using Bit.Api.AdminConsole.Controllers;
using Bit.Api.Test.Utilities;
using Microsoft.AspNetCore.Mvc;
using Xunit;
namespace Bit.Api.Test.AdminConsole.Controllers;
public class AdminConsoleControllersAuthorizationTests
{
///
/// Controllers that have not yet been migrated to use method-level authorization attributes.
/// TODO: Remove controllers from this list as they are migrated to use [Authorize] or [AllowAnonymous] on all methods.
///
private static readonly HashSet _controllersNotYetMigrated =
[
typeof(GroupsController),
typeof(OrganizationAuthRequestsController),
typeof(OrganizationConnectionsController),
typeof(OrganizationDomainController),
typeof(OrganizationsController),
typeof(OrganizationUsersController),
typeof(ProviderClientsController),
typeof(ProviderOrganizationsController),
typeof(ProvidersController),
typeof(ProviderUsersController)
];
public static IEnumerable GetAllAdminConsoleControllers()
{
// This is just a convenient way to get the assembly reference - it does
// not actually require that all controllers extend this base class
var assembly = typeof(BaseAdminConsoleController).Assembly;
return assembly.GetTypes()
.Where(t => t.IsClass
&& !t.IsAbstract
&& typeof(ControllerBase).IsAssignableFrom(t)
&& t.Namespace == "Bit.Api.AdminConsole.Controllers")
.Except(_controllersNotYetMigrated)
.Select(t => new object[] { t });
}
///
/// Automatically finds all controllers in the Bit.Api.AdminConsole.Controllers namespace
/// and ensures that they have [Authorize] or [AllowAnonymous] attributes on all methods.
///
///
/// See for an exemption list of existing controllers
/// that aren't using these attributes yet (but should be).
/// See
/// for more information about what this test requires to pass.
///
[Theory]
[MemberData(nameof(GetAllAdminConsoleControllers))]
public void AllControllers_HaveAuthorizationOnAllMethods(Type controllerType)
{
ControllerAuthorizationTestHelpers.AssertAllHttpMethodsHaveAuthorization(controllerType);
}
}