1
0
mirror of https://github.com/bitwarden/server.git synced 2024-12-12 15:26:48 +01:00
bitwarden-server/test/Api.Test/AdminConsole/Controllers/OrganizationAuthRequestsControllerTests.cs
Addison Beck 98a191a5e8
Allow for bulk processing new login device requests (#4064)
* Define a model for updating many auth requests

In order to facilitate a command method that can update many auth
requests at one time a new model must be defined that accepts valid
input for the command's needs. To achieve this a new file has been
created at
`Core/AdminConsole/OrganizationAuth/Models/OrganizationAuthRequestUpdateCommandModel.cs`
that contains a class of the same name. It's properties match those that
need to come from any calling API request models to fulfill the request.

* Declare a new command interface method

Calling API functions of the `UpdateOrganizationAuthRequestCommand` need
a function that can accept many auth request response objects and
process them as approved or denied. To achieve this a new function has
been added to `IUpdateOrganizationAuthRequestCommand` called
`UpdateManyAsync()` that accepts an
`IEnumberable<OrganizationAuthRequest>` and returns a `Task`.
Implementations of this interface method will be used to bulk process
auth requests as approved or denied.

* Stub out method implementation for unit testing

To facilitate a bulk device login request approval workflow in the admin
console `UpdateOrganizationAuthRequestCommand` needs to be updated to
include an `UpdateMany()` method. It should accept a list of
`OrganizationAuthRequestUpdateCommandModel` objects, perform some simple
data validation checks, and then pass those along to
`AuthRequestRepository` for updating in the database.

This commit stubs out this method for the purpose of writing unit tests.
At this stage the method throws a `NotImplementedException()`. It will
be expand after writing assertions.

* Inject `IAuthRequestRepository` into `UpdateOrganizationAuthCommand`

The updates to `UpdateOrganizationAuthRequestCommand` require a new
direct dependency on `IAuthRequestRepository`. This commit simply
registers this dependency in the `UpdateOrganizationAuthRequest`
constructor for use in unit tests and the `UpdateManyAsync()`
implementation.

* Write tests

* Rename `UpdateManyAsync()` to `UpdateAsync`

* Drop the `CommandModel` suffix

* Invert business logic update filters

* Rework everything to be more model-centric

* Bulk send push notifications

* Write tests that validate the command as a whole

* Fix a test that I broke by mistake

* Swap to using await instead of chained methods for processing

* Seperate a function arguement into a variable declaration

* Ungeneric-ify the processor

* Adjust ternary formatting

* Adjust naming of methods regarding logging organization events

* Throw an exception if Process is called with no auth request loaded

* Rename `_updates` -> `_update`

* Rename email methods

* Stop returning `this`

* Allow callbacks to be null

* Make some assertions about the state of a processed auth request

* Be more terse about arguements in happy path test

* Remove unneeded null check

* Expose an endpoint for bulk processing of organization auth requests  (#4077)

---------

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
2024-05-27 11:56:52 +10:00

65 lines
2.3 KiB
C#

using Bit.Api.AdminConsole.Controllers;
using Bit.Api.AdminConsole.Models.Request;
using Bit.Core.Context;
using Bit.Test.Common.AutoFixture;
using Bit.Test.Common.AutoFixture.Attributes;
using NSubstitute;
using Xunit;
namespace Bit.Api.Test.AdminConsole.Controllers;
[ControllerCustomize(typeof(OrganizationAuthRequestsController))]
[SutProviderCustomize]
public class OrganizationAuthRequestsControllerTests
{
[Theory]
[BitAutoData]
public async Task ValidateAdminRequest_UserDoesNotHaveManageResetPasswordPermissions_ThrowsUnauthorized(
SutProvider<OrganizationAuthRequestsController> sutProvider,
Guid organizationId
)
{
sutProvider.GetDependency<ICurrentContext>().ManageResetPassword(organizationId).Returns(false);
await Assert.ThrowsAsync<UnauthorizedAccessException>(() =>
sutProvider.Sut.ValidateAdminRequest(organizationId));
}
[Theory]
[BitAutoData]
public async Task ValidateAdminRequest_UserHasManageResetPasswordPermissions_DoesNotThrow(
SutProvider<OrganizationAuthRequestsController> sutProvider,
Guid organizationId
)
{
sutProvider.GetDependency<ICurrentContext>().ManageResetPassword(organizationId).Returns(true);
await sutProvider.Sut.ValidateAdminRequest(organizationId);
}
[Theory]
[BitAutoData]
public async Task UpdateManyAuthRequests_ValidInput_DoesNotThrow(
SutProvider<OrganizationAuthRequestsController> sutProvider,
IEnumerable<OrganizationAuthRequestUpdateManyRequestModel> request,
Guid organizationId
)
{
sutProvider.GetDependency<ICurrentContext>().ManageResetPassword(organizationId).Returns(true);
await sutProvider.Sut.UpdateManyAuthRequests(organizationId, request);
}
[Theory]
[BitAutoData]
public async Task UpdateManyAuthRequests_NotPermissioned_ThrowsUnauthorized(
SutProvider<OrganizationAuthRequestsController> sutProvider,
IEnumerable<OrganizationAuthRequestUpdateManyRequestModel> request,
Guid organizationId
)
{
sutProvider.GetDependency<ICurrentContext>().ManageResetPassword(organizationId).Returns(false);
await Assert.ThrowsAsync<UnauthorizedAccessException>(() =>
sutProvider.Sut.UpdateManyAuthRequests(organizationId, request));
}
}