using System.Security.Claims; using Bit.Api.SecretsManager.Controllers; using Bit.Api.SecretsManager.Models.Request; using Bit.Api.Test.SecretsManager.Enums; using Bit.Core.Context; using Bit.Core.Enums; using Bit.Core.Exceptions; using Bit.Core.SecretsManager.Commands.Projects.Interfaces; using Bit.Core.SecretsManager.Entities; using Bit.Core.SecretsManager.Models.Data; using Bit.Core.SecretsManager.Repositories; using Bit.Core.Services; using Bit.Core.Test.SecretsManager.AutoFixture.ProjectsFixture; using Bit.Test.Common.AutoFixture; using Bit.Test.Common.AutoFixture.Attributes; using Bit.Test.Common.Helpers; using Microsoft.AspNetCore.Authorization; using NSubstitute; using Xunit; namespace Bit.Api.Test.SecretsManager.Controllers; [ControllerCustomize(typeof(ProjectsController))] [SutProviderCustomize] [ProjectCustomize] [JsonDocumentCustomize] public class ProjectsControllerTests { private static void SetupAdmin(SutProvider sutProvider, Guid organizationId) { sutProvider.GetDependency().AccessSecretsManager(default).ReturnsForAnyArgs(true); sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid()); sutProvider.GetDependency().OrganizationAdmin(organizationId).Returns(true); } private static void SetupUserWithPermission(SutProvider sutProvider, Guid organizationId) { sutProvider.GetDependency().AccessSecretsManager(default).ReturnsForAnyArgs(true); sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid()); sutProvider.GetDependency().OrganizationAdmin(organizationId).Returns(false); sutProvider.GetDependency().OrganizationUser(default).ReturnsForAnyArgs(true); } [Theory] [BitAutoData] public async void ListByOrganization_SmNotEnabled_Throws(SutProvider sutProvider, Guid data) { sutProvider.GetDependency().AccessSecretsManager(data).Returns(false); await Assert.ThrowsAsync(() => sutProvider.Sut.ListByOrganizationAsync(data)); } [Theory] [BitAutoData(PermissionType.RunAsAdmin)] [BitAutoData(PermissionType.RunAsUserWithPermission)] public async void ListByOrganization_ReturnsEmptyList(PermissionType permissionType, SutProvider sutProvider, Guid data) { switch (permissionType) { case PermissionType.RunAsAdmin: SetupAdmin(sutProvider, data); break; case PermissionType.RunAsUserWithPermission: SetupUserWithPermission(sutProvider, data); break; } var result = await sutProvider.Sut.ListByOrganizationAsync(data); await sutProvider.GetDependency().Received(1) .GetManyByOrganizationIdAsync(Arg.Is(AssertHelper.AssertPropertyEqual(data)), Arg.Any(), Arg.Any()); Assert.Empty(result.Data); } [Theory] [BitAutoData(PermissionType.RunAsAdmin)] [BitAutoData(PermissionType.RunAsUserWithPermission)] public async void ListByOrganization_Success(PermissionType permissionType, SutProvider sutProvider, Guid data, Project mockProject) { switch (permissionType) { case PermissionType.RunAsAdmin: SetupAdmin(sutProvider, data); break; case PermissionType.RunAsUserWithPermission: SetupUserWithPermission(sutProvider, data); break; } sutProvider.GetDependency().GetManyByOrganizationIdAsync(default, default, default) .ReturnsForAnyArgs(new List { new() { Project = mockProject, Read = true, Write = true } }); var result = await sutProvider.Sut.ListByOrganizationAsync(data); await sutProvider.GetDependency().Received(1) .GetManyByOrganizationIdAsync(Arg.Is(AssertHelper.AssertPropertyEqual(data)), Arg.Any(), Arg.Any()); Assert.NotEmpty(result.Data); Assert.Single(result.Data); } [Theory] [BitAutoData] public async void Create_NoAccess_Throws(SutProvider sutProvider, Guid orgId, ProjectCreateRequestModel data) { sutProvider.GetDependency() .AuthorizeAsync(Arg.Any(), data.ToProject(orgId), Arg.Any>()).ReturnsForAnyArgs(AuthorizationResult.Failed()); sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid()); var resultProject = data.ToProject(orgId); sutProvider.GetDependency().CreateAsync(default, default) .ReturnsForAnyArgs(resultProject); await Assert.ThrowsAsync(() => sutProvider.Sut.CreateAsync(orgId, data)); await sutProvider.GetDependency().DidNotReceiveWithAnyArgs() .CreateAsync(Arg.Any(), Arg.Any()); } [Theory] [BitAutoData] public async void Create_Success(SutProvider sutProvider, Guid orgId, ProjectCreateRequestModel data) { sutProvider.GetDependency() .AuthorizeAsync(Arg.Any(), data.ToProject(orgId), Arg.Any>()).ReturnsForAnyArgs(AuthorizationResult.Success()); sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid()); var resultProject = data.ToProject(orgId); sutProvider.GetDependency().CreateAsync(default, default) .ReturnsForAnyArgs(resultProject); await sutProvider.Sut.CreateAsync(orgId, data); await sutProvider.GetDependency().Received(1) .CreateAsync(Arg.Any(), Arg.Any()); } [Theory] [BitAutoData] public async void Update_NoAccess_Throws(SutProvider sutProvider, Guid userId, ProjectUpdateRequestModel data, Project existingProject) { sutProvider.GetDependency() .AuthorizeAsync(Arg.Any(), data.ToProject(existingProject.Id), Arg.Any>()).ReturnsForAnyArgs(AuthorizationResult.Failed()); sutProvider.GetDependency().GetByIdAsync(existingProject.Id).ReturnsForAnyArgs(existingProject); sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); var resultProject = data.ToProject(existingProject.Id); sutProvider.GetDependency().UpdateAsync(default) .ReturnsForAnyArgs(resultProject); await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateAsync(existingProject.Id, data)); await sutProvider.GetDependency().DidNotReceiveWithAnyArgs() .UpdateAsync(Arg.Any()); } [Theory] [BitAutoData] public async void Update_Success(SutProvider sutProvider, Guid userId, ProjectUpdateRequestModel data, Project existingProject) { sutProvider.GetDependency() .AuthorizeAsync(Arg.Any(), data.ToProject(existingProject.Id), Arg.Any>()).ReturnsForAnyArgs(AuthorizationResult.Success()); sutProvider.GetDependency().GetByIdAsync(existingProject.Id).ReturnsForAnyArgs(existingProject); sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); var resultProject = data.ToProject(existingProject.Id); sutProvider.GetDependency().UpdateAsync(default) .ReturnsForAnyArgs(resultProject); await sutProvider.Sut.UpdateAsync(existingProject.Id, data); await sutProvider.GetDependency().Received(1) .UpdateAsync(Arg.Any()); } [Theory] [BitAutoData] public async void Get_SmNotEnabled_Throws(SutProvider sutProvider, Guid data, Guid orgId) { SetupAdmin(sutProvider, orgId); sutProvider.GetDependency().AccessSecretsManager(orgId).Returns(false); await Assert.ThrowsAsync(() => sutProvider.Sut.GetAsync(data)); } [Theory] [BitAutoData] public async void Get_ThrowsNotFound(SutProvider sutProvider, Guid data, Guid orgId) { SetupAdmin(sutProvider, orgId); await Assert.ThrowsAsync(() => sutProvider.Sut.GetAsync(data)); } [Theory] [BitAutoData(PermissionType.RunAsAdmin)] [BitAutoData(PermissionType.RunAsUserWithPermission)] public async void Get_Success(PermissionType permissionType, SutProvider sutProvider, Guid orgId, Guid data) { switch (permissionType) { case PermissionType.RunAsAdmin: SetupAdmin(sutProvider, orgId); break; case PermissionType.RunAsUserWithPermission: SetupUserWithPermission(sutProvider, orgId); sutProvider.GetDependency().AccessToProjectAsync(default, default, default) .Returns((true, true)); break; } sutProvider.GetDependency().GetByIdAsync(Arg.Is(data)) .ReturnsForAnyArgs(new Project { Id = data, OrganizationId = orgId }); sutProvider.GetDependency().AccessToProjectAsync(default, default, default) .ReturnsForAnyArgs((true, false)); await sutProvider.Sut.GetAsync(data); await sutProvider.GetDependency().Received(1) .GetByIdAsync(Arg.Is(data)); } [Theory] [BitAutoData] public async void Get_UserWithoutPermission_Throws(SutProvider sutProvider, Guid orgId, Guid data) { SetupUserWithPermission(sutProvider, orgId); sutProvider.GetDependency().AccessToProjectAsync(default, default, default) .Returns((false, false)); sutProvider.GetDependency().GetByIdAsync(Arg.Is(data)) .ReturnsForAnyArgs(new Project { Id = data, OrganizationId = orgId }); await Assert.ThrowsAsync(() => sutProvider.Sut.GetAsync(data)); } [Theory] [BitAutoData] public async void BulkDeleteProjects_Success(SutProvider sutProvider, List data) { sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid()); var ids = data.Select(project => project.Id).ToList(); var mockResult = data.Select(project => new Tuple(project, "")).ToList(); sutProvider.GetDependency().DeleteProjects(ids, default).ReturnsForAnyArgs(mockResult); var results = await sutProvider.Sut.BulkDeleteAsync(ids); await sutProvider.GetDependency().Received(1) .DeleteProjects(Arg.Is(ids), Arg.Any()); Assert.Equal(data.Count, results.Data.Count()); } [Theory] [BitAutoData] public async void BulkDeleteProjects_NoGuids_ThrowsArgumentNullException( SutProvider sutProvider) { sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid()); await Assert.ThrowsAsync(() => sutProvider.Sut.BulkDeleteAsync(new List())); } }