bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2026-04-12 11:43:51 -05:00
Code Issues Packages Projects Releases 211 Wiki Activity
Files
rc
server/test/Api.Test/AdminConsole/Controllers/AdminConsoleControllersAuthorizationTests.cs
Thomas Rittson 524c5459d4 [PM-33819] Enforce use of authorize attributes (#7242) 
Add tests to ensure we are using authorize attributes

Also clean up non-compliant and deprecated methods on PoliciesController.
2026-03-24 09:46:57 +10:00

59 lines
2.4 KiB
C#
Raw Permalink Blame History

using Bit.Api.AdminConsole.Controllers;
using Bit.Api.Test.Utilities;
using Microsoft.AspNetCore.Mvc;
using Xunit;
namespace Bit.Api.Test.AdminConsole.Controllers;
public class AdminConsoleControllersAuthorizationTests
{
/// <summary>
/// Controllers that have not yet been migrated to use method-level authorization attributes.
/// TODO: Remove controllers from this list as they are migrated to use [Authorize] or [AllowAnonymous] on all methods.
/// </summary>
private static readonly HashSet<Type> _controllersNotYetMigrated =
[
typeof(GroupsController),
typeof(OrganizationAuthRequestsController),
typeof(OrganizationConnectionsController),
typeof(OrganizationDomainController),
typeof(OrganizationsController),
typeof(OrganizationUsersController),
typeof(ProviderClientsController),
typeof(ProviderOrganizationsController),
typeof(ProvidersController),
typeof(ProviderUsersController)
];
public static IEnumerable<object[]> GetAllAdminConsoleControllers()
{
// This is just a convenient way to get the assembly reference - it does
// not actually require that all controllers extend this base class
var assembly = typeof(BaseAdminConsoleController).Assembly;
return assembly.GetTypes()
.Where(t => t.IsClass
&& !t.IsAbstract
&& typeof(ControllerBase).IsAssignableFrom(t)
&& t.Namespace == "Bit.Api.AdminConsole.Controllers")
.Except(_controllersNotYetMigrated)
.Select(t => new object[] { t });
}
/// <summary>
/// Automatically finds all controllers in the Bit.Api.AdminConsole.Controllers namespace
/// and ensures that they have [Authorize] or [AllowAnonymous] attributes on all methods.
/// </summary>
/// <remarks>
/// See <see cref="_controllersNotYetMigrated"/> for an exemption list of existing controllers
/// that aren't using these attributes yet (but should be).
/// See <see cref="ControllerAuthorizationTestHelpers.AssertAllHttpMethodsHaveAuthorization"/>
/// for more information about what this test requires to pass.
/// </remarks>
[Theory]
[MemberData(nameof(GetAllAdminConsoleControllers))]
public void AllControllers_HaveAuthorizationOnAllMethods(Type controllerType)
{
ControllerAuthorizationTestHelpers.AssertAllHttpMethodsHaveAuthorization(controllerType);
}
}
Reference in New Issue View Git Blame Copy Permalink