mirror of
https://github.com/bitwarden/server.git
synced 2024-11-25 12:45:18 +01:00
[AC-1145] Add trusted devices option to SSO Config Data (#2909)
* [AC-1145] Add TDE feature flag * [AC-1145] Update .gitignore to ignore flags.json in the Api project * [AC-1145] Introduce MemberDecryptionType property on SsoConfigurationData * [AC-1145] Add MemberDecryptionType to the SsoConfigurationDataRequest model * [AC-1145] Automatically enable password reset policy on TDE selection * [AC-1145] Remove references to obsolete KeyConnectorEnabled field * [AC-1145] Formatting * [AC-1145] Update XML doc reference to MemberDecryptionType
This commit is contained in:
parent
5a850f48e2
commit
620a7e0a8d
1
.gitignore
vendored
1
.gitignore
vendored
@ -225,3 +225,4 @@ src/Identity/Identity.zip
|
||||
src/Notifications/Notifications.zip
|
||||
bitwarden_license/src/Portal/Portal.zip
|
||||
bitwarden_license/src/Sso/Sso.zip
|
||||
src/Api/flags.json
|
||||
|
@ -41,8 +41,14 @@ public class SsoConfigurationDataRequest : IValidatableObject
|
||||
|
||||
[Required]
|
||||
public SsoType ConfigType { get; set; }
|
||||
public MemberDecryptionType MemberDecryptionType { get; set; }
|
||||
|
||||
public bool KeyConnectorEnabled { get; set; }
|
||||
[Obsolete("Use MemberDecryptionType instead")]
|
||||
public bool KeyConnectorEnabled
|
||||
{
|
||||
// Setter is kept for backwards compatibility with older clients that still use this property.
|
||||
set { MemberDecryptionType = value ? MemberDecryptionType.KeyConnector : MemberDecryptionType.MasterPassword; }
|
||||
}
|
||||
public string KeyConnectorUrl { get; set; }
|
||||
|
||||
// OIDC
|
||||
@ -166,7 +172,7 @@ public class SsoConfigurationDataRequest : IValidatableObject
|
||||
return new SsoConfigurationData
|
||||
{
|
||||
ConfigType = ConfigType,
|
||||
KeyConnectorEnabled = KeyConnectorEnabled,
|
||||
MemberDecryptionType = MemberDecryptionType,
|
||||
KeyConnectorUrl = KeyConnectorUrl,
|
||||
Authority = Authority,
|
||||
ClientId = ClientId,
|
||||
|
@ -8,6 +8,8 @@ using Bit.Api.Models.Request.Organizations;
|
||||
using Bit.Api.Models.Response;
|
||||
using Bit.Api.Models.Response.Organizations;
|
||||
using Bit.Api.SecretsManager;
|
||||
using Bit.Core;
|
||||
using Bit.Core.Auth.Enums;
|
||||
using Bit.Core.Auth.Repositories;
|
||||
using Bit.Core.Auth.Services;
|
||||
using Bit.Core.Context;
|
||||
@ -46,6 +48,7 @@ public class OrganizationsController : Controller
|
||||
private readonly IOrganizationApiKeyRepository _organizationApiKeyRepository;
|
||||
private readonly IUpdateOrganizationLicenseCommand _updateOrganizationLicenseCommand;
|
||||
private readonly ICloudGetOrganizationLicenseQuery _cloudGetOrganizationLicenseQuery;
|
||||
private readonly IFeatureService _featureService;
|
||||
private readonly GlobalSettings _globalSettings;
|
||||
|
||||
public OrganizationsController(
|
||||
@ -65,6 +68,7 @@ public class OrganizationsController : Controller
|
||||
IOrganizationApiKeyRepository organizationApiKeyRepository,
|
||||
IUpdateOrganizationLicenseCommand updateOrganizationLicenseCommand,
|
||||
ICloudGetOrganizationLicenseQuery cloudGetOrganizationLicenseQuery,
|
||||
IFeatureService featureService,
|
||||
GlobalSettings globalSettings)
|
||||
{
|
||||
_organizationRepository = organizationRepository;
|
||||
@ -83,6 +87,7 @@ public class OrganizationsController : Controller
|
||||
_organizationApiKeyRepository = organizationApiKeyRepository;
|
||||
_updateOrganizationLicenseCommand = updateOrganizationLicenseCommand;
|
||||
_cloudGetOrganizationLicenseQuery = cloudGetOrganizationLicenseQuery;
|
||||
_featureService = featureService;
|
||||
_globalSettings = globalSettings;
|
||||
}
|
||||
|
||||
@ -391,8 +396,7 @@ public class OrganizationsController : Controller
|
||||
var user = await _userService.GetUserByPrincipalAsync(User);
|
||||
|
||||
var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(orgGuidId);
|
||||
if (ssoConfig?.GetData()?.KeyConnectorEnabled == true &&
|
||||
user.UsesKeyConnector)
|
||||
if (ssoConfig?.GetData()?.MemberDecryptionType == MemberDecryptionType.KeyConnector && user.UsesKeyConnector)
|
||||
{
|
||||
throw new BadRequestException("Your organization's Single Sign-On settings prevent you from leaving.");
|
||||
}
|
||||
@ -678,6 +682,12 @@ public class OrganizationsController : Controller
|
||||
throw new NotFoundException();
|
||||
}
|
||||
|
||||
if (model.Data.MemberDecryptionType == MemberDecryptionType.TrustedDeviceEncryption &&
|
||||
!_featureService.IsEnabled(FeatureFlagKeys.TrustedDeviceEncryption, _currentContext))
|
||||
{
|
||||
throw new BadRequestException(nameof(model.Data.MemberDecryptionType), "Invalid member decryption type.");
|
||||
}
|
||||
|
||||
var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(id);
|
||||
ssoConfig = ssoConfig == null ? model.ToSsoConfig(id) : model.ToSsoConfig(ssoConfig);
|
||||
organization.Identifier = model.Identifier;
|
||||
|
@ -1,4 +1,5 @@
|
||||
using Bit.Core.Auth.Models.Data;
|
||||
using Bit.Core.Auth.Enums;
|
||||
using Bit.Core.Auth.Models.Data;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Enums.Provider;
|
||||
using Bit.Core.Models.Api;
|
||||
@ -62,7 +63,7 @@ public class ProfileOrganizationResponseModel : ResponseModel
|
||||
if (organization.SsoConfig != null)
|
||||
{
|
||||
var ssoConfigData = SsoConfigurationData.Deserialize(organization.SsoConfig);
|
||||
KeyConnectorEnabled = ssoConfigData.KeyConnectorEnabled && !string.IsNullOrEmpty(ssoConfigData.KeyConnectorUrl);
|
||||
KeyConnectorEnabled = ssoConfigData.MemberDecryptionType == MemberDecryptionType.KeyConnector && !string.IsNullOrEmpty(ssoConfigData.KeyConnectorUrl);
|
||||
KeyConnectorUrl = ssoConfigData.KeyConnectorUrl;
|
||||
}
|
||||
}
|
||||
|
8
src/Core/Auth/Enums/MemberDecryptionType.cs
Normal file
8
src/Core/Auth/Enums/MemberDecryptionType.cs
Normal file
@ -0,0 +1,8 @@
|
||||
namespace Bit.Core.Auth.Enums;
|
||||
|
||||
public enum MemberDecryptionType
|
||||
{
|
||||
MasterPassword = 0,
|
||||
KeyConnector = 1,
|
||||
TrustedDeviceEncryption = 2
|
||||
}
|
@ -22,7 +22,25 @@ public class SsoConfigurationData
|
||||
|
||||
public SsoType ConfigType { get; set; }
|
||||
|
||||
public bool KeyConnectorEnabled { get; set; }
|
||||
public MemberDecryptionType MemberDecryptionType { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Legacy property to determine if KeyConnector was enabled.
|
||||
/// Kept for backwards compatibility with old configs that will not have
|
||||
/// the new <see cref="MemberDecryptionType"/> when deserialized from the database.
|
||||
/// </summary>
|
||||
[Obsolete("Use MemberDecryptionType instead")]
|
||||
public bool KeyConnectorEnabled
|
||||
{
|
||||
get => MemberDecryptionType == MemberDecryptionType.KeyConnector;
|
||||
set
|
||||
{
|
||||
if (value)
|
||||
{
|
||||
MemberDecryptionType = MemberDecryptionType.KeyConnector;
|
||||
}
|
||||
}
|
||||
}
|
||||
public string KeyConnectorUrl { get; set; }
|
||||
|
||||
// OIDC
|
||||
|
@ -1,8 +1,10 @@
|
||||
using Bit.Core.Auth.Entities;
|
||||
using Bit.Core.Auth.Enums;
|
||||
using Bit.Core.Auth.Repositories;
|
||||
using Bit.Core.Entities;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Exceptions;
|
||||
using Bit.Core.Models.Data.Organizations.Policies;
|
||||
using Bit.Core.Repositories;
|
||||
using Bit.Core.Services;
|
||||
|
||||
@ -12,21 +14,30 @@ public class SsoConfigService : ISsoConfigService
|
||||
{
|
||||
private readonly ISsoConfigRepository _ssoConfigRepository;
|
||||
private readonly IPolicyRepository _policyRepository;
|
||||
private readonly IPolicyService _policyService;
|
||||
private readonly IOrganizationRepository _organizationRepository;
|
||||
private readonly IOrganizationUserRepository _organizationUserRepository;
|
||||
private readonly IUserService _userService;
|
||||
private readonly IOrganizationService _organizationService;
|
||||
private readonly IEventService _eventService;
|
||||
|
||||
public SsoConfigService(
|
||||
ISsoConfigRepository ssoConfigRepository,
|
||||
IPolicyRepository policyRepository,
|
||||
IPolicyService policyService,
|
||||
IOrganizationRepository organizationRepository,
|
||||
IOrganizationUserRepository organizationUserRepository,
|
||||
IUserService userService,
|
||||
IOrganizationService organizationService,
|
||||
IEventService eventService)
|
||||
{
|
||||
_ssoConfigRepository = ssoConfigRepository;
|
||||
_policyRepository = policyRepository;
|
||||
_policyService = policyService;
|
||||
_organizationRepository = organizationRepository;
|
||||
_organizationUserRepository = organizationUserRepository;
|
||||
_userService = userService;
|
||||
_organizationService = organizationService;
|
||||
_eventService = eventService;
|
||||
}
|
||||
|
||||
@ -39,19 +50,31 @@ public class SsoConfigService : ISsoConfigService
|
||||
config.CreationDate = now;
|
||||
}
|
||||
|
||||
var useKeyConnector = config.GetData().KeyConnectorEnabled;
|
||||
var useKeyConnector = config.GetData().MemberDecryptionType == MemberDecryptionType.KeyConnector;
|
||||
if (useKeyConnector)
|
||||
{
|
||||
await VerifyDependenciesAsync(config, organization);
|
||||
}
|
||||
|
||||
var oldConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(config.OrganizationId);
|
||||
var disabledKeyConnector = oldConfig?.GetData()?.KeyConnectorEnabled == true && !useKeyConnector;
|
||||
var disabledKeyConnector = oldConfig?.GetData()?.MemberDecryptionType == MemberDecryptionType.KeyConnector && !useKeyConnector;
|
||||
if (disabledKeyConnector && await AnyOrgUserHasKeyConnectorEnabledAsync(config.OrganizationId))
|
||||
{
|
||||
throw new BadRequestException("Key Connector cannot be disabled at this moment.");
|
||||
}
|
||||
|
||||
// Automatically enable reset password policy if trusted device encryption is selected
|
||||
if (config.GetData().MemberDecryptionType == MemberDecryptionType.TrustedDeviceEncryption)
|
||||
{
|
||||
var resetPolicy = await _policyRepository.GetByOrganizationIdTypeAsync(config.OrganizationId, PolicyType.ResetPassword) ??
|
||||
new Policy { OrganizationId = config.OrganizationId, Type = PolicyType.ResetPassword, };
|
||||
|
||||
resetPolicy.Enabled = true;
|
||||
resetPolicy.SetDataModel(new ResetPasswordDataModel { AutoEnrollEnabled = true });
|
||||
|
||||
await _policyService.SaveAsync(resetPolicy, _userService, _organizationService, null);
|
||||
}
|
||||
|
||||
await LogEventsAsync(config, oldConfig);
|
||||
await _ssoConfigRepository.UpsertAsync(config);
|
||||
}
|
||||
@ -97,8 +120,9 @@ public class SsoConfigService : ISsoConfigService
|
||||
await _eventService.LogOrganizationEventAsync(organization, e);
|
||||
}
|
||||
|
||||
var keyConnectorEnabled = config.GetData().KeyConnectorEnabled;
|
||||
if (oldConfig?.GetData()?.KeyConnectorEnabled != keyConnectorEnabled)
|
||||
var keyConnectorEnabled = config.GetData().MemberDecryptionType == MemberDecryptionType.KeyConnector;
|
||||
var oldKeyConnectorEnabled = oldConfig?.GetData()?.MemberDecryptionType == MemberDecryptionType.KeyConnector;
|
||||
if (oldKeyConnectorEnabled != keyConnectorEnabled)
|
||||
{
|
||||
var e = keyConnectorEnabled
|
||||
? EventType.Organization_EnabledKeyConnector
|
||||
|
@ -30,6 +30,7 @@ public static class FeatureFlagKeys
|
||||
public const string SecretsManager = "secrets-manager";
|
||||
public const string DisplayEuEnvironment = "display-eu-environment";
|
||||
public const string DisplayLowKdfIterationWarning = "display-kdf-iteration-warning";
|
||||
public const string TrustedDeviceEncryption = "trusted-device-encryption";
|
||||
|
||||
public static List<string> GetAllKeys()
|
||||
{
|
||||
|
@ -1,5 +1,6 @@
|
||||
using Bit.Core.AdminConsole.Models.OrganizationConnectionConfigs;
|
||||
using Bit.Core.Auth.Entities;
|
||||
using Bit.Core.Auth.Enums;
|
||||
using Bit.Core.Entities;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Models.Business;
|
||||
@ -56,7 +57,7 @@ public class SelfHostedOrganizationDetails : Organization
|
||||
}
|
||||
|
||||
if (!license.UseKeyConnector && UseKeyConnector && SsoConfig?.Data != null &&
|
||||
SsoConfig.GetData().KeyConnectorEnabled)
|
||||
SsoConfig.GetData().MemberDecryptionType == MemberDecryptionType.KeyConnector)
|
||||
{
|
||||
exception = $"Your organization currently has Key Connector enabled. " +
|
||||
$"Your new license does not allow for the use of Key Connector. Disable your Key Connector.";
|
||||
|
@ -262,7 +262,7 @@ public class OrganizationService : IOrganizationService
|
||||
if (!newPlan.HasKeyConnector && organization.UseKeyConnector)
|
||||
{
|
||||
var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(organization.Id);
|
||||
if (ssoConfig != null && ssoConfig.GetData().KeyConnectorEnabled)
|
||||
if (ssoConfig != null && ssoConfig.GetData().MemberDecryptionType == MemberDecryptionType.KeyConnector)
|
||||
{
|
||||
throw new BadRequestException("Your new plan does not allow the Key Connector feature. " +
|
||||
"Disable your Key Connector.");
|
||||
@ -2153,7 +2153,7 @@ public class OrganizationService : IOrganizationService
|
||||
private async Task ValidateDeleteOrganizationAsync(Organization organization)
|
||||
{
|
||||
var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(organization.Id);
|
||||
if (ssoConfig?.GetData()?.KeyConnectorEnabled == true)
|
||||
if (ssoConfig?.GetData()?.MemberDecryptionType == MemberDecryptionType.KeyConnector)
|
||||
{
|
||||
throw new BadRequestException("You cannot delete an Organization that is using Key Connector.");
|
||||
}
|
||||
|
@ -1,4 +1,5 @@
|
||||
using Bit.Core.Auth.Repositories;
|
||||
using Bit.Core.Auth.Enums;
|
||||
using Bit.Core.Auth.Repositories;
|
||||
using Bit.Core.Entities;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Exceptions;
|
||||
@ -185,7 +186,7 @@ public class PolicyService : IPolicyService
|
||||
{
|
||||
|
||||
var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(org.Id);
|
||||
if (ssoConfig?.GetData()?.KeyConnectorEnabled == true)
|
||||
if (ssoConfig?.GetData()?.MemberDecryptionType == MemberDecryptionType.KeyConnector)
|
||||
{
|
||||
throw new BadRequestException("Key Connector is enabled.");
|
||||
}
|
||||
|
@ -1,4 +1,5 @@
|
||||
using System.Security.Claims;
|
||||
using Bit.Core.Auth.Enums;
|
||||
using Bit.Core.Auth.Identity;
|
||||
using Bit.Core.Auth.Models.Business.Tokenables;
|
||||
using Bit.Core.Auth.Repositories;
|
||||
@ -129,7 +130,7 @@ public class CustomTokenRequestValidator : BaseRequestValidator<CustomTokenReque
|
||||
var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(organizationId);
|
||||
var ssoConfigData = ssoConfig.GetData();
|
||||
|
||||
if (ssoConfigData is { KeyConnectorEnabled: true } && !string.IsNullOrEmpty(ssoConfigData.KeyConnectorUrl))
|
||||
if (ssoConfigData is { MemberDecryptionType: MemberDecryptionType.KeyConnector } && !string.IsNullOrEmpty(ssoConfigData.KeyConnectorUrl))
|
||||
{
|
||||
context.Result.CustomResponse["KeyConnectorUrl"] = ssoConfigData.KeyConnectorUrl;
|
||||
// Prevent clients redirecting to set-password
|
||||
|
@ -2,6 +2,7 @@
|
||||
using AutoFixture.Xunit2;
|
||||
using Bit.Api.Controllers;
|
||||
using Bit.Core.Auth.Entities;
|
||||
using Bit.Core.Auth.Enums;
|
||||
using Bit.Core.Auth.Models.Data;
|
||||
using Bit.Core.Auth.Repositories;
|
||||
using Bit.Core.Auth.Services;
|
||||
@ -38,6 +39,7 @@ public class OrganizationsControllerTests : IDisposable
|
||||
private readonly ICreateOrganizationApiKeyCommand _createOrganizationApiKeyCommand;
|
||||
private readonly IUpdateOrganizationLicenseCommand _updateOrganizationLicenseCommand;
|
||||
private readonly IOrganizationDomainRepository _organizationDomainRepository;
|
||||
private readonly IFeatureService _featureService;
|
||||
|
||||
private readonly OrganizationsController _sut;
|
||||
|
||||
@ -60,12 +62,13 @@ public class OrganizationsControllerTests : IDisposable
|
||||
_cloudGetOrganizationLicenseQuery = Substitute.For<ICloudGetOrganizationLicenseQuery>();
|
||||
_createOrganizationApiKeyCommand = Substitute.For<ICreateOrganizationApiKeyCommand>();
|
||||
_updateOrganizationLicenseCommand = Substitute.For<IUpdateOrganizationLicenseCommand>();
|
||||
_featureService = Substitute.For<IFeatureService>();
|
||||
|
||||
_sut = new OrganizationsController(_organizationRepository, _organizationUserRepository,
|
||||
_policyRepository, _providerRepository, _organizationService, _userService, _paymentService, _currentContext,
|
||||
_ssoConfigRepository, _ssoConfigService, _getOrganizationApiKeyQuery, _rotateOrganizationApiKeyCommand,
|
||||
_createOrganizationApiKeyCommand, _organizationApiKeyRepository, _updateOrganizationLicenseCommand,
|
||||
_cloudGetOrganizationLicenseQuery, _globalSettings);
|
||||
_cloudGetOrganizationLicenseQuery, _featureService, _globalSettings);
|
||||
}
|
||||
|
||||
public void Dispose()
|
||||
@ -82,7 +85,7 @@ public class OrganizationsControllerTests : IDisposable
|
||||
Id = default,
|
||||
Data = new SsoConfigurationData
|
||||
{
|
||||
KeyConnectorEnabled = true,
|
||||
MemberDecryptionType = MemberDecryptionType.KeyConnector
|
||||
}.Serialize(),
|
||||
Enabled = true,
|
||||
OrganizationId = orgId,
|
||||
@ -115,7 +118,9 @@ public class OrganizationsControllerTests : IDisposable
|
||||
Id = default,
|
||||
Data = new SsoConfigurationData
|
||||
{
|
||||
KeyConnectorEnabled = keyConnectorEnabled,
|
||||
MemberDecryptionType = keyConnectorEnabled
|
||||
? MemberDecryptionType.KeyConnector
|
||||
: MemberDecryptionType.MasterPassword
|
||||
}.Serialize(),
|
||||
Enabled = true,
|
||||
OrganizationId = orgId,
|
||||
|
@ -1,4 +1,5 @@
|
||||
using Bit.Core.Auth.Entities;
|
||||
using Bit.Core.Auth.Enums;
|
||||
using Bit.Core.Auth.Models.Data;
|
||||
using Bit.Core.Auth.Repositories;
|
||||
using Bit.Core.Auth.Services;
|
||||
@ -83,7 +84,7 @@ public class SsoConfigServiceTests
|
||||
Id = 1,
|
||||
Data = new SsoConfigurationData
|
||||
{
|
||||
KeyConnectorEnabled = true,
|
||||
MemberDecryptionType = MemberDecryptionType.KeyConnector
|
||||
}.Serialize(),
|
||||
Enabled = true,
|
||||
OrganizationId = organization.Id,
|
||||
@ -127,7 +128,7 @@ public class SsoConfigServiceTests
|
||||
Id = 1,
|
||||
Data = new SsoConfigurationData
|
||||
{
|
||||
KeyConnectorEnabled = true,
|
||||
MemberDecryptionType = MemberDecryptionType.KeyConnector,
|
||||
}.Serialize(),
|
||||
Enabled = true,
|
||||
OrganizationId = organization.Id,
|
||||
@ -165,7 +166,7 @@ public class SsoConfigServiceTests
|
||||
Id = default,
|
||||
Data = new SsoConfigurationData
|
||||
{
|
||||
KeyConnectorEnabled = true,
|
||||
MemberDecryptionType = MemberDecryptionType.KeyConnector,
|
||||
}.Serialize(),
|
||||
Enabled = true,
|
||||
OrganizationId = organization.Id,
|
||||
@ -193,7 +194,7 @@ public class SsoConfigServiceTests
|
||||
Id = default,
|
||||
Data = new SsoConfigurationData
|
||||
{
|
||||
KeyConnectorEnabled = true,
|
||||
MemberDecryptionType = MemberDecryptionType.KeyConnector,
|
||||
}.Serialize(),
|
||||
Enabled = true,
|
||||
OrganizationId = organization.Id,
|
||||
@ -227,7 +228,7 @@ public class SsoConfigServiceTests
|
||||
Id = default,
|
||||
Data = new SsoConfigurationData
|
||||
{
|
||||
KeyConnectorEnabled = true,
|
||||
MemberDecryptionType = MemberDecryptionType.KeyConnector,
|
||||
}.Serialize(),
|
||||
Enabled = false,
|
||||
OrganizationId = organization.Id,
|
||||
@ -262,7 +263,7 @@ public class SsoConfigServiceTests
|
||||
Id = default,
|
||||
Data = new SsoConfigurationData
|
||||
{
|
||||
KeyConnectorEnabled = true,
|
||||
MemberDecryptionType = MemberDecryptionType.KeyConnector,
|
||||
}.Serialize(),
|
||||
Enabled = true,
|
||||
OrganizationId = organization.Id,
|
||||
@ -297,7 +298,7 @@ public class SsoConfigServiceTests
|
||||
Id = default,
|
||||
Data = new SsoConfigurationData
|
||||
{
|
||||
KeyConnectorEnabled = true,
|
||||
MemberDecryptionType = MemberDecryptionType.KeyConnector,
|
||||
}.Serialize(),
|
||||
Enabled = true,
|
||||
OrganizationId = organization.Id,
|
||||
|
@ -1,5 +1,6 @@
|
||||
using Bit.Core.AdminConsole.Models.OrganizationConnectionConfigs;
|
||||
using Bit.Core.Auth.Entities;
|
||||
using Bit.Core.Auth.Enums;
|
||||
using Bit.Core.Auth.Models.Data;
|
||||
using Bit.Core.Entities;
|
||||
using Bit.Core.Enums;
|
||||
@ -173,7 +174,7 @@ public class SelfHostedOrganizationDetailsTests
|
||||
{
|
||||
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
|
||||
orgLicense.UseKeyConnector = false;
|
||||
orgDetails.SsoConfig.SetData(new SsoConfigurationData() { KeyConnectorEnabled = false });
|
||||
orgDetails.SsoConfig.SetData(new SsoConfigurationData() { MemberDecryptionType = MemberDecryptionType.MasterPassword });
|
||||
|
||||
var result = orgDetails.CanUseLicense(license, out var exception);
|
||||
|
||||
@ -318,7 +319,7 @@ public class SelfHostedOrganizationDetailsTests
|
||||
ssoConfig.Enabled = true;
|
||||
ssoConfig.SetData(new SsoConfigurationData()
|
||||
{
|
||||
KeyConnectorEnabled = true
|
||||
MemberDecryptionType = MemberDecryptionType.KeyConnector,
|
||||
});
|
||||
|
||||
var enabledScimConfig = new ScimConfig() { Enabled = true };
|
||||
|
@ -1,5 +1,6 @@
|
||||
using System.Text.Json;
|
||||
using Bit.Core.Auth.Entities;
|
||||
using Bit.Core.Auth.Enums;
|
||||
using Bit.Core.Auth.Models.Business;
|
||||
using Bit.Core.Auth.Models.Data;
|
||||
using Bit.Core.Auth.Repositories;
|
||||
@ -1192,7 +1193,7 @@ public class OrganizationServiceTests
|
||||
SsoConfig ssoConfig)
|
||||
{
|
||||
ssoConfig.Enabled = true;
|
||||
ssoConfig.SetData(new SsoConfigurationData { KeyConnectorEnabled = true });
|
||||
ssoConfig.SetData(new SsoConfigurationData { MemberDecryptionType = MemberDecryptionType.KeyConnector });
|
||||
var ssoConfigRepository = sutProvider.GetDependency<ISsoConfigRepository>();
|
||||
var organizationRepository = sutProvider.GetDependency<IOrganizationRepository>();
|
||||
var applicationCacheService = sutProvider.GetDependency<IApplicationCacheService>();
|
||||
|
@ -1,4 +1,5 @@
|
||||
using Bit.Core.Auth.Entities;
|
||||
using Bit.Core.Auth.Enums;
|
||||
using Bit.Core.Auth.Models.Data;
|
||||
using Bit.Core.Auth.Repositories;
|
||||
using Bit.Core.Entities;
|
||||
@ -147,7 +148,7 @@ public class PolicyServiceTests
|
||||
});
|
||||
|
||||
var ssoConfig = new SsoConfig { Enabled = true };
|
||||
var data = new SsoConfigurationData { KeyConnectorEnabled = true };
|
||||
var data = new SsoConfigurationData { MemberDecryptionType = MemberDecryptionType.KeyConnector };
|
||||
ssoConfig.SetData(data);
|
||||
|
||||
sutProvider.GetDependency<ISsoConfigRepository>()
|
||||
|
Loading…
Reference in New Issue
Block a user