Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-21 12:05:42 +01:00
Code Issues Projects Releases Wiki Activity

[BEEEP][SM-893] Add the ability to run SM integration tests as a service account (#3187)

Browse Source 
* Add the ability to run SM integration tests as a service account
This commit is contained in:
Thomas Avery 2024-03-29 11:00:30 -05:00 committed by GitHub
parent e2cb406a95
commit 97c4d839e0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
12 changed files with 369 additions and 306 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
test/Api.IntegrationTest/Factories/ApiApplicationFactory.cs
View File

@ -64,4 +64,13 @@ public class ApiApplicationFactory : WebApplicationFactoryBase<Startup>
base.Dispose(disposing);
SqliteConnection.Dispose();
}
/// <summary>
/// Helper for logging in via client secret.
/// Currently used for Secrets Manager service accounts
/// </summary>
public async Task<string> LoginWithClientSecretAsync(Guid clientId, string clientSecret)
{
return await _identityApplicationFactory.TokenFromAccessTokenAsync(clientId, clientSecret);
}
}

199
test/Api.IntegrationTest/SecretsManager/Controllers/AccessPoliciesControllerTests.cs
View File

@ -1,7 +1,7 @@
using System.Net;
using System.Net.Http.Headers;
using Bit.Api.IntegrationTest.Factories;
using Bit.Api.IntegrationTest.SecretsManager.Enums;
using Bit.Api.IntegrationTest.SecretsManager.Helpers;
using Bit.Api.Models.Response;
using Bit.Api.SecretsManager.Models.Request;
using Bit.Api.SecretsManager.Models.Response;
@ -28,6 +28,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
private readonly IProjectRepository _projectRepository;
private readonly IServiceAccountRepository _serviceAccountRepository;
private readonly IGroupRepository _groupRepository;
private readonly LoginHelper _loginHelper;
private string _email = null!;
private SecretsManagerOrganizationHelper _organizationHelper = null!;
@ -39,6 +40,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
_serviceAccountRepository = _factory.GetService<IServiceAccountRepository>();
_projectRepository = _factory.GetService<IProjectRepository>();
_groupRepository = _factory.GetService<IGroupRepository>();
_loginHelper = new LoginHelper(_factory, _client);
}
public async Task InitializeAsync()
@ -54,12 +56,6 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
return Task.CompletedTask;
}
private async Task LoginAsync(string email)
{
var tokens = await _factory.LoginAsync(email);
_client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token);
}
[Theory]
[InlineData(false, false, false)]
[InlineData(false, false, true)]
@ -71,7 +67,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task CreateProjectAccessPolicies_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var (projectId, serviceAccountId) = await CreateProjectAndServiceAccountAsync(org.Id);
@ -93,7 +89,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
// Create a new account as a user
var (org, _) = await _organizationHelper.Initialize(true, true, true);
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var (projectId, serviceAccountId) = await CreateProjectAndServiceAccountAsync(org.Id);
var request = new AccessPoliciesCreateRequest
@ -115,7 +111,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task CreateProjectAccessPolicies_MismatchedOrgIds_NotFound(PermissionType permissionType)
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var (projectId, serviceAccountId) = await CreateProjectAndServiceAccountAsync(org.Id, true);
await SetupProjectAndServiceAccountPermissionAsync(permissionType, projectId, serviceAccountId);
@ -140,7 +136,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task CreateProjectAccessPolicies_Success(PermissionType permissionType)
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var (projectId, serviceAccountId) = await CreateProjectAndServiceAccountAsync(org.Id);
await SetupProjectAndServiceAccountPermissionAsync(permissionType, projectId, serviceAccountId);
@ -159,7 +155,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
var result = await response.Content.ReadFromJsonAsync<ProjectAccessPoliciesResponseModel>();
Assert.NotNull(result);
Assert.Equal(serviceAccountId, result!.ServiceAccountAccessPolicies.First().ServiceAccountId);
Assert.Equal(serviceAccountId, result.ServiceAccountAccessPolicies.First().ServiceAccountId);
Assert.True(result.ServiceAccountAccessPolicies.First().Read);
Assert.True(result.ServiceAccountAccessPolicies.First().Write);
AssertHelper.AssertRecent(result.ServiceAccountAccessPolicies.First().RevisionDate);
@ -168,7 +164,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
var createdAccessPolicy =
await _accessPolicyRepository.GetByIdAsync(result.ServiceAccountAccessPolicies.First().Id);
Assert.NotNull(createdAccessPolicy);
Assert.Equal(result.ServiceAccountAccessPolicies.First().Read, createdAccessPolicy!.Read);
Assert.Equal(result.ServiceAccountAccessPolicies.First().Read, createdAccessPolicy.Read);
Assert.Equal(result.ServiceAccountAccessPolicies.First().Write, createdAccessPolicy.Write);
Assert.Equal(result.ServiceAccountAccessPolicies.First().Id, createdAccessPolicy.Id);
AssertHelper.AssertRecent(createdAccessPolicy.CreationDate);
@ -186,7 +182,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task UpdateAccessPolicy_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var initData = await SetupAccessPolicyRequest(org.Id);
const bool expectedRead = true;
@ -203,7 +199,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
// Create a new account as a user
await _organizationHelper.Initialize(true, true, true);
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var initData = await SetupAccessPolicyRequest(orgUser.OrganizationId);
@ -222,13 +218,13 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task UpdateAccessPolicy_Success(PermissionType permissionType)
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var initData = await SetupAccessPolicyRequest(org.Id);
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var accessPolicies = new List<BaseAccessPolicy>
{
new UserProjectAccessPolicy
@ -249,13 +245,13 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
var result = await response.Content.ReadFromJsonAsync<ServiceAccountProjectAccessPolicyResponseModel>();
Assert.NotNull(result);
Assert.Equal(expectedRead, result!.Read);
Assert.Equal(expectedRead, result.Read);
Assert.Equal(expectedWrite, result.Write);
AssertHelper.AssertRecent(result.RevisionDate);
var updatedAccessPolicy = await _accessPolicyRepository.GetByIdAsync(result.Id);
Assert.NotNull(updatedAccessPolicy);
Assert.Equal(expectedRead, updatedAccessPolicy!.Read);
Assert.Equal(expectedRead, updatedAccessPolicy.Read);
Assert.Equal(expectedWrite, updatedAccessPolicy.Write);
AssertHelper.AssertRecent(updatedAccessPolicy.RevisionDate);
}
@ -271,7 +267,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task DeleteAccessPolicy_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var initData = await SetupAccessPolicyRequest(org.Id);
var response = await _client.DeleteAsync($"/access-policies/{initData.AccessPolicyId}");
@ -284,7 +280,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
// Create a new account as a user
await _organizationHelper.Initialize(true, true, true);
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var initData = await SetupAccessPolicyRequest(orgUser.OrganizationId);
@ -299,13 +295,13 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task DeleteAccessPolicy_Success(PermissionType permissionType)
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var initData = await SetupAccessPolicyRequest(org.Id);
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var accessPolicies = new List<BaseAccessPolicy>
{
new UserProjectAccessPolicy
@ -327,7 +323,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task GetProjectAccessPolicies_ReturnsEmpty()
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var project = await _projectRepository.CreateAsync(new Project
{
@ -341,7 +337,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
var result = await response.Content.ReadFromJsonAsync<ProjectAccessPoliciesResponseModel>();
Assert.NotNull(result);
Assert.Empty(result!.UserAccessPolicies);
Assert.Empty(result.UserAccessPolicies);
Assert.Empty(result.GroupAccessPolicies);
Assert.Empty(result.ServiceAccountAccessPolicies);
}
@ -357,7 +353,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task GetProjectAccessPolicies_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var initData = await SetupAccessPolicyRequest(org.Id);
@ -371,7 +367,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
// Create a new account as a user
await _organizationHelper.Initialize(true, true, true);
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var initData = await SetupAccessPolicyRequest(orgUser.OrganizationId);
@ -386,13 +382,13 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task GetProjectAccessPolicies(PermissionType permissionType)
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var initData = await SetupAccessPolicyRequest(org.Id);
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var accessPolicies = new List<BaseAccessPolicy>
{
new UserProjectAccessPolicy
@ -409,7 +405,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
var result = await response.Content.ReadFromJsonAsync<ProjectAccessPoliciesResponseModel>();
Assert.NotNull(result?.ServiceAccountAccessPolicies);
Assert.Single(result!.ServiceAccountAccessPolicies);
Assert.Single(result.ServiceAccountAccessPolicies);
}
[Theory]
@ -423,7 +419,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task GetPeoplePotentialGrantees_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var response =
await _client.GetAsync(
@ -437,12 +433,12 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task GetPeoplePotentialGrantees_Success(PermissionType permissionType)
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
}
var response =
@ -453,7 +449,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
var result = await response.Content.ReadFromJsonAsync<ListResponseModel<PotentialGranteeResponseModel>>();
Assert.NotNull(result?.Data);
Assert.NotEmpty(result!.Data);
Assert.NotEmpty(result.Data);
}
[Theory]
@ -467,7 +463,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task GetServiceAccountPotentialGrantees_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var response =
await _client.GetAsync(
@ -481,7 +477,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
// Create a new account as a user
var (org, _) = await _organizationHelper.Initialize(true, true, true);
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
await _serviceAccountRepository.CreateAsync(new ServiceAccount
{
@ -498,7 +494,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
var result = await response.Content.ReadFromJsonAsync<ListResponseModel<PotentialGranteeResponseModel>>();
Assert.NotNull(result?.Data);
Assert.Empty(result!.Data);
Assert.Empty(result.Data);
}
[Theory]
@ -507,7 +503,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task GetServiceAccountsPotentialGrantees_Success(PermissionType permissionType)
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
{
@ -518,7 +514,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
await _accessPolicyRepository.CreateManyAsync(
new List<BaseAccessPolicy>
@ -541,7 +537,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
var result = await response.Content.ReadFromJsonAsync<ListResponseModel<PotentialGranteeResponseModel>>();
Assert.NotNull(result?.Data);
Assert.NotEmpty(result!.Data);
Assert.NotEmpty(result.Data);
Assert.Equal(serviceAccount.Id, result.Data.First(x => x.Id == serviceAccount.Id).Id);
}
@ -556,7 +552,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task GetProjectPotentialGrantees_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var response =
await _client.GetAsync(
@ -570,7 +566,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
// Create a new account as a user
var (org, _) = await _organizationHelper.Initialize(true, true, true);
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
await _projectRepository.CreateAsync(new Project { OrganizationId = org.Id, Name = _mockEncryptedString });
@ -583,7 +579,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
var result = await response.Content.ReadFromJsonAsync<ListResponseModel<PotentialGranteeResponseModel>>();
Assert.NotNull(result?.Data);
Assert.Empty(result!.Data);
Assert.Empty(result.Data);
}
[Theory]
@ -592,7 +588,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task GetProjectPotentialGrantees_Success(PermissionType permissionType)
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var project = await _projectRepository.CreateAsync(new Project
{
@ -603,7 +599,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
await _accessPolicyRepository.CreateManyAsync(
new List<BaseAccessPolicy>
@ -623,7 +619,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
var result = await response.Content.ReadFromJsonAsync<ListResponseModel<PotentialGranteeResponseModel>>();
Assert.NotNull(result?.Data);
Assert.NotEmpty(result!.Data);
Assert.NotEmpty(result.Data);
Assert.Equal(project.Id, result.Data.First(x => x.Id == project.Id).Id);
}
@ -638,7 +634,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task CreateServiceAccountGrantedPolicies_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
{
@ -659,7 +655,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
// Create a new account as a user
var (org, _) = await _organizationHelper.Initialize(true, true, true);
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
{
@ -687,7 +683,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task CreateServiceAccountGrantedPolicies_MismatchedOrgId_NotFound(PermissionType permissionType)
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var (projectId, serviceAccountId) = await CreateProjectAndServiceAccountAsync(org.Id, true);
await SetupProjectAndServiceAccountPermissionAsync(permissionType, projectId, serviceAccountId);
@ -707,7 +703,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task CreateServiceAccountGrantedPolicies_Success(PermissionType permissionType)
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var (projectId, serviceAccountId) = await CreateProjectAndServiceAccountAsync(org.Id);
await SetupProjectAndServiceAccountPermissionAsync(permissionType, projectId, serviceAccountId);
@ -723,13 +719,13 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
.ReadFromJsonAsync<ListResponseModel<ServiceAccountProjectAccessPolicyResponseModel>>();
Assert.NotNull(result);
Assert.NotEmpty(result!.Data);
Assert.NotEmpty(result.Data);
Assert.Equal(projectId, result.Data.First().GrantedProjectId);
var createdAccessPolicy =
await _accessPolicyRepository.GetByIdAsync(result.Data.First().Id);
Assert.NotNull(createdAccessPolicy);
Assert.Equal(result.Data.First().Read, createdAccessPolicy!.Read);
Assert.Equal(result.Data.First().Read, createdAccessPolicy.Read);
Assert.Equal(result.Data.First().Write, createdAccessPolicy.Write);
Assert.Equal(result.Data.First().Id, createdAccessPolicy.Id);
AssertHelper.AssertRecent(createdAccessPolicy.CreationDate);
@ -747,7 +743,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task GetServiceAccountGrantedPolicies_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var initData = await SetupAccessPolicyRequest(org.Id);
var response = await _client.GetAsync($"/service-accounts/{initData.ServiceAccountId}/granted-policies");
@ -758,7 +754,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task GetServiceAccountGrantedPolicies_ReturnsEmpty()
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
{
@ -773,7 +769,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
.ReadFromJsonAsync<ListResponseModel<ServiceAccountProjectAccessPolicyResponseModel>>();
Assert.NotNull(result);
Assert.Empty(result!.Data);
Assert.Empty(result.Data);
}
[Fact]
@ -782,7 +778,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
// Create a new account as a user
await _organizationHelper.Initialize(true, true, true);
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var initData = await SetupAccessPolicyRequest(orgUser.OrganizationId);
@ -792,7 +788,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
.ReadFromJsonAsync<ListResponseModel<ServiceAccountProjectAccessPolicyResponseModel>>();
Assert.NotNull(result);
Assert.Empty(result!.Data);
Assert.Empty(result.Data);
}
[Theory]
@ -801,13 +797,13 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task GetServiceAccountGrantedPolicies(PermissionType permissionType)
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var initData = await SetupAccessPolicyRequest(org.Id);
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var accessPolicies = new List<BaseAccessPolicy>
{
new UserProjectAccessPolicy
@ -825,7 +821,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
.ReadFromJsonAsync<ListResponseModel<ServiceAccountProjectAccessPolicyResponseModel>>();
Assert.NotNull(result?.Data);
Assert.NotEmpty(result!.Data);
Assert.NotEmpty(result.Data);
Assert.Equal(initData.ServiceAccountId, result.Data.First().ServiceAccountId);
Assert.NotNull(result.Data.First().ServiceAccountName);
Assert.NotNull(result.Data.First().GrantedProjectName);
@ -842,7 +838,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task GetProjectPeopleAccessPolicies_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var project = await _projectRepository.CreateAsync(new Project
{
@ -858,7 +854,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task GetProjectPeopleAccessPolicies_ReturnsEmpty()
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var project = await _projectRepository.CreateAsync(new Project
{
@ -872,7 +868,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
var result = await response.Content.ReadFromJsonAsync<ProjectPeopleAccessPoliciesResponseModel>();
Assert.NotNull(result);
Assert.Empty(result!.UserAccessPolicies);
Assert.Empty(result.UserAccessPolicies);
Assert.Empty(result.GroupAccessPolicies);
}
@ -881,7 +877,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
{
await _organizationHelper.Initialize(true, true, true);
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var project = await _projectRepository.CreateAsync(new Project
{
@ -900,7 +896,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task GetProjectPeopleAccessPolicies_Success(PermissionType permissionType)
{
var (_, organizationUser) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var (project, _) = await SetupProjectPeoplePermissionAsync(permissionType, organizationUser);
@ -910,7 +906,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
var result = await response.Content.ReadFromJsonAsync<ProjectPeopleAccessPoliciesResponseModel>();
Assert.NotNull(result?.UserAccessPolicies);
Assert.Single(result!.UserAccessPolicies);
Assert.Single(result.UserAccessPolicies);
}
[Theory]
@ -924,7 +920,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task PutProjectPeopleAccessPolicies_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (_, organizationUser) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var (project, request) = await SetupProjectPeopleRequestAsync(PermissionType.RunAsAdmin, organizationUser);
@ -937,7 +933,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
var (email, organizationUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var project = await _projectRepository.CreateAsync(new Project
{
@ -964,7 +960,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task PutProjectPeopleAccessPolicies_MismatchedOrgIds_NotFound(PermissionType permissionType)
{
var (_, organizationUser) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var (project, request) = await SetupProjectPeopleRequestAsync(permissionType, organizationUser);
var newOrg = await _organizationHelper.CreateSmOrganizationAsync();
@ -989,7 +985,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task PutProjectPeopleAccessPolicies_Success(PermissionType permissionType)
{
var (_, organizationUser) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var (project, request) = await SetupProjectPeopleRequestAsync(permissionType, organizationUser);
@ -1000,14 +996,14 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
Assert.NotNull(result);
Assert.Equal(request.UserAccessPolicyRequests.First().GranteeId,
result!.UserAccessPolicies.First().OrganizationUserId);
result.UserAccessPolicies.First().OrganizationUserId);
Assert.True(result.UserAccessPolicies.First().Read);
Assert.True(result.UserAccessPolicies.First().Write);
var createdAccessPolicy =
await _accessPolicyRepository.GetByIdAsync(result.UserAccessPolicies.First().Id);
Assert.NotNull(createdAccessPolicy);
Assert.Equal(result.UserAccessPolicies.First().Read, createdAccessPolicy!.Read);
Assert.Equal(result.UserAccessPolicies.First().Read, createdAccessPolicy.Read);
Assert.Equal(result.UserAccessPolicies.First().Write, createdAccessPolicy.Write);
Assert.Equal(result.UserAccessPolicies.First().Id, createdAccessPolicy.Id);
}
@ -1023,7 +1019,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task GetServiceAccountPeopleAccessPolicies_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
{
OrganizationId = org.Id,
@ -1038,7 +1034,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task GetServiceAccountPeopleAccessPolicies_ReturnsEmpty()
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
{
@ -1052,7 +1048,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
var result = await response.Content.ReadFromJsonAsync<ServiceAccountPeopleAccessPoliciesResponseModel>();
Assert.NotNull(result);
Assert.Empty(result!.UserAccessPolicies);
Assert.Empty(result.UserAccessPolicies);
Assert.Empty(result.GroupAccessPolicies);
}
@ -1061,7 +1057,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
{
@ -1080,7 +1076,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task GetServiceAccountPeopleAccessPolicies_Success(PermissionType permissionType)
{
var (_, organizationUser) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var (serviceAccount, _) = await SetupServiceAccountPeoplePermissionAsync(permissionType, organizationUser);
@ -1090,7 +1086,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
var result = await response.Content.ReadFromJsonAsync<ServiceAccountPeopleAccessPoliciesResponseModel>();
Assert.NotNull(result?.UserAccessPolicies);
Assert.Single(result!.UserAccessPolicies);
Assert.Single(result.UserAccessPolicies);
}
[Theory]
@ -1100,7 +1096,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task PutServiceAccountPeopleAccessPolicies_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets)
{
var (_, organizationUser) = await _organizationHelper.Initialize(useSecrets, accessSecrets, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var (serviceAccount, request) = await SetupServiceAccountPeopleRequestAsync(PermissionType.RunAsAdmin, organizationUser);
@ -1113,7 +1109,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
var (email, organizationUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
{
@ -1141,7 +1137,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task PutServiceAccountPeopleAccessPolicies_MismatchedOrgIds_NotFound(PermissionType permissionType)
{
var (_, organizationUser) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var (serviceAccount, request) = await SetupServiceAccountPeopleRequestAsync(permissionType, organizationUser);
var newOrg = await _organizationHelper.CreateSmOrganizationAsync();
@ -1166,7 +1162,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
public async Task PutServiceAccountPeopleAccessPolicies_Success(PermissionType permissionType)
{
var (_, organizationUser) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var (serviceAccount, request) = await SetupServiceAccountPeopleRequestAsync(permissionType, organizationUser);
@ -1177,14 +1173,14 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
Assert.NotNull(result);
Assert.Equal(request.UserAccessPolicyRequests.First().GranteeId,
result!.UserAccessPolicies.First().OrganizationUserId);
result.UserAccessPolicies.First().OrganizationUserId);
Assert.True(result.UserAccessPolicies.First().Read);
Assert.True(result.UserAccessPolicies.First().Write);
var createdAccessPolicy =
await _accessPolicyRepository.GetByIdAsync(result.UserAccessPolicies.First().Id);
Assert.NotNull(createdAccessPolicy);
Assert.Equal(result.UserAccessPolicies.First().Read, createdAccessPolicy!.Read);
Assert.Equal(result.UserAccessPolicies.First().Read, createdAccessPolicy.Read);
Assert.Equal(result.UserAccessPolicies.First().Write, createdAccessPolicy.Write);
Assert.Equal(result.UserAccessPolicies.First().Id, createdAccessPolicy.Id);
}
@ -1233,7 +1229,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
organizationUser = orgUser;
}
@ -1265,7 +1261,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
organizationUser = orgUser;
}
@ -1342,7 +1338,7 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var accessPolicies = new List<BaseAccessPolicy>
{
new UserProjectAccessPolicy
@ -1361,35 +1357,6 @@ public class AccessPoliciesControllerTests : IClassFixture<ApiApplicationFactory
}
}
private async Task<AccessPoliciesCreateRequest> SetupUserServiceAccountAccessPolicyRequestAsync(
PermissionType permissionType, Guid userId, Guid serviceAccountId)
{
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, newOrgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
var accessPolicies = new List<BaseAccessPolicy>
{
new UserServiceAccountAccessPolicy
{
GrantedServiceAccountId = serviceAccountId,
OrganizationUserId = newOrgUser.Id,
Read = true,
Write = true,
},
};
await _accessPolicyRepository.CreateManyAsync(accessPolicies);
}
return new AccessPoliciesCreateRequest
{
UserAccessPolicyRequests = new List<AccessPolicyRequest>
{
new() { GranteeId = userId, Read = true, Write = true },
},
};
}
private class RequestSetupData
{
public Guid ProjectId { get; set; }

59
test/Api.IntegrationTest/SecretsManager/Controllers/ProjectsControllerTests.cs
View File

@ -1,7 +1,7 @@
using System.Net;
using System.Net.Http.Headers;
using Bit.Api.IntegrationTest.Factories;
using Bit.Api.IntegrationTest.SecretsManager.Enums;
using Bit.Api.IntegrationTest.SecretsManager.Helpers;
using Bit.Api.Models.Response;
using Bit.Api.SecretsManager.Models.Request;
using Bit.Api.SecretsManager.Models.Response;
@ -10,7 +10,6 @@ using Bit.Core.Enums;
using Bit.Core.SecretsManager.Entities;
using Bit.Core.SecretsManager.Repositories;
using Bit.Test.Common.Helpers;
using Pipelines.Sockets.Unofficial.Arenas;
using Xunit;
namespace Bit.Api.IntegrationTest.SecretsManager.Controllers;
@ -24,6 +23,7 @@ public class ProjectsControllerTests : IClassFixture<ApiApplicationFactory>, IAs
private readonly ApiApplicationFactory _factory;
private readonly IProjectRepository _projectRepository;
private readonly IAccessPolicyRepository _accessPolicyRepository;
private readonly LoginHelper _loginHelper;
private string _email = null!;
private SecretsManagerOrganizationHelper _organizationHelper = null!;
@ -34,6 +34,7 @@ public class ProjectsControllerTests : IClassFixture<ApiApplicationFactory>, IAs
_client = _factory.CreateClient();
_projectRepository = _factory.GetService<IProjectRepository>();
_accessPolicyRepository = _factory.GetService<IAccessPolicyRepository>();
_loginHelper = new LoginHelper(_factory, _client);
}
public async Task InitializeAsync()
@ -49,12 +50,6 @@ public class ProjectsControllerTests : IClassFixture<ApiApplicationFactory>, IAs
return Task.CompletedTask;
}
private async Task LoginAsync(string email)
{
var tokens = await _factory.LoginAsync(email);
_client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token);
}
[Theory]
[InlineData(false, false, false)]
[InlineData(false, false, true)]
@ -66,7 +61,7 @@ public class ProjectsControllerTests : IClassFixture<ApiApplicationFactory>, IAs
public async Task ListByOrganization_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var response = await _client.GetAsync($"/organizations/{org.Id}/projects");
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
@ -77,7 +72,7 @@ public class ProjectsControllerTests : IClassFixture<ApiApplicationFactory>, IAs
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
await CreateProjectsAsync(org.Id);
@ -86,7 +81,7 @@ public class ProjectsControllerTests : IClassFixture<ApiApplicationFactory>, IAs
var result = await response.Content.ReadFromJsonAsync<ListResponseModel<ProjectResponseModel>>();
Assert.NotNull(result);
Assert.Empty(result!.Data);
Assert.Empty(result.Data);
}
[Theory]
@ -101,7 +96,7 @@ public class ProjectsControllerTests : IClassFixture<ApiApplicationFactory>, IAs
var result = await response.Content.ReadFromJsonAsync<ListResponseModel<ProjectResponseModel>>();
Assert.NotNull(result);
Assert.NotEmpty(result!.Data);
Assert.NotEmpty(result.Data);
Assert.Equal(projectIds.Count, result.Data.Count());
}
@ -116,7 +111,7 @@ public class ProjectsControllerTests : IClassFixture<ApiApplicationFactory>, IAs
public async Task Create_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var request = new ProjectCreateRequestModel { Name = _mockEncryptedString };
@ -129,7 +124,7 @@ public class ProjectsControllerTests : IClassFixture<ApiApplicationFactory>, IAs
[InlineData(PermissionType.RunAsUserWithPermission)]
public async Task Create_AtMaxProjects_BadRequest(PermissionType permissionType)
{
var (_, organization) = await SetupProjectsWithAccessAsync(permissionType, 3);
var (_, organization) = await SetupProjectsWithAccessAsync(permissionType);
var request = new ProjectCreateRequestModel { Name = _mockEncryptedString };
var response = await _client.PostAsJsonAsync($"/organizations/{organization.Id}/projects", request);
@ -143,14 +138,14 @@ public class ProjectsControllerTests : IClassFixture<ApiApplicationFactory>, IAs
public async Task Create_Success(PermissionType permissionType)
{
var (org, adminOrgUser) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var orgUserId = adminOrgUser.Id;
var currentUserId = adminOrgUser.UserId!.Value;
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
orgUserId = orgUser.Id;
currentUserId = orgUser.UserId!.Value;
}
@ -162,7 +157,7 @@ public class ProjectsControllerTests : IClassFixture<ApiApplicationFactory>, IAs
var result = await response.Content.ReadFromJsonAsync<ProjectResponseModel>();
Assert.NotNull(result);
Assert.Equal(request.Name, result!.Name);
Assert.Equal(request.Name, result.Name);
AssertHelper.AssertRecent(result.RevisionDate);
AssertHelper.AssertRecent(result.CreationDate);
@ -196,7 +191,7 @@ public class ProjectsControllerTests : IClassFixture<ApiApplicationFactory>, IAs
public async Task Update_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var initialProject = await _projectRepository.CreateAsync(new Project
{
@ -244,7 +239,7 @@ public class ProjectsControllerTests : IClassFixture<ApiApplicationFactory>, IAs
public async Task Update_NonExistingProject_NotFound()
{
await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var request = new ProjectUpdateRequestModel
{
@ -262,7 +257,7 @@ public class ProjectsControllerTests : IClassFixture<ApiApplicationFactory>, IAs
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var project = await _projectRepository.CreateAsync(new Project
{
@ -292,7 +287,7 @@ public class ProjectsControllerTests : IClassFixture<ApiApplicationFactory>, IAs
public async Task Get_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var project = await _projectRepository.CreateAsync(new Project
{
@ -313,7 +308,7 @@ public class ProjectsControllerTests : IClassFixture<ApiApplicationFactory>, IAs
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var createdProject = await _projectRepository.CreateAsync(new Project
{
@ -330,7 +325,7 @@ public class ProjectsControllerTests : IClassFixture<ApiApplicationFactory>, IAs
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var createdProject = await _projectRepository.CreateAsync(new Project
{
@ -338,7 +333,7 @@ public class ProjectsControllerTests : IClassFixture<ApiApplicationFactory>, IAs
Name = _mockEncryptedString,
});
var deleteResponse = await _client.PostAsync("/projects/delete", JsonContent.Create(createdProject.Id));
await _client.PostAsync("/projects/delete", JsonContent.Create(createdProject.Id));
var response = await _client.GetAsync($"/projects/{createdProject.Id}");
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
@ -372,7 +367,7 @@ public class ProjectsControllerTests : IClassFixture<ApiApplicationFactory>, IAs
public async Task Delete_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var projectIds = await CreateProjectsAsync(org.Id);
@ -385,7 +380,7 @@ public class ProjectsControllerTests : IClassFixture<ApiApplicationFactory>, IAs
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var projectIds = await CreateProjectsAsync(org.Id);
@ -394,7 +389,7 @@ public class ProjectsControllerTests : IClassFixture<ApiApplicationFactory>, IAs
var results = await response.Content.ReadFromJsonAsync<ListResponseModel<BulkDeleteResponseModel>>();
Assert.NotNull(results);
Assert.Equal(projectIds.OrderBy(x => x),
results!.Data.Select(x => x.Id).OrderBy(x => x));
results.Data.Select(x => x.Id).OrderBy(x => x));
Assert.All(results.Data, item => Assert.Equal("access denied", item.Error));
}
@ -411,7 +406,7 @@ public class ProjectsControllerTests : IClassFixture<ApiApplicationFactory>, IAs
var results = await response.Content.ReadFromJsonAsync<ListResponseModel<BulkDeleteResponseModel>>();
Assert.NotNull(results);
Assert.Equal(projectIds.OrderBy(x => x),
results!.Data.Select(x => x.Id).OrderBy(x => x));
results.Data.Select(x => x.Id).OrderBy(x => x));
Assert.DoesNotContain(results.Data, x => x.Error != null);
var projects = await _projectRepository.GetManyWithSecretsByIds(projectIds);
@ -438,7 +433,7 @@ public class ProjectsControllerTests : IClassFixture<ApiApplicationFactory>, IAs
int projectsToCreate = 3)
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var projectIds = await CreateProjectsAsync(org.Id, projectsToCreate);
if (permissionType == PermissionType.RunAsAdmin)
@ -447,7 +442,7 @@ public class ProjectsControllerTests : IClassFixture<ApiApplicationFactory>, IAs
}
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var accessPolicies = projectIds.Select(projectId => new UserProjectAccessPolicy
{
@ -467,7 +462,7 @@ public class ProjectsControllerTests : IClassFixture<ApiApplicationFactory>, IAs
private async Task<Project> SetupProjectWithAccessAsync(PermissionType permissionType)
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var initialProject = await _projectRepository.CreateAsync(new Project
{
@ -481,7 +476,7 @@ public class ProjectsControllerTests : IClassFixture<ApiApplicationFactory>, IAs
}
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var accessPolicies = new List<BaseAccessPolicy>
{

173
test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs
View File

@ -1,7 +1,7 @@
using System.Net;
using System.Net.Http.Headers;
using Bit.Api.IntegrationTest.Factories;
using Bit.Api.IntegrationTest.SecretsManager.Enums;
using Bit.Api.IntegrationTest.SecretsManager.Helpers;
using Bit.Api.Models.Response;
using Bit.Api.SecretsManager.Models.Request;
using Bit.Api.SecretsManager.Models.Response;
@ -23,6 +23,7 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
private readonly ISecretRepository _secretRepository;
private readonly IProjectRepository _projectRepository;
private readonly IAccessPolicyRepository _accessPolicyRepository;
private readonly LoginHelper _loginHelper;
private string _email = null!;
private SecretsManagerOrganizationHelper _organizationHelper = null!;
@ -34,6 +35,7 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
_secretRepository = _factory.GetService<ISecretRepository>();
_projectRepository = _factory.GetService<IProjectRepository>();
_accessPolicyRepository = _factory.GetService<IAccessPolicyRepository>();
_loginHelper = new LoginHelper(_factory, _client);
}
public async Task InitializeAsync()
@ -49,12 +51,6 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
return Task.CompletedTask;
}
private async Task LoginAsync(string email)
{
var tokens = await _factory.LoginAsync(email);
_client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token);
}
[Theory]
[InlineData(false, false, false)]
[InlineData(false, false, true)]
@ -66,7 +62,7 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
public async Task ListByOrganization_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var response = await _client.GetAsync($"/organizations/{org.Id}/secrets");
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
@ -77,8 +73,8 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
[InlineData(PermissionType.RunAsUserWithPermission)]
public async Task ListByOrganization_Success(PermissionType permissionType)
{
var (org, orgUserOwner) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await _loginHelper.LoginAsync(_email);
var project = await _projectRepository.CreateAsync(new Project
{
@ -90,7 +86,7 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var accessPolicies = new List<BaseAccessPolicy>
{
@ -122,7 +118,7 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
var result = await response.Content.ReadFromJsonAsync<SecretWithProjectsListResponseModel>();
Assert.NotNull(result);
Assert.NotEmpty(result!.Secrets);
Assert.NotEmpty(result.Secrets);
Assert.Equal(secretIds.Count, result.Secrets.Count());
}
@ -137,7 +133,7 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
public async Task Create_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var request = new SecretCreateRequestModel
{
@ -154,7 +150,7 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
public async Task CreateWithoutProject_RunAsAdmin_Success()
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var request = new SecretCreateRequestModel
{
@ -168,7 +164,7 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
var result = await response.Content.ReadFromJsonAsync<SecretResponseModel>();
Assert.NotNull(result);
Assert.Equal(request.Key, result!.Key);
Assert.Equal(request.Key, result.Key);
Assert.Equal(request.Value, result.Value);
Assert.Equal(request.Note, result.Note);
AssertHelper.AssertRecent(result.RevisionDate);
@ -188,7 +184,7 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
public async Task CreateWithDifferentProjectOrgId_RunAsAdmin_NotFound()
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var anotherOrg = await _organizationHelper.CreateSmOrganizationAsync();
var project =
@ -210,7 +206,7 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
public async Task CreateWithMultipleProjects_RunAsAdmin_BadRequest()
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var projectA = await _projectRepository.CreateAsync(new Project { OrganizationId = org.Id, Name = "123A" });
var projectB = await _projectRepository.CreateAsync(new Project { OrganizationId = org.Id, Name = "123B" });
@ -231,8 +227,8 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
public async Task CreateWithoutProject_RunAsUser_NotFound()
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await _loginHelper.LoginAsync(email);
var request = new SecretCreateRequestModel
{
@ -251,9 +247,9 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
public async Task CreateWithProject_Success(PermissionType permissionType)
{
var (org, orgAdminUser) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
AccessClientType accessType = AccessClientType.NoAccessCheck;
var accessType = AccessClientType.NoAccessCheck;
var project = await _projectRepository.CreateAsync(new Project()
{
@ -267,12 +263,12 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
accessType = AccessClientType.User;
var accessPolicies = new List<BaseAccessPolicy>
{
new Core.SecretsManager.Entities.UserProjectAccessPolicy
new UserProjectAccessPolicy
{
GrantedProjectId = project.Id, OrganizationUserId = orgUser.Id , Read = true, Write = true,
},
@ -296,7 +292,7 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
var secret = result.Secret;
Assert.NotNull(secretResult);
Assert.Equal(secret.Id, secretResult!.Id);
Assert.Equal(secret.Id, secretResult.Id);
Assert.Equal(secret.OrganizationId, secretResult.OrganizationId);
Assert.Equal(secret.Key, secretResult.Key);
Assert.Equal(secret.Value, secretResult.Value);
@ -316,7 +312,7 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
public async Task Get_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var secret = await _secretRepository.CreateAsync(new Secret
{
@ -336,7 +332,7 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
public async Task Get_Success(PermissionType permissionType)
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var project = await _projectRepository.CreateAsync(new Project()
{
@ -348,7 +344,7 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var accessPolicies = new List<BaseAccessPolicy>
{
@ -361,8 +357,8 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
}
else
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.Admin, true);
await LoginAsync(email);
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.Admin, true);
await _loginHelper.LoginAsync(email);
}
var secret = await _secretRepository.CreateAsync(new Secret
@ -395,7 +391,7 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
public async Task GetSecretsByProject_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var project = await _projectRepository.CreateAsync(new Project
{
@ -411,8 +407,8 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
public async Task GetSecretsByProject_UserWithNoPermission_EmptyList()
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await _loginHelper.LoginAsync(email);
var project = await _projectRepository.CreateAsync(new Project()
{
@ -421,7 +417,7 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
Name = _mockEncryptedString
});
var secret = await _secretRepository.CreateAsync(new Secret
await _secretRepository.CreateAsync(new Secret
{
OrganizationId = org.Id,
Key = _mockEncryptedString,
@ -434,8 +430,8 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
response.EnsureSuccessStatusCode();
var result = await response.Content.ReadFromJsonAsync<SecretWithProjectsListResponseModel>();
Assert.NotNull(result);
Assert.Empty(result!.Secrets);
Assert.Empty(result!.Projects);
Assert.Empty(result.Secrets);
Assert.Empty(result.Projects);
}
[Theory]
@ -444,7 +440,7 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
public async Task GetSecretsByProject_Success(PermissionType permissionType)
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var project = await _projectRepository.CreateAsync(new Project()
{
@ -456,7 +452,7 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var accessPolicies = new List<BaseAccessPolicy>
{
@ -501,7 +497,7 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
public async Task Update_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var secret = await _secretRepository.CreateAsync(new Secret
{
@ -525,32 +521,18 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
[Theory]
[InlineData(PermissionType.RunAsAdmin)]
[InlineData(PermissionType.RunAsUserWithPermission)]
[InlineData(PermissionType.RunAsServiceAccountWithPermission)]
public async Task Update_Success(PermissionType permissionType)
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
var project = await _projectRepository.CreateAsync(new Project()
{
Id = new Guid(),
Id = Guid.NewGuid(),
OrganizationId = org.Id,
Name = _mockEncryptedString
});
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
var accessPolicies = new List<BaseAccessPolicy>
{
new UserProjectAccessPolicy
{
GrantedProjectId = project.Id, OrganizationUserId = orgUser.Id, Read = true, Write = true,
},
};
await _accessPolicyRepository.CreateManyAsync(accessPolicies);
}
await SetupProjectPermissionAndLoginAsync(permissionType, project);
var secret = await _secretRepository.CreateAsync(new Secret
{
@ -558,7 +540,7 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
Key = _mockEncryptedString,
Value = _mockEncryptedString,
Note = _mockEncryptedString,
Projects = permissionType == PermissionType.RunAsUserWithPermission ? new List<Project>() { project } : null
Projects = permissionType != PermissionType.RunAsAdmin ? new List<Project>() { project } : null
});
var request = new SecretUpdateRequestModel()
@ -566,7 +548,7 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
Key = _mockEncryptedString,
Value = "2.3Uk+WNBIoU5xzmVFNcoWzz==|1MsPIYuRfdOHfu/0uY6H2Q==|/98xy4wb6pHP1VTZ9JcNCYgQjEUMFPlqJgCwRk1YXKg=",
Note = _mockEncryptedString,
ProjectIds = permissionType == PermissionType.RunAsUserWithPermission ? new Guid[] { project.Id } : null
ProjectIds = permissionType != PermissionType.RunAsAdmin ? new Guid[] { project.Id } : null
};
var response = await _client.PutAsJsonAsync($"/secrets/{secret.Id}", request);
@ -595,7 +577,7 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
public async Task UpdateWithDifferentProjectOrgId_RunAsAdmin_NotFound()
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var anotherOrg = await _organizationHelper.CreateSmOrganizationAsync();
var project = await _projectRepository.CreateAsync(new Project { Name = "123", OrganizationId = anotherOrg.Id });
@ -624,7 +606,7 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
public async Task UpdateWithMultipleProjects_BadRequest()
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var projectA = await _projectRepository.CreateAsync(new Project { OrganizationId = org.Id, Name = "123A" });
var projectB = await _projectRepository.CreateAsync(new Project { OrganizationId = org.Id, Name = "123B" });
@ -660,7 +642,7 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
public async Task Delete_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var secret = await _secretRepository.CreateAsync(new Secret
{
@ -680,33 +662,34 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var (_, secretIds) = await CreateSecretsAsync(org.Id, 3);
var (_, secretIds) = await CreateSecretsAsync(org.Id);
var response = await _client.PostAsync("/secrets/delete", JsonContent.Create(secretIds));
var results = await response.Content.ReadFromJsonAsync<ListResponseModel<BulkDeleteResponseModel>>();
Assert.NotNull(results);
Assert.Equal(secretIds.OrderBy(x => x),
results!.Data.Select(x => x.Id).OrderBy(x => x));
results.Data.Select(x => x.Id).OrderBy(x => x));
Assert.All(results.Data, item => Assert.Equal("access denied", item.Error));
}
[Theory]
[InlineData(PermissionType.RunAsAdmin)]
[InlineData(PermissionType.RunAsUserWithPermission)]
[InlineData(PermissionType.RunAsServiceAccountWithPermission)]
public async Task Delete_Success(PermissionType permissionType)
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var (project, secretIds) = await CreateSecretsAsync(org.Id);
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var accessPolicies = new List<BaseAccessPolicy>
{
@ -723,8 +706,8 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
var results = await response.Content.ReadFromJsonAsync<ListResponseModel<BulkDeleteResponseModel>>();
Assert.NotNull(results?.Data);
Assert.Equal(secretIds.Count, results!.Data.Count());
foreach (var result in results!.Data)
Assert.Equal(secretIds.Count, results.Data.Count());
foreach (var result in results.Data)
{
Assert.Contains(result.Id, secretIds);
Assert.Null(result.Error);
@ -745,7 +728,7 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
public async Task GetSecretsByIds_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var secret = await _secretRepository.CreateAsync(new Secret
{
@ -767,14 +750,14 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
public async Task GetSecretsByIds_Success(PermissionType permissionType)
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var (project, secretIds) = await CreateSecretsAsync(org.Id);
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var accessPolicies = new List<BaseAccessPolicy>
{
@ -788,7 +771,7 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
else
{
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.Admin, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
}
var request = new GetSecretsRequestModel { Ids = secretIds };
@ -797,8 +780,8 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
response.EnsureSuccessStatusCode();
var result = await response.Content.ReadFromJsonAsync<ListResponseModel<BaseSecretResponseModel>>();
Assert.NotNull(result);
Assert.NotEmpty(result!.Data);
Assert.Equal(secretIds.Count, result!.Data.Count());
Assert.NotEmpty(result.Data);
Assert.Equal(secretIds.Count, result.Data.Count());
}
private async Task<(Project Project, List<Guid> secretIds)> CreateSecretsAsync(Guid orgId, int numberToCreate = 3)
@ -826,4 +809,48 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
return (project, secretIds);
}
private async Task SetupProjectPermissionAndLoginAsync(PermissionType permissionType, Project project)
{
switch (permissionType)
{
case PermissionType.RunAsAdmin:
{
await _loginHelper.LoginAsync(_email);
break;
}
case PermissionType.RunAsUserWithPermission:
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await _loginHelper.LoginAsync(email);
var accessPolicies = new List<BaseAccessPolicy>
{
new UserProjectAccessPolicy
{
GrantedProjectId = project.Id, OrganizationUserId = orgUser.Id, Read = true, Write = true,
},
};
await _accessPolicyRepository.CreateManyAsync(accessPolicies);
break;
}
case PermissionType.RunAsServiceAccountWithPermission:
{
var apiKeyDetails = await _organizationHelper.CreateNewServiceAccountApiKeyAsync();
await _loginHelper.LoginWithApiKeyAsync(apiKeyDetails);
var accessPolicies = new List<BaseAccessPolicy>
{
new ServiceAccountProjectAccessPolicy
{
GrantedProjectId = project.Id, ServiceAccountId = apiKeyDetails.ApiKey.ServiceAccountId, Read = true, Write = true,
},
};
await _accessPolicyRepository.CreateManyAsync(accessPolicies);
break;
}
default:
throw new ArgumentOutOfRangeException(nameof(permissionType), permissionType, null);
}
}
}

1
test/Api.IntegrationTest/SecretsManager/Controllers/SecretsManagerEventsControllerTests.cs
View File

@ -1,6 +1,7 @@
using System.Net;
using System.Net.Http.Headers;
using Bit.Api.IntegrationTest.Factories;
using Bit.Api.IntegrationTest.SecretsManager.Helpers;
using Bit.Core.SecretsManager.Entities;
using Bit.Core.SecretsManager.Repositories;
using Xunit;

19
test/Api.IntegrationTest/SecretsManager/Controllers/SecretsManagerPortingControllerTests.cs
View File

@ -1,8 +1,7 @@
using System.Net;
using System.Net.Http.Headers;
using Bit.Api.IntegrationTest.Factories;
using Bit.Api.IntegrationTest.SecretsManager.Helpers;
using Bit.Api.SecretsManager.Models.Request;
using Bit.Core.SecretsManager.Repositories;
using Xunit;
namespace Bit.Api.IntegrationTest.SecretsManager.Controllers;
@ -11,8 +10,7 @@ public class SecretsManagerPortingControllerTests : IClassFixture<ApiApplication
{
private readonly HttpClient _client;
private readonly ApiApplicationFactory _factory;
private readonly IProjectRepository _projectRepository;
private readonly IAccessPolicyRepository _accessPolicyRepository;
private readonly LoginHelper _loginHelper;
private string _email = null!;
private SecretsManagerOrganizationHelper _organizationHelper = null!;
@ -21,8 +19,7 @@ public class SecretsManagerPortingControllerTests : IClassFixture<ApiApplication
{
_factory = factory;
_client = _factory.CreateClient();
_projectRepository = _factory.GetService<IProjectRepository>();
_accessPolicyRepository = _factory.GetService<IAccessPolicyRepository>();
_loginHelper = new LoginHelper(_factory, _client);
}
public async Task InitializeAsync()
@ -38,12 +35,6 @@ public class SecretsManagerPortingControllerTests : IClassFixture<ApiApplication
return Task.CompletedTask;
}
private async Task LoginAsync(string email)
{
var tokens = await _factory.LoginAsync(email);
_client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token);
}
[Theory]
[InlineData(false, false, false)]
[InlineData(false, false, true)]
@ -55,7 +46,7 @@ public class SecretsManagerPortingControllerTests : IClassFixture<ApiApplication
public async Task Import_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var projectsList = new List<SMImportRequestModel.InnerProjectImportRequestModel>();
var secretsList = new List<SMImportRequestModel.InnerSecretImportRequestModel>();
@ -76,7 +67,7 @@ public class SecretsManagerPortingControllerTests : IClassFixture<ApiApplication
public async Task Export_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var response = await _client.GetAsync($"sm/{org.Id}/export");
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);

32
test/Api.IntegrationTest/SecretsManager/Controllers/SecretsTrashControllerTests.cs
View File

@ -1,6 +1,6 @@
using System.Net;
using System.Net.Http.Headers;
using Bit.Api.IntegrationTest.Factories;
using Bit.Api.IntegrationTest.SecretsManager.Helpers;
using Bit.Api.SecretsManager.Models.Response;
using Bit.Core.Enums;
using Bit.Core.SecretsManager.Repositories;
@ -17,6 +17,7 @@ public class SecretsTrashControllerTests : IClassFixture<ApiApplicationFactory>,
private readonly HttpClient _client;
private readonly ApiApplicationFactory _factory;
private readonly ISecretRepository _secretRepository;
private readonly LoginHelper _loginHelper;
private string _email = null!;
private SecretsManagerOrganizationHelper _organizationHelper = null!;
@ -26,6 +27,7 @@ public class SecretsTrashControllerTests : IClassFixture<ApiApplicationFactory>,
_factory = factory;
_client = _factory.CreateClient();
_secretRepository = _factory.GetService<ISecretRepository>();
_loginHelper = new LoginHelper(_factory, _client);
}
public async Task InitializeAsync()
@ -41,12 +43,6 @@ public class SecretsTrashControllerTests : IClassFixture<ApiApplicationFactory>,
return Task.CompletedTask;
}
private async Task LoginAsync(string email)
{
var tokens = await _factory.LoginAsync(email);
_client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token);
}
[Theory]
[InlineData(false, false, false)]
[InlineData(false, false, true)]
@ -58,7 +54,7 @@ public class SecretsTrashControllerTests : IClassFixture<ApiApplicationFactory>,
public async Task ListByOrganization_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var response = await _client.GetAsync($"/secrets/{org.Id}/trash");
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
@ -69,7 +65,7 @@ public class SecretsTrashControllerTests : IClassFixture<ApiApplicationFactory>,
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var response = await _client.GetAsync($"/secrets/{org.Id}/trash");
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
@ -79,7 +75,7 @@ public class SecretsTrashControllerTests : IClassFixture<ApiApplicationFactory>,
public async Task ListByOrganization_Success()
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
await _secretRepository.CreateAsync(new Secret
{
@ -114,7 +110,7 @@ public class SecretsTrashControllerTests : IClassFixture<ApiApplicationFactory>,
public async Task Empty_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var ids = new List<Guid> { Guid.NewGuid() };
var response = await _client.PostAsJsonAsync($"/secrets/{org.Id}/trash/empty", ids);
@ -126,7 +122,7 @@ public class SecretsTrashControllerTests : IClassFixture<ApiApplicationFactory>,
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var ids = new List<Guid> { Guid.NewGuid() };
var response = await _client.PostAsJsonAsync($"/secrets/{org.Id}/trash/empty", ids);
@ -137,7 +133,7 @@ public class SecretsTrashControllerTests : IClassFixture<ApiApplicationFactory>,
public async Task Empty_Invalid_NotFound()
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var secret = await _secretRepository.CreateAsync(new Secret
{
@ -155,7 +151,7 @@ public class SecretsTrashControllerTests : IClassFixture<ApiApplicationFactory>,
public async Task Empty_Success()
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var secret = await _secretRepository.CreateAsync(new Secret
{
@ -181,7 +177,7 @@ public class SecretsTrashControllerTests : IClassFixture<ApiApplicationFactory>,
public async Task Restore_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var ids = new List<Guid> { Guid.NewGuid() };
var response = await _client.PostAsJsonAsync($"/secrets/{org.Id}/trash/restore", ids);
@ -193,7 +189,7 @@ public class SecretsTrashControllerTests : IClassFixture<ApiApplicationFactory>,
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var ids = new List<Guid> { Guid.NewGuid() };
var response = await _client.PostAsJsonAsync($"/secrets/{org.Id}/trash/restore", ids);
@ -204,7 +200,7 @@ public class SecretsTrashControllerTests : IClassFixture<ApiApplicationFactory>,
public async Task Restore_Invalid_NotFound()
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var secret = await _secretRepository.CreateAsync(new Secret
{
@ -222,7 +218,7 @@ public class SecretsTrashControllerTests : IClassFixture<ApiApplicationFactory>,
public async Task Restore_Success()
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var secret = await _secretRepository.CreateAsync(new Secret
{

90
test/Api.IntegrationTest/SecretsManager/Controllers/ServiceAccountsControllerTests.cs
View File

@ -1,7 +1,7 @@
using System.Net;
using System.Net.Http.Headers;
using Bit.Api.IntegrationTest.Factories;
using Bit.Api.IntegrationTest.SecretsManager.Enums;
using Bit.Api.IntegrationTest.SecretsManager.Helpers;
using Bit.Api.Models.Response;
using Bit.Api.SecretsManager.Models.Request;
using Bit.Api.SecretsManager.Models.Response;
@ -24,6 +24,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
private readonly HttpClient _client;
private readonly ApiApplicationFactory _factory;
private readonly LoginHelper _loginHelper;
private readonly IAccessPolicyRepository _accessPolicyRepository;
private readonly IApiKeyRepository _apiKeyRepository;
@ -39,6 +40,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
_serviceAccountRepository = _factory.GetService<IServiceAccountRepository>();
_accessPolicyRepository = _factory.GetService<IAccessPolicyRepository>();
_apiKeyRepository = _factory.GetService<IApiKeyRepository>();
_loginHelper = new LoginHelper(_factory, _client);
}
public async Task InitializeAsync()
@ -54,12 +56,6 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
return Task.CompletedTask;
}
private async Task LoginAsync(string email)
{
var tokens = await _factory.LoginAsync(email);
_client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token);
}
[Theory]
[InlineData(false, false, false)]
[InlineData(false, false, true)]
@ -71,7 +67,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
public async Task ListByOrganization_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var response = await _client.GetAsync($"/organizations/{org.Id}/service-accounts");
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
@ -81,7 +77,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
public async Task ListByOrganization_Admin_Success()
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var serviceAccountIds = await SetupGetServiceAccountsByOrganizationAsync(org);
@ -90,7 +86,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
var result = await response.Content.ReadFromJsonAsync<ListResponseModel<ServiceAccountResponseModel>>();
Assert.NotNull(result);
Assert.NotEmpty(result!.Data);
Assert.NotEmpty(result.Data);
Assert.Equal(serviceAccountIds.Count, result.Data.Count());
}
@ -99,7 +95,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var serviceAccountIds = await SetupGetServiceAccountsByOrganizationAsync(org);
@ -120,7 +116,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
var result = await response.Content.ReadFromJsonAsync<ListResponseModel<ServiceAccountResponseModel>>();
Assert.NotNull(result);
Assert.NotEmpty(result!.Data);
Assert.NotEmpty(result.Data);
Assert.Equal(2, result.Data.Count());
}
@ -135,7 +131,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
public async Task GetByServiceAccountId_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
{
@ -150,8 +146,8 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
[Fact]
public async Task GetByServiceAccountId_ServiceAccountDoesNotExist_NotFound()
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _organizationHelper.Initialize(true, true, true);
await _loginHelper.LoginAsync(_email);
var response = await _client.GetAsync($"/service-accounts/{new Guid()}");
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
@ -162,7 +158,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
{
@ -185,7 +181,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
response.EnsureSuccessStatusCode();
var result = await response.Content.ReadFromJsonAsync<ServiceAccountResponseModel>();
Assert.NotNull(result);
Assert.Equal(serviceAccount.Id, result!.Id);
Assert.Equal(serviceAccount.Id, result.Id);
Assert.Equal(serviceAccount.OrganizationId, result.OrganizationId);
Assert.Equal(serviceAccount.Name, result.Name);
Assert.Equal(serviceAccount.CreationDate, result.CreationDate);
@ -203,7 +199,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
public async Task Create_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var request = new ServiceAccountCreateRequestModel { Name = _mockEncryptedString };
@ -217,7 +213,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
public async Task Create_Success(PermissionType permissionType)
{
var (org, adminOrgUser) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var orgUserId = adminOrgUser.Id;
var currentUserId = adminOrgUser.UserId!.Value;
@ -225,7 +221,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
orgUserId = orgUser.Id;
currentUserId = orgUser.UserId!.Value;
}
@ -237,7 +233,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
var result = await response.Content.ReadFromJsonAsync<ServiceAccountResponseModel>();
Assert.NotNull(result);
Assert.Equal(request.Name, result!.Name);
Assert.Equal(request.Name, result.Name);
AssertHelper.AssertRecent(result.RevisionDate);
AssertHelper.AssertRecent(result.CreationDate);
@ -270,7 +266,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
public async Task Update_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var initialServiceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
{
@ -289,7 +285,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var initialServiceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
{
@ -307,7 +303,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
public async Task Update_NonExistingServiceAccount_NotFound()
{
await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var request = new ServiceAccountUpdateRequestModel { Name = _mockNewName };
@ -328,7 +324,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
response.EnsureSuccessStatusCode();
var result = await response.Content.ReadFromJsonAsync<ServiceAccountResponseModel>();
Assert.NotNull(result);
Assert.Equal(request.Name, result!.Name);
Assert.Equal(request.Name, result.Name);
Assert.NotEqual(initialServiceAccount.Name, result.Name);
AssertHelper.AssertRecent(result.RevisionDate);
Assert.NotEqual(initialServiceAccount.RevisionDate, result.RevisionDate);
@ -353,7 +349,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
public async Task Delete_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var initialServiceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
{
@ -372,7 +368,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
{
@ -405,12 +401,12 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
if (permissionType == PermissionType.RunAsAdmin)
{
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
}
else
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
await _accessPolicyRepository.CreateManyAsync(new List<BaseAccessPolicy> {
new UserServiceAccountAccessPolicy
@ -443,7 +439,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
public async Task GetAccessTokens_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
{
@ -460,7 +456,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
{
@ -485,7 +481,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
public async Task GetAccessTokens_Success(PermissionType permissionType)
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
{
@ -496,7 +492,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
await _accessPolicyRepository.CreateManyAsync(new List<BaseAccessPolicy> {
new UserServiceAccountAccessPolicy
@ -540,7 +536,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
public async Task CreateAccessToken_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
{
@ -565,7 +561,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
public async Task CreateAccessToken_Admin()
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
{
@ -587,7 +583,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
var result = await response.Content.ReadFromJsonAsync<AccessTokenCreationResponseModel>();
Assert.NotNull(result);
Assert.Equal(request.Name, result!.Name);
Assert.Equal(request.Name, result.Name);
Assert.NotNull(result.ClientSecret);
Assert.Equal(mockExpiresAt, result.ExpireAt);
AssertHelper.AssertRecent(result.RevisionDate);
@ -599,7 +595,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
{
@ -623,7 +619,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
var result = await response.Content.ReadFromJsonAsync<AccessTokenCreationResponseModel>();
Assert.NotNull(result);
Assert.Equal(request.Name, result!.Name);
Assert.Equal(request.Name, result.Name);
Assert.NotNull(result.ClientSecret);
Assert.Equal(mockExpiresAt, result.ExpireAt);
AssertHelper.AssertRecent(result.RevisionDate);
@ -635,7 +631,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
{
@ -660,7 +656,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
public async Task CreateAccessToken_ExpireAtNull_Admin()
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
{
@ -681,7 +677,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
var result = await response.Content.ReadFromJsonAsync<AccessTokenCreationResponseModel>();
Assert.NotNull(result);
Assert.Equal(request.Name, result!.Name);
Assert.Equal(request.Name, result.Name);
Assert.NotNull(result.ClientSecret);
Assert.Null(result.ExpireAt);
AssertHelper.AssertRecent(result.RevisionDate);
@ -699,7 +695,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
public async Task RevokeAccessToken_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
{
@ -730,7 +726,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
{
@ -782,12 +778,12 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
if (permissionType == PermissionType.RunAsAdmin)
{
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
}
else
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
await _accessPolicyRepository.CreateManyAsync(new List<BaseAccessPolicy> {
new UserServiceAccountAccessPolicy
@ -847,7 +843,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
private async Task<ServiceAccount> SetupServiceAccountWithAccessAsync(PermissionType permissionType)
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
await _loginHelper.LoginAsync(_email);
var initialServiceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
{
@ -861,7 +857,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
}
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
await _loginHelper.LoginAsync(email);
var accessPolicies = new List<BaseAccessPolicy>
{

1
test/Api.IntegrationTest/SecretsManager/Enums/PermissionType.cs
View File

@ -4,4 +4,5 @@ public enum PermissionType
{
RunAsAdmin,
RunAsUserWithPermission,
RunAsServiceAccountWithPermission,
}

30
test/Api.IntegrationTest/SecretsManager/Helpers/LoginHelper.cs Normal file
View File

@ -0,0 +1,30 @@
using System.Net.Http.Headers;
using Bit.Api.IntegrationTest.Factories;
using Bit.Core.SecretsManager.Models.Data;
namespace Bit.Api.IntegrationTest.SecretsManager.Helpers;
public class LoginHelper
{
private readonly HttpClient _client;
private readonly ApiApplicationFactory _factory;
public LoginHelper(ApiApplicationFactory factory, HttpClient client)
{
_factory = factory;
_client = client;
}
public async Task LoginAsync(string email)
{
var tokens = await _factory.LoginAsync(email);
_client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token);
}
public async Task LoginWithApiKeyAsync(ApiKeyClientSecretDetails apiKeyDetails)
{
var token = await _factory.LoginWithClientSecretAsync(apiKeyDetails.ApiKey.Id, apiKeyDetails.ClientSecret);
_client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
_client.DefaultRequestHeaders.Add("service_account_id", apiKeyDetails.ApiKey.ServiceAccountId.ToString());
}
}

43
test/Api.IntegrationTest/SecretsManager/SecretsManagerOrganizationHelper.cs → test/Api.IntegrationTest/SecretsManager/Helpers/SecretsManagerOrganizationHelper.cs
View File

@ -4,8 +4,12 @@ using Bit.Core.AdminConsole.Entities;
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Repositories;
using Bit.Core.SecretsManager.Commands.AccessTokens.Interfaces;
using Bit.Core.SecretsManager.Entities;
using Bit.Core.SecretsManager.Models.Data;
using Bit.Core.SecretsManager.Repositories;
namespace Bit.Api.IntegrationTest.SecretsManager;
namespace Bit.Api.IntegrationTest.SecretsManager.Helpers;
public class SecretsManagerOrganizationHelper
{
@ -13,17 +17,20 @@ public class SecretsManagerOrganizationHelper
private readonly string _ownerEmail;
private readonly IOrganizationRepository _organizationRepository;
private readonly IOrganizationUserRepository _organizationUserRepository;
private readonly IServiceAccountRepository _serviceAccountRepository;
private readonly ICreateAccessTokenCommand _createAccessTokenCommand;
public Organization _organization = null!;
public OrganizationUser _owner = null!;
private Organization _organization = null!;
private OrganizationUser _owner = null!;
public SecretsManagerOrganizationHelper(ApiApplicationFactory factory, string ownerEmail)
{
_factory = factory;
_organizationRepository = factory.GetService<IOrganizationRepository>();
_organizationUserRepository = factory.GetService<IOrganizationUserRepository>();
_ownerEmail = ownerEmail;
_serviceAccountRepository = factory.GetService<IServiceAccountRepository>();
_createAccessTokenCommand = factory.GetService<ICreateAccessTokenCommand>();
}
public async Task<(Organization organization, OrganizationUser owner)> Initialize(bool useSecrets, bool ownerAccessSecrets, bool organizationEnabled)
@ -58,8 +65,7 @@ public class SecretsManagerOrganizationHelper
{
var email = $"integration-test{Guid.NewGuid()}@bitwarden.com";
await _factory.LoginWithNewAccount(email);
var (organization, owner) =
await OrganizationTestHelpers.SignUpAsync(_factory, ownerEmail: email, billingEmail: email);
var (organization, _) = await OrganizationTestHelpers.SignUpAsync(_factory, ownerEmail: email, billingEmail: email);
return organization;
}
@ -71,4 +77,29 @@ public class SecretsManagerOrganizationHelper
return (email, orgUser);
}
public async Task<ApiKeyClientSecretDetails> CreateNewServiceAccountApiKeyAsync()
{
var serviceAccountId = Guid.NewGuid();
var serviceAccount = new ServiceAccount
{
Id = serviceAccountId,
OrganizationId = _organization.Id,
Name = $"integration-test-{serviceAccountId}sa",
CreationDate = DateTime.UtcNow,
RevisionDate = DateTime.UtcNow
};
await _serviceAccountRepository.CreateAsync(serviceAccount);
var apiKey = new ApiKey
{
ServiceAccountId = serviceAccountId,
Name = "integration-token",
Key = Guid.NewGuid().ToString(),
ExpireAt = null,
Scope = "[\"api.secrets\"]",
EncryptedPayload = Guid.NewGuid().ToString()
};
return await _createAccessTokenCommand.CreateAsync(apiKey);
}
}

19
test/IntegrationTestCommon/Factories/IdentityApplicationFactory.cs
View File

@ -42,4 +42,23 @@ public class IdentityApplicationFactory : WebApplicationFactoryBase<Startup>
return (root.GetProperty("access_token").GetString(), root.GetProperty("refresh_token").GetString());
}
public async Task<string> TokenFromAccessTokenAsync(Guid clientId, string clientSecret,
DeviceType deviceType = DeviceType.SDK)
{
var context = await Server.PostAsync("/connect/token",
new FormUrlEncodedContent(new Dictionary<string, string>
{
{ "scope", "api.secrets" },
{ "client_id", clientId.ToString() },
{ "client_secret", clientSecret },
{ "grant_type", "client_credentials" },
{ "deviceType", ((int)deviceType).ToString() }
}));
using var body = await AssertHelper.AssertResponseTypeIs<JsonDocument>(context);
var root = body.RootElement;
return root.GetProperty("access_token").GetString();
}
}