diff --git a/test/Core.Test/AdminConsole/Services/PolicyServiceTests.cs b/test/Core.Test/AdminConsole/Services/PolicyServiceTests.cs index be88d7e812..0af9eef12e 100644 --- a/test/Core.Test/AdminConsole/Services/PolicyServiceTests.cs +++ b/test/Core.Test/AdminConsole/Services/PolicyServiceTests.cs @@ -7,11 +7,9 @@ using Bit.Core.AdminConsole.Repositories; using Bit.Core.AdminConsole.Services.Implementations; using Bit.Core.Entities; using Bit.Core.Enums; -using Bit.Core.Models.Data.Organizations; using Bit.Core.Models.Data.Organizations.OrganizationUsers; using Bit.Core.Repositories; using Bit.Core.Services; -using Bit.Core.Test.AdminConsole.AutoFixture; using Bit.Test.Common.AutoFixture; using Bit.Test.Common.AutoFixture.Attributes; using NSubstitute; @@ -125,226 +123,6 @@ public class PolicyServiceTests Assert.True(result); } - [Theory, BitAutoData] - public async Task GetPoliciesApplicableToUserAsync_WithAutoConfirmEnabled_WithSingleOrgPolicy_IncludesRevokedUsers( - Guid userId, - [OrganizationUserPolicyDetails(PolicyType.SingleOrg, - OrganizationUserStatusType.Revoked, - OrganizationUserType.Admin, - false)] OrganizationUserPolicyDetails singleOrgPolicyDetails, - [OrganizationUserPolicyDetails(PolicyType.AutomaticUserConfirmation)] OrganizationUserPolicyDetails autoConfirmPolicyDetails, - SutProvider sutProvider) - { - // Arrange - singleOrgPolicyDetails.OrganizationUserStatus = OrganizationUserStatusType.Revoked; - singleOrgPolicyDetails.OrganizationUserType = OrganizationUserType.Owner; - - sutProvider.GetDependency() - .GetByUserIdWithPolicyDetailsAsync(userId, PolicyType.SingleOrg) - .Returns([singleOrgPolicyDetails]); - - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - - sutProvider.GetDependency() - .GetByUserIdWithPolicyDetailsAsync(userId, PolicyType.AutomaticUserConfirmation) - .Returns([autoConfirmPolicyDetails]); - - sutProvider.GetDependency() - .GetOrganizationAbilitiesAsync() - .Returns(new Dictionary() - { - { - singleOrgPolicyDetails.OrganizationId, - new OrganizationAbility - { - Id = singleOrgPolicyDetails.OrganizationId, - UsePolicies = true - } - } - }); - - // Act - var result = await sutProvider.Sut - .GetPoliciesApplicableToUserAsync(userId, PolicyType.SingleOrg); - - // Assert - Should include Revoked user because auto-confirm is enabled - Assert.Single(result); - Assert.Contains(result, p => p.OrganizationUserStatus == singleOrgPolicyDetails.OrganizationUserStatus); - Assert.Contains(result, p => p.OrganizationUserType == OrganizationUserType.Owner); - } - - [Theory, BitAutoData] - public async Task GetPoliciesApplicableToUserAsync_WithAutoConfirmEnabled_WithSingleOrgPolicy_IncludesOwnerAndAdmin( - Guid userId, - Guid organizationId, - [OrganizationUserPolicyDetails(PolicyType.SingleOrg, OrganizationUserStatusType.Confirmed, OrganizationUserType.Admin, false)] OrganizationUserPolicyDetails admin, - [OrganizationUserPolicyDetails(PolicyType.SingleOrg, OrganizationUserStatusType.Confirmed, OrganizationUserType.Owner, false)] OrganizationUserPolicyDetails owner, - [OrganizationUserPolicyDetails(PolicyType.SingleOrg, OrganizationUserStatusType.Confirmed, OrganizationUserType.User, false)] OrganizationUserPolicyDetails user, - SutProvider sutProvider) - { - owner.OrganizationId = admin.OrganizationId = user.OrganizationId = organizationId; - - // Arrange - Setup SingleOrg policy with Owner and Admin users (normally excluded from SingleOrg) - sutProvider.GetDependency() - .GetByUserIdWithPolicyDetailsAsync(userId, PolicyType.SingleOrg) - .Returns([admin, owner, user]); - - // Enable AutomaticConfirmUsers feature flag - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - - // Mock repository call - user has AutomaticUserConfirmation policy details - var autoConfirmPolicies = new List - { - new() { OrganizationId = organizationId, PolicyType = PolicyType.AutomaticUserConfirmation, PolicyEnabled = true, OrganizationUserType = OrganizationUserType.User, OrganizationUserStatus = OrganizationUserStatusType.Confirmed, IsProvider = false } - }; - sutProvider.GetDependency() - .GetByUserIdWithPolicyDetailsAsync(userId, PolicyType.AutomaticUserConfirmation) - .Returns(autoConfirmPolicies); - - sutProvider.GetDependency() - .GetOrganizationAbilitiesAsync() - .Returns(new Dictionary - { - { organizationId, new OrganizationAbility { Id = organizationId, UsePolicies = true } } - }); - - // Act - var result = await sutProvider.Sut - .GetPoliciesApplicableToUserAsync(userId, PolicyType.SingleOrg); - - // Assert - Should include Owner and Admin because excludedUserTypes is empty when auto-confirm is enabled - Assert.Equal(3, result.Count); - Assert.Contains(result, p => p.OrganizationUserType == OrganizationUserType.Owner); - Assert.Contains(result, p => p.OrganizationUserType == OrganizationUserType.Admin); - Assert.Contains(result, p => p.OrganizationUserType == OrganizationUserType.User); - } - - [Theory, BitAutoData] - public async Task GetPoliciesApplicableToUserAsync_WithAutoConfirmDisabled_WithSingleOrgPolicy_ExcludesRevokedUsers( - Guid userId, - Guid organizationId, - [OrganizationUserPolicyDetails(PolicyType.SingleOrg, OrganizationUserStatusType.Revoked, OrganizationUserType.User, false)] OrganizationUserPolicyDetails revoked, - [OrganizationUserPolicyDetails(PolicyType.SingleOrg, OrganizationUserStatusType.Confirmed, OrganizationUserType.User, false)] OrganizationUserPolicyDetails confirmed, - SutProvider sutProvider) - { - revoked.OrganizationId = confirmed.OrganizationId = organizationId; - - // Arrange - sutProvider.GetDependency() - .GetByUserIdWithPolicyDetailsAsync(userId, PolicyType.SingleOrg) - .Returns([revoked, confirmed]); - - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(false); - - sutProvider.GetDependency() - .GetOrganizationAbilitiesAsync() - .Returns(new Dictionary - { - { organizationId, new OrganizationAbility { Id = organizationId, UsePolicies = true } } - }); - - // Act - var result = await sutProvider.Sut - .GetPoliciesApplicableToUserAsync(userId, PolicyType.SingleOrg); - - // Assert - Assert.Single(result); - Assert.DoesNotContain(result, p => p.OrganizationUserStatus == OrganizationUserStatusType.Revoked); - Assert.DoesNotContain(result, p => p.OrganizationUserStatus == OrganizationUserStatusType.Invited); - Assert.Contains(result, p => p.OrganizationUserStatus == confirmed.OrganizationUserStatus); - } - - [Theory, BitAutoData] - public async Task GetPoliciesApplicableToUserAsync_WithAutoConfirmEnabled_NoAutoConfirmPolicy_ExcludesOwnerAndAdmin( - Guid userId, - Guid organizationId, - [OrganizationUserPolicyDetails(PolicyType.SingleOrg, OrganizationUserStatusType.Revoked, OrganizationUserType.Admin, false)] OrganizationUserPolicyDetails admin, - [OrganizationUserPolicyDetails(PolicyType.SingleOrg, OrganizationUserStatusType.Confirmed, OrganizationUserType.Owner, false)] OrganizationUserPolicyDetails owner, - [OrganizationUserPolicyDetails(PolicyType.SingleOrg, OrganizationUserStatusType.Confirmed, OrganizationUserType.User, false)] OrganizationUserPolicyDetails user, - SutProvider sutProvider) - { - // Arrange - user.OrganizationId = admin.OrganizationId = owner.OrganizationId = organizationId; - - sutProvider.GetDependency() - .GetByUserIdWithPolicyDetailsAsync(userId, PolicyType.SingleOrg) - .Returns([admin, owner, user]); - - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - - sutProvider.GetDependency() - .GetByUserIdWithPolicyDetailsAsync(userId, PolicyType.AutomaticUserConfirmation) - .Returns([]); - - sutProvider.GetDependency() - .GetOrganizationAbilitiesAsync() - .Returns(new Dictionary - { - { organizationId, new OrganizationAbility { Id = organizationId, UsePolicies = true } } - }); - - // Act - var result = await sutProvider.Sut - .GetPoliciesApplicableToUserAsync(userId, PolicyType.SingleOrg); - - // Assert - Assert.Single(result); - Assert.DoesNotContain(result, p => p.OrganizationUserType == OrganizationUserType.Owner); - Assert.DoesNotContain(result, p => p.OrganizationUserType == OrganizationUserType.Admin); - Assert.All(result, p => Assert.Equal(user.OrganizationUserType, p.OrganizationUserType)); - } - - [Theory, BitAutoData] - public async Task GetPoliciesApplicableToUserAsync_WithNonSingleOrgPolicy_IgnoresAutoConfirmSettings( - Guid userId, - Guid organizationId, - [OrganizationUserPolicyDetails(PolicyType.DisableSend)] OrganizationUserPolicyDetails disableSendPolicy, - SutProvider sutProvider) - { - // Arrange - disableSendPolicy.OrganizationId = organizationId; - - sutProvider.GetDependency() - .GetByUserIdWithPolicyDetailsAsync(userId, PolicyType.DisableSend) - .Returns([disableSendPolicy]); - - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - - var autoConfirmPolicies = new List - { - new() { OrganizationId = Guid.NewGuid(), PolicyType = PolicyType.AutomaticUserConfirmation, PolicyEnabled = true, OrganizationUserType = OrganizationUserType.User, OrganizationUserStatus = OrganizationUserStatusType.Confirmed, IsProvider = false } - }; - sutProvider.GetDependency() - .GetByUserIdWithPolicyDetailsAsync(userId, PolicyType.AutomaticUserConfirmation) - .Returns(autoConfirmPolicies); - - sutProvider.GetDependency() - .GetOrganizationAbilitiesAsync() - .Returns(new Dictionary - { - { organizationId, new OrganizationAbility { Id = organizationId, UsePolicies = true } } - }); - - // Act - var result = await sutProvider.Sut - .GetPoliciesApplicableToUserAsync(userId, PolicyType.DisableSend); - - // Assert - Assert.Single(result); - Assert.DoesNotContain(result, p => p.OrganizationUserStatus == OrganizationUserStatusType.Revoked); - Assert.All(result, p => Assert.Equal(disableSendPolicy.OrganizationUserStatus, p.OrganizationUserStatus)); - } - [Theory, BitAutoData] public async Task GetMasterPasswordPolicyForUserAsync_WithFeatureFlagEnabled_EvaluatesPolicyRequirement(User user, SutProvider sutProvider) {