1
0
mirror of https://github.com/bitwarden/server.git synced 2024-12-10 15:13:29 +01:00
bitwarden-server/test/Api.IntegrationTest/Helpers/OrganizationTestHelpers.cs
Rui Tomé c126fee296
[PM-11405] Account Management: Prevent a verified user from changing their email address (#4875)
* Add check for managed user before purging account

* Rename IOrganizationRepository.GetByClaimedUserDomainAsync to GetByVerifiedUserEmailDomainAsync and refactor to return a list. Remove ManagedByOrganizationId from ProfileResponseMode. Add ManagesActiveUser to ProfileOrganizationResponseModel

* Rename the property ManagesActiveUser to UserIsManagedByOrganization

* Remove whole class #nullable enable and add it to specific places

* [PM-11405] Account Deprovisioning: Prevent a verified user from changing their email address

* Remove unnecessary .ToList()

* Refactor IUserService methods GetOrganizationsManagingUserAsync and IsManagedByAnyOrganizationAsync to not return nullable objects. Update ProfileOrganizationResponseModel.UserIsManagedByOrganization to not be nullable

* Update error message when unable to purge vault for managed account

* Update error message when unable to change email for managed account

* Update expected error messages on unit tests

* Add TestFeatureService to Api.IntegrationTest.Helpers and use it on ApiApplicationFactory to be able to enable specific features for each test

* Add CreateVerifiedDomainAsync method to OrganizationTestHelpers

* Add tests to AccountsControllerTest to prevent changing email for managed accounts

* Remove setting the feature flag value in ApiApplicationFactory and set it on AccountsControllerTest

* Remove TestFeatureService class from Api.IntegrationTest.Helpers
2024-10-28 16:12:13 +00:00

127 lines
4.3 KiB
C#

using System.Diagnostics;
using Bit.Api.IntegrationTest.Factories;
using Bit.Core.AdminConsole.Entities;
using Bit.Core.Billing.Enums;
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Models.Business;
using Bit.Core.Models.Data;
using Bit.Core.Repositories;
using Bit.Core.Services;
using Bit.IntegrationTestCommon.Factories;
namespace Bit.Api.IntegrationTest.Helpers;
public static class OrganizationTestHelpers
{
public static async Task<Tuple<Organization, OrganizationUser>> SignUpAsync<T>(WebApplicationFactoryBase<T> factory,
PlanType plan = PlanType.Free,
string ownerEmail = "integration-test@bitwarden.com",
string name = "Integration Test Org",
string billingEmail = "integration-test@bitwarden.com",
string ownerKey = "test-key",
int passwordManagerSeats = 0,
PaymentMethodType paymentMethod = PaymentMethodType.None) where T : class
{
var userRepository = factory.GetService<IUserRepository>();
var organizationService = factory.GetService<IOrganizationService>();
var owner = await userRepository.GetByEmailAsync(ownerEmail);
var signUpResult = await organizationService.SignUpAsync(new OrganizationSignup
{
Name = name,
BillingEmail = billingEmail,
Plan = plan,
OwnerKey = ownerKey,
Owner = owner,
AdditionalSeats = passwordManagerSeats,
PaymentMethodType = paymentMethod
});
Debug.Assert(signUpResult.organizationUser is not null);
return new Tuple<Organization, OrganizationUser>(signUpResult.organization, signUpResult.organizationUser);
}
/// <summary>
/// Creates an OrganizationUser. The user account must already be created.
/// </summary>
public static async Task<OrganizationUser> CreateUserAsync<T>(
WebApplicationFactoryBase<T> factory,
Guid organizationId,
string userEmail,
OrganizationUserType type,
bool accessSecretsManager = false,
Permissions? permissions = null
) where T : class
{
var userRepository = factory.GetService<IUserRepository>();
var organizationUserRepository = factory.GetService<IOrganizationUserRepository>();
var user = await userRepository.GetByEmailAsync(userEmail);
Debug.Assert(user is not null);
var orgUser = new OrganizationUser
{
OrganizationId = organizationId,
UserId = user.Id,
Key = null,
Type = type,
Status = OrganizationUserStatusType.Confirmed,
ExternalId = null,
AccessSecretsManager = accessSecretsManager,
};
if (permissions != null)
{
orgUser.SetPermissions(permissions);
}
await organizationUserRepository.CreateAsync(orgUser);
return orgUser;
}
/// <summary>
/// Creates a new User account with a unique email address and a corresponding OrganizationUser for
/// the specified organization.
/// </summary>
public static async Task<(string, OrganizationUser)> CreateNewUserWithAccountAsync(
ApiApplicationFactory factory,
Guid organizationId,
OrganizationUserType userType,
Permissions? permissions = null
)
{
var email = $"integration-test{Guid.NewGuid()}@bitwarden.com";
// Create user
await factory.LoginWithNewAccount(email);
// Create organizationUser
var organizationUser = await OrganizationTestHelpers.CreateUserAsync(factory, organizationId, email, userType,
permissions: permissions);
return (email, organizationUser);
}
/// <summary>
/// Creates a VerifiedDomain for the specified organization.
/// </summary>
public static async Task CreateVerifiedDomainAsync(ApiApplicationFactory factory, Guid organizationId, string domain)
{
var organizationDomainRepository = factory.GetService<IOrganizationDomainRepository>();
var verifiedDomain = new OrganizationDomain
{
OrganizationId = organizationId,
DomainName = domain,
Txt = "btw+test18383838383"
};
verifiedDomain.SetVerifiedDate();
await organizationDomainRepository.CreateAsync(verifiedDomain);
}
}