server icon indicating copy to clipboard operation
server copied to clipboard

Published 20 hours ago verified publisher icon bitwarden

[BEEEP][SM-893] Add the ability to run SM integration tests as a service account

Open Thomas-Avery opened this issue 1 year ago • 2 comments

Type of change

- [ ] Bug fix
- [X] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

The purpose of this PR is to add the ability to run SM integration tests as a service account.

Introducing a ClientTestHelper to house the duplicate logic in the integration tests that were setting client authorization headers.

Code changes

  • test/Api.IntegrationTest/Factories/ApiApplicationFactory.cs: Added a method to login via client secret (API key) that returns the authentication access token.

  • test/Api.IntegrationTest/Helpers/ClientTestHelper.cs: Adding a helper that provides methods to login via email and Api key which will:

  • Call the application factory methods to call the identity factory to login and fetch authentication tokens
  • Set those authentication tokens on the HTTP client authorization request headers

  • test/Api.IntegrationTest/SecretsManager/Controllers/AccessPoliciesControllerTests.cs: Migrate to using the ClientTestHelper

  • test/Api.IntegrationTest/SecretsManager/Controllers/ProjectsControllerTests.cs: Migrate to using the ClientTestHelper

  • test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs: Migrate to using the ClientTestHelper. Demonstrate using the new service account login method.

  • test/Api.IntegrationTest/SecretsManager/Controllers/SecretsManagerPortingControllerTests.cs: Migrate to using the ClientTestHelper

  • test/Api.IntegrationTest/SecretsManager/Controllers/SecretsTrashControllerTests.cs: Migrate to using the ClientTestHelper

  • test/Api.IntegrationTest/SecretsManager/Controllers/ServiceAccountsControllerTests.cs: Migrate to using the ClientTestHelper

  • test/Api.IntegrationTest/SecretsManager/Enums/PermissionType.cs: Add running as a service account with permission into the testing enum.

  • test/Api.IntegrationTest/SecretsManager/SecretsManagerOrganizationHelper.cs: Add a helper method for creating a service account and API key/access token for the service account.

  • test/IntegrationTestCommon/Factories/IdentityApplicationFactory.cs: Add a method for logging in with a service account access token (API key).

Before you submit

  • Please check for formatting errors (dotnet format --verify-no-changes) (required)
  • If making database changes - make sure you also update Entity Framework queries and/or migrations
  • Please add unit tests where it makes sense to do so (encouraged but not required)
  • If this change requires a documentation update - notify the documentation team
  • If this change has particular deployment requirements - notify the DevOps team

Thomas-Avery avatar Aug 11 '23 20:08 Thomas-Avery

Logo Checkmarx One – Scan Summary & Details28227e59-4f50-444d-9080-22d4df385a5f

New Issues

Severity Issue Source File / Package Checkmarx Insight
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 270 Attack Vector
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 270 Attack Vector
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 212 Attack Vector
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 212 Attack Vector
MEDIUM Privacy_Violation /src/Api/Controllers/DevicesController.cs: 155 Attack Vector
MEDIUM Privacy_Violation /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 683 Attack Vector
MEDIUM Privacy_Violation /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 630 Attack Vector
LOW Log_Forging /src/Api/Vault/Controllers/CiphersController.cs: 220 Attack Vector
LOW Log_Forging /src/Api/Controllers/DevicesController.cs: 146 Attack Vector
LOW Log_Forging /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 595 Attack Vector
LOW Log_Forging /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 658 Attack Vector

Fixed Issues

Severity Issue Source File / Package
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 315
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 315
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 156
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/MembersController.cs: 147
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 187
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 196
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/MembersController.cs: 147
MEDIUM Privacy_Violation /src/Core/Auth/UserFeatures/UserMasterPassword/SetInitialMasterPasswordCommand.cs: 59
LOW Log_Forging /src/Api/Auth/Controllers/AccountsController.cs: 313

bitwarden-bot avatar Aug 11 '23 21:08 bitwarden-bot

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 36.73%. Comparing base (e2cb406) to head (6afab31).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3187      +/-   ##
==========================================
+ Coverage   36.58%   36.73%   +0.15%     
==========================================
  Files        1174     1174              
  Lines       56627    56627              
  Branches     5425     5425              
==========================================
+ Hits        20716    20803      +87     
+ Misses      34944    34859      -85     
+ Partials      967      965       -2

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov[bot] avatar Mar 08 '24 22:03 codecov[bot]