admin/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2026-02-08 01:43:15 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
10faa9cde4f5b16e3db4d2a87e628aa2c6ccb708
server/test/Api.Test/AdminConsole/Authorization/Requirements/MemberRequirementTests.cs

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

50 lines
1.6 KiB
C#
Raw Normal View History

[PM-29555] Add self-revoke endpoint for declining organization data ownership policy (#6739) * Add OrganizationUser_SelfRevoked event type to EventType enum * Add SelfRevokeOrganizationUserCommand implementation and interface for user self-revocation from organizations * Add unit tests for SelfRevokeOrganizationUserCommand to validate user self-revocation logic, including success scenarios and various failure conditions. * Add ISelfRevokeOrganizationUserCommand registration to OrganizationServiceCollectionExtensions for user self-revocation functionality * Add self-revoke user functionality to OrganizationUsersController with new endpoint for user-initiated revocation * Add integration tests for self-revoke functionality in OrganizationUsersController, covering scenarios for eligible users, non-members, and users with owner/admin roles. * Add unit test for SelfRevokeOrganizationUserCommand to validate behavior when a user attempts to self-revoke without confirmation. This test checks for a BadRequestException with an appropriate message. * Add MemberRequirement class for organization membership authorization - Implemented MemberRequirement to check if a user is a member of the organization. - Added unit tests for MemberRequirement to validate authorization logic for different user types. * Update authorization requirement for self-revoke endpoint and add integration test for provider users - Changed authorization attribute from MemberOrProviderRequirement to MemberRequirement in the RevokeSelfAsync method. - Added a new integration test to verify that provider users who are not members receive a forbidden response when attempting to revoke themselves. * Add EligibleForSelfRevoke method to OrganizationDataOwnershipPolicyRequirement - Implemented the EligibleForSelfRevoke method to determine if a user can self-revoke their data ownership based on their membership status and policy state. - Added unit tests to validate the eligibility logic for confirmed, invited, and non-policy users, as well as for different organization IDs. * Refactor self-revoke user command to enhance eligibility checks - Updated the SelfRevokeOrganizationUserCommand to utilize policy requirements for determining user eligibility for self-revocation. - Implemented checks to prevent the last owner from revoking themselves, ensuring organizational integrity. - Modified unit tests to reflect changes in eligibility logic and added scenarios for confirmed owners and admins. - Removed deprecated policy checks and streamlined the command's dependencies. * Use CommandResult pattern in self-revoke command * Clearer documentation
2026-01-06 11:25:14 +00:00
using Bit.Api.AdminConsole.Authorization.Requirements;
using Bit.Core.Context;
using Bit.Core.Enums;
using Bit.Core.Test.AdminConsole.AutoFixture;
using Bit.Test.Common.AutoFixture;
using Bit.Test.Common.AutoFixture.Attributes;
using Xunit;
namespace Bit.Api.Test.AdminConsole.Authorization.Requirements;
[SutProviderCustomize]
public class MemberRequirementTests
{
[Theory]
[CurrentContextOrganizationCustomize]
[BitAutoData(OrganizationUserType.Owner)]
[BitAutoData(OrganizationUserType.Admin)]
[BitAutoData(OrganizationUserType.User)]
[BitAutoData(OrganizationUserType.Custom)]
public async Task AuthorizeAsync_WhenUserIsOrganizationMember_ThenRequestShouldBeAuthorized(
OrganizationUserType type,
CurrentContextOrganization organization,
SutProvider<MemberRequirement> sutProvider)
{
organization.Type = type;
var actual = await sutProvider.Sut.AuthorizeAsync(organization, () => Task.FromResult(false));
Assert.True(actual);
}
[Theory, BitAutoData]
public async Task AuthorizeAsync_WhenUserIsNotOrganizationMember_ThenRequestShouldBeDenied(
SutProvider<MemberRequirement> sutProvider)
{
var actual = await sutProvider.Sut.AuthorizeAsync(null, () => Task.FromResult(false));
Assert.False(actual);
}
[Theory, BitAutoData]
public async Task AuthorizeAsync_WhenUserIsProviderButNotMember_ThenRequestShouldBeDenied(
SutProvider<MemberRequirement> sutProvider)
{
var actual = await sutProvider.Sut.AuthorizeAsync(null, () => Task.FromResult(true));
Assert.False(actual);
}
}
Reference in New Issue Copy Permalink