Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-02-18 02:11:22 +01:00
Code Issues Projects Releases Wiki Activity

Do not use ApplicationCache when saving OrgUser (#3885)

Browse Source 
* Do not use ApplicationCache when saving OrgUser

* dotnet format
This commit is contained in:
Thomas Rittson 2024-03-11 21:01:56 +10:00 committed by GitHub
parent f432c18ab5
commit 1a3c1aeb0c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 20 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/Core/AdminConsole/Services/Implementations/OrganizationService.cs
View File

@ -1421,18 +1421,18 @@ public class OrganizationService : IOrganizationService
} }
// If the organization is using Flexible Collections, prevent use of any deprecated permissions // If the organization is using Flexible Collections, prevent use of any deprecated permissions
var organizationAbility = await _applicationCacheService.GetOrganizationAbilityAsync(user.OrganizationId); var organization = await _organizationRepository.GetByIdAsync(user.OrganizationId);
if (organizationAbility?.FlexibleCollections == true && user.Type == OrganizationUserType.Manager) if (organization.FlexibleCollections && user.Type == OrganizationUserType.Manager)
{ {
throw new BadRequestException("The Manager role has been deprecated by collection enhancements. Use the collection Can Manage permission instead."); throw new BadRequestException("The Manager role has been deprecated by collection enhancements. Use the collection Can Manage permission instead.");
} }
if (organizationAbility?.FlexibleCollections == true && user.AccessAll) if (organization.FlexibleCollections && user.AccessAll)
{ {
throw new BadRequestException("The AccessAll property has been deprecated by collection enhancements. Assign the user to collections instead."); throw new BadRequestException("The AccessAll property has been deprecated by collection enhancements. Assign the user to collections instead.");
} }
if (organizationAbility?.FlexibleCollections == true && collections?.Any() == true) if (organization.FlexibleCollections && collections?.Any() == true)
{ {
var invalidAssociations = collections.Where(cas => cas.Manage && (cas.ReadOnly || cas.HidePasswords)); var invalidAssociations = collections.Where(cas => cas.Manage && (cas.ReadOnly || cas.HidePasswords));
if (invalidAssociations.Any()) if (invalidAssociations.Any())
@ -1449,7 +1449,6 @@ public class OrganizationService : IOrganizationService
var additionalSmSeatsRequired = await _countNewSmSeatsRequiredQuery.CountNewSmSeatsRequiredAsync(user.OrganizationId, 1); var additionalSmSeatsRequired = await _countNewSmSeatsRequiredQuery.CountNewSmSeatsRequiredAsync(user.OrganizationId, 1);
if (additionalSmSeatsRequired > 0) if (additionalSmSeatsRequired > 0)
{ {
var organization = await _organizationRepository.GetByIdAsync(user.OrganizationId);
var update = new SecretsManagerSubscriptionUpdate(organization, true) var update = new SecretsManagerSubscriptionUpdate(organization, true)
.AdjustSeats(additionalSmSeatsRequired); .AdjustSeats(additionalSmSeatsRequired);
await _updateSecretsManagerSubscriptionCommand.UpdateSubscriptionAsync(update); await _updateSecretsManagerSubscriptionCommand.UpdateSubscriptionAsync(update);

33
test/Core.Test/AdminConsole/Services/OrganizationServiceTests.cs
View File

@ -15,7 +15,6 @@ using Bit.Core.Enums;
using Bit.Core.Exceptions; using Bit.Core.Exceptions;
using Bit.Core.Models.Business; using Bit.Core.Models.Business;
using Bit.Core.Models.Data; using Bit.Core.Models.Data;
using Bit.Core.Models.Data.Organizations;
using Bit.Core.Models.Data.Organizations.OrganizationUsers; using Bit.Core.Models.Data.Organizations.OrganizationUsers;
using Bit.Core.Models.Mail; using Bit.Core.Models.Mail;
using Bit.Core.Models.StaticStore; using Bit.Core.Models.StaticStore;
@ -1371,7 +1370,7 @@ OrganizationUserInvite invite, SutProvider<OrganizationService> sutProvider)
[Theory, BitAutoData] [Theory, BitAutoData]
public async Task SaveUser_WithFlexibleCollections_WhenUpgradingToManager_Throws( public async Task SaveUser_WithFlexibleCollections_WhenUpgradingToManager_Throws(
OrganizationAbility organizationAbility, Organization organization,
[OrganizationUser(type: OrganizationUserType.User)] OrganizationUser oldUserData, [OrganizationUser(type: OrganizationUserType.User)] OrganizationUser oldUserData,
[OrganizationUser(type: OrganizationUserType.Manager)] OrganizationUser newUserData, [OrganizationUser(type: OrganizationUserType.Manager)] OrganizationUser newUserData,
[OrganizationUser(type: OrganizationUserType.Owner, status: OrganizationUserStatusType.Confirmed)] OrganizationUser savingUser, [OrganizationUser(type: OrganizationUserType.Owner, status: OrganizationUserStatusType.Confirmed)] OrganizationUser savingUser,
@ -1379,18 +1378,18 @@ OrganizationUserInvite invite, SutProvider<OrganizationService> sutProvider)
IEnumerable<Guid> groups, IEnumerable<Guid> groups,
SutProvider<OrganizationService> sutProvider) SutProvider<OrganizationService> sutProvider)
{ {
organizationAbility.FlexibleCollections = true; organization.FlexibleCollections = true;
newUserData.Id = oldUserData.Id; newUserData.Id = oldUserData.Id;
newUserData.UserId = oldUserData.UserId; newUserData.UserId = oldUserData.UserId;
newUserData.OrganizationId = oldUserData.OrganizationId = savingUser.OrganizationId = organizationAbility.Id; newUserData.OrganizationId = oldUserData.OrganizationId = savingUser.OrganizationId = organization.Id;
newUserData.Permissions = CoreHelpers.ClassToJsonData(new Permissions()); newUserData.Permissions = CoreHelpers.ClassToJsonData(new Permissions());
sutProvider.GetDependency<IApplicationCacheService>() sutProvider.GetDependency<IOrganizationRepository>()
.GetOrganizationAbilityAsync(organizationAbility.Id) .GetByIdAsync(organization.Id)
.Returns(organizationAbility); .Returns(organization);
sutProvider.GetDependency<ICurrentContext>() sutProvider.GetDependency<ICurrentContext>()
.ManageUsers(organizationAbility.Id) .ManageUsers(organization.Id)
.Returns(true); .Returns(true);
sutProvider.GetDependency<IOrganizationUserRepository>() sutProvider.GetDependency<IOrganizationUserRepository>()
@ -1398,7 +1397,7 @@ OrganizationUserInvite invite, SutProvider<OrganizationService> sutProvider)
.Returns(oldUserData); .Returns(oldUserData);
sutProvider.GetDependency<IOrganizationUserRepository>() sutProvider.GetDependency<IOrganizationUserRepository>()
.GetManyByOrganizationAsync(organizationAbility.Id, OrganizationUserType.Owner) .GetManyByOrganizationAsync(organization.Id, OrganizationUserType.Owner)
.Returns(new List<OrganizationUser> { savingUser }); .Returns(new List<OrganizationUser> { savingUser });
var exception = await Assert.ThrowsAsync<BadRequestException>( var exception = await Assert.ThrowsAsync<BadRequestException>(
@ -1409,7 +1408,7 @@ OrganizationUserInvite invite, SutProvider<OrganizationService> sutProvider)
[Theory, BitAutoData] [Theory, BitAutoData]
public async Task SaveUser_WithFlexibleCollections_WithAccessAll_Throws( public async Task SaveUser_WithFlexibleCollections_WithAccessAll_Throws(
OrganizationAbility organizationAbility, Organization organization,
[OrganizationUser(type: OrganizationUserType.User)] OrganizationUser oldUserData, [OrganizationUser(type: OrganizationUserType.User)] OrganizationUser oldUserData,
[OrganizationUser(type: OrganizationUserType.User)] OrganizationUser newUserData, [OrganizationUser(type: OrganizationUserType.User)] OrganizationUser newUserData,
[OrganizationUser(type: OrganizationUserType.Owner, status: OrganizationUserStatusType.Confirmed)] OrganizationUser savingUser, [OrganizationUser(type: OrganizationUserType.Owner, status: OrganizationUserStatusType.Confirmed)] OrganizationUser savingUser,
@ -1417,19 +1416,19 @@ OrganizationUserInvite invite, SutProvider<OrganizationService> sutProvider)
IEnumerable<Guid> groups, IEnumerable<Guid> groups,
SutProvider<OrganizationService> sutProvider) SutProvider<OrganizationService> sutProvider)
{ {
organizationAbility.FlexibleCollections = true; organization.FlexibleCollections = true;
newUserData.Id = oldUserData.Id; newUserData.Id = oldUserData.Id;
newUserData.UserId = oldUserData.UserId; newUserData.UserId = oldUserData.UserId;
newUserData.OrganizationId = oldUserData.OrganizationId = savingUser.OrganizationId = organizationAbility.Id; newUserData.OrganizationId = oldUserData.OrganizationId = savingUser.OrganizationId = organization.Id;
newUserData.Permissions = CoreHelpers.ClassToJsonData(new Permissions()); newUserData.Permissions = CoreHelpers.ClassToJsonData(new Permissions());
newUserData.AccessAll = true; newUserData.AccessAll = true;
sutProvider.GetDependency<IApplicationCacheService>() sutProvider.GetDependency<IOrganizationRepository>()
.GetOrganizationAbilityAsync(organizationAbility.Id) .GetByIdAsync(organization.Id)
.Returns(organizationAbility); .Returns(organization);
sutProvider.GetDependency<ICurrentContext>() sutProvider.GetDependency<ICurrentContext>()
.ManageUsers(organizationAbility.Id) .ManageUsers(organization.Id)
.Returns(true); .Returns(true);
sutProvider.GetDependency<IOrganizationUserRepository>() sutProvider.GetDependency<IOrganizationUserRepository>()
@ -1437,7 +1436,7 @@ OrganizationUserInvite invite, SutProvider<OrganizationService> sutProvider)
.Returns(oldUserData); .Returns(oldUserData);
sutProvider.GetDependency<IOrganizationUserRepository>() sutProvider.GetDependency<IOrganizationUserRepository>()
.GetManyByOrganizationAsync(organizationAbility.Id, OrganizationUserType.Owner) .GetManyByOrganizationAsync(organization.Id, OrganizationUserType.Owner)
.Returns(new List<OrganizationUser> { savingUser }); .Returns(new List<OrganizationUser> { savingUser });
var exception = await Assert.ThrowsAsync<BadRequestException>( var exception = await Assert.ThrowsAsync<BadRequestException>(