mirror of
https://github.com/bitwarden/server.git
synced 2024-11-25 12:45:18 +01:00
Add in integration tests (#2806)
This commit is contained in:
parent
5616cd5403
commit
56d3c3a5d1
@ -5,7 +5,9 @@ namespace Bit.Api.SecretsManager.Models.Response;
|
||||
|
||||
public class AccessTokenResponseModel : ResponseModel
|
||||
{
|
||||
public AccessTokenResponseModel(ApiKey apiKey, string obj = "accessToken")
|
||||
private const string _objectName = "accessToken";
|
||||
|
||||
public AccessTokenResponseModel(ApiKey apiKey, string obj = _objectName)
|
||||
: base(obj)
|
||||
{
|
||||
Id = apiKey.Id;
|
||||
@ -17,6 +19,10 @@ public class AccessTokenResponseModel : ResponseModel
|
||||
RevisionDate = apiKey.RevisionDate;
|
||||
}
|
||||
|
||||
public AccessTokenResponseModel() : base(_objectName)
|
||||
{
|
||||
}
|
||||
|
||||
public Guid Id { get; set; }
|
||||
public string Name { get; set; }
|
||||
public ICollection<string> Scopes { get; set; }
|
||||
|
@ -331,6 +331,108 @@ public class SecretsControllerTest : IClassFixture<ApiApplicationFactory>, IAsyn
|
||||
Assert.Equal(secret.CreationDate, result.CreationDate);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[InlineData(false, false)]
|
||||
[InlineData(true, false)]
|
||||
[InlineData(false, true)]
|
||||
public async Task GetSecretsByProject_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets)
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets);
|
||||
await LoginAsync(_email);
|
||||
|
||||
var project = await _projectRepository.CreateAsync(new Project
|
||||
{
|
||||
OrganizationId = org.Id,
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
|
||||
var response = await _client.GetAsync($"/projects/{project.Id}/secrets");
|
||||
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task GetSecretsByProject_UserWithNoPermission_EmptyList()
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(true, true);
|
||||
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
|
||||
await LoginAsync(email);
|
||||
|
||||
var project = await _projectRepository.CreateAsync(new Project()
|
||||
{
|
||||
Id = new Guid(),
|
||||
OrganizationId = org.Id,
|
||||
Name = _mockEncryptedString
|
||||
});
|
||||
|
||||
var secret = await _secretRepository.CreateAsync(new Secret
|
||||
{
|
||||
OrganizationId = org.Id,
|
||||
Key = _mockEncryptedString,
|
||||
Value = _mockEncryptedString,
|
||||
Note = _mockEncryptedString,
|
||||
Projects = new List<Project> { project },
|
||||
});
|
||||
|
||||
var response = await _client.GetAsync($"/projects/{project.Id}/secrets");
|
||||
response.EnsureSuccessStatusCode();
|
||||
var result = await response.Content.ReadFromJsonAsync<SecretWithProjectsListResponseModel>();
|
||||
Assert.NotNull(result);
|
||||
Assert.Empty(result!.Secrets);
|
||||
Assert.Empty(result!.Projects);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[InlineData(PermissionType.RunAsAdmin)]
|
||||
[InlineData(PermissionType.RunAsUserWithPermission)]
|
||||
public async Task GetSecretsByProject_Success(PermissionType permissionType)
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(true, true);
|
||||
await LoginAsync(_email);
|
||||
|
||||
var project = await _projectRepository.CreateAsync(new Project()
|
||||
{
|
||||
Id = new Guid(),
|
||||
OrganizationId = org.Id,
|
||||
Name = _mockEncryptedString
|
||||
});
|
||||
|
||||
if (permissionType == PermissionType.RunAsUserWithPermission)
|
||||
{
|
||||
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
|
||||
await LoginAsync(email);
|
||||
|
||||
var accessPolicies = new List<BaseAccessPolicy>
|
||||
{
|
||||
new UserProjectAccessPolicy
|
||||
{
|
||||
GrantedProjectId = project.Id, OrganizationUserId = orgUser.Id, Read = true, Write = true,
|
||||
},
|
||||
};
|
||||
await _accessPolicyRepository.CreateManyAsync(accessPolicies);
|
||||
}
|
||||
|
||||
var secret = await _secretRepository.CreateAsync(new Secret
|
||||
{
|
||||
OrganizationId = org.Id,
|
||||
Key = _mockEncryptedString,
|
||||
Value = _mockEncryptedString,
|
||||
Note = _mockEncryptedString,
|
||||
Projects = new List<Project> { project },
|
||||
});
|
||||
|
||||
var response = await _client.GetAsync($"/projects/{project.Id}/secrets");
|
||||
response.EnsureSuccessStatusCode();
|
||||
var result = await response.Content.ReadFromJsonAsync<SecretWithProjectsListResponseModel>();
|
||||
Assert.NotEmpty(result!.Secrets);
|
||||
Assert.Equal(secret.Id.ToString(), result.Secrets.First().Id);
|
||||
Assert.Equal(secret.OrganizationId.ToString(), result.Secrets.First().OrganizationId);
|
||||
Assert.Equal(secret.Key, result.Secrets.First().Key);
|
||||
Assert.Equal(secret.CreationDate, result.Secrets.First().CreationDate);
|
||||
Assert.Equal(secret.RevisionDate, result.Secrets.First().RevisionDate);
|
||||
Assert.Equal(secret.Projects!.First().Id, result.Projects.First().Id);
|
||||
Assert.Equal(secret.Projects!.First().Name, result.Projects.First().Name);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[InlineData(false, false)]
|
||||
[InlineData(true, false)]
|
||||
|
@ -120,6 +120,83 @@ public class ServiceAccountsControllerTest : IClassFixture<ApiApplicationFactory
|
||||
Assert.Equal(2, result.Data.Count());
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[InlineData(false, false)]
|
||||
[InlineData(true, false)]
|
||||
[InlineData(false, true)]
|
||||
public async Task GetByServiceAccountId_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets)
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets);
|
||||
await LoginAsync(_email);
|
||||
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
OrganizationId = org.Id,
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
|
||||
var response = await _client.GetAsync($"/service-accounts/{serviceAccount.Id}");
|
||||
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task GetByServiceAccountId_UserWithoutPermission_NotFound()
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(true, true);
|
||||
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
|
||||
await LoginAsync(email);
|
||||
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
OrganizationId = org.Id,
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
|
||||
var response = await _client.GetAsync($"/service-accounts/{serviceAccount.Id}");
|
||||
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[InlineData(PermissionType.RunAsAdmin)]
|
||||
[InlineData(PermissionType.RunAsUserWithPermission)]
|
||||
public async Task GetByServiceAccountId_Success(PermissionType permissionType)
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(true, true);
|
||||
await LoginAsync(_email);
|
||||
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
OrganizationId = org.Id,
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
|
||||
if (permissionType == PermissionType.RunAsUserWithPermission)
|
||||
{
|
||||
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
|
||||
await LoginAsync(email);
|
||||
|
||||
await _accessPolicyRepository.CreateManyAsync(new List<BaseAccessPolicy> {
|
||||
new UserServiceAccountAccessPolicy
|
||||
{
|
||||
GrantedServiceAccountId = serviceAccount.Id,
|
||||
OrganizationUserId = orgUser.Id,
|
||||
Write = true,
|
||||
Read = true,
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
var response = await _client.GetAsync($"/service-accounts/{serviceAccount.Id}");
|
||||
response.EnsureSuccessStatusCode();
|
||||
var result = await response.Content.ReadFromJsonAsync<ServiceAccountResponseModel>();
|
||||
Assert.NotNull(result);
|
||||
Assert.Equal(serviceAccount.Id.ToString(), result!.Id);
|
||||
Assert.Equal(serviceAccount.OrganizationId.ToString(), result.OrganizationId);
|
||||
Assert.Equal(serviceAccount.Name, result.Name);
|
||||
Assert.Equal(serviceAccount.CreationDate, result.CreationDate);
|
||||
Assert.Equal(serviceAccount.RevisionDate, result.RevisionDate);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[InlineData(false, false)]
|
||||
[InlineData(true, false)]
|
||||
@ -361,6 +438,99 @@ public class ServiceAccountsControllerTest : IClassFixture<ApiApplicationFactory
|
||||
Assert.Empty(sa);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[InlineData(false, false)]
|
||||
[InlineData(true, false)]
|
||||
[InlineData(false, true)]
|
||||
public async Task GetAccessTokens_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets)
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets);
|
||||
await LoginAsync(_email);
|
||||
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
OrganizationId = org.Id,
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
|
||||
var response = await _client.GetAsync($"/service-accounts/{serviceAccount.Id}/access-tokens");
|
||||
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task GetAccessTokens_UserNoPermission_NotFound()
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(true, true);
|
||||
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
|
||||
await LoginAsync(email);
|
||||
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
OrganizationId = org.Id,
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
|
||||
await _apiKeyRepository.CreateAsync(new ApiKey
|
||||
{
|
||||
ServiceAccountId = serviceAccount.Id,
|
||||
Name = _mockEncryptedString,
|
||||
ExpireAt = DateTime.UtcNow.AddDays(30),
|
||||
});
|
||||
|
||||
var response = await _client.GetAsync($"/service-accounts/{serviceAccount.Id}/access-tokens");
|
||||
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[InlineData(PermissionType.RunAsAdmin)]
|
||||
[InlineData(PermissionType.RunAsUserWithPermission)]
|
||||
public async Task GetAccessTokens_Success(PermissionType permissionType)
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(true, true);
|
||||
await LoginAsync(_email);
|
||||
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
OrganizationId = org.Id,
|
||||
Name = _mockEncryptedString,
|
||||
});
|
||||
|
||||
if (permissionType == PermissionType.RunAsUserWithPermission)
|
||||
{
|
||||
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
|
||||
await LoginAsync(email);
|
||||
|
||||
await _accessPolicyRepository.CreateManyAsync(new List<BaseAccessPolicy> {
|
||||
new UserServiceAccountAccessPolicy
|
||||
{
|
||||
GrantedServiceAccountId = serviceAccount.Id,
|
||||
OrganizationUserId = orgUser.Id,
|
||||
Write = true,
|
||||
Read = true,
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
var accessToken = await _apiKeyRepository.CreateAsync(new ApiKey
|
||||
{
|
||||
ServiceAccountId = serviceAccount.Id,
|
||||
Name = _mockEncryptedString,
|
||||
ExpireAt = DateTime.UtcNow.AddDays(30),
|
||||
});
|
||||
|
||||
|
||||
var response = await _client.GetAsync($"/service-accounts/{serviceAccount.Id}/access-tokens");
|
||||
response.EnsureSuccessStatusCode();
|
||||
var results = await response.Content.ReadFromJsonAsync<ListResponseModel<AccessTokenResponseModel>>();
|
||||
Assert.NotEmpty(results!.Data);
|
||||
Assert.Equal(accessToken.Id, results.Data.First().Id);
|
||||
Assert.Equal(accessToken.Name, results.Data.First().Name);
|
||||
Assert.Equal(accessToken.GetScopes(), results.Data.First().Scopes);
|
||||
Assert.Equal(accessToken.ExpireAt, results.Data.First().ExpireAt);
|
||||
Assert.Equal(accessToken.CreationDate, results.Data.First().CreationDate);
|
||||
Assert.Equal(accessToken.RevisionDate, results.Data.First().RevisionDate);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[InlineData(false, false)]
|
||||
[InlineData(true, false)]
|
||||
@ -626,7 +796,7 @@ public class ServiceAccountsControllerTest : IClassFixture<ApiApplicationFactory
|
||||
|
||||
var accessToken = await _apiKeyRepository.CreateAsync(new ApiKey
|
||||
{
|
||||
ServiceAccountId = org.Id,
|
||||
ServiceAccountId = serviceAccount.Id,
|
||||
Name = _mockEncryptedString,
|
||||
ExpireAt = DateTime.UtcNow.AddDays(30),
|
||||
});
|
||||
|
Loading…
Reference in New Issue
Block a user