mirror of
https://github.com/bitwarden/server.git
synced 2024-11-28 13:15:12 +01:00
88dd745070
* [PM-1188] add sso project to auth * [PM-1188] move sso api models to auth * [PM-1188] fix sso api model namespace & imports * [PM-1188] move core files to auth * [PM-1188] fix core sso namespace & models * [PM-1188] move sso repository files to auth * [PM-1188] fix sso repo files namespace & imports * [PM-1188] move sso sql files to auth folder * [PM-1188] move sso test files to auth folders * [PM-1188] fix sso tests namespace & imports * [PM-1188] move auth api files to auth folder * [PM-1188] fix auth api files namespace & imports * [PM-1188] move auth core files to auth folder * [PM-1188] fix auth core files namespace & imports * [PM-1188] move auth email templates to auth folder * [PM-1188] move auth email folder back into shared directory * [PM-1188] fix auth email names * [PM-1188] move auth core models to auth folder * [PM-1188] fix auth model namespace & imports * [PM-1188] add entire Identity project to auth codeowners * [PM-1188] fix auth orm files namespace & imports * [PM-1188] move auth orm files to auth folder * [PM-1188] move auth sql files to auth folder * [PM-1188] move auth tests to auth folder * [PM-1188] fix auth test files namespace & imports * [PM-1188] move emergency access api files to auth folder * [PM-1188] fix emergencyaccess api files namespace & imports * [PM-1188] move emergency access core files to auth folder * [PM-1188] fix emergency access core files namespace & imports * [PM-1188] move emergency access orm files to auth folder * [PM-1188] fix emergency access orm files namespace & imports * [PM-1188] move emergency access sql files to auth folder * [PM-1188] move emergencyaccess test files to auth folder * [PM-1188] fix emergency access test files namespace & imports * [PM-1188] move captcha files to auth folder * [PM-1188] fix captcha files namespace & imports * [PM-1188] move auth admin files into auth folder * [PM-1188] fix admin auth files namespace & imports - configure mvc to look in auth folders for views * [PM-1188] remove extra imports and formatting * [PM-1188] fix ef auth model imports * [PM-1188] fix DatabaseContextModelSnapshot paths * [PM-1188] fix grant import in ef * [PM-1188] update sqlproj * [PM-1188] move missed sqlproj files * [PM-1188] move auth ef models out of auth folder * [PM-1188] fix auth ef models namespace * [PM-1188] remove auth ef models unused imports * [PM-1188] fix imports for auth ef models * [PM-1188] fix more ef model imports * [PM-1188] fix file encodings
381 lines
16 KiB
C#
381 lines
16 KiB
C#
using Bit.Core.Auth.Entities;
|
|
using Bit.Core.Auth.Models.Data;
|
|
using Bit.Core.Entities;
|
|
using Bit.Core.Enums;
|
|
using Bit.Core.Models.Business;
|
|
using Bit.Core.Models.Data.Organizations;
|
|
using Bit.Core.Models.OrganizationConnectionConfigs;
|
|
using Bit.Core.Test.AutoFixture;
|
|
using Bit.Test.Common.AutoFixture.Attributes;
|
|
using Xunit;
|
|
|
|
namespace Bit.Core.Test.Models.Data;
|
|
|
|
public class SelfHostedOrganizationDetailsTests
|
|
{
|
|
[Theory]
|
|
[BitAutoData]
|
|
[OrganizationLicenseCustomize]
|
|
public async Task ValidateForOrganization_Success(List<OrganizationUser> orgUsers,
|
|
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
|
|
{
|
|
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
|
|
|
|
var result = orgDetails.CanUseLicense(license, out var exception);
|
|
|
|
Assert.True(result);
|
|
Assert.True(string.IsNullOrEmpty(exception));
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
[OrganizationLicenseCustomize]
|
|
public async Task ValidateForOrganization_OccupiedSeatCount_ExceedsLicense_Fail(List<OrganizationUser> orgUsers,
|
|
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
|
|
{
|
|
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
|
|
orgLicense.Seats = 1;
|
|
|
|
var result = orgDetails.CanUseLicense(license, out var exception);
|
|
|
|
Assert.False(result);
|
|
Assert.Contains("Remove some users", exception);
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
[OrganizationLicenseCustomize]
|
|
public async Task ValidateForOrganization_MaxCollections_ExceedsLicense_Fail(List<OrganizationUser> orgUsers,
|
|
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
|
|
{
|
|
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
|
|
orgLicense.MaxCollections = 1;
|
|
|
|
var result = orgDetails.CanUseLicense(license, out var exception);
|
|
|
|
Assert.False(result);
|
|
Assert.Contains("Remove some collections", exception);
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
[OrganizationLicenseCustomize]
|
|
public async Task ValidateForOrganization_Groups_NotAllowedByLicense_Fail(List<OrganizationUser> orgUsers,
|
|
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
|
|
{
|
|
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
|
|
orgLicense.UseGroups = false;
|
|
|
|
var result = orgDetails.CanUseLicense(license, out var exception);
|
|
|
|
Assert.False(result);
|
|
Assert.Contains("Your new license does not allow for the use of groups", exception);
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
[OrganizationLicenseCustomize]
|
|
public async Task ValidateForOrganization_Policies_NotAllowedByLicense_Fail(List<OrganizationUser> orgUsers,
|
|
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
|
|
{
|
|
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
|
|
orgLicense.UsePolicies = false;
|
|
|
|
var result = orgDetails.CanUseLicense(license, out var exception);
|
|
|
|
Assert.False(result);
|
|
Assert.Contains("Your new license does not allow for the use of policies", exception);
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
[OrganizationLicenseCustomize]
|
|
public async Task ValidateForOrganization_DisabledPolicies_NotAllowedByLicense_Success(List<OrganizationUser> orgUsers,
|
|
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
|
|
{
|
|
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
|
|
orgLicense.UsePolicies = false;
|
|
((List<Policy>)orgDetails.Policies).ForEach(p => p.Enabled = false);
|
|
|
|
var result = orgDetails.CanUseLicense(license, out var exception);
|
|
|
|
Assert.True(result);
|
|
Assert.True(string.IsNullOrEmpty(exception));
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
[OrganizationLicenseCustomize]
|
|
public async Task ValidateForOrganization_Sso_NotAllowedByLicense_Fail(List<OrganizationUser> orgUsers,
|
|
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
|
|
{
|
|
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
|
|
orgLicense.UseSso = false;
|
|
|
|
var result = orgDetails.CanUseLicense(license, out var exception);
|
|
|
|
Assert.False(result);
|
|
Assert.Contains("Your new license does not allow for the use of SSO", exception);
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
[OrganizationLicenseCustomize]
|
|
public async Task ValidateForOrganization_DisabledSso_NotAllowedByLicense_Success(List<OrganizationUser> orgUsers,
|
|
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
|
|
{
|
|
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
|
|
orgLicense.UseSso = false;
|
|
orgDetails.SsoConfig.Enabled = false;
|
|
|
|
var result = orgDetails.CanUseLicense(license, out var exception);
|
|
|
|
Assert.True(result);
|
|
Assert.True(string.IsNullOrEmpty(exception));
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
[OrganizationLicenseCustomize]
|
|
public async Task ValidateForOrganization_NoSso_NotAllowedByLicense_Success(List<OrganizationUser> orgUsers,
|
|
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
|
|
{
|
|
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
|
|
orgLicense.UseSso = false;
|
|
orgDetails.SsoConfig = null;
|
|
|
|
var result = orgDetails.CanUseLicense(license, out var exception);
|
|
|
|
Assert.True(result);
|
|
Assert.True(string.IsNullOrEmpty(exception));
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
[OrganizationLicenseCustomize]
|
|
public async Task ValidateForOrganization_KeyConnector_NotAllowedByLicense_Fail(List<OrganizationUser> orgUsers,
|
|
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
|
|
{
|
|
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
|
|
orgLicense.UseKeyConnector = false;
|
|
|
|
var result = orgDetails.CanUseLicense(license, out var exception);
|
|
|
|
Assert.False(result);
|
|
Assert.Contains("Your new license does not allow for the use of Key Connector", exception);
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
[OrganizationLicenseCustomize]
|
|
public async Task ValidateForOrganization_DisabledKeyConnector_NotAllowedByLicense_Success(List<OrganizationUser> orgUsers,
|
|
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
|
|
{
|
|
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
|
|
orgLicense.UseKeyConnector = false;
|
|
orgDetails.SsoConfig.SetData(new SsoConfigurationData() { KeyConnectorEnabled = false });
|
|
|
|
var result = orgDetails.CanUseLicense(license, out var exception);
|
|
|
|
Assert.True(result);
|
|
Assert.True(string.IsNullOrEmpty(exception));
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
[OrganizationLicenseCustomize]
|
|
public async Task ValidateForOrganization_NoSsoKeyConnector_NotAllowedByLicense_Success(List<OrganizationUser> orgUsers,
|
|
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
|
|
{
|
|
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
|
|
orgLicense.UseKeyConnector = false;
|
|
orgDetails.SsoConfig = null;
|
|
|
|
var result = orgDetails.CanUseLicense(license, out var exception);
|
|
|
|
Assert.True(result);
|
|
Assert.True(string.IsNullOrEmpty(exception));
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
[OrganizationLicenseCustomize]
|
|
public async Task ValidateForOrganization_Scim_NotAllowedByLicense_Fail(List<OrganizationUser> orgUsers,
|
|
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
|
|
{
|
|
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
|
|
orgLicense.UseScim = false;
|
|
|
|
var result = orgDetails.CanUseLicense(license, out var exception);
|
|
|
|
Assert.False(result);
|
|
Assert.Contains("Your new plan does not allow the SCIM feature", exception);
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
[OrganizationLicenseCustomize]
|
|
public async Task ValidateForOrganization_DisabledScim_NotAllowedByLicense_Success(List<OrganizationUser> orgUsers,
|
|
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
|
|
{
|
|
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
|
|
orgLicense.UseScim = false;
|
|
((List<OrganizationConnection<ScimConfig>>)orgDetails.ScimConnections)
|
|
.ForEach(c => c.SetConfig(new ScimConfig() { Enabled = false }));
|
|
|
|
var result = orgDetails.CanUseLicense(license, out var exception);
|
|
|
|
Assert.True(result);
|
|
Assert.True(string.IsNullOrEmpty(exception));
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
[OrganizationLicenseCustomize]
|
|
public async Task ValidateForOrganization_NoScimConfig_NotAllowedByLicense_Success(List<OrganizationUser> orgUsers,
|
|
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
|
|
{
|
|
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
|
|
orgLicense.UseScim = false;
|
|
orgDetails.ScimConnections = null;
|
|
|
|
var result = orgDetails.CanUseLicense(license, out var exception);
|
|
|
|
Assert.True(result);
|
|
Assert.True(string.IsNullOrEmpty(exception));
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
[OrganizationLicenseCustomize]
|
|
public async Task ValidateForOrganization_CustomPermissions_NotAllowedByLicense_Fail(List<OrganizationUser> orgUsers,
|
|
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
|
|
{
|
|
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
|
|
orgLicense.UseCustomPermissions = false;
|
|
|
|
var result = orgDetails.CanUseLicense(license, out var exception);
|
|
|
|
Assert.False(result);
|
|
Assert.Contains("Your new plan does not allow the Custom Permissions feature", exception);
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
[OrganizationLicenseCustomize]
|
|
public async Task ValidateForOrganization_NoCustomPermissions_NotAllowedByLicense_Success(List<OrganizationUser> orgUsers,
|
|
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
|
|
{
|
|
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
|
|
orgLicense.UseCustomPermissions = false;
|
|
((List<OrganizationUser>)orgDetails.OrganizationUsers).ForEach(ou => ou.Type = OrganizationUserType.User);
|
|
|
|
var result = orgDetails.CanUseLicense(license, out var exception);
|
|
|
|
Assert.True(result);
|
|
Assert.True(string.IsNullOrEmpty(exception));
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
[OrganizationLicenseCustomize]
|
|
public async Task ValidateForOrganization_ResetPassword_NotAllowedByLicense_Fail(List<OrganizationUser> orgUsers,
|
|
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
|
|
{
|
|
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
|
|
orgLicense.UseResetPassword = false;
|
|
|
|
var result = orgDetails.CanUseLicense(license, out var exception);
|
|
|
|
Assert.False(result);
|
|
Assert.Contains("Your new license does not allow the Password Reset feature", exception);
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
[OrganizationLicenseCustomize]
|
|
public async Task ValidateForOrganization_DisabledResetPassword_NotAllowedByLicense_Success(List<OrganizationUser> orgUsers,
|
|
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
|
|
{
|
|
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
|
|
orgLicense.UseResetPassword = false;
|
|
((List<Policy>)orgDetails.Policies).ForEach(p => p.Enabled = false);
|
|
|
|
var result = orgDetails.CanUseLicense(license, out var exception);
|
|
|
|
Assert.True(result);
|
|
Assert.True(string.IsNullOrEmpty(exception));
|
|
}
|
|
|
|
private (SelfHostedOrganizationDetails organization, OrganizationLicense license) GetOrganizationAndLicense(List<OrganizationUser> orgUsers,
|
|
List<Policy> policies, SsoConfig ssoConfig, List<OrganizationConnection<ScimConfig>> scimConnections, OrganizationLicense license)
|
|
{
|
|
// The default state is that all features are used by Org and allowed by License
|
|
// Each test then toggles on/off as necessary
|
|
policies.ForEach(p => p.Enabled = true);
|
|
policies.First().Type = PolicyType.ResetPassword;
|
|
|
|
ssoConfig.Enabled = true;
|
|
ssoConfig.SetData(new SsoConfigurationData()
|
|
{
|
|
KeyConnectorEnabled = true
|
|
});
|
|
|
|
var enabledScimConfig = new ScimConfig() { Enabled = true };
|
|
scimConnections.ForEach(c => c.Config = enabledScimConfig);
|
|
|
|
orgUsers.First().Type = OrganizationUserType.Custom;
|
|
|
|
var organization = new SelfHostedOrganizationDetails()
|
|
{
|
|
OccupiedSeatCount = 10,
|
|
CollectionCount = 5,
|
|
GroupCount = 5,
|
|
OrganizationUsers = orgUsers,
|
|
Policies = policies,
|
|
SsoConfig = ssoConfig,
|
|
ScimConnections = scimConnections,
|
|
|
|
UsePolicies = true,
|
|
UseSso = true,
|
|
UseKeyConnector = true,
|
|
UseScim = true,
|
|
UseGroups = true,
|
|
UseDirectory = true,
|
|
UseEvents = true,
|
|
UseTotp = true,
|
|
Use2fa = true,
|
|
UseApi = true,
|
|
UseResetPassword = true,
|
|
SelfHost = true,
|
|
UsersGetPremium = true,
|
|
UseCustomPermissions = true,
|
|
};
|
|
|
|
license.Enabled = true;
|
|
license.PlanType = PlanType.EnterpriseAnnually;
|
|
license.Seats = 10;
|
|
license.MaxCollections = 5;
|
|
license.UsePolicies = true;
|
|
license.UseSso = true;
|
|
license.UseKeyConnector = true;
|
|
license.UseScim = true;
|
|
license.UseGroups = true;
|
|
license.UseEvents = true;
|
|
license.UseDirectory = true;
|
|
license.UseTotp = true;
|
|
license.Use2fa = true;
|
|
license.UseApi = true;
|
|
license.UseResetPassword = true;
|
|
license.MaxStorageGb = 1;
|
|
license.SelfHost = true;
|
|
license.UsersGetPremium = true;
|
|
license.UseCustomPermissions = true;
|
|
license.Version = 11;
|
|
license.Issued = DateTime.Now;
|
|
license.Expires = DateTime.Now.AddYears(1);
|
|
|
|
return (organization, license);
|
|
}
|
|
}
|