify member access for collections with the type as DefaultUserCollection.", exception.Message);
|
|
}
|
|
|
|
private void Setup(SutProvider<UpdateOrganizationUserCommand> sutProvider, Organization organization,
|
|
OrganizationUser newUser, OrganizationUser oldUser)
|
|
{
|
|
var organizationRepository = sutProvider.GetDependency<IOrganizationRepository>();
|
|
var organizationUserRepository = sutProvider.GetDependency<IOrganizationUserRepository>();
|
|
var organizationService = sutProvider.GetDependency<IOrganizationService>();
|
|
|
|
organizationRepository.GetByIdAsync(organization.Id).Returns(organization);
|
|
|
|
newUser.Id = oldUser.Id;
|
|
newUser.UserId = oldUser.UserId;
|
|
newUser.OrganizationId = oldUser.OrganizationId = organization.Id;
|
|
organizationUserRepository.GetByIdAsync(oldUser.Id).Returns(oldUser);
|
|
sutProvider.GetDependency<IHasConfirmedOwnersExceptQuery>()
|
|
.HasConfirmedOwnersExceptAsync(
|
|
oldUser.OrganizationId,
|
|
Arg.Is<IEnumerable<Guid>>(i => i.Contains(oldUser.Id)))
|
|
.Returns(true);
|
|
}
|
|
}
|