diff --git a/bitwarden_license/src/Commercial.Core/AdminConsole/Services/ProviderService.cs b/bitwarden_license/src/Commercial.Core/AdminConsole/Services/ProviderService.cs index 4e8a23cf4e75..5a6342a6d7ca 100644 --- a/bitwarden_license/src/Commercial.Core/AdminConsole/Services/ProviderService.cs +++ b/bitwarden_license/src/Commercial.Core/AdminConsole/Services/ProviderService.cs @@ -57,7 +57,6 @@ public class ProviderService : IProviderService private readonly IOrganizationService _organizationService; private readonly ICurrentContext _currentContext; private readonly IStripeAdapter _stripeAdapter; - private readonly IFeatureService _featureService; private readonly IDataProtectorTokenFactory _providerDeleteTokenDataFactory; private readonly IApplicationCacheService _applicationCacheService; private readonly IProviderBillingService _providerBillingService; @@ -70,7 +69,7 @@ public ProviderService(IProviderRepository providerRepository, IProviderUserRepo IUserService userService, IOrganizationService organizationService, IMailService mailService, IDataProtectionProvider dataProtectionProvider, IEventService eventService, IOrganizationRepository organizationRepository, GlobalSettings globalSettings, - ICurrentContext currentContext, IStripeAdapter stripeAdapter, IFeatureService featureService, + ICurrentContext currentContext, IStripeAdapter stripeAdapter, IDataProtectorTokenFactory providerDeleteTokenDataFactory, IApplicationCacheService applicationCacheService, IProviderBillingService providerBillingService, IPricingClient pricingClient, IProviderClientOrganizationSignUpCommand providerClientOrganizationSignUpCommand, @@ -89,7 +88,6 @@ public ProviderService(IProviderRepository providerRepository, IProviderUserRepo _dataProtector = dataProtectionProvider.CreateProtector("ProviderServiceDataProtector"); _currentContext = currentContext; _stripeAdapter = stripeAdapter; - _featureService = featureService; _providerDeleteTokenDataFactory = providerDeleteTokenDataFactory; _applicationCacheService = applicationCacheService; _providerBillingService = providerBillingService; @@ -123,16 +121,13 @@ public async Task CompleteSetupAsync(Provider provider, Guid ownerUser throw new BadRequestException("Invalid owner."); } - if (_featureService.IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)) - { - var organizationAutoConfirmPolicyRequirement = await _policyRequirementQuery - .GetAsync(ownerUserId); + var organizationAutoConfirmPolicyRequirement = await _policyRequirementQuery + .GetAsync(ownerUserId); - if (organizationAutoConfirmPolicyRequirement - .CannotCreateProvider()) - { - throw new BadRequestException(new UserCannotJoinProvider().Message); - } + if (organizationAutoConfirmPolicyRequirement + .CannotCreateProvider()) + { + throw new BadRequestException(new UserCannotJoinProvider().Message); } var customer = await _providerBillingService.SetupCustomer(provider, paymentMethod, billingAddress); @@ -267,16 +262,13 @@ public async Task AcceptUserAsync(Guid providerUserId, User user, throw new BadRequestException("User email does not match invite."); } - if (_featureService.IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)) - { - var organizationAutoConfirmPolicyRequirement = await _policyRequirementQuery - .GetAsync(user.Id); + var organizationAutoConfirmPolicyRequirement = await _policyRequirementQuery + .GetAsync(user.Id); - if (organizationAutoConfirmPolicyRequirement - .CannotJoinProvider()) - { - throw new BadRequestException(new UserCannotJoinProvider().Message); - } + if (organizationAutoConfirmPolicyRequirement + .CannotJoinProvider()) + { + throw new BadRequestException(new UserCannotJoinProvider().Message); } providerUser.Status = ProviderUserStatusType.Accepted; @@ -324,17 +316,14 @@ public async Task>> ConfirmUsersAsync(Guid prov throw new BadRequestException("Invalid user."); } - if (_featureService.IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)) - { - var organizationAutoConfirmPolicyRequirement = await _policyRequirementQuery - .GetAsync(user.Id); + var organizationAutoConfirmPolicyRequirement = await _policyRequirementQuery + .GetAsync(user.Id); - if (organizationAutoConfirmPolicyRequirement - .CannotJoinProvider()) - { - result.Add(Tuple.Create(providerUser, new UserCannotJoinProvider().Message)); - continue; - } + if (organizationAutoConfirmPolicyRequirement + .CannotJoinProvider()) + { + result.Add(Tuple.Create(providerUser, new UserCannotJoinProvider().Message)); + continue; } providerUser.Status = ProviderUserStatusType.Confirmed; diff --git a/bitwarden_license/test/Commercial.Core.Test/AdminConsole/Services/ProviderServiceTests.cs b/bitwarden_license/test/Commercial.Core.Test/AdminConsole/Services/ProviderServiceTests.cs index 7ec11894adbd..1553258755d7 100644 --- a/bitwarden_license/test/Commercial.Core.Test/AdminConsole/Services/ProviderServiceTests.cs +++ b/bitwarden_license/test/Commercial.Core.Test/AdminConsole/Services/ProviderServiceTests.cs @@ -1,6 +1,5 @@ using Bit.Commercial.Core.AdminConsole.Services; using Bit.Commercial.Core.Test.AdminConsole.AutoFixture; -using Bit.Core; using Bit.Core.AdminConsole.Entities; using Bit.Core.AdminConsole.Entities.Provider; using Bit.Core.AdminConsole.Enums.Provider; @@ -90,6 +89,10 @@ public async Task CompleteSetupAsync_Success(User user, Provider provider, strin var subscription = new Subscription { Id = "subscription_id" }; providerBillingService.SetupSubscription(provider).Returns(subscription); + sutProvider.GetDependency() + .GetAsync(user.Id) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); + sutProvider.Create(); var token = protector.Protect($"ProviderSetupInvite {provider.Id} {user.Email} {CoreHelpers.ToEpocMilliseconds(DateTime.UtcNow)}"); @@ -134,10 +137,6 @@ public async Task CompleteSetupAsync_WithAutoConfirmEnabled_ThrowsUserCannotJoin var subscription = new Subscription { Id = "subscription_id" }; providerBillingService.SetupSubscription(provider).Returns(subscription); - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - var policyDetails = new List { new() { OrganizationId = Guid.NewGuid(), IsProvider = false } }; var policyRequirement = new AutomaticUserConfirmationPolicyRequirement(policyDetails); sutProvider.GetDependency() @@ -630,6 +629,10 @@ public async Task AcceptUserAsync_Success( providerUser.Email = user.Email; var token = protector.Protect($"ProviderUserInvite {providerUser.Id} {user.Email} {CoreHelpers.ToEpocMilliseconds(DateTime.UtcNow)}"); + sutProvider.GetDependency() + .GetAsync(user.Id) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); + var pu = await sutProvider.Sut.AcceptUserAsync(providerUser.Id, user, token); Assert.Null(pu.Email); Assert.Equal(ProviderUserStatusType.Accepted, pu.Status); @@ -660,10 +663,6 @@ public async Task AcceptUserAsync_WithAutoConfirmEnabledAndPolicyExists_Throws( providerUser.Email = user.Email; var token = protector.Protect($"ProviderUserInvite {providerUser.Id} {user.Email} {CoreHelpers.ToEpocMilliseconds(DateTime.UtcNow)}"); - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - var policyDetails = new List { new() { OrganizationId = Guid.NewGuid(), IsProvider = false } @@ -703,10 +702,6 @@ public async Task AcceptUserAsync_WithAutoConfirmEnabledButNoPolicyExists_Succes providerUser.Email = user.Email; var token = protector.Protect($"ProviderUserInvite {providerUser.Id} {user.Email} {CoreHelpers.ToEpocMilliseconds(DateTime.UtcNow)}"); - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - var policyRequirement = new AutomaticUserConfirmationPolicyRequirement([]); sutProvider.GetDependency() .GetAsync(user.Id) @@ -721,47 +716,6 @@ public async Task AcceptUserAsync_WithAutoConfirmEnabledButNoPolicyExists_Succes Assert.Equal(user.Id, pu.UserId); } - [Theory, BitAutoData] - public async Task AcceptUserAsync_WithAutoConfirmDisabled_Success( - [ProviderUser(ProviderUserStatusType.Invited)] ProviderUser providerUser, - User user, - SutProvider sutProvider) - { - // Arrange - sutProvider.GetDependency() - .GetByIdAsync(providerUser.Id) - .Returns(providerUser); - - var protector = DataProtectionProvider - .Create("ApplicationName") - .CreateProtector("ProviderServiceDataProtector"); - - sutProvider.GetDependency() - .CreateProtector("ProviderServiceDataProtector") - .Returns(protector); - sutProvider.Create(); - - providerUser.Email = user.Email; - var token = protector.Protect($"ProviderUserInvite {providerUser.Id} {user.Email} {CoreHelpers.ToEpocMilliseconds(DateTime.UtcNow)}"); - - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(false); - - // Act - var pu = await sutProvider.Sut.AcceptUserAsync(providerUser.Id, user, token); - - // Assert - Assert.Null(pu.Email); - Assert.Equal(ProviderUserStatusType.Accepted, pu.Status); - Assert.Equal(user.Id, pu.UserId); - - // Verify that policy check was never called when feature flag is disabled - await sutProvider.GetDependency() - .DidNotReceive() - .GetAsync(user.Id); - } - [Theory, BitAutoData] public async Task ConfirmUsersAsync_NoValid( [ProviderUser(ProviderUserStatusType.Invited)] ProviderUser pu1, @@ -800,6 +754,10 @@ public async Task ConfirmUsersAsync_Success( var userRepository = sutProvider.GetDependency(); userRepository.GetManyAsync(default).ReturnsForAnyArgs(new[] { u1, u2, u3 }); + sutProvider.GetDependency() + .GetAsync(u2.Id) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); + var dict = providerUsers.ToDictionary(pu => pu.Id, _ => "key"); var result = await sutProvider.Sut.ConfirmUsersAsync(pu1.ProviderId, dict, user.Id); @@ -823,10 +781,6 @@ public async Task ConfirmUsersAsync_WithAutoConfirmEnabledAndPolicyExists_Return sutProvider.GetDependency().GetByIdAsync(provider.Id).Returns(provider); sutProvider.GetDependency().GetManyAsync([]).ReturnsForAnyArgs([u1]); - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - var policyDetails = new List { new() { OrganizationId = Guid.NewGuid(), IsProvider = false } @@ -864,10 +818,6 @@ public async Task ConfirmUsersAsync_WithAutoConfirmEnabledButNoPolicyExists_Succ sutProvider.GetDependency().GetByIdAsync(provider.Id).Returns(provider); sutProvider.GetDependency().GetManyAsync([]).ReturnsForAnyArgs([u1]); - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - var policyRequirement = new AutomaticUserConfirmationPolicyRequirement(new List()); sutProvider.GetDependency() .GetAsync(u1.Id) @@ -887,45 +837,6 @@ await providerUserRepository.Received(1).ReplaceAsync(Arg.Is(pu => pu.Status == ProviderUserStatusType.Confirmed)); } - [Theory, BitAutoData] - public async Task ConfirmUsersAsync_WithAutoConfirmDisabled_Success( - [ProviderUser(ProviderUserStatusType.Accepted)] ProviderUser pu1, User u1, - Provider provider, User confirmingUser, SutProvider sutProvider) - { - // Arrange - pu1.ProviderId = provider.Id; - pu1.UserId = u1.Id; - var providerUsers = new[] { pu1 }; - - var providerUserRepository = sutProvider.GetDependency(); - providerUserRepository.GetManyAsync([]).ReturnsForAnyArgs(providerUsers); - - sutProvider.GetDependency().GetByIdAsync(provider.Id).Returns(provider); - sutProvider.GetDependency().GetManyAsync([]).ReturnsForAnyArgs([u1]); - - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(false); - - var dict = providerUsers.ToDictionary(pu => pu.Id, _ => "key"); - - // Act - var result = await sutProvider.Sut.ConfirmUsersAsync(pu1.ProviderId, dict, confirmingUser.Id); - - // Assert - Assert.Single(result); - Assert.Equal("", result[0].Item2); - - // Verify user was confirmed - await providerUserRepository.Received(1).ReplaceAsync(Arg.Is(pu => - pu.Status == ProviderUserStatusType.Confirmed)); - - // Verify that policy check was never called when feature flag is disabled - await sutProvider.GetDependency() - .DidNotReceive() - .GetAsync(Arg.Any()); - } - [Theory, BitAutoData] public async Task SaveUserAsync_UserIdIsInvalid_Throws(ProviderUser providerUser, SutProvider sutProvider) diff --git a/src/Admin/AdminConsole/Views/Shared/_OrganizationForm.cshtml b/src/Admin/AdminConsole/Views/Shared/_OrganizationForm.cshtml index 07e41f9bec5c..4ef8118aed3e 100644 --- a/src/Admin/AdminConsole/Views/Shared/_OrganizationForm.cshtml +++ b/src/Admin/AdminConsole/Views/Shared/_OrganizationForm.cshtml @@ -160,13 +160,10 @@ - @if(FeatureService.IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)) - { -
- - -
- } +
+ + +

Password Manager

diff --git a/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs b/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs index 1a96296bc768..3ade91914be8 100644 --- a/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs +++ b/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs @@ -807,7 +807,6 @@ public async Task PatchBulkEnableSecretsManagerAsync(Guid orgId, [HttpPost("{id}/auto-confirm")] [Authorize] - [RequireFeature(FeatureFlagKeys.AutomaticConfirmUsers)] public async Task AutomaticallyConfirmOrganizationUserAsync([FromRoute] Guid orgId, [FromRoute] Guid id, [FromBody] OrganizationUserConfirmRequestModel model) diff --git a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AcceptOrgUserCommand.cs b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AcceptOrgUserCommand.cs index d9422ac66aff..68b5c76101f1 100644 --- a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AcceptOrgUserCommand.cs +++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AcceptOrgUserCommand.cs @@ -28,7 +28,6 @@ public class AcceptOrgUserCommand : IAcceptOrgUserCommand private readonly IUserRepository _userRepository; private readonly ITwoFactorIsEnabledQuery _twoFactorIsEnabledQuery; private readonly IDataProtectorTokenFactory _orgUserInviteTokenDataFactory; - private readonly IFeatureService _featureService; private readonly IPolicyRequirementQuery _policyRequirementQuery; private readonly IAutomaticUserConfirmationPolicyEnforcementValidator _automaticUserConfirmationPolicyEnforcementValidator; private readonly IPushAutoConfirmNotificationCommand _pushAutoConfirmNotificationCommand; @@ -41,7 +40,6 @@ public AcceptOrgUserCommand( IUserRepository userRepository, ITwoFactorIsEnabledQuery twoFactorIsEnabledQuery, IDataProtectorTokenFactory orgUserInviteTokenDataFactory, - IFeatureService featureService, IPolicyRequirementQuery policyRequirementQuery, IAutomaticUserConfirmationPolicyEnforcementValidator automaticUserConfirmationPolicyEnforcementValidator, IPushAutoConfirmNotificationCommand pushAutoConfirmNotificationCommand, @@ -53,7 +51,6 @@ public AcceptOrgUserCommand( _userRepository = userRepository; _twoFactorIsEnabledQuery = twoFactorIsEnabledQuery; _orgUserInviteTokenDataFactory = orgUserInviteTokenDataFactory; - _featureService = featureService; _policyRequirementQuery = policyRequirementQuery; _automaticUserConfirmationPolicyEnforcementValidator = automaticUserConfirmationPolicyEnforcementValidator; _pushAutoConfirmNotificationCommand = pushAutoConfirmNotificationCommand; @@ -169,10 +166,7 @@ public async Task AcceptOrgUserAsync(OrganizationUser orgUser, var allOrgUsers = await _organizationUserRepository.GetManyByUserAsync(user.Id); - if (_featureService.IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)) - { - await HandleAutomaticUserConfirmationPolicyAsync(orgUser, allOrgUsers, user); - } + await HandleAutomaticUserConfirmationPolicyAsync(orgUser, allOrgUsers, user); await ValidateSingleOrganizationPolicyAsync(orgUser, allOrgUsers, user); @@ -194,10 +188,7 @@ public async Task AcceptOrgUserAsync(OrganizationUser orgUser, await _mailService.SendOrganizationAcceptedEmailAsync(organization, user.Email, adminEmails); } - if (_featureService.IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)) - { - await _pushAutoConfirmNotificationCommand.PushAsync(user.Id, orgUser.OrganizationId); - } + await _pushAutoConfirmNotificationCommand.PushAsync(user.Id, orgUser.OrganizationId); return orgUser; } diff --git a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/ConfirmOrganizationUserCommand.cs b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/ConfirmOrganizationUserCommand.cs index 985987380b2f..4b43b01880e1 100644 --- a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/ConfirmOrganizationUserCommand.cs +++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/ConfirmOrganizationUserCommand.cs @@ -31,7 +31,6 @@ public class ConfirmOrganizationUserCommand : IConfirmOrganizationUserCommand private readonly IPushRegistrationService _pushRegistrationService; private readonly IDeviceRepository _deviceRepository; private readonly IPolicyRequirementQuery _policyRequirementQuery; - private readonly IFeatureService _featureService; private readonly ICollectionRepository _collectionRepository; private readonly IAutomaticUserConfirmationPolicyEnforcementValidator _automaticUserConfirmationPolicyEnforcementValidator; private readonly ISendOrganizationConfirmationCommand _sendOrganizationConfirmationCommand; @@ -47,7 +46,6 @@ public ConfirmOrganizationUserCommand( IPushRegistrationService pushRegistrationService, IDeviceRepository deviceRepository, IPolicyRequirementQuery policyRequirementQuery, - IFeatureService featureService, ICollectionRepository collectionRepository, IAutomaticUserConfirmationPolicyEnforcementValidator automaticUserConfirmationPolicyEnforcementValidator, ISendOrganizationConfirmationCommand sendOrganizationConfirmationCommand, @@ -62,7 +60,6 @@ public ConfirmOrganizationUserCommand( _pushRegistrationService = pushRegistrationService; _deviceRepository = deviceRepository; _policyRequirementQuery = policyRequirementQuery; - _featureService = featureService; _collectionRepository = collectionRepository; _automaticUserConfirmationPolicyEnforcementValidator = automaticUserConfirmationPolicyEnforcementValidator; _sendOrganizationConfirmationCommand = sendOrganizationConfirmationCommand; @@ -188,31 +185,28 @@ private async Task CheckPoliciesAsync(Guid organizationId, User user, // Enforce Two Factor Authentication Policy for this organization await ValidateTwoFactorAuthenticationPolicyAsync(user, organizationId, userTwoFactorEnabled); - if (_featureService.IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)) + var policyRequirement = await _policyRequirementQuery.GetAsync( + user.Id); + + var error = (await _automaticUserConfirmationPolicyEnforcementValidator.IsCompliantAsync( + new AutomaticUserConfirmationPolicyEnforcementRequest( + organizationId, + orgUsers, + user), + policyRequirement)) + .Match( + error => new BadRequestException(error.Message), + _ => null + ); + + if (error is not null) { - var policyRequirement = await _policyRequirementQuery.GetAsync( - user.Id); - - var error = (await _automaticUserConfirmationPolicyEnforcementValidator.IsCompliantAsync( - new AutomaticUserConfirmationPolicyEnforcementRequest( - organizationId, - orgUsers, - user), - policyRequirement)) - .Match( - error => new BadRequestException(error.Message), - _ => null - ); - - if (error is not null) - { - throw error; - } + throw error; + } - if (policyRequirement.IsEnabled(organizationId)) - { - await _deleteEmergencyAccessCommand.DeleteAllByUserIdAsync(user.Id); - } + if (policyRequirement.IsEnabled(organizationId)) + { + await _deleteEmergencyAccessCommand.DeleteAllByUserIdAsync(user.Id); } var singleOrgRequirement = await _policyRequirementQuery.GetAsync(user.Id); diff --git a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/RestoreUser/v1/RestoreOrganizationUserCommand.cs b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/RestoreUser/v1/RestoreOrganizationUserCommand.cs index 01cb4a203d26..936e328e74c1 100644 --- a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/RestoreUser/v1/RestoreOrganizationUserCommand.cs +++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/RestoreUser/v1/RestoreOrganizationUserCommand.cs @@ -28,7 +28,6 @@ public class RestoreOrganizationUserCommand( ITwoFactorIsEnabledQuery twoFactorIsEnabledQuery, IUserRepository userRepository, IOrganizationService organizationService, - IFeatureService featureService, IPolicyRequirementQuery policyRequirementQuery, ICollectionRepository collectionRepository, IAutomaticUserConfirmationPolicyEnforcementValidator automaticUserConfirmationPolicyEnforcementValidator, @@ -341,30 +340,27 @@ private async Task CheckPoliciesBeforeRestoreAsync(OrganizationUser orgUser, boo throw new BadRequestException(user.Email + " is not compliant with the two-step login policy"); } - if (featureService.IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)) - { - var policyRequirement = await policyRequirementQuery.GetAsync( - user.Id); + var policyRequirement = await policyRequirementQuery.GetAsync( + user.Id); - var validationResult = await automaticUserConfirmationPolicyEnforcementValidator.IsCompliantAsync( - new AutomaticUserConfirmationPolicyEnforcementRequest(orgUser.OrganizationId, allOrgUsers, user!), - policyRequirement); + var validationResult = await automaticUserConfirmationPolicyEnforcementValidator.IsCompliantAsync( + new AutomaticUserConfirmationPolicyEnforcementRequest(orgUser.OrganizationId, allOrgUsers, user!), + policyRequirement); - var badRequestException = validationResult.Match( - error => new BadRequestException(user.Email + - " is not compliant with the automatic user confirmation policy: " + - error.Message), - _ => null); + var badRequestException = validationResult.Match( + error => new BadRequestException(user.Email + + " is not compliant with the automatic user confirmation policy: " + + error.Message), + _ => null); - if (badRequestException is not null) - { - throw badRequestException; - } + if (badRequestException is not null) + { + throw badRequestException; + } - if (policyRequirement.IsEnabled(orgUser.OrganizationId)) - { - await deleteEmergencyAccessCommand.DeleteAllByUserIdAsync(user.Id); - } + if (policyRequirement.IsEnabled(orgUser.OrganizationId)) + { + await deleteEmergencyAccessCommand.DeleteAllByUserIdAsync(user.Id); } } diff --git a/src/Core/AdminConsole/OrganizationFeatures/Organizations/CloudOrganizationSignUpCommand.cs b/src/Core/AdminConsole/OrganizationFeatures/Organizations/CloudOrganizationSignUpCommand.cs index 8fb98ee7dd0a..fcea23174396 100644 --- a/src/Core/AdminConsole/OrganizationFeatures/Organizations/CloudOrganizationSignUpCommand.cs +++ b/src/Core/AdminConsole/OrganizationFeatures/Organizations/CloudOrganizationSignUpCommand.cs @@ -43,8 +43,7 @@ public class CloudOrganizationSignUpCommand( ICollectionRepository collectionRepository, IDeviceRepository deviceRepository, IPricingClient pricingClient, - IPolicyRequirementQuery policyRequirementQuery, - IFeatureService featureService) : ICloudOrganizationSignUpCommand + IPolicyRequirementQuery policyRequirementQuery) : ICloudOrganizationSignUpCommand { public async Task SignUpOrganizationAsync(OrganizationSignup signup) { @@ -239,15 +238,12 @@ private static void ValidatePlan(Plan plan, int additionalSeats, string productT private async Task ValidateSignUpPoliciesAsync(Guid ownerId) { - if (featureService.IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)) - { - var requirement = await policyRequirementQuery.GetAsync(ownerId); + var requirement = await policyRequirementQuery.GetAsync(ownerId); - if (requirement.CannotCreateNewOrganization()) - { - throw new BadRequestException("You may not create an organization. You belong to an organization " + - "which has a policy that prohibits you from being a member of any other organization."); - } + if (requirement.CannotCreateNewOrganization()) + { + throw new BadRequestException("You may not create an organization. You belong to an organization " + + "which has a policy that prohibits you from being a member of any other organization."); } var singleOrgRequirement = await policyRequirementQuery.GetAsync(ownerId); diff --git a/src/Core/AdminConsole/OrganizationFeatures/Organizations/InitPendingOrganizationValidator.cs b/src/Core/AdminConsole/OrganizationFeatures/Organizations/InitPendingOrganizationValidator.cs index 0dde516f50e4..d94d9ca232f7 100644 --- a/src/Core/AdminConsole/OrganizationFeatures/Organizations/InitPendingOrganizationValidator.cs +++ b/src/Core/AdminConsole/OrganizationFeatures/Organizations/InitPendingOrganizationValidator.cs @@ -11,7 +11,6 @@ using Bit.Core.Entities; using Bit.Core.Enums; using Bit.Core.Repositories; -using Bit.Core.Services; using Bit.Core.Tokens; using static Bit.Core.AdminConsole.Utilities.v2.Validation.ValidationResultHelpers; using Error = Bit.Core.AdminConsole.Utilities.v2.Error; @@ -30,7 +29,6 @@ Task> ValidateAsync( public class InitPendingOrganizationValidator : IInitPendingOrganizationValidator { private readonly IDataProtectorTokenFactory _orgUserInviteTokenDataFactory; - private readonly IFeatureService _featureService; private readonly IPolicyService _policyService; private readonly IPolicyRequirementQuery _policyRequirementQuery; private readonly ITwoFactorIsEnabledQuery _twoFactorIsEnabledQuery; @@ -38,14 +36,12 @@ public class InitPendingOrganizationValidator : IInitPendingOrganizationValidato public InitPendingOrganizationValidator( IDataProtectorTokenFactory orgUserInviteTokenDataFactory, - IFeatureService featureService, IPolicyService policyService, IPolicyRequirementQuery policyRequirementQuery, ITwoFactorIsEnabledQuery twoFactorIsEnabledQuery, IOrganizationUserRepository organizationUserRepository) { _orgUserInviteTokenDataFactory = orgUserInviteTokenDataFactory; - _featureService = featureService; _policyService = policyService; _policyRequirementQuery = policyRequirementQuery; _twoFactorIsEnabledQuery = twoFactorIsEnabledQuery; @@ -143,13 +139,10 @@ private bool ValidateInviteToken(OrganizationUser orgUser, User user, string ema private async Task ValidatePoliciesAsync(User user, Guid organizationId) { - if (_featureService.IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)) + var autoConfirmReq = await _policyRequirementQuery.GetAsync(user.Id); + if (autoConfirmReq.CannotCreateNewOrganization()) { - var autoConfirmReq = await _policyRequirementQuery.GetAsync(user.Id); - if (autoConfirmReq.CannotCreateNewOrganization()) - { - return new SingleOrgPolicyViolationError(); - } + return new SingleOrgPolicyViolationError(); } var anySingleOrgPolicies = await _policyService.AnyPoliciesApplicableToUserAsync(user.Id, PolicyType.SingleOrg); diff --git a/src/Core/AdminConsole/OrganizationFeatures/Organizations/SelfHostedOrganizationSignUpCommand.cs b/src/Core/AdminConsole/OrganizationFeatures/Organizations/SelfHostedOrganizationSignUpCommand.cs index 2347eeadba1a..c408d4faa26d 100644 --- a/src/Core/AdminConsole/OrganizationFeatures/Organizations/SelfHostedOrganizationSignUpCommand.cs +++ b/src/Core/AdminConsole/OrganizationFeatures/Organizations/SelfHostedOrganizationSignUpCommand.cs @@ -31,7 +31,6 @@ public class SelfHostedOrganizationSignUpCommand : ISelfHostedOrganizationSignUp private readonly ILicensingService _licensingService; private readonly IGlobalSettings _globalSettings; private readonly IStripePaymentService _paymentService; - private readonly IFeatureService _featureService; private readonly IPolicyRequirementQuery _policyRequirementQuery; public SelfHostedOrganizationSignUpCommand( @@ -46,7 +45,6 @@ public SelfHostedOrganizationSignUpCommand( ILicensingService licensingService, IGlobalSettings globalSettings, IStripePaymentService paymentService, - IFeatureService featureService, IPolicyRequirementQuery policyRequirementQuery) { _organizationRepository = organizationRepository; @@ -60,7 +58,6 @@ public SelfHostedOrganizationSignUpCommand( _licensingService = licensingService; _globalSettings = globalSettings; _paymentService = paymentService; - _featureService = featureService; _policyRequirementQuery = policyRequirementQuery; } @@ -107,15 +104,12 @@ public SelfHostedOrganizationSignUpCommand( private async Task ValidateSignUpPoliciesAsync(Guid ownerId) { - if (_featureService.IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)) - { - var requirement = await _policyRequirementQuery.GetAsync(ownerId); + var requirement = await _policyRequirementQuery.GetAsync(ownerId); - if (requirement.CannotCreateNewOrganization()) - { - throw new BadRequestException("You may not create an organization. You belong to an organization " + - "which has a policy that prohibits you from being a member of any other organization."); - } + if (requirement.CannotCreateNewOrganization()) + { + throw new BadRequestException("You may not create an organization. You belong to an organization " + + "which has a policy that prohibits you from being a member of any other organization."); } var singleOrgRequirement = await _policyRequirementQuery.GetAsync(ownerId); diff --git a/src/Core/Auth/UserFeatures/EmergencyAccess/EmergencyAccessService.cs b/src/Core/Auth/UserFeatures/EmergencyAccess/EmergencyAccessService.cs index 6719be0b5190..f596dc471b62 100644 --- a/src/Core/Auth/UserFeatures/EmergencyAccess/EmergencyAccessService.cs +++ b/src/Core/Auth/UserFeatures/EmergencyAccess/EmergencyAccessService.cs @@ -35,7 +35,6 @@ public class EmergencyAccessService : IEmergencyAccessService private readonly GlobalSettings _globalSettings; private readonly IDataProtectorTokenFactory _dataProtectorTokenizer; private readonly IRemoveOrganizationUserCommand _removeOrganizationUserCommand; - private readonly IFeatureService _featureService; private readonly IPolicyRequirementQuery _policyRequirementQuery; public EmergencyAccessService( @@ -50,7 +49,6 @@ public EmergencyAccessService( GlobalSettings globalSettings, IDataProtectorTokenFactory dataProtectorTokenizer, IRemoveOrganizationUserCommand removeOrganizationUserCommand, - IFeatureService featureService, IPolicyRequirementQuery policyRequirementQuery) { _emergencyAccessRepository = emergencyAccessRepository; @@ -64,7 +62,6 @@ public EmergencyAccessService( _globalSettings = globalSettings; _dataProtectorTokenizer = dataProtectorTokenizer; _removeOrganizationUserCommand = removeOrganizationUserCommand; - _featureService = featureService; _policyRequirementQuery = policyRequirementQuery; } @@ -85,15 +82,12 @@ public EmergencyAccessService( throw new BadRequestException("You cannot use Emergency Access Takeover because you are using Key Connector."); } - if (_featureService.IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)) - { - var requirement = await _policyRequirementQuery - .GetAsync(grantorUser.Id); + var requirement = await _policyRequirementQuery + .GetAsync(grantorUser.Id); - if (requirement.GrantorCannotInviteToEmergencyAccess()) - { - throw new BadRequestException("You cannot invite emergency contacts because you are a member of an organization that uses Automatic User Confirmation."); - } + if (requirement.GrantorCannotInviteToEmergencyAccess()) + { + throw new BadRequestException("You cannot invite emergency contacts because you are a member of an organization that uses Automatic User Confirmation."); } var emergencyAccess = new Entities.EmergencyAccess @@ -154,15 +148,12 @@ public async Task ResendInviteAsync(User grantorUser, Guid emergencyAccessId) throw new BadRequestException("Invalid token."); } - if (_featureService.IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)) - { - var requirement = await _policyRequirementQuery - .GetAsync(granteeUser.Id); + var granteeRequirement = await _policyRequirementQuery + .GetAsync(granteeUser.Id); - if (requirement.GranteeCannotAcceptEmergencyAccess()) - { - throw new BadRequestException("You cannot accept emergency access invitations because you are a member of an organization that uses Automatic User Confirmation."); - } + if (granteeRequirement.GranteeCannotAcceptEmergencyAccess()) + { + throw new BadRequestException("You cannot accept emergency access invitations because you are a member of an organization that uses Automatic User Confirmation."); } if (emergencyAccess.Status == EmergencyAccessStatusType.Accepted) diff --git a/test/Api.IntegrationTest/AdminConsole/Controllers/OrganizationUserControllerAutoConfirmTests.cs b/test/Api.IntegrationTest/AdminConsole/Controllers/OrganizationUserControllerAutoConfirmTests.cs index 96da60d6bdf3..37c71a861bb6 100644 --- a/test/Api.IntegrationTest/AdminConsole/Controllers/OrganizationUserControllerAutoConfirmTests.cs +++ b/test/Api.IntegrationTest/AdminConsole/Controllers/OrganizationUserControllerAutoConfirmTests.cs @@ -2,7 +2,6 @@ using Bit.Api.AdminConsole.Models.Request.Organizations; using Bit.Api.IntegrationTest.Factories; using Bit.Api.IntegrationTest.Helpers; -using Bit.Core; using Bit.Core.AdminConsole.Entities; using Bit.Core.AdminConsole.Enums; using Bit.Core.AdminConsole.Repositories; @@ -10,8 +9,6 @@ using Bit.Core.Enums; using Bit.Core.Models.Data; using Bit.Core.Repositories; -using Bit.Core.Services; -using NSubstitute; using Xunit; namespace Bit.Api.IntegrationTest.AdminConsole.Controllers; @@ -29,12 +26,6 @@ public class OrganizationUserControllerAutoConfirmTests : IClassFixture(featureService => - { - featureService - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - }); _client = _factory.CreateClient(); _loginHelper = new LoginHelper(_factory, _client); } diff --git a/test/Api.Test/AdminConsole/Controllers/OrganizationUsersControllerTests.cs b/test/Api.Test/AdminConsole/Controllers/OrganizationUsersControllerTests.cs index 956a4037ce4b..38ed67f16b4d 100644 --- a/test/Api.Test/AdminConsole/Controllers/OrganizationUsersControllerTests.cs +++ b/test/Api.Test/AdminConsole/Controllers/OrganizationUsersControllerTests.cs @@ -712,10 +712,6 @@ public async Task AutomaticallyConfirmOrganizationUserAsync_UserIdNull_ReturnsUn SutProvider sutProvider) { // Arrange - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - sutProvider.GetDependency() .GetProperUserId(Arg.Any()) .Returns((Guid?)null); @@ -736,10 +732,6 @@ public async Task AutomaticallyConfirmOrganizationUserAsync_UserIdEmpty_ReturnsU SutProvider sutProvider) { // Arrange - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - sutProvider.GetDependency() .GetProperUserId(Arg.Any()) .Returns(Guid.Empty); @@ -761,10 +753,6 @@ public async Task AutomaticallyConfirmOrganizationUserAsync_Success_ReturnsOk( SutProvider sutProvider) { // Arrange - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - sutProvider.GetDependency() .GetProperUserId(Arg.Any()) .Returns(userId); @@ -794,10 +782,6 @@ public async Task AutomaticallyConfirmOrganizationUserAsync_NotFoundError_Return SutProvider sutProvider) { // Arrange - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - sutProvider.GetDependency() .GetProperUserId(Arg.Any()) .Returns(userId); @@ -829,10 +813,6 @@ public async Task AutomaticallyConfirmOrganizationUserAsync_BadRequestError_Retu SutProvider sutProvider) { // Arrange - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - sutProvider.GetDependency() .GetProperUserId(Arg.Any()) .Returns(userId); @@ -864,10 +844,6 @@ public async Task AutomaticallyConfirmOrganizationUserAsync_InternalError_Return SutProvider sutProvider) { // Arrange - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - sutProvider.GetDependency() .GetProperUserId(Arg.Any()) .Returns(userId); diff --git a/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/AcceptOrgUserCommandTests.cs b/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/AcceptOrgUserCommandTests.cs index 2d8971b8f541..ff812a5bda41 100644 --- a/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/AcceptOrgUserCommandTests.cs +++ b/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/AcceptOrgUserCommandTests.cs @@ -718,10 +718,6 @@ public async Task AcceptOrgUserAsync_WithAutoConfirmIsEnabledAndFailsCompliance_ // Arrange SetupCommonAcceptOrgUserMocks(sutProvider, user, org, orgUser, adminUserDetails); - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - sutProvider.GetDependency() .IsCompliantAsync(Arg.Any(), Arg.Any()) .Returns(Invalid( @@ -752,10 +748,6 @@ public async Task AcceptOrgUserAsync_WithAutoConfirmPolicyEnabled_DeletesEmergen // Arrange SetupCommonAcceptOrgUserMocks(sutProvider, user, org, orgUser, adminUserDetails); - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - sutProvider.GetDependency() .GetAsync(user.Id) .Returns(new AutomaticUserConfirmationPolicyRequirement([new PolicyDetails { OrganizationId = org.Id }])); @@ -782,10 +774,6 @@ public async Task AcceptOrgUserAsync_WithAutoConfirmPolicyNotEnabled_DoesNotDele // Arrange SetupCommonAcceptOrgUserMocks(sutProvider, user, org, orgUser, adminUserDetails); - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - sutProvider.GetDependency() .GetAsync(user.Id) .Returns(new AutomaticUserConfirmationPolicyRequirement([])); @@ -830,10 +818,6 @@ public async Task AcceptOrgUser_WithAutoConfirmFeatureFlagEnabled_SendsPushNotif { SetupCommonAcceptOrgUserMocks(sutProvider, user, org, orgUser, adminUserDetails); - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - sutProvider.GetDependency() .IsCompliantAsync(Arg.Any(), Arg.Any()) .Returns(Valid(new AutomaticUserConfirmationPolicyEnforcementRequest(org.Id, [orgUser], user))); @@ -849,25 +833,6 @@ await sutProvider.GetDependency() .PushAsync(user.Id, orgUser.OrganizationId); } - [Theory] - [BitAutoData] - public async Task AcceptOrgUser_WithAutoConfirmFeatureFlagDisabled_DoesNotSendPushNotification( - SutProvider sutProvider, - User user, Organization org, OrganizationUser orgUser, OrganizationUserUserDetails adminUserDetails) - { - SetupCommonAcceptOrgUserMocks(sutProvider, user, org, orgUser, adminUserDetails); - - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(false); - - await sutProvider.Sut.AcceptOrgUserAsync(orgUser, user, _userService); - - await sutProvider.GetDependency() - .DidNotReceiveWithAnyArgs() - .PushAsync(Arg.Any(), Arg.Any()); - } - private void SetupCommonAcceptOrgUserByTokenMocks(SutProvider sutProvider, User user, OrganizationUser orgUser) { @@ -928,12 +893,15 @@ private static void SetupCommonAcceptOrgUserMocks(SutProvider(Arg.Any()) .Returns(new RequireTwoFactorPolicyRequirement([])); - // Auto-confirm enforcement query returns valid by default (no restrictions) - var request = new AutomaticUserConfirmationPolicyEnforcementRequest(org.Id, [orgUser], user); + // No AutoConfirm policy by default + sutProvider.GetDependency() + .GetAsync(Arg.Any()) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); + // Auto-confirm enforcement query returns valid by default (no restrictions) sutProvider.GetDependency() - .IsCompliantAsync(request) - .Returns(Valid(request)); + .IsCompliantAsync(Arg.Any(), Arg.Any()) + .Returns(Valid(new AutomaticUserConfirmationPolicyEnforcementRequest(org.Id, [orgUser], user))); } private string CreateToken(OrganizationUser orgUser) diff --git a/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/ConfirmOrganizationUserCommandTests.cs b/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/ConfirmOrganizationUserCommandTests.cs index 92bb6ac3e94e..db14b59edc14 100644 --- a/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/ConfirmOrganizationUserCommandTests.cs +++ b/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/ConfirmOrganizationUserCommandTests.cs @@ -146,6 +146,14 @@ public async Task ConfirmUserAsync_ToNonFree_WithExistingFreeAdminOrOwner_Succee .GetAsync(Arg.Any()) .Returns(new RequireTwoFactorPolicyRequirement([])); + sutProvider.GetDependency() + .GetAsync(user.Id) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); + + sutProvider.GetDependency() + .IsCompliantAsync(Arg.Any(), Arg.Any()) + .Returns(Valid(new AutomaticUserConfirmationPolicyEnforcementRequest(org.Id, [orgUser], user))); + await sutProvider.Sut.ConfirmUserAsync(orgUser.OrganizationId, orgUser.Id, key, confirmingUser.Id); await sutProvider.GetDependency().Received(1).LogOrganizationUserEventAsync(orgUser, EventType.OrganizationUser_Confirmed); @@ -188,6 +196,14 @@ public async Task ConfirmUserAsync_WithSingleOrgPolicyFromConfirmingOrg_ThrowsBa .GetAsync(user.Id) .Returns(new RequireTwoFactorPolicyRequirement([])); + // AutoConfirm check passes (no auto-confirm restrictions) + sutProvider.GetDependency() + .GetAsync(user.Id) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); + sutProvider.GetDependency() + .IsCompliantAsync(Arg.Any(), Arg.Any()) + .Returns(Valid(new AutomaticUserConfirmationPolicyEnforcementRequest(org.Id, [orgUser, orgUserAnotherOrg], user))); + // Confirming org has SingleOrg policy, user is a regular User (not exempt) sutProvider.GetDependency() .GetAsync(user.Id) @@ -226,6 +242,14 @@ public async Task ConfirmUserAsync_WithSingleOrgPolicyFromOtherOrg_ThrowsBadRequ .GetAsync(user.Id) .Returns(new RequireTwoFactorPolicyRequirement([])); + // AutoConfirm check passes (no auto-confirm restrictions) + sutProvider.GetDependency() + .GetAsync(user.Id) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); + sutProvider.GetDependency() + .IsCompliantAsync(Arg.Any(), Arg.Any()) + .Returns(Valid(new AutomaticUserConfirmationPolicyEnforcementRequest(org.Id, [orgUser, orgUserAnotherOrg], user))); + // Other org has SingleOrg policy (not the confirming org) sutProvider.GetDependency() .GetAsync(user.Id) @@ -264,6 +288,15 @@ public async Task ConfirmUserAsync_NoSingleOrgPolicy_Succeeds( .GetAsync(user.Id) .Returns(new RequireTwoFactorPolicyRequirement([])); + // No AutoConfirm policy + sutProvider.GetDependency() + .GetAsync(user.Id) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); + + sutProvider.GetDependency() + .IsCompliantAsync(Arg.Any(), Arg.Any()) + .Returns(Valid(new AutomaticUserConfirmationPolicyEnforcementRequest(org.Id, [orgUser], user))); + sutProvider.GetDependency() .TwoFactorIsEnabledAsync(Arg.Is>(ids => ids.Contains(user.Id))) .Returns(new List<(Guid userId, bool twoFactorIsEnabled)>() { (user.Id, false) }); @@ -340,6 +373,11 @@ public async Task ConfirmUserAsync_WithTwoFactorNotRequired_Succeeds( ])); policyRequirementQuery.GetAsync(user.Id) .Returns(new SingleOrganizationPolicyRequirement([])); + policyRequirementQuery.GetAsync(user.Id) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); + sutProvider.GetDependency() + .IsCompliantAsync(Arg.Any(), Arg.Any()) + .Returns(Valid(new AutomaticUserConfirmationPolicyEnforcementRequest(org.Id, [orgUser], user))); twoFactorIsEnabledQuery.TwoFactorIsEnabledAsync(Arg.Is>(ids => ids.Contains(user.Id))) .Returns(new List<(Guid userId, bool twoFactorIsEnabled)>() { (user.Id, false) }); @@ -381,6 +419,11 @@ public async Task ConfirmUserAsync_WithTwoFactorEnabled_Succeeds( ])); policyRequirementQuery.GetAsync(user.Id) .Returns(new SingleOrganizationPolicyRequirement([])); + policyRequirementQuery.GetAsync(user.Id) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); + sutProvider.GetDependency() + .IsCompliantAsync(Arg.Any(), Arg.Any()) + .Returns(Valid(new AutomaticUserConfirmationPolicyEnforcementRequest(org.Id, [orgUser], user))); twoFactorIsEnabledQuery.TwoFactorIsEnabledAsync(Arg.Is>(ids => ids.Contains(user.Id))) .Returns(new List<(Guid userId, bool twoFactorIsEnabled)>() { (user.Id, true) }); @@ -427,6 +470,14 @@ public async Task ConfirmUserAsync_WithOrganizationDataOwnershipPolicyApplicable .GetAsync(Arg.Any()) .Returns(new RequireTwoFactorPolicyRequirement([])); + sutProvider.GetDependency() + .GetAsync(user.Id) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); + + sutProvider.GetDependency() + .IsCompliantAsync(Arg.Any(), Arg.Any()) + .Returns(Valid(new AutomaticUserConfirmationPolicyEnforcementRequest(organization.Id, [orgUser], user))); + await sutProvider.Sut.ConfirmUserAsync(orgUser.OrganizationId, orgUser.Id, key, confirmingUser.Id, collectionName); await sutProvider.GetDependency() @@ -459,6 +510,14 @@ public async Task ConfirmUserAsync_WithOrganizationDataOwnershipPolicyApplicable .GetAsync(Arg.Any()) .Returns(new RequireTwoFactorPolicyRequirement([])); + sutProvider.GetDependency() + .GetAsync(user.Id) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); + + sutProvider.GetDependency() + .IsCompliantAsync(Arg.Any(), Arg.Any()) + .Returns(Valid(new AutomaticUserConfirmationPolicyEnforcementRequest(org.Id, [orgUser], user))); + await sutProvider.Sut.ConfirmUserAsync(orgUser.OrganizationId, orgUser.Id, key, confirmingUser.Id, ""); await sutProvider.GetDependency() @@ -493,6 +552,14 @@ public async Task ConfirmUserAsync_WithOrganizationDataOwnershipPolicyNotApplica .GetAsync(Arg.Any()) .Returns(new RequireTwoFactorPolicyRequirement([])); + sutProvider.GetDependency() + .GetAsync(orgUser.UserId!.Value) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); + + sutProvider.GetDependency() + .IsCompliantAsync(Arg.Any(), Arg.Any()) + .Returns(Valid(new AutomaticUserConfirmationPolicyEnforcementRequest(org.Id, [orgUser], user))); + await sutProvider.Sut.ConfirmUserAsync(orgUser.OrganizationId, orgUser.Id, key, confirmingUser.Id, collectionName); await sutProvider.GetDependency() @@ -520,10 +587,6 @@ public async Task ConfirmUserAsync_WithAutoConfirmEnabledAndUserBelongsToAnother sutProvider.GetDependency().GetByIdAsync(org.Id).Returns(org); sutProvider.GetDependency().GetManyAsync([]).ReturnsForAnyArgs([user]); - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - sutProvider.GetDependency() .GetAsync(user.Id) .Returns(new AutomaticUserConfirmationPolicyRequirement([new PolicyDetails { OrganizationId = org.Id }])); @@ -568,10 +631,6 @@ public async Task ConfirmUserAsync_WithAutoConfirmEnabledForOtherOrg_ThrowsBadRe sutProvider.GetDependency().GetByIdAsync(org.Id).Returns(org); sutProvider.GetDependency().GetManyAsync([]).ReturnsForAnyArgs([user]); - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - sutProvider.GetDependency() .GetAsync(user.Id) .Returns(new AutomaticUserConfirmationPolicyRequirement([new PolicyDetails { OrganizationId = org.Id }])); @@ -615,10 +674,6 @@ public async Task ConfirmUserAsync_WithAutoConfirmEnabledAndUserIsProvider_Throw sutProvider.GetDependency().GetByIdAsync(org.Id).Returns(org); sutProvider.GetDependency().GetManyAsync([]).ReturnsForAnyArgs([user]); - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - sutProvider.GetDependency() .GetAsync(user.Id) .Returns(new AutomaticUserConfirmationPolicyRequirement([new PolicyDetails { OrganizationId = org.Id }])); @@ -662,10 +717,6 @@ public async Task ConfirmUserAsync_WithAutoConfirmNotApplicable_Succeeds( sutProvider.GetDependency().GetByIdAsync(org.Id).Returns(org); sutProvider.GetDependency().GetManyAsync([]).ReturnsForAnyArgs([user]); - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - sutProvider.GetDependency() .GetAsync(user.Id) .Returns(new AutomaticUserConfirmationPolicyRequirement([new PolicyDetails { OrganizationId = org.Id }])); @@ -711,10 +762,6 @@ public async Task ConfirmUserAsync_WithAutoConfirmPolicyEnabled_DeletesEmergency sutProvider.GetDependency().GetByIdAsync(org.Id).Returns(org); sutProvider.GetDependency().GetManyAsync([]).ReturnsForAnyArgs([user]); - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - sutProvider.GetDependency() .GetAsync(user.Id) .Returns(new AutomaticUserConfirmationPolicyRequirement([new PolicyDetails { OrganizationId = org.Id }])); @@ -759,10 +806,6 @@ public async Task ConfirmUserAsync_WithAutoConfirmPolicyNotEnabled_DoesNotDelete sutProvider.GetDependency().GetByIdAsync(org.Id).Returns(org); sutProvider.GetDependency().GetManyAsync([]).ReturnsForAnyArgs([user]); - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - sutProvider.GetDependency() .GetAsync(user.Id) .Returns(new AutomaticUserConfirmationPolicyRequirement([])); @@ -810,10 +853,6 @@ public async Task ConfirmUserAsync_WithAutoConfirmValidationBeforeSingleOrgPolic sutProvider.GetDependency().GetByIdAsync(org.Id).Returns(org); sutProvider.GetDependency().GetManyAsync([]).ReturnsForAnyArgs([user]); - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - sutProvider.GetDependency() .GetAsync(user.Id) .Returns(new AutomaticUserConfirmationPolicyRequirement([new PolicyDetails { OrganizationId = org.Id }])); @@ -865,10 +904,6 @@ public async Task ConfirmUsersAsync_WithAutoConfirmEnabled_MixedResults( .GetManyByManyUsersAsync([]) .ReturnsForAnyArgs([orgUser1, orgUser2, orgUser3, otherOrgUser]); - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - sutProvider.GetDependency() .GetAsync(Arg.Any()) .Returns(new AutomaticUserConfirmationPolicyRequirement([new PolicyDetails { OrganizationId = org.Id }])); @@ -936,6 +971,14 @@ public async Task ConfirmUserAsync_UseMyItemsDisabled_DoesNotCreateDefaultCollec .GetAsync(orgUser.UserId!.Value) .Returns(new OrganizationDataOwnershipPolicyRequirement(OrganizationDataOwnershipState.Enabled, [policyDetails])); + sutProvider.GetDependency() + .GetAsync(orgUser.UserId!.Value) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); + + sutProvider.GetDependency() + .IsCompliantAsync(Arg.Any(), Arg.Any()) + .Returns(Valid(new AutomaticUserConfirmationPolicyEnforcementRequest(organization.Id, [orgUser], user))); + sutProvider.GetDependency() .GetAsync(orgUser.UserId!.Value) .Returns(new SingleOrganizationPolicyRequirement([])); @@ -984,6 +1027,14 @@ public async Task ConfirmUserAsync_UseMyItemsEnabled_CreatesDefaultCollection( (orgUser.UserId!.Value, new OrganizationDataOwnershipPolicyRequirement(OrganizationDataOwnershipState.Enabled, [policyDetails])) ]); + sutProvider.GetDependency() + .GetAsync(orgUser.UserId!.Value) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); + + sutProvider.GetDependency() + .IsCompliantAsync(Arg.Any(), Arg.Any()) + .Returns(Valid(new AutomaticUserConfirmationPolicyEnforcementRequest(organization.Id, [orgUser], user))); + sutProvider.GetDependency() .GetAsync(orgUser.UserId!.Value) .Returns(new SingleOrganizationPolicyRequirement([])); @@ -1030,6 +1081,14 @@ public async Task ConfirmUsersAsync_UseMyItemsDisabled_DoesNotCreateDefaultColle sutProvider.GetDependency().GetManyAsync(default).ReturnsForAnyArgs(new[] { orgUser1, orgUser2 }); sutProvider.GetDependency().GetManyAsync(default).ReturnsForAnyArgs(new[] { user1, user2 }); + sutProvider.GetDependency() + .GetAsync(Arg.Any()) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); + + sutProvider.GetDependency() + .IsCompliantAsync(Arg.Any(), Arg.Any()) + .Returns(x => Valid(x.Arg())); + sutProvider.GetDependency() .GetAsync(Arg.Any()) .Returns(new SingleOrganizationPolicyRequirement([])); @@ -1098,6 +1157,14 @@ public async Task ConfirmUsersAsync_UseMyItemsEnabled_CreatesDefaultCollections( (orgUser2.UserId!.Value, new OrganizationDataOwnershipPolicyRequirement(OrganizationDataOwnershipState.Enabled, [policyDetails2])) ]); + sutProvider.GetDependency() + .GetAsync(Arg.Any()) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); + + sutProvider.GetDependency() + .IsCompliantAsync(Arg.Any(), Arg.Any()) + .Returns(x => Valid(x.Arg())); + sutProvider.GetDependency() .GetAsync(Arg.Any()) .Returns(new SingleOrganizationPolicyRequirement([])); diff --git a/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/RestoreUser/RestoreOrganizationUserCommandTests.cs b/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/RestoreUser/RestoreOrganizationUserCommandTests.cs index 80d45cd148f1..842d4beb0c4b 100644 --- a/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/RestoreUser/RestoreOrganizationUserCommandTests.cs +++ b/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/RestoreUser/RestoreOrganizationUserCommandTests.cs @@ -613,10 +613,6 @@ public async Task RestoreUser_WithAutoConfirmPolicyEnabled_DeletesEmergencyAcces var user = new User { Id = organizationUser.UserId!.Value, Email = "test@bitwarden.com" }; sutProvider.GetDependency().GetByIdAsync(organizationUser.UserId.Value).Returns(user); - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - sutProvider.GetDependency() .GetAsync(user.Id) .Returns(new AutomaticUserConfirmationPolicyRequirement([new PolicyDetails { OrganizationId = organization.Id }])); @@ -648,10 +644,6 @@ public async Task RestoreUser_WithAutoConfirmPolicyNotEnabled_DoesNotDeleteEmerg var user = new User { Id = organizationUser.UserId!.Value, Email = "test@bitwarden.com" }; sutProvider.GetDependency().GetByIdAsync(organizationUser.UserId.Value).Returns(user); - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - sutProvider.GetDependency() .GetAsync(user.Id) .Returns(new AutomaticUserConfirmationPolicyRequirement([])); @@ -683,10 +675,6 @@ public async Task RestoreUser_WithAutoConfirmNonCompliant_DoesNotDeleteEmergency var user = new User { Id = organizationUser.UserId!.Value, Email = "test@bitwarden.com" }; sutProvider.GetDependency().GetByIdAsync(organizationUser.UserId.Value).Returns(user); - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - sutProvider.GetDependency() .GetAsync(user.Id) .Returns(new AutomaticUserConfirmationPolicyRequirement([new PolicyDetails { OrganizationId = organization.Id }])); @@ -1082,6 +1070,22 @@ private static void RestoreUser_Setup( sutProvider.GetDependency() .GetAsync(Arg.Any()) .Returns(new RequireTwoFactorPolicyRequirement([])); + + // Setup default empty AutomaticUserConfirmationPolicyRequirement (no auto-confirm restrictions) + sutProvider.GetDependency() + .GetAsync(Arg.Any()) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); + + sutProvider.GetDependency() + .IsCompliantAsync(Arg.Any(), Arg.Any()) + .Returns(Valid(new AutomaticUserConfirmationPolicyEnforcementRequest(targetOrganizationUser.OrganizationId, [], null!))); + + // Setup default user lookup — required when Email is null (previously-confirmed users reach + // CheckPoliciesBeforeRestoreAsync, which calls userRepository.GetByIdAsync and uses user.Id). + // Tests that need a specific User object override this after calling RestoreUser_Setup. + sutProvider.GetDependency() + .GetByIdAsync(Arg.Any()) + .Returns(callInfo => new User { Id = callInfo.ArgAt(0), Email = "test@example.com" }); } private static void SetupOrganizationDataOwnershipPolicy( diff --git a/test/Core.Test/AdminConsole/OrganizationFeatures/Organizations/InitPendingOrganizationValidatorTests.cs b/test/Core.Test/AdminConsole/OrganizationFeatures/Organizations/InitPendingOrganizationValidatorTests.cs index 6ddf2461c15d..34742c97bfc2 100644 --- a/test/Core.Test/AdminConsole/OrganizationFeatures/Organizations/InitPendingOrganizationValidatorTests.cs +++ b/test/Core.Test/AdminConsole/OrganizationFeatures/Organizations/InitPendingOrganizationValidatorTests.cs @@ -12,7 +12,6 @@ using Bit.Core.Entities; using Bit.Core.Enums; using Bit.Core.Repositories; -using Bit.Core.Services; using Bit.Core.Tokens; using Bit.Test.Common.AutoFixture; using Bit.Test.Common.AutoFixture.Attributes; @@ -190,9 +189,9 @@ public async Task ValidateAsync_SingleOrgPolicyViolation_ReturnsError( var token = CreateValidToken(orgUser, sutProvider); SetValidOrganizationState(org); - sutProvider.GetDependency() - .IsEnabled(Arg.Any()) - .Returns(false); + sutProvider.GetDependency() + .GetAsync(user.Id) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); sutProvider.GetDependency() .AnyPoliciesApplicableToUserAsync(user.Id, PolicyType.SingleOrg) @@ -218,10 +217,6 @@ public async Task ValidateAsync_AutoConfirmPolicyViolation_ReturnsError( var token = CreateValidToken(orgUser, sutProvider); SetValidOrganizationState(org); - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); - var policyDetails = new PolicyDetails { OrganizationId = org.Id, @@ -256,9 +251,9 @@ public async Task ValidateAsync_TwoFactorRequired_UserDoesNotHave2FA_ReturnsErro var token = CreateValidToken(orgUser, sutProvider); SetValidOrganizationState(org); - sutProvider.GetDependency() - .IsEnabled(Arg.Any()) - .Returns(false); + sutProvider.GetDependency() + .GetAsync(user.Id) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); sutProvider.GetDependency() .AnyPoliciesApplicableToUserAsync(user.Id, PolicyType.SingleOrg) @@ -440,9 +435,9 @@ private static void SetupPassingPolicies( User user, SutProvider sutProvider) { - sutProvider.GetDependency() - .IsEnabled(Arg.Any()) - .Returns(false); + sutProvider.GetDependency() + .GetAsync(user.Id) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); sutProvider.GetDependency() .AnyPoliciesApplicableToUserAsync(user.Id, PolicyType.SingleOrg) diff --git a/test/Core.Test/AdminConsole/OrganizationFeatures/Organizations/OrganizationSignUp/CloudOrganizationSignUpCommandTests.cs b/test/Core.Test/AdminConsole/OrganizationFeatures/Organizations/OrganizationSignUp/CloudOrganizationSignUpCommandTests.cs index 2ba97223ccd0..a214a2d8d6bd 100644 --- a/test/Core.Test/AdminConsole/OrganizationFeatures/Organizations/OrganizationSignUp/CloudOrganizationSignUpCommandTests.cs +++ b/test/Core.Test/AdminConsole/OrganizationFeatures/Organizations/OrganizationSignUp/CloudOrganizationSignUpCommandTests.cs @@ -43,6 +43,10 @@ public async Task SignUp_PM_Family_Passes(PlanType planType, OrganizationSignup sutProvider.GetDependency().GetPlanOrThrow(signup.Plan).Returns(MockPlans.Get(signup.Plan)); + sutProvider.GetDependency() + .GetAsync(signup.Owner.Id) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); + sutProvider.GetDependency() .GetAsync(signup.Owner.Id) .Returns(new SingleOrganizationPolicyRequirement([])); @@ -87,6 +91,10 @@ public async Task SignUp_AssignsOwnerToDefaultCollection sutProvider.GetDependency().GetPlanOrThrow(signup.Plan).Returns(MockPlans.Get(signup.Plan)); + sutProvider.GetDependency() + .GetAsync(signup.Owner.Id) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); + sutProvider.GetDependency() .GetAsync(signup.Owner.Id) .Returns(new SingleOrganizationPolicyRequirement([])); @@ -137,6 +145,10 @@ public async Task SignUp_SM_Passes(PlanType planType, OrganizationSignup signup, sutProvider.GetDependency().GetPlanOrThrow(signup.Plan).Returns(MockPlans.Get(signup.Plan)); + sutProvider.GetDependency() + .GetAsync(signup.Owner.Id) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); + sutProvider.GetDependency() .GetAsync(signup.Owner.Id) .Returns(new SingleOrganizationPolicyRequirement([])); @@ -266,6 +278,10 @@ public async Task SignUpAsync_Free_ExistingFreeOrgAdmin_ThrowsBadRequest( .GetCountByFreeOrganizationAdminUserAsync(signup.Owner.Id) .Returns(1); + sutProvider.GetDependency() + .GetAsync(signup.Owner.Id) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); + sutProvider.GetDependency() .GetAsync(signup.Owner.Id) .Returns(new SingleOrganizationPolicyRequirement([])); @@ -296,6 +312,10 @@ public async Task SignUpAsync_WhenSingleOrgPolicyIsEnabled_OwnerBelongsToAnother // User has SingleOrg policy from another org organizationUser.UserId = signup.Owner.Id; organizationUser.OrganizationId = Guid.NewGuid(); + sutProvider.GetDependency() + .GetAsync(signup.Owner.Id) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); + sutProvider.GetDependency() .GetAsync(signup.Owner.Id) .Returns(SingleOrganizationPolicyRequirementTestFactory.EnabledForAnotherOrganization()); @@ -322,6 +342,10 @@ public async Task SignUpAsync_WithoutSingleOrgPolicy_Succeeds( sutProvider.GetDependency().GetPlanOrThrow(signup.Plan).Returns(MockPlans.Get(signup.Plan)); + sutProvider.GetDependency() + .GetAsync(signup.Owner.Id) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); + // No SingleOrg policy sutProvider.GetDependency() .GetAsync(signup.Owner.Id) diff --git a/test/Core.Test/AdminConsole/OrganizationFeatures/Organizations/SelfHostedOrganizationSignUpCommandTests.cs b/test/Core.Test/AdminConsole/OrganizationFeatures/Organizations/SelfHostedOrganizationSignUpCommandTests.cs index 6c90e48ba147..dc5b99909d12 100644 --- a/test/Core.Test/AdminConsole/OrganizationFeatures/Organizations/SelfHostedOrganizationSignUpCommandTests.cs +++ b/test/Core.Test/AdminConsole/OrganizationFeatures/Organizations/SelfHostedOrganizationSignUpCommandTests.cs @@ -347,6 +347,10 @@ private void SetupCommonMocks( globalSettings.LicenseDirectory.Returns("/tmp/licenses"); + sutProvider.GetDependency() + .GetAsync(owner.Id) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); + sutProvider.GetDependency() .GetAsync(owner.Id) .Returns(SingleOrganizationPolicyRequirementTestFactory.NoSinglePolicyOrganizationsForUser()); diff --git a/test/Core.Test/Auth/UserFeatures/EmergencyAccess/EmergencyAccessServiceTests.cs b/test/Core.Test/Auth/UserFeatures/EmergencyAccess/EmergencyAccessServiceTests.cs index 8627822f7baf..288930740838 100644 --- a/test/Core.Test/Auth/UserFeatures/EmergencyAccess/EmergencyAccessServiceTests.cs +++ b/test/Core.Test/Auth/UserFeatures/EmergencyAccess/EmergencyAccessServiceTests.cs @@ -79,6 +79,9 @@ public async Task InviteAsync_ReturnsEmergencyAccessObject( EmergencyAccessType accessType, SutProvider sutProvider, User invitingUser, string email, int waitTime) { sutProvider.GetDependency().CanAccessPremium(invitingUser).Returns(true); + sutProvider.GetDependency() + .GetAsync(invitingUser.Id) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); var result = await sutProvider.Sut.InviteAsync(invitingUser, email, accessType, waitTime); @@ -99,13 +102,10 @@ await sutProvider.GetDependency() } [Theory, BitAutoData] - public async Task InviteAsync_FeatureFlagEnabled_GrantorInAutoConfirmOrg_ThrowsBadRequest( + public async Task InviteAsync_GrantorInAutoConfirmOrg_ThrowsBadRequest( SutProvider sutProvider, User invitingUser, string email, int waitTime) { sutProvider.GetDependency().CanAccessPremium(invitingUser).Returns(true); - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); sutProvider.GetDependency() .GetAsync(invitingUser.Id) .Returns(new AutomaticUserConfirmationPolicyRequirement([ @@ -125,9 +125,6 @@ public async Task InviteAsync_FeatureFlagEnabled_GrantorNotInAutoConfirmOrg_Succ SutProvider sutProvider, User invitingUser, string email, int waitTime) { sutProvider.GetDependency().CanAccessPremium(invitingUser).Returns(true); - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); sutProvider.GetDependency() .GetAsync(invitingUser.Id) .Returns(new AutomaticUserConfirmationPolicyRequirement([])); @@ -139,23 +136,6 @@ await sutProvider.GetDependency() .Received(1).CreateAsync(Arg.Any()); } - [Theory, BitAutoData] - public async Task InviteAsync_FeatureFlagDisabled_GrantorInAutoConfirmOrg_Succeeds( - SutProvider sutProvider, User invitingUser, string email, int waitTime) - { - sutProvider.GetDependency().CanAccessPremium(invitingUser).Returns(true); - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(false); - - var result = await sutProvider.Sut.InviteAsync(invitingUser, email, EmergencyAccessType.Takeover, waitTime); - - Assert.NotNull(result); - await sutProvider.GetDependency() - .DidNotReceiveWithAnyArgs() - .GetAsync(Arg.Any()); - } - [Theory, BitAutoData] public async Task GetAsync_EmergencyAccessNull_ThrowsBadRequest( SutProvider sutProvider, User user) @@ -353,6 +333,10 @@ public async Task AcceptUserAsync_AcceptedStatus_ThrowsBadRequest( return true; }); + sutProvider.GetDependency() + .GetAsync(Arg.Any()) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); + var exception = await Assert.ThrowsAsync( () => sutProvider.Sut.AcceptUserAsync(emergencyAccess.Id, acceptingUser, token, sutProvider.GetDependency())); @@ -380,6 +364,10 @@ public async Task AcceptUserAsync_NotInvitedStatus_ThrowsBadRequest( return true; }); + sutProvider.GetDependency() + .GetAsync(Arg.Any()) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); + var exception = await Assert.ThrowsAsync( () => sutProvider.Sut.AcceptUserAsync(emergencyAccess.Id, acceptingUser, token, sutProvider.GetDependency())); @@ -414,7 +402,7 @@ public async Task AcceptUserAsync_EmergencyAccessEmailDoesNotMatch_ThrowsBadRequ } [Theory, BitAutoData] - public async Task AcceptUserAsync_FeatureFlagEnabled_GranteeInAutoConfirmOrg_ThrowsBadRequest( + public async Task AcceptUserAsync_GranteeInAutoConfirmOrg_ThrowsBadRequest( SutProvider sutProvider, User acceptingUser, Core.Auth.Entities.EmergencyAccess emergencyAccess, @@ -432,9 +420,6 @@ public async Task AcceptUserAsync_FeatureFlagEnabled_GranteeInAutoConfirmOrg_Thr callInfo[1] = new EmergencyAccessInviteTokenable(emergencyAccess, 1); return true; }); - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); sutProvider.GetDependency() .GetAsync(acceptingUser.Id) .Returns(new AutomaticUserConfirmationPolicyRequirement([ @@ -472,9 +457,6 @@ public async Task AcceptUserAsync_FeatureFlagEnabled_GranteeNotInAutoConfirmOrg_ callInfo[1] = new EmergencyAccessInviteTokenable(emergencyAccess, 1); return true; }); - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(true); sutProvider.GetDependency() .GetAsync(acceptingUser.Id) .Returns(new AutomaticUserConfirmationPolicyRequirement([])); @@ -486,40 +468,6 @@ await sutProvider.GetDependency() .ReplaceAsync(Arg.Is(x => x.Status == EmergencyAccessStatusType.Accepted)); } - [Theory, BitAutoData] - public async Task AcceptUserAsync_FeatureFlagDisabled_GranteeInAutoConfirmOrg_Succeeds( - SutProvider sutProvider, - User acceptingUser, - User invitingUser, - Core.Auth.Entities.EmergencyAccess emergencyAccess, - string token) - { - emergencyAccess.Status = EmergencyAccessStatusType.Invited; - emergencyAccess.Email = acceptingUser.Email; - sutProvider.GetDependency() - .GetByIdAsync(Arg.Any()) - .Returns(emergencyAccess); - sutProvider.GetDependency() - .GetUserByIdAsync(Arg.Any()) - .Returns(invitingUser); - sutProvider.GetDependency>() - .TryUnprotect(token, out Arg.Any()) - .Returns(callInfo => - { - callInfo[1] = new EmergencyAccessInviteTokenable(emergencyAccess, 1); - return true; - }); - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers) - .Returns(false); - - await sutProvider.Sut.AcceptUserAsync(emergencyAccess.Id, acceptingUser, token, sutProvider.GetDependency()); - - await sutProvider.GetDependency() - .DidNotReceiveWithAnyArgs() - .GetAsync(Arg.Any()); - } - [Theory, BitAutoData] public async Task AcceptUserAsync_ReplaceEmergencyAccess_SendsEmail_Success( SutProvider sutProvider, @@ -546,6 +494,10 @@ public async Task AcceptUserAsync_ReplaceEmergencyAccess_SendsEmail_Success( return true; }); + sutProvider.GetDependency() + .GetAsync(acceptingUser.Id) + .Returns(new AutomaticUserConfirmationPolicyRequirement([])); + await sutProvider.Sut.AcceptUserAsync(emergencyAccess.Id, acceptingUser, token, sutProvider.GetDependency()); await sutProvider.GetDependency()