mirror of
https://github.com/bitwarden/server.git
synced 2025-04-23 22:15:10 -05:00
84a984a9e6
- Add Authorize<T> attribute - Add IOrganizationRequirement and example implementation - Add OrganizationRequirementHandler - Add extension methods (replacing ICurrentContext) - Move custom permissions claim definitions --- Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com> Co-authored-by: ✨ Audrey ✨ <ajensen@bitwarden.com>
113 lines
4.7 KiB
C#
113 lines
4.7 KiB
C#
using System.Security.Claims;
|
|
using Bit.Api.AdminConsole.Authorization;
|
|
using Bit.Core.Services;
|
|
using Bit.Test.Common.AutoFixture;
|
|
using Bit.Test.Common.AutoFixture.Attributes;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Http;
|
|
using NSubstitute;
|
|
using Xunit;
|
|
|
|
namespace Bit.Api.Test.AdminConsole.Authorization;
|
|
|
|
[SutProviderCustomize]
|
|
public class OrganizationRequirementHandlerTests
|
|
{
|
|
[Theory]
|
|
[BitAutoData((string)null)]
|
|
[BitAutoData("malformed guid")]
|
|
public async Task IfInvalidOrganizationId_Throws(string orgId, Guid userId, SutProvider<OrganizationRequirementHandler> sutProvider)
|
|
{
|
|
// Arrange
|
|
ArrangeRouteAndUser(sutProvider, orgId, userId);
|
|
var testRequirement = Substitute.For<IOrganizationRequirement>();
|
|
var authContext = new AuthorizationHandlerContext([testRequirement], new ClaimsPrincipal(), null);
|
|
|
|
// Act
|
|
var exception = await Assert.ThrowsAsync<InvalidOperationException>(() => sutProvider.Sut.HandleAsync(authContext));
|
|
Assert.Contains(HttpContextExtensions.NoOrgIdError, exception.Message);
|
|
Assert.False(authContext.HasSucceeded);
|
|
}
|
|
|
|
[Theory, BitAutoData]
|
|
public async Task IfHttpContextIsNull_Throws(SutProvider<OrganizationRequirementHandler> sutProvider)
|
|
{
|
|
// Arrange
|
|
sutProvider.GetDependency<IHttpContextAccessor>().HttpContext = null;
|
|
var testRequirement = Substitute.For<IOrganizationRequirement>();
|
|
var authContext = new AuthorizationHandlerContext([testRequirement], new ClaimsPrincipal(), null);
|
|
|
|
// Act
|
|
var exception = await Assert.ThrowsAsync<InvalidOperationException>(() => sutProvider.Sut.HandleAsync(authContext));
|
|
Assert.Contains(OrganizationRequirementHandler.NoHttpContextError, exception.Message);
|
|
Assert.False(authContext.HasSucceeded);
|
|
}
|
|
|
|
[Theory, BitAutoData]
|
|
public async Task IfUserIdIsNull_Throws(Guid orgId, SutProvider<OrganizationRequirementHandler> sutProvider)
|
|
{
|
|
// Arrange
|
|
ArrangeRouteAndUser(sutProvider, orgId.ToString(), null);
|
|
var testRequirement = Substitute.For<IOrganizationRequirement>();
|
|
var authContext = new AuthorizationHandlerContext([testRequirement], new ClaimsPrincipal(), null);
|
|
|
|
// Act
|
|
var exception = await Assert.ThrowsAsync<InvalidOperationException>(() => sutProvider.Sut.HandleAsync(authContext));
|
|
Assert.Contains(OrganizationRequirementHandler.NoUserIdError, exception.Message);
|
|
Assert.False(authContext.HasSucceeded);
|
|
}
|
|
|
|
[Theory, BitAutoData]
|
|
public async Task DoesNotAuthorize_IfAuthorizeAsync_ReturnsFalse(
|
|
SutProvider<OrganizationRequirementHandler> sutProvider, Guid organizationId, Guid userId)
|
|
{
|
|
// Arrange route values
|
|
ArrangeRouteAndUser(sutProvider, organizationId.ToString(), userId);
|
|
|
|
// Arrange requirement
|
|
var testRequirement = Substitute.For<IOrganizationRequirement>();
|
|
testRequirement
|
|
.AuthorizeAsync(null, Arg.Any<Func<Task<bool>>>())
|
|
.ReturnsForAnyArgs(false);
|
|
var authContext = new AuthorizationHandlerContext([testRequirement], new ClaimsPrincipal(), null);
|
|
|
|
// Act
|
|
await sutProvider.Sut.HandleAsync(authContext);
|
|
|
|
// Assert
|
|
await testRequirement.Received(1).AuthorizeAsync(null, Arg.Any<Func<Task<bool>>>());
|
|
Assert.False(authContext.HasSucceeded);
|
|
}
|
|
|
|
[Theory, BitAutoData]
|
|
public async Task Authorizes_IfAuthorizeAsync_ReturnsTrue(
|
|
SutProvider<OrganizationRequirementHandler> sutProvider, Guid organizationId, Guid userId)
|
|
{
|
|
// Arrange route values
|
|
ArrangeRouteAndUser(sutProvider, organizationId.ToString(), userId);
|
|
|
|
// Arrange requirement
|
|
var testRequirement = Substitute.For<IOrganizationRequirement>();
|
|
testRequirement
|
|
.AuthorizeAsync(null, Arg.Any<Func<Task<bool>>>())
|
|
.ReturnsForAnyArgs(true);
|
|
var authContext = new AuthorizationHandlerContext([testRequirement], new ClaimsPrincipal(), null);
|
|
|
|
// Act
|
|
await sutProvider.Sut.HandleAsync(authContext);
|
|
|
|
// Assert
|
|
await testRequirement.Received(1).AuthorizeAsync(null, Arg.Any<Func<Task<bool>>>());
|
|
Assert.True(authContext.HasSucceeded);
|
|
}
|
|
|
|
private static void ArrangeRouteAndUser(SutProvider<OrganizationRequirementHandler> sutProvider, string orgIdRouteValue,
|
|
Guid? userId)
|
|
{
|
|
var httpContext = new DefaultHttpContext();
|
|
httpContext.Request.RouteValues["orgId"] = orgIdRouteValue;
|
|
sutProvider.GetDependency<IHttpContextAccessor>().HttpContext = httpContext;
|
|
sutProvider.GetDependency<IUserService>().GetProperUserId(Arg.Any<ClaimsPrincipal>()).Returns(userId);
|
|
}
|
|
}
|