bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2026-02-27 09:53:42 +00:00
Code Issues Releases Wiki Activity
Files
18973a4f633996de75fabf9a5fc4b062cf270dd3
server/test/Core.Test/Auth/UserFeatures/EmergencyAccess/EmergencyAccessServiceTests.cs
Jared Snider 18973a4f63 Auth/PM-32035 - Emergency Access - DeleteEmergencyAccessCommand refactor (#7054) 
* PM-32035 - EmergencyAccessService - fix interface docs, method docs, and tests to cover grantee / grantor deletion which is supported today.

* PM-32035 - EmergencyAccessService - mark existing delete as deprecated

* PM-32035 - EmergencyAccess readme docs - fix deletion docs

* PM-32035 - Add new EmergencyAccessDetails_ReadByUserIds stored proc

* PM-32035 - Add migration script for EmergencyAccessDetails_ReadByUserIds

* PM-32035 - Build out GetManyDetailsByUserIdsAsync in repository layer plus add tests

* PM-32035 - EmergencyAccessRepo - DeleteManyAsync - remove grantee revision bump as not necessary since no EA sync data exists + update tests

* PM-32035 - Fix incorrect nullability annotation on EmergencyAccessDetails.GrantorEmail. Both the SQL view and EF projection use a LEFT JOIN to the User table, meaning the value can be null if the grantor's account no longer exists. Changed to string? and removed the required modifier since the class is only ever materialized from database queries, never directly instantiated.

* PM-32035 - Refactor DeleteEmergencyAccess command to offer new DeleteAllByUserIdAsync and DeleteAllByUserIdsAsync methods. Need to build out DeleteByIdAndUserIdAsync with a new stored proc.

* PM-32035 - Build out IEmergencyAccessRepository.GetDetailsByIdAsync because we need such a method in order to meet the product requirements to send grantor email notifications for normal deletions in the future.

* PM-32035 - Wire up DeleteEmergencyAccessCommand.DeleteByIdAndUserIdAsync to use new repository method emergencyAccessRepository.GetDetailsByIdAsync so we can send notifications. Now, it is full replacement for the existing emergency access service deletion method + has the new notification functionaliy requested.

* PM-32035 - Add more test coverage for DeleteByIdAndUserIdAsync

* PM-32035 - Fix missing GranteeAvatarColor and GrantorAvatarColor projections in EmergencyAccessDetailsViewQuery. The EF view query omitted both avatar color fields from its Select projection, causing the integration tests to fail on all non-SqlServer databases (MySql, Postgres, Sqlite) where EF is used instead of Dapper.

* PM-32035 - Rename migration after main merge revealed collision

* PM-32035 - Rename migration script

* PM-32035 - PR feedback - add ticket + todos to deprecated delete async method.

* PM-32035 - DeleteEmergencyAccessCommand - add logs if we don't have user data required to send email notifications.

* PM-32035 - PR Feedback - rename EmergencyAccessDetails_ReadByUserIds to EmergencyAccessDetails_ReadManyByUserIds
2026-02-26 12:49:26 -05:00

1536 lines
64 KiB
C#
Raw Blame History

using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
using Bit.Core.AdminConsole.Repositories;
using Bit.Core.Auth.Enums;
using Bit.Core.Auth.Models;
using Bit.Core.Auth.Models.Business.Tokenables;
using Bit.Core.Auth.Models.Data;
using Bit.Core.Auth.UserFeatures.EmergencyAccess;
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Exceptions;
using Bit.Core.Repositories;
using Bit.Core.Services;
using Bit.Core.Tokens;
using Bit.Test.Common.AutoFixture;
using Bit.Test.Common.AutoFixture.Attributes;
using NSubstitute;
using Xunit;
namespace Bit.Core.Test.Auth.UserFeatures.EmergencyAccess;
[SutProviderCustomize]
public class EmergencyAccessServiceTests
{
[Theory, BitAutoData]
public async Task InviteAsync_UserWithOutPremium_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider, User invitingUser, string email, int waitTime)
{
sutProvider.GetDependency<IUserService>().CanAccessPremium(invitingUser).Returns(false);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.InviteAsync(invitingUser, email, EmergencyAccessType.Takeover, waitTime));
Assert.Contains("Not a premium user.", exception.Message);
await sutProvider.GetDependency<IEmergencyAccessRepository>()
.DidNotReceiveWithAnyArgs().CreateAsync(default);
}
[Theory, BitAutoData]
public async Task InviteAsync_UserWithKeyConnector_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider, User invitingUser, string email, int waitTime)
{
invitingUser.UsesKeyConnector = true;
sutProvider.GetDependency<IUserService>().CanAccessPremium(invitingUser).Returns(true);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.InviteAsync(invitingUser, email, EmergencyAccessType.Takeover, waitTime));
Assert.Contains("You cannot use Emergency Access Takeover because you are using Key Connector", exception.Message);
await sutProvider.GetDependency<IEmergencyAccessRepository>()
.DidNotReceiveWithAnyArgs().CreateAsync(default);
}
[Theory]
[BitAutoData(EmergencyAccessType.Takeover)]
[BitAutoData(EmergencyAccessType.View)]
public async Task InviteAsync_ReturnsEmergencyAccessObject(
EmergencyAccessType accessType, SutProvider<EmergencyAccessService> sutProvider, User invitingUser, string email, int waitTime)
{
sutProvider.GetDependency<IUserService>().CanAccessPremium(invitingUser).Returns(true);
var result = await sutProvider.Sut.InviteAsync(invitingUser, email, accessType, waitTime);
Assert.NotNull(result);
Assert.Equal(accessType, result.Type);
Assert.Equal(invitingUser.Id, result.GrantorId);
Assert.Equal(email, result.Email);
Assert.Equal(EmergencyAccessStatusType.Invited, result.Status);
await sutProvider.GetDependency<IEmergencyAccessRepository>()
.Received(1)
.CreateAsync(Arg.Any<Core.Auth.Entities.EmergencyAccess>());
sutProvider.GetDependency<IDataProtectorTokenFactory<EmergencyAccessInviteTokenable>>()
.Received(1)
.Protect(Arg.Any<EmergencyAccessInviteTokenable>());
await sutProvider.GetDependency<IMailService>()
.Received(1)
.SendEmergencyAccessInviteEmailAsync(Arg.Any<Core.Auth.Entities.EmergencyAccess>(), Arg.Any<string>(), Arg.Any<string>());
}
[Theory, BitAutoData]
public async Task GetAsync_EmergencyAccessNull_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider, User user)
{
EmergencyAccessDetails emergencyAccess = null;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetDetailsByIdGrantorIdAsync(Arg.Any<Guid>(), Arg.Any<Guid>())
.Returns(emergencyAccess);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.GetAsync(new Guid(), user.Id));
Assert.Contains("Emergency Access not valid.", exception.Message);
}
[Theory, BitAutoData]
public async Task ResendInviteAsync_EmergencyAccessNull_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider,
User invitingUser,
Guid emergencyAccessId)
{
Core.Auth.Entities.EmergencyAccess emergencyAccess = null;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.ResendInviteAsync(invitingUser, emergencyAccessId));
Assert.Contains("Emergency Access not valid.", exception.Message);
await sutProvider.GetDependency<IMailService>()
.DidNotReceiveWithAnyArgs()
.SendEmergencyAccessInviteEmailAsync(default, default, default);
}
[Theory, BitAutoData]
public async Task ResendInviteAsync_InvitingUserIdNotGrantorUserId_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider,
User invitingUser,
Guid emergencyAccessId)
{
var emergencyAccess = new Core.Auth.Entities.EmergencyAccess
{
Status = EmergencyAccessStatusType.Invited,
GrantorId = Guid.NewGuid(),
Type = EmergencyAccessType.Takeover,
}; ;
sutProvider.GetDependency<IEmergencyAccessRepository>().GetByIdAsync(Arg.Any<Guid>()).Returns(emergencyAccess);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.ResendInviteAsync(invitingUser, emergencyAccessId));
Assert.Contains("Emergency Access not valid.", exception.Message);
await sutProvider.GetDependency<IMailService>()
.DidNotReceiveWithAnyArgs()
.SendEmergencyAccessInviteEmailAsync(default, default, default);
}
[Theory]
[BitAutoData(EmergencyAccessStatusType.Accepted)]
[BitAutoData(EmergencyAccessStatusType.Confirmed)]
[BitAutoData(EmergencyAccessStatusType.RecoveryInitiated)]
[BitAutoData(EmergencyAccessStatusType.RecoveryApproved)]
public async Task ResendInviteAsync_EmergencyAccessStatusInvalid_ThrowsBadRequest(
EmergencyAccessStatusType statusType,
SutProvider<EmergencyAccessService> sutProvider,
User invitingUser,
Guid emergencyAccessId)
{
var emergencyAccess = new Core.Auth.Entities.EmergencyAccess
{
Status = statusType,
GrantorId = invitingUser.Id,
Type = EmergencyAccessType.Takeover,
};
sutProvider.GetDependency<IEmergencyAccessRepository>().GetByIdAsync(Arg.Any<Guid>()).Returns(emergencyAccess);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.ResendInviteAsync(invitingUser, emergencyAccessId));
Assert.Contains("Emergency Access not valid.", exception.Message);
await sutProvider.GetDependency<IMailService>()
.DidNotReceiveWithAnyArgs()
.SendEmergencyAccessInviteEmailAsync(default, default, default);
}
[Theory, BitAutoData]
public async Task ResendInviteAsync_SendsInviteAsync(
SutProvider<EmergencyAccessService> sutProvider,
User invitingUser,
Guid emergencyAccessId)
{
var emergencyAccess = new Core.Auth.Entities.EmergencyAccess
{
Status = EmergencyAccessStatusType.Invited,
GrantorId = invitingUser.Id,
Type = EmergencyAccessType.Takeover,
}; ;
sutProvider.GetDependency<IEmergencyAccessRepository>().GetByIdAsync(Arg.Any<Guid>()).Returns(emergencyAccess);
await sutProvider.Sut.ResendInviteAsync(invitingUser, emergencyAccessId);
sutProvider.GetDependency<IDataProtectorTokenFactory<EmergencyAccessInviteTokenable>>()
.Received(1)
.Protect(Arg.Any<EmergencyAccessInviteTokenable>());
await sutProvider.GetDependency<IMailService>()
.Received(1)
.SendEmergencyAccessInviteEmailAsync(emergencyAccess, invitingUser.Name, Arg.Any<string>());
}
[Theory, BitAutoData]
public async Task AcceptUserAsync_EmergencyAccessNull_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider, User acceptingUser, string token)
{
Core.Auth.Entities.EmergencyAccess emergencyAccess = null;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.AcceptUserAsync(new Guid(), acceptingUser, token, sutProvider.GetDependency<IUserService>()));
Assert.Contains("Emergency Access not valid.", exception.Message);
}
[Theory, BitAutoData]
public async Task AcceptUserAsync_CannotUnprotectToken_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider,
User acceptingUser,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
string token)
{
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
sutProvider.GetDependency<IDataProtectorTokenFactory<EmergencyAccessInviteTokenable>>()
.TryUnprotect(token, out Arg.Any<EmergencyAccessInviteTokenable>())
.Returns(false);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.AcceptUserAsync(emergencyAccess.Id, acceptingUser, token, sutProvider.GetDependency<IUserService>()));
Assert.Contains("Invalid token.", exception.Message);
}
[Theory, BitAutoData]
public async Task AcceptUserAsync_TokenDataInvalid_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider,
User acceptingUser,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
Core.Auth.Entities.EmergencyAccess wrongEmergencyAccess,
string token)
{
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
sutProvider.GetDependency<IDataProtectorTokenFactory<EmergencyAccessInviteTokenable>>()
.TryUnprotect(token, out Arg.Any<EmergencyAccessInviteTokenable>())
.Returns(callInfo =>
{
callInfo[1] = new EmergencyAccessInviteTokenable(wrongEmergencyAccess, 1);
return true;
});
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.AcceptUserAsync(emergencyAccess.Id, acceptingUser, token, sutProvider.GetDependency<IUserService>()));
Assert.Contains("Invalid token.", exception.Message);
}
[Theory, BitAutoData]
public async Task AcceptUserAsync_AcceptedStatus_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider,
User acceptingUser,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
string token)
{
emergencyAccess.Status = EmergencyAccessStatusType.Accepted;
emergencyAccess.Email = acceptingUser.Email;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
sutProvider.GetDependency<IDataProtectorTokenFactory<EmergencyAccessInviteTokenable>>()
.TryUnprotect(token, out Arg.Any<EmergencyAccessInviteTokenable>())
.Returns(callInfo =>
{
callInfo[1] = new EmergencyAccessInviteTokenable(emergencyAccess, 1);
return true;
});
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.AcceptUserAsync(emergencyAccess.Id, acceptingUser, token, sutProvider.GetDependency<IUserService>()));
Assert.Contains("Invitation already accepted. You will receive an email when the grantor confirms you as an emergency access contact.", exception.Message);
}
[Theory, BitAutoData]
public async Task AcceptUserAsync_NotInvitedStatus_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider,
User acceptingUser,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
string token)
{
emergencyAccess.Status = EmergencyAccessStatusType.Confirmed;
emergencyAccess.Email = acceptingUser.Email;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
sutProvider.GetDependency<IDataProtectorTokenFactory<EmergencyAccessInviteTokenable>>()
.TryUnprotect(token, out Arg.Any<EmergencyAccessInviteTokenable>())
.Returns(callInfo =>
{
callInfo[1] = new EmergencyAccessInviteTokenable(emergencyAccess, 1);
return true;
});
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.AcceptUserAsync(emergencyAccess.Id, acceptingUser, token, sutProvider.GetDependency<IUserService>()));
Assert.Contains("Invitation already accepted.", exception.Message);
}
[Theory(Skip = "Code not reachable, Tokenable checks email match in IsValid()"), BitAutoData]
public async Task AcceptUserAsync_EmergencyAccessEmailDoesNotMatch_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider,
User acceptingUser,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
string token)
{
emergencyAccess.Status = EmergencyAccessStatusType.Invited;
emergencyAccess.Email = acceptingUser.Email;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
sutProvider.GetDependency<IDataProtectorTokenFactory<EmergencyAccessInviteTokenable>>()
.TryUnprotect(token, out Arg.Any<EmergencyAccessInviteTokenable>())
.Returns(callInfo =>
{
callInfo[1] = new EmergencyAccessInviteTokenable(emergencyAccess, 1);
return true;
});
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.AcceptUserAsync(emergencyAccess.Id, acceptingUser, token, sutProvider.GetDependency<IUserService>()));
Assert.Contains("User email does not match invite.", exception.Message);
}
[Theory, BitAutoData]
public async Task AcceptUserAsync_ReplaceEmergencyAccess_SendsEmail_Success(
SutProvider<EmergencyAccessService> sutProvider,
User acceptingUser,
User invitingUser,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
string token)
{
emergencyAccess.Status = EmergencyAccessStatusType.Invited;
emergencyAccess.Email = acceptingUser.Email;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
sutProvider.GetDependency<IUserService>()
.GetUserByIdAsync(Arg.Any<Guid>())
.Returns(invitingUser);
sutProvider.GetDependency<IDataProtectorTokenFactory<EmergencyAccessInviteTokenable>>()
.TryUnprotect(token, out Arg.Any<EmergencyAccessInviteTokenable>())
.Returns(callInfo =>
{
callInfo[1] = new EmergencyAccessInviteTokenable(emergencyAccess, 1);
return true;
});
await sutProvider.Sut.AcceptUserAsync(emergencyAccess.Id, acceptingUser, token, sutProvider.GetDependency<IUserService>());
await sutProvider.GetDependency<IEmergencyAccessRepository>()
.Received(1)
.ReplaceAsync(Arg.Is<Core.Auth.Entities.EmergencyAccess>(x => x.Status == EmergencyAccessStatusType.Accepted));
await sutProvider.GetDependency<IMailService>()
.Received(1)
.SendEmergencyAccessAcceptedEmailAsync(acceptingUser.Email, invitingUser.Email);
}
[Theory, BitAutoData]
public async Task DeleteAsync_EmergencyAccessNull_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider,
User invitingUser,
Core.Auth.Entities.EmergencyAccess emergencyAccess)
{
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns((Core.Auth.Entities.EmergencyAccess)null);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.DeleteAsync(emergencyAccess.Id, invitingUser.Id));
Assert.Contains("Emergency Access not valid.", exception.Message);
}
[Theory, BitAutoData]
public async Task DeleteAsync_EmergencyAccessGrantorIdNotEqual_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider,
User randomUser,
Core.Auth.Entities.EmergencyAccess emergencyAccess)
{
emergencyAccess.GrantorId = Guid.NewGuid();
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.DeleteAsync(emergencyAccess.Id, randomUser.Id));
Assert.Contains("Emergency Access not valid.", exception.Message);
}
[Theory, BitAutoData]
public async Task DeleteAsync_EmergencyAccessGranteeIdNotEqual_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider,
User randomUser,
Core.Auth.Entities.EmergencyAccess emergencyAccess)
{
emergencyAccess.GranteeId = Guid.NewGuid();
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.DeleteAsync(emergencyAccess.Id, randomUser.Id));
Assert.Contains("Emergency Access not valid.", exception.Message);
}
[Theory, BitAutoData]
public async Task DeleteAsync_GrantorDeletes_Success(
SutProvider<EmergencyAccessService> sutProvider,
User grantor,
User grantee,
Core.Auth.Entities.EmergencyAccess emergencyAccess)
{
emergencyAccess.GrantorId = grantor.Id;
emergencyAccess.GranteeId = grantee.Id;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
await sutProvider.Sut.DeleteAsync(emergencyAccess.Id, grantor.Id);
await sutProvider.GetDependency<IEmergencyAccessRepository>()
.Received(1)
.DeleteAsync(emergencyAccess);
}
[Theory, BitAutoData]
public async Task DeleteAsync_GranteeDeletes_Success(
SutProvider<EmergencyAccessService> sutProvider,
User grantor,
User grantee,
Core.Auth.Entities.EmergencyAccess emergencyAccess)
{
emergencyAccess.GrantorId = grantor.Id;
emergencyAccess.GranteeId = grantee.Id;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
await sutProvider.Sut.DeleteAsync(emergencyAccess.Id, grantee.Id);
await sutProvider.GetDependency<IEmergencyAccessRepository>()
.Received(1)
.DeleteAsync(emergencyAccess);
}
[Theory, BitAutoData]
public async Task ConfirmUserAsync_EmergencyAccessNull_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
string key,
User grantorUser)
{
emergencyAccess.GrantorId = grantorUser.Id;
emergencyAccess.Status = EmergencyAccessStatusType.RecoveryInitiated;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns((Core.Auth.Entities.EmergencyAccess)null);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.ConfirmUserAsync(emergencyAccess.Id, key, grantorUser.Id));
Assert.Contains("Emergency Access not valid.", exception.Message);
await sutProvider.GetDependency<IEmergencyAccessRepository>().DidNotReceiveWithAnyArgs().ReplaceAsync(default);
}
[Theory, BitAutoData]
public async Task ConfirmUserAsync_EmergencyAccessStatusIsNotAccepted_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
string key,
User grantorUser)
{
emergencyAccess.GrantorId = grantorUser.Id;
emergencyAccess.Status = EmergencyAccessStatusType.RecoveryInitiated;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(emergencyAccess.Id)
.Returns(emergencyAccess);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.ConfirmUserAsync(emergencyAccess.Id, key, grantorUser.Id));
Assert.Contains("Emergency Access not valid.", exception.Message);
await sutProvider.GetDependency<IEmergencyAccessRepository>().DidNotReceiveWithAnyArgs().ReplaceAsync(default);
}
[Theory, BitAutoData]
public async Task ConfirmUserAsync_EmergencyAccessGrantorIdNotEqualToConfirmingUserId_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
string key,
User grantorUser)
{
emergencyAccess.Status = EmergencyAccessStatusType.RecoveryInitiated;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.ConfirmUserAsync(emergencyAccess.Id, key, grantorUser.Id));
Assert.Contains("Emergency Access not valid.", exception.Message);
await sutProvider.GetDependency<IEmergencyAccessRepository>().DidNotReceiveWithAnyArgs().ReplaceAsync(default);
}
[Theory, BitAutoData]
public async Task ConfirmUserAsync_UserWithKeyConnectorCannotUseTakeover_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider, User confirmingUser, string key)
{
confirmingUser.UsesKeyConnector = true;
var emergencyAccess = new Core.Auth.Entities.EmergencyAccess
{
Status = EmergencyAccessStatusType.Accepted,
GrantorId = confirmingUser.Id,
Type = EmergencyAccessType.Takeover,
};
sutProvider.GetDependency<IUserRepository>()
.GetByIdAsync(confirmingUser.Id)
.Returns(confirmingUser);
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.ConfirmUserAsync(new Guid(), key, confirmingUser.Id));
Assert.Contains("You cannot use Emergency Access Takeover because you are using Key Connector", exception.Message);
await sutProvider.GetDependency<IEmergencyAccessRepository>().DidNotReceiveWithAnyArgs().ReplaceAsync(default);
}
[Theory, BitAutoData]
public async Task ConfirmUserAsync_ConfirmsAndReplacesEmergencyAccess_Success(
SutProvider<EmergencyAccessService> sutProvider,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
string key,
User grantorUser,
User granteeUser)
{
emergencyAccess.GrantorId = grantorUser.Id;
emergencyAccess.Status = EmergencyAccessStatusType.Accepted;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
sutProvider.GetDependency<IUserRepository>()
.GetByIdAsync(grantorUser.Id)
.Returns(grantorUser);
sutProvider.GetDependency<IUserRepository>()
.GetByIdAsync(emergencyAccess.GranteeId.Value)
.Returns(granteeUser);
await sutProvider.Sut.ConfirmUserAsync(emergencyAccess.Id, key, grantorUser.Id);
await sutProvider.GetDependency<IEmergencyAccessRepository>()
.Received(1)
.ReplaceAsync(Arg.Is<Core.Auth.Entities.EmergencyAccess>(x => x.Status == EmergencyAccessStatusType.Confirmed));
await sutProvider.GetDependency<IMailService>()
.Received(1)
.SendEmergencyAccessConfirmedEmailAsync(grantorUser.Name, granteeUser.Email);
}
[Theory, BitAutoData]
public async Task SaveAsync_PremiumCannotUpdate_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider, User savingUser)
{
var emergencyAccess = new Core.Auth.Entities.EmergencyAccess
{
Type = EmergencyAccessType.Takeover,
GrantorId = savingUser.Id,
};
sutProvider.GetDependency<IUserService>()
.CanAccessPremium(savingUser)
.Returns(false);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.SaveAsync(emergencyAccess, savingUser));
Assert.Contains("Not a premium user.", exception.Message);
await sutProvider.GetDependency<IEmergencyAccessRepository>().DidNotReceiveWithAnyArgs().ReplaceAsync(default);
}
[Theory, BitAutoData]
public async Task SaveAsync_EmergencyAccessGrantorIdNotEqualToSavingUserId_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider, User savingUser)
{
savingUser.Premium = true;
var emergencyAccess = new Core.Auth.Entities.EmergencyAccess
{
Type = EmergencyAccessType.Takeover,
GrantorId = new Guid(),
};
sutProvider.GetDependency<IUserService>()
.GetUserByIdAsync(savingUser.Id)
.Returns(savingUser);
sutProvider.GetDependency<IUserService>()
.CanAccessPremium(savingUser)
.Returns(true);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.SaveAsync(emergencyAccess, savingUser));
Assert.Contains("Emergency Access not valid.", exception.Message);
await sutProvider.GetDependency<IEmergencyAccessRepository>().DidNotReceiveWithAnyArgs().ReplaceAsync(default);
}
[Theory, BitAutoData]
public async Task SaveAsync_GrantorUserWithKeyConnectorCannotTakeover_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider, User grantorUser)
{
grantorUser.UsesKeyConnector = true;
var emergencyAccess = new Core.Auth.Entities.EmergencyAccess
{
Type = EmergencyAccessType.Takeover,
GrantorId = grantorUser.Id,
};
var userService = sutProvider.GetDependency<IUserService>();
userService.GetUserByIdAsync(grantorUser.Id).Returns(grantorUser);
userService.CanAccessPremium(grantorUser).Returns(true);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.SaveAsync(emergencyAccess, grantorUser));
Assert.Contains("You cannot use Emergency Access Takeover because you are using Key Connector", exception.Message);
await sutProvider.GetDependency<IEmergencyAccessRepository>().DidNotReceiveWithAnyArgs().ReplaceAsync(default);
}
[Theory, BitAutoData]
public async Task SaveAsync_GrantorUserWithKeyConnectorCanView_SavesEmergencyAccess(
SutProvider<EmergencyAccessService> sutProvider, User grantorUser)
{
grantorUser.UsesKeyConnector = true;
var emergencyAccess = new Core.Auth.Entities.EmergencyAccess
{
Type = EmergencyAccessType.View,
GrantorId = grantorUser.Id,
};
var userService = sutProvider.GetDependency<IUserService>();
userService.GetUserByIdAsync(grantorUser.Id).Returns(grantorUser);
userService.CanAccessPremium(grantorUser).Returns(true);
await sutProvider.Sut.SaveAsync(emergencyAccess, grantorUser);
await sutProvider.GetDependency<IEmergencyAccessRepository>()
.Received(1)
.ReplaceAsync(emergencyAccess);
}
[Theory, BitAutoData]
public async Task SaveAsync_ValidRequest_SavesEmergencyAccess(
SutProvider<EmergencyAccessService> sutProvider, User grantorUser)
{
grantorUser.UsesKeyConnector = false;
var emergencyAccess = new Core.Auth.Entities.EmergencyAccess
{
Type = EmergencyAccessType.Takeover,
GrantorId = grantorUser.Id,
};
var userService = sutProvider.GetDependency<IUserService>();
userService.GetUserByIdAsync(grantorUser.Id).Returns(grantorUser);
userService.CanAccessPremium(grantorUser).Returns(true);
await sutProvider.Sut.SaveAsync(emergencyAccess, grantorUser);
await sutProvider.GetDependency<IEmergencyAccessRepository>()
.Received(1)
.ReplaceAsync(emergencyAccess);
}
[Theory, BitAutoData]
public async Task InitiateAsync_EmergencyAccessNull_ThrowBadRequest(
SutProvider<EmergencyAccessService> sutProvider, User initiatingUser)
{
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns((Core.Auth.Entities.EmergencyAccess)null);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.InitiateAsync(new Guid(), initiatingUser));
Assert.Contains("Emergency Access not valid.", exception.Message);
await sutProvider.GetDependency<IEmergencyAccessRepository>()
.DidNotReceiveWithAnyArgs()
.ReplaceAsync(default);
}
[Theory, BitAutoData]
public async Task InitiateAsync_EmergencyAccessGranteeIdNotEqual_ThrowBadRequest(
SutProvider<EmergencyAccessService> sutProvider,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
User initiatingUser)
{
emergencyAccess.GranteeId = new Guid();
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(emergencyAccess.Id)
.Returns(emergencyAccess);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.InitiateAsync(new Guid(), initiatingUser));
Assert.Contains("Emergency Access not valid.", exception.Message);
await sutProvider.GetDependency<IEmergencyAccessRepository>()
.DidNotReceiveWithAnyArgs()
.ReplaceAsync(default);
}
[Theory, BitAutoData]
public async Task InitiateAsync_EmergencyAccessStatusIsNotConfirmed_ThrowBadRequest(
SutProvider<EmergencyAccessService> sutProvider,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
User initiatingUser)
{
emergencyAccess.GranteeId = initiatingUser.Id;
emergencyAccess.Status = EmergencyAccessStatusType.Invited;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(emergencyAccess.Id)
.Returns(emergencyAccess);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.InitiateAsync(new Guid(), initiatingUser));
Assert.Contains("Emergency Access not valid.", exception.Message);
await sutProvider.GetDependency<IEmergencyAccessRepository>()
.DidNotReceiveWithAnyArgs()
.ReplaceAsync(default);
}
[Theory, BitAutoData]
public async Task InitiateAsync_UserWithKeyConnectorCannotUseTakeover_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider, User initiatingUser, User grantor)
{
grantor.UsesKeyConnector = true;
var emergencyAccess = new Core.Auth.Entities.EmergencyAccess
{
Status = EmergencyAccessStatusType.Confirmed,
GranteeId = initiatingUser.Id,
GrantorId = grantor.Id,
Type = EmergencyAccessType.Takeover,
};
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
sutProvider.GetDependency<IUserRepository>()
.GetByIdAsync(grantor.Id)
.Returns(grantor);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.InitiateAsync(new Guid(), initiatingUser));
Assert.Contains("You cannot takeover an account that is using Key Connector", exception.Message);
await sutProvider.GetDependency<IEmergencyAccessRepository>()
.DidNotReceiveWithAnyArgs()
.ReplaceAsync(default);
}
[Theory, BitAutoData]
public async Task InitiateAsync_UserWithKeyConnectorCanView_Success(
SutProvider<EmergencyAccessService> sutProvider, User initiatingUser, User grantor)
{
grantor.UsesKeyConnector = true;
var emergencyAccess = new Core.Auth.Entities.EmergencyAccess
{
Status = EmergencyAccessStatusType.Confirmed,
GranteeId = initiatingUser.Id,
GrantorId = grantor.Id,
Type = EmergencyAccessType.View,
};
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
sutProvider.GetDependency<IUserRepository>()
.GetByIdAsync(grantor.Id)
.Returns(grantor);
await sutProvider.Sut.InitiateAsync(new Guid(), initiatingUser);
await sutProvider.GetDependency<IEmergencyAccessRepository>()
.Received(1)
.ReplaceAsync(Arg.Is<Core.Auth.Entities.EmergencyAccess>(x => x.Status == EmergencyAccessStatusType.RecoveryInitiated));
}
[Theory, BitAutoData]
public async Task InitiateAsync_RequestIsCorrect_Success(
SutProvider<EmergencyAccessService> sutProvider, User initiatingUser, User grantor)
{
var emergencyAccess = new Core.Auth.Entities.EmergencyAccess
{
Status = EmergencyAccessStatusType.Confirmed,
GranteeId = initiatingUser.Id,
GrantorId = grantor.Id,
Type = EmergencyAccessType.Takeover,
};
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
sutProvider.GetDependency<IUserRepository>()
.GetByIdAsync(grantor.Id)
.Returns(grantor);
await sutProvider.Sut.InitiateAsync(new Guid(), initiatingUser);
await sutProvider.GetDependency<IEmergencyAccessRepository>()
.Received(1)
.ReplaceAsync(Arg.Is<Core.Auth.Entities.EmergencyAccess>(x => x.Status == EmergencyAccessStatusType.RecoveryInitiated));
}
[Theory, BitAutoData]
public async Task ApproveAsync_EmergencyAccessNull_ThrowsBadrequest(
SutProvider<EmergencyAccessService> sutProvider)
{
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns((Core.Auth.Entities.EmergencyAccess)null);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.ApproveAsync(new Guid(), null));
Assert.Contains("Emergency Access not valid.", exception.Message);
}
[Theory, BitAutoData]
public async Task ApproveAsync_EmergencyAccessGrantorIdNotEquatToApproving_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
User grantorUser)
{
emergencyAccess.Status = EmergencyAccessStatusType.RecoveryInitiated;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.ApproveAsync(emergencyAccess.Id, grantorUser));
Assert.Contains("Emergency Access not valid.", exception.Message);
}
[Theory]
[BitAutoData(EmergencyAccessStatusType.Invited)]
[BitAutoData(EmergencyAccessStatusType.Accepted)]
[BitAutoData(EmergencyAccessStatusType.Confirmed)]
[BitAutoData(EmergencyAccessStatusType.RecoveryApproved)]
public async Task ApproveAsync_EmergencyAccessStatusNotRecoveryInitiated_ThrowsBadRequest(
EmergencyAccessStatusType statusType,
SutProvider<EmergencyAccessService> sutProvider,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
User grantorUser)
{
emergencyAccess.GrantorId = grantorUser.Id;
emergencyAccess.Status = statusType;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.ApproveAsync(emergencyAccess.Id, grantorUser));
Assert.Contains("Emergency Access not valid.", exception.Message);
}
[Theory, BitAutoData]
public async Task ApproveAsync_Success(
SutProvider<EmergencyAccessService> sutProvider,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
User grantorUser,
User granteeUser)
{
emergencyAccess.GrantorId = grantorUser.Id;
emergencyAccess.Status = EmergencyAccessStatusType.RecoveryInitiated;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
sutProvider.GetDependency<IUserRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(granteeUser);
await sutProvider.Sut.ApproveAsync(emergencyAccess.Id, grantorUser);
await sutProvider.GetDependency<IEmergencyAccessRepository>()
.Received(1)
.ReplaceAsync(Arg.Is<Core.Auth.Entities.EmergencyAccess>(x => x.Status == EmergencyAccessStatusType.RecoveryApproved));
}
[Theory, BitAutoData]
public async Task RejectAsync_EmergencyAccessIdNull_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
User GrantorUser)
{
emergencyAccess.GrantorId = GrantorUser.Id;
emergencyAccess.Status = EmergencyAccessStatusType.Accepted;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns((Core.Auth.Entities.EmergencyAccess)null);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.RejectAsync(emergencyAccess.Id, GrantorUser));
Assert.Contains("Emergency Access not valid.", exception.Message);
}
[Theory, BitAutoData]
public async Task RejectAsync_EmergencyAccessGrantorIdNotEqualToRequestUser_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
User GrantorUser)
{
emergencyAccess.Status = EmergencyAccessStatusType.Accepted;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.RejectAsync(emergencyAccess.Id, GrantorUser));
Assert.Contains("Emergency Access not valid.", exception.Message);
}
[Theory]
[BitAutoData(EmergencyAccessStatusType.Invited)]
[BitAutoData(EmergencyAccessStatusType.Accepted)]
[BitAutoData(EmergencyAccessStatusType.Confirmed)]
public async Task RejectAsync_EmergencyAccessStatusNotValid_ThrowsBadRequest(
EmergencyAccessStatusType statusType,
SutProvider<EmergencyAccessService> sutProvider,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
User GrantorUser)
{
emergencyAccess.GrantorId = GrantorUser.Id;
emergencyAccess.Status = statusType;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.RejectAsync(emergencyAccess.Id, GrantorUser));
Assert.Contains("Emergency Access not valid.", exception.Message);
}
[Theory]
[BitAutoData(EmergencyAccessStatusType.RecoveryInitiated)]
[BitAutoData(EmergencyAccessStatusType.RecoveryApproved)]
public async Task RejectAsync_Success(
EmergencyAccessStatusType statusType,
SutProvider<EmergencyAccessService> sutProvider,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
User GrantorUser,
User GranteeUser)
{
emergencyAccess.GrantorId = GrantorUser.Id;
emergencyAccess.Status = statusType;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
sutProvider.GetDependency<IUserRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(GranteeUser);
await sutProvider.Sut.RejectAsync(emergencyAccess.Id, GrantorUser);
await sutProvider.GetDependency<IEmergencyAccessRepository>()
.Received(1)
.ReplaceAsync(Arg.Is<Core.Auth.Entities.EmergencyAccess>(x => x.Status == EmergencyAccessStatusType.Confirmed));
}
[Theory, BitAutoData]
public async Task GetPoliciesAsync_RequestNotValidEmergencyAccessNull_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider)
{
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns((Core.Auth.Entities.EmergencyAccess)null);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.GetPoliciesAsync(default, default));
Assert.Contains("Emergency Access not valid.", exception.Message);
}
[Theory]
[BitAutoData(EmergencyAccessStatusType.Invited)]
[BitAutoData(EmergencyAccessStatusType.Accepted)]
[BitAutoData(EmergencyAccessStatusType.Confirmed)]
[BitAutoData(EmergencyAccessStatusType.RecoveryInitiated)]
public async Task GetPoliciesAsync_RequestNotValidStatusType_ThrowsBadRequest(
EmergencyAccessStatusType statusType,
SutProvider<EmergencyAccessService> sutProvider,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
User granteeUser)
{
emergencyAccess.GranteeId = granteeUser.Id;
emergencyAccess.Status = statusType;
emergencyAccess.Type = EmergencyAccessType.Takeover;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.GetPoliciesAsync(emergencyAccess.Id, granteeUser));
Assert.Contains("Emergency Access not valid.", exception.Message);
}
[Theory, BitAutoData]
public async Task GetPoliciesAsync_RequestNotValidType_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
User granteeUser)
{
emergencyAccess.GranteeId = granteeUser.Id;
emergencyAccess.Status = EmergencyAccessStatusType.RecoveryApproved;
emergencyAccess.Type = EmergencyAccessType.View;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.GetPoliciesAsync(emergencyAccess.Id, granteeUser));
Assert.Contains("Emergency Access not valid.", exception.Message);
}
[Theory]
[BitAutoData(OrganizationUserType.Admin)]
[BitAutoData(OrganizationUserType.User)]
[BitAutoData(OrganizationUserType.Custom)]
public async Task GetPoliciesAsync_OrganizationUserTypeNotOwner_ReturnsNull(
OrganizationUserType userType,
SutProvider<EmergencyAccessService> sutProvider,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
User granteeUser,
User grantorUser,
OrganizationUser grantorOrganizationUser)
{
emergencyAccess.GrantorId = grantorUser.Id;
emergencyAccess.GranteeId = granteeUser.Id;
emergencyAccess.Status = EmergencyAccessStatusType.RecoveryApproved;
emergencyAccess.Type = EmergencyAccessType.Takeover;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
sutProvider.GetDependency<IUserRepository>()
.GetByIdAsync(emergencyAccess.GrantorId)
.Returns(grantorUser);
grantorOrganizationUser.UserId = grantorUser.Id;
grantorOrganizationUser.Type = userType;
sutProvider.GetDependency<IOrganizationUserRepository>()
.GetManyByUserAsync(grantorUser.Id)
.Returns([grantorOrganizationUser]);
var result = await sutProvider.Sut.GetPoliciesAsync(emergencyAccess.Id, granteeUser);
Assert.Null(result);
}
[Theory, BitAutoData]
public async Task GetPoliciesAsync_OrganizationUserEmpty_ReturnsNull(
SutProvider<EmergencyAccessService> sutProvider,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
User granteeUser,
User grantorUser)
{
emergencyAccess.GrantorId = grantorUser.Id;
emergencyAccess.GranteeId = granteeUser.Id;
emergencyAccess.Status = EmergencyAccessStatusType.RecoveryApproved;
emergencyAccess.Type = EmergencyAccessType.Takeover;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
sutProvider.GetDependency<IUserRepository>()
.GetByIdAsync(emergencyAccess.GrantorId)
.Returns(grantorUser);
sutProvider.GetDependency<IOrganizationUserRepository>()
.GetManyByUserAsync(grantorUser.Id)
.Returns([]);
var result = await sutProvider.Sut.GetPoliciesAsync(emergencyAccess.Id, granteeUser);
Assert.Null(result);
}
[Theory, BitAutoData]
public async Task GetPoliciesAsync_ReturnsNotNull(
SutProvider<EmergencyAccessService> sutProvider,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
User granteeUser,
User grantorUser,
OrganizationUser grantorOrganizationUser)
{
emergencyAccess.GrantorId = grantorUser.Id;
emergencyAccess.GranteeId = granteeUser.Id;
emergencyAccess.Status = EmergencyAccessStatusType.RecoveryApproved;
emergencyAccess.Type = EmergencyAccessType.Takeover;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
sutProvider.GetDependency<IUserRepository>()
.GetByIdAsync(emergencyAccess.GrantorId)
.Returns(grantorUser);
grantorOrganizationUser.UserId = grantorUser.Id;
grantorOrganizationUser.Type = OrganizationUserType.Owner;
sutProvider.GetDependency<IOrganizationUserRepository>()
.GetManyByUserAsync(grantorUser.Id)
.Returns([grantorOrganizationUser]);
sutProvider.GetDependency<IPolicyRepository>()
.GetManyByUserIdAsync(grantorUser.Id)
.Returns([]);
var result = await sutProvider.Sut.GetPoliciesAsync(emergencyAccess.Id, granteeUser);
Assert.NotNull(result);
}
[Theory, BitAutoData]
public async Task TakeoverAsync_RequestNotValid_EmergencyAccessIsNull_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider)
{
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns((Core.Auth.Entities.EmergencyAccess)null);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.TakeoverAsync(default, default));
Assert.Contains("Emergency Access not valid.", exception.Message);
}
[Theory, BitAutoData]
public async Task TakeoverAsync_RequestNotValid_GranteeNotEqualToRequestingUser_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
User granteeUser)
{
emergencyAccess.Status = EmergencyAccessStatusType.RecoveryApproved;
emergencyAccess.Type = EmergencyAccessType.Takeover;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.TakeoverAsync(new Guid(), granteeUser));
Assert.Contains("Emergency Access not valid.", exception.Message);
}
[Theory]
[BitAutoData(EmergencyAccessStatusType.Invited)]
[BitAutoData(EmergencyAccessStatusType.Accepted)]
[BitAutoData(EmergencyAccessStatusType.Confirmed)]
[BitAutoData(EmergencyAccessStatusType.RecoveryInitiated)]
public async Task TakeoverAsync_RequestNotValid_StatusType_ThrowsBadRequest(
EmergencyAccessStatusType statusType,
SutProvider<EmergencyAccessService> sutProvider,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
User granteeUser)
{
emergencyAccess.GranteeId = granteeUser.Id;
emergencyAccess.Status = statusType;
emergencyAccess.Type = EmergencyAccessType.Takeover;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.TakeoverAsync(new Guid(), granteeUser));
Assert.Contains("Emergency Access not valid.", exception.Message);
}
[Theory, BitAutoData]
public async Task TakeoverAsync_RequestNotValid_TypeIsView_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
User granteeUser)
{
emergencyAccess.GranteeId = granteeUser.Id;
emergencyAccess.Status = EmergencyAccessStatusType.RecoveryApproved;
emergencyAccess.Type = EmergencyAccessType.View;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.TakeoverAsync(new Guid(), granteeUser));
Assert.Contains("Emergency Access not valid.", exception.Message);
}
[Theory, BitAutoData]
public async Task TakeoverAsync_UserWithKeyConnectorCannotUseTakeover_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider,
User granteeUser,
User grantor)
{
grantor.UsesKeyConnector = true;
var emergencyAccess = new Core.Auth.Entities.EmergencyAccess
{
GrantorId = grantor.Id,
GranteeId = granteeUser.Id,
Status = EmergencyAccessStatusType.RecoveryApproved,
Type = EmergencyAccessType.Takeover,
};
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
sutProvider.GetDependency<IUserRepository>()
.GetByIdAsync(grantor.Id)
.Returns(grantor);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.TakeoverAsync(new Guid(), granteeUser));
Assert.Contains("You cannot takeover an account that is using Key Connector", exception.Message);
}
[Theory, BitAutoData]
public async Task TakeoverAsync_Success_ReturnsEmergencyAccessAndGrantorUser(
SutProvider<EmergencyAccessService> sutProvider,
User granteeUser,
User grantor)
{
grantor.UsesKeyConnector = false;
var emergencyAccess = new Core.Auth.Entities.EmergencyAccess
{
GrantorId = grantor.Id,
GranteeId = granteeUser.Id,
Status = EmergencyAccessStatusType.RecoveryApproved,
Type = EmergencyAccessType.Takeover,
};
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
sutProvider.GetDependency<IUserRepository>()
.GetByIdAsync(grantor.Id)
.Returns(grantor);
var result = await sutProvider.Sut.TakeoverAsync(new Guid(), granteeUser);
Assert.Equal(result.Item1, emergencyAccess);
Assert.Equal(result.Item2, grantor);
}
[Theory, BitAutoData]
public async Task PasswordAsync_RequestNotValid_EmergencyAccessIsNull_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider)
{
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns((Core.Auth.Entities.EmergencyAccess)null);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.PasswordAsync(default, default, default, default));
Assert.Contains("Emergency Access not valid.", exception.Message);
}
[Theory, BitAutoData]
public async Task PasswordAsync_RequestNotValid_GranteeNotEqualToRequestingUser_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
User granteeUser)
{
emergencyAccess.Status = EmergencyAccessStatusType.RecoveryApproved;
emergencyAccess.Type = EmergencyAccessType.Takeover;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.PasswordAsync(emergencyAccess.Id, granteeUser, default, default));
Assert.Contains("Emergency Access not valid.", exception.Message);
}
[Theory]
[BitAutoData(EmergencyAccessStatusType.Invited)]
[BitAutoData(EmergencyAccessStatusType.Accepted)]
[BitAutoData(EmergencyAccessStatusType.Confirmed)]
[BitAutoData(EmergencyAccessStatusType.RecoveryInitiated)]
public async Task PasswordAsync_RequestNotValid_StatusType_ThrowsBadRequest(
EmergencyAccessStatusType statusType,
SutProvider<EmergencyAccessService> sutProvider,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
User granteeUser)
{
emergencyAccess.GranteeId = granteeUser.Id;
emergencyAccess.Status = statusType;
emergencyAccess.Type = EmergencyAccessType.Takeover;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.PasswordAsync(emergencyAccess.Id, granteeUser, default, default));
Assert.Contains("Emergency Access not valid.", exception.Message);
}
[Theory, BitAutoData]
public async Task PasswordAsync_RequestNotValid_TypeIsView_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
User granteeUser)
{
emergencyAccess.GranteeId = granteeUser.Id;
emergencyAccess.Status = EmergencyAccessStatusType.RecoveryApproved;
emergencyAccess.Type = EmergencyAccessType.View;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.PasswordAsync(emergencyAccess.Id, granteeUser, default, default));
Assert.Contains("Emergency Access not valid.", exception.Message);
}
[Theory, BitAutoData]
public async Task PasswordAsync_NonOrgUser_Success(
SutProvider<EmergencyAccessService> sutProvider,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
User granteeUser,
User grantorUser,
string key,
string passwordHash)
{
emergencyAccess.GranteeId = granteeUser.Id;
emergencyAccess.GrantorId = grantorUser.Id;
emergencyAccess.Status = EmergencyAccessStatusType.RecoveryApproved;
emergencyAccess.Type = EmergencyAccessType.Takeover;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
sutProvider.GetDependency<IUserRepository>()
.GetByIdAsync(emergencyAccess.GrantorId)
.Returns(grantorUser);
await sutProvider.Sut.PasswordAsync(emergencyAccess.Id, granteeUser, passwordHash, key);
await sutProvider.GetDependency<IUserService>()
.Received(1)
.UpdatePasswordHash(grantorUser, passwordHash);
await sutProvider.GetDependency<IUserRepository>()
.Received(1)
.ReplaceAsync(Arg.Is<User>(u => u.VerifyDevices == false && u.Key == key));
}
[Theory]
[BitAutoData(OrganizationUserType.User)]
[BitAutoData(OrganizationUserType.Admin)]
[BitAutoData(OrganizationUserType.Custom)]
public async Task PasswordAsync_OrgUser_NotOrganizationOwner_RemovedFromOrganization_Success(
OrganizationUserType userType,
SutProvider<EmergencyAccessService> sutProvider,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
User granteeUser,
User grantorUser,
OrganizationUser organizationUser,
string key,
string passwordHash)
{
emergencyAccess.GranteeId = granteeUser.Id;
emergencyAccess.GrantorId = grantorUser.Id;
emergencyAccess.Status = EmergencyAccessStatusType.RecoveryApproved;
emergencyAccess.Type = EmergencyAccessType.Takeover;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
sutProvider.GetDependency<IUserRepository>()
.GetByIdAsync(emergencyAccess.GrantorId)
.Returns(grantorUser);
organizationUser.UserId = grantorUser.Id;
organizationUser.Type = userType;
sutProvider.GetDependency<IOrganizationUserRepository>()
.GetManyByUserAsync(grantorUser.Id)
.Returns([organizationUser]);
await sutProvider.Sut.PasswordAsync(emergencyAccess.Id, granteeUser, passwordHash, key);
await sutProvider.GetDependency<IUserService>()
.Received(1)
.UpdatePasswordHash(grantorUser, passwordHash);
await sutProvider.GetDependency<IUserRepository>()
.Received(1)
.ReplaceAsync(Arg.Is<User>(u => u.VerifyDevices == false && u.Key == key));
await sutProvider.GetDependency<IRemoveOrganizationUserCommand>()
.Received(1)
.RemoveUserAsync(organizationUser.OrganizationId, organizationUser.UserId.Value);
}
[Theory, BitAutoData]
public async Task PasswordAsync_OrgUser_IsOrganizationOwner_NotRemovedFromOrganization_Success(
SutProvider<EmergencyAccessService> sutProvider,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
User granteeUser,
User grantorUser,
OrganizationUser organizationUser,
string key,
string passwordHash)
{
emergencyAccess.GranteeId = granteeUser.Id;
emergencyAccess.GrantorId = grantorUser.Id;
emergencyAccess.Status = EmergencyAccessStatusType.RecoveryApproved;
emergencyAccess.Type = EmergencyAccessType.Takeover;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
sutProvider.GetDependency<IUserRepository>()
.GetByIdAsync(emergencyAccess.GrantorId)
.Returns(grantorUser);
organizationUser.UserId = grantorUser.Id;
organizationUser.Type = OrganizationUserType.Owner;
sutProvider.GetDependency<IOrganizationUserRepository>()
.GetManyByUserAsync(grantorUser.Id)
.Returns([organizationUser]);
await sutProvider.Sut.PasswordAsync(emergencyAccess.Id, granteeUser, passwordHash, key);
await sutProvider.GetDependency<IUserService>()
.Received(1)
.UpdatePasswordHash(grantorUser, passwordHash);
await sutProvider.GetDependency<IUserRepository>()
.Received(1)
.ReplaceAsync(Arg.Is<User>(u => u.VerifyDevices == false && u.Key == key));
await sutProvider.GetDependency<IRemoveOrganizationUserCommand>()
.Received(0)
.RemoveUserAsync(organizationUser.OrganizationId, organizationUser.UserId.Value);
}
[Theory, BitAutoData]
public async Task PasswordAsync_Disables_NewDeviceVerification_And_TwoFactorProviders_On_The_Grantor(
SutProvider<EmergencyAccessService> sutProvider, User requestingUser, User grantor)
{
grantor.UsesKeyConnector = true;
grantor.SetTwoFactorProviders(new Dictionary<TwoFactorProviderType, TwoFactorProvider>
{
[TwoFactorProviderType.Email] = new TwoFactorProvider
{
MetaData = new Dictionary<string, object> { ["Email"] = "asdfasf" },
Enabled = true
}
});
var emergencyAccess = new Core.Auth.Entities.EmergencyAccess
{
GrantorId = grantor.Id,
GranteeId = requestingUser.Id,
Status = EmergencyAccessStatusType.RecoveryApproved,
Type = EmergencyAccessType.Takeover,
};
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
sutProvider.GetDependency<IUserRepository>()
.GetByIdAsync(grantor.Id)
.Returns(grantor);
await sutProvider.Sut.PasswordAsync(Guid.NewGuid(), requestingUser, "blablahash", "blablakey");
Assert.Empty(grantor.GetTwoFactorProviders());
Assert.False(grantor.VerifyDevices);
await sutProvider.GetDependency<IUserRepository>().Received().ReplaceAsync(grantor);
}
[Theory, BitAutoData]
public async Task ViewAsync_EmergencyAccessTypeNotView_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
User granteeUser)
{
emergencyAccess.GranteeId = granteeUser.Id;
emergencyAccess.Type = EmergencyAccessType.Takeover;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.ViewAsync(emergencyAccess.Id, granteeUser));
}
[Theory, BitAutoData]
public async Task GetAttachmentDownloadAsync_EmergencyAccessTypeNotView_ThrowsBadRequest(
SutProvider<EmergencyAccessService> sutProvider,
Core.Auth.Entities.EmergencyAccess emergencyAccess,
User granteeUser)
{
emergencyAccess.GranteeId = granteeUser.Id;
emergencyAccess.Type = EmergencyAccessType.Takeover;
sutProvider.GetDependency<IEmergencyAccessRepository>()
.GetByIdAsync(Arg.Any<Guid>())
.Returns(emergencyAccess);
var exception = await Assert.ThrowsAsync<BadRequestException>(
() => sutProvider.Sut.GetAttachmentDownloadAsync(emergencyAccess.Id, default, default, granteeUser));
}
}
Reference in New Issue View Git Blame Copy Permalink