Implement model validation in PolicyDataValidator and enhance error handling

Added a ValidateModel method to enforce validation rules for policy data. Updated error messages to provide clearer feedback on validation failures. Enhanced unit tests to cover new validation scenarios for MinLength and MinComplexity properties.
2026-01-30 00:03:48 +00:00 · 2026-01-07 16:26:46 +00:00
parent 0ae3c5a469
commit 0b612ed889
2 changed files with 46 additions and 4 deletions
--- a/src/Core/AdminConsole/Utilities/PolicyDataValidator.cs
+++ b/src/Core/AdminConsole/Utilities/PolicyDataValidator.cs
@@ -1,4 +1,5 @@
-using System.Text.Json;
+using System.ComponentModel.DataAnnotations;
+using System.Text.Json;
 using Bit.Core.AdminConsole.Enums;
 using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.Models;
@@ -30,7 +31,8 @@ public static class PolicyDataValidator
            switch (policyType)
            {
                case PolicyType.MasterPassword:
-                    CoreHelpers.LoadClassFromJsonData<MasterPasswordPolicyData>(json);
+                    var masterPasswordData = CoreHelpers.LoadClassFromJsonData<MasterPasswordPolicyData>(json);
+                    ValidateModel(masterPasswordData, policyType);
                    break;
                case PolicyType.SendOptions:
                    CoreHelpers.LoadClassFromJsonData<SendOptionsPolicyData>(json);
@@ -44,11 +46,24 @@ public static class PolicyDataValidator
        }
        catch (JsonException ex)
        {
-            var fieldInfo = !string.IsNullOrEmpty(ex.Path) ? $": field '{ex.Path}' has invalid type" : "";
+            var fieldName = !string.IsNullOrEmpty(ex.Path) ? ex.Path.TrimStart('$', '.') : null;
+            var fieldInfo = !string.IsNullOrEmpty(fieldName) ? $": {fieldName} has an invalid value" : "";
            throw new BadRequestException($"Invalid data for {policyType} policy{fieldInfo}.");
        }
    }

+    private static void ValidateModel(object model, PolicyType policyType)
+    {
+        var validationContext = new ValidationContext(model);
+        var validationResults = new List<ValidationResult>();
+
+        if (!Validator.TryValidateObject(model, validationContext, validationResults, true))
+        {
+            var errors = string.Join(", ", validationResults.Select(r => r.ErrorMessage));
+            throw new BadRequestException($"Invalid data for {policyType} policy: {errors}");
+        }
+    }
+
    /// <summary>
    /// Validates and deserializes policy metadata based on the policy type.
    /// </summary>
--- a/test/Core.Test/AdminConsole/Utilities/PolicyDataValidatorTests.cs
+++ b/test/Core.Test/AdminConsole/Utilities/PolicyDataValidatorTests.cs
@@ -19,12 +19,17 @@ public class PolicyDataValidatorTests
    [Fact]
    public void ValidateAndSerialize_ValidData_ReturnsSerializedJson()
    {
-        var data = new Dictionary<string, object> { { "minLength", 12 } };
+        var data = new Dictionary<string, object>
+        {
+            { "minLength", 12 },
+            { "minComplexity", 4 }
+        };

        var result = PolicyDataValidator.ValidateAndSerialize(data, PolicyType.MasterPassword);

        Assert.NotNull(result);
        Assert.Contains("\"minLength\":12", result);
+        Assert.Contains("\"minComplexity\":4", result);
    }

    [Fact]
@@ -56,4 +61,26 @@ public class PolicyDataValidatorTests

        Assert.IsType<OrganizationModelOwnershipPolicyModel>(result);
    }
+
+    [Fact]
+    public void ValidateAndSerialize_ExcessiveMinLength_ThrowsBadRequestException()
+    {
+        var data = new Dictionary<string, object> { { "minLength", 129 } };
+
+        var exception = Assert.Throws<BadRequestException>(() =>
+            PolicyDataValidator.ValidateAndSerialize(data, PolicyType.MasterPassword));
+
+        Assert.Contains("Invalid data for MasterPassword policy", exception.Message);
+    }
+
+    [Fact]
+    public void ValidateAndSerialize_ExcessiveMinComplexity_ThrowsBadRequestException()
+    {
+        var data = new Dictionary<string, object> { { "minComplexity", 5 } };
+
+        var exception = Assert.Throws<BadRequestException>(() =>
+            PolicyDataValidator.ValidateAndSerialize(data, PolicyType.MasterPassword));
+
+        Assert.Contains("Invalid data for MasterPassword policy", exception.Message);
+    }
 }