Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[PM-14826] Add UsePolicies check to GET endpoints #5046

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

JimmyVo16
Copy link
Contributor

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-14826

📔 Objective

  1. Add a UsePolicies check to GET organizations/{{orgId}}/policies/master-password and GET organizations/{{orgId}}/policies/token
  2. Add unit tests to account for these edge cases.
  3. Update a unit to account for the happy path.

📸 Screenshots

manually tested the GET organizations/{{orgId}}/policies/token

For a free Org (sad path).

image

For an enterprise Org (happy path).

image

Note: I'm still tracking down the GET organizations/{{orgId}}/policies/master-password in the UI. I will circle back here when I find it.

⏰ Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Protected functional changes with optionality (feature flags)
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • ❓ (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

GetByToken and GetMasterPasswordPolicy endpoints provide policy information, so if the organization is not using policies, then we avoid the rest of the logic.
@JimmyVo16 JimmyVo16 requested a review from a team as a code owner November 19, 2024 15:59
}

[HttpGet("{type}")]
public async Task<PolicyDetailResponseModel> Get(Guid orgId, int type)
{
if (!await _currentContext.ManagePolicies(orgId))
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A lot of these were auto-formatted. Please let me know if it's too much noise, and I'll remove them.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reordering the private properties is fine, but please re-add all the curly brackets to keep the code consistent with the rest of the codebase.


// Act & Assert
await Assert.ThrowsAsync<NotFoundException>(() =>
sutProvider.Sut.GetByToken(orgId, email, token, organizationUserId));
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Question: This method, GetByToken, hasn't had any unit tests before. Should I add new unit tests for cases outside my scope? I'm happy to do so, just want to check in on the expectation.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Feel free to add more unit tests if you'd like! While it's not expected for work outside the ticket scope, I'm a big advocate for maximizing test coverage. I really appreciate seeing that effort, kudos!

Copy link

codecov bot commented Nov 19, 2024

Codecov Report

Attention: Patch coverage is 47.36842% with 10 lines in your changes missing coverage. Please review.

Project coverage is 43.10%. Comparing base (92b94fd) to head (86ebe57).

Files with missing lines Patch % Lines
...Api/AdminConsole/Controllers/PoliciesController.cs 47.36% 7 Missing and 3 partials ⚠️
Additional details and impacted files
@@           Coverage Diff           @@
##             main    #5046   +/-   ##
=======================================
  Coverage   43.09%   43.10%           
=======================================
  Files        1414     1414           
  Lines       64808    64786   -22     
  Branches     5925     5927    +2     
=======================================
- Hits        27929    27924    -5     
+ Misses      35645    35625   -20     
- Partials     1234     1237    +3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.


🚨 Try these New Features:

Copy link
Contributor

@r-tome r-tome left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work! Just the code format to fix and its good to go. I'll also review the new unit tests if you decide to add them in

}

[HttpGet("{type}")]
public async Task<PolicyDetailResponseModel> Get(Guid orgId, int type)
{
if (!await _currentContext.ManagePolicies(orgId))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reordering the private properties is fine, but please re-add all the curly brackets to keep the code consistent with the rest of the codebase.


// Act & Assert
await Assert.ThrowsAsync<NotFoundException>(() =>
sutProvider.Sut.GetByToken(orgId, email, token, organizationUserId));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Feel free to add more unit tests if you'd like! While it's not expected for work outside the ticket scope, I'm a big advocate for maximizing test coverage. I really appreciate seeing that effort, kudos!

Copy link
Contributor

github-actions bot commented Nov 19, 2024

Logo
Checkmarx One – Scan Summary & Detailsa791087f-f29e-42b1-97ca-d2d20c6fef75

New Issues

Severity Issue Source File / Package Checkmarx Insight
LOW Missing_CSP_Header /src/Core/MailTemplates/Handlebars/FamiliesForEnterprise/FamiliesForEnterpriseRemovedFromFamilyUser.html.hbs: 5 Attack Vector

Fixed Issues

Severity Issue Source File / Package
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/MembersController.cs: 95
MEDIUM CSRF /src/Api/Vault/Controllers/SyncController.cs: 69
MEDIUM CSRF /src/Api/Billing/Controllers/OrganizationSponsorshipsController.cs: 77
MEDIUM CSRF /src/Api/Billing/Controllers/OrganizationSponsorshipsController.cs: 163

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants