[PM-25923] Simplify and align response models for Organization members and Provider users (#6385)

* Update ProviderUserOrganizationDetailsView to include SSO configuration data * Updated the ProviderUserOrganizationDetailsViewQuery to join with SsoConfigs and select SSO-related fields. * Modified the SQL view to reflect the inclusion of SSO configuration data. * Added a new migration script for the updated view structure. * Add SSO configuration properties to ProviderUserOrganizationDetails model * Add SSO configuration handling to ProfileProviderOrganizationResponseModel * Introduced properties for SSO configuration, including SSO enabled status and KeyConnector details. * Implemented deserialization of SSO configuration data to populate new fields in the response model. * Add integration tests for ProviderUserRepository.GetManyOrganizationDetailsByUserAsync * Add BaseUserOrganizationDetails model to encapsulate common properties * Introduced a new abstract class to define shared properties for organization users and provider organization users * Add BaseProfileOrganizationResponseModel to encapsulate organization response properties * Introduced a new abstract class that ensures all properties are fully populated for profile organization responses. * Update ProviderUserOrganizationDetailsViewQuery to include missing ProviderUserId * Refactor OrganizationUserOrganizationDetails and ProviderUserOrganizationDetails to inherit from BaseUserOrganizationDetails * Updated both models to extend BaseUserOrganizationDetails, promoting code reuse and ensure they have the same base properties * Refactor ProfileOrganizationResponseModel and ProfileProviderOrganizationResponseModel to inherit from BaseProfileOrganizationResponseModel * Refactor ProviderUserRepositoryTests to improve organization detail assertions * Consolidated assertions for organization details into a new method, AssertProviderOrganizationDetails, enhancing code readability and maintainability. * Updated test cases to verify all relevant properties for organizations with and without SSO configurations. * Add integration test for GetManyDetailsByUserAsync to verify SSO properties * Implemented a new test case to ensure that the SSO properties are correctly populated for organizations with and without SSO configurations. * The test verifies the expected behavior of the method when interacting with the user and organization repositories, including cleanup of created entities after the test execution. * Add unit tests for ProfileOrganizationResponseModel and ProfileProviderOrganizationResponseModel * Introduced tests to validate the constructors of ProfileOrganizationResponseModel and ProfileProviderOrganizationResponseModel, ensuring that all properties are populated correctly based on the provided organization details. * Verified expected behavior for both organization and provider models, including SSO configurations and relevant properties. * Update SyncControllerTests.Get_ProviderPlanTypeProperlyPopulated to nullify SSO configurations in provider user organization details * Refactor BaseProfileOrganizationResponseModel and ProfileOrganizationResponseModel for null safety Updated properties in BaseProfileOrganizationResponseModel and ProfileOrganizationResponseModel to support null safety by introducing nullable types where appropriate. * Enhance null safety in BaseUserOrganizationDetails and OrganizationUserOrganizationDetails Updated properties in BaseUserOrganizationDetails and OrganizationUserOrganizationDetails to support null safety by introducing nullable types where appropriate, ensuring better handling of potential null values. * Move common properties from ProfileOrganizationResponseModel to BaseProfileOrganizationResponseModel * Refactor organization details: Remove BaseUserOrganizationDetails and introduce IProfileMemberOrganizationDetails interface for improved structure and clarity in organization user data management. * Enhance OrganizationUserOrganizationDetails: Implement IProfileMemberOrganizationDetails interface * Refactor ProviderUserOrganizationDetails: Implement IProfileMemberOrganizationDetails interface * Refactor ProfileOrganizationResponseModelTests and ProfileProviderOrganizationResponseModelTests: Update constructors to utilize Organization and ProviderUserOrganizationDetails, enhancing property population and test coverage. * Enhance ProviderUserOrganizationDetails: Add UseResetPassword, UseSecretsManager, and UsePasswordManager properties to the query and SQL views * Update BaseProfileOrganizationResponseModel documentation: Clarify purpose and usage of organization properties for OrganizationUsers and ProviderUsers. * Rename ProfileOrganizationResponseModel to ProfileMemberOrganizationResponseModel, update references and update related test names * Add XML documentation for ProfileMemberOrganizationResponseModel and ProfileProviderOrganizationResponseModel to clarify their purpose and relationships * Remove unnecessary cleanup code from OrganizationUserRepositoryTests * Remove unnecessary cleanup code from ProviderUserRepositoryTests * Rename test method in ProviderUserRepositoryTests to improve clarity on property population * Add CreateFullOrganization method to ProviderUserRepositoryTests for improved organization setup in tests * Refactor organization creation in tests to use CreateTestOrganizationAsync for consistency and improved setup * Rename IProfileMemberOrganizationDetails to IProfileOrganizationDetails * Rename ProfileMemberOrganizationResponseModel back to ProfileOrganizationResponseModel * Refactor organization response models to remove Family Sponsorship properties from BaseProfileOrganizationResponseModel and reintroduce them in ProfileOrganizationResponseModel. Update related interfaces and tests accordingly. * Bump date on migration script * Update OrganizationUserOrganizationDetailsViewQuery to include UseAutomaticUserConfirmation property
2025-12-16 08:13:33 +00:00 · 2025-10-24 20:42:28 +01:00
parent bd52cf56e7
commit 9b313d9c0a
16 changed files with 881 additions and 231 deletions
--- a/test/Infrastructure.IntegrationTest/AdminConsole/OrganizationTestHelpers.cs
+++ b/test/Infrastructure.IntegrationTest/AdminConsole/OrganizationTestHelpers.cs
@@ -33,14 +33,69 @@ public static class OrganizationTestHelpers
    public static Task<Organization> CreateTestOrganizationAsync(this IOrganizationRepository organizationRepository,
        int? seatCount = null,
        string identifier = "test")
-        => organizationRepository.CreateAsync(new Organization
+    {
+        var id = Guid.NewGuid();
+        return organizationRepository.CreateAsync(new Organization
        {
-            Name = $"{identifier}-{Guid.NewGuid()}",
-            BillingEmail = "billing@example.com", // TODO: EF does not enforce this being NOT NULL
-            Plan = "Enterprise (Annually)", // TODO: EF does not enforce this being NOT NULl
+            Name = $"{identifier}-{id}",
+            BillingEmail = $"billing-{id}@example.com",
+            Plan = "Enterprise (Annually)",
            PlanType = PlanType.EnterpriseAnnually,
-            Seats = seatCount
+            Identifier = $"{identifier}-{id}",
+            BusinessName = $"Test Business {id}",
+            BusinessAddress1 = "123 Test Street",
+            BusinessAddress2 = "Suite 100",
+            BusinessAddress3 = "Building A",
+            BusinessCountry = "US",
+            BusinessTaxNumber = "123456789",
+            Seats = seatCount,
+            MaxCollections = 50,
+            UsePolicies = true,
+            UseSso = true,
+            UseKeyConnector = true,
+            UseScim = true,
+            UseGroups = true,
+            UseDirectory = true,
+            UseEvents = true,
+            UseTotp = true,
+            Use2fa = true,
+            UseApi = true,
+            UseResetPassword = true,
+            UseSecretsManager = true,
+            UsePasswordManager = true,
+            SelfHost = false,
+            UsersGetPremium = true,
+            UseCustomPermissions = true,
+            Storage = 1073741824, // 1 GB in bytes
+            MaxStorageGb = 10,
+            Gateway = GatewayType.Stripe,
+            GatewayCustomerId = $"cus_{id}",
+            GatewaySubscriptionId = $"sub_{id}",
+            ReferenceData = "{\"test\":\"data\"}",
+            Enabled = true,
+            LicenseKey = $"license-{id}",
+            PublicKey = "test-public-key",
+            PrivateKey = "test-private-key",
+            TwoFactorProviders = null,
+            ExpirationDate = DateTime.UtcNow.AddYears(1),
+            MaxAutoscaleSeats = 200,
+            OwnersNotifiedOfAutoscaling = null,
+            Status = OrganizationStatusType.Managed,
+            SmSeats = 50,
+            SmServiceAccounts = 25,
+            MaxAutoscaleSmSeats = 100,
+            MaxAutoscaleSmServiceAccounts = 50,
+            LimitCollectionCreation = true,
+            LimitCollectionDeletion = true,
+            LimitItemDeletion = true,
+            AllowAdminAccessToAllCollectionItems = true,
+            UseRiskInsights = true,
+            UseOrganizationDomains = true,
+            UseAdminSponsoredFamilies = true,
+            SyncSeats = false,
+            UseAutomaticUserConfirmation = true
        });
+    }

    /// <summary>
    /// Creates a confirmed Owner for the specified organization and user.
--- a/test/Infrastructure.IntegrationTest/AdminConsole/Repositories/OrganizationUserRepository/OrganizationUserRepositoryTests.cs
+++ b/test/Infrastructure.IntegrationTest/AdminConsole/Repositories/OrganizationUserRepository/OrganizationUserRepositoryTests.cs
@@ -461,13 +461,7 @@ public class OrganizationUserRepositoryTests
            KdfParallelism = 3
        });

-        var organization = await organizationRepository.CreateAsync(new Organization
-        {
-            Name = "Test Org",
-            BillingEmail = user1.Email, // TODO: EF does not enforce this being NOT NULL
-            Plan = "Test", // TODO: EF does not enforce this being NOT NULL
-            PrivateKey = "privatekey",
-        });
+        var organization = await organizationRepository.CreateTestOrganizationAsync();

        var orgUser1 = await organizationUserRepository.CreateAsync(new OrganizationUser
        {
@@ -536,9 +530,72 @@ public class OrganizationUserRepositoryTests
        Assert.Equal(organization.SmServiceAccounts, result.SmServiceAccounts);
        Assert.Equal(organization.LimitCollectionCreation, result.LimitCollectionCreation);
        Assert.Equal(organization.LimitCollectionDeletion, result.LimitCollectionDeletion);
+        Assert.Equal(organization.LimitItemDeletion, result.LimitItemDeletion);
        Assert.Equal(organization.AllowAdminAccessToAllCollectionItems, result.AllowAdminAccessToAllCollectionItems);
        Assert.Equal(organization.UseRiskInsights, result.UseRiskInsights);
+        Assert.Equal(organization.UseOrganizationDomains, result.UseOrganizationDomains);
        Assert.Equal(organization.UseAdminSponsoredFamilies, result.UseAdminSponsoredFamilies);
+        Assert.Equal(organization.UseAutomaticUserConfirmation, result.UseAutomaticUserConfirmation);
+    }
+
+    [Theory, DatabaseData]
+    public async Task GetManyDetailsByUserAsync_ShouldPopulateSsoPropertiesCorrectly(
+        IUserRepository userRepository,
+        IOrganizationRepository organizationRepository,
+        IOrganizationUserRepository organizationUserRepository,
+        ISsoConfigRepository ssoConfigRepository)
+    {
+        var user = await userRepository.CreateTestUserAsync();
+        var organizationWithSso = await organizationRepository.CreateTestOrganizationAsync();
+        var organizationWithoutSso = await organizationRepository.CreateTestOrganizationAsync();
+
+        var orgUserWithSso = await organizationUserRepository.CreateAsync(new OrganizationUser
+        {
+            OrganizationId = organizationWithSso.Id,
+            UserId = user.Id,
+            Status = OrganizationUserStatusType.Confirmed,
+            Type = OrganizationUserType.Owner,
+            Email = user.Email
+        });
+
+        var orgUserWithoutSso = await organizationUserRepository.CreateAsync(new OrganizationUser
+        {
+            OrganizationId = organizationWithoutSso.Id,
+            UserId = user.Id,
+            Status = OrganizationUserStatusType.Confirmed,
+            Type = OrganizationUserType.User,
+            Email = user.Email
+        });
+
+        // Create SSO configuration for first organization only
+        var serializedSsoConfigData = new SsoConfigurationData
+        {
+            MemberDecryptionType = MemberDecryptionType.KeyConnector,
+            KeyConnectorUrl = "https://keyconnector.example.com"
+        }.Serialize();
+
+        var ssoConfig = await ssoConfigRepository.CreateAsync(new SsoConfig
+        {
+            OrganizationId = organizationWithSso.Id,
+            Enabled = true,
+            Data = serializedSsoConfigData
+        });
+
+        var results = (await organizationUserRepository.GetManyDetailsByUserAsync(user.Id)).ToList();
+
+        Assert.Equal(2, results.Count);
+
+        var orgWithSsoDetails = results.Single(r => r.OrganizationId == organizationWithSso.Id);
+        var orgWithoutSsoDetails = results.Single(r => r.OrganizationId == organizationWithoutSso.Id);
+
+        // Organization with SSO should have SSO properties populated
+        Assert.True(orgWithSsoDetails.SsoEnabled);
+        Assert.NotNull(orgWithSsoDetails.SsoConfig);
+        Assert.Equal(serializedSsoConfigData, orgWithSsoDetails.SsoConfig);
+
+        // Organization without SSO should have null SSO properties
+        Assert.Null(orgWithoutSsoDetails.SsoEnabled);
+        Assert.Null(orgWithoutSsoDetails.SsoConfig);
    }

    [DatabaseTheory, DatabaseData]
--- a/test/Infrastructure.IntegrationTest/AdminConsole/Repositories/ProviderUserRepositoryTests.cs
+++ b/test/Infrastructure.IntegrationTest/AdminConsole/Repositories/ProviderUserRepositoryTests.cs
@@ -0,0 +1,142 @@
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.Entities.Provider;
+using Bit.Core.AdminConsole.Enums.Provider;
+using Bit.Core.AdminConsole.Models.Data.Provider;
+using Bit.Core.AdminConsole.Repositories;
+using Bit.Core.Auth.Entities;
+using Bit.Core.Auth.Enums;
+using Bit.Core.Auth.Models.Data;
+using Bit.Core.Auth.Repositories;
+using Bit.Core.Entities;
+using Bit.Core.Repositories;
+using Xunit;
+
+namespace Bit.Infrastructure.IntegrationTest.AdminConsole.Repositories;
+
+public class ProviderUserRepositoryTests
+{
+    [Theory, DatabaseData]
+    public async Task GetManyOrganizationDetailsByUserAsync_ShouldPopulatePropertiesCorrectly(
+        IUserRepository userRepository,
+        IOrganizationRepository organizationRepository,
+        IProviderRepository providerRepository,
+        IProviderUserRepository providerUserRepository,
+        IProviderOrganizationRepository providerOrganizationRepository,
+        ISsoConfigRepository ssoConfigRepository)
+    {
+        var user = await userRepository.CreateTestUserAsync();
+        var organizationWithSso = await organizationRepository.CreateTestOrganizationAsync();
+        var organizationWithoutSso = await organizationRepository.CreateTestOrganizationAsync();
+
+        var provider = await providerRepository.CreateAsync(new Provider
+        {
+            Name = "Test Provider",
+            Enabled = true,
+            Type = ProviderType.Msp
+        });
+
+        var providerUser = await providerUserRepository.CreateAsync(new ProviderUser
+        {
+            ProviderId = provider.Id,
+            UserId = user.Id,
+            Status = ProviderUserStatusType.Confirmed,
+            Type = ProviderUserType.ProviderAdmin
+        });
+
+        var providerOrganizationWithSso = await providerOrganizationRepository.CreateAsync(new ProviderOrganization
+        {
+            ProviderId = provider.Id,
+            OrganizationId = organizationWithSso.Id
+        });
+
+        var providerOrganizationWithoutSso = await providerOrganizationRepository.CreateAsync(new ProviderOrganization
+        {
+            ProviderId = provider.Id,
+            OrganizationId = organizationWithoutSso.Id
+        });
+
+        // Create SSO configuration for first organization only
+        var serializedSsoConfigData = new SsoConfigurationData
+        {
+            MemberDecryptionType = MemberDecryptionType.KeyConnector,
+            KeyConnectorUrl = "https://keyconnector.example.com"
+        }.Serialize();
+
+        var ssoConfig = await ssoConfigRepository.CreateAsync(new SsoConfig
+        {
+            OrganizationId = organizationWithSso.Id,
+            Enabled = true,
+            Data = serializedSsoConfigData
+        });
+        var results = (await providerUserRepository.GetManyOrganizationDetailsByUserAsync(user.Id, ProviderUserStatusType.Confirmed)).ToList();
+
+        Assert.Equal(2, results.Count);
+
+        var orgWithSsoDetails = results.Single(r => r.OrganizationId == organizationWithSso.Id);
+        var orgWithoutSsoDetails = results.Single(r => r.OrganizationId == organizationWithoutSso.Id);
+
+        // Verify all properties for both organizations
+        AssertProviderOrganizationDetails(orgWithSsoDetails, organizationWithSso, user, provider, providerUser);
+        AssertProviderOrganizationDetails(orgWithoutSsoDetails, organizationWithoutSso, user, provider, providerUser);
+
+        // Organization without SSO should have null SSO properties
+        Assert.Null(orgWithoutSsoDetails.SsoEnabled);
+        Assert.Null(orgWithoutSsoDetails.SsoConfig);
+
+        // Organization with SSO should have SSO properties populated
+        Assert.True(orgWithSsoDetails.SsoEnabled);
+        Assert.NotNull(orgWithSsoDetails.SsoConfig);
+        Assert.Equal(serializedSsoConfigData, orgWithSsoDetails.SsoConfig);
+    }
+
+    private static void AssertProviderOrganizationDetails(
+        ProviderUserOrganizationDetails actual,
+        Organization expectedOrganization,
+        User expectedUser,
+        Provider expectedProvider,
+        ProviderUser expectedProviderUser)
+    {
+        // Organization properties
+        Assert.Equal(expectedOrganization.Id, actual.OrganizationId);
+        Assert.Equal(expectedUser.Id, actual.UserId);
+        Assert.Equal(expectedOrganization.Name, actual.Name);
+        Assert.Equal(expectedOrganization.UsePolicies, actual.UsePolicies);
+        Assert.Equal(expectedOrganization.UseSso, actual.UseSso);
+        Assert.Equal(expectedOrganization.UseKeyConnector, actual.UseKeyConnector);
+        Assert.Equal(expectedOrganization.UseScim, actual.UseScim);
+        Assert.Equal(expectedOrganization.UseGroups, actual.UseGroups);
+        Assert.Equal(expectedOrganization.UseDirectory, actual.UseDirectory);
+        Assert.Equal(expectedOrganization.UseEvents, actual.UseEvents);
+        Assert.Equal(expectedOrganization.UseTotp, actual.UseTotp);
+        Assert.Equal(expectedOrganization.Use2fa, actual.Use2fa);
+        Assert.Equal(expectedOrganization.UseApi, actual.UseApi);
+        Assert.Equal(expectedOrganization.UseResetPassword, actual.UseResetPassword);
+        Assert.Equal(expectedOrganization.UsersGetPremium, actual.UsersGetPremium);
+        Assert.Equal(expectedOrganization.UseCustomPermissions, actual.UseCustomPermissions);
+        Assert.Equal(expectedOrganization.SelfHost, actual.SelfHost);
+        Assert.Equal(expectedOrganization.Seats, actual.Seats);
+        Assert.Equal(expectedOrganization.MaxCollections, actual.MaxCollections);
+        Assert.Equal(expectedOrganization.MaxStorageGb, actual.MaxStorageGb);
+        Assert.Equal(expectedOrganization.Identifier, actual.Identifier);
+        Assert.Equal(expectedOrganization.PublicKey, actual.PublicKey);
+        Assert.Equal(expectedOrganization.PrivateKey, actual.PrivateKey);
+        Assert.Equal(expectedOrganization.Enabled, actual.Enabled);
+        Assert.Equal(expectedOrganization.PlanType, actual.PlanType);
+        Assert.Equal(expectedOrganization.LimitCollectionCreation, actual.LimitCollectionCreation);
+        Assert.Equal(expectedOrganization.LimitCollectionDeletion, actual.LimitCollectionDeletion);
+        Assert.Equal(expectedOrganization.LimitItemDeletion, actual.LimitItemDeletion);
+        Assert.Equal(expectedOrganization.AllowAdminAccessToAllCollectionItems, actual.AllowAdminAccessToAllCollectionItems);
+        Assert.Equal(expectedOrganization.UseRiskInsights, actual.UseRiskInsights);
+        Assert.Equal(expectedOrganization.UseOrganizationDomains, actual.UseOrganizationDomains);
+        Assert.Equal(expectedOrganization.UseAdminSponsoredFamilies, actual.UseAdminSponsoredFamilies);
+        Assert.Equal(expectedOrganization.UseAutomaticUserConfirmation, actual.UseAutomaticUserConfirmation);
+
+        // Provider-specific properties
+        Assert.Equal(expectedProvider.Id, actual.ProviderId);
+        Assert.Equal(expectedProvider.Name, actual.ProviderName);
+        Assert.Equal(expectedProvider.Type, actual.ProviderType);
+        Assert.Equal(expectedProviderUser.Id, actual.ProviderUserId);
+        Assert.Equal(expectedProviderUser.Status, actual.Status);
+        Assert.Equal(expectedProviderUser.Type, actual.Type);
+    }
+}