[PM-20595] Add Policy for Send access (#6282)

* feat: add policy to API startup and Policies class to hold the static strings * test: add snapshot testing for constants to help with rust mappings * doc: add docs for send access
2025-12-06 00:03:34 +00:00 · 2025-09-05 10:36:01 -04:00
parent 2c0c113420
commit 6d4129c6b7
6 changed files with 162 additions and 4 deletions
--- a/test/Identity.Test/IdentityServer/SendAccess/SendConstantsSnapshotTests.cs
+++ b/test/Identity.Test/IdentityServer/SendAccess/SendConstantsSnapshotTests.cs
@@ -0,0 +1,73 @@
+using Bit.Identity.IdentityServer.RequestValidators.SendAccess;
+using Xunit;
+
+namespace Bit.Identity.Test.IdentityServer.SendAccess;
+
+/// <summary>
+/// Snapshot tests to ensure the string constants in <see cref="SendAccessConstants"/> do not change unintentionally.
+/// If you change any of these values, please ensure you understand the impact and update the SDK accordingly.
+/// If you intentionally change any of these values, please update the tests to reflect the new expected values.
+/// </summary>
+public class SendConstantsSnapshotTests
+{
+    [Fact]
+    public void SendAccessError_Constant_HasCorrectValue()
+    {
+        // Assert
+        Assert.Equal("send_access_error_type", SendAccessConstants.SendAccessError);
+    }
+
+    [Fact]
+    public void TokenRequest_Constants_HaveCorrectValues()
+    {
+        // Assert
+        Assert.Equal("send_id", SendAccessConstants.TokenRequest.SendId);
+        Assert.Equal("password_hash_b64", SendAccessConstants.TokenRequest.ClientB64HashedPassword);
+        Assert.Equal("email", SendAccessConstants.TokenRequest.Email);
+        Assert.Equal("otp", SendAccessConstants.TokenRequest.Otp);
+    }
+
+    [Fact]
+    public void GrantValidatorResults_Constants_HaveCorrectValues()
+    {
+        // Assert
+        Assert.Equal("valid_send_guid", SendAccessConstants.GrantValidatorResults.ValidSendGuid);
+        Assert.Equal("send_id_required", SendAccessConstants.GrantValidatorResults.SendIdRequired);
+        Assert.Equal("send_id_invalid", SendAccessConstants.GrantValidatorResults.InvalidSendId);
+    }
+
+    [Fact]
+    public void PasswordValidatorResults_Constants_HaveCorrectValues()
+    {
+        // Assert
+        Assert.Equal("password_hash_b64_invalid", SendAccessConstants.PasswordValidatorResults.RequestPasswordDoesNotMatch);
+        Assert.Equal("password_hash_b64_required", SendAccessConstants.PasswordValidatorResults.RequestPasswordIsRequired);
+    }
+
+    [Fact]
+    public void EmailOtpValidatorResults_Constants_HaveCorrectValues()
+    {
+        // Assert
+        Assert.Equal("email_invalid", SendAccessConstants.EmailOtpValidatorResults.EmailInvalid);
+        Assert.Equal("email_required", SendAccessConstants.EmailOtpValidatorResults.EmailRequired);
+        Assert.Equal("email_and_otp_required_otp_sent", SendAccessConstants.EmailOtpValidatorResults.EmailOtpSent);
+        Assert.Equal("otp_invalid", SendAccessConstants.EmailOtpValidatorResults.EmailOtpInvalid);
+        Assert.Equal("otp_generation_failed", SendAccessConstants.EmailOtpValidatorResults.OtpGenerationFailed);
+    }
+
+    [Fact]
+    public void OtpToken_Constants_HaveCorrectValues()
+    {
+        // Assert
+        Assert.Equal("send_access", SendAccessConstants.OtpToken.TokenProviderName);
+        Assert.Equal("email_otp", SendAccessConstants.OtpToken.Purpose);
+        Assert.Equal("{0}_{1}", SendAccessConstants.OtpToken.TokenUniqueIdentifier);
+    }
+
+    [Fact]
+    public void OtpEmail_Constants_HaveCorrectValues()
+    {
+        // Assert
+        Assert.Equal("Your Bitwarden Send verification code is {0}", SendAccessConstants.OtpEmail.Subject);
+    }
+}