bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2026-01-02 08:33:48 +00:00
Code Issues Releases Wiki Activity

[PM-3779] idor allow the attacker to delete the victim domain (#3308)

Browse Source 
* [PM-3779] Added IOrganizationDomainRepository.GetDomainByIdAndOrganizationIdAsync and SQL stored procedure

* [PM-3779] Changed GetOrganizationDomainByIdQuery to also take OrgId as a parameter. Updated existing unit tests and added new. Updated controller to match command changes

* [PM-3779] Removed type from url routes

* [PM-3779] Renamed IGetOrganizationDomainByIdAndOrganizationIdQuery to IGetOrganizationDomainByIdOrganizationIdQuery

* [PM-3779] Renamed GetOrganizationDomainByIdOrganizationIdQueryTests file and added more tests
This commit is contained in:
Rui Tomé
2023-10-18 11:57:59 +01:00
committed by GitHub
parent cb73056c42
commit 21219262a2
22 changed files with 312 additions and 176 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
test/Core.Test/OrganizationFeatures/OrganizationDomains/VerifyOrganizationDomainCommandTests.cs
View File

@@ -7,8 +7,6 @@ using Bit.Core.Services;
using Bit.Test.Common.AutoFixture;
using Bit.Test.Common.AutoFixture.Attributes;
using NSubstitute;
using NSubstitute.ReceivedExtensions;
using NSubstitute.ReturnsExtensions;
using Xunit;
namespace Bit.Core.Test.OrganizationFeatures.OrganizationDomains;
@@ -16,19 +14,6 @@ namespace Bit.Core.Test.OrganizationFeatures.OrganizationDomains;
[SutProviderCustomize]
public class VerifyOrganizationDomainCommandTests
{
[Theory, BitAutoData]
public async Task VerifyOrganizationDomain_ShouldThrowNotFound_WhenDomainDoesNotExist(Guid id,
SutProvider<VerifyOrganizationDomainCommand> sutProvider)
{
sutProvider.GetDependency<IOrganizationDomainRepository>()
.GetByIdAsync(id)
.ReturnsNull();
var requestAction = async () => await sutProvider.Sut.VerifyOrganizationDomain(id);
await Assert.ThrowsAsync<NotFoundException>(requestAction);
}
[Theory, BitAutoData]
public async Task VerifyOrganizationDomain_ShouldThrowConflict_WhenDomainHasBeenClaimed(Guid id,
SutProvider<VerifyOrganizationDomainCommand> sutProvider)
@@ -45,7 +30,7 @@ public class VerifyOrganizationDomainCommandTests
.GetByIdAsync(id)
.Returns(expected);
var requestAction = async () => await sutProvider.Sut.VerifyOrganizationDomain(id);
var requestAction = async () => await sutProvider.Sut.VerifyOrganizationDomainAsync(expected);
var exception = await Assert.ThrowsAsync<ConflictException>(requestAction);
Assert.Contains("Domain has already been verified.", exception.Message);
@@ -69,7 +54,7 @@ public class VerifyOrganizationDomainCommandTests
.GetClaimedDomainsByDomainNameAsync(expected.DomainName)
.Returns(new List<OrganizationDomain> { expected });
var requestAction = async () => await sutProvider.Sut.VerifyOrganizationDomain(id);
var requestAction = async () => await sutProvider.Sut.VerifyOrganizationDomainAsync(expected);
var exception = await Assert.ThrowsAsync<ConflictException>(requestAction);
Assert.Contains("The domain is not available to be claimed.", exception.Message);
@@ -96,7 +81,7 @@ public class VerifyOrganizationDomainCommandTests
.ResolveAsync(expected.DomainName, Arg.Any<string>())
.Returns(true);
var result = await sutProvider.Sut.VerifyOrganizationDomain(id);
var result = await sutProvider.Sut.VerifyOrganizationDomainAsync(expected);
Assert.NotNull(result.VerifiedDate);
await sutProvider.GetDependency<IOrganizationDomainRepository>().Received(1)
@@ -126,7 +111,7 @@ public class VerifyOrganizationDomainCommandTests
.ResolveAsync(expected.DomainName, Arg.Any<string>())
.Returns(false);
var result = await sutProvider.Sut.VerifyOrganizationDomain(id);
var result = await sutProvider.Sut.VerifyOrganizationDomainAsync(expected);
Assert.Null(result.VerifiedDate);
await sutProvider.GetDependency<IEventService>().Received(1)