bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2025-12-10 05:13:48 +00:00
Code Issues Releases Wiki Activity

Auto confirm does not get evaluated on this call.

Browse Source
This commit is contained in:
Jared McCannon
2025-12-05 09:47:19 -06:00
parent 7c99e8c6a8
commit c8c54e9438
1 changed files with 0 additions and 222 deletions
Download Patch File Download Diff File Expand all files Collapse all files

222
test/Core.Test/AdminConsole/Services/PolicyServiceTests.cs
View File

@@ -7,11 +7,9 @@ using Bit.Core.AdminConsole.Repositories;
using Bit.Core.AdminConsole.Services.Implementations;
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Models.Data.Organizations;
using Bit.Core.Models.Data.Organizations.OrganizationUsers;
using Bit.Core.Repositories;
using Bit.Core.Services;
using Bit.Core.Test.AdminConsole.AutoFixture;
using Bit.Test.Common.AutoFixture;
using Bit.Test.Common.AutoFixture.Attributes;
using NSubstitute;
@@ -125,226 +123,6 @@ public class PolicyServiceTests
Assert.True(result);
}
[Theory, BitAutoData]
public async Task GetPoliciesApplicableToUserAsync_WithAutoConfirmEnabled_WithSingleOrgPolicy_IncludesRevokedUsers(
Guid userId,
[OrganizationUserPolicyDetails(PolicyType.SingleOrg,
OrganizationUserStatusType.Revoked,
OrganizationUserType.Admin,
false)] OrganizationUserPolicyDetails singleOrgPolicyDetails,
[OrganizationUserPolicyDetails(PolicyType.AutomaticUserConfirmation)] OrganizationUserPolicyDetails autoConfirmPolicyDetails,
SutProvider<PolicyService> sutProvider)
{
// Arrange
singleOrgPolicyDetails.OrganizationUserStatus = OrganizationUserStatusType.Revoked;
singleOrgPolicyDetails.OrganizationUserType = OrganizationUserType.Owner;
sutProvider.GetDependency<IOrganizationUserRepository>()
.GetByUserIdWithPolicyDetailsAsync(userId, PolicyType.SingleOrg)
.Returns([singleOrgPolicyDetails]);
sutProvider.GetDependency<IFeatureService>()
.IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)
.Returns(true);
sutProvider.GetDependency<IOrganizationUserRepository>()
.GetByUserIdWithPolicyDetailsAsync(userId, PolicyType.AutomaticUserConfirmation)
.Returns([autoConfirmPolicyDetails]);
sutProvider.GetDependency<IApplicationCacheService>()
.GetOrganizationAbilitiesAsync()
.Returns(new Dictionary<Guid, OrganizationAbility>()
{
{
singleOrgPolicyDetails.OrganizationId,
new OrganizationAbility
{
Id = singleOrgPolicyDetails.OrganizationId,
UsePolicies = true
}
}
});
// Act
var result = await sutProvider.Sut
.GetPoliciesApplicableToUserAsync(userId, PolicyType.SingleOrg);
// Assert - Should include Revoked user because auto-confirm is enabled
Assert.Single(result);
Assert.Contains(result, p => p.OrganizationUserStatus == singleOrgPolicyDetails.OrganizationUserStatus);
Assert.Contains(result, p => p.OrganizationUserType == OrganizationUserType.Owner);
}
[Theory, BitAutoData]
public async Task GetPoliciesApplicableToUserAsync_WithAutoConfirmEnabled_WithSingleOrgPolicy_IncludesOwnerAndAdmin(
Guid userId,
Guid organizationId,
[OrganizationUserPolicyDetails(PolicyType.SingleOrg, OrganizationUserStatusType.Confirmed, OrganizationUserType.Admin, false)] OrganizationUserPolicyDetails admin,
[OrganizationUserPolicyDetails(PolicyType.SingleOrg, OrganizationUserStatusType.Confirmed, OrganizationUserType.Owner, false)] OrganizationUserPolicyDetails owner,
[OrganizationUserPolicyDetails(PolicyType.SingleOrg, OrganizationUserStatusType.Confirmed, OrganizationUserType.User, false)] OrganizationUserPolicyDetails user,
SutProvider<PolicyService> sutProvider)
{
owner.OrganizationId = admin.OrganizationId = user.OrganizationId = organizationId;
// Arrange - Setup SingleOrg policy with Owner and Admin users (normally excluded from SingleOrg)
sutProvider.GetDependency<IOrganizationUserRepository>()
.GetByUserIdWithPolicyDetailsAsync(userId, PolicyType.SingleOrg)
.Returns([admin, owner, user]);
// Enable AutomaticConfirmUsers feature flag
sutProvider.GetDependency<IFeatureService>()
.IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)
.Returns(true);
// Mock repository call - user has AutomaticUserConfirmation policy details
var autoConfirmPolicies = new List<OrganizationUserPolicyDetails>
{
new() { OrganizationId = organizationId, PolicyType = PolicyType.AutomaticUserConfirmation, PolicyEnabled = true, OrganizationUserType = OrganizationUserType.User, OrganizationUserStatus = OrganizationUserStatusType.Confirmed, IsProvider = false }
};
sutProvider.GetDependency<IOrganizationUserRepository>()
.GetByUserIdWithPolicyDetailsAsync(userId, PolicyType.AutomaticUserConfirmation)
.Returns(autoConfirmPolicies);
sutProvider.GetDependency<IApplicationCacheService>()
.GetOrganizationAbilitiesAsync()
.Returns(new Dictionary<Guid, OrganizationAbility>
{
{ organizationId, new OrganizationAbility { Id = organizationId, UsePolicies = true } }
});
// Act
var result = await sutProvider.Sut
.GetPoliciesApplicableToUserAsync(userId, PolicyType.SingleOrg);
// Assert - Should include Owner and Admin because excludedUserTypes is empty when auto-confirm is enabled
Assert.Equal(3, result.Count);
Assert.Contains(result, p => p.OrganizationUserType == OrganizationUserType.Owner);
Assert.Contains(result, p => p.OrganizationUserType == OrganizationUserType.Admin);
Assert.Contains(result, p => p.OrganizationUserType == OrganizationUserType.User);
}
[Theory, BitAutoData]
public async Task GetPoliciesApplicableToUserAsync_WithAutoConfirmDisabled_WithSingleOrgPolicy_ExcludesRevokedUsers(
Guid userId,
Guid organizationId,
[OrganizationUserPolicyDetails(PolicyType.SingleOrg, OrganizationUserStatusType.Revoked, OrganizationUserType.User, false)] OrganizationUserPolicyDetails revoked,
[OrganizationUserPolicyDetails(PolicyType.SingleOrg, OrganizationUserStatusType.Confirmed, OrganizationUserType.User, false)] OrganizationUserPolicyDetails confirmed,
SutProvider<PolicyService> sutProvider)
{
revoked.OrganizationId = confirmed.OrganizationId = organizationId;
// Arrange
sutProvider.GetDependency<IOrganizationUserRepository>()
.GetByUserIdWithPolicyDetailsAsync(userId, PolicyType.SingleOrg)
.Returns([revoked, confirmed]);
sutProvider.GetDependency<IFeatureService>()
.IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)
.Returns(false);
sutProvider.GetDependency<IApplicationCacheService>()
.GetOrganizationAbilitiesAsync()
.Returns(new Dictionary<Guid, OrganizationAbility>
{
{ organizationId, new OrganizationAbility { Id = organizationId, UsePolicies = true } }
});
// Act
var result = await sutProvider.Sut
.GetPoliciesApplicableToUserAsync(userId, PolicyType.SingleOrg);
// Assert
Assert.Single(result);
Assert.DoesNotContain(result, p => p.OrganizationUserStatus == OrganizationUserStatusType.Revoked);
Assert.DoesNotContain(result, p => p.OrganizationUserStatus == OrganizationUserStatusType.Invited);
Assert.Contains(result, p => p.OrganizationUserStatus == confirmed.OrganizationUserStatus);
}
[Theory, BitAutoData]
public async Task GetPoliciesApplicableToUserAsync_WithAutoConfirmEnabled_NoAutoConfirmPolicy_ExcludesOwnerAndAdmin(
Guid userId,
Guid organizationId,
[OrganizationUserPolicyDetails(PolicyType.SingleOrg, OrganizationUserStatusType.Revoked, OrganizationUserType.Admin, false)] OrganizationUserPolicyDetails admin,
[OrganizationUserPolicyDetails(PolicyType.SingleOrg, OrganizationUserStatusType.Confirmed, OrganizationUserType.Owner, false)] OrganizationUserPolicyDetails owner,
[OrganizationUserPolicyDetails(PolicyType.SingleOrg, OrganizationUserStatusType.Confirmed, OrganizationUserType.User, false)] OrganizationUserPolicyDetails user,
SutProvider<PolicyService> sutProvider)
{
// Arrange
user.OrganizationId = admin.OrganizationId = owner.OrganizationId = organizationId;
sutProvider.GetDependency<IOrganizationUserRepository>()
.GetByUserIdWithPolicyDetailsAsync(userId, PolicyType.SingleOrg)
.Returns([admin, owner, user]);
sutProvider.GetDependency<IFeatureService>()
.IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)
.Returns(true);
sutProvider.GetDependency<IOrganizationUserRepository>()
.GetByUserIdWithPolicyDetailsAsync(userId, PolicyType.AutomaticUserConfirmation)
.Returns([]);
sutProvider.GetDependency<IApplicationCacheService>()
.GetOrganizationAbilitiesAsync()
.Returns(new Dictionary<Guid, OrganizationAbility>
{
{ organizationId, new OrganizationAbility { Id = organizationId, UsePolicies = true } }
});
// Act
var result = await sutProvider.Sut
.GetPoliciesApplicableToUserAsync(userId, PolicyType.SingleOrg);
// Assert
Assert.Single(result);
Assert.DoesNotContain(result, p => p.OrganizationUserType == OrganizationUserType.Owner);
Assert.DoesNotContain(result, p => p.OrganizationUserType == OrganizationUserType.Admin);
Assert.All(result, p => Assert.Equal(user.OrganizationUserType, p.OrganizationUserType));
}
[Theory, BitAutoData]
public async Task GetPoliciesApplicableToUserAsync_WithNonSingleOrgPolicy_IgnoresAutoConfirmSettings(
Guid userId,
Guid organizationId,
[OrganizationUserPolicyDetails(PolicyType.DisableSend)] OrganizationUserPolicyDetails disableSendPolicy,
SutProvider<PolicyService> sutProvider)
{
// Arrange
disableSendPolicy.OrganizationId = organizationId;
sutProvider.GetDependency<IOrganizationUserRepository>()
.GetByUserIdWithPolicyDetailsAsync(userId, PolicyType.DisableSend)
.Returns([disableSendPolicy]);
sutProvider.GetDependency<IFeatureService>()
.IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)
.Returns(true);
var autoConfirmPolicies = new List<OrganizationUserPolicyDetails>
{
new() { OrganizationId = Guid.NewGuid(), PolicyType = PolicyType.AutomaticUserConfirmation, PolicyEnabled = true, OrganizationUserType = OrganizationUserType.User, OrganizationUserStatus = OrganizationUserStatusType.Confirmed, IsProvider = false }
};
sutProvider.GetDependency<IOrganizationUserRepository>()
.GetByUserIdWithPolicyDetailsAsync(userId, PolicyType.AutomaticUserConfirmation)
.Returns(autoConfirmPolicies);
sutProvider.GetDependency<IApplicationCacheService>()
.GetOrganizationAbilitiesAsync()
.Returns(new Dictionary<Guid, OrganizationAbility>
{
{ organizationId, new OrganizationAbility { Id = organizationId, UsePolicies = true } }
});
// Act
var result = await sutProvider.Sut
.GetPoliciesApplicableToUserAsync(userId, PolicyType.DisableSend);
// Assert
Assert.Single(result);
Assert.DoesNotContain(result, p => p.OrganizationUserStatus == OrganizationUserStatusType.Revoked);
Assert.All(result, p => Assert.Equal(disableSendPolicy.OrganizationUserStatus, p.OrganizationUserStatus));
}
[Theory, BitAutoData]
public async Task GetMasterPasswordPolicyForUserAsync_WithFeatureFlagEnabled_EvaluatesPolicyRequirement(User user, SutProvider<PolicyService> sutProvider)
{