nielsperetzke
/
healthchecks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 32 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1874 Commits
2 Branches
15 MiB
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
healthchecks/hc/accounts/tests/test_project.py

363 lines
14 KiB
Raw Permalink Normal View History

Move project-specific settings to a new "Project Settings" page
6 years ago
Rate limit team invites to 20/day
6 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Improved UI to invite users from account's other projects. Fixes #258. The team size limit is applied to the number of distinct users across all projects. Fixes #332.
5 years ago
Rate limit team invites to 20/day
6 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Show "Badges" and "Settings" in top navigation. Fixes #234
6 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Simplify super() calls in tests
4 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Test cases for adding project, removing project and leaving project.
6 years ago
Show "Badges" and "Settings" in top navigation. Fixes #234
6 years ago
Test cases for adding project, removing project and leaving project.
6 years ago
Show "Badges" and "Settings" in top navigation. Fixes #234
6 years ago
Add ability to create/revoke individual keys
3 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Add ability to create/revoke individual keys
3 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Add ability to create/revoke individual keys
3 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Add ability to create/revoke individual keys
3 years ago
Add the PROMETHEUS_ENABLED setting
4 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Add ability to create/revoke individual keys
3 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Add ability to create/revoke individual keys
3 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Add ability to create/revoke individual keys
3 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Add ability to create/revoke individual keys
3 years ago
Fix a 403 when transferring a project to a read-only team member
3 years ago
Add ability to create/revoke individual keys
3 years ago
Fix a 403 when transferring a project to a read-only team member
3 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Add ability to create/revoke individual keys
3 years ago
Test cases for adding project, removing project and leaving project.
6 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Fix a 403 when transferring a project to a read-only team member
3 years ago
Add ability to create/revoke individual keys
3 years ago
Fix a 403 when transferring a project to a read-only team member
3 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
feat: add manager role
3 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Source formatted with Black
6 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Specify the read-write/read-only flag when inviting a team member.
4 years ago
Add Member.role field
3 years ago
Specify the read-write/read-only flag when inviting a team member.
4 years ago
Don't create default projects for invited users.
6 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
In Account Settings > My Projects, indicate read-only memberships as read-only
4 years ago
Django 3.0
5 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Specify the read-write/read-only flag when inviting a team member.
4 years ago
feat: add manager role
3 years ago
Specify the read-write/read-only flag when inviting a team member.
4 years ago
Add Member.role field
3 years ago
Specify the read-write/read-only flag when inviting a team member.
4 years ago
feat: add manager role
3 years ago
Improved UI to invite users from account's other projects. Fixes #258. The team size limit is applied to the number of distinct users across all projects. Fixes #332.
5 years ago
feat: add manager role
3 years ago
Improved UI to invite users from account's other projects. Fixes #258. The team size limit is applied to the number of distinct users across all projects. Fixes #332.
5 years ago
Bugfix: don't allow duplicate team memberships
4 years ago
feat: add manager role
3 years ago
Bugfix: don't allow duplicate team memberships
4 years ago
feat: add manager role
3 years ago
Bugfix: don't allow duplicate team memberships
4 years ago
Handle excessively long email addresses in the team member invite form.
4 years ago
Fix a 403 when transferring a project to a read-only team member
3 years ago
Handle excessively long email addresses in the team member invite form.
4 years ago
Rate limit team invites to 20/day
6 years ago
feat: add manager role
3 years ago
Rate limit team invites to 20/day
6 years ago
Add test cases for manager operations
3 years ago
Show "Badges" and "Settings" in top navigation. Fixes #234
6 years ago
Add test cases for manager operations
3 years ago
Show "Badges" and "Settings" in top navigation. Fixes #234
6 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
feat: add manager role
3 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Add test cases for manager operations
3 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Profile.current_project not used any more, remove last remaining references. cc: #336
5 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Add test cases for manager operations
3 years ago
Show "Badges" and "Settings" in top navigation. Fixes #234
6 years ago
Add test cases for manager operations
3 years ago
Show "Badges" and "Settings" in top navigation. Fixes #234
6 years ago
Add test cases for manager operations
3 years ago
Show "Badges" and "Settings" in top navigation. Fixes #234
6 years ago
feat: add manager role
3 years ago
Check membership before removing project member.
6 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Fix invite suggestions.
5 years ago
Fix a 403 when transferring a project to a read-only team member
3 years ago
Fix invite suggestions.
5 years ago
Change "Add Users from Other Teams" -> "Add Users from Other Projects"
3 years ago
Fix invite suggestions.
5 years ago
Read-only users cannot change project settings.
4 years ago
Fix a 403 when transferring a project to a read-only team member
3 years ago
Switch from Member.rw to Member.role as the source of truth
3 years ago
Read-only users cannot change project settings.
4 years ago
Switch from Member.rw to Member.role as the source of truth
3 years ago
Read-only users cannot change project settings.
4 years ago
Add the PROMETHEUS_ENABLED setting
4 years ago
Fix a 403 when transferring a project to a read-only team member
3 years ago
Add the PROMETHEUS_ENABLED setting
4 years ago
Fix a 403 when transferring a project to a read-only team member
3 years ago
Add ability to create/revoke individual keys
3 years ago
Fix a 403 when transferring a project to a read-only team member
3 years ago
 
  1. from django.core import mail
  2. 

  3. from django.conf import settings
  4. from django.test.utils import override_settings
  5. from hc.test import BaseTestCase
  6. from hc.accounts.models import Member, Project
  7. from hc.api.models import TokenBucket
  8. 

  9. 

  10. class ProjectTestCase(BaseTestCase):
  11.     def setUp(self):
  12.         super().setUp()
  13. 

  14.         self.url = "/projects/%s/settings/" % self.project.code
  15. 

  16.     def test_it_checks_access(self):
  17.         self.client.login(username="[email protected]", password="password")
  18.         r = self.client.get(self.url)
  19.         self.assertEqual(r.status_code, 404)
  20. 

  21.     def test_it_allows_team_access(self):
  22.         self.client.login(username="[email protected]", password="password")
  23.         r = self.client.get(self.url)
  24.         self.assertContains(r, "Change Project Name")
  25. 

  26.     def test_it_masks_keys_by_default(self):
  27.         self.project.api_key_readonly = "R" * 32
  28.         self.project.ping_key = "P" * 22
  29.         self.project.save()
  30. 

  31.         self.client.login(username="[email protected]", password="password")
  32. 

  33.         r = self.client.get(self.url)
  34.         self.assertEqual(r.status_code, 200)
  35. 

  36.         self.assertNotContains(r, "X" * 32)
  37.         self.assertNotContains(r, "R" * 32)
  38.         self.assertNotContains(r, "P" * 22)
  39. 

  40.     def test_it_shows_keys(self):
  41.         self.project.api_key_readonly = "R" * 32
  42.         self.project.ping_key = "P" * 22
  43.         self.project.save()
  44. 

  45.         self.client.login(username="[email protected]", password="password")
  46. 

  47.         form = {"show_keys": "1"}
  48.         r = self.client.post(self.url, form)
  49.         self.assertEqual(r.status_code, 200)
  50. 

  51.         self.assertContains(r, "X" * 32)
  52.         self.assertContains(r, "R" * 32)
  53.         self.assertContains(r, "P" * 22)
  54.         self.assertContains(r, "Prometheus metrics endpoint")
  55. 

  56.     def test_it_creates_readonly_key(self):
  57.         self.client.login(username="[email protected]", password="password")
  58. 

  59.         form = {"create_key": "api_key_readonly"}
  60.         r = self.client.post(self.url, form)
  61.         self.assertEqual(r.status_code, 200)
  62. 

  63.         self.project.refresh_from_db()
  64.         self.assertEqual(len(self.project.api_key_readonly), 32)
  65.         self.assertFalse("b'" in self.project.api_key_readonly)
  66. 

  67.     def test_it_requires_rw_access_to_create_key(self):
  68.         self.bobs_membership.role = "r"
  69.         self.bobs_membership.save()
  70. 

  71.         self.client.login(username="[email protected]", password="password")
  72.         r = self.client.post(self.url, {"create_key": "api_key_readonly"})
  73.         self.assertEqual(r.status_code, 403)
  74. 

  75.     def test_it_revokes_api_key(self):
  76.         self.client.login(username="[email protected]", password="password")
  77.         r = self.client.post(self.url, {"revoke_key": "api_key"})
  78.         self.assertEqual(r.status_code, 200)
  79. 

  80.         self.project.refresh_from_db()
  81.         self.assertEqual(self.project.api_key, "")
  82. 

  83.     def test_it_requires_rw_access_to_revoke_api_key(self):
  84.         self.bobs_membership.role = "r"
  85.         self.bobs_membership.save()
  86. 

  87.         self.client.login(username="[email protected]", password="password")
  88.         r = self.client.post(self.url, {"revoke_key": "api_key"})
  89.         self.assertEqual(r.status_code, 403)
  90. 

  91.     def test_it_adds_team_member(self):
  92.         self.client.login(username="[email protected]", password="password")
  93. 

  94.         form = {"invite_team_member": "1", "email": "[email protected]", "role": "w"}
  95.         r = self.client.post(self.url, form)
  96.         self.assertEqual(r.status_code, 200)
  97. 

  98.         members = self.project.member_set.all()
  99.         self.assertEqual(members.count(), 2)
  100. 

  101.         member = Member.objects.get(
  102.             project=self.project, user__email="[email protected]"
  103.         )
  104. 

  105.         # The read-write flag should be set
  106.         self.assertEqual(member.role, member.Role.REGULAR)
  107. 

  108.         # The new user should not have their own project
  109.         self.assertFalse(member.user.project_set.exists())
  110. 

  111.         # And an email should have been sent
  112.         subj = f"You have been invited to join Alices Project on {settings.SITE_NAME}"
  113.         self.assertHTMLEqual(mail.outbox[0].subject, subj)
  114. 

  115.     def test_it_adds_readonly_team_member(self):
  116.         self.client.login(username="[email protected]", password="password")
  117. 

  118.         form = {"invite_team_member": "1", "email": "[email protected]", "role": "r"}
  119.         r = self.client.post(self.url, form)
  120.         self.assertEqual(r.status_code, 200)
  121. 

  122.         member = Member.objects.get(
  123.             project=self.project, user__email="[email protected]"
  124.         )
  125. 

  126.         self.assertEqual(member.role, member.Role.READONLY)
  127. 

  128.     def test_it_adds_manager_team_member(self):
  129.         self.client.login(username="[email protected]", password="password")
  130. 

  131.         form = {"invite_team_member": "1", "email": "[email protected]", "role": "m"}
  132.         r = self.client.post(self.url, form)
  133.         self.assertEqual(r.status_code, 200)
  134. 

  135.         member = Member.objects.get(
  136.             project=self.project, user__email="[email protected]"
  137.         )
  138. 

  139.         # The new user should have role manager
  140.         self.assertEqual(member.role, member.Role.MANAGER)
  141. 

  142.     def test_it_adds_member_from_another_team(self):
  143.         # With team limit at zero, we should not be able to invite any new users
  144.         self.profile.team_limit = 0
  145.         self.profile.save()
  146. 

  147.         # But Charlie will have an existing membership in another Alice's project
  148.         # so Alice *should* be able to invite Charlie:
  149.         p2 = Project.objects.create(owner=self.alice)
  150.         Member.objects.create(user=self.charlie, project=p2)
  151. 

  152.         self.client.login(username="[email protected]", password="password")
  153.         form = {"invite_team_member": "1", "email": "[email protected]", "role": "r"}
  154.         r = self.client.post(self.url, form)
  155.         self.assertEqual(r.status_code, 200)
  156. 

  157.         q = Member.objects.filter(project=self.project, user=self.charlie)
  158.         self.assertEqual(q.count(), 1)
  159. 

  160.         # And this should not have affected the rate limit:
  161.         q = TokenBucket.objects.filter(value="invite-%d" % self.alice.id)
  162.         self.assertFalse(q.exists())
  163. 

  164.     def test_it_rejects_duplicate_membership(self):
  165.         self.client.login(username="[email protected]", password="password")
  166. 

  167.         form = {"invite_team_member": "1", "email": "[email protected]", "role": "r"}
  168.         r = self.client.post(self.url, form)
  169.         self.assertContains(r, "[email protected] is already a member")
  170. 

  171.         # The number of memberships should have not increased
  172.         self.assertEqual(self.project.member_set.count(), 1)
  173. 

  174.     def test_it_rejects_owner_as_a_member(self):
  175.         self.client.login(username="[email protected]", password="password")
  176. 

  177.         form = {"invite_team_member": "1", "email": "[email protected]", "role": "r"}
  178.         r = self.client.post(self.url, form)
  179.         self.assertContains(r, "[email protected] is already a member")
  180. 

  181.         # The number of memberships should have not increased
  182.         self.assertEqual(self.project.member_set.count(), 1)
  183. 

  184.     def test_it_rejects_too_long_email_addresses(self):
  185.         self.client.login(username="[email protected]", password="password")
  186. 

  187.         aaa = "a" * 300
  188.         form = {
  189.             "invite_team_member": "1",
  190.             "email": f"frank+{aaa}@example.org",
  191.             "role": "r",
  192.         }
  193.         r = self.client.post(self.url, form)
  194.         self.assertEqual(r.status_code, 200)
  195. 

  196.         # No email should have been sent
  197.         self.assertEqual(len(mail.outbox), 0)
  198. 

  199.     @override_settings(SECRET_KEY="test-secret")
  200.     def test_it_rate_limits_invites(self):
  201.         obj = TokenBucket(value="invite-%d" % self.alice.id)
  202.         obj.tokens = 0
  203.         obj.save()
  204. 

  205.         self.client.login(username="[email protected]", password="password")
  206. 

  207.         form = {"invite_team_member": "1", "email": "[email protected]", "role": "r"}
  208.         r = self.client.post(self.url, form)
  209.         self.assertContains(r, "Too Many Requests")
  210. 

  211.         self.assertEqual(len(mail.outbox), 0)
  212. 

  213.     def test_it_lets_manager_add_team_member(self):
  214.         # Bob is a manager:
  215.         self.bobs_membership.role = "m"
  216.         self.bobs_membership.save()
  217. 

  218.         self.client.login(username="[email protected]", password="password")
  219. 

  220.         form = {"invite_team_member": "1", "email": "[email protected]", "role": "w"}
  221.         r = self.client.post(self.url, form)
  222.         self.assertEqual(r.status_code, 200)
  223. 

  224.         Member.objects.get(project=self.project, user__email="[email protected]")
  225. 

  226.     def test_it_does_not_allow_regular_member_invite_team_members(self):
  227.         self.client.login(username="[email protected]", password="password")
  228. 

  229.         form = {"invite_team_member": "1", "email": "[email protected]", "role": "w"}
  230.         r = self.client.post(self.url, form)
  231.         self.assertEqual(r.status_code, 403)
  232. 

  233.     def test_it_checks_team_size(self):
  234.         self.profile.team_limit = 0
  235.         self.profile.save()
  236. 

  237.         self.client.login(username="[email protected]", password="password")
  238. 

  239.         form = {"invite_team_member": "1", "email": "[email protected]", "role": "r"}
  240.         r = self.client.post(self.url, form)
  241.         self.assertEqual(r.status_code, 403)
  242. 

  243.     def test_it_lets_owner_remove_team_member(self):
  244.         self.client.login(username="[email protected]", password="password")
  245. 

  246.         form = {"remove_team_member": "1", "email": "[email protected]"}
  247.         r = self.client.post(self.url, form)
  248.         self.assertEqual(r.status_code, 200)
  249. 

  250.         self.assertFalse(Member.objects.exists())
  251. 

  252.     def test_it_lets_manager_remove_team_member(self):
  253.         # Bob is a manager:
  254.         self.bobs_membership.role = "m"
  255.         self.bobs_membership.save()
  256. 

  257.         # Bob will try to remove this membership:
  258.         Member.objects.create(user=self.charlie, project=self.project)
  259. 

  260.         self.client.login(username="[email protected]", password="password")
  261.         form = {"remove_team_member": "1", "email": "[email protected]"}
  262.         r = self.client.post(self.url, form)
  263.         self.assertEqual(r.status_code, 200)
  264. 

  265.         q = Member.objects.filter(user=self.charlie, project=self.project)
  266.         self.assertFalse(q.exists())
  267. 

  268.     def test_it_does_not_allow_regular_member_remove_team_member(self):
  269.         # Bob will try to remove this membership:
  270.         Member.objects.create(user=self.charlie, project=self.project)
  271. 

  272.         self.client.login(username="[email protected]", password="password")
  273.         form = {"remove_team_member": "1", "email": "[email protected]"}
  274.         r = self.client.post(self.url, form)
  275.         self.assertEqual(r.status_code, 403)
  276. 

  277.     def test_it_rejects_manager_remove_self(self):
  278.         self.bobs_membership.role = "m"
  279.         self.bobs_membership.save()
  280. 

  281.         self.client.login(username="[email protected]", password="password")
  282. 

  283.         form = {"remove_team_member": "1", "email": "[email protected]"}
  284.         r = self.client.post(self.url, form)
  285.         self.assertEqual(r.status_code, 400)
  286. 

  287.         # The number of memberships should have not decreased
  288.         self.assertEqual(self.project.member_set.count(), 1)
  289. 

  290.     def test_it_checks_membership_when_removing_team_member(self):
  291.         self.client.login(username="[email protected]", password="password")
  292. 

  293.         url = "/projects/%s/settings/" % self.charlies_project.code
  294.         form = {"remove_team_member": "1", "email": "[email protected]"}
  295.         r = self.client.post(url, form)
  296.         self.assertEqual(r.status_code, 400)
  297. 

  298.     def test_it_sets_project_name(self):
  299.         self.client.login(username="[email protected]", password="password")
  300. 

  301.         form = {"set_project_name": "1", "name": "Alpha Team"}
  302.         r = self.client.post(self.url, form)
  303.         self.assertEqual(r.status_code, 200)
  304. 

  305.         self.project.refresh_from_db()
  306.         self.assertEqual(self.project.name, "Alpha Team")
  307. 

  308.     def test_it_requires_rw_access_to_set_project_name(self):
  309.         self.bobs_membership.role = "r"
  310.         self.bobs_membership.save()
  311. 

  312.         self.client.login(username="[email protected]", password="password")
  313.         form = {"set_project_name": "1", "name": "Alpha Team"}
  314.         r = self.client.post(self.url, form)
  315.         self.assertEqual(r.status_code, 403)
  316. 

  317.     def test_it_shows_invite_suggestions(self):
  318.         p2 = Project.objects.create(owner=self.alice)
  319. 

  320.         self.client.login(username="[email protected]", password="password")
  321. 

  322.         r = self.client.get("/projects/%s/settings/" % p2.code)
  323.         self.assertContains(r, "Add Users from Other Projects")
  324.         self.assertContains(r, "[email protected]")
  325. 

  326.     def test_it_requires_rw_access_to_update_project_name(self):
  327.         self.bobs_membership.role = "r"
  328.         self.bobs_membership.save()
  329. 

  330.         self.client.login(username="[email protected]", password="password")
  331. 

  332.         form = {"set_project_name": "1", "name": "Alpha Team"}
  333.         r = self.client.post(self.url, form)
  334.         self.assertEqual(r.status_code, 403)
  335. 

  336.     def test_it_hides_actions_for_readonly_users(self):
  337.         self.bobs_membership.role = "r"
  338.         self.bobs_membership.save()
  339. 

  340.         self.client.login(username="[email protected]", password="password")
  341. 

  342.         r = self.client.get(self.url)
  343.         self.assertNotContains(r, "#set-project-name-modal", status_code=200)
  344.         self.assertNotContains(r, "Show API Keys")
  345. 

  346.     @override_settings(PROMETHEUS_ENABLED=False)
  347.     def test_it_hides_prometheus_link_if_prometheus_not_enabled(self):
  348.         self.project.api_key_readonly = "R" * 32
  349.         self.project.save()
  350. 

  351.         self.client.login(username="[email protected]", password="password")
  352.         r = self.client.post(self.url, {"show_api_keys": "1"})
  353.         self.assertEqual(r.status_code, 200)
  354. 

  355.         self.assertNotContains(r, "Prometheus metrics endpoint")
  356. 

  357.     def test_it_requires_rw_access_to_show_api_key(self):
  358.         self.bobs_membership.role = "r"
  359.         self.bobs_membership.save()
  360. 

  361.         self.client.login(username="[email protected]", password="password")
  362.         r = self.client.post(self.url, {"show_keys": "1"})
  363.         self.assertEqual(r.status_code, 403)