From dbc7b8ebf98f516dda4d16607026c512dab9753e Mon Sep 17 00:00:00 2001 From: Thomas Avery Date: Fri, 11 Aug 2023 15:57:04 -0500 Subject: [PATCH 1/4] Working POC --- .../Factories/ApiApplicationFactory.cs | 9 ++ .../Controllers/SecretsControllerTests.cs | 91 +++++++++++-------- .../SecretsManager/Enums/PermissionType.cs | 1 + .../SecretsManagerOrganizationHelper.cs | 59 +++++++++++- .../Factories/IdentityApplicationFactory.cs | 18 ++++ 5 files changed, 138 insertions(+), 40 deletions(-) diff --git a/test/Api.IntegrationTest/Factories/ApiApplicationFactory.cs b/test/Api.IntegrationTest/Factories/ApiApplicationFactory.cs index b0d9594bc51f..77dd9c3f11c4 100644 --- a/test/Api.IntegrationTest/Factories/ApiApplicationFactory.cs +++ b/test/Api.IntegrationTest/Factories/ApiApplicationFactory.cs @@ -53,4 +53,13 @@ public async Task<(string Token, string RefreshToken)> LoginAsync(string email = { return await _identityApplicationFactory.TokenFromPasswordAsync(email, masterPasswordHash); } + + /// + /// Helper for logging via client secret. + /// Currently used for Secrets Manager service accounts + /// + public async Task LoginWithClientSecretAsync(Guid clientId, string clientSecret) + { + return await _identityApplicationFactory.TokenFromAccessTokenAsync(clientId, clientSecret); + } } diff --git a/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs b/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs index 3f847d5f2c1d..8fd3bfc7d0f5 100644 --- a/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs +++ b/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs @@ -40,7 +40,7 @@ public async Task InitializeAsync() { _email = $"integration-test{Guid.NewGuid()}@bitwarden.com"; await _factory.LoginWithNewAccount(_email); - _organizationHelper = new SecretsManagerOrganizationHelper(_factory, _email); + _organizationHelper = new SecretsManagerOrganizationHelper(_factory, _email, _client); } public Task DisposeAsync() @@ -55,6 +55,7 @@ private async Task LoginAsync(string email) _client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token); } + [Theory] [InlineData(false, false)] [InlineData(true, false)] @@ -503,32 +504,18 @@ public async Task Update_SmNotEnabled_NotFound(bool useSecrets, bool accessSecre [Theory] [InlineData(PermissionType.RunAsAdmin)] [InlineData(PermissionType.RunAsUserWithPermission)] + [InlineData(PermissionType.RunAsServiceAccountWithPermission)] public async Task Update_Success(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); - var project = await _projectRepository.CreateAsync(new Project() { - Id = new Guid(), + Id = Guid.NewGuid(), OrganizationId = org.Id, Name = _mockEncryptedString }); - if (permissionType == PermissionType.RunAsUserWithPermission) - { - var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); - - var accessPolicies = new List - { - new UserProjectAccessPolicy - { - GrantedProjectId = project.Id, OrganizationUserId = orgUser.Id, Read = true, Write = true, - }, - }; - await _accessPolicyRepository.CreateManyAsync(accessPolicies); - } + await SetupProjectPermissionAndLoginAsync(permissionType, project); var secret = await _secretRepository.CreateAsync(new Secret { @@ -536,7 +523,7 @@ public async Task Update_Success(PermissionType permissionType) Key = _mockEncryptedString, Value = _mockEncryptedString, Note = _mockEncryptedString, - Projects = permissionType == PermissionType.RunAsUserWithPermission ? new List() { project } : null + Projects = permissionType != PermissionType.RunAsAdmin ? new List() { project } : null }); var request = new SecretUpdateRequestModel() @@ -544,7 +531,7 @@ public async Task Update_Success(PermissionType permissionType) Key = _mockEncryptedString, Value = "2.3Uk+WNBIoU5xzmVFNcoWzz==|1MsPIYuRfdOHfu/0uY6H2Q==|/98xy4wb6pHP1VTZ9JcNCYgQjEUMFPlqJgCwRk1YXKg=", Note = _mockEncryptedString, - ProjectIds = permissionType == PermissionType.RunAsUserWithPermission ? new Guid[] { project.Id } : null + ProjectIds = permissionType != PermissionType.RunAsAdmin ? new Guid[] { project.Id } : null }; var response = await _client.PutAsJsonAsync($"/secrets/{secret.Id}", request); @@ -669,27 +656,12 @@ public async Task Delete_MissingAccessPolicy_AccessDenied() [Theory] [InlineData(PermissionType.RunAsAdmin)] [InlineData(PermissionType.RunAsUserWithPermission)] + [InlineData(PermissionType.RunAsServiceAccountWithPermission)] public async Task Delete_Success(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); - var (project, secretIds) = await CreateSecretsAsync(org.Id, 3); - - if (permissionType == PermissionType.RunAsUserWithPermission) - { - var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); - - var accessPolicies = new List - { - new UserProjectAccessPolicy - { - GrantedProjectId = project.Id, OrganizationUserId = orgUser.Id, Read = true, Write = true, - }, - }; - await _accessPolicyRepository.CreateManyAsync(accessPolicies); - } + await SetupProjectPermissionAndLoginAsync(permissionType, project); var response = await _client.PostAsJsonAsync($"/secrets/delete", secretIds); response.EnsureSuccessStatusCode(); @@ -734,4 +706,49 @@ private async Task<(Project Project, List secretIds)> CreateSecretsAsync(G return (project, secretIds); } + + private async Task SetupProjectPermissionAndLoginAsync(PermissionType permissionType, Project project) + { + switch (permissionType) + { + case PermissionType.RunAsAdmin: + { + await LoginAsync(_email); + break; + } + case PermissionType.RunAsUserWithPermission: + { + var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); + await LoginAsync(email); + + var accessPolicies = new List + { + new UserProjectAccessPolicy + { + GrantedProjectId = project.Id, OrganizationUserId = orgUser.Id, Read = true, Write = true, + }, + }; + await _accessPolicyRepository.CreateManyAsync(accessPolicies); + break; + } + case PermissionType.RunAsServiceAccountWithPermission: + { + var (serviceAccountId, apiKeyDetails) = await _organizationHelper.CreateNewServiceAccountApiKeyAsync(); + await _organizationHelper.LoginAsync(serviceAccountId, apiKeyDetails.ApiKey.Id, + apiKeyDetails.ClientSecret); + + var accessPolicies = new List + { + new ServiceAccountProjectAccessPolicy + { + GrantedProjectId = project.Id, ServiceAccountId = serviceAccountId, Read = true, Write = true, + }, + }; + await _accessPolicyRepository.CreateManyAsync(accessPolicies); + break; + } + default: + throw new ArgumentOutOfRangeException(nameof(permissionType), permissionType, null); + } + } } diff --git a/test/Api.IntegrationTest/SecretsManager/Enums/PermissionType.cs b/test/Api.IntegrationTest/SecretsManager/Enums/PermissionType.cs index 7f1c4d7b999f..972bc7f0bec0 100644 --- a/test/Api.IntegrationTest/SecretsManager/Enums/PermissionType.cs +++ b/test/Api.IntegrationTest/SecretsManager/Enums/PermissionType.cs @@ -4,4 +4,5 @@ public enum PermissionType { RunAsAdmin, RunAsUserWithPermission, + RunAsServiceAccountWithPermission, } diff --git a/test/Api.IntegrationTest/SecretsManager/SecretsManagerOrganizationHelper.cs b/test/Api.IntegrationTest/SecretsManager/SecretsManagerOrganizationHelper.cs index 7e86386d27bd..9644b3d7a24c 100644 --- a/test/Api.IntegrationTest/SecretsManager/SecretsManagerOrganizationHelper.cs +++ b/test/Api.IntegrationTest/SecretsManager/SecretsManagerOrganizationHelper.cs @@ -1,8 +1,13 @@ -using Bit.Api.IntegrationTest.Factories; +using System.Net.Http.Headers; +using Bit.Api.IntegrationTest.Factories; using Bit.Api.IntegrationTest.Helpers; using Bit.Core.Entities; using Bit.Core.Enums; using Bit.Core.Repositories; +using Bit.Core.SecretsManager.Commands.AccessTokens.Interfaces; +using Bit.Core.SecretsManager.Entities; +using Bit.Core.SecretsManager.Models.Data; +using Bit.Core.SecretsManager.Repositories; namespace Bit.Api.IntegrationTest.SecretsManager; @@ -12,17 +17,25 @@ public class SecretsManagerOrganizationHelper private readonly string _ownerEmail; private readonly IOrganizationRepository _organizationRepository; private readonly IOrganizationUserRepository _organizationUserRepository; + private readonly IServiceAccountRepository _serviceAccountRepository; + private readonly ICreateAccessTokenCommand _createAccessTokenCommand; + private readonly HttpClient _client; public Organization _organization = null!; public OrganizationUser _owner = null!; - public SecretsManagerOrganizationHelper(ApiApplicationFactory factory, string ownerEmail) + public SecretsManagerOrganizationHelper(ApiApplicationFactory factory, string ownerEmail, HttpClient? client = null) { _factory = factory; + if (client != null) + { + _client = client; + } _organizationRepository = factory.GetService(); _organizationUserRepository = factory.GetService(); - _ownerEmail = ownerEmail; + _serviceAccountRepository = factory.GetService(); + _createAccessTokenCommand = factory.GetService(); } public async Task<(Organization organization, OrganizationUser owner)> Initialize(bool useSecrets, bool ownerAccessSecrets) @@ -52,4 +65,44 @@ public async Task<(string email, OrganizationUser orgUser)> CreateNewUser(Organi return (email, orgUser); } + + public async Task<(Guid serviceAccountId, ApiKeyClientSecretDetails apiKeyDetails)> CreateNewServiceAccountApiKeyAsync() + { + var serviceAccountId = Guid.NewGuid(); + var serviceAccount = new ServiceAccount() + { + Id = serviceAccountId, + OrganizationId = _organization.Id, + Name = $"integration-test-{serviceAccountId}sa", + CreationDate = DateTime.UtcNow, + RevisionDate = DateTime.UtcNow, + }; + await _serviceAccountRepository.CreateAsync(serviceAccount); + + var apiKey = new ApiKey() + { + ServiceAccountId = serviceAccountId, + Name = "integration-token", + Key = Guid.NewGuid().ToString(), + ExpireAt = null, + Scope = "[\"api.secrets\"]", + EncryptedPayload = Guid.NewGuid().ToString(), + }; + var result = await _createAccessTokenCommand.CreateAsync(apiKey); + + return (serviceAccountId, result); + } + + public async Task LoginAsync(string email) + { + var tokens = await _factory.LoginAsync(email); + _client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token); + } + + public async Task LoginAsync(Guid serviceAccountId, Guid clientId, string clientSecret) + { + var token = await _factory.LoginWithClientSecretAsync(clientId, clientSecret); + _client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token); + _client.DefaultRequestHeaders.Add("service_account_id", serviceAccountId.ToString()); + } } diff --git a/test/IntegrationTestCommon/Factories/IdentityApplicationFactory.cs b/test/IntegrationTestCommon/Factories/IdentityApplicationFactory.cs index d47b3da861b1..1ac31ace9c07 100644 --- a/test/IntegrationTestCommon/Factories/IdentityApplicationFactory.cs +++ b/test/IntegrationTestCommon/Factories/IdentityApplicationFactory.cs @@ -42,4 +42,22 @@ public async Task RegisterAsync(RegisterRequestModel model) return (root.GetProperty("access_token").GetString(), root.GetProperty("refresh_token").GetString()); } + + public async Task TokenFromAccessTokenAsync(Guid clientId, string clientSecret, + DeviceType deviceType = DeviceType.SDK) + { + var context = await Server.PostAsync("/connect/token", new FormUrlEncodedContent(new Dictionary + { + { "scope", "api.secrets" }, + { "client_id", clientId.ToString() }, + { "client_secret", clientSecret }, + { "grant_type", "client_credentials" }, + { "deviceType", ((int)deviceType).ToString() }, + })); + + using var body = await AssertHelper.AssertResponseTypeIs(context); + var root = body.RootElement; + + return root.GetProperty("access_token").GetString(); + } } From 7810fc23bae4e00b752b5587dd6f07814edaba85 Mon Sep 17 00:00:00 2001 From: Thomas Avery Date: Fri, 6 Oct 2023 15:11:18 -0500 Subject: [PATCH 2/4] refactor and DRY up logic into ClientTestHelper --- .../Helpers/ClientTestHelper.cs | 30 +++++ .../AccessPoliciesControllerTests.cs | 106 +++++++++--------- .../Controllers/ProjectsControllerTests.cs | 45 ++++---- .../Controllers/SecretsControllerTests.cs | 78 ++++++------- .../SecretsManagerPortingControllerTests.cs | 19 +--- .../SecretsTrashControllerTests.cs | 32 +++--- .../ServiceAccountsControllerTests.cs | 72 ++++++------ .../SecretsManagerOrganizationHelper.cs | 37 ++---- .../Factories/IdentityApplicationFactory.cs | 17 +-- 9 files changed, 207 insertions(+), 229 deletions(-) create mode 100644 test/Api.IntegrationTest/Helpers/ClientTestHelper.cs diff --git a/test/Api.IntegrationTest/Helpers/ClientTestHelper.cs b/test/Api.IntegrationTest/Helpers/ClientTestHelper.cs new file mode 100644 index 000000000000..11251398d4a5 --- /dev/null +++ b/test/Api.IntegrationTest/Helpers/ClientTestHelper.cs @@ -0,0 +1,30 @@ +using System.Net.Http.Headers; +using Bit.Api.IntegrationTest.Factories; +using Bit.Core.SecretsManager.Models.Data; + +namespace Bit.Api.IntegrationTest.Helpers; + +public class ClientTestHelper +{ + private readonly HttpClient _client; + private readonly ApiApplicationFactory _factory; + + public ClientTestHelper(ApiApplicationFactory factory, HttpClient client) + { + _factory = factory; + _client = client; + } + + public async Task LoginAsync(string email) + { + var tokens = await _factory.LoginAsync(email); + _client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token); + } + + public async Task LoginWithApiKeyAsync(ApiKeyClientSecretDetails apiKeyDetails) + { + var token = await _factory.LoginWithClientSecretAsync(apiKeyDetails.ApiKey.Id, apiKeyDetails.ClientSecret); + _client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token); + _client.DefaultRequestHeaders.Add("service_account_id", apiKeyDetails.ApiKey.ServiceAccountId.ToString()); + } +} diff --git a/test/Api.IntegrationTest/SecretsManager/Controllers/AccessPoliciesControllerTests.cs b/test/Api.IntegrationTest/SecretsManager/Controllers/AccessPoliciesControllerTests.cs index 171dad4a8f9c..0d9df9fc1654 100644 --- a/test/Api.IntegrationTest/SecretsManager/Controllers/AccessPoliciesControllerTests.cs +++ b/test/Api.IntegrationTest/SecretsManager/Controllers/AccessPoliciesControllerTests.cs @@ -1,6 +1,6 @@ using System.Net; -using System.Net.Http.Headers; using Bit.Api.IntegrationTest.Factories; +using Bit.Api.IntegrationTest.Helpers; using Bit.Api.IntegrationTest.SecretsManager.Enums; using Bit.Api.Models.Response; using Bit.Api.SecretsManager.Models.Request; @@ -24,6 +24,7 @@ public class AccessPoliciesControllerTests : IClassFixture(); _serviceAccountRepository = _factory.GetService(); _projectRepository = _factory.GetService(); + _clientTestHelper = new ClientTestHelper(_factory, _client); } public async Task InitializeAsync() @@ -49,12 +51,6 @@ public Task DisposeAsync() return Task.CompletedTask; } - private async Task LoginAsync(string email) - { - var tokens = await _factory.LoginAsync(email); - _client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token); - } - [Theory] [InlineData(false, false)] [InlineData(true, false)] @@ -62,7 +58,7 @@ private async Task LoginAsync(string email) public async Task CreateProjectAccessPolicies_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var (projectId, serviceAccountId) = await CreateProjectAndServiceAccountAsync(org.Id); @@ -84,7 +80,7 @@ public async Task CreateProjectAccessPolicies_NoPermission() // Create a new account as a user var (org, _) = await _organizationHelper.Initialize(true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var (projectId, serviceAccountId) = await CreateProjectAndServiceAccountAsync(org.Id); var request = new AccessPoliciesCreateRequest @@ -106,7 +102,7 @@ public async Task CreateProjectAccessPolicies_NoPermission() public async Task CreateProjectAccessPolicies_MismatchedOrgIds_NotFound(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var (projectId, serviceAccountId) = await CreateProjectAndServiceAccountAsync(org.Id, true); await SetupProjectAndServiceAccountPermissionAsync(permissionType, projectId, serviceAccountId); @@ -131,7 +127,7 @@ public async Task CreateProjectAccessPolicies_MismatchedOrgIds_NotFound(Permissi public async Task CreateProjectAccessPolicies_Success(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var (projectId, serviceAccountId) = await CreateProjectAndServiceAccountAsync(org.Id); await SetupProjectAndServiceAccountPermissionAsync(permissionType, projectId, serviceAccountId); @@ -173,7 +169,7 @@ public async Task CreateProjectAccessPolicies_Success(PermissionType permissionT public async Task UpdateAccessPolicy_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var initData = await SetupAccessPolicyRequest(org.Id); const bool expectedRead = true; @@ -190,7 +186,7 @@ public async Task UpdateAccessPolicy_NoPermission() // Create a new account as a user await _organizationHelper.Initialize(true, true); var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var initData = await SetupAccessPolicyRequest(orgUser.OrganizationId); @@ -209,13 +205,13 @@ public async Task UpdateAccessPolicy_NoPermission() public async Task UpdateAccessPolicy_Success(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var initData = await SetupAccessPolicyRequest(org.Id); if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var accessPolicies = new List { new UserProjectAccessPolicy @@ -254,7 +250,7 @@ public async Task UpdateAccessPolicy_Success(PermissionType permissionType) public async Task DeleteAccessPolicy_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var initData = await SetupAccessPolicyRequest(org.Id); var response = await _client.DeleteAsync($"/access-policies/{initData.AccessPolicyId}"); @@ -267,7 +263,7 @@ public async Task DeleteAccessPolicy_NoPermission() // Create a new account as a user await _organizationHelper.Initialize(true, true); var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var initData = await SetupAccessPolicyRequest(orgUser.OrganizationId); @@ -282,13 +278,13 @@ public async Task DeleteAccessPolicy_NoPermission() public async Task DeleteAccessPolicy_Success(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var initData = await SetupAccessPolicyRequest(org.Id); if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var accessPolicies = new List { new UserProjectAccessPolicy @@ -310,7 +306,7 @@ public async Task DeleteAccessPolicy_Success(PermissionType permissionType) public async Task GetProjectAccessPolicies_ReturnsEmpty() { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var project = await _projectRepository.CreateAsync(new Project { @@ -336,7 +332,7 @@ public async Task GetProjectAccessPolicies_ReturnsEmpty() public async Task GetProjectAccessPolicies_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var initData = await SetupAccessPolicyRequest(org.Id); @@ -350,7 +346,7 @@ public async Task GetProjectAccessPolicies_NoPermission() // Create a new account as a user await _organizationHelper.Initialize(true, true); var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var initData = await SetupAccessPolicyRequest(orgUser.OrganizationId); @@ -365,13 +361,13 @@ public async Task GetProjectAccessPolicies_NoPermission() public async Task GetProjectAccessPolicies(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var initData = await SetupAccessPolicyRequest(org.Id); if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var accessPolicies = new List { new UserProjectAccessPolicy @@ -398,7 +394,7 @@ public async Task GetProjectAccessPolicies(PermissionType permissionType) public async Task GetPeoplePotentialGrantees_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var response = await _client.GetAsync( @@ -412,12 +408,12 @@ public async Task GetPeoplePotentialGrantees_SmNotEnabled_NotFound(bool useSecre public async Task GetPeoplePotentialGrantees_Success(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); } var response = @@ -438,7 +434,7 @@ public async Task GetPeoplePotentialGrantees_Success(PermissionType permissionTy public async Task GetServiceAccountPotentialGrantees_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var response = await _client.GetAsync( @@ -452,7 +448,7 @@ public async Task GetServiceAccountPotentialGrantees_OnlyReturnsServiceAccountsW // Create a new account as a user var (org, _) = await _organizationHelper.Initialize(true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -478,7 +474,7 @@ public async Task GetServiceAccountPotentialGrantees_OnlyReturnsServiceAccountsW public async Task GetServiceAccountsPotentialGrantees_Success(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -489,7 +485,7 @@ public async Task GetServiceAccountsPotentialGrantees_Success(PermissionType per if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); await _accessPolicyRepository.CreateManyAsync( new List @@ -523,7 +519,7 @@ public async Task GetServiceAccountsPotentialGrantees_Success(PermissionType per public async Task GetProjectPotentialGrantees_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var response = await _client.GetAsync( @@ -537,7 +533,7 @@ public async Task GetProjectPotentialGrantees_OnlyReturnsProjectsWithWriteAccess // Create a new account as a user var (org, _) = await _organizationHelper.Initialize(true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); await _projectRepository.CreateAsync(new Project { OrganizationId = org.Id, Name = _mockEncryptedString }); @@ -559,7 +555,7 @@ public async Task GetProjectPotentialGrantees_OnlyReturnsProjectsWithWriteAccess public async Task GetProjectPotentialGrantees_Success(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var project = await _projectRepository.CreateAsync(new Project { @@ -570,7 +566,7 @@ public async Task GetProjectPotentialGrantees_Success(PermissionType permissionT if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); await _accessPolicyRepository.CreateManyAsync( new List @@ -601,7 +597,7 @@ public async Task GetProjectPotentialGrantees_Success(PermissionType permissionT public async Task CreateServiceAccountAccessPolicies_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, orgUser) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -628,7 +624,7 @@ public async Task CreateServiceAccountAccessPolicies_SmNotEnabled_NotFound(bool public async Task CreateServiceAccountAccessPolicies_MismatchOrgId_NotFound(PermissionType permissionType) { var (org, orgUser) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var ownerOrgUserId = orgUser.Id; var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount @@ -651,7 +647,7 @@ public async Task CreateServiceAccountAccessPolicies_MismatchOrgId_NotFound(Perm public async Task CreateServiceAccountAccessPolicies_Success(PermissionType permissionType) { var (org, orgUser) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var ownerOrgUserId = orgUser.Id; var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount @@ -689,7 +685,7 @@ public async Task CreateServiceAccountAccessPolicies_NoPermission() // Create a new account as a user var (org, _) = await _organizationHelper.Initialize(true, true); var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -717,7 +713,7 @@ public async Task CreateServiceAccountAccessPolicies_NoPermission() public async Task GetServiceAccountAccessPolicies_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var initData = await SetupAccessPolicyRequest(org.Id); var response = await _client.GetAsync($"/service-accounts/{initData.ServiceAccountId}/access-policies"); @@ -728,7 +724,7 @@ public async Task GetServiceAccountAccessPolicies_SmNotEnabled_NotFound(bool use public async Task GetServiceAccountAccessPolicies_ReturnsEmpty() { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -752,7 +748,7 @@ public async Task GetServiceAccountAccessPolicies_NoPermission() // Create a new account as a user await _organizationHelper.Initialize(true, true); var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var initData = await SetupAccessPolicyRequest(orgUser.OrganizationId); @@ -767,13 +763,13 @@ public async Task GetServiceAccountAccessPolicies_NoPermission() public async Task GetServiceAccountAccessPolicies(PermissionType permissionType) { var (org, ownerOrgUser) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var initData = await SetupAccessPolicyRequest(org.Id); if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var accessPolicies = new List { new UserServiceAccountAccessPolicy @@ -817,7 +813,7 @@ public async Task GetServiceAccountAccessPolicies(PermissionType permissionType) public async Task CreateServiceAccountGrantedPolicies_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -838,7 +834,7 @@ public async Task CreateServiceAccountGrantedPolicies_NoPermission() // Create a new account as a user var (org, _) = await _organizationHelper.Initialize(true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -866,7 +862,7 @@ public async Task CreateServiceAccountGrantedPolicies_NoPermission() public async Task CreateServiceAccountGrantedPolicies_MismatchedOrgId_NotFound(PermissionType permissionType) { var (org, orgUser) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var ownerOrgUserId = orgUser.Id; var (projectId, serviceAccountId) = await CreateProjectAndServiceAccountAsync(org.Id, true); @@ -887,7 +883,7 @@ public async Task CreateServiceAccountGrantedPolicies_MismatchedOrgId_NotFound(P public async Task CreateServiceAccountGrantedPolicies_Success(PermissionType permissionType) { var (org, orgUser) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var ownerOrgUserId = orgUser.Id; var (projectId, serviceAccountId) = await CreateProjectAndServiceAccountAsync(org.Id); @@ -924,7 +920,7 @@ public async Task CreateServiceAccountGrantedPolicies_Success(PermissionType per public async Task GetServiceAccountGrantedPolicies_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var initData = await SetupAccessPolicyRequest(org.Id); var response = await _client.GetAsync($"/service-accounts/{initData.ServiceAccountId}/granted-policies"); @@ -935,7 +931,7 @@ public async Task GetServiceAccountGrantedPolicies_SmNotEnabled_NotFound(bool us public async Task GetServiceAccountGrantedPolicies_ReturnsEmpty() { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -959,7 +955,7 @@ public async Task GetServiceAccountGrantedPolicies_NoPermission_ReturnsEmpty() // Create a new account as a user await _organizationHelper.Initialize(true, true); var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var initData = await SetupAccessPolicyRequest(orgUser.OrganizationId); @@ -978,13 +974,13 @@ public async Task GetServiceAccountGrantedPolicies_NoPermission_ReturnsEmpty() public async Task GetServiceAccountGrantedPolicies(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var initData = await SetupAccessPolicyRequest(org.Id); if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var accessPolicies = new List { new UserProjectAccessPolicy @@ -1063,7 +1059,7 @@ private async Task SetupAccessPolicyRequest(Guid organizationI if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var accessPolicies = new List { new UserProjectAccessPolicy @@ -1088,7 +1084,7 @@ private async Task SetupAccessPolicyRequest(Guid organizationI if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, newOrgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var accessPolicies = new List { new UserServiceAccountAccessPolicy diff --git a/test/Api.IntegrationTest/SecretsManager/Controllers/ProjectsControllerTests.cs b/test/Api.IntegrationTest/SecretsManager/Controllers/ProjectsControllerTests.cs index fa88a44b838c..66241cd089ad 100644 --- a/test/Api.IntegrationTest/SecretsManager/Controllers/ProjectsControllerTests.cs +++ b/test/Api.IntegrationTest/SecretsManager/Controllers/ProjectsControllerTests.cs @@ -1,6 +1,6 @@ using System.Net; -using System.Net.Http.Headers; using Bit.Api.IntegrationTest.Factories; +using Bit.Api.IntegrationTest.Helpers; using Bit.Api.IntegrationTest.SecretsManager.Enums; using Bit.Api.Models.Response; using Bit.Api.SecretsManager.Models.Request; @@ -10,7 +10,6 @@ using Bit.Core.SecretsManager.Entities; using Bit.Core.SecretsManager.Repositories; using Bit.Test.Common.Helpers; -using Pipelines.Sockets.Unofficial.Arenas; using Xunit; namespace Bit.Api.IntegrationTest.SecretsManager.Controllers; @@ -24,6 +23,7 @@ public class ProjectsControllerTests : IClassFixture, IAs private readonly ApiApplicationFactory _factory; private readonly IProjectRepository _projectRepository; private readonly IAccessPolicyRepository _accessPolicyRepository; + private readonly ClientTestHelper _clientTestHelper; private string _email = null!; private SecretsManagerOrganizationHelper _organizationHelper = null!; @@ -34,6 +34,7 @@ public ProjectsControllerTests(ApiApplicationFactory factory) _client = _factory.CreateClient(); _projectRepository = _factory.GetService(); _accessPolicyRepository = _factory.GetService(); + _clientTestHelper = new ClientTestHelper(_factory, _client); } public async Task InitializeAsync() @@ -49,12 +50,6 @@ public Task DisposeAsync() return Task.CompletedTask; } - private async Task LoginAsync(string email) - { - var tokens = await _factory.LoginAsync(email); - _client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token); - } - [Theory] [InlineData(false, false)] [InlineData(true, false)] @@ -62,7 +57,7 @@ private async Task LoginAsync(string email) public async Task ListByOrganization_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var response = await _client.GetAsync($"/organizations/{org.Id}/projects"); Assert.Equal(HttpStatusCode.NotFound, response.StatusCode); @@ -73,7 +68,7 @@ public async Task ListByOrganization_UserWithoutPermission_EmptyList() { var (org, _) = await _organizationHelper.Initialize(true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); await CreateProjectsAsync(org.Id); @@ -108,7 +103,7 @@ public async Task ListByOrganization_Success(PermissionType permissionType) public async Task Create_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var request = new ProjectCreateRequestModel { Name = _mockEncryptedString }; @@ -135,14 +130,14 @@ public async Task Create_AtMaxProjects_BadRequest(PermissionType permissionType) public async Task Create_Success(PermissionType permissionType) { var (org, adminOrgUser) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var orgUserId = adminOrgUser.Id; var currentUserId = adminOrgUser.UserId!.Value; if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); orgUserId = orgUser.Id; currentUserId = orgUser.UserId!.Value; } @@ -184,7 +179,7 @@ public async Task Create_Success(PermissionType permissionType) public async Task Update_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var initialProject = await _projectRepository.CreateAsync(new Project { @@ -232,7 +227,7 @@ public async Task Update_Success(PermissionType permissionType) public async Task Update_NonExistingProject_NotFound() { await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var request = new ProjectUpdateRequestModel { @@ -250,7 +245,7 @@ public async Task Update_MissingAccessPolicy_NotFound() { var (org, _) = await _organizationHelper.Initialize(true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var project = await _projectRepository.CreateAsync(new Project { @@ -276,7 +271,7 @@ public async Task Update_MissingAccessPolicy_NotFound() public async Task Get_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var project = await _projectRepository.CreateAsync(new Project { @@ -297,7 +292,7 @@ public async Task Get_MissingAccessPolicy_NotFound() { var (org, _) = await _organizationHelper.Initialize(true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var createdProject = await _projectRepository.CreateAsync(new Project { @@ -314,7 +309,7 @@ public async Task Get_NonExistingProject_NotFound() { var (org, _) = await _organizationHelper.Initialize(true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var createdProject = await _projectRepository.CreateAsync(new Project { @@ -352,7 +347,7 @@ public async Task Get_Success(PermissionType permissionType) public async Task Delete_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var projectIds = await CreateProjectsAsync(org.Id); @@ -365,7 +360,7 @@ public async Task Delete_MissingAccessPolicy_AccessDenied() { var (org, _) = await _organizationHelper.Initialize(true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var projectIds = await CreateProjectsAsync(org.Id); @@ -418,7 +413,7 @@ private async Task> CreateProjectsAsync(Guid orgId, int numberToCreat int projectsToCreate = 3) { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var projectIds = await CreateProjectsAsync(org.Id, projectsToCreate); if (permissionType == PermissionType.RunAsAdmin) @@ -427,7 +422,7 @@ private async Task> CreateProjectsAsync(Guid orgId, int numberToCreat } var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var accessPolicies = projectIds.Select(projectId => new UserProjectAccessPolicy { @@ -447,7 +442,7 @@ private async Task> CreateProjectsAsync(Guid orgId, int numberToCreat private async Task SetupProjectWithAccessAsync(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var initialProject = await _projectRepository.CreateAsync(new Project { @@ -461,7 +456,7 @@ private async Task SetupProjectWithAccessAsync(PermissionType permissio } var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var accessPolicies = new List { diff --git a/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs b/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs index cf1ddfffc29f..5c649e4ff710 100644 --- a/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs +++ b/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs @@ -1,6 +1,6 @@ using System.Net; -using System.Net.Http.Headers; using Bit.Api.IntegrationTest.Factories; +using Bit.Api.IntegrationTest.Helpers; using Bit.Api.IntegrationTest.SecretsManager.Enums; using Bit.Api.Models.Response; using Bit.Api.SecretsManager.Models.Request; @@ -23,6 +23,7 @@ public class SecretsControllerTests : IClassFixture, IAsy private readonly ISecretRepository _secretRepository; private readonly IProjectRepository _projectRepository; private readonly IAccessPolicyRepository _accessPolicyRepository; + private readonly ClientTestHelper _clientTestHelper; private string _email = null!; private SecretsManagerOrganizationHelper _organizationHelper = null!; @@ -34,13 +35,14 @@ public SecretsControllerTests(ApiApplicationFactory factory) _secretRepository = _factory.GetService(); _projectRepository = _factory.GetService(); _accessPolicyRepository = _factory.GetService(); + _clientTestHelper = new ClientTestHelper(_factory, _client); } public async Task InitializeAsync() { _email = $"integration-test{Guid.NewGuid()}@bitwarden.com"; await _factory.LoginWithNewAccount(_email); - _organizationHelper = new SecretsManagerOrganizationHelper(_factory, _email, _client); + _organizationHelper = new SecretsManagerOrganizationHelper(_factory, _email); } public Task DisposeAsync() @@ -49,13 +51,6 @@ public Task DisposeAsync() return Task.CompletedTask; } - private async Task LoginAsync(string email) - { - var tokens = await _factory.LoginAsync(email); - _client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token); - } - - [Theory] [InlineData(false, false)] [InlineData(true, false)] @@ -63,7 +58,7 @@ private async Task LoginAsync(string email) public async Task ListByOrganization_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var response = await _client.GetAsync($"/organizations/{org.Id}/secrets"); Assert.Equal(HttpStatusCode.NotFound, response.StatusCode); @@ -75,7 +70,7 @@ public async Task ListByOrganization_SmNotEnabled_NotFound(bool useSecrets, bool public async Task ListByOrganization_Success(PermissionType permissionType) { var (org, orgUserOwner) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var project = await _projectRepository.CreateAsync(new Project { @@ -87,7 +82,7 @@ public async Task ListByOrganization_Success(PermissionType permissionType) if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var accessPolicies = new List { @@ -130,7 +125,7 @@ public async Task ListByOrganization_Success(PermissionType permissionType) public async Task Create_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var request = new SecretCreateRequestModel { @@ -147,7 +142,7 @@ public async Task Create_SmNotEnabled_NotFound(bool useSecrets, bool accessSecre public async Task CreateWithoutProject_RunAsAdmin_Success() { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var request = new SecretCreateRequestModel { @@ -181,7 +176,7 @@ public async Task CreateWithoutProject_RunAsAdmin_Success() public async Task CreateWithDifferentProjectOrgId_RunAsAdmin_NotFound() { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var project = await _projectRepository.CreateAsync(new Project { Name = "123" }); @@ -201,7 +196,7 @@ public async Task CreateWithDifferentProjectOrgId_RunAsAdmin_NotFound() public async Task CreateWithMultipleProjects_RunAsAdmin_BadRequest() { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var projectA = await _projectRepository.CreateAsync(new Project { OrganizationId = org.Id, Name = "123A" }); var projectB = await _projectRepository.CreateAsync(new Project { OrganizationId = org.Id, Name = "123B" }); @@ -223,7 +218,7 @@ public async Task CreateWithoutProject_RunAsUser_NotFound() { var (org, _) = await _organizationHelper.Initialize(true, true); var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var request = new SecretCreateRequestModel { @@ -242,7 +237,7 @@ public async Task CreateWithoutProject_RunAsUser_NotFound() public async Task CreateWithProject_Success(PermissionType permissionType) { var (org, orgAdminUser) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); AccessClientType accessType = AccessClientType.NoAccessCheck; @@ -258,7 +253,7 @@ public async Task CreateWithProject_Success(PermissionType permissionType) if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); accessType = AccessClientType.User; var accessPolicies = new List @@ -303,7 +298,7 @@ public async Task CreateWithProject_Success(PermissionType permissionType) public async Task Get_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var secret = await _secretRepository.CreateAsync(new Secret { @@ -323,7 +318,7 @@ public async Task Get_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) public async Task Get_Success(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var project = await _projectRepository.CreateAsync(new Project() { @@ -335,7 +330,7 @@ public async Task Get_Success(PermissionType permissionType) if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var accessPolicies = new List { @@ -349,7 +344,7 @@ public async Task Get_Success(PermissionType permissionType) else { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.Admin, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); } var secret = await _secretRepository.CreateAsync(new Secret @@ -378,7 +373,7 @@ public async Task Get_Success(PermissionType permissionType) public async Task GetSecretsByProject_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var project = await _projectRepository.CreateAsync(new Project { @@ -395,7 +390,7 @@ public async Task GetSecretsByProject_UserWithNoPermission_EmptyList() { var (org, _) = await _organizationHelper.Initialize(true, true); var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var project = await _projectRepository.CreateAsync(new Project() { @@ -427,7 +422,7 @@ public async Task GetSecretsByProject_UserWithNoPermission_EmptyList() public async Task GetSecretsByProject_Success(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var project = await _projectRepository.CreateAsync(new Project() { @@ -439,7 +434,7 @@ public async Task GetSecretsByProject_Success(PermissionType permissionType) if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var accessPolicies = new List { @@ -480,7 +475,7 @@ public async Task GetSecretsByProject_Success(PermissionType permissionType) public async Task Update_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var secret = await _secretRepository.CreateAsync(new Secret { @@ -560,7 +555,7 @@ public async Task Update_Success(PermissionType permissionType) public async Task UpdateWithDifferentProjectOrgId_RunAsAdmin_NotFound() { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var project = await _projectRepository.CreateAsync(new Project { Name = "123" }); @@ -588,7 +583,7 @@ public async Task UpdateWithDifferentProjectOrgId_RunAsAdmin_NotFound() public async Task UpdateWithMultipleProjects_BadRequest() { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var projectA = await _projectRepository.CreateAsync(new Project { OrganizationId = org.Id, Name = "123A" }); var projectB = await _projectRepository.CreateAsync(new Project { OrganizationId = org.Id, Name = "123B" }); @@ -620,7 +615,7 @@ public async Task UpdateWithMultipleProjects_BadRequest() public async Task Delete_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var secret = await _secretRepository.CreateAsync(new Secret { @@ -640,7 +635,7 @@ public async Task Delete_MissingAccessPolicy_AccessDenied() { var (org, _) = await _organizationHelper.Initialize(true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var (_, secretIds) = await CreateSecretsAsync(org.Id, 3); @@ -688,7 +683,7 @@ public async Task Delete_Success(PermissionType permissionType) public async Task GetSecretsByIds_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var secret = await _secretRepository.CreateAsync(new Secret { @@ -710,14 +705,14 @@ public async Task GetSecretsByIds_SmNotEnabled_NotFound(bool useSecrets, bool ac public async Task GetSecretsByIds_Success(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var (project, secretIds) = await CreateSecretsAsync(org.Id); if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var accessPolicies = new List { @@ -731,7 +726,7 @@ public async Task GetSecretsByIds_Success(PermissionType permissionType) else { var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.Admin, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); } var request = new GetSecretsRequestModel { Ids = secretIds }; @@ -776,13 +771,13 @@ private async Task SetupProjectPermissionAndLoginAsync(PermissionType permission { case PermissionType.RunAsAdmin: { - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); break; } case PermissionType.RunAsUserWithPermission: { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var accessPolicies = new List { @@ -796,15 +791,14 @@ private async Task SetupProjectPermissionAndLoginAsync(PermissionType permission } case PermissionType.RunAsServiceAccountWithPermission: { - var (serviceAccountId, apiKeyDetails) = await _organizationHelper.CreateNewServiceAccountApiKeyAsync(); - await _organizationHelper.LoginAsync(serviceAccountId, apiKeyDetails.ApiKey.Id, - apiKeyDetails.ClientSecret); + var apiKeyDetails = await _organizationHelper.CreateNewServiceAccountApiKeyAsync(); + await _clientTestHelper.LoginWithApiKeyAsync(apiKeyDetails); var accessPolicies = new List { new ServiceAccountProjectAccessPolicy { - GrantedProjectId = project.Id, ServiceAccountId = serviceAccountId, Read = true, Write = true, + GrantedProjectId = project.Id, ServiceAccountId = apiKeyDetails.ApiKey.ServiceAccountId, Read = true, Write = true, }, }; await _accessPolicyRepository.CreateManyAsync(accessPolicies); diff --git a/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsManagerPortingControllerTests.cs b/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsManagerPortingControllerTests.cs index 62d5554099e1..309af677b0e7 100644 --- a/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsManagerPortingControllerTests.cs +++ b/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsManagerPortingControllerTests.cs @@ -1,8 +1,7 @@ using System.Net; -using System.Net.Http.Headers; using Bit.Api.IntegrationTest.Factories; +using Bit.Api.IntegrationTest.Helpers; using Bit.Api.SecretsManager.Models.Request; -using Bit.Core.SecretsManager.Repositories; using Xunit; namespace Bit.Api.IntegrationTest.SecretsManager.Controllers; @@ -11,8 +10,7 @@ public class SecretsManagerPortingControllerTests : IClassFixture(); - _accessPolicyRepository = _factory.GetService(); + _clientTestHelper = new ClientTestHelper(_factory, _client); } public async Task InitializeAsync() @@ -38,12 +35,6 @@ public Task DisposeAsync() return Task.CompletedTask; } - private async Task LoginAsync(string email) - { - var tokens = await _factory.LoginAsync(email); - _client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token); - } - [Theory] [InlineData(false, false)] [InlineData(true, false)] @@ -51,7 +42,7 @@ private async Task LoginAsync(string email) public async Task Import_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var projectsList = new List(); var secretsList = new List(); @@ -68,7 +59,7 @@ public async Task Import_SmNotEnabled_NotFound(bool useSecrets, bool accessSecre public async Task Export_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var response = await _client.GetAsync($"sm/{org.Id}/export"); Assert.Equal(HttpStatusCode.NotFound, response.StatusCode); diff --git a/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsTrashControllerTests.cs b/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsTrashControllerTests.cs index 9160213ba1f8..14d4ec803886 100644 --- a/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsTrashControllerTests.cs +++ b/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsTrashControllerTests.cs @@ -1,6 +1,6 @@ using System.Net; -using System.Net.Http.Headers; using Bit.Api.IntegrationTest.Factories; +using Bit.Api.IntegrationTest.Helpers; using Bit.Api.SecretsManager.Models.Response; using Bit.Core.Enums; using Bit.Core.SecretsManager.Repositories; @@ -17,6 +17,7 @@ public class SecretsTrashControllerTests : IClassFixture, private readonly HttpClient _client; private readonly ApiApplicationFactory _factory; private readonly ISecretRepository _secretRepository; + private readonly ClientTestHelper _clientTestHelper; private string _email = null!; private SecretsManagerOrganizationHelper _organizationHelper = null!; @@ -26,6 +27,7 @@ public SecretsTrashControllerTests(ApiApplicationFactory factory) _factory = factory; _client = _factory.CreateClient(); _secretRepository = _factory.GetService(); + _clientTestHelper = new ClientTestHelper(_factory, _client); } public async Task InitializeAsync() @@ -41,12 +43,6 @@ public Task DisposeAsync() return Task.CompletedTask; } - private async Task LoginAsync(string email) - { - var tokens = await _factory.LoginAsync(email); - _client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token); - } - [Theory] [InlineData(false, false)] [InlineData(true, false)] @@ -54,7 +50,7 @@ private async Task LoginAsync(string email) public async Task ListByOrganization_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var response = await _client.GetAsync($"/secrets/{org.Id}/trash"); Assert.Equal(HttpStatusCode.NotFound, response.StatusCode); @@ -65,7 +61,7 @@ public async Task ListByOrganization_NotAdmin_Unauthorized() { var (org, _) = await _organizationHelper.Initialize(true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var response = await _client.GetAsync($"/secrets/{org.Id}/trash"); Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode); @@ -75,7 +71,7 @@ public async Task ListByOrganization_NotAdmin_Unauthorized() public async Task ListByOrganization_Success() { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); await _secretRepository.CreateAsync(new Secret { @@ -106,7 +102,7 @@ public async Task ListByOrganization_Success() public async Task Empty_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var ids = new List { Guid.NewGuid() }; var response = await _client.PostAsJsonAsync($"/secrets/{org.Id}/trash/empty", ids); @@ -118,7 +114,7 @@ public async Task Empty_NotAdmin_Unauthorized() { var (org, _) = await _organizationHelper.Initialize(true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var ids = new List { Guid.NewGuid() }; var response = await _client.PostAsJsonAsync($"/secrets/{org.Id}/trash/empty", ids); @@ -129,7 +125,7 @@ public async Task Empty_NotAdmin_Unauthorized() public async Task Empty_Invalid_NotFound() { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var secret = await _secretRepository.CreateAsync(new Secret { @@ -147,7 +143,7 @@ public async Task Empty_Invalid_NotFound() public async Task Empty_Success() { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var secret = await _secretRepository.CreateAsync(new Secret { @@ -169,7 +165,7 @@ public async Task Empty_Success() public async Task Restore_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var ids = new List { Guid.NewGuid() }; var response = await _client.PostAsJsonAsync($"/secrets/{org.Id}/trash/restore", ids); @@ -181,7 +177,7 @@ public async Task Restore_NotAdmin_Unauthorized() { var (org, _) = await _organizationHelper.Initialize(true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var ids = new List { Guid.NewGuid() }; var response = await _client.PostAsJsonAsync($"/secrets/{org.Id}/trash/restore", ids); @@ -192,7 +188,7 @@ public async Task Restore_NotAdmin_Unauthorized() public async Task Restore_Invalid_NotFound() { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var secret = await _secretRepository.CreateAsync(new Secret { @@ -210,7 +206,7 @@ public async Task Restore_Invalid_NotFound() public async Task Restore_Success() { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var secret = await _secretRepository.CreateAsync(new Secret { diff --git a/test/Api.IntegrationTest/SecretsManager/Controllers/ServiceAccountsControllerTests.cs b/test/Api.IntegrationTest/SecretsManager/Controllers/ServiceAccountsControllerTests.cs index 814778d1b855..1fa7d57e18d3 100644 --- a/test/Api.IntegrationTest/SecretsManager/Controllers/ServiceAccountsControllerTests.cs +++ b/test/Api.IntegrationTest/SecretsManager/Controllers/ServiceAccountsControllerTests.cs @@ -1,6 +1,6 @@ using System.Net; -using System.Net.Http.Headers; using Bit.Api.IntegrationTest.Factories; +using Bit.Api.IntegrationTest.Helpers; using Bit.Api.IntegrationTest.SecretsManager.Enums; using Bit.Api.Models.Response; using Bit.Api.SecretsManager.Models.Request; @@ -24,6 +24,7 @@ public class ServiceAccountsControllerTests : IClassFixture(); _accessPolicyRepository = _factory.GetService(); _apiKeyRepository = _factory.GetService(); + _clientTestHelper = new ClientTestHelper(_factory, _client); } public async Task InitializeAsync() @@ -54,12 +56,6 @@ public Task DisposeAsync() return Task.CompletedTask; } - private async Task LoginAsync(string email) - { - var tokens = await _factory.LoginAsync(email); - _client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token); - } - [Theory] [InlineData(false, false)] [InlineData(true, false)] @@ -67,7 +63,7 @@ private async Task LoginAsync(string email) public async Task ListByOrganization_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var response = await _client.GetAsync($"/organizations/{org.Id}/service-accounts"); Assert.Equal(HttpStatusCode.NotFound, response.StatusCode); @@ -77,7 +73,7 @@ public async Task ListByOrganization_SmNotEnabled_NotFound(bool useSecrets, bool public async Task ListByOrganization_Admin_Success() { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var serviceAccountIds = await SetupGetServiceAccountsByOrganizationAsync(org); @@ -95,7 +91,7 @@ public async Task ListByOrganization_User_Success() { var (org, _) = await _organizationHelper.Initialize(true, true); var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var serviceAccountIds = await SetupGetServiceAccountsByOrganizationAsync(org); @@ -127,7 +123,7 @@ public async Task ListByOrganization_User_Success() public async Task GetByServiceAccountId_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -143,7 +139,7 @@ public async Task GetByServiceAccountId_SmNotEnabled_NotFound(bool useSecrets, b public async Task GetByServiceAccountId_ServiceAccountDoesNotExist_NotFound() { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var response = await _client.GetAsync($"/service-accounts/{new Guid()}"); Assert.Equal(HttpStatusCode.NotFound, response.StatusCode); @@ -154,7 +150,7 @@ public async Task GetByServiceAccountId_UserWithoutPermission_NotFound() { var (org, _) = await _organizationHelper.Initialize(true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -191,7 +187,7 @@ public async Task GetByServiceAccountId_Success(PermissionType permissionType) public async Task Create_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var request = new ServiceAccountCreateRequestModel { Name = _mockEncryptedString }; @@ -205,7 +201,7 @@ public async Task Create_SmNotEnabled_NotFound(bool useSecrets, bool accessSecre public async Task Create_Success(PermissionType permissionType) { var (org, adminOrgUser) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var orgUserId = adminOrgUser.Id; var currentUserId = adminOrgUser.UserId!.Value; @@ -213,7 +209,7 @@ public async Task Create_Success(PermissionType permissionType) if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); orgUserId = orgUser.Id; currentUserId = orgUser.UserId!.Value; } @@ -254,7 +250,7 @@ public async Task Create_Success(PermissionType permissionType) public async Task Update_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var initialServiceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -273,7 +269,7 @@ public async Task Update_User_NoPermissions() { var (org, _) = await _organizationHelper.Initialize(true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var initialServiceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -291,7 +287,7 @@ public async Task Update_User_NoPermissions() public async Task Update_NonExistingServiceAccount_NotFound() { await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var request = new ServiceAccountUpdateRequestModel { Name = _mockNewName }; @@ -333,7 +329,7 @@ public async Task Update_Success(PermissionType permissionType) public async Task Delete_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var initialServiceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -352,7 +348,7 @@ public async Task Delete_MissingAccessPolicy_AccessDenied() { var (org, _) = await _organizationHelper.Initialize(true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -385,12 +381,12 @@ public async Task Delete_Success(PermissionType permissionType) if (permissionType == PermissionType.RunAsAdmin) { - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); } else { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); await _accessPolicyRepository.CreateManyAsync(new List { new UserServiceAccountAccessPolicy @@ -419,7 +415,7 @@ public async Task Delete_Success(PermissionType permissionType) public async Task GetAccessTokens_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -436,7 +432,7 @@ public async Task GetAccessTokens_UserNoPermission_NotFound() { var (org, _) = await _organizationHelper.Initialize(true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -461,7 +457,7 @@ public async Task GetAccessTokens_UserNoPermission_NotFound() public async Task GetAccessTokens_Success(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -472,7 +468,7 @@ public async Task GetAccessTokens_Success(PermissionType permissionType) if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); await _accessPolicyRepository.CreateManyAsync(new List { new UserServiceAccountAccessPolicy @@ -512,7 +508,7 @@ public async Task GetAccessTokens_Success(PermissionType permissionType) public async Task CreateAccessToken_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -537,7 +533,7 @@ public async Task CreateAccessToken_SmNotEnabled_NotFound(bool useSecrets, bool public async Task CreateAccessToken_Admin() { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -571,7 +567,7 @@ public async Task CreateAccessToken_User_WithPermission() { var (org, _) = await _organizationHelper.Initialize(true, true); var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -607,7 +603,7 @@ public async Task CreateAccessToken_User_NoPermission() { var (org, _) = await _organizationHelper.Initialize(true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -632,7 +628,7 @@ public async Task CreateAccessToken_User_NoPermission() public async Task CreateAccessToken_ExpireAtNull_Admin() { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -667,7 +663,7 @@ public async Task CreateAccessToken_ExpireAtNull_Admin() public async Task RevokeAccessToken_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -698,7 +694,7 @@ public async Task RevokeAccessToken_User_NoPermission(bool hasReadAccess) { var (org, _) = await _organizationHelper.Initialize(true, true); var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -750,12 +746,12 @@ public async Task RevokeAccessToken_Success(PermissionType permissionType) if (permissionType == PermissionType.RunAsAdmin) { - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); } else { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); await _accessPolicyRepository.CreateManyAsync(new List { new UserServiceAccountAccessPolicy @@ -815,7 +811,7 @@ private async Task> SetupGetServiceAccountsByOrganizationAsync(Organi private async Task SetupServiceAccountWithAccessAsync(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true); - await LoginAsync(_email); + await _clientTestHelper.LoginAsync(_email); var initialServiceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -829,7 +825,7 @@ private async Task SetupServiceAccountWithAccessAsync(Permission } var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _clientTestHelper.LoginAsync(email); var accessPolicies = new List { diff --git a/test/Api.IntegrationTest/SecretsManager/SecretsManagerOrganizationHelper.cs b/test/Api.IntegrationTest/SecretsManager/SecretsManagerOrganizationHelper.cs index 9644b3d7a24c..21be9495b939 100644 --- a/test/Api.IntegrationTest/SecretsManager/SecretsManagerOrganizationHelper.cs +++ b/test/Api.IntegrationTest/SecretsManager/SecretsManagerOrganizationHelper.cs @@ -1,5 +1,4 @@ -using System.Net.Http.Headers; -using Bit.Api.IntegrationTest.Factories; +using Bit.Api.IntegrationTest.Factories; using Bit.Api.IntegrationTest.Helpers; using Bit.Core.Entities; using Bit.Core.Enums; @@ -19,18 +18,13 @@ public class SecretsManagerOrganizationHelper private readonly IOrganizationUserRepository _organizationUserRepository; private readonly IServiceAccountRepository _serviceAccountRepository; private readonly ICreateAccessTokenCommand _createAccessTokenCommand; - private readonly HttpClient _client; public Organization _organization = null!; public OrganizationUser _owner = null!; - public SecretsManagerOrganizationHelper(ApiApplicationFactory factory, string ownerEmail, HttpClient? client = null) + public SecretsManagerOrganizationHelper(ApiApplicationFactory factory, string ownerEmail) { _factory = factory; - if (client != null) - { - _client = client; - } _organizationRepository = factory.GetService(); _organizationUserRepository = factory.GetService(); _ownerEmail = ownerEmail; @@ -66,43 +60,28 @@ public async Task<(string email, OrganizationUser orgUser)> CreateNewUser(Organi return (email, orgUser); } - public async Task<(Guid serviceAccountId, ApiKeyClientSecretDetails apiKeyDetails)> CreateNewServiceAccountApiKeyAsync() + public async Task CreateNewServiceAccountApiKeyAsync() { var serviceAccountId = Guid.NewGuid(); - var serviceAccount = new ServiceAccount() + var serviceAccount = new ServiceAccount { Id = serviceAccountId, OrganizationId = _organization.Id, Name = $"integration-test-{serviceAccountId}sa", CreationDate = DateTime.UtcNow, - RevisionDate = DateTime.UtcNow, + RevisionDate = DateTime.UtcNow }; await _serviceAccountRepository.CreateAsync(serviceAccount); - var apiKey = new ApiKey() + var apiKey = new ApiKey { ServiceAccountId = serviceAccountId, Name = "integration-token", Key = Guid.NewGuid().ToString(), ExpireAt = null, Scope = "[\"api.secrets\"]", - EncryptedPayload = Guid.NewGuid().ToString(), + EncryptedPayload = Guid.NewGuid().ToString() }; - var result = await _createAccessTokenCommand.CreateAsync(apiKey); - - return (serviceAccountId, result); - } - - public async Task LoginAsync(string email) - { - var tokens = await _factory.LoginAsync(email); - _client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token); - } - - public async Task LoginAsync(Guid serviceAccountId, Guid clientId, string clientSecret) - { - var token = await _factory.LoginWithClientSecretAsync(clientId, clientSecret); - _client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token); - _client.DefaultRequestHeaders.Add("service_account_id", serviceAccountId.ToString()); + return await _createAccessTokenCommand.CreateAsync(apiKey); } } diff --git a/test/IntegrationTestCommon/Factories/IdentityApplicationFactory.cs b/test/IntegrationTestCommon/Factories/IdentityApplicationFactory.cs index 1ac31ace9c07..785c24590848 100644 --- a/test/IntegrationTestCommon/Factories/IdentityApplicationFactory.cs +++ b/test/IntegrationTestCommon/Factories/IdentityApplicationFactory.cs @@ -46,14 +46,15 @@ public async Task RegisterAsync(RegisterRequestModel model) public async Task TokenFromAccessTokenAsync(Guid clientId, string clientSecret, DeviceType deviceType = DeviceType.SDK) { - var context = await Server.PostAsync("/connect/token", new FormUrlEncodedContent(new Dictionary - { - { "scope", "api.secrets" }, - { "client_id", clientId.ToString() }, - { "client_secret", clientSecret }, - { "grant_type", "client_credentials" }, - { "deviceType", ((int)deviceType).ToString() }, - })); + var context = await Server.PostAsync("/connect/token", + new FormUrlEncodedContent(new Dictionary + { + { "scope", "api.secrets" }, + { "client_id", clientId.ToString() }, + { "client_secret", clientSecret }, + { "grant_type", "client_credentials" }, + { "deviceType", ((int)deviceType).ToString() } + })); using var body = await AssertHelper.AssertResponseTypeIs(context); var root = body.RootElement; From 62123cd9bcb53939b5a7ad364b8c5e1f7f0d7080 Mon Sep 17 00:00:00 2001 From: Thomas Avery Date: Fri, 8 Mar 2024 15:57:15 -0600 Subject: [PATCH 3/4] Fix and cleanup tests --- .../Factories/ApiApplicationFactory.cs | 2 +- .../Helpers/ClientTestHelper.cs | 30 --- .../AccessPoliciesControllerTests.cs | 194 ++++++++---------- .../Controllers/ProjectsControllerTests.cs | 54 ++--- .../Controllers/SecretsControllerTests.cs | 106 +++++----- .../SecretsManagerEventsControllerTests.cs | 1 + .../SecretsManagerPortingControllerTests.cs | 10 +- .../SecretsTrashControllerTests.cs | 28 +-- .../ServiceAccountsControllerTests.cs | 86 ++++---- .../SecretsManager/Helpers/LoginHelper.cs | 21 ++ .../SecretsManagerOrganizationHelper.cs | 9 +- 11 files changed, 252 insertions(+), 289 deletions(-) delete mode 100644 test/Api.IntegrationTest/Helpers/ClientTestHelper.cs create mode 100644 test/Api.IntegrationTest/SecretsManager/Helpers/LoginHelper.cs rename test/Api.IntegrationTest/SecretsManager/{ => Helpers}/SecretsManagerOrganizationHelper.cs (93%) diff --git a/test/Api.IntegrationTest/Factories/ApiApplicationFactory.cs b/test/Api.IntegrationTest/Factories/ApiApplicationFactory.cs index 0ced0fd6e150..f669e89eb0f6 100644 --- a/test/Api.IntegrationTest/Factories/ApiApplicationFactory.cs +++ b/test/Api.IntegrationTest/Factories/ApiApplicationFactory.cs @@ -66,7 +66,7 @@ protected override void Dispose(bool disposing) } /// - /// Helper for logging via client secret. + /// Helper for logging in via client secret. /// Currently used for Secrets Manager service accounts /// public async Task LoginWithClientSecretAsync(Guid clientId, string clientSecret) diff --git a/test/Api.IntegrationTest/Helpers/ClientTestHelper.cs b/test/Api.IntegrationTest/Helpers/ClientTestHelper.cs deleted file mode 100644 index 11251398d4a5..000000000000 --- a/test/Api.IntegrationTest/Helpers/ClientTestHelper.cs +++ /dev/null @@ -1,30 +0,0 @@ -using System.Net.Http.Headers; -using Bit.Api.IntegrationTest.Factories; -using Bit.Core.SecretsManager.Models.Data; - -namespace Bit.Api.IntegrationTest.Helpers; - -public class ClientTestHelper -{ - private readonly HttpClient _client; - private readonly ApiApplicationFactory _factory; - - public ClientTestHelper(ApiApplicationFactory factory, HttpClient client) - { - _factory = factory; - _client = client; - } - - public async Task LoginAsync(string email) - { - var tokens = await _factory.LoginAsync(email); - _client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token); - } - - public async Task LoginWithApiKeyAsync(ApiKeyClientSecretDetails apiKeyDetails) - { - var token = await _factory.LoginWithClientSecretAsync(apiKeyDetails.ApiKey.Id, apiKeyDetails.ClientSecret); - _client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token); - _client.DefaultRequestHeaders.Add("service_account_id", apiKeyDetails.ApiKey.ServiceAccountId.ToString()); - } -} diff --git a/test/Api.IntegrationTest/SecretsManager/Controllers/AccessPoliciesControllerTests.cs b/test/Api.IntegrationTest/SecretsManager/Controllers/AccessPoliciesControllerTests.cs index c4ac41077425..e1cce68704d5 100644 --- a/test/Api.IntegrationTest/SecretsManager/Controllers/AccessPoliciesControllerTests.cs +++ b/test/Api.IntegrationTest/SecretsManager/Controllers/AccessPoliciesControllerTests.cs @@ -1,7 +1,7 @@ using System.Net; using Bit.Api.IntegrationTest.Factories; -using Bit.Api.IntegrationTest.Helpers; using Bit.Api.IntegrationTest.SecretsManager.Enums; +using Bit.Api.IntegrationTest.SecretsManager.Helpers; using Bit.Api.Models.Response; using Bit.Api.SecretsManager.Models.Request; using Bit.Api.SecretsManager.Models.Response; @@ -28,7 +28,7 @@ public class AccessPoliciesControllerTests : IClassFixture(); _projectRepository = _factory.GetService(); _groupRepository = _factory.GetService(); + _loginHelper = new LoginHelper(_factory, _client); } public async Task InitializeAsync() @@ -66,7 +67,7 @@ public Task DisposeAsync() public async Task CreateProjectAccessPolicies_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var (projectId, serviceAccountId) = await CreateProjectAndServiceAccountAsync(org.Id); @@ -88,7 +89,7 @@ public async Task CreateProjectAccessPolicies_NoPermission() // Create a new account as a user var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var (projectId, serviceAccountId) = await CreateProjectAndServiceAccountAsync(org.Id); var request = new AccessPoliciesCreateRequest @@ -110,7 +111,7 @@ public async Task CreateProjectAccessPolicies_NoPermission() public async Task CreateProjectAccessPolicies_MismatchedOrgIds_NotFound(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var (projectId, serviceAccountId) = await CreateProjectAndServiceAccountAsync(org.Id, true); await SetupProjectAndServiceAccountPermissionAsync(permissionType, projectId, serviceAccountId); @@ -135,7 +136,7 @@ public async Task CreateProjectAccessPolicies_MismatchedOrgIds_NotFound(Permissi public async Task CreateProjectAccessPolicies_Success(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var (projectId, serviceAccountId) = await CreateProjectAndServiceAccountAsync(org.Id); await SetupProjectAndServiceAccountPermissionAsync(permissionType, projectId, serviceAccountId); @@ -154,7 +155,7 @@ public async Task CreateProjectAccessPolicies_Success(PermissionType permissionT var result = await response.Content.ReadFromJsonAsync(); Assert.NotNull(result); - Assert.Equal(serviceAccountId, result!.ServiceAccountAccessPolicies.First().ServiceAccountId); + Assert.Equal(serviceAccountId, result.ServiceAccountAccessPolicies.First().ServiceAccountId); Assert.True(result.ServiceAccountAccessPolicies.First().Read); Assert.True(result.ServiceAccountAccessPolicies.First().Write); AssertHelper.AssertRecent(result.ServiceAccountAccessPolicies.First().RevisionDate); @@ -163,7 +164,7 @@ public async Task CreateProjectAccessPolicies_Success(PermissionType permissionT var createdAccessPolicy = await _accessPolicyRepository.GetByIdAsync(result.ServiceAccountAccessPolicies.First().Id); Assert.NotNull(createdAccessPolicy); - Assert.Equal(result.ServiceAccountAccessPolicies.First().Read, createdAccessPolicy!.Read); + Assert.Equal(result.ServiceAccountAccessPolicies.First().Read, createdAccessPolicy.Read); Assert.Equal(result.ServiceAccountAccessPolicies.First().Write, createdAccessPolicy.Write); Assert.Equal(result.ServiceAccountAccessPolicies.First().Id, createdAccessPolicy.Id); AssertHelper.AssertRecent(createdAccessPolicy.CreationDate); @@ -181,7 +182,7 @@ public async Task CreateProjectAccessPolicies_Success(PermissionType permissionT public async Task UpdateAccessPolicy_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var initData = await SetupAccessPolicyRequest(org.Id); const bool expectedRead = true; @@ -198,7 +199,7 @@ public async Task UpdateAccessPolicy_NoPermission() // Create a new account as a user await _organizationHelper.Initialize(true, true, true); var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var initData = await SetupAccessPolicyRequest(orgUser.OrganizationId); @@ -217,13 +218,13 @@ public async Task UpdateAccessPolicy_NoPermission() public async Task UpdateAccessPolicy_Success(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var initData = await SetupAccessPolicyRequest(org.Id); if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var accessPolicies = new List { new UserProjectAccessPolicy @@ -244,13 +245,13 @@ public async Task UpdateAccessPolicy_Success(PermissionType permissionType) var result = await response.Content.ReadFromJsonAsync(); Assert.NotNull(result); - Assert.Equal(expectedRead, result!.Read); + Assert.Equal(expectedRead, result.Read); Assert.Equal(expectedWrite, result.Write); AssertHelper.AssertRecent(result.RevisionDate); var updatedAccessPolicy = await _accessPolicyRepository.GetByIdAsync(result.Id); Assert.NotNull(updatedAccessPolicy); - Assert.Equal(expectedRead, updatedAccessPolicy!.Read); + Assert.Equal(expectedRead, updatedAccessPolicy.Read); Assert.Equal(expectedWrite, updatedAccessPolicy.Write); AssertHelper.AssertRecent(updatedAccessPolicy.RevisionDate); } @@ -266,7 +267,7 @@ public async Task UpdateAccessPolicy_Success(PermissionType permissionType) public async Task DeleteAccessPolicy_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var initData = await SetupAccessPolicyRequest(org.Id); var response = await _client.DeleteAsync($"/access-policies/{initData.AccessPolicyId}"); @@ -279,7 +280,7 @@ public async Task DeleteAccessPolicy_NoPermission() // Create a new account as a user await _organizationHelper.Initialize(true, true, true); var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var initData = await SetupAccessPolicyRequest(orgUser.OrganizationId); @@ -294,13 +295,13 @@ public async Task DeleteAccessPolicy_NoPermission() public async Task DeleteAccessPolicy_Success(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var initData = await SetupAccessPolicyRequest(org.Id); if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var accessPolicies = new List { new UserProjectAccessPolicy @@ -322,7 +323,7 @@ public async Task DeleteAccessPolicy_Success(PermissionType permissionType) public async Task GetProjectAccessPolicies_ReturnsEmpty() { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var project = await _projectRepository.CreateAsync(new Project { @@ -336,7 +337,7 @@ public async Task GetProjectAccessPolicies_ReturnsEmpty() var result = await response.Content.ReadFromJsonAsync(); Assert.NotNull(result); - Assert.Empty(result!.UserAccessPolicies); + Assert.Empty(result.UserAccessPolicies); Assert.Empty(result.GroupAccessPolicies); Assert.Empty(result.ServiceAccountAccessPolicies); } @@ -352,7 +353,7 @@ public async Task GetProjectAccessPolicies_ReturnsEmpty() public async Task GetProjectAccessPolicies_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var initData = await SetupAccessPolicyRequest(org.Id); @@ -366,7 +367,7 @@ public async Task GetProjectAccessPolicies_NoPermission() // Create a new account as a user await _organizationHelper.Initialize(true, true, true); var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var initData = await SetupAccessPolicyRequest(orgUser.OrganizationId); @@ -381,13 +382,13 @@ public async Task GetProjectAccessPolicies_NoPermission() public async Task GetProjectAccessPolicies(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var initData = await SetupAccessPolicyRequest(org.Id); if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var accessPolicies = new List { new UserProjectAccessPolicy @@ -404,7 +405,7 @@ public async Task GetProjectAccessPolicies(PermissionType permissionType) var result = await response.Content.ReadFromJsonAsync(); Assert.NotNull(result?.ServiceAccountAccessPolicies); - Assert.Single(result!.ServiceAccountAccessPolicies); + Assert.Single(result.ServiceAccountAccessPolicies); } [Theory] @@ -418,7 +419,7 @@ public async Task GetProjectAccessPolicies(PermissionType permissionType) public async Task GetPeoplePotentialGrantees_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var response = await _client.GetAsync( @@ -432,12 +433,12 @@ public async Task GetPeoplePotentialGrantees_SmAccessDenied_NotFound(bool useSec public async Task GetPeoplePotentialGrantees_Success(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); } var response = @@ -448,7 +449,7 @@ public async Task GetPeoplePotentialGrantees_Success(PermissionType permissionTy var result = await response.Content.ReadFromJsonAsync>(); Assert.NotNull(result?.Data); - Assert.NotEmpty(result!.Data); + Assert.NotEmpty(result.Data); } [Theory] @@ -462,7 +463,7 @@ public async Task GetPeoplePotentialGrantees_Success(PermissionType permissionTy public async Task GetServiceAccountPotentialGrantees_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var response = await _client.GetAsync( @@ -476,7 +477,7 @@ public async Task GetServiceAccountPotentialGrantees_OnlyReturnsServiceAccountsW // Create a new account as a user var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -493,7 +494,7 @@ public async Task GetServiceAccountPotentialGrantees_OnlyReturnsServiceAccountsW var result = await response.Content.ReadFromJsonAsync>(); Assert.NotNull(result?.Data); - Assert.Empty(result!.Data); + Assert.Empty(result.Data); } [Theory] @@ -502,7 +503,7 @@ public async Task GetServiceAccountPotentialGrantees_OnlyReturnsServiceAccountsW public async Task GetServiceAccountsPotentialGrantees_Success(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -513,7 +514,7 @@ public async Task GetServiceAccountsPotentialGrantees_Success(PermissionType per if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); await _accessPolicyRepository.CreateManyAsync( new List @@ -536,7 +537,7 @@ public async Task GetServiceAccountsPotentialGrantees_Success(PermissionType per var result = await response.Content.ReadFromJsonAsync>(); Assert.NotNull(result?.Data); - Assert.NotEmpty(result!.Data); + Assert.NotEmpty(result.Data); Assert.Equal(serviceAccount.Id, result.Data.First(x => x.Id == serviceAccount.Id).Id); } @@ -551,7 +552,7 @@ public async Task GetServiceAccountsPotentialGrantees_Success(PermissionType per public async Task GetProjectPotentialGrantees_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var response = await _client.GetAsync( @@ -565,7 +566,7 @@ public async Task GetProjectPotentialGrantees_OnlyReturnsProjectsWithWriteAccess // Create a new account as a user var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); await _projectRepository.CreateAsync(new Project { OrganizationId = org.Id, Name = _mockEncryptedString }); @@ -578,7 +579,7 @@ public async Task GetProjectPotentialGrantees_OnlyReturnsProjectsWithWriteAccess var result = await response.Content.ReadFromJsonAsync>(); Assert.NotNull(result?.Data); - Assert.Empty(result!.Data); + Assert.Empty(result.Data); } [Theory] @@ -587,7 +588,7 @@ public async Task GetProjectPotentialGrantees_OnlyReturnsProjectsWithWriteAccess public async Task GetProjectPotentialGrantees_Success(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var project = await _projectRepository.CreateAsync(new Project { @@ -598,7 +599,7 @@ public async Task GetProjectPotentialGrantees_Success(PermissionType permissionT if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); await _accessPolicyRepository.CreateManyAsync( new List @@ -618,7 +619,7 @@ public async Task GetProjectPotentialGrantees_Success(PermissionType permissionT var result = await response.Content.ReadFromJsonAsync>(); Assert.NotNull(result?.Data); - Assert.NotEmpty(result!.Data); + Assert.NotEmpty(result.Data); Assert.Equal(project.Id, result.Data.First(x => x.Id == project.Id).Id); } @@ -633,7 +634,7 @@ public async Task GetProjectPotentialGrantees_Success(PermissionType permissionT public async Task CreateServiceAccountGrantedPolicies_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -654,7 +655,7 @@ public async Task CreateServiceAccountGrantedPolicies_NoPermission() // Create a new account as a user var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _loginHelper.LoginAsync(email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -682,7 +683,7 @@ public async Task CreateServiceAccountGrantedPolicies_NoPermission() public async Task CreateServiceAccountGrantedPolicies_MismatchedOrgId_NotFound(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var (projectId, serviceAccountId) = await CreateProjectAndServiceAccountAsync(org.Id, true); await SetupProjectAndServiceAccountPermissionAsync(permissionType, projectId, serviceAccountId); @@ -702,7 +703,7 @@ public async Task CreateServiceAccountGrantedPolicies_MismatchedOrgId_NotFound(P public async Task CreateServiceAccountGrantedPolicies_Success(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var (projectId, serviceAccountId) = await CreateProjectAndServiceAccountAsync(org.Id); await SetupProjectAndServiceAccountPermissionAsync(permissionType, projectId, serviceAccountId); @@ -718,13 +719,13 @@ public async Task CreateServiceAccountGrantedPolicies_Success(PermissionType per .ReadFromJsonAsync>(); Assert.NotNull(result); - Assert.NotEmpty(result!.Data); + Assert.NotEmpty(result.Data); Assert.Equal(projectId, result.Data.First().GrantedProjectId); var createdAccessPolicy = await _accessPolicyRepository.GetByIdAsync(result.Data.First().Id); Assert.NotNull(createdAccessPolicy); - Assert.Equal(result.Data.First().Read, createdAccessPolicy!.Read); + Assert.Equal(result.Data.First().Read, createdAccessPolicy.Read); Assert.Equal(result.Data.First().Write, createdAccessPolicy.Write); Assert.Equal(result.Data.First().Id, createdAccessPolicy.Id); AssertHelper.AssertRecent(createdAccessPolicy.CreationDate); @@ -742,7 +743,7 @@ public async Task CreateServiceAccountGrantedPolicies_Success(PermissionType per public async Task GetServiceAccountGrantedPolicies_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var initData = await SetupAccessPolicyRequest(org.Id); var response = await _client.GetAsync($"/service-accounts/{initData.ServiceAccountId}/granted-policies"); @@ -753,7 +754,7 @@ public async Task GetServiceAccountGrantedPolicies_SmAccessDenied_NotFound(bool public async Task GetServiceAccountGrantedPolicies_ReturnsEmpty() { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -768,7 +769,7 @@ public async Task GetServiceAccountGrantedPolicies_ReturnsEmpty() .ReadFromJsonAsync>(); Assert.NotNull(result); - Assert.Empty(result!.Data); + Assert.Empty(result.Data); } [Fact] @@ -777,7 +778,7 @@ public async Task GetServiceAccountGrantedPolicies_NoPermission_ReturnsEmpty() // Create a new account as a user await _organizationHelper.Initialize(true, true, true); var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var initData = await SetupAccessPolicyRequest(orgUser.OrganizationId); @@ -787,7 +788,7 @@ public async Task GetServiceAccountGrantedPolicies_NoPermission_ReturnsEmpty() .ReadFromJsonAsync>(); Assert.NotNull(result); - Assert.Empty(result!.Data); + Assert.Empty(result.Data); } [Theory] @@ -796,13 +797,13 @@ public async Task GetServiceAccountGrantedPolicies_NoPermission_ReturnsEmpty() public async Task GetServiceAccountGrantedPolicies(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var initData = await SetupAccessPolicyRequest(org.Id); if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var accessPolicies = new List { new UserProjectAccessPolicy @@ -820,7 +821,7 @@ public async Task GetServiceAccountGrantedPolicies(PermissionType permissionType .ReadFromJsonAsync>(); Assert.NotNull(result?.Data); - Assert.NotEmpty(result!.Data); + Assert.NotEmpty(result.Data); Assert.Equal(initData.ServiceAccountId, result.Data.First().ServiceAccountId); Assert.NotNull(result.Data.First().ServiceAccountName); Assert.NotNull(result.Data.First().GrantedProjectName); @@ -837,7 +838,7 @@ public async Task GetServiceAccountGrantedPolicies(PermissionType permissionType public async Task GetProjectPeopleAccessPolicies_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var project = await _projectRepository.CreateAsync(new Project { @@ -853,7 +854,7 @@ public async Task GetProjectPeopleAccessPolicies_SmAccessDenied_NotFound(bool us public async Task GetProjectPeopleAccessPolicies_ReturnsEmpty() { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var project = await _projectRepository.CreateAsync(new Project { @@ -867,7 +868,7 @@ public async Task GetProjectPeopleAccessPolicies_ReturnsEmpty() var result = await response.Content.ReadFromJsonAsync(); Assert.NotNull(result); - Assert.Empty(result!.UserAccessPolicies); + Assert.Empty(result.UserAccessPolicies); Assert.Empty(result.GroupAccessPolicies); } @@ -876,7 +877,7 @@ public async Task GetProjectPeopleAccessPolicies_NoPermission_NotFound() { await _organizationHelper.Initialize(true, true, true); var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _loginHelper.LoginAsync(email); var project = await _projectRepository.CreateAsync(new Project { @@ -895,7 +896,7 @@ public async Task GetProjectPeopleAccessPolicies_NoPermission_NotFound() public async Task GetProjectPeopleAccessPolicies_Success(PermissionType permissionType) { var (_, organizationUser) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var (project, _) = await SetupProjectPeoplePermissionAsync(permissionType, organizationUser); @@ -905,7 +906,7 @@ public async Task GetProjectPeopleAccessPolicies_Success(PermissionType permissi var result = await response.Content.ReadFromJsonAsync(); Assert.NotNull(result?.UserAccessPolicies); - Assert.Single(result!.UserAccessPolicies); + Assert.Single(result.UserAccessPolicies); } [Theory] @@ -919,7 +920,7 @@ public async Task GetProjectPeopleAccessPolicies_Success(PermissionType permissi public async Task PutProjectPeopleAccessPolicies_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (_, organizationUser) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var (project, request) = await SetupProjectPeopleRequestAsync(PermissionType.RunAsAdmin, organizationUser); @@ -932,7 +933,7 @@ public async Task PutProjectPeopleAccessPolicies_NoPermission() { var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, organizationUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _loginHelper.LoginAsync(email); var project = await _projectRepository.CreateAsync(new Project { @@ -959,7 +960,7 @@ public async Task PutProjectPeopleAccessPolicies_NoPermission() public async Task PutProjectPeopleAccessPolicies_MismatchedOrgIds_NotFound(PermissionType permissionType) { var (_, organizationUser) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var (project, request) = await SetupProjectPeopleRequestAsync(permissionType, organizationUser); var newOrg = await _organizationHelper.CreateSmOrganizationAsync(); @@ -984,7 +985,7 @@ public async Task PutProjectPeopleAccessPolicies_MismatchedOrgIds_NotFound(Permi public async Task PutProjectPeopleAccessPolicies_Success(PermissionType permissionType) { var (_, organizationUser) = await _organizationHelper.Initialize(true, true, true); - await LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var (project, request) = await SetupProjectPeopleRequestAsync(permissionType, organizationUser); @@ -995,14 +996,14 @@ public async Task PutProjectPeopleAccessPolicies_Success(PermissionType permissi Assert.NotNull(result); Assert.Equal(request.UserAccessPolicyRequests.First().GranteeId, - result!.UserAccessPolicies.First().OrganizationUserId); + result.UserAccessPolicies.First().OrganizationUserId); Assert.True(result.UserAccessPolicies.First().Read); Assert.True(result.UserAccessPolicies.First().Write); var createdAccessPolicy = await _accessPolicyRepository.GetByIdAsync(result.UserAccessPolicies.First().Id); Assert.NotNull(createdAccessPolicy); - Assert.Equal(result.UserAccessPolicies.First().Read, createdAccessPolicy!.Read); + Assert.Equal(result.UserAccessPolicies.First().Read, createdAccessPolicy.Read); Assert.Equal(result.UserAccessPolicies.First().Write, createdAccessPolicy.Write); Assert.Equal(result.UserAccessPolicies.First().Id, createdAccessPolicy.Id); } @@ -1018,7 +1019,7 @@ public async Task PutProjectPeopleAccessPolicies_Success(PermissionType permissi public async Task GetServiceAccountPeopleAccessPolicies_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { OrganizationId = org.Id, @@ -1033,7 +1034,7 @@ public async Task GetServiceAccountPeopleAccessPolicies_SmAccessDenied_NotFound( public async Task GetServiceAccountPeopleAccessPolicies_ReturnsEmpty() { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -1047,7 +1048,7 @@ public async Task GetServiceAccountPeopleAccessPolicies_ReturnsEmpty() var result = await response.Content.ReadFromJsonAsync(); Assert.NotNull(result); - Assert.Empty(result!.UserAccessPolicies); + Assert.Empty(result.UserAccessPolicies); Assert.Empty(result.GroupAccessPolicies); } @@ -1056,7 +1057,7 @@ public async Task GetServiceAccountPeopleAccessPolicies_NoPermission() { var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _loginHelper.LoginAsync(email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -1075,7 +1076,7 @@ public async Task GetServiceAccountPeopleAccessPolicies_NoPermission() public async Task GetServiceAccountPeopleAccessPolicies_Success(PermissionType permissionType) { var (_, organizationUser) = await _organizationHelper.Initialize(true, true, true); - await LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var (serviceAccount, _) = await SetupServiceAccountPeoplePermissionAsync(permissionType, organizationUser); @@ -1085,7 +1086,7 @@ public async Task GetServiceAccountPeopleAccessPolicies_Success(PermissionType p var result = await response.Content.ReadFromJsonAsync(); Assert.NotNull(result?.UserAccessPolicies); - Assert.Single(result!.UserAccessPolicies); + Assert.Single(result.UserAccessPolicies); } [Theory] @@ -1095,7 +1096,7 @@ public async Task GetServiceAccountPeopleAccessPolicies_Success(PermissionType p public async Task PutServiceAccountPeopleAccessPolicies_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) { var (_, organizationUser) = await _organizationHelper.Initialize(useSecrets, accessSecrets, true); - await LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var (serviceAccount, request) = await SetupServiceAccountPeopleRequestAsync(PermissionType.RunAsAdmin, organizationUser); @@ -1108,7 +1109,7 @@ public async Task PutServiceAccountPeopleAccessPolicies_NoPermission() { var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, organizationUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _loginHelper.LoginAsync(email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -1136,7 +1137,7 @@ public async Task PutServiceAccountPeopleAccessPolicies_NoPermission() public async Task PutServiceAccountPeopleAccessPolicies_MismatchedOrgIds_NotFound(PermissionType permissionType) { var (_, organizationUser) = await _organizationHelper.Initialize(true, true, true); - await LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var (serviceAccount, request) = await SetupServiceAccountPeopleRequestAsync(permissionType, organizationUser); var newOrg = await _organizationHelper.CreateSmOrganizationAsync(); @@ -1161,7 +1162,7 @@ public async Task PutServiceAccountPeopleAccessPolicies_MismatchedOrgIds_NotFoun public async Task PutServiceAccountPeopleAccessPolicies_Success(PermissionType permissionType) { var (_, organizationUser) = await _organizationHelper.Initialize(true, true, true); - await LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var (serviceAccount, request) = await SetupServiceAccountPeopleRequestAsync(permissionType, organizationUser); @@ -1172,14 +1173,14 @@ public async Task PutServiceAccountPeopleAccessPolicies_Success(PermissionType p Assert.NotNull(result); Assert.Equal(request.UserAccessPolicyRequests.First().GranteeId, - result!.UserAccessPolicies.First().OrganizationUserId); + result.UserAccessPolicies.First().OrganizationUserId); Assert.True(result.UserAccessPolicies.First().Read); Assert.True(result.UserAccessPolicies.First().Write); var createdAccessPolicy = await _accessPolicyRepository.GetByIdAsync(result.UserAccessPolicies.First().Id); Assert.NotNull(createdAccessPolicy); - Assert.Equal(result.UserAccessPolicies.First().Read, createdAccessPolicy!.Read); + Assert.Equal(result.UserAccessPolicies.First().Read, createdAccessPolicy.Read); Assert.Equal(result.UserAccessPolicies.First().Write, createdAccessPolicy.Write); Assert.Equal(result.UserAccessPolicies.First().Id, createdAccessPolicy.Id); } @@ -1228,7 +1229,7 @@ private async Task SetupAccessPolicyRequest(Guid organizationI if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _loginHelper.LoginAsync(email); organizationUser = orgUser; } @@ -1260,7 +1261,7 @@ private async Task SetupAccessPolicyRequest(Guid organizationI if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _loginHelper.LoginAsync(email); organizationUser = orgUser; } @@ -1337,7 +1338,7 @@ private async Task SetupAccessPolicyRequest(Guid organizationI if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var accessPolicies = new List { new UserProjectAccessPolicy @@ -1356,35 +1357,6 @@ private async Task SetupAccessPolicyRequest(Guid organizationI } } - private async Task SetupUserServiceAccountAccessPolicyRequestAsync( - PermissionType permissionType, Guid userId, Guid serviceAccountId) - { - if (permissionType == PermissionType.RunAsUserWithPermission) - { - var (email, newOrgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); - var accessPolicies = new List - { - new UserServiceAccountAccessPolicy - { - GrantedServiceAccountId = serviceAccountId, - OrganizationUserId = newOrgUser.Id, - Read = true, - Write = true, - }, - }; - await _accessPolicyRepository.CreateManyAsync(accessPolicies); - } - - return new AccessPoliciesCreateRequest - { - UserAccessPolicyRequests = new List - { - new() { GranteeId = userId, Read = true, Write = true }, - }, - }; - } - private class RequestSetupData { public Guid ProjectId { get; set; } diff --git a/test/Api.IntegrationTest/SecretsManager/Controllers/ProjectsControllerTests.cs b/test/Api.IntegrationTest/SecretsManager/Controllers/ProjectsControllerTests.cs index be549494df54..95ddfd678e00 100644 --- a/test/Api.IntegrationTest/SecretsManager/Controllers/ProjectsControllerTests.cs +++ b/test/Api.IntegrationTest/SecretsManager/Controllers/ProjectsControllerTests.cs @@ -1,7 +1,7 @@ using System.Net; using Bit.Api.IntegrationTest.Factories; -using Bit.Api.IntegrationTest.Helpers; using Bit.Api.IntegrationTest.SecretsManager.Enums; +using Bit.Api.IntegrationTest.SecretsManager.Helpers; using Bit.Api.Models.Response; using Bit.Api.SecretsManager.Models.Request; using Bit.Api.SecretsManager.Models.Response; @@ -23,7 +23,7 @@ public class ProjectsControllerTests : IClassFixture, IAs private readonly ApiApplicationFactory _factory; private readonly IProjectRepository _projectRepository; private readonly IAccessPolicyRepository _accessPolicyRepository; - private readonly ClientTestHelper _clientTestHelper; + private readonly LoginHelper _loginHelper; private string _email = null!; private SecretsManagerOrganizationHelper _organizationHelper = null!; @@ -34,7 +34,7 @@ public ProjectsControllerTests(ApiApplicationFactory factory) _client = _factory.CreateClient(); _projectRepository = _factory.GetService(); _accessPolicyRepository = _factory.GetService(); - _clientTestHelper = new ClientTestHelper(_factory, _client); + _loginHelper = new LoginHelper(_factory, _client); } public async Task InitializeAsync() @@ -61,7 +61,7 @@ public Task DisposeAsync() public async Task ListByOrganization_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var response = await _client.GetAsync($"/organizations/{org.Id}/projects"); Assert.Equal(HttpStatusCode.NotFound, response.StatusCode); @@ -72,7 +72,7 @@ public async Task ListByOrganization_UserWithoutPermission_EmptyList() { var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); await CreateProjectsAsync(org.Id); @@ -81,7 +81,7 @@ public async Task ListByOrganization_UserWithoutPermission_EmptyList() var result = await response.Content.ReadFromJsonAsync>(); Assert.NotNull(result); - Assert.Empty(result!.Data); + Assert.Empty(result.Data); } [Theory] @@ -96,7 +96,7 @@ public async Task ListByOrganization_Success(PermissionType permissionType) var result = await response.Content.ReadFromJsonAsync>(); Assert.NotNull(result); - Assert.NotEmpty(result!.Data); + Assert.NotEmpty(result.Data); Assert.Equal(projectIds.Count, result.Data.Count()); } @@ -111,7 +111,7 @@ public async Task ListByOrganization_Success(PermissionType permissionType) public async Task Create_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var request = new ProjectCreateRequestModel { Name = _mockEncryptedString }; @@ -124,7 +124,7 @@ public async Task Create_SmAccessDenied_NotFound(bool useSecrets, bool accessSec [InlineData(PermissionType.RunAsUserWithPermission)] public async Task Create_AtMaxProjects_BadRequest(PermissionType permissionType) { - var (_, organization) = await SetupProjectsWithAccessAsync(permissionType, 3); + var (_, organization) = await SetupProjectsWithAccessAsync(permissionType); var request = new ProjectCreateRequestModel { Name = _mockEncryptedString }; var response = await _client.PostAsJsonAsync($"/organizations/{organization.Id}/projects", request); @@ -138,14 +138,14 @@ public async Task Create_AtMaxProjects_BadRequest(PermissionType permissionType) public async Task Create_Success(PermissionType permissionType) { var (org, adminOrgUser) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var orgUserId = adminOrgUser.Id; var currentUserId = adminOrgUser.UserId!.Value; if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); orgUserId = orgUser.Id; currentUserId = orgUser.UserId!.Value; } @@ -157,7 +157,7 @@ public async Task Create_Success(PermissionType permissionType) var result = await response.Content.ReadFromJsonAsync(); Assert.NotNull(result); - Assert.Equal(request.Name, result!.Name); + Assert.Equal(request.Name, result.Name); AssertHelper.AssertRecent(result.RevisionDate); AssertHelper.AssertRecent(result.CreationDate); @@ -191,7 +191,7 @@ public async Task Create_Success(PermissionType permissionType) public async Task Update_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var initialProject = await _projectRepository.CreateAsync(new Project { @@ -239,7 +239,7 @@ public async Task Update_Success(PermissionType permissionType) public async Task Update_NonExistingProject_NotFound() { await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var request = new ProjectUpdateRequestModel { @@ -257,7 +257,7 @@ public async Task Update_MissingAccessPolicy_NotFound() { var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var project = await _projectRepository.CreateAsync(new Project { @@ -287,7 +287,7 @@ public async Task Update_MissingAccessPolicy_NotFound() public async Task Get_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var project = await _projectRepository.CreateAsync(new Project { @@ -308,7 +308,7 @@ public async Task Get_MissingAccessPolicy_NotFound() { var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var createdProject = await _projectRepository.CreateAsync(new Project { @@ -325,7 +325,7 @@ public async Task Get_NonExistingProject_NotFound() { var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var createdProject = await _projectRepository.CreateAsync(new Project { @@ -333,7 +333,7 @@ public async Task Get_NonExistingProject_NotFound() Name = _mockEncryptedString, }); - var deleteResponse = await _client.PostAsync("/projects/delete", JsonContent.Create(createdProject.Id)); + await _client.PostAsync("/projects/delete", JsonContent.Create(createdProject.Id)); var response = await _client.GetAsync($"/projects/{createdProject.Id}"); Assert.Equal(HttpStatusCode.NotFound, response.StatusCode); @@ -367,7 +367,7 @@ public async Task Get_Success(PermissionType permissionType) public async Task Delete_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var projectIds = await CreateProjectsAsync(org.Id); @@ -380,7 +380,7 @@ public async Task Delete_MissingAccessPolicy_AccessDenied() { var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var projectIds = await CreateProjectsAsync(org.Id); @@ -389,7 +389,7 @@ public async Task Delete_MissingAccessPolicy_AccessDenied() var results = await response.Content.ReadFromJsonAsync>(); Assert.NotNull(results); Assert.Equal(projectIds.OrderBy(x => x), - results!.Data.Select(x => x.Id).OrderBy(x => x)); + results.Data.Select(x => x.Id).OrderBy(x => x)); Assert.All(results.Data, item => Assert.Equal("access denied", item.Error)); } @@ -406,7 +406,7 @@ public async Task Delete_Success(PermissionType permissionType) var results = await response.Content.ReadFromJsonAsync>(); Assert.NotNull(results); Assert.Equal(projectIds.OrderBy(x => x), - results!.Data.Select(x => x.Id).OrderBy(x => x)); + results.Data.Select(x => x.Id).OrderBy(x => x)); Assert.DoesNotContain(results.Data, x => x.Error != null); var projects = await _projectRepository.GetManyWithSecretsByIds(projectIds); @@ -433,7 +433,7 @@ private async Task> CreateProjectsAsync(Guid orgId, int numberToCreat int projectsToCreate = 3) { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var projectIds = await CreateProjectsAsync(org.Id, projectsToCreate); if (permissionType == PermissionType.RunAsAdmin) @@ -442,7 +442,7 @@ private async Task> CreateProjectsAsync(Guid orgId, int numberToCreat } var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var accessPolicies = projectIds.Select(projectId => new UserProjectAccessPolicy { @@ -462,7 +462,7 @@ private async Task> CreateProjectsAsync(Guid orgId, int numberToCreat private async Task SetupProjectWithAccessAsync(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var initialProject = await _projectRepository.CreateAsync(new Project { @@ -476,7 +476,7 @@ private async Task SetupProjectWithAccessAsync(PermissionType permissio } var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var accessPolicies = new List { diff --git a/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs b/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs index 20b1488f0905..0ff7396eda13 100644 --- a/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs +++ b/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs @@ -1,7 +1,7 @@ using System.Net; using Bit.Api.IntegrationTest.Factories; -using Bit.Api.IntegrationTest.Helpers; using Bit.Api.IntegrationTest.SecretsManager.Enums; +using Bit.Api.IntegrationTest.SecretsManager.Helpers; using Bit.Api.Models.Response; using Bit.Api.SecretsManager.Models.Request; using Bit.Api.SecretsManager.Models.Response; @@ -23,7 +23,7 @@ public class SecretsControllerTests : IClassFixture, IAsy private readonly ISecretRepository _secretRepository; private readonly IProjectRepository _projectRepository; private readonly IAccessPolicyRepository _accessPolicyRepository; - private readonly ClientTestHelper _clientTestHelper; + private readonly LoginHelper _loginHelper; private string _email = null!; private SecretsManagerOrganizationHelper _organizationHelper = null!; @@ -35,7 +35,7 @@ public SecretsControllerTests(ApiApplicationFactory factory) _secretRepository = _factory.GetService(); _projectRepository = _factory.GetService(); _accessPolicyRepository = _factory.GetService(); - _clientTestHelper = new ClientTestHelper(_factory, _client); + _loginHelper = new LoginHelper(_factory, _client); } public async Task InitializeAsync() @@ -62,7 +62,7 @@ public Task DisposeAsync() public async Task ListByOrganization_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var response = await _client.GetAsync($"/organizations/{org.Id}/secrets"); Assert.Equal(HttpStatusCode.NotFound, response.StatusCode); @@ -73,8 +73,8 @@ public async Task ListByOrganization_SmAccessDenied_NotFound(bool useSecrets, bo [InlineData(PermissionType.RunAsUserWithPermission)] public async Task ListByOrganization_Success(PermissionType permissionType) { - var (org, orgUserOwner) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + var (org, _) = await _organizationHelper.Initialize(true, true, true); + await _loginHelper.LoginAsync(_email); var project = await _projectRepository.CreateAsync(new Project { @@ -86,7 +86,7 @@ public async Task ListByOrganization_Success(PermissionType permissionType) if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var accessPolicies = new List { @@ -118,7 +118,7 @@ public async Task ListByOrganization_Success(PermissionType permissionType) var result = await response.Content.ReadFromJsonAsync(); Assert.NotNull(result); - Assert.NotEmpty(result!.Secrets); + Assert.NotEmpty(result.Secrets); Assert.Equal(secretIds.Count, result.Secrets.Count()); } @@ -133,7 +133,7 @@ public async Task ListByOrganization_Success(PermissionType permissionType) public async Task Create_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var request = new SecretCreateRequestModel { @@ -150,7 +150,7 @@ public async Task Create_SmAccessDenied_NotFound(bool useSecrets, bool accessSec public async Task CreateWithoutProject_RunAsAdmin_Success() { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var request = new SecretCreateRequestModel { @@ -164,7 +164,7 @@ public async Task CreateWithoutProject_RunAsAdmin_Success() var result = await response.Content.ReadFromJsonAsync(); Assert.NotNull(result); - Assert.Equal(request.Key, result!.Key); + Assert.Equal(request.Key, result.Key); Assert.Equal(request.Value, result.Value); Assert.Equal(request.Note, result.Note); AssertHelper.AssertRecent(result.RevisionDate); @@ -184,7 +184,7 @@ public async Task CreateWithoutProject_RunAsAdmin_Success() public async Task CreateWithDifferentProjectOrgId_RunAsAdmin_NotFound() { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var anotherOrg = await _organizationHelper.CreateSmOrganizationAsync(); var project = @@ -206,7 +206,7 @@ public async Task CreateWithDifferentProjectOrgId_RunAsAdmin_NotFound() public async Task CreateWithMultipleProjects_RunAsAdmin_BadRequest() { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var projectA = await _projectRepository.CreateAsync(new Project { OrganizationId = org.Id, Name = "123A" }); var projectB = await _projectRepository.CreateAsync(new Project { OrganizationId = org.Id, Name = "123B" }); @@ -227,8 +227,8 @@ public async Task CreateWithMultipleProjects_RunAsAdmin_BadRequest() public async Task CreateWithoutProject_RunAsUser_NotFound() { var (org, _) = await _organizationHelper.Initialize(true, true, true); - var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); + await _loginHelper.LoginAsync(email); var request = new SecretCreateRequestModel { @@ -247,9 +247,9 @@ public async Task CreateWithoutProject_RunAsUser_NotFound() public async Task CreateWithProject_Success(PermissionType permissionType) { var (org, orgAdminUser) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); - AccessClientType accessType = AccessClientType.NoAccessCheck; + var accessType = AccessClientType.NoAccessCheck; var project = await _projectRepository.CreateAsync(new Project() { @@ -263,12 +263,12 @@ public async Task CreateWithProject_Success(PermissionType permissionType) if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); accessType = AccessClientType.User; var accessPolicies = new List { - new Core.SecretsManager.Entities.UserProjectAccessPolicy + new UserProjectAccessPolicy { GrantedProjectId = project.Id, OrganizationUserId = orgUser.Id , Read = true, Write = true, }, @@ -292,7 +292,7 @@ public async Task CreateWithProject_Success(PermissionType permissionType) var secret = result.Secret; Assert.NotNull(secretResult); - Assert.Equal(secret.Id, secretResult!.Id); + Assert.Equal(secret.Id, secretResult.Id); Assert.Equal(secret.OrganizationId, secretResult.OrganizationId); Assert.Equal(secret.Key, secretResult.Key); Assert.Equal(secret.Value, secretResult.Value); @@ -312,7 +312,7 @@ public async Task CreateWithProject_Success(PermissionType permissionType) public async Task Get_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var secret = await _secretRepository.CreateAsync(new Secret { @@ -332,7 +332,7 @@ public async Task Get_SmAccessDenied_NotFound(bool useSecrets, bool accessSecret public async Task Get_Success(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var project = await _projectRepository.CreateAsync(new Project() { @@ -344,7 +344,7 @@ public async Task Get_Success(PermissionType permissionType) if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var accessPolicies = new List { @@ -357,8 +357,8 @@ public async Task Get_Success(PermissionType permissionType) } else { - var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.Admin, true); - await _clientTestHelper.LoginAsync(email); + var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.Admin, true); + await _loginHelper.LoginAsync(email); } var secret = await _secretRepository.CreateAsync(new Secret @@ -391,7 +391,7 @@ public async Task Get_Success(PermissionType permissionType) public async Task GetSecretsByProject_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var project = await _projectRepository.CreateAsync(new Project { @@ -407,8 +407,8 @@ public async Task GetSecretsByProject_SmAccessDenied_NotFound(bool useSecrets, b public async Task GetSecretsByProject_UserWithNoPermission_EmptyList() { var (org, _) = await _organizationHelper.Initialize(true, true, true); - var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); + await _loginHelper.LoginAsync(email); var project = await _projectRepository.CreateAsync(new Project() { @@ -417,7 +417,7 @@ public async Task GetSecretsByProject_UserWithNoPermission_EmptyList() Name = _mockEncryptedString }); - var secret = await _secretRepository.CreateAsync(new Secret + await _secretRepository.CreateAsync(new Secret { OrganizationId = org.Id, Key = _mockEncryptedString, @@ -430,8 +430,8 @@ public async Task GetSecretsByProject_UserWithNoPermission_EmptyList() response.EnsureSuccessStatusCode(); var result = await response.Content.ReadFromJsonAsync(); Assert.NotNull(result); - Assert.Empty(result!.Secrets); - Assert.Empty(result!.Projects); + Assert.Empty(result.Secrets); + Assert.Empty(result.Projects); } [Theory] @@ -440,7 +440,7 @@ public async Task GetSecretsByProject_UserWithNoPermission_EmptyList() public async Task GetSecretsByProject_Success(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var project = await _projectRepository.CreateAsync(new Project() { @@ -452,7 +452,7 @@ public async Task GetSecretsByProject_Success(PermissionType permissionType) if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var accessPolicies = new List { @@ -497,7 +497,7 @@ public async Task GetSecretsByProject_Success(PermissionType permissionType) public async Task Update_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var secret = await _secretRepository.CreateAsync(new Secret { @@ -577,7 +577,7 @@ public async Task Update_Success(PermissionType permissionType) public async Task UpdateWithDifferentProjectOrgId_RunAsAdmin_NotFound() { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var anotherOrg = await _organizationHelper.CreateSmOrganizationAsync(); var project = await _projectRepository.CreateAsync(new Project { Name = "123", OrganizationId = anotherOrg.Id }); @@ -606,7 +606,7 @@ public async Task UpdateWithDifferentProjectOrgId_RunAsAdmin_NotFound() public async Task UpdateWithMultipleProjects_BadRequest() { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var projectA = await _projectRepository.CreateAsync(new Project { OrganizationId = org.Id, Name = "123A" }); var projectB = await _projectRepository.CreateAsync(new Project { OrganizationId = org.Id, Name = "123B" }); @@ -642,7 +642,7 @@ public async Task UpdateWithMultipleProjects_BadRequest() public async Task Delete_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var secret = await _secretRepository.CreateAsync(new Secret { @@ -662,16 +662,16 @@ public async Task Delete_MissingAccessPolicy_AccessDenied() { var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); - var (_, secretIds) = await CreateSecretsAsync(org.Id, 3); + var (_, secretIds) = await CreateSecretsAsync(org.Id); var response = await _client.PostAsync("/secrets/delete", JsonContent.Create(secretIds)); var results = await response.Content.ReadFromJsonAsync>(); Assert.NotNull(results); Assert.Equal(secretIds.OrderBy(x => x), - results!.Data.Select(x => x.Id).OrderBy(x => x)); + results.Data.Select(x => x.Id).OrderBy(x => x)); Assert.All(results.Data, item => Assert.Equal("access denied", item.Error)); } @@ -682,14 +682,14 @@ public async Task Delete_MissingAccessPolicy_AccessDenied() public async Task Delete_Success(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var (project, secretIds) = await CreateSecretsAsync(org.Id); if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await LoginAsync(email); + await _loginHelper.LoginAsync(email); var accessPolicies = new List { @@ -706,8 +706,8 @@ public async Task Delete_Success(PermissionType permissionType) var results = await response.Content.ReadFromJsonAsync>(); Assert.NotNull(results?.Data); - Assert.Equal(secretIds.Count, results!.Data.Count()); - foreach (var result in results!.Data) + Assert.Equal(secretIds.Count, results.Data.Count()); + foreach (var result in results.Data) { Assert.Contains(result.Id, secretIds); Assert.Null(result.Error); @@ -728,7 +728,7 @@ public async Task Delete_Success(PermissionType permissionType) public async Task GetSecretsByIds_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var secret = await _secretRepository.CreateAsync(new Secret { @@ -750,14 +750,14 @@ public async Task GetSecretsByIds_SmAccessDenied_NotFound(bool useSecrets, bool public async Task GetSecretsByIds_Success(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var (project, secretIds) = await CreateSecretsAsync(org.Id); if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var accessPolicies = new List { @@ -771,7 +771,7 @@ public async Task GetSecretsByIds_Success(PermissionType permissionType) else { var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.Admin, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); } var request = new GetSecretsRequestModel { Ids = secretIds }; @@ -780,8 +780,8 @@ public async Task GetSecretsByIds_Success(PermissionType permissionType) response.EnsureSuccessStatusCode(); var result = await response.Content.ReadFromJsonAsync>(); Assert.NotNull(result); - Assert.NotEmpty(result!.Data); - Assert.Equal(secretIds.Count, result!.Data.Count()); + Assert.NotEmpty(result.Data); + Assert.Equal(secretIds.Count, result.Data.Count()); } private async Task<(Project Project, List secretIds)> CreateSecretsAsync(Guid orgId, int numberToCreate = 3) @@ -816,13 +816,13 @@ private async Task SetupProjectPermissionAndLoginAsync(PermissionType permission { case PermissionType.RunAsAdmin: { - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); break; } case PermissionType.RunAsUserWithPermission: { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var accessPolicies = new List { @@ -837,7 +837,7 @@ private async Task SetupProjectPermissionAndLoginAsync(PermissionType permission case PermissionType.RunAsServiceAccountWithPermission: { var apiKeyDetails = await _organizationHelper.CreateNewServiceAccountApiKeyAsync(); - await _clientTestHelper.LoginWithApiKeyAsync(apiKeyDetails); + await _loginHelper.LoginWithApiKeyAsync(apiKeyDetails); var accessPolicies = new List { diff --git a/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsManagerEventsControllerTests.cs b/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsManagerEventsControllerTests.cs index 4c053c3a2eb1..036e307d39f2 100644 --- a/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsManagerEventsControllerTests.cs +++ b/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsManagerEventsControllerTests.cs @@ -1,6 +1,7 @@ using System.Net; using System.Net.Http.Headers; using Bit.Api.IntegrationTest.Factories; +using Bit.Api.IntegrationTest.SecretsManager.Helpers; using Bit.Core.SecretsManager.Entities; using Bit.Core.SecretsManager.Repositories; using Xunit; diff --git a/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsManagerPortingControllerTests.cs b/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsManagerPortingControllerTests.cs index fe889f927522..ba41c1e8629d 100644 --- a/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsManagerPortingControllerTests.cs +++ b/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsManagerPortingControllerTests.cs @@ -1,6 +1,6 @@ using System.Net; using Bit.Api.IntegrationTest.Factories; -using Bit.Api.IntegrationTest.Helpers; +using Bit.Api.IntegrationTest.SecretsManager.Helpers; using Bit.Api.SecretsManager.Models.Request; using Xunit; @@ -10,7 +10,7 @@ public class SecretsManagerPortingControllerTests : IClassFixture(); var secretsList = new List(); @@ -67,7 +67,7 @@ public async Task Import_SmAccessDenied_NotFound(bool useSecrets, bool accessSec public async Task Export_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var response = await _client.GetAsync($"sm/{org.Id}/export"); Assert.Equal(HttpStatusCode.NotFound, response.StatusCode); diff --git a/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsTrashControllerTests.cs b/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsTrashControllerTests.cs index adc05cb881a3..76396bdd64a8 100644 --- a/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsTrashControllerTests.cs +++ b/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsTrashControllerTests.cs @@ -1,6 +1,6 @@ using System.Net; using Bit.Api.IntegrationTest.Factories; -using Bit.Api.IntegrationTest.Helpers; +using Bit.Api.IntegrationTest.SecretsManager.Helpers; using Bit.Api.SecretsManager.Models.Response; using Bit.Core.Enums; using Bit.Core.SecretsManager.Repositories; @@ -17,7 +17,7 @@ public class SecretsTrashControllerTests : IClassFixture, private readonly HttpClient _client; private readonly ApiApplicationFactory _factory; private readonly ISecretRepository _secretRepository; - private readonly ClientTestHelper _clientTestHelper; + private readonly LoginHelper _loginHelper; private string _email = null!; private SecretsManagerOrganizationHelper _organizationHelper = null!; @@ -27,7 +27,7 @@ public SecretsTrashControllerTests(ApiApplicationFactory factory) _factory = factory; _client = _factory.CreateClient(); _secretRepository = _factory.GetService(); - _clientTestHelper = new ClientTestHelper(_factory, _client); + _loginHelper = new LoginHelper(_factory, _client); } public async Task InitializeAsync() @@ -54,7 +54,7 @@ public Task DisposeAsync() public async Task ListByOrganization_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var response = await _client.GetAsync($"/secrets/{org.Id}/trash"); Assert.Equal(HttpStatusCode.NotFound, response.StatusCode); @@ -65,7 +65,7 @@ public async Task ListByOrganization_NotAdmin_Unauthorized() { var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var response = await _client.GetAsync($"/secrets/{org.Id}/trash"); Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode); @@ -75,7 +75,7 @@ public async Task ListByOrganization_NotAdmin_Unauthorized() public async Task ListByOrganization_Success() { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); await _secretRepository.CreateAsync(new Secret { @@ -110,7 +110,7 @@ public async Task ListByOrganization_Success() public async Task Empty_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var ids = new List { Guid.NewGuid() }; var response = await _client.PostAsJsonAsync($"/secrets/{org.Id}/trash/empty", ids); @@ -122,7 +122,7 @@ public async Task Empty_NotAdmin_Unauthorized() { var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var ids = new List { Guid.NewGuid() }; var response = await _client.PostAsJsonAsync($"/secrets/{org.Id}/trash/empty", ids); @@ -133,7 +133,7 @@ public async Task Empty_NotAdmin_Unauthorized() public async Task Empty_Invalid_NotFound() { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var secret = await _secretRepository.CreateAsync(new Secret { @@ -151,7 +151,7 @@ public async Task Empty_Invalid_NotFound() public async Task Empty_Success() { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var secret = await _secretRepository.CreateAsync(new Secret { @@ -177,7 +177,7 @@ public async Task Empty_Success() public async Task Restore_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var ids = new List { Guid.NewGuid() }; var response = await _client.PostAsJsonAsync($"/secrets/{org.Id}/trash/restore", ids); @@ -189,7 +189,7 @@ public async Task Restore_NotAdmin_Unauthorized() { var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var ids = new List { Guid.NewGuid() }; var response = await _client.PostAsJsonAsync($"/secrets/{org.Id}/trash/restore", ids); @@ -200,7 +200,7 @@ public async Task Restore_NotAdmin_Unauthorized() public async Task Restore_Invalid_NotFound() { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var secret = await _secretRepository.CreateAsync(new Secret { @@ -218,7 +218,7 @@ public async Task Restore_Invalid_NotFound() public async Task Restore_Success() { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var secret = await _secretRepository.CreateAsync(new Secret { diff --git a/test/Api.IntegrationTest/SecretsManager/Controllers/ServiceAccountsControllerTests.cs b/test/Api.IntegrationTest/SecretsManager/Controllers/ServiceAccountsControllerTests.cs index 3475e73277f8..f25005b26959 100644 --- a/test/Api.IntegrationTest/SecretsManager/Controllers/ServiceAccountsControllerTests.cs +++ b/test/Api.IntegrationTest/SecretsManager/Controllers/ServiceAccountsControllerTests.cs @@ -1,7 +1,7 @@ using System.Net; using Bit.Api.IntegrationTest.Factories; -using Bit.Api.IntegrationTest.Helpers; using Bit.Api.IntegrationTest.SecretsManager.Enums; +using Bit.Api.IntegrationTest.SecretsManager.Helpers; using Bit.Api.Models.Response; using Bit.Api.SecretsManager.Models.Request; using Bit.Api.SecretsManager.Models.Response; @@ -24,7 +24,7 @@ public class ServiceAccountsControllerTests : IClassFixture(); _accessPolicyRepository = _factory.GetService(); _apiKeyRepository = _factory.GetService(); - _clientTestHelper = new ClientTestHelper(_factory, _client); + _loginHelper = new LoginHelper(_factory, _client); } public async Task InitializeAsync() @@ -67,7 +67,7 @@ public Task DisposeAsync() public async Task ListByOrganization_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var response = await _client.GetAsync($"/organizations/{org.Id}/service-accounts"); Assert.Equal(HttpStatusCode.NotFound, response.StatusCode); @@ -77,7 +77,7 @@ public async Task ListByOrganization_SmAccessDenied_NotFound(bool useSecrets, bo public async Task ListByOrganization_Admin_Success() { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var serviceAccountIds = await SetupGetServiceAccountsByOrganizationAsync(org); @@ -86,7 +86,7 @@ public async Task ListByOrganization_Admin_Success() var result = await response.Content.ReadFromJsonAsync>(); Assert.NotNull(result); - Assert.NotEmpty(result!.Data); + Assert.NotEmpty(result.Data); Assert.Equal(serviceAccountIds.Count, result.Data.Count()); } @@ -95,7 +95,7 @@ public async Task ListByOrganization_User_Success() { var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var serviceAccountIds = await SetupGetServiceAccountsByOrganizationAsync(org); @@ -116,7 +116,7 @@ public async Task ListByOrganization_User_Success() var result = await response.Content.ReadFromJsonAsync>(); Assert.NotNull(result); - Assert.NotEmpty(result!.Data); + Assert.NotEmpty(result.Data); Assert.Equal(2, result.Data.Count()); } @@ -131,7 +131,7 @@ public async Task ListByOrganization_User_Success() public async Task GetByServiceAccountId_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -146,8 +146,8 @@ public async Task GetByServiceAccountId_SmAccessDenied_NotFound(bool useSecrets, [Fact] public async Task GetByServiceAccountId_ServiceAccountDoesNotExist_NotFound() { - var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _organizationHelper.Initialize(true, true, true); + await _loginHelper.LoginAsync(_email); var response = await _client.GetAsync($"/service-accounts/{new Guid()}"); Assert.Equal(HttpStatusCode.NotFound, response.StatusCode); @@ -158,7 +158,7 @@ public async Task GetByServiceAccountId_UserWithoutPermission_NotFound() { var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -181,7 +181,7 @@ public async Task GetByServiceAccountId_Success(PermissionType permissionType) response.EnsureSuccessStatusCode(); var result = await response.Content.ReadFromJsonAsync(); Assert.NotNull(result); - Assert.Equal(serviceAccount.Id, result!.Id); + Assert.Equal(serviceAccount.Id, result.Id); Assert.Equal(serviceAccount.OrganizationId, result.OrganizationId); Assert.Equal(serviceAccount.Name, result.Name); Assert.Equal(serviceAccount.CreationDate, result.CreationDate); @@ -199,7 +199,7 @@ public async Task GetByServiceAccountId_Success(PermissionType permissionType) public async Task Create_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var request = new ServiceAccountCreateRequestModel { Name = _mockEncryptedString }; @@ -213,7 +213,7 @@ public async Task Create_SmAccessDenied_NotFound(bool useSecrets, bool accessSec public async Task Create_Success(PermissionType permissionType) { var (org, adminOrgUser) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var orgUserId = adminOrgUser.Id; var currentUserId = adminOrgUser.UserId!.Value; @@ -221,7 +221,7 @@ public async Task Create_Success(PermissionType permissionType) if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); orgUserId = orgUser.Id; currentUserId = orgUser.UserId!.Value; } @@ -233,7 +233,7 @@ public async Task Create_Success(PermissionType permissionType) var result = await response.Content.ReadFromJsonAsync(); Assert.NotNull(result); - Assert.Equal(request.Name, result!.Name); + Assert.Equal(request.Name, result.Name); AssertHelper.AssertRecent(result.RevisionDate); AssertHelper.AssertRecent(result.CreationDate); @@ -266,7 +266,7 @@ public async Task Create_Success(PermissionType permissionType) public async Task Update_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var initialServiceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -285,7 +285,7 @@ public async Task Update_User_NoPermissions() { var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var initialServiceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -303,7 +303,7 @@ public async Task Update_User_NoPermissions() public async Task Update_NonExistingServiceAccount_NotFound() { await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var request = new ServiceAccountUpdateRequestModel { Name = _mockNewName }; @@ -324,7 +324,7 @@ public async Task Update_Success(PermissionType permissionType) response.EnsureSuccessStatusCode(); var result = await response.Content.ReadFromJsonAsync(); Assert.NotNull(result); - Assert.Equal(request.Name, result!.Name); + Assert.Equal(request.Name, result.Name); Assert.NotEqual(initialServiceAccount.Name, result.Name); AssertHelper.AssertRecent(result.RevisionDate); Assert.NotEqual(initialServiceAccount.RevisionDate, result.RevisionDate); @@ -349,7 +349,7 @@ public async Task Update_Success(PermissionType permissionType) public async Task Delete_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var initialServiceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -368,7 +368,7 @@ public async Task Delete_MissingAccessPolicy_AccessDenied() { var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -401,12 +401,12 @@ public async Task Delete_Success(PermissionType permissionType) if (permissionType == PermissionType.RunAsAdmin) { - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); } else { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); await _accessPolicyRepository.CreateManyAsync(new List { new UserServiceAccountAccessPolicy @@ -439,7 +439,7 @@ public async Task Delete_Success(PermissionType permissionType) public async Task GetAccessTokens_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -456,7 +456,7 @@ public async Task GetAccessTokens_UserNoPermission_NotFound() { var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -481,7 +481,7 @@ public async Task GetAccessTokens_UserNoPermission_NotFound() public async Task GetAccessTokens_Success(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -492,7 +492,7 @@ public async Task GetAccessTokens_Success(PermissionType permissionType) if (permissionType == PermissionType.RunAsUserWithPermission) { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); await _accessPolicyRepository.CreateManyAsync(new List { new UserServiceAccountAccessPolicy @@ -536,7 +536,7 @@ public async Task GetAccessTokens_Success(PermissionType permissionType) public async Task CreateAccessToken_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -561,7 +561,7 @@ public async Task CreateAccessToken_SmAccessDenied_NotFound(bool useSecrets, boo public async Task CreateAccessToken_Admin() { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -583,7 +583,7 @@ public async Task CreateAccessToken_Admin() var result = await response.Content.ReadFromJsonAsync(); Assert.NotNull(result); - Assert.Equal(request.Name, result!.Name); + Assert.Equal(request.Name, result.Name); Assert.NotNull(result.ClientSecret); Assert.Equal(mockExpiresAt, result.ExpireAt); AssertHelper.AssertRecent(result.RevisionDate); @@ -595,7 +595,7 @@ public async Task CreateAccessToken_User_WithPermission() { var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -619,7 +619,7 @@ public async Task CreateAccessToken_User_WithPermission() var result = await response.Content.ReadFromJsonAsync(); Assert.NotNull(result); - Assert.Equal(request.Name, result!.Name); + Assert.Equal(request.Name, result.Name); Assert.NotNull(result.ClientSecret); Assert.Equal(mockExpiresAt, result.ExpireAt); AssertHelper.AssertRecent(result.RevisionDate); @@ -631,7 +631,7 @@ public async Task CreateAccessToken_User_NoPermission() { var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -656,7 +656,7 @@ public async Task CreateAccessToken_User_NoPermission() public async Task CreateAccessToken_ExpireAtNull_Admin() { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -677,7 +677,7 @@ public async Task CreateAccessToken_ExpireAtNull_Admin() var result = await response.Content.ReadFromJsonAsync(); Assert.NotNull(result); - Assert.Equal(request.Name, result!.Name); + Assert.Equal(request.Name, result.Name); Assert.NotNull(result.ClientSecret); Assert.Null(result.ExpireAt); AssertHelper.AssertRecent(result.RevisionDate); @@ -695,7 +695,7 @@ public async Task CreateAccessToken_ExpireAtNull_Admin() public async Task RevokeAccessToken_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -726,7 +726,7 @@ public async Task RevokeAccessToken_User_NoPermission(bool hasReadAccess) { var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -778,12 +778,12 @@ public async Task RevokeAccessToken_Success(PermissionType permissionType) if (permissionType == PermissionType.RunAsAdmin) { - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); } else { var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); await _accessPolicyRepository.CreateManyAsync(new List { new UserServiceAccountAccessPolicy @@ -843,7 +843,7 @@ private async Task> SetupGetServiceAccountsByOrganizationAsync(Organi private async Task SetupServiceAccountWithAccessAsync(PermissionType permissionType) { var (org, _) = await _organizationHelper.Initialize(true, true, true); - await _clientTestHelper.LoginAsync(_email); + await _loginHelper.LoginAsync(_email); var initialServiceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount { @@ -857,7 +857,7 @@ private async Task SetupServiceAccountWithAccessAsync(Permission } var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); - await _clientTestHelper.LoginAsync(email); + await _loginHelper.LoginAsync(email); var accessPolicies = new List { diff --git a/test/Api.IntegrationTest/SecretsManager/Helpers/LoginHelper.cs b/test/Api.IntegrationTest/SecretsManager/Helpers/LoginHelper.cs new file mode 100644 index 000000000000..64e973017c9d --- /dev/null +++ b/test/Api.IntegrationTest/SecretsManager/Helpers/LoginHelper.cs @@ -0,0 +1,21 @@ +using System.Net.Http.Headers; +using Bit.Api.IntegrationTest.Factories; +using Bit.Core.SecretsManager.Models.Data; + +namespace Bit.Api.IntegrationTest.SecretsManager.Helpers; + +public class LoginHelper(ApiApplicationFactory factory, HttpClient client) +{ + public async Task LoginAsync(string email) + { + var tokens = await factory.LoginAsync(email); + client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token); + } + + public async Task LoginWithApiKeyAsync(ApiKeyClientSecretDetails apiKeyDetails) + { + var token = await factory.LoginWithClientSecretAsync(apiKeyDetails.ApiKey.Id, apiKeyDetails.ClientSecret); + client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token); + client.DefaultRequestHeaders.Add("service_account_id", apiKeyDetails.ApiKey.ServiceAccountId.ToString()); + } +} diff --git a/test/Api.IntegrationTest/SecretsManager/SecretsManagerOrganizationHelper.cs b/test/Api.IntegrationTest/SecretsManager/Helpers/SecretsManagerOrganizationHelper.cs similarity index 93% rename from test/Api.IntegrationTest/SecretsManager/SecretsManagerOrganizationHelper.cs rename to test/Api.IntegrationTest/SecretsManager/Helpers/SecretsManagerOrganizationHelper.cs index 5c32b5aba432..d2d03d979e98 100644 --- a/test/Api.IntegrationTest/SecretsManager/SecretsManagerOrganizationHelper.cs +++ b/test/Api.IntegrationTest/SecretsManager/Helpers/SecretsManagerOrganizationHelper.cs @@ -9,7 +9,7 @@ using Bit.Core.SecretsManager.Models.Data; using Bit.Core.SecretsManager.Repositories; -namespace Bit.Api.IntegrationTest.SecretsManager; +namespace Bit.Api.IntegrationTest.SecretsManager.Helpers; public class SecretsManagerOrganizationHelper { @@ -20,8 +20,8 @@ public class SecretsManagerOrganizationHelper private readonly IServiceAccountRepository _serviceAccountRepository; private readonly ICreateAccessTokenCommand _createAccessTokenCommand; - public Organization _organization = null!; - public OrganizationUser _owner = null!; + private Organization _organization = null!; + private OrganizationUser _owner = null!; public SecretsManagerOrganizationHelper(ApiApplicationFactory factory, string ownerEmail) { @@ -65,8 +65,7 @@ public async Task CreateSmOrganizationAsync() { var email = $"integration-test{Guid.NewGuid()}@bitwarden.com"; await _factory.LoginWithNewAccount(email); - var (organization, owner) = - await OrganizationTestHelpers.SignUpAsync(_factory, ownerEmail: email, billingEmail: email); + var (organization, _) = await OrganizationTestHelpers.SignUpAsync(_factory, ownerEmail: email, billingEmail: email); return organization; } From 222eb42293a26d4f52603d01a7eeed76294598cf Mon Sep 17 00:00:00 2001 From: Thomas Avery Date: Fri, 8 Mar 2024 16:55:40 -0600 Subject: [PATCH 4/4] don't use primary constructor --- .../SecretsManager/Helpers/LoginHelper.cs | 21 +++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/test/Api.IntegrationTest/SecretsManager/Helpers/LoginHelper.cs b/test/Api.IntegrationTest/SecretsManager/Helpers/LoginHelper.cs index 64e973017c9d..9de66bc11e3e 100644 --- a/test/Api.IntegrationTest/SecretsManager/Helpers/LoginHelper.cs +++ b/test/Api.IntegrationTest/SecretsManager/Helpers/LoginHelper.cs @@ -4,18 +4,27 @@ namespace Bit.Api.IntegrationTest.SecretsManager.Helpers; -public class LoginHelper(ApiApplicationFactory factory, HttpClient client) +public class LoginHelper { + private readonly HttpClient _client; + private readonly ApiApplicationFactory _factory; + + public LoginHelper(ApiApplicationFactory factory, HttpClient client) + { + _factory = factory; + _client = client; + } + public async Task LoginAsync(string email) { - var tokens = await factory.LoginAsync(email); - client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token); + var tokens = await _factory.LoginAsync(email); + _client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token); } public async Task LoginWithApiKeyAsync(ApiKeyClientSecretDetails apiKeyDetails) { - var token = await factory.LoginWithClientSecretAsync(apiKeyDetails.ApiKey.Id, apiKeyDetails.ClientSecret); - client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token); - client.DefaultRequestHeaders.Add("service_account_id", apiKeyDetails.ApiKey.ServiceAccountId.ToString()); + var token = await _factory.LoginWithClientSecretAsync(apiKeyDetails.ApiKey.Id, apiKeyDetails.ClientSecret); + _client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token); + _client.DefaultRequestHeaders.Add("service_account_id", apiKeyDetails.ApiKey.ServiceAccountId.ToString()); } }