mirror of
https://github.com/bitwarden/server.git
synced 2024-12-04 14:13:28 +01:00
3573aee2ef
* [AC-1423] Add AddonProduct and BitwardenProduct properties to BillingSubscriptionItem (#3037)
* [AC-1423] Add AddonProduct and BitwardenProduct properties to BillingSubscriptionItem
- Add a helper method to determine the appropriate addon type based on the subscription items StripeId
* [AC-1423] Add helper to StaticStore.cs to find a Plan by StripePlanId
* [AC-1423] Use the helper method to set SubscriptionInfo.BitwardenProduct
* Add SecretsManagerBilling feature flag to Constants
* [AC 1409] Secrets Manager Subscription Stripe Integration (#3019)
* Adding the Secret manager to the Plan List
* Adding the unit test for the StaticStoreTests class
* Fix whitespace formatting
* Fix whitespace formatting
* Price update
* Resolving the PR comments
* Resolving PR comments
* Fixing the whitespace
* only password manager plans are return for now
* format whitespace
* Resolve the test issue
* Fixing the failing test
* Refactoring the Plan separation
* add a unit test for SingleOrDefault
* Fix the whitespace format
* Separate the PM and SM plans
* Fixing the whitespace
* Remove unnecessary directive
* Fix imports ordering
* Fix imports ordering
* Resolve imports ordering
* Fixing imports ordering
* Fix response model, add MaxProjects
* Fix filename
* Fix format
* Fix: seat price should match annual/monthly
* Fix service account annual pricing
* Changes for secret manager signup and upgradeplan
* Changes for secrets manager signup and upgrade
* refactoring the code
* Format whitespace
* remove unnecessary using directive
* Resolve the PR comment on Subscription creation
* Resolve PR comment
* Add password manager to the error message
* Add UseSecretsManager to the event log
* Resolve PR comment on plan validation
* Resolving pr comments for service account count
* Resolving pr comments for service account count
* Resolve the pr comments
* Remove the store procedure that is no-longer needed
* Rename a property properly
* Resolving the PR comment
* Resolve PR comments
* Resolving PR comments
* Resolving the Pr comments
* Resolving some PR comments
* Resolving the PR comments
* Resolving the build identity build
* Add additional Validation
* Resolve the Lint issues
* remove unnecessary using directive
* Remove the white spaces
* Adding unit test for the stripe payment
* Remove the incomplete test
* Fixing the failing test
* Fix the failing test
* Fix the fail test on organization service
* Fix the failing unit test
* Fix the whitespace format
* Fix the failing test
* Fix the whitespace format
* resolve pr comments
* Fix the lint message
* Resolve the PR comments
* resolve pr comments
* Resolve pr comments
* Resolve the pr comments
* remove unused code
* Added for sm validation test
* Fix the whitespace format issues
---------
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* SM-802: Add SecretsManagerBetaColumn SQL migration and Org table update
* SM-802: Run EF Migrations for SecretsManagerBeta
* SM-802: Update the two Org procs and View, and move data migration to a separate file
* SM-802: Add missing comma to Organization_Create
* [AC-1418] Add missing SecretsManagerPlan property to OrganizationResponseModel (#3055)
* SM-802: Remove extra GO statement from data migration script
* [AC 1460] Update Stripe Configuration (#3070)
* change the stripeseat id
* change service accountId to align with new product
* make all the Id name for consistent
* SM-802: Add SecretsManagerBeta to OrganizationResponseModel
* SM-802: Move SecretsManagerBeta from OrganizationResponseModel to OrganizationSubscriptionResponseModel. Use sp_refreshview instead of sp_refreshsqlmodule in the migration script.
* SM-802: Remove OrganizationUserOrganizationDetailsView.sql changes
* [AC 1410] Secrets Manager subscription adjustment back-end changes (#3036)
* Create UpgradeSecretsManagerSubscription command
---------
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
* SM-802: Remove SecretsManagerBetaColumn migration
* SM-802: Add SecretsManagerBetaColumn migration
* SM-802: Remove OrganizationUserOrganizationDetailsView update
* [AC-1495] Extract UpgradePlanAsync into a command (#3081)
* This is a pure lift & shift with no refactors
* Only register subscription commands in Api
---------
Co-authored-by: cyprain-okeke <cokeke@bitwarden.com>
* [AC-1503] Fix Stripe integration on organization upgrade (#3084)
* Fix SM parameters not being passed to Stripe
* Fix flaky test
* Fix error message
* [AC-1504] Allow SM max autoscale limits to be disabled (#3085)
* [AC-1488] Changed SM Signup and Upgrade paths to set SmServiceAccounts to include the plan BaseServiceAccount (#3086)
* [AC-1510] Enable access to Secrets Manager to Organization owner for new Subscription (#3089)
* Revert changes to ReferenceEvent code (#3091)
* Revert changes to ReferenceEvent code
This will be done in AC-1481
* Revert ReferenceEventType change
* Move NoopServiceAccountRepository to SM and update namespace
* [AC-1462] Add secrets manager service accounts autoscaling commands (#3059)
* Adding the Secret manager to the Plan List
* Adding the unit test for the StaticStoreTests class
* Fix whitespace formatting
* Fix whitespace formatting
* Price update
* Resolving the PR comments
* Resolving PR comments
* Fixing the whitespace
* only password manager plans are return for now
* format whitespace
* Resolve the test issue
* Fixing the failing test
* Refactoring the Plan separation
* add a unit test for SingleOrDefault
* Fix the whitespace format
* Separate the PM and SM plans
* Fixing the whitespace
* Remove unnecessary directive
* Fix imports ordering
* Fix imports ordering
* Resolve imports ordering
* Fixing imports ordering
* Fix response model, add MaxProjects
* Fix filename
* Fix format
* Fix: seat price should match annual/monthly
* Fix service account annual pricing
* Changes for secret manager signup and upgradeplan
* Changes for secrets manager signup and upgrade
* refactoring the code
* Format whitespace
* remove unnecessary using directive
* Changes for subscription Update
* Update the seatAdjustment and update
* Resolve the PR comment on Subscription creation
* Resolve PR comment
* Add password manager to the error message
* Add UseSecretsManager to the event log
* Resolve PR comment on plan validation
* Resolving pr comments for service account count
* Resolving pr comments for service account count
* Resolve the pr comments
* Remove the store procedure that is no-longer needed
* Add a new class for update subscription
* Modify the Update subscription for sm
* Add the missing property
* Rename a property properly
* Resolving the PR comment
* Resolve PR comments
* Resolving PR comments
* Resolving the Pr comments
* Resolving some PR comments
* Resolving the PR comments
* Resolving the build identity build
* Add additional Validation
* Resolve the Lint issues
* remove unnecessary using directive
* Remove the white spaces
* Adding unit test for the stripe payment
* Remove the incomplete test
* Fixing the failing test
* Fix the failing test
* Fix the fail test on organization service
* Fix the failing unit test
* Fix the whitespace format
* Fix the failing test
* Fix the whitespace format
* resolve pr comments
* Fix the lint message
* refactor the code
* Fix the failing Test
* adding a new endpoint
* Remove the unwanted code
* Changes for Command and Queries
* changes for command and queries
* Fix the Lint issues
* Fix imports ordering
* Resolve the PR comments
* resolve pr comments
* Resolve pr comments
* Fix the failing test on adjustSeatscommandtests
* Fix the failing test
* Fix the whitespaces
* resolve failing test
* rename a property
* Resolve the pr comments
* refactoring the existing implementation
* Resolve the whitespaces format issue
* Resolve the pr comments
* [AC-1462] Created IAvailableServiceAccountsQuery along its implementation and with unit tests
* [AC-1462] Renamed ICountNewServiceAccountSlotsRequiredQuery
* [AC-1462] Added IAutoscaleServiceAccountsCommand and implementation
* Add more unit testing
* fix the whitespaces issues
* [AC-1462] Added unit tests for AutoscaleServiceAccountsCommand
* Add more unit test
* Remove unnecessary directive
* Resolve some pr comments
* Adding more unit test
* adding more test
* add more test
* Resolving some pr comments
* Resolving some pr comments
* Resolving some pr comments
* resolve some pr comments
* Resolving pr comments
* remove whitespaces
* remove white spaces
* Resolving pr comments
* resolving pr comments and fixing white spaces
* resolving the lint error
* Run dotnet format
* resolving the pr comments
* Add a missing properties to plan response model
* Add the email sender for sm seat and service acct
* Add the email sender for sm seat and service acct
* Fix the failing test after email sender changes
* Add staticstorewrapper to properly test the plans
* Add more test and validate the existing test
* Fix the white spaces issues
* Remove staticstorewrapper and fix the test
* fix a null issue on autoscaling
* Suggestion: do all seat calculations in update model
* Resolve some pr comments
* resolving some pr comments
* Return value is unnecessary
* Resolve the failing test
* resolve pr comments
* Resolve the pr comments
* Resolving admin api failure and adding more test
* Resolve the issue failing admin project
* Fixing the failed test
* Clarify naming and add comments
* Clarify naming conventions
* Dotnet format
* Fix the failing dependency
* remove similar test
* [AC-1462] Rewrote AutoscaleServiceAccountsCommand to use UpdateSecretsManagerSubscriptionCommand which has the same logic
* [AC-1462] Deleted IAutoscaleServiceAccountsCommand as the logic will be moved to UpdateSecretsManagerSubscriptionCommand
* [AC-1462] Created method AdjustSecretsManagerServiceAccountsAsync
* [AC-1462] Changed SecretsManagerSubscriptionUpdate to only be set by its constructor
* [AC-1462] Added check to CountNewServiceAccountSlotsRequiredQuery and revised unit tests
* [AC-1462] Revised logic for CountNewServiceAccountSlotsRequiredQuery and fixed unit tests
* [AC-1462] Changed SecretsManagerSubscriptionUpdate to receive Organization as a parameter and fixed the unit tests
* [AC-1462] Renamed IUpdateSecretsManagerSubscriptionCommand methods UpdateSubscriptionAsync and AdjustServiceAccountsAsync
* [AC-1462] Rewrote unit test UpdateSubscriptionAsync_ValidInput_Passes
* [AC-1462] Registered CountNewServiceAccountSlotsRequiredQuery for dependency injection
* [AC-1462] Added parameter names to SecretsManagerSubscriptionUpdateRequestModel
* [AC-1462] Updated SecretsManagerSubscriptionUpdate logic to handle null parameters. Revised the unit tests to test null values
---------
Co-authored-by: cyprain-okeke <cokeke@bitwarden.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* Add UsePasswordManager to sync data (#3114)
* [AC-1522] Fix service account check on upgrading (#3111)
* Resolved the checkmarx issues
* [AC-1521] Address checkmarx security feedback (#3124)
* Reinstate target attribute but add noopener noreferrer
* Update date on migration script
* Remove unused constant
* Revert "Remove unused constant"
This reverts commit 4fcb9da4d6
.
This is required to make feature flags work on the client
* [AC-1458] Add Endpoint And Service Logic for secrets manager to existing subscription (#3087)
---------
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
* Remove duplicate migrations from incorrectly resolved merge
* [AC-1468] Modified CountNewServiceAccountSlotsRequiredQuery to return zero if organization has SecretsManagerBeta == true (#3112)
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
* [Ac 1563] Unable to load billing and subscription related pages for non-enterprise organizations (#3138)
* Resolve the failing family plan
* resolve issues
* Resolve code related pr comments
* Resolve test related comments
* Resolving or comments
* [SM-809] Add service account slot limit check (#3093)
* Add service account slot limit check
* Add query to DI
* [AC-1462] Registered CountNewServiceAccountSlotsRequiredQuery for dependency injection
* remove duplicate DI entry
* Update unit tests
* Remove comment
* Code review updates
---------
Co-authored-by: cyprain-okeke <cokeke@bitwarden.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: Rui Tome <rtome@bitwarden.com>
* [AC-1461] Secrets manager seat autoscaling (#3121)
* Add autoscaling code to invite user, save user, and bulk enable SM
flows
* Add tests
* Delete command for BulkEnableSecretsManager
* circular dependency between OrganizationService and
UpdateSecretsManagerSubscriptionCommand - fixed by temporarily
duplicating ReplaceAndUpdateCache
* Unresolvable dependencies in other services - fixed by temporarily
registering noop services and moving around some DI code
All should be resolved in PM-1880
* Refactor: improve the update object and use it to adjust values,
remove excess interfaces on the command
* Handle autoscaling-specific errors
---------
Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>
* Move bitwarden_license include reference into conditional block
* [AC 1526]Show current SM seat and service account usage in Bitwarden Portal (#3142)
* changes base on the tickets request
* Code refactoring
* Removed the unwanted method
* Add implementation to the new method
* Resolve some pr comments
* resolve lint issue
* resolve pr comments
* add the new noop files
* Add new noop file and resolve some pr comments
* resolve pr comments
* removed unused method
---------
Co-authored-by: Shane Melton <smelton@bitwarden.com>
Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
Co-authored-by: Colton Hurst <colton@coltonhurst.com>
Co-authored-by: cyprain-okeke <cokeke@bitwarden.com>
Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>
Co-authored-by: Conner Turnbull <cturnbull@bitwarden.com>
Co-authored-by: Rui Tome <rtome@bitwarden.com>
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
425 lines
22 KiB
C#
425 lines
22 KiB
C#
using System.Security.Claims;
|
|
using Bit.Api.SecretsManager.Controllers;
|
|
using Bit.Api.SecretsManager.Models.Request;
|
|
using Bit.Core.Context;
|
|
using Bit.Core.Entities;
|
|
using Bit.Core.Enums;
|
|
using Bit.Core.Exceptions;
|
|
using Bit.Core.OrganizationFeatures.OrganizationSubscriptions.Interface;
|
|
using Bit.Core.Repositories;
|
|
using Bit.Core.SecretsManager.Commands.AccessTokens.Interfaces;
|
|
using Bit.Core.SecretsManager.Commands.ServiceAccounts.Interfaces;
|
|
using Bit.Core.SecretsManager.Entities;
|
|
using Bit.Core.SecretsManager.Models.Data;
|
|
using Bit.Core.SecretsManager.Queries.ServiceAccounts.Interfaces;
|
|
using Bit.Core.SecretsManager.Repositories;
|
|
using Bit.Core.Services;
|
|
using Bit.Test.Common.AutoFixture;
|
|
using Bit.Test.Common.AutoFixture.Attributes;
|
|
using Bit.Test.Common.Helpers;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using NSubstitute;
|
|
using Xunit;
|
|
|
|
namespace Bit.Api.Test.SecretsManager.Controllers;
|
|
|
|
[ControllerCustomize(typeof(ServiceAccountsController))]
|
|
[SutProviderCustomize]
|
|
[JsonDocumentCustomize]
|
|
public class ServiceAccountsControllerTests
|
|
{
|
|
[Theory]
|
|
[BitAutoData]
|
|
public async void GetServiceAccountsByOrganization_ReturnsEmptyList(
|
|
SutProvider<ServiceAccountsController> sutProvider, Guid id)
|
|
{
|
|
sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(id).Returns(true);
|
|
sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid());
|
|
var result = await sutProvider.Sut.ListByOrganizationAsync(id);
|
|
|
|
await sutProvider.GetDependency<IServiceAccountSecretsDetailsQuery>().Received(1)
|
|
.GetManyByOrganizationIdAsync(Arg.Is(AssertHelper.AssertPropertyEqual(id)),
|
|
Arg.Any<Guid>(), Arg.Any<AccessClientType>(), Arg.Any<bool>());
|
|
|
|
Assert.Empty(result.Data);
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
public async void GetServiceAccountsByOrganization_Success(SutProvider<ServiceAccountsController> sutProvider,
|
|
ServiceAccountSecretsDetails resultServiceAccount)
|
|
{
|
|
sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(default).ReturnsForAnyArgs(true);
|
|
sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid());
|
|
sutProvider.GetDependency<IServiceAccountSecretsDetailsQuery>().GetManyByOrganizationIdAsync(default, default, default, default)
|
|
.ReturnsForAnyArgs(new List<ServiceAccountSecretsDetails> { resultServiceAccount });
|
|
|
|
var result = await sutProvider.Sut.ListByOrganizationAsync(resultServiceAccount.ServiceAccount.OrganizationId);
|
|
|
|
await sutProvider.GetDependency<IServiceAccountSecretsDetailsQuery>().Received(1)
|
|
.GetManyByOrganizationIdAsync(Arg.Is(AssertHelper.AssertPropertyEqual(resultServiceAccount.ServiceAccount.OrganizationId)),
|
|
Arg.Any<Guid>(), Arg.Any<AccessClientType>(), Arg.Any<bool>());
|
|
Assert.NotEmpty(result.Data);
|
|
Assert.Single(result.Data);
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
public async void GetServiceAccountsByOrganization_AccessDenied_Throws(
|
|
SutProvider<ServiceAccountsController> sutProvider, Guid orgId)
|
|
{
|
|
sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(default).ReturnsForAnyArgs(false);
|
|
|
|
await Assert.ThrowsAsync<NotFoundException>(() =>
|
|
sutProvider.Sut.ListByOrganizationAsync(orgId));
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
public async void CreateServiceAccount_NoAccess_Throws(SutProvider<ServiceAccountsController> sutProvider,
|
|
ServiceAccountCreateRequestModel data, Guid organizationId)
|
|
{
|
|
sutProvider.GetDependency<IAuthorizationService>()
|
|
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), data.ToServiceAccount(organizationId),
|
|
Arg.Any<IEnumerable<IAuthorizationRequirement>>()).ReturnsForAnyArgs(AuthorizationResult.Failed());
|
|
sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid());
|
|
var resultServiceAccount = data.ToServiceAccount(organizationId);
|
|
sutProvider.GetDependency<ICreateServiceAccountCommand>().CreateAsync(default, default)
|
|
.ReturnsForAnyArgs(resultServiceAccount);
|
|
|
|
await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.CreateAsync(organizationId, data));
|
|
await sutProvider.GetDependency<ICreateServiceAccountCommand>().DidNotReceiveWithAnyArgs()
|
|
.CreateAsync(Arg.Any<ServiceAccount>(), Arg.Any<Guid>());
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData(0)]
|
|
public async void CreateServiceAccount_WhenAutoscalingNotRequired_DoesNotCallUpdateSubscription(
|
|
int newSlotsRequired, SutProvider<ServiceAccountsController> sutProvider,
|
|
ServiceAccountCreateRequestModel data, Organization organization)
|
|
{
|
|
ArrangeCreateServiceAccountAutoScalingTest(newSlotsRequired, sutProvider, data, organization);
|
|
|
|
await sutProvider.Sut.CreateAsync(organization.Id, data);
|
|
|
|
await sutProvider.GetDependency<ICreateServiceAccountCommand>().Received(1)
|
|
.CreateAsync(Arg.Is<ServiceAccount>(sa => sa.Name == data.Name), Arg.Any<Guid>());
|
|
|
|
await sutProvider.GetDependency<IUpdateSecretsManagerSubscriptionCommand>().DidNotReceiveWithAnyArgs()
|
|
.AdjustServiceAccountsAsync(Arg.Any<Organization>(), Arg.Any<int>());
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData(1)]
|
|
[BitAutoData(2)]
|
|
public async void CreateServiceAccount_WhenAutoscalingRequired_CallsUpdateSubscription(int newSlotsRequired,
|
|
SutProvider<ServiceAccountsController> sutProvider,
|
|
ServiceAccountCreateRequestModel data, Organization organization)
|
|
{
|
|
ArrangeCreateServiceAccountAutoScalingTest(newSlotsRequired, sutProvider, data, organization);
|
|
|
|
await sutProvider.Sut.CreateAsync(organization.Id, data);
|
|
|
|
await sutProvider.GetDependency<ICreateServiceAccountCommand>().Received(1)
|
|
.CreateAsync(Arg.Is<ServiceAccount>(sa => sa.Name == data.Name), Arg.Any<Guid>());
|
|
|
|
await sutProvider.GetDependency<IUpdateSecretsManagerSubscriptionCommand>().Received(1)
|
|
.AdjustServiceAccountsAsync(Arg.Is(organization), Arg.Is(newSlotsRequired));
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
public async void CreateServiceAccount_Success(SutProvider<ServiceAccountsController> sutProvider,
|
|
ServiceAccountCreateRequestModel data, Guid organizationId, Organization mockOrg)
|
|
{
|
|
mockOrg.Id = organizationId;
|
|
sutProvider.GetDependency<IAuthorizationService>()
|
|
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), data.ToServiceAccount(organizationId),
|
|
Arg.Any<IEnumerable<IAuthorizationRequirement>>()).ReturnsForAnyArgs(AuthorizationResult.Success());
|
|
sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(Arg.Is(organizationId)).Returns(mockOrg);
|
|
sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid());
|
|
var resultServiceAccount = data.ToServiceAccount(organizationId);
|
|
sutProvider.GetDependency<ICreateServiceAccountCommand>().CreateAsync(default, default)
|
|
.ReturnsForAnyArgs(resultServiceAccount);
|
|
|
|
await sutProvider.Sut.CreateAsync(organizationId, data);
|
|
await sutProvider.GetDependency<ICreateServiceAccountCommand>().Received(1)
|
|
.CreateAsync(Arg.Any<ServiceAccount>(), Arg.Any<Guid>());
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
public async void UpdateServiceAccount_NoAccess_Throws(SutProvider<ServiceAccountsController> sutProvider,
|
|
ServiceAccountUpdateRequestModel data, ServiceAccount existingServiceAccount)
|
|
{
|
|
sutProvider.GetDependency<IAuthorizationService>()
|
|
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), data.ToServiceAccount(existingServiceAccount.Id),
|
|
Arg.Any<IEnumerable<IAuthorizationRequirement>>()).ReturnsForAnyArgs(AuthorizationResult.Failed());
|
|
sutProvider.GetDependency<IServiceAccountRepository>().GetByIdAsync(existingServiceAccount.Id)
|
|
.ReturnsForAnyArgs(existingServiceAccount);
|
|
var resultServiceAccount = data.ToServiceAccount(existingServiceAccount.Id);
|
|
sutProvider.GetDependency<IUpdateServiceAccountCommand>().UpdateAsync(default)
|
|
.ReturnsForAnyArgs(resultServiceAccount);
|
|
|
|
await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.UpdateAsync(existingServiceAccount.Id, data));
|
|
await sutProvider.GetDependency<IUpdateServiceAccountCommand>().DidNotReceiveWithAnyArgs()
|
|
.UpdateAsync(Arg.Any<ServiceAccount>());
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
public async void UpdateServiceAccount_Success(SutProvider<ServiceAccountsController> sutProvider,
|
|
ServiceAccountUpdateRequestModel data, ServiceAccount existingServiceAccount)
|
|
{
|
|
sutProvider.GetDependency<IAuthorizationService>()
|
|
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), data.ToServiceAccount(existingServiceAccount.Id),
|
|
Arg.Any<IEnumerable<IAuthorizationRequirement>>()).ReturnsForAnyArgs(AuthorizationResult.Success());
|
|
var resultServiceAccount = data.ToServiceAccount(existingServiceAccount.Id);
|
|
sutProvider.GetDependency<IUpdateServiceAccountCommand>().UpdateAsync(default)
|
|
.ReturnsForAnyArgs(resultServiceAccount);
|
|
|
|
var result = await sutProvider.Sut.UpdateAsync(existingServiceAccount.Id, data);
|
|
await sutProvider.GetDependency<IUpdateServiceAccountCommand>().Received(1)
|
|
.UpdateAsync(Arg.Any<ServiceAccount>());
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
public async void CreateAccessToken_NoAccess_Throws(SutProvider<ServiceAccountsController> sutProvider,
|
|
AccessTokenCreateRequestModel data, ServiceAccount serviceAccount, string mockClientSecret)
|
|
{
|
|
sutProvider.GetDependency<IServiceAccountRepository>().GetByIdAsync(serviceAccount.Id).Returns(serviceAccount);
|
|
sutProvider.GetDependency<IAuthorizationService>()
|
|
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), serviceAccount,
|
|
Arg.Any<IEnumerable<IAuthorizationRequirement>>()).ReturnsForAnyArgs(AuthorizationResult.Failed());
|
|
var resultAccessToken = data.ToApiKey(serviceAccount.Id);
|
|
|
|
sutProvider.GetDependency<ICreateAccessTokenCommand>()
|
|
.CreateAsync(default)
|
|
.ReturnsForAnyArgs(new ApiKeyClientSecretDetails { ApiKey = resultAccessToken, ClientSecret = mockClientSecret });
|
|
|
|
await Assert.ThrowsAsync<NotFoundException>(() =>
|
|
sutProvider.Sut.CreateAccessTokenAsync(serviceAccount.Id, data));
|
|
await sutProvider.GetDependency<ICreateAccessTokenCommand>().DidNotReceiveWithAnyArgs()
|
|
.CreateAsync(Arg.Any<ApiKey>());
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
public async void CreateAccessToken_Success(SutProvider<ServiceAccountsController> sutProvider,
|
|
AccessTokenCreateRequestModel data, ServiceAccount serviceAccount, string mockClientSecret)
|
|
{
|
|
sutProvider.GetDependency<IServiceAccountRepository>().GetByIdAsync(serviceAccount.Id).Returns(serviceAccount);
|
|
sutProvider.GetDependency<IAuthorizationService>()
|
|
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), serviceAccount,
|
|
Arg.Any<IEnumerable<IAuthorizationRequirement>>()).ReturnsForAnyArgs(AuthorizationResult.Success());
|
|
var resultAccessToken = data.ToApiKey(serviceAccount.Id);
|
|
|
|
sutProvider.GetDependency<ICreateAccessTokenCommand>().CreateAsync(default)
|
|
.ReturnsForAnyArgs(new ApiKeyClientSecretDetails { ApiKey = resultAccessToken, ClientSecret = mockClientSecret });
|
|
|
|
await sutProvider.Sut.CreateAccessTokenAsync(serviceAccount.Id, data);
|
|
await sutProvider.GetDependency<ICreateAccessTokenCommand>().Received(1)
|
|
.CreateAsync(Arg.Any<ApiKey>());
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
public async void GetAccessTokens_NoAccess_Throws(SutProvider<ServiceAccountsController> sutProvider,
|
|
ServiceAccount data, ICollection<ApiKey> resultApiKeys)
|
|
{
|
|
sutProvider.GetDependency<IServiceAccountRepository>().GetByIdAsync(default).ReturnsForAnyArgs(data);
|
|
sutProvider.GetDependency<IAuthorizationService>()
|
|
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), data,
|
|
Arg.Any<IEnumerable<IAuthorizationRequirement>>()).ReturnsForAnyArgs(AuthorizationResult.Failed());
|
|
|
|
foreach (var apiKey in resultApiKeys)
|
|
{
|
|
apiKey.Scope = "[\"api.secrets\"]";
|
|
}
|
|
|
|
sutProvider.GetDependency<IApiKeyRepository>().GetManyByServiceAccountIdAsync(default)
|
|
.ReturnsForAnyArgs(resultApiKeys);
|
|
|
|
await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.GetAccessTokens(data.Id));
|
|
await sutProvider.GetDependency<IApiKeyRepository>().DidNotReceiveWithAnyArgs()
|
|
.GetManyByServiceAccountIdAsync(Arg.Any<Guid>());
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
public async void GetAccessTokens_Success(SutProvider<ServiceAccountsController> sutProvider, ServiceAccount data,
|
|
ICollection<ApiKey> resultApiKeys)
|
|
{
|
|
sutProvider.GetDependency<IServiceAccountRepository>().GetByIdAsync(default).ReturnsForAnyArgs(data);
|
|
sutProvider.GetDependency<IAuthorizationService>()
|
|
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), data,
|
|
Arg.Any<IEnumerable<IAuthorizationRequirement>>()).ReturnsForAnyArgs(AuthorizationResult.Success());
|
|
|
|
foreach (var apiKey in resultApiKeys)
|
|
{
|
|
apiKey.Scope = "[\"api.secrets\"]";
|
|
}
|
|
|
|
sutProvider.GetDependency<IApiKeyRepository>().GetManyByServiceAccountIdAsync(default)
|
|
.ReturnsForAnyArgs(resultApiKeys);
|
|
|
|
var result = await sutProvider.Sut.GetAccessTokens(data.Id);
|
|
await sutProvider.GetDependency<IApiKeyRepository>().Received(1)
|
|
.GetManyByServiceAccountIdAsync(Arg.Any<Guid>());
|
|
Assert.NotEmpty(result.Data);
|
|
Assert.Equal(resultApiKeys.Count, result.Data.Count());
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
public async void RevokeAccessTokens_NoAccess_Throws(SutProvider<ServiceAccountsController> sutProvider,
|
|
RevokeAccessTokensRequest data, ServiceAccount serviceAccount)
|
|
{
|
|
sutProvider.GetDependency<IServiceAccountRepository>().GetByIdAsync(serviceAccount.Id).Returns(serviceAccount);
|
|
sutProvider.GetDependency<IAuthorizationService>()
|
|
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), serviceAccount,
|
|
Arg.Any<IEnumerable<IAuthorizationRequirement>>()).ReturnsForAnyArgs(AuthorizationResult.Failed());
|
|
|
|
await Assert.ThrowsAsync<NotFoundException>(() =>
|
|
sutProvider.Sut.RevokeAccessTokensAsync(serviceAccount.Id, data));
|
|
await sutProvider.GetDependency<IRevokeAccessTokensCommand>().DidNotReceiveWithAnyArgs()
|
|
.RevokeAsync(Arg.Any<ServiceAccount>(), Arg.Any<Guid[]>());
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
public async void RevokeAccessTokens_Success(SutProvider<ServiceAccountsController> sutProvider,
|
|
RevokeAccessTokensRequest data, ServiceAccount serviceAccount)
|
|
{
|
|
sutProvider.GetDependency<IServiceAccountRepository>().GetByIdAsync(serviceAccount.Id).Returns(serviceAccount);
|
|
sutProvider.GetDependency<IAuthorizationService>()
|
|
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), serviceAccount,
|
|
Arg.Any<IEnumerable<IAuthorizationRequirement>>()).ReturnsForAnyArgs(AuthorizationResult.Success());
|
|
|
|
await sutProvider.Sut.RevokeAccessTokensAsync(serviceAccount.Id, data);
|
|
await sutProvider.GetDependency<IRevokeAccessTokensCommand>().Received(1)
|
|
.RevokeAsync(Arg.Any<ServiceAccount>(), Arg.Any<Guid[]>());
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
public async void BulkDelete_NoServiceAccountsFound_ThrowsNotFound(SutProvider<ServiceAccountsController> sutProvider, List<ServiceAccount> data)
|
|
{
|
|
var ids = data.Select(sa => sa.Id).ToList();
|
|
sutProvider.GetDependency<IServiceAccountRepository>().GetManyByIds(Arg.Is(ids)).ReturnsForAnyArgs(new List<ServiceAccount>());
|
|
await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.BulkDeleteAsync(ids));
|
|
await sutProvider.GetDependency<IDeleteServiceAccountsCommand>().DidNotReceiveWithAnyArgs().DeleteServiceAccounts(Arg.Any<List<ServiceAccount>>());
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
public async void BulkDelete_ServiceAccountsFoundMisMatch_ThrowsNotFound(SutProvider<ServiceAccountsController> sutProvider, List<ServiceAccount> data, ServiceAccount mockSa)
|
|
{
|
|
data.Add(mockSa);
|
|
var ids = data.Select(sa => sa.Id).ToList();
|
|
sutProvider.GetDependency<IServiceAccountRepository>().GetManyByIds(Arg.Is(ids)).ReturnsForAnyArgs(new List<ServiceAccount> { mockSa });
|
|
await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.BulkDeleteAsync(ids));
|
|
await sutProvider.GetDependency<IDeleteServiceAccountsCommand>().DidNotReceiveWithAnyArgs().DeleteServiceAccounts(Arg.Any<List<ServiceAccount>>());
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
public async void BulkDelete_OrganizationMistMatch_ThrowsNotFound(SutProvider<ServiceAccountsController> sutProvider, List<ServiceAccount> data)
|
|
{
|
|
var ids = data.Select(sa => sa.Id).ToList();
|
|
sutProvider.GetDependency<IServiceAccountRepository>().GetManyByIds(Arg.Is(ids)).ReturnsForAnyArgs(data);
|
|
await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.BulkDeleteAsync(ids));
|
|
await sutProvider.GetDependency<IDeleteServiceAccountsCommand>().DidNotReceiveWithAnyArgs().DeleteServiceAccounts(Arg.Any<List<ServiceAccount>>());
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
public async void BulkDelete_NoAccessToSecretsManager_ThrowsNotFound(SutProvider<ServiceAccountsController> sutProvider, List<ServiceAccount> data)
|
|
{
|
|
var ids = data.Select(sa => sa.Id).ToList();
|
|
var organizationId = data.First().OrganizationId;
|
|
foreach (var sa in data)
|
|
{
|
|
sa.OrganizationId = organizationId;
|
|
}
|
|
sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(Arg.Is(organizationId)).ReturnsForAnyArgs(false);
|
|
sutProvider.GetDependency<IServiceAccountRepository>().GetManyByIds(Arg.Is(ids)).ReturnsForAnyArgs(data);
|
|
await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.BulkDeleteAsync(ids));
|
|
await sutProvider.GetDependency<IDeleteServiceAccountsCommand>().DidNotReceiveWithAnyArgs().DeleteServiceAccounts(Arg.Any<List<ServiceAccount>>());
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
public async void BulkDelete_ReturnsAccessDeniedForProjectsWithoutAccess_Success(SutProvider<ServiceAccountsController> sutProvider, List<ServiceAccount> data)
|
|
{
|
|
var ids = data.Select(sa => sa.Id).ToList();
|
|
var organizationId = data.First().OrganizationId;
|
|
foreach (var sa in data)
|
|
{
|
|
sa.OrganizationId = organizationId;
|
|
sutProvider.GetDependency<IAuthorizationService>()
|
|
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), sa,
|
|
Arg.Any<IEnumerable<IAuthorizationRequirement>>()).ReturnsForAnyArgs(AuthorizationResult.Success());
|
|
}
|
|
sutProvider.GetDependency<IAuthorizationService>()
|
|
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), data.First(),
|
|
Arg.Any<IEnumerable<IAuthorizationRequirement>>()).Returns(AuthorizationResult.Failed());
|
|
sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(Arg.Is(organizationId)).ReturnsForAnyArgs(true);
|
|
sutProvider.GetDependency<IServiceAccountRepository>().GetManyByIds(Arg.Is(ids)).ReturnsForAnyArgs(data);
|
|
|
|
var results = await sutProvider.Sut.BulkDeleteAsync(ids);
|
|
|
|
Assert.Equal(data.Count, results.Data.Count());
|
|
Assert.Equal("access denied", results.Data.First().Error);
|
|
|
|
data.Remove(data.First());
|
|
await sutProvider.GetDependency<IDeleteServiceAccountsCommand>().Received(1)
|
|
.DeleteServiceAccounts(Arg.Is(AssertHelper.AssertPropertyEqual(data)));
|
|
}
|
|
|
|
[Theory]
|
|
[BitAutoData]
|
|
public async void BulkDelete_Success(SutProvider<ServiceAccountsController> sutProvider, List<ServiceAccount> data)
|
|
{
|
|
var ids = data.Select(sa => sa.Id).ToList();
|
|
var organizationId = data.First().OrganizationId;
|
|
foreach (var sa in data)
|
|
{
|
|
sa.OrganizationId = organizationId;
|
|
sutProvider.GetDependency<IAuthorizationService>()
|
|
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), sa,
|
|
Arg.Any<IEnumerable<IAuthorizationRequirement>>()).ReturnsForAnyArgs(AuthorizationResult.Success());
|
|
}
|
|
|
|
sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(Arg.Is(organizationId)).ReturnsForAnyArgs(true);
|
|
sutProvider.GetDependency<IServiceAccountRepository>().GetManyByIds(Arg.Is(ids)).ReturnsForAnyArgs(data);
|
|
|
|
var results = await sutProvider.Sut.BulkDeleteAsync(ids);
|
|
|
|
await sutProvider.GetDependency<IDeleteServiceAccountsCommand>().Received(1)
|
|
.DeleteServiceAccounts(Arg.Is(AssertHelper.AssertPropertyEqual(data)));
|
|
Assert.Equal(data.Count, results.Data.Count());
|
|
foreach (var result in results.Data)
|
|
{
|
|
Assert.Null(result.Error);
|
|
}
|
|
}
|
|
|
|
private static void ArrangeCreateServiceAccountAutoScalingTest(int newSlotsRequired, SutProvider<ServiceAccountsController> sutProvider,
|
|
ServiceAccountCreateRequestModel data, Organization organization)
|
|
{
|
|
sutProvider.GetDependency<IAuthorizationService>()
|
|
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), data.ToServiceAccount(organization.Id),
|
|
Arg.Any<IEnumerable<IAuthorizationRequirement>>()).ReturnsForAnyArgs(AuthorizationResult.Success());
|
|
sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(Arg.Is(organization.Id)).Returns(organization);
|
|
sutProvider.GetDependency<ICountNewServiceAccountSlotsRequiredQuery>()
|
|
.CountNewServiceAccountSlotsRequiredAsync(organization.Id, 1)
|
|
.ReturnsForAnyArgs(newSlotsRequired);
|
|
sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid());
|
|
var resultServiceAccount = data.ToServiceAccount(organization.Id);
|
|
sutProvider.GetDependency<ICreateServiceAccountCommand>().CreateAsync(default, default)
|
|
.ReturnsForAnyArgs(resultServiceAccount);
|
|
}
|
|
}
|