bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2026-06-01 12:26:46 -05:00
Code Issues Packages Projects Releases 211 Wiki Activity
Files
ci/github-code-coverage-upload
server/test/Api.Test/AdminConsole/Authorization/Organizations/OrganizationClaimsExtensionsTests.cs
Thomas Rittson 963c160999 [PM-34595] Add provider authorization attributes (#7389) 
Introduces declarative authorization pattern for Provider-based endpoints
following the same approach as the existing Organization authorization
infrastructure. No production code behavior changes — handler and
requirements are registered but not yet wired to any controllers.

New:
- IProviderRequirement: base interface for provider authorization requirements
- ProviderRequirementHandler: central handler that resolves provider claims
  from route/context and delegates to requirement implementations
- ProviderClaimsExtensions: helpers to parse provider membership from claims
- ProviderAdminRequirement, ProviderUserRequirement, ManageProviderUsersRequirement
- HttpContextExtensions.GetProviderId(): route param helper (mirrors GetOrganizationId)
- DI registration for ProviderRequirementHandler
- Unit tests for all new types
2026-04-07 07:34:03 +10:00

61 lines
1.9 KiB
C#
Raw Permalink Blame History

using System.Security.Claims;
using Bit.Api.AdminConsole.Authorization;
using Bit.Core.Context;
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Test.AdminConsole.Helpers;
using Bit.Core.Utilities;
using Bit.Test.Common.AutoFixture.Attributes;
using Bit.Test.Common.Helpers;
using Xunit;
namespace Bit.Api.Test.AdminConsole.Authorization;
public class OrganizationClaimsExtensionsTests
{
[Theory, BitMemberAutoData(nameof(GetTestOrganizations))]
public void GetCurrentContextOrganization_ParsesOrganizationFromClaims(CurrentContextOrganization expected, User user)
{
var claims = CoreHelpers.BuildIdentityClaims(user, [expected], [], false)
.Select(c => new Claim(c.Key, c.Value));
var claimsPrincipal = new ClaimsPrincipal();
claimsPrincipal.AddIdentities([new ClaimsIdentity(claims)]);
var actual = claimsPrincipal.GetCurrentContextOrganization(expected.Id);
AssertHelper.AssertPropertyEqual(expected, actual);
}
public static IEnumerable<object[]> GetTestOrganizations()
{
var roles = new List<OrganizationUserType> { OrganizationUserType.Owner, OrganizationUserType.Admin, OrganizationUserType.User };
foreach (var role in roles)
{
yield return
[
new CurrentContextOrganization
{
Id = Guid.NewGuid(),
Type = role,
AccessSecretsManager = true
}
];
}
var permissions = PermissionsHelpers.GetAllPermissions();
foreach (var permission in permissions)
{
yield return
[
new CurrentContextOrganization
{
Id = Guid.NewGuid(),
Type = OrganizationUserType.Custom,
Permissions = permission
}
];
}
}
}
Reference in New Issue View Git Blame Copy Permalink