mirror of
https://github.com/bitwarden/server.git
synced 2026-06-01 12:26:46 -05:00
963c160999
Introduces declarative authorization pattern for Provider-based endpoints following the same approach as the existing Organization authorization infrastructure. No production code behavior changes — handler and requirements are registered but not yet wired to any controllers. New: - IProviderRequirement: base interface for provider authorization requirements - ProviderRequirementHandler: central handler that resolves provider claims from route/context and delegates to requirement implementations - ProviderClaimsExtensions: helpers to parse provider membership from claims - ProviderAdminRequirement, ProviderUserRequirement, ManageProviderUsersRequirement - HttpContextExtensions.GetProviderId(): route param helper (mirrors GetOrganizationId) - DI registration for ProviderRequirementHandler - Unit tests for all new types
66 lines
2.3 KiB
C#
66 lines
2.3 KiB
C#
using System.Security.Claims;
|
|
using Bit.Api.AdminConsole.Authorization.Providers;
|
|
using Bit.Core.AdminConsole.Enums.Provider;
|
|
using Bit.Core.Auth.Identity;
|
|
using Bit.Test.Common.AutoFixture.Attributes;
|
|
using Xunit;
|
|
|
|
namespace Bit.Api.Test.AdminConsole.Authorization.Providers;
|
|
|
|
public class ProviderClaimsExtensionsTests
|
|
{
|
|
[Theory, BitAutoData]
|
|
public void GetCurrentContextProvider_WhenUserIsProviderAdmin_ReturnsProviderAdminClaims(Guid providerId)
|
|
{
|
|
var claims = new[] { new Claim(Claims.ProviderAdmin, providerId.ToString()) };
|
|
var claimsPrincipal = MakeClaimsPrincipal(claims);
|
|
|
|
var result = claimsPrincipal.GetCurrentContextProvider(providerId);
|
|
|
|
Assert.NotNull(result);
|
|
Assert.Equal(providerId, result.Id);
|
|
Assert.Equal(ProviderUserType.ProviderAdmin, result.Type);
|
|
}
|
|
|
|
[Theory, BitAutoData]
|
|
public void GetCurrentContextProvider_WhenUserIsServiceUser_ReturnsServiceUserClaims(Guid providerId)
|
|
{
|
|
var claims = new[] { new Claim(Claims.ProviderServiceUser, providerId.ToString()) };
|
|
var claimsPrincipal = MakeClaimsPrincipal(claims);
|
|
|
|
var result = claimsPrincipal.GetCurrentContextProvider(providerId);
|
|
|
|
Assert.NotNull(result);
|
|
Assert.Equal(providerId, result.Id);
|
|
Assert.Equal(ProviderUserType.ServiceUser, result.Type);
|
|
}
|
|
|
|
[Theory, BitAutoData]
|
|
public void GetCurrentContextProvider_WhenUserIsNotProviderMember_ReturnsNull(Guid providerId)
|
|
{
|
|
var claimsPrincipal = MakeClaimsPrincipal([]);
|
|
|
|
var result = claimsPrincipal.GetCurrentContextProvider(providerId);
|
|
|
|
Assert.Null(result);
|
|
}
|
|
|
|
[Theory, BitAutoData]
|
|
public void GetCurrentContextProvider_WhenClaimsContainDifferentProviderId_ReturnsNull(Guid providerId, Guid otherProviderId)
|
|
{
|
|
var claims = new[] { new Claim(Claims.ProviderAdmin, otherProviderId.ToString()) };
|
|
var claimsPrincipal = MakeClaimsPrincipal(claims);
|
|
|
|
var result = claimsPrincipal.GetCurrentContextProvider(providerId);
|
|
|
|
Assert.Null(result);
|
|
}
|
|
|
|
private static ClaimsPrincipal MakeClaimsPrincipal(IEnumerable<Claim> claims)
|
|
{
|
|
var principal = new ClaimsPrincipal();
|
|
principal.AddIdentities([new ClaimsIdentity(claims)]);
|
|
return principal;
|
|
}
|
|
}
|