using Bit.Api.SecretsManager.Controllers; using Bit.Api.SecretsManager.Models.Request; using Bit.Core.Context; using Bit.Core.Enums; using Bit.Core.Exceptions; using Bit.Core.SecretsManager.Commands.AccessTokens.Interfaces; using Bit.Core.SecretsManager.Commands.ServiceAccounts.Interfaces; using Bit.Core.SecretsManager.Entities; using Bit.Core.SecretsManager.Repositories; using Bit.Core.Services; using Bit.Test.Common.AutoFixture; using Bit.Test.Common.AutoFixture.Attributes; using Bit.Test.Common.Helpers; using NSubstitute; using NSubstitute.ReturnsExtensions; using Xunit; namespace Bit.Api.Test.SecretsManager.Controllers; [ControllerCustomize(typeof(ServiceAccountsController))] [SutProviderCustomize] [JsonDocumentCustomize] public class ServiceAccountsControllerTests { [Theory] [BitAutoData] public async void GetServiceAccountsByOrganization_ReturnsEmptyList(SutProvider sutProvider, Guid id) { sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid()); var result = await sutProvider.Sut.GetServiceAccountsByOrganizationAsync(id); await sutProvider.GetDependency().Received(1) .GetManyByOrganizationIdAsync(Arg.Is(AssertHelper.AssertPropertyEqual(id)), Arg.Any(), Arg.Any()); Assert.Empty(result.Data); } [Theory] [BitAutoData] public async void GetServiceAccountsByOrganization_Success(SutProvider sutProvider, ServiceAccount resultServiceAccount) { sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid()); sutProvider.GetDependency().GetManyByOrganizationIdAsync(default, default, default).ReturnsForAnyArgs(new List() { resultServiceAccount }); var result = await sutProvider.Sut.GetServiceAccountsByOrganizationAsync(resultServiceAccount.OrganizationId); await sutProvider.GetDependency().Received(1) .GetManyByOrganizationIdAsync(Arg.Is(AssertHelper.AssertPropertyEqual(resultServiceAccount.OrganizationId)), Arg.Any(), Arg.Any()); Assert.NotEmpty(result.Data); Assert.Single(result.Data); } [Theory] [BitAutoData] public async void CreateServiceAccount_Success(SutProvider sutProvider, ServiceAccountCreateRequestModel data, Guid organizationId) { sutProvider.GetDependency().OrganizationUser(default).ReturnsForAnyArgs(true); var resultServiceAccount = data.ToServiceAccount(organizationId); sutProvider.GetDependency().CreateAsync(default).ReturnsForAnyArgs(resultServiceAccount); var result = await sutProvider.Sut.CreateServiceAccountAsync(organizationId, data); await sutProvider.GetDependency().Received(1) .CreateAsync(Arg.Any()); } [Theory] [BitAutoData] public async void CreateServiceAccount_NotOrgUser_Throws(SutProvider sutProvider, ServiceAccountCreateRequestModel data, Guid organizationId) { sutProvider.GetDependency().OrganizationUser(default).ReturnsForAnyArgs(false); var resultServiceAccount = data.ToServiceAccount(organizationId); sutProvider.GetDependency().CreateAsync(default).ReturnsForAnyArgs(resultServiceAccount); await Assert.ThrowsAsync(() => sutProvider.Sut.CreateServiceAccountAsync(organizationId, data)); await sutProvider.GetDependency().DidNotReceiveWithAnyArgs().CreateAsync(Arg.Any()); } [Theory] [BitAutoData] public async void UpdateServiceAccount_Success(SutProvider sutProvider, ServiceAccountUpdateRequestModel data, Guid serviceAccountId) { sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid()); var resultServiceAccount = data.ToServiceAccount(serviceAccountId); sutProvider.GetDependency().UpdateAsync(default, default).ReturnsForAnyArgs(resultServiceAccount); var result = await sutProvider.Sut.UpdateServiceAccountAsync(serviceAccountId, data); await sutProvider.GetDependency().Received(1) .UpdateAsync(Arg.Any(), Arg.Any()); } [Theory] [BitAutoData] public async void CreateAccessToken_Success(SutProvider sutProvider, AccessTokenCreateRequestModel data, Guid serviceAccountId) { sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid()); var resultAccessToken = data.ToApiKey(serviceAccountId); sutProvider.GetDependency().CreateAsync(default, default).ReturnsForAnyArgs(resultAccessToken); var result = await sutProvider.Sut.CreateAccessTokenAsync(serviceAccountId, data); await sutProvider.GetDependency().Received(1) .CreateAsync(Arg.Any(), Arg.Any()); } [Theory] [BitAutoData] public async void GetAccessTokens_NoServiceAccount_ThrowsNotFound(SutProvider sutProvider, Guid serviceAccountId) { sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid()); sutProvider.GetDependency().GetByIdAsync(default).ReturnsNull(); await Assert.ThrowsAsync(() => sutProvider.Sut.GetAccessTokens(serviceAccountId)); await sutProvider.GetDependency().DidNotReceiveWithAnyArgs().GetManyByServiceAccountIdAsync(Arg.Any()); } [Theory] [BitAutoData] public async void GetAccessTokens_Admin_Success(SutProvider sutProvider, ServiceAccount data, Guid userId, ICollection resultApiKeys) { sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); sutProvider.GetDependency().OrganizationAdmin(data.OrganizationId).Returns(true); sutProvider.GetDependency().GetByIdAsync(default).ReturnsForAnyArgs(data); foreach (var apiKey in resultApiKeys) { apiKey.Scope = "[\"api.secrets\"]"; } sutProvider.GetDependency().GetManyByServiceAccountIdAsync(default).ReturnsForAnyArgs(resultApiKeys); var result = await sutProvider.Sut.GetAccessTokens(data.Id); await sutProvider.GetDependency().Received(1).GetManyByServiceAccountIdAsync(Arg.Any()); Assert.NotEmpty(result.Data); Assert.Equal(resultApiKeys.Count, result.Data.Count()); } [Theory] [BitAutoData] public async void GetAccessTokens_User_Success(SutProvider sutProvider, ServiceAccount data, Guid userId, ICollection resultApiKeys) { sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); sutProvider.GetDependency().OrganizationAdmin(data.OrganizationId).Returns(false); sutProvider.GetDependency().UserHasReadAccessToServiceAccount(default, default).ReturnsForAnyArgs(true); sutProvider.GetDependency().GetByIdAsync(default).ReturnsForAnyArgs(data); foreach (var apiKey in resultApiKeys) { apiKey.Scope = "[\"api.secrets\"]"; } sutProvider.GetDependency().GetManyByServiceAccountIdAsync(default).ReturnsForAnyArgs(resultApiKeys); var result = await sutProvider.Sut.GetAccessTokens(data.Id); await sutProvider.GetDependency().Received(1).GetManyByServiceAccountIdAsync(Arg.Any()); Assert.NotEmpty(result.Data); Assert.Equal(resultApiKeys.Count, result.Data.Count()); } [Theory] [BitAutoData] public async void GetAccessTokens_UserNoAccess_ThrowsNotFound(SutProvider sutProvider, ServiceAccount data, Guid userId, ICollection resultApiKeys) { sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); sutProvider.GetDependency().OrganizationAdmin(data.OrganizationId).Returns(false); sutProvider.GetDependency().UserHasReadAccessToServiceAccount(default, default).ReturnsForAnyArgs(false); sutProvider.GetDependency().GetByIdAsync(default).ReturnsForAnyArgs(data); foreach (var apiKey in resultApiKeys) { apiKey.Scope = "[\"api.secrets\"]"; } sutProvider.GetDependency().GetManyByServiceAccountIdAsync(default).ReturnsForAnyArgs(resultApiKeys); await Assert.ThrowsAsync(() => sutProvider.Sut.GetAccessTokens(data.Id)); await sutProvider.GetDependency().DidNotReceiveWithAnyArgs().GetManyByServiceAccountIdAsync(Arg.Any()); } }