def test_mark_namespace_for_deletion(initialized_db):
def create_transaction(db):
return db.transaction()
# Create a user and then mark it for deletion.
user = create_user_noverify("foobar",
"*****@*****.**",
email_required=False)
# Add some robots.
create_robot("foo", user)
create_robot("bar", user)
assert lookup_robot("foobar+foo") is not None
assert lookup_robot("foobar+bar") is not None
assert len(list(list_namespace_robots("foobar"))) == 2
# Add some federated user links.
attach_federated_login(user, "google", "someusername")
attach_federated_login(user, "github", "someusername")
assert FederatedLogin.select().where(
FederatedLogin.user == user).count() == 2
assert FederatedLogin.select().where(
FederatedLogin.service_ident == "someusername").exists()
# Mark the user for deletion.
queue = WorkQueue("testgcnamespace", create_transaction)
mark_namespace_for_deletion(user, [], queue)
# Ensure the older user is still in the DB.
older_user = User.get(id=user.id)
assert older_user.username != "foobar"
# Ensure the robots are deleted.
with pytest.raises(InvalidRobotException):
assert lookup_robot("foobar+foo")
with pytest.raises(InvalidRobotException):
assert lookup_robot("foobar+bar")
assert len(list(list_namespace_robots(older_user.username))) == 0
# Ensure the federated logins are gone.
assert FederatedLogin.select().where(
FederatedLogin.user == user).count() == 0
assert (not FederatedLogin.select().where(
FederatedLogin.service_ident == "someusername").exists())
# Ensure we can create a user with the same namespace again.
new_user = create_user_noverify("foobar",
"*****@*****.**",
email_required=False)
assert new_user.id != user.id
# Ensure the older user is still in the DB.
assert User.get(id=user.id).username != "foobar"
def list_federated_logins(user):
selected = FederatedLogin.select(FederatedLogin.service_ident,
LoginService.name,
FederatedLogin.metadata_json)
joined = selected.join(LoginService)
return joined.where(LoginService.name != "quayrobot",
FederatedLogin.user == user)
def get_federated_logins(user_ids, service_name):
""" Returns all federated logins for the given user ids under the given external service. """
if not user_ids:
return []
return (FederatedLogin.select().join(User).switch(FederatedLogin).join(
LoginService).where(FederatedLogin.user << user_ids,
LoginService.name == service_name))
def get_federated_team_member_mapping(team, login_service_name):
""" Returns a dict of all federated IDs for all team members in the team whose users are
bound to the login service within the given name. The dictionary is from federated service
identifier (username) to their Quay User table ID.
"""
login_service = LoginService.get(name=login_service_name)
query = (FederatedLogin.select(
FederatedLogin.service_ident,
User.id).join(User).join(TeamMember).join(Team).where(
Team.id == team, User.robot == False,
FederatedLogin.service == login_service))
return dict(query.tuples())
def verify_federated_login(service_id, service_ident):
try:
found = (FederatedLogin.select(
FederatedLogin,
User).join(LoginService).switch(FederatedLogin).join(User).where(
FederatedLogin.service_ident == service_ident,
LoginService.name == service_id).get())
# Mark that the user was accessed.
_basequery.update_last_accessed(found.user)
return found.user
except FederatedLogin.DoesNotExist:
return None
