nielsperetzke
/
healthchecks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 32 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1745 Commits
2 Branches
15 MiB
Tree: 934099510d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '934099510d'
${ noResults }
healthchecks/hc/accounts/tests/test_project.py

352 lines
13 KiB
Raw Normal View History

Move project-specific settings to a new "Project Settings" page
6 years ago
Rate limit team invites to 20/day
6 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Improved UI to invite users from account's other projects. Fixes #258. The team size limit is applied to the number of distinct users across all projects. Fixes #332.
5 years ago
Rate limit team invites to 20/day
6 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Show "Badges" and "Settings" in top navigation. Fixes #234
6 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Simplify super() calls in tests
4 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Test cases for adding project, removing project and leaving project.
6 years ago
Show "Badges" and "Settings" in top navigation. Fixes #234
6 years ago
Test cases for adding project, removing project and leaving project.
6 years ago
Show "Badges" and "Settings" in top navigation. Fixes #234
6 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Add the PROMETHEUS_ENABLED setting
4 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Fix a 403 when transferring a project to a read-only team member
3 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Fix a 403 when transferring a project to a read-only team member
3 years ago
Test cases for adding project, removing project and leaving project.
6 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Fix a 403 when transferring a project to a read-only team member
3 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
feat: add manager role
3 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Source formatted with Black
6 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Specify the read-write/read-only flag when inviting a team member.
4 years ago
Add Member.role field
3 years ago
Specify the read-write/read-only flag when inviting a team member.
4 years ago
Don't create default projects for invited users.
6 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
In Account Settings > My Projects, indicate read-only memberships as read-only
4 years ago
Django 3.0
5 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Specify the read-write/read-only flag when inviting a team member.
4 years ago
feat: add manager role
3 years ago
Specify the read-write/read-only flag when inviting a team member.
4 years ago
Add Member.role field
3 years ago
Specify the read-write/read-only flag when inviting a team member.
4 years ago
feat: add manager role
3 years ago
Improved UI to invite users from account's other projects. Fixes #258. The team size limit is applied to the number of distinct users across all projects. Fixes #332.
5 years ago
feat: add manager role
3 years ago
Improved UI to invite users from account's other projects. Fixes #258. The team size limit is applied to the number of distinct users across all projects. Fixes #332.
5 years ago
Bugfix: don't allow duplicate team memberships
4 years ago
feat: add manager role
3 years ago
Bugfix: don't allow duplicate team memberships
4 years ago
feat: add manager role
3 years ago
Bugfix: don't allow duplicate team memberships
4 years ago
Handle excessively long email addresses in the team member invite form.
4 years ago
Fix a 403 when transferring a project to a read-only team member
3 years ago
Handle excessively long email addresses in the team member invite form.
4 years ago
Rate limit team invites to 20/day
6 years ago
feat: add manager role
3 years ago
Rate limit team invites to 20/day
6 years ago
Add test cases for manager operations
3 years ago
Show "Badges" and "Settings" in top navigation. Fixes #234
6 years ago
Add test cases for manager operations
3 years ago
Show "Badges" and "Settings" in top navigation. Fixes #234
6 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
feat: add manager role
3 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Add test cases for manager operations
3 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Profile.current_project not used any more, remove last remaining references. cc: #336
5 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Add test cases for manager operations
3 years ago
Show "Badges" and "Settings" in top navigation. Fixes #234
6 years ago
Add test cases for manager operations
3 years ago
Show "Badges" and "Settings" in top navigation. Fixes #234
6 years ago
Add test cases for manager operations
3 years ago
Show "Badges" and "Settings" in top navigation. Fixes #234
6 years ago
feat: add manager role
3 years ago
Check membership before removing project member.
6 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Fix invite suggestions.
5 years ago
Fix a 403 when transferring a project to a read-only team member
3 years ago
Fix invite suggestions.
5 years ago
Read-only users cannot change project settings.
4 years ago
Fix a 403 when transferring a project to a read-only team member
3 years ago
Switch from Member.rw to Member.role as the source of truth
3 years ago
Read-only users cannot change project settings.
4 years ago
Switch from Member.rw to Member.role as the source of truth
3 years ago
Read-only users cannot change project settings.
4 years ago
Add the PROMETHEUS_ENABLED setting
4 years ago
Fix a 403 when transferring a project to a read-only team member
3 years ago
Add the PROMETHEUS_ENABLED setting
4 years ago
Fix a 403 when transferring a project to a read-only team member
3 years ago
 
  1. from django.core import mail
  2. 

  3. from django.conf import settings
  4. from django.test.utils import override_settings
  5. from hc.test import BaseTestCase
  6. from hc.accounts.models import Member, Project
  7. from hc.api.models import TokenBucket
  8. 

  9. 

  10. class ProjectTestCase(BaseTestCase):
  11.     def setUp(self):
  12.         super().setUp()
  13. 

  14.         self.url = "/projects/%s/settings/" % self.project.code
  15. 

  16.     def test_it_checks_access(self):
  17.         self.client.login(username="[email protected]", password="password")
  18.         r = self.client.get(self.url)
  19.         self.assertEqual(r.status_code, 404)
  20. 

  21.     def test_it_allows_team_access(self):
  22.         self.client.login(username="[email protected]", password="password")
  23.         r = self.client.get(self.url)
  24.         self.assertContains(r, "Change Project Name")
  25. 

  26.     def test_it_shows_api_keys(self):
  27.         self.project.api_key_readonly = "R" * 32
  28.         self.project.save()
  29. 

  30.         self.client.login(username="[email protected]", password="password")
  31. 

  32.         form = {"show_api_keys": "1"}
  33.         r = self.client.post(self.url, form)
  34.         self.assertEqual(r.status_code, 200)
  35. 

  36.         self.assertContains(r, "X" * 32)
  37.         self.assertContains(r, "R" * 32)
  38.         self.assertContains(r, "Prometheus metrics endpoint")
  39. 

  40.     def test_it_creates_api_key(self):
  41.         self.client.login(username="[email protected]", password="password")
  42. 

  43.         form = {"create_api_keys": "1"}
  44.         r = self.client.post(self.url, form)
  45.         self.assertEqual(r.status_code, 200)
  46. 

  47.         self.project.refresh_from_db()
  48.         api_key = self.project.api_key
  49.         self.assertTrue(len(api_key) > 10)
  50.         self.assertFalse("b'" in api_key)
  51. 

  52.     def test_it_requires_rw_access_to_create_api_key(self):
  53.         self.bobs_membership.role = "r"
  54.         self.bobs_membership.save()
  55. 

  56.         self.client.login(username="[email protected]", password="password")
  57.         r = self.client.post(self.url, {"create_api_keys": "1"})
  58.         self.assertEqual(r.status_code, 403)
  59. 

  60.     def test_it_revokes_api_key(self):
  61.         self.project.api_key_readonly = "R" * 32
  62.         self.project.save()
  63. 

  64.         self.client.login(username="[email protected]", password="password")
  65.         r = self.client.post(self.url, {"revoke_api_keys": "1"})
  66.         self.assertEqual(r.status_code, 200)
  67. 

  68.         self.project.refresh_from_db()
  69.         self.assertEqual(self.project.api_key, "")
  70.         self.assertEqual(self.project.api_key_readonly, "")
  71. 

  72.     def test_it_requires_rw_access_to_revoke_api_key(self):
  73.         self.bobs_membership.role = "r"
  74.         self.bobs_membership.save()
  75. 

  76.         self.client.login(username="[email protected]", password="password")
  77.         r = self.client.post(self.url, {"revoke_api_keys": "1"})
  78.         self.assertEqual(r.status_code, 403)
  79. 

  80.     def test_it_adds_team_member(self):
  81.         self.client.login(username="[email protected]", password="password")
  82. 

  83.         form = {"invite_team_member": "1", "email": "[email protected]", "role": "w"}
  84.         r = self.client.post(self.url, form)
  85.         self.assertEqual(r.status_code, 200)
  86. 

  87.         members = self.project.member_set.all()
  88.         self.assertEqual(members.count(), 2)
  89. 

  90.         member = Member.objects.get(
  91.             project=self.project, user__email="[email protected]"
  92.         )
  93. 

  94.         # The read-write flag should be set
  95.         self.assertEqual(member.role, member.Role.REGULAR)
  96. 

  97.         # The new user should not have their own project
  98.         self.assertFalse(member.user.project_set.exists())
  99. 

  100.         # And an email should have been sent
  101.         subj = f"You have been invited to join Alices Project on {settings.SITE_NAME}"
  102.         self.assertHTMLEqual(mail.outbox[0].subject, subj)
  103. 

  104.     def test_it_adds_readonly_team_member(self):
  105.         self.client.login(username="[email protected]", password="password")
  106. 

  107.         form = {"invite_team_member": "1", "email": "[email protected]", "role": "r"}
  108.         r = self.client.post(self.url, form)
  109.         self.assertEqual(r.status_code, 200)
  110. 

  111.         member = Member.objects.get(
  112.             project=self.project, user__email="[email protected]"
  113.         )
  114. 

  115.         self.assertEqual(member.role, member.Role.READONLY)
  116. 

  117.     def test_it_adds_manager_team_member(self):
  118.         self.client.login(username="[email protected]", password="password")
  119. 

  120.         form = {"invite_team_member": "1", "email": "[email protected]", "role": "m"}
  121.         r = self.client.post(self.url, form)
  122.         self.assertEqual(r.status_code, 200)
  123. 

  124.         member = Member.objects.get(
  125.             project=self.project, user__email="[email protected]"
  126.         )
  127. 

  128.         # The new user should have role manager
  129.         self.assertEqual(member.role, member.Role.MANAGER)
  130. 

  131.     def test_it_adds_member_from_another_team(self):
  132.         # With team limit at zero, we should not be able to invite any new users
  133.         self.profile.team_limit = 0
  134.         self.profile.save()
  135. 

  136.         # But Charlie will have an existing membership in another Alice's project
  137.         # so Alice *should* be able to invite Charlie:
  138.         p2 = Project.objects.create(owner=self.alice)
  139.         Member.objects.create(user=self.charlie, project=p2)
  140. 

  141.         self.client.login(username="[email protected]", password="password")
  142.         form = {"invite_team_member": "1", "email": "[email protected]", "role": "r"}
  143.         r = self.client.post(self.url, form)
  144.         self.assertEqual(r.status_code, 200)
  145. 

  146.         q = Member.objects.filter(project=self.project, user=self.charlie)
  147.         self.assertEqual(q.count(), 1)
  148. 

  149.         # And this should not have affected the rate limit:
  150.         q = TokenBucket.objects.filter(value="invite-%d" % self.alice.id)
  151.         self.assertFalse(q.exists())
  152. 

  153.     def test_it_rejects_duplicate_membership(self):
  154.         self.client.login(username="[email protected]", password="password")
  155. 

  156.         form = {"invite_team_member": "1", "email": "[email protected]", "role": "r"}
  157.         r = self.client.post(self.url, form)
  158.         self.assertContains(r, "[email protected] is already a member")
  159. 

  160.         # The number of memberships should have not increased
  161.         self.assertEqual(self.project.member_set.count(), 1)
  162. 

  163.     def test_it_rejects_owner_as_a_member(self):
  164.         self.client.login(username="[email protected]", password="password")
  165. 

  166.         form = {"invite_team_member": "1", "email": "[email protected]", "role": "r"}
  167.         r = self.client.post(self.url, form)
  168.         self.assertContains(r, "[email protected] is already a member")
  169. 

  170.         # The number of memberships should have not increased
  171.         self.assertEqual(self.project.member_set.count(), 1)
  172. 

  173.     def test_it_rejects_too_long_email_addresses(self):
  174.         self.client.login(username="[email protected]", password="password")
  175. 

  176.         aaa = "a" * 300
  177.         form = {
  178.             "invite_team_member": "1",
  179.             "email": f"frank+{aaa}@example.org",
  180.             "role": "r",
  181.         }
  182.         r = self.client.post(self.url, form)
  183.         self.assertEqual(r.status_code, 200)
  184. 

  185.         # No email should have been sent
  186.         self.assertEqual(len(mail.outbox), 0)
  187. 

  188.     @override_settings(SECRET_KEY="test-secret")
  189.     def test_it_rate_limits_invites(self):
  190.         obj = TokenBucket(value="invite-%d" % self.alice.id)
  191.         obj.tokens = 0
  192.         obj.save()
  193. 

  194.         self.client.login(username="[email protected]", password="password")
  195. 

  196.         form = {"invite_team_member": "1", "email": "[email protected]", "role": "r"}
  197.         r = self.client.post(self.url, form)
  198.         self.assertContains(r, "Too Many Requests")
  199. 

  200.         self.assertEqual(len(mail.outbox), 0)
  201. 

  202.     def test_it_lets_manager_add_team_member(self):
  203.         # Bob is a manager:
  204.         self.bobs_membership.role = "m"
  205.         self.bobs_membership.save()
  206. 

  207.         self.client.login(username="[email protected]", password="password")
  208. 

  209.         form = {"invite_team_member": "1", "email": "[email protected]", "role": "w"}
  210.         r = self.client.post(self.url, form)
  211.         self.assertEqual(r.status_code, 200)
  212. 

  213.         Member.objects.get(project=self.project, user__email="[email protected]")
  214. 

  215.     def test_it_does_not_allow_regular_member_invite_team_members(self):
  216.         self.client.login(username="[email protected]", password="password")
  217. 

  218.         form = {"invite_team_member": "1", "email": "[email protected]", "role": "w"}
  219.         r = self.client.post(self.url, form)
  220.         self.assertEqual(r.status_code, 403)
  221. 

  222.     def test_it_checks_team_size(self):
  223.         self.profile.team_limit = 0
  224.         self.profile.save()
  225. 

  226.         self.client.login(username="[email protected]", password="password")
  227. 

  228.         form = {"invite_team_member": "1", "email": "[email protected]", "role": "r"}
  229.         r = self.client.post(self.url, form)
  230.         self.assertEqual(r.status_code, 403)
  231. 

  232.     def test_it_lets_owner_remove_team_member(self):
  233.         self.client.login(username="[email protected]", password="password")
  234. 

  235.         form = {"remove_team_member": "1", "email": "[email protected]"}
  236.         r = self.client.post(self.url, form)
  237.         self.assertEqual(r.status_code, 200)
  238. 

  239.         self.assertFalse(Member.objects.exists())
  240. 

  241.     def test_it_lets_manager_remove_team_member(self):
  242.         # Bob is a manager:
  243.         self.bobs_membership.role = "m"
  244.         self.bobs_membership.save()
  245. 

  246.         # Bob will try to remove this membership:
  247.         Member.objects.create(user=self.charlie, project=self.project)
  248. 

  249.         self.client.login(username="[email protected]", password="password")
  250.         form = {"remove_team_member": "1", "email": "[email protected]"}
  251.         r = self.client.post(self.url, form)
  252.         self.assertEqual(r.status_code, 200)
  253. 

  254.         q = Member.objects.filter(user=self.charlie, project=self.project)
  255.         self.assertFalse(q.exists())
  256. 

  257.     def test_it_does_not_allow_regular_member_remove_team_member(self):
  258.         # Bob will try to remove this membership:
  259.         Member.objects.create(user=self.charlie, project=self.project)
  260. 

  261.         self.client.login(username="[email protected]", password="password")
  262.         form = {"remove_team_member": "1", "email": "[email protected]"}
  263.         r = self.client.post(self.url, form)
  264.         self.assertEqual(r.status_code, 403)
  265. 

  266.     def test_it_rejects_manager_remove_self(self):
  267.         self.bobs_membership.role = "m"
  268.         self.bobs_membership.save()
  269. 

  270.         self.client.login(username="[email protected]", password="password")
  271. 

  272.         form = {"remove_team_member": "1", "email": "[email protected]"}
  273.         r = self.client.post(self.url, form)
  274.         self.assertEqual(r.status_code, 400)
  275. 

  276.         # The number of memberships should have not decreased
  277.         self.assertEqual(self.project.member_set.count(), 1)
  278. 

  279.     def test_it_checks_membership_when_removing_team_member(self):
  280.         self.client.login(username="[email protected]", password="password")
  281. 

  282.         url = "/projects/%s/settings/" % self.charlies_project.code
  283.         form = {"remove_team_member": "1", "email": "[email protected]"}
  284.         r = self.client.post(url, form)
  285.         self.assertEqual(r.status_code, 400)
  286. 

  287.     def test_it_sets_project_name(self):
  288.         self.client.login(username="[email protected]", password="password")
  289. 

  290.         form = {"set_project_name": "1", "name": "Alpha Team"}
  291.         r = self.client.post(self.url, form)
  292.         self.assertEqual(r.status_code, 200)
  293. 

  294.         self.project.refresh_from_db()
  295.         self.assertEqual(self.project.name, "Alpha Team")
  296. 

  297.     def test_it_requires_rw_access_to_set_project_name(self):
  298.         self.bobs_membership.role = "r"
  299.         self.bobs_membership.save()
  300. 

  301.         self.client.login(username="[email protected]", password="password")
  302.         form = {"set_project_name": "1", "name": "Alpha Team"}
  303.         r = self.client.post(self.url, form)
  304.         self.assertEqual(r.status_code, 403)
  305. 

  306.     def test_it_shows_invite_suggestions(self):
  307.         p2 = Project.objects.create(owner=self.alice)
  308. 

  309.         self.client.login(username="[email protected]", password="password")
  310. 

  311.         r = self.client.get("/projects/%s/settings/" % p2.code)
  312.         self.assertContains(r, "Add Users from Other Teams")
  313.         self.assertContains(r, "[email protected]")
  314. 

  315.     def test_it_requires_rw_access_to_update_project_name(self):
  316.         self.bobs_membership.role = "r"
  317.         self.bobs_membership.save()
  318. 

  319.         self.client.login(username="[email protected]", password="password")
  320. 

  321.         form = {"set_project_name": "1", "name": "Alpha Team"}
  322.         r = self.client.post(self.url, form)
  323.         self.assertEqual(r.status_code, 403)
  324. 

  325.     def test_it_hides_actions_for_readonly_users(self):
  326.         self.bobs_membership.role = "r"
  327.         self.bobs_membership.save()
  328. 

  329.         self.client.login(username="[email protected]", password="password")
  330. 

  331.         r = self.client.get(self.url)
  332.         self.assertNotContains(r, "#set-project-name-modal", status_code=200)
  333.         self.assertNotContains(r, "Show API Keys")
  334. 

  335.     @override_settings(PROMETHEUS_ENABLED=False)
  336.     def test_it_hides_prometheus_link_if_prometheus_not_enabled(self):
  337.         self.project.api_key_readonly = "R" * 32
  338.         self.project.save()
  339. 

  340.         self.client.login(username="[email protected]", password="password")
  341.         r = self.client.post(self.url, {"show_api_keys": "1"})
  342.         self.assertEqual(r.status_code, 200)
  343. 

  344.         self.assertNotContains(r, "Prometheus metrics endpoint")
  345. 

  346.     def test_it_requires_rw_access_to_show_api_key(self):
  347.         self.bobs_membership.role = "r"
  348.         self.bobs_membership.save()
  349. 

  350.         self.client.login(username="[email protected]", password="password")
  351.         r = self.client.post(self.url, {"show_api_keys": "1"})
  352.         self.assertEqual(r.status_code, 403)