From aa3d71607f20cc21c30f0fdd37a9cbf94c529219 Mon Sep 17 00:00:00 2001
From: Jimmy Vo <huynhmaivo82@gmail.com>
Date: Fri, 8 Nov 2024 15:02:51 -0500
Subject: [PATCH] PM-13763 Move ResetPasswordEnrolled to response model (#4983)

to adhere to Liskov Substitution Principle. Ensures request models inherit only relevant properties.
---
 .../Public/Models/MemberBaseModel.cs          |  8 +---
 .../Models/Response/MemberResponseModel.cs    |  8 ++++
 .../Response/MemberResponseModelTests.cs      | 41 +++++++++++++++++++
 3 files changed, 50 insertions(+), 7 deletions(-)
 create mode 100644 test/Api.Test/AdminConsole/Public/Models/Response/MemberResponseModelTests.cs

diff --git a/src/Api/AdminConsole/Public/Models/MemberBaseModel.cs b/src/Api/AdminConsole/Public/Models/MemberBaseModel.cs
index 931f63741..c56117ae7 100644
--- a/src/Api/AdminConsole/Public/Models/MemberBaseModel.cs
+++ b/src/Api/AdminConsole/Public/Models/MemberBaseModel.cs
@@ -18,7 +18,6 @@ public abstract class MemberBaseModel
 
         Type = user.Type;
         ExternalId = user.ExternalId;
-        ResetPasswordEnrolled = user.ResetPasswordKey != null;
 
         if (Type == OrganizationUserType.Custom)
         {
@@ -35,7 +34,6 @@ public abstract class MemberBaseModel
 
         Type = user.Type;
         ExternalId = user.ExternalId;
-        ResetPasswordEnrolled = user.ResetPasswordKey != null;
 
         if (Type == OrganizationUserType.Custom)
         {
@@ -55,11 +53,7 @@ public abstract class MemberBaseModel
     /// <example>external_id_123456</example>
     [StringLength(300)]
     public string ExternalId { get; set; }
-    /// <summary>
-    /// Returns <c>true</c> if the member has enrolled in Password Reset assistance within the organization
-    /// </summary>
-    [Required]
-    public bool ResetPasswordEnrolled { get; set; }
+
     /// <summary>
     /// The member's custom permissions if the member has a Custom role. If not supplied, all custom permissions will
     /// default to false.
diff --git a/src/Api/AdminConsole/Public/Models/Response/MemberResponseModel.cs b/src/Api/AdminConsole/Public/Models/Response/MemberResponseModel.cs
index 6f73532ad..ab6ecbca4 100644
--- a/src/Api/AdminConsole/Public/Models/Response/MemberResponseModel.cs
+++ b/src/Api/AdminConsole/Public/Models/Response/MemberResponseModel.cs
@@ -28,6 +28,7 @@ public class MemberResponseModel : MemberBaseModel, IResponseModel
         Email = user.Email;
         Status = user.Status;
         Collections = collections?.Select(c => new AssociationWithPermissionsResponseModel(c));
+        ResetPasswordEnrolled = user.ResetPasswordKey != null;
     }
 
     public MemberResponseModel(OrganizationUserUserDetails user, bool twoFactorEnabled,
@@ -45,6 +46,7 @@ public class MemberResponseModel : MemberBaseModel, IResponseModel
         TwoFactorEnabled = twoFactorEnabled;
         Status = user.Status;
         Collections = collections?.Select(c => new AssociationWithPermissionsResponseModel(c));
+        ResetPasswordEnrolled = user.ResetPasswordKey != null;
     }
 
     /// <summary>
@@ -93,4 +95,10 @@ public class MemberResponseModel : MemberBaseModel, IResponseModel
     /// The associated collections that this member can access.
     /// </summary>
     public IEnumerable<AssociationWithPermissionsResponseModel> Collections { get; set; }
+
+    /// <summary>
+    /// Returns <c>true</c> if the member has enrolled in Password Reset assistance within the organization
+    /// </summary>
+    [Required]
+    public bool ResetPasswordEnrolled { get; }
 }
diff --git a/test/Api.Test/AdminConsole/Public/Models/Response/MemberResponseModelTests.cs b/test/Api.Test/AdminConsole/Public/Models/Response/MemberResponseModelTests.cs
new file mode 100644
index 000000000..a9193258b
--- /dev/null
+++ b/test/Api.Test/AdminConsole/Public/Models/Response/MemberResponseModelTests.cs
@@ -0,0 +1,41 @@
+using Bit.Api.AdminConsole.Public.Models.Response;
+using Bit.Core.Entities;
+using Bit.Core.Models.Data;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Api.Test.AdminConsole.Public.Models.Response;
+
+
+public class MemberResponseModelTests
+{
+    [Fact]
+    public void ResetPasswordEnrolled_ShouldBeTrue_WhenUserHasResetPasswordKey()
+    {
+        // Arrange
+        var user = Substitute.For<OrganizationUser>();
+        var collections = Substitute.For<IEnumerable<CollectionAccessSelection>>();
+        user.ResetPasswordKey = "none-empty";
+
+
+        // Act
+        var sut = new MemberResponseModel(user, collections);
+
+        // Assert
+        Assert.True(sut.ResetPasswordEnrolled);
+    }
+
+    [Fact]
+    public void ResetPasswordEnrolled_ShouldBeFalse_WhenUserDoesNotHaveResetPasswordKey()
+    {
+        // Arrange
+        var user = Substitute.For<OrganizationUser>();
+        var collections = Substitute.For<IEnumerable<CollectionAccessSelection>>();
+
+        // Act
+        var sut = new MemberResponseModel(user, collections);
+
+        // Assert
+        Assert.False(sut.ResetPasswordEnrolled);
+    }
+}