[PM-21179] Add interface to check if user is enrolled in account recovery (#6993)

* Add validation for reset password key and account recovery enrollment in OrganizationUser * Update admin approval logic to check account recovery enrollment and add tests for reset password key validation * Enhance UserService validation to include account recovery enrollment and add unit test for empty or whitespace reset password key handling * Refactor OrganizationUserUserDetailsQuery to validate reset password keys and add unit tests for filtering out invalid keys * Update AdminRecoverAccountCommand to validate account recovery enrollment and adjust tests for whitespace reset password keys * Enhance OrganizationUserRotationValidator to validate reset password keys, including filtering out whitespace-only keys, and add corresponding unit tests for validation logic. * Refactor OrganizationUserUserDetailsQueryTests to remove unnecessary whitespace-only test cases for account recovery key validation. * Refactor MemberResponseModel to use OrganizationUser's validation method for ResetPasswordEnrolled status and update corresponding unit test for clarity. * Refactor OrganizationUsersController and response models to utilize OrganizationUser's validation method for ResetPasswordKey, ensuring consistent validation across the application. Add unit tests for OrganizationUser to verify key validation logic. * Update OrganizationUserRotationValidator to handle null reset password keys and adjust tests for client-side bug. Add comments for future migration after resolving PM-31001. * Fix whitespace issue in UserServiceTests.cs by removing BOM character from the file header.
2026-02-25 08:53:21 +00:00 · 2026-02-24 14:16:54 +00:00
parent 9eccb0001d
commit ef4f4e352f
18 changed files with 318 additions and 16 deletions
--- a/test/Core.Test/Services/UserServiceTests.cs
+++ b/test/Core.Test/Services/UserServiceTests.cs
@@ -22,6 +22,7 @@ using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
 using Bit.Core.Settings;
+using Bit.Core.Test.AdminConsole.AutoFixture;
 using Bit.Core.Utilities;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
@@ -595,6 +596,41 @@ public class UserServiceTests
            user.MasterPassword = null;
        }
    }
+
+    [Theory]
+    [BitAutoData("")]
+    [BitAutoData(" ")]
+    [BitAutoData("\t")]
+    public async Task AdminResetPasswordAsync_EmptyOrWhitespaceResetPasswordKey_ThrowsBadRequest(
+        string resetPasswordKey,
+        SutProvider<UserService> sutProvider,
+        Organization organization,
+        OrganizationUser orgUser,
+        [Policy(PolicyType.ResetPassword, true)] PolicyStatus policy)
+    {
+        // Arrange
+        organization.UseResetPassword = true;
+        orgUser.Status = OrganizationUserStatusType.Confirmed;
+        orgUser.OrganizationId = organization.Id;
+        orgUser.ResetPasswordKey = resetPasswordKey;
+        orgUser.UserId = Guid.NewGuid();
+
+        sutProvider.GetDependency<IOrganizationRepository>()
+            .GetByIdAsync(organization.Id)
+            .Returns(organization);
+        sutProvider.GetDependency<IPolicyQuery>()
+            .RunAsync(organization.Id, PolicyType.ResetPassword)
+            .Returns(policy);
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetByIdAsync(orgUser.Id)
+            .Returns(orgUser);
+
+        // Act & Assert
+        var exception = await Assert.ThrowsAsync<BadRequestException>(() =>
+            sutProvider.Sut.AdminResetPasswordAsync(
+                OrganizationUserType.Owner, organization.Id, orgUser.Id, "newPassword", "key"));
+        Assert.Equal("Organization User not valid", exception.Message);
+    }
 }

 public static class UserServiceSutProviderExtensions