Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-28 13:15:12 +01:00
Code Issues Projects Releases Wiki Activity

SM-655: Add Authorizations and Tests for the SM Porting Controller (#2802)

Browse Source 
* SM-655: Add Authorize attribute for secrets on the SM Porting Controller

* SM-655: Add access secrets manager check to SM Import and Export

* SM-655: Add tests for export and import endpoints
This commit is contained in:
Colton Hurst 2023-03-15 11:51:01 -04:00 committed by GitHub
parent 388caa28f8
commit 1dc9aad1f1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 83 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/Api/SecretsManager/Controllers/SecretsManagerPortingController.cs
View File

@ -6,11 +6,13 @@ using Bit.Core.Exceptions;
using Bit.Core.SecretsManager.Commands.Porting.Interfaces; using Bit.Core.SecretsManager.Commands.Porting.Interfaces;
using Bit.Core.SecretsManager.Repositories; using Bit.Core.SecretsManager.Repositories;
using Bit.Core.Services; using Bit.Core.Services;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
namespace Bit.Api.SecretsManager.Controllers; namespace Bit.Api.SecretsManager.Controllers;
[SecretsManager] [SecretsManager]
[Authorize("secrets")]
public class SecretsManagerPortingController : Controller public class SecretsManagerPortingController : Controller
{ {
private readonly ISecretRepository _secretRepository; private readonly ISecretRepository _secretRepository;
@ -31,7 +33,7 @@ public class SecretsManagerPortingController : Controller
[HttpGet("sm/{organizationId}/export")] [HttpGet("sm/{organizationId}/export")]
public async Task<SMExportResponseModel> Export([FromRoute] Guid organizationId, [FromRoute] string format = "json") public async Task<SMExportResponseModel> Export([FromRoute] Guid organizationId, [FromRoute] string format = "json")
{ {
if (!await _currentContext.OrganizationAdmin(organizationId)) if (!await _currentContext.OrganizationAdmin(organizationId) || !_currentContext.AccessSecretsManager(organizationId))
{ {
throw new NotFoundException(); throw new NotFoundException();
} }
@ -51,7 +53,7 @@ public class SecretsManagerPortingController : Controller
[HttpPost("sm/{organizationId}/import")] [HttpPost("sm/{organizationId}/import")]
public async Task Import([FromRoute] Guid organizationId, [FromBody] SMImportRequestModel importRequest) public async Task Import([FromRoute] Guid organizationId, [FromBody] SMImportRequestModel importRequest)
{ {
if (!await _currentContext.OrganizationAdmin(organizationId)) if (!await _currentContext.OrganizationAdmin(organizationId) || !_currentContext.AccessSecretsManager(organizationId))
{ {
throw new NotFoundException(); throw new NotFoundException();
} }

79
test/Api.IntegrationTest/SecretsManager/Controllers/SecretsManagerPortingControllerTest.cs Normal file
View File

@ -0,0 +1,79 @@
using System.Net;
using System.Net.Http.Headers;
using Bit.Api.IntegrationTest.Factories;
using Bit.Api.SecretsManager.Models.Request;
using Bit.Core.SecretsManager.Repositories;
using Xunit;
namespace Bit.Api.IntegrationTest.SecretsManager.Controllers;
public class SecretsManagerPortingControllerTest : IClassFixture<ApiApplicationFactory>, IAsyncLifetime
{
private readonly string _mockEncryptedString =
"2.3Uk+WNBIoU5xzmVFNcoWzz==|1MsPIYuRfdOHfu/0uY6H2Q==|/98sp4wb6pHP1VTZ9JcNCYgQjEUMFPlqJgCwRk1YXKg=";
private readonly HttpClient _client;
private readonly ApiApplicationFactory _factory;
private readonly IProjectRepository _projectRepository;
private readonly IAccessPolicyRepository _accessPolicyRepository;
private string _email = null!;
private SecretsManagerOrganizationHelper _organizationHelper = null!;
public SecretsManagerPortingControllerTest(ApiApplicationFactory factory)
{
_factory = factory;
_client = _factory.CreateClient();
_projectRepository = _factory.GetService<IProjectRepository>();
_accessPolicyRepository = _factory.GetService<IAccessPolicyRepository>();
}
public async Task InitializeAsync()
{
_email = $"integration-test{Guid.NewGuid()}@bitwarden.com";
await _factory.LoginWithNewAccount(_email);
_organizationHelper = new SecretsManagerOrganizationHelper(_factory, _email);
}
public Task DisposeAsync()
{
_client.Dispose();
return Task.CompletedTask;
}
private async Task LoginAsync(string email)
{
var tokens = await _factory.LoginAsync(email);
_client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token);
}
[Theory]
[InlineData(false, false)]
[InlineData(true, false)]
[InlineData(false, true)]
public async Task Import_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets);
await LoginAsync(_email);
var projectsList = new List<SMImportRequestModel.InnerProjectImportRequestModel>();
var secretsList = new List<SMImportRequestModel.InnerSecretImportRequestModel>();
var request = new SMImportRequestModel { Projects = projectsList, Secrets = secretsList };
var response = await _client.PostAsJsonAsync($"sm/{org.Id}/import", request);
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
}
[Theory]
[InlineData(false, false)]
[InlineData(true, false)]
[InlineData(false, true)]
public async Task Export_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets);
await LoginAsync(_email);
var response = await _client.GetAsync($"sm/{org.Id}/export");
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
}
}