bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2026-01-14 22:43:19 +00:00
Code Issues Releases Wiki Activity

[PM-29555] Add self-revoke endpoint for declining organization data ownership policy (#6739)

Browse Source 
* Add OrganizationUser_SelfRevoked event type to EventType enum

* Add SelfRevokeOrganizationUserCommand implementation and interface for user self-revocation from organizations

* Add unit tests for SelfRevokeOrganizationUserCommand to validate user self-revocation logic, including success scenarios and various failure conditions.

* Add ISelfRevokeOrganizationUserCommand registration to OrganizationServiceCollectionExtensions for user self-revocation functionality

* Add self-revoke user functionality to OrganizationUsersController with new endpoint for user-initiated revocation

* Add integration tests for self-revoke functionality in OrganizationUsersController, covering scenarios for eligible users, non-members, and users with owner/admin roles.

* Add unit test for SelfRevokeOrganizationUserCommand to validate behavior when a user attempts to self-revoke without confirmation. This test checks for a BadRequestException with an appropriate message.

* Add MemberRequirement class for organization membership authorization

- Implemented MemberRequirement to check if a user is a member of the organization.
- Added unit tests for MemberRequirement to validate authorization logic for different user types.

* Update authorization requirement for self-revoke endpoint and add integration test for provider users

- Changed authorization attribute from MemberOrProviderRequirement to MemberRequirement in the RevokeSelfAsync method.
- Added a new integration test to verify that provider users who are not members receive a forbidden response when attempting to revoke themselves.

* Add EligibleForSelfRevoke method to OrganizationDataOwnershipPolicyRequirement

- Implemented the EligibleForSelfRevoke method to determine if a user can self-revoke their data ownership based on their membership status and policy state.
- Added unit tests to validate the eligibility logic for confirmed, invited, and non-policy users, as well as for different organization IDs.

* Refactor self-revoke user command to enhance eligibility checks

- Updated the SelfRevokeOrganizationUserCommand to utilize policy requirements for determining user eligibility for self-revocation.
- Implemented checks to prevent the last owner from revoking themselves, ensuring organizational integrity.
- Modified unit tests to reflect changes in eligibility logic and added scenarios for confirmed owners and admins.
- Removed deprecated policy checks and streamlined the command's dependencies.

* Use CommandResult pattern in self-revoke command

* Clearer documentation
This commit is contained in:
Rui Tomé
2026-01-06 11:25:14 +00:00
committed by GitHub
parent 35868c2a65
commit 1b17d99bfd
12 changed files with 660 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

171
test/Api.IntegrationTest/AdminConsole/Controllers/OrganizationUsersControllerSelfRevokeTests.cs Normal file
View File

@@ -0,0 +1,171 @@
using System.Net;
using Bit.Api.IntegrationTest.Factories;
using Bit.Api.IntegrationTest.Helpers;
using Bit.Core.AdminConsole.Entities;
using Bit.Core.AdminConsole.Enums;
using Bit.Core.AdminConsole.Enums.Provider;
using Bit.Core.AdminConsole.Repositories;
using Bit.Core.Billing.Enums;
using Bit.Core.Enums;
using Bit.Core.Repositories;
using Xunit;
namespace Bit.Api.IntegrationTest.AdminConsole.Controllers;
public class OrganizationUsersControllerSelfRevokeTests : IClassFixture<ApiApplicationFactory>, IAsyncLifetime
{
private readonly HttpClient _client;
private readonly ApiApplicationFactory _factory;
private readonly LoginHelper _loginHelper;
private string _ownerEmail = null!;
public OrganizationUsersControllerSelfRevokeTests(ApiApplicationFactory apiFactory)
{
_factory = apiFactory;
_client = _factory.CreateClient();
_loginHelper = new LoginHelper(_factory, _client);
}
public async Task InitializeAsync()
{
_ownerEmail = $"{Guid.NewGuid()}@example.com";
await _factory.LoginWithNewAccount(_ownerEmail);
}
public Task DisposeAsync()
{
_client.Dispose();
return Task.CompletedTask;
}
[Fact]
public async Task SelfRevoke_WhenPolicyEnabledAndUserIsEligible_ReturnsOk()
{
var (organization, _) = await OrganizationTestHelpers.SignUpAsync(_factory, plan: PlanType.EnterpriseAnnually,
ownerEmail: _ownerEmail, passwordManagerSeats: 5, paymentMethod: PaymentMethodType.Card);
var policy = new Policy
{
OrganizationId = organization.Id,
Type = PolicyType.OrganizationDataOwnership,
Enabled = true,
Data = null
};
await _factory.GetService<IPolicyRepository>().CreateAsync(policy);
var (userEmail, _) = await OrganizationTestHelpers.CreateNewUserWithAccountAsync(
_factory,
organization.Id,
OrganizationUserType.User);
await _loginHelper.LoginAsync(userEmail);
var result = await _client.PutAsync($"organizations/{organization.Id}/users/revoke-self", null);
Assert.Equal(HttpStatusCode.NoContent, result.StatusCode);
var organizationUserRepository = _factory.GetService<IOrganizationUserRepository>();
var organizationUsers = await organizationUserRepository.GetManyDetailsByOrganizationAsync(organization.Id);
var revokedUser = organizationUsers.FirstOrDefault(u => u.Email == userEmail);
Assert.NotNull(revokedUser);
Assert.Equal(OrganizationUserStatusType.Revoked, revokedUser.Status);
}
[Fact]
public async Task SelfRevoke_WhenUserNotMemberOfOrganization_ReturnsForbidden()
{
var (organization, _) = await OrganizationTestHelpers.SignUpAsync(_factory, plan: PlanType.EnterpriseAnnually,
ownerEmail: _ownerEmail, passwordManagerSeats: 5, paymentMethod: PaymentMethodType.Card);
var policy = new Policy
{
OrganizationId = organization.Id,
Type = PolicyType.OrganizationDataOwnership,
Enabled = true,
Data = null
};
await _factory.GetService<IPolicyRepository>().CreateAsync(policy);
var nonMemberEmail = $"{Guid.NewGuid()}@example.com";
await _factory.LoginWithNewAccount(nonMemberEmail);
await _loginHelper.LoginAsync(nonMemberEmail);
var result = await _client.PutAsync($"organizations/{organization.Id}/users/revoke-self", null);
Assert.Equal(HttpStatusCode.Forbidden, result.StatusCode);
}
[Theory]
[InlineData(OrganizationUserType.Owner)]
[InlineData(OrganizationUserType.Admin)]
public async Task SelfRevoke_WhenUserIsOwnerOrAdmin_ReturnsBadRequest(OrganizationUserType userType)
{
var (organization, _) = await OrganizationTestHelpers.SignUpAsync(_factory, plan: PlanType.EnterpriseAnnually,
ownerEmail: _ownerEmail, passwordManagerSeats: 5, paymentMethod: PaymentMethodType.Card);
var policy = new Policy
{
OrganizationId = organization.Id,
Type = PolicyType.OrganizationDataOwnership,
Enabled = true,
Data = null
};
await _factory.GetService<IPolicyRepository>().CreateAsync(policy);
string userEmail;
if (userType == OrganizationUserType.Owner)
{
userEmail = _ownerEmail;
}
else
{
(userEmail, _) = await OrganizationTestHelpers.CreateNewUserWithAccountAsync(
_factory,
organization.Id,
userType);
}
await _loginHelper.LoginAsync(userEmail);
var result = await _client.PutAsync($"organizations/{organization.Id}/users/revoke-self", null);
Assert.Equal(HttpStatusCode.BadRequest, result.StatusCode);
}
[Fact]
public async Task SelfRevoke_WhenUserIsProviderButNotMember_ReturnsForbidden()
{
var (organization, _) = await OrganizationTestHelpers.SignUpAsync(_factory, plan: PlanType.EnterpriseAnnually,
ownerEmail: _ownerEmail, passwordManagerSeats: 5, paymentMethod: PaymentMethodType.Card);
var policy = new Policy
{
OrganizationId = organization.Id,
Type = PolicyType.OrganizationDataOwnership,
Enabled = true,
Data = null
};
await _factory.GetService<IPolicyRepository>().CreateAsync(policy);
var provider = await ProviderTestHelpers.CreateProviderAndLinkToOrganizationAsync(
_factory,
organization.Id,
ProviderType.Msp,
ProviderStatusType.Billable);
var providerUserEmail = $"{Guid.NewGuid()}@example.com";
await _factory.LoginWithNewAccount(providerUserEmail);
await ProviderTestHelpers.CreateProviderUserAsync(
_factory,
provider.Id,
providerUserEmail,
ProviderUserType.ProviderAdmin);
await _loginHelper.LoginAsync(providerUserEmail);
var result = await _client.PutAsync($"organizations/{organization.Id}/users/revoke-self", null);
Assert.Equal(HttpStatusCode.Forbidden, result.StatusCode);
}
}

49
test/Api.Test/AdminConsole/Authorization/Requirements/MemberRequirementTests.cs Normal file
View File

@@ -0,0 +1,49 @@
using Bit.Api.AdminConsole.Authorization.Requirements;
using Bit.Core.Context;
using Bit.Core.Enums;
using Bit.Core.Test.AdminConsole.AutoFixture;
using Bit.Test.Common.AutoFixture;
using Bit.Test.Common.AutoFixture.Attributes;
using Xunit;
namespace Bit.Api.Test.AdminConsole.Authorization.Requirements;
[SutProviderCustomize]
public class MemberRequirementTests
{
[Theory]
[CurrentContextOrganizationCustomize]
[BitAutoData(OrganizationUserType.Owner)]
[BitAutoData(OrganizationUserType.Admin)]
[BitAutoData(OrganizationUserType.User)]
[BitAutoData(OrganizationUserType.Custom)]
public async Task AuthorizeAsync_WhenUserIsOrganizationMember_ThenRequestShouldBeAuthorized(
OrganizationUserType type,
CurrentContextOrganization organization,
SutProvider<MemberRequirement> sutProvider)
{
organization.Type = type;
var actual = await sutProvider.Sut.AuthorizeAsync(organization, () => Task.FromResult(false));
Assert.True(actual);
}
[Theory, BitAutoData]
public async Task AuthorizeAsync_WhenUserIsNotOrganizationMember_ThenRequestShouldBeDenied(
SutProvider<MemberRequirement> sutProvider)
{
var actual = await sutProvider.Sut.AuthorizeAsync(null, () => Task.FromResult(false));
Assert.False(actual);
}
[Theory, BitAutoData]
public async Task AuthorizeAsync_WhenUserIsProviderButNotMember_ThenRequestShouldBeDenied(
SutProvider<MemberRequirement> sutProvider)
{
var actual = await sutProvider.Sut.AuthorizeAsync(null, () => Task.FromResult(true));
Assert.False(actual);
}
}

233
test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/SelfRevokeUser/SelfRevokeOrganizationUserCommandTests.cs Normal file
View File

@@ -0,0 +1,233 @@
using Bit.Core.AdminConsole.Enums;
using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.SelfRevokeUser;
using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Platform.Push;
using Bit.Core.Repositories;
using Bit.Core.Services;
using Bit.Core.Test.AutoFixture.OrganizationUserFixtures;
using Bit.Test.Common.AutoFixture;
using Bit.Test.Common.AutoFixture.Attributes;
using NSubstitute;
using Xunit;
namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.OrganizationUsers.SelfRevokeUser;
[SutProviderCustomize]
public class SelfRevokeOrganizationUserCommandTests
{
[Theory]
[BitAutoData(OrganizationUserType.User)]
[BitAutoData(OrganizationUserType.Custom)]
[BitAutoData(OrganizationUserType.Admin)]
public async Task SelfRevokeUser_Success(
OrganizationUserType userType,
Guid organizationId,
Guid userId,
[OrganizationUser(OrganizationUserStatusType.Confirmed)] OrganizationUser organizationUser,
SutProvider<SelfRevokeOrganizationUserCommand> sutProvider)
{
// Arrange
organizationUser.Type = userType;
organizationUser.OrganizationId = organizationId;
organizationUser.UserId = userId;
sutProvider.GetDependency<IOrganizationUserRepository>()
.GetByOrganizationAsync(organizationId, userId)
.Returns(organizationUser);
// Create policy requirement with confirmed user
var policyDetails = new List<PolicyDetails>
{
new()
{
OrganizationId = organizationId,
OrganizationUserId = organizationUser.Id,
OrganizationUserStatus = OrganizationUserStatusType.Confirmed,
OrganizationUserType = userType,
PolicyType = PolicyType.OrganizationDataOwnership
}
};
var policyRequirement = new OrganizationDataOwnershipPolicyRequirement(
OrganizationDataOwnershipState.Enabled,
policyDetails);
sutProvider.GetDependency<IPolicyRequirementQuery>()
.GetAsync<OrganizationDataOwnershipPolicyRequirement>(userId)
.Returns(policyRequirement);
// Act
var result = await sutProvider.Sut.SelfRevokeUserAsync(organizationId, userId);
// Assert
Assert.True(result.IsSuccess);
await sutProvider.GetDependency<IOrganizationUserRepository>()
.Received(1)
.RevokeAsync(organizationUser.Id);
await sutProvider.GetDependency<IEventService>()
.Received(1)
.LogOrganizationUserEventAsync(organizationUser, EventType.OrganizationUser_SelfRevoked);
await sutProvider.GetDependency<IPushNotificationService>()
.Received(1)
.PushSyncOrgKeysAsync(userId);
}
[Theory, BitAutoData]
public async Task SelfRevokeUser_WhenUserNotFound_ReturnsNotFoundError(
Guid organizationId,
Guid userId,
SutProvider<SelfRevokeOrganizationUserCommand> sutProvider)
{
// Arrange
sutProvider.GetDependency<IOrganizationUserRepository>()
.GetByOrganizationAsync(organizationId, userId)
.Returns((OrganizationUser)null);
// Act
var result = await sutProvider.Sut.SelfRevokeUserAsync(organizationId, userId);
// Assert
Assert.True(result.IsError);
Assert.IsType<OrganizationUserNotFound>(result.AsError);
}
[Theory, BitAutoData]
public async Task SelfRevokeUser_WhenNotEligible_ReturnsBadRequestError(
Guid organizationId,
Guid userId,
[OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.User)] OrganizationUser organizationUser,
SutProvider<SelfRevokeOrganizationUserCommand> sutProvider)
{
// Arrange
organizationUser.OrganizationId = organizationId;
organizationUser.UserId = userId;
sutProvider.GetDependency<IOrganizationUserRepository>()
.GetByOrganizationAsync(organizationId, userId)
.Returns(organizationUser);
// Policy requirement with no policies (disabled)
var policyRequirement = new OrganizationDataOwnershipPolicyRequirement(
OrganizationDataOwnershipState.Disabled,
Enumerable.Empty<PolicyDetails>());
sutProvider.GetDependency<IPolicyRequirementQuery>()
.GetAsync<OrganizationDataOwnershipPolicyRequirement>(userId)
.Returns(policyRequirement);
// Act
var result = await sutProvider.Sut.SelfRevokeUserAsync(organizationId, userId);
// Assert
Assert.True(result.IsError);
Assert.IsType<NotEligibleForSelfRevoke>(result.AsError);
}
[Theory, BitAutoData]
public async Task SelfRevokeUser_WhenLastOwner_ReturnsBadRequestError(
Guid organizationId,
Guid userId,
[OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.Owner)] OrganizationUser organizationUser,
SutProvider<SelfRevokeOrganizationUserCommand> sutProvider)
{
// Arrange
organizationUser.OrganizationId = organizationId;
organizationUser.UserId = userId;
sutProvider.GetDependency<IOrganizationUserRepository>()
.GetByOrganizationAsync(organizationId, userId)
.Returns(organizationUser);
// Create policy requirement with confirmed owner
var policyDetails = new List<PolicyDetails>
{
new()
{
OrganizationId = organizationId,
OrganizationUserId = organizationUser.Id,
OrganizationUserStatus = OrganizationUserStatusType.Confirmed,
OrganizationUserType = OrganizationUserType.Owner,
PolicyType = PolicyType.OrganizationDataOwnership
}
};
var policyRequirement = new OrganizationDataOwnershipPolicyRequirement(
OrganizationDataOwnershipState.Enabled,
policyDetails);
sutProvider.GetDependency<IPolicyRequirementQuery>()
.GetAsync<OrganizationDataOwnershipPolicyRequirement>(userId)
.Returns(policyRequirement);
sutProvider.GetDependency<IHasConfirmedOwnersExceptQuery>()
.HasConfirmedOwnersExceptAsync(organizationId, Arg.Any<IEnumerable<Guid>>(), true)
.Returns(false);
// Act
var result = await sutProvider.Sut.SelfRevokeUserAsync(organizationId, userId);
// Assert
Assert.True(result.IsError);
Assert.IsType<LastOwnerCannotSelfRevoke>(result.AsError);
}
[Theory, BitAutoData]
public async Task SelfRevokeUser_WhenOwnerButNotLastOwner_Success(
Guid organizationId,
Guid userId,
[OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.Owner)] OrganizationUser organizationUser,
SutProvider<SelfRevokeOrganizationUserCommand> sutProvider)
{
// Arrange
organizationUser.OrganizationId = organizationId;
organizationUser.UserId = userId;
sutProvider.GetDependency<IOrganizationUserRepository>()
.GetByOrganizationAsync(organizationId, userId)
.Returns(organizationUser);
// Create policy requirement with confirmed owner
var policyDetails = new List<PolicyDetails>
{
new()
{
OrganizationId = organizationId,
OrganizationUserId = organizationUser.Id,
OrganizationUserStatus = OrganizationUserStatusType.Confirmed,
OrganizationUserType = OrganizationUserType.Owner,
PolicyType = PolicyType.OrganizationDataOwnership
}
};
var policyRequirement = new OrganizationDataOwnershipPolicyRequirement(
OrganizationDataOwnershipState.Enabled,
policyDetails);
sutProvider.GetDependency<IPolicyRequirementQuery>()
.GetAsync<OrganizationDataOwnershipPolicyRequirement>(userId)
.Returns(policyRequirement);
sutProvider.GetDependency<IHasConfirmedOwnersExceptQuery>()
.HasConfirmedOwnersExceptAsync(organizationId, Arg.Any<IEnumerable<Guid>>(), true)
.Returns(true);
// Act
var result = await sutProvider.Sut.SelfRevokeUserAsync(organizationId, userId);
// Assert
Assert.True(result.IsSuccess);
await sutProvider.GetDependency<IOrganizationUserRepository>()
.Received(1)
.RevokeAsync(organizationUser.Id);
await sutProvider.GetDependency<IEventService>()
.Received(1)
.LogOrganizationUserEventAsync(organizationUser, EventType.OrganizationUser_SelfRevoked);
}
}

67
test/Core.Test/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/OrganizationDataOwnershipPolicyRequirementFactoryTests.cs
View File

@@ -36,6 +36,73 @@ public class OrganizationDataOwnershipPolicyRequirementFactoryTests
Assert.Equal(PolicyType.OrganizationDataOwnership, sutProvider.Sut.PolicyType);
}
[Theory, BitAutoData]
public void EligibleForSelfRevoke_WithConfirmedUser_ReturnsTrue(
Guid organizationId,
[PolicyDetails(PolicyType.OrganizationDataOwnership, userStatus: OrganizationUserStatusType.Confirmed)] PolicyDetails[] policies,
SutProvider<OrganizationDataOwnershipPolicyRequirementFactory> sutProvider)
{
// Arrange
policies[0].OrganizationId = organizationId;
var requirement = sutProvider.Sut.Create(policies);
// Act
var result = requirement.EligibleForSelfRevoke(organizationId);
// Assert
Assert.True(result);
}
[Theory, BitAutoData]
public void EligibleForSelfRevoke_WithInvitedUser_ReturnsFalse(
Guid organizationId,
[PolicyDetails(PolicyType.OrganizationDataOwnership, userStatus: OrganizationUserStatusType.Invited)] PolicyDetails[] policies,
SutProvider<OrganizationDataOwnershipPolicyRequirementFactory> sutProvider)
{
// Arrange
policies[0].OrganizationId = organizationId;
var requirement = sutProvider.Sut.Create(policies);
// Act
var result = requirement.EligibleForSelfRevoke(organizationId);
// Assert
Assert.False(result);
}
[Theory, BitAutoData]
public void EligibleForSelfRevoke_WithNoPolicies_ReturnsFalse(
Guid organizationId,
SutProvider<OrganizationDataOwnershipPolicyRequirementFactory> sutProvider)
{
// Arrange
var requirement = sutProvider.Sut.Create([]);
// Act
var result = requirement.EligibleForSelfRevoke(organizationId);
// Assert
Assert.False(result);
}
[Theory, BitAutoData]
public void EligibleForSelfRevoke_WithDifferentOrganization_ReturnsFalse(
Guid organizationId,
Guid differentOrganizationId,
[PolicyDetails(PolicyType.OrganizationDataOwnership, userStatus: OrganizationUserStatusType.Confirmed)] PolicyDetails[] policies,
SutProvider<OrganizationDataOwnershipPolicyRequirementFactory> sutProvider)
{
// Arrange
policies[0].OrganizationId = differentOrganizationId;
var requirement = sutProvider.Sut.Create(policies);
// Act
var result = requirement.EligibleForSelfRevoke(organizationId);
// Assert
Assert.False(result);
}
[Theory, BitAutoData]
public void GetDefaultCollectionRequestOnPolicyEnable_WithConfirmedUser_ReturnsTrue(
[PolicyDetails(PolicyType.OrganizationDataOwnership, userStatus: OrganizationUserStatusType.Confirmed)] PolicyDetails[] policies,