-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
1462cff
commit f92532c
Showing
6 changed files
with
227 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
184 changes: 184 additions & 0 deletions
184
....Test/SecretsManager/AuthorizationHandlers/Secrets/BulkSecretAuthorizationHandlerTests.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,184 @@ | ||
using System.Security.Claims; | ||
using Bit.Commercial.Core.SecretsManager.AuthorizationHandlers.Secrets; | ||
using Bit.Core.Context; | ||
using Bit.Core.Enums; | ||
using Bit.Core.SecretsManager.AuthorizationRequirements; | ||
using Bit.Core.SecretsManager.Entities; | ||
using Bit.Core.SecretsManager.Queries.Interfaces; | ||
using Bit.Core.SecretsManager.Repositories; | ||
using Bit.Core.Test.SecretsManager.AutoFixture.ProjectsFixture; | ||
using Bit.Test.Common.AutoFixture; | ||
using Bit.Test.Common.AutoFixture.Attributes; | ||
using Microsoft.AspNetCore.Authorization; | ||
using NSubstitute; | ||
using Xunit; | ||
|
||
namespace Bit.Commercial.Core.Test.SecretsManager.AuthorizationHandlers.Secrets; | ||
|
||
[SutProviderCustomize] | ||
[ProjectCustomize] | ||
public class BulkSecretAuthorizationHandlerTests | ||
{ | ||
[Theory] | ||
[BitAutoData] | ||
public async Task HandleAsync_DifferentOrganizations_DoesNotSucceed( | ||
SutProvider<BulkSecretAuthorizationHandler> sutProvider, | ||
ClaimsPrincipal claimsPrincipal, | ||
Secret secret1, | ||
Secret secret2) | ||
{ | ||
var secrets = new List<Secret> { secret1, secret2 }; | ||
|
||
var authorizationContext = new AuthorizationHandlerContext( | ||
new List<IAuthorizationRequirement> { BulkSecretOperations.Update }, | ||
claimsPrincipal, | ||
secrets); | ||
|
||
await sutProvider.Sut.HandleAsync(authorizationContext); | ||
|
||
Assert.False(authorizationContext.HasSucceeded); | ||
} | ||
|
||
[Theory] | ||
[BitAutoData] | ||
public async Task HandleAsync_DoesNotHaveAccessToSm_DoesNotSucceed( | ||
SutProvider<BulkSecretAuthorizationHandler> sutProvider, | ||
ClaimsPrincipal claimsPrincipal, | ||
Secret secret1, | ||
Secret secret2) | ||
{ | ||
secret2.OrganizationId = secret1.OrganizationId; | ||
|
||
sutProvider.GetDependency<ICurrentContext>() | ||
.AccessSecretsManager(secret1.OrganizationId) | ||
.Returns(false); | ||
|
||
var secrets = new List<Secret> { secret1, secret2 }; | ||
|
||
var authorizationContext = new AuthorizationHandlerContext( | ||
new List<IAuthorizationRequirement> { BulkSecretOperations.Update }, | ||
claimsPrincipal, | ||
secrets); | ||
|
||
await sutProvider.Sut.HandleAsync(authorizationContext); | ||
|
||
Assert.False(authorizationContext.HasSucceeded); | ||
} | ||
|
||
[Theory] | ||
[BitAutoData] | ||
public async Task HandleAsync_UnknownRequirement_DoesNotSucceed( | ||
SutProvider<BulkSecretAuthorizationHandler> sutProvider, | ||
ClaimsPrincipal claimsPrincipal, | ||
Secret secret1, | ||
Secret secret2, | ||
Guid userId) | ||
{ | ||
secret2.OrganizationId = secret1.OrganizationId; | ||
|
||
sutProvider.GetDependency<ICurrentContext>() | ||
.AccessSecretsManager(secret1.OrganizationId) | ||
.Returns(true); | ||
|
||
sutProvider.GetDependency<IAccessClientQuery>() | ||
.GetAccessClientAsync(claimsPrincipal, secret1.OrganizationId) | ||
.Returns((AccessClientType.User, userId)); | ||
|
||
var secrets = new List<Secret> { secret1, secret2 }; | ||
|
||
var authorizationContext = new AuthorizationHandlerContext( | ||
new List<IAuthorizationRequirement> { new BulkSecretOperationRequirement { Name = "Something" } }, | ||
claimsPrincipal, | ||
secrets); | ||
|
||
await sutProvider.Sut.HandleAsync(authorizationContext); | ||
|
||
Assert.False(authorizationContext.HasSucceeded); | ||
} | ||
|
||
[Theory] | ||
[BitAutoData] | ||
public async Task HandleAsync_DoesNotHaveWriteAccessToAllSecrets_DoesNotSucceed( | ||
SutProvider<BulkSecretAuthorizationHandler> sutProvider, | ||
ClaimsPrincipal claimsPrincipal, | ||
Secret secret1, | ||
Secret secret2, | ||
Guid userId) | ||
{ | ||
secret2.OrganizationId = secret1.OrganizationId; | ||
|
||
sutProvider.GetDependency<ICurrentContext>() | ||
.AccessSecretsManager(secret1.OrganizationId) | ||
.Returns(true); | ||
|
||
sutProvider.GetDependency<IAccessClientQuery>() | ||
.GetAccessClientAsync(claimsPrincipal, secret1.OrganizationId) | ||
.Returns((AccessClientType.User, userId)); | ||
|
||
sutProvider.GetDependency<ISecretRepository>() | ||
.AccessToSecretsAsync( | ||
Arg.Is<Guid[]>(arr => arr.Length == 2 && arr[0] == secret1.Id && arr[1] == secret2.Id), | ||
userId, | ||
AccessClientType.User | ||
) | ||
.Returns(new Dictionary<Guid, (bool Read, bool Write)> | ||
{ | ||
[secret1.Id] = (true, false), | ||
[secret2.Id] = (true, true), | ||
}); | ||
|
||
var secrets = new List<Secret> { secret1, secret2 }; | ||
|
||
var authorizationContext = new AuthorizationHandlerContext( | ||
new List<IAuthorizationRequirement> { BulkSecretOperations.Update }, | ||
claimsPrincipal, | ||
secrets); | ||
|
||
await sutProvider.Sut.HandleAsync(authorizationContext); | ||
|
||
Assert.False(authorizationContext.HasSucceeded); | ||
} | ||
|
||
[Theory] | ||
[BitAutoData] | ||
public async Task HandleAsync_HasWriteAccessToAllSecrets_Succeeds( | ||
SutProvider<BulkSecretAuthorizationHandler> sutProvider, | ||
ClaimsPrincipal claimsPrincipal, | ||
Secret secret1, | ||
Secret secret2, | ||
Guid userId) | ||
{ | ||
secret2.OrganizationId = secret1.OrganizationId; | ||
|
||
sutProvider.GetDependency<ICurrentContext>() | ||
.AccessSecretsManager(secret1.OrganizationId) | ||
.Returns(true); | ||
|
||
sutProvider.GetDependency<IAccessClientQuery>() | ||
.GetAccessClientAsync(claimsPrincipal, secret1.OrganizationId) | ||
.Returns((AccessClientType.User, userId)); | ||
|
||
sutProvider.GetDependency<ISecretRepository>() | ||
.AccessToSecretsAsync( | ||
Arg.Is<Guid[]>(arr => arr.Length == 2 && arr[0] == secret1.Id && arr[1] == secret2.Id), | ||
userId, | ||
AccessClientType.User | ||
) | ||
.Returns(new Dictionary<Guid, (bool Read, bool Write)> | ||
{ | ||
[secret1.Id] = (true, true), | ||
[secret2.Id] = (true, true), | ||
}); | ||
|
||
var secrets = new List<Secret> { secret1, secret2 }; | ||
|
||
var authorizationContext = new AuthorizationHandlerContext( | ||
new List<IAuthorizationRequirement> { BulkSecretOperations.Update }, | ||
claimsPrincipal, | ||
secrets); | ||
|
||
await sutProvider.Sut.HandleAsync(authorizationContext); | ||
|
||
Assert.True(authorizationContext.HasSucceeded); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
13 changes: 13 additions & 0 deletions
13
...ure.EntityFramework/SecretsManager/Configurations/ProjectSecretEntityTypeConfiguration.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
using Bit.Infrastructure.EntityFramework.SecretsManager.Models; | ||
using Microsoft.EntityFrameworkCore; | ||
using Microsoft.EntityFrameworkCore.Metadata.Builders; | ||
|
||
namespace Bit.Infrastructure.EntityFramework.SecretsManager.Configurations; | ||
|
||
public class ProjectSecretEntityTypeConfiguration : IEntityTypeConfiguration<ProjectSecret> | ||
{ | ||
public void Configure(EntityTypeBuilder<ProjectSecret> builder) | ||
{ | ||
builder.ToTable(nameof(ProjectSecret)); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters