You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
335 lines
12 KiB
335 lines
12 KiB
using Bit.Core.Entities; |
|
using Bit.Core.Enums; |
|
using Bit.Core.Repositories; |
|
using Xunit; |
|
|
|
namespace Bit.Infrastructure.IntegrationTest.AdminConsole.Repositories.OrganizationRepository; |
|
|
|
public class GetByVerifiedUserEmailDomainAsyncTests |
|
{ |
|
[Theory, DatabaseData] |
|
public async Task GetByClaimedUserDomainAsync_WithVerifiedDomain_Success( |
|
IUserRepository userRepository, |
|
IOrganizationRepository organizationRepository, |
|
IOrganizationUserRepository organizationUserRepository, |
|
IOrganizationDomainRepository organizationDomainRepository) |
|
{ |
|
var id = Guid.NewGuid(); |
|
var domainName = $"{id}.example.com"; |
|
|
|
var user1 = await userRepository.CreateAsync(new User |
|
{ |
|
Name = "Test User 1", |
|
Email = $"test+{id}@{domainName}", |
|
ApiKey = "TEST", |
|
SecurityStamp = "stamp", |
|
Kdf = KdfType.PBKDF2_SHA256, |
|
KdfIterations = 1, |
|
KdfMemory = 2, |
|
KdfParallelism = 3 |
|
}); |
|
|
|
var user2 = await userRepository.CreateAsync(new User |
|
{ |
|
Name = "Test User 2", |
|
Email = $"test+{id}@x-{domainName}", // Different domain |
|
ApiKey = "TEST", |
|
SecurityStamp = "stamp", |
|
Kdf = KdfType.PBKDF2_SHA256, |
|
KdfIterations = 1, |
|
KdfMemory = 2, |
|
KdfParallelism = 3 |
|
}); |
|
|
|
var user3 = await userRepository.CreateAsync(new User |
|
{ |
|
Name = "Test User 2", |
|
Email = $"test+{id}@{domainName}.example.com", // Different domain |
|
ApiKey = "TEST", |
|
SecurityStamp = "stamp", |
|
Kdf = KdfType.PBKDF2_SHA256, |
|
KdfIterations = 1, |
|
KdfMemory = 2, |
|
KdfParallelism = 3 |
|
}); |
|
|
|
var organization = await organizationRepository.CreateTestOrganizationAsync(); |
|
|
|
var organizationDomain = new OrganizationDomain |
|
{ |
|
OrganizationId = organization.Id, |
|
DomainName = domainName, |
|
Txt = "btw+12345", |
|
}; |
|
organizationDomain.SetVerifiedDate(); |
|
organizationDomain.SetNextRunDate(12); |
|
organizationDomain.SetJobRunCount(); |
|
await organizationDomainRepository.CreateAsync(organizationDomain); |
|
|
|
await organizationUserRepository.CreateConfirmedTestOrganizationUserAsync(organization, user1); |
|
await organizationUserRepository.CreateConfirmedTestOrganizationUserAsync(organization, user2); |
|
await organizationUserRepository.CreateConfirmedTestOrganizationUserAsync(organization, user3); |
|
|
|
var user1Response = await organizationRepository.GetByVerifiedUserEmailDomainAsync(user1.Id); |
|
var user2Response = await organizationRepository.GetByVerifiedUserEmailDomainAsync(user2.Id); |
|
var user3Response = await organizationRepository.GetByVerifiedUserEmailDomainAsync(user3.Id); |
|
|
|
Assert.NotEmpty(user1Response); |
|
Assert.Equal(organization.Id, user1Response.First().Id); |
|
Assert.Empty(user2Response); |
|
Assert.Empty(user3Response); |
|
} |
|
|
|
[Theory, DatabaseData] |
|
public async Task GetByVerifiedUserEmailDomainAsync_WithUnverifiedDomains_ReturnsEmpty( |
|
IUserRepository userRepository, |
|
IOrganizationRepository organizationRepository, |
|
IOrganizationUserRepository organizationUserRepository, |
|
IOrganizationDomainRepository organizationDomainRepository) |
|
{ |
|
var id = Guid.NewGuid(); |
|
var domainName = $"{id}.example.com"; |
|
|
|
var user = await userRepository.CreateAsync(new User |
|
{ |
|
Name = "Test User", |
|
Email = $"test+{id}@{domainName}", |
|
ApiKey = "TEST", |
|
SecurityStamp = "stamp", |
|
Kdf = KdfType.PBKDF2_SHA256, |
|
KdfIterations = 1, |
|
KdfMemory = 2, |
|
KdfParallelism = 3 |
|
}); |
|
|
|
var organization = await organizationRepository.CreateTestOrganizationAsync(); |
|
|
|
var organizationDomain = new OrganizationDomain |
|
{ |
|
OrganizationId = organization.Id, |
|
DomainName = domainName, |
|
Txt = "btw+12345", |
|
}; |
|
organizationDomain.SetNextRunDate(12); |
|
organizationDomain.SetJobRunCount(); |
|
await organizationDomainRepository.CreateAsync(organizationDomain); |
|
|
|
await organizationUserRepository.CreateConfirmedTestOrganizationUserAsync(organization, user); |
|
|
|
var result = await organizationRepository.GetByVerifiedUserEmailDomainAsync(user.Id); |
|
|
|
Assert.Empty(result); |
|
} |
|
|
|
[Theory, DatabaseData] |
|
public async Task GetByVerifiedUserEmailDomainAsync_WithMultipleVerifiedDomains_ReturnsAllMatchingOrganizations( |
|
IUserRepository userRepository, |
|
IOrganizationRepository organizationRepository, |
|
IOrganizationUserRepository organizationUserRepository, |
|
IOrganizationDomainRepository organizationDomainRepository) |
|
{ |
|
var id = Guid.NewGuid(); |
|
var domainName = $"{id}.example.com"; |
|
|
|
var user = await userRepository.CreateAsync(new User |
|
{ |
|
Name = "Test User", |
|
Email = $"test+{id}@{domainName}", |
|
ApiKey = "TEST", |
|
SecurityStamp = "stamp", |
|
Kdf = KdfType.PBKDF2_SHA256, |
|
KdfIterations = 1, |
|
KdfMemory = 2, |
|
KdfParallelism = 3 |
|
}); |
|
|
|
var organization1 = await organizationRepository.CreateTestOrganizationAsync(); |
|
var organization2 = await organizationRepository.CreateTestOrganizationAsync(); |
|
|
|
var organizationDomain1 = new OrganizationDomain |
|
{ |
|
OrganizationId = organization1.Id, |
|
DomainName = domainName, |
|
Txt = "btw+12345", |
|
}; |
|
organizationDomain1.SetNextRunDate(12); |
|
organizationDomain1.SetJobRunCount(); |
|
organizationDomain1.SetVerifiedDate(); |
|
await organizationDomainRepository.CreateAsync(organizationDomain1); |
|
|
|
var organizationDomain2 = new OrganizationDomain |
|
{ |
|
OrganizationId = organization2.Id, |
|
DomainName = domainName, |
|
Txt = "btw+67890", |
|
}; |
|
organizationDomain2.SetNextRunDate(12); |
|
organizationDomain2.SetJobRunCount(); |
|
organizationDomain2.SetVerifiedDate(); |
|
await organizationDomainRepository.CreateAsync(organizationDomain2); |
|
|
|
await organizationUserRepository.CreateConfirmedTestOrganizationUserAsync(organization1, user); |
|
await organizationUserRepository.CreateConfirmedTestOrganizationUserAsync(organization2, user); |
|
|
|
var result = await organizationRepository.GetByVerifiedUserEmailDomainAsync(user.Id); |
|
|
|
Assert.Equal(2, result.Count); |
|
Assert.Contains(result, org => org.Id == organization1.Id); |
|
Assert.Contains(result, org => org.Id == organization2.Id); |
|
} |
|
|
|
[Theory, DatabaseData] |
|
public async Task GetByVerifiedUserEmailDomainAsync_WithNonExistentUser_ReturnsEmpty( |
|
IOrganizationRepository organizationRepository) |
|
{ |
|
var nonExistentUserId = Guid.NewGuid(); |
|
|
|
var result = await organizationRepository.GetByVerifiedUserEmailDomainAsync(nonExistentUserId); |
|
|
|
Assert.Empty(result); |
|
} |
|
|
|
/// <summary> |
|
/// Tests an edge case where some invited users are created linked to a UserId. |
|
/// This is defective behavior, but will take longer to fix - for now, we are defensive and expressly |
|
/// exclude such users from the results without relying on the inner join only. |
|
/// Invited-revoked users linked to a UserId remain intentionally unhandled for now as they have not caused |
|
/// any issues to date and we want to minimize edge cases. |
|
/// We will fix the underlying issue going forward: https://bitwarden.atlassian.net/browse/PM-22405 |
|
/// </summary> |
|
[Theory, DatabaseData] |
|
public async Task GetByVerifiedUserEmailDomainAsync_WithInvitedUserWithUserId_ReturnsEmpty( |
|
IUserRepository userRepository, |
|
IOrganizationRepository organizationRepository, |
|
IOrganizationUserRepository organizationUserRepository, |
|
IOrganizationDomainRepository organizationDomainRepository) |
|
{ |
|
var id = Guid.NewGuid(); |
|
var domainName = $"{id}.example.com"; |
|
|
|
var user = await userRepository.CreateAsync(new User |
|
{ |
|
Name = "Test User", |
|
Email = $"test+{id}@{domainName}", |
|
ApiKey = "TEST", |
|
SecurityStamp = "stamp", |
|
Kdf = KdfType.PBKDF2_SHA256, |
|
KdfIterations = 1, |
|
KdfMemory = 2, |
|
KdfParallelism = 3 |
|
}); |
|
|
|
var organization = await organizationRepository.CreateTestOrganizationAsync(); |
|
|
|
var organizationDomain = new OrganizationDomain |
|
{ |
|
OrganizationId = organization.Id, |
|
DomainName = domainName, |
|
Txt = "btw+12345", |
|
}; |
|
organizationDomain.SetVerifiedDate(); |
|
organizationDomain.SetNextRunDate(12); |
|
organizationDomain.SetJobRunCount(); |
|
await organizationDomainRepository.CreateAsync(organizationDomain); |
|
|
|
// Create invited user with matching email domain but UserId set (edge case) |
|
await organizationUserRepository.CreateAsync(new OrganizationUser |
|
{ |
|
OrganizationId = organization.Id, |
|
UserId = user.Id, |
|
Email = user.Email, |
|
Status = OrganizationUserStatusType.Invited, |
|
}); |
|
|
|
var result = await organizationRepository.GetByVerifiedUserEmailDomainAsync(user.Id); |
|
|
|
// Invited users should be excluded even if they have UserId set |
|
Assert.Empty(result); |
|
} |
|
|
|
[Theory, DatabaseData] |
|
public async Task GetByVerifiedUserEmailDomainAsync_WithAcceptedUser_ReturnsOrganization( |
|
IUserRepository userRepository, |
|
IOrganizationRepository organizationRepository, |
|
IOrganizationUserRepository organizationUserRepository, |
|
IOrganizationDomainRepository organizationDomainRepository) |
|
{ |
|
var id = Guid.NewGuid(); |
|
var domainName = $"{id}.example.com"; |
|
|
|
var user = await userRepository.CreateAsync(new User |
|
{ |
|
Name = "Test User", |
|
Email = $"test+{id}@{domainName}", |
|
ApiKey = "TEST", |
|
SecurityStamp = "stamp", |
|
Kdf = KdfType.PBKDF2_SHA256, |
|
KdfIterations = 1, |
|
KdfMemory = 2, |
|
KdfParallelism = 3 |
|
}); |
|
|
|
var organization = await organizationRepository.CreateTestOrganizationAsync(); |
|
|
|
var organizationDomain = new OrganizationDomain |
|
{ |
|
OrganizationId = organization.Id, |
|
DomainName = domainName, |
|
Txt = "btw+12345", |
|
}; |
|
organizationDomain.SetVerifiedDate(); |
|
organizationDomain.SetNextRunDate(12); |
|
organizationDomain.SetJobRunCount(); |
|
await organizationDomainRepository.CreateAsync(organizationDomain); |
|
|
|
await organizationUserRepository.CreateAcceptedTestOrganizationUserAsync(organization, user); |
|
|
|
var result = await organizationRepository.GetByVerifiedUserEmailDomainAsync(user.Id); |
|
|
|
Assert.NotEmpty(result); |
|
Assert.Equal(organization.Id, result.First().Id); |
|
} |
|
|
|
[Theory, DatabaseData] |
|
public async Task GetByVerifiedUserEmailDomainAsync_WithRevokedUser_ReturnsOrganization( |
|
IUserRepository userRepository, |
|
IOrganizationRepository organizationRepository, |
|
IOrganizationUserRepository organizationUserRepository, |
|
IOrganizationDomainRepository organizationDomainRepository) |
|
{ |
|
var id = Guid.NewGuid(); |
|
var domainName = $"{id}.example.com"; |
|
|
|
var user = await userRepository.CreateAsync(new User |
|
{ |
|
Name = "Test User", |
|
Email = $"test+{id}@{domainName}", |
|
ApiKey = "TEST", |
|
SecurityStamp = "stamp", |
|
Kdf = KdfType.PBKDF2_SHA256, |
|
KdfIterations = 1, |
|
KdfMemory = 2, |
|
KdfParallelism = 3 |
|
}); |
|
|
|
var organization = await organizationRepository.CreateTestOrganizationAsync(); |
|
|
|
var organizationDomain = new OrganizationDomain |
|
{ |
|
OrganizationId = organization.Id, |
|
DomainName = domainName, |
|
Txt = "btw+12345", |
|
}; |
|
organizationDomain.SetVerifiedDate(); |
|
organizationDomain.SetNextRunDate(12); |
|
organizationDomain.SetJobRunCount(); |
|
await organizationDomainRepository.CreateAsync(organizationDomain); |
|
|
|
await organizationUserRepository.CreateRevokedTestOrganizationUserAsync(organization, user); |
|
|
|
var result = await organizationRepository.GetByVerifiedUserEmailDomainAsync(user.Id); |
|
|
|
Assert.NotEmpty(result); |
|
Assert.Equal(organization.Id, result.First().Id); |
|
} |
|
}
|
|
|