Beispiel #1
0
    def test_records_analytics(self, record):
        Refresher.run(
            install=self.install,
            client_id=self.client_id,
            refresh_token=self.token.refresh_token,
            user=self.user,
        )

        record.assert_called_with(
            'sentry_app.token_exchanged',
            sentry_app_installation_id=self.install.id,
            exchange_type='refresh',
        )
Beispiel #2
0
    def test_records_analytics(self, record):
        Refresher.run(
            install=self.install,
            client_id=self.client_id,
            refresh_token=self.token.refresh_token,
            user=self.user,
        )

        record.assert_called_with(
            "sentry_app.token_exchanged",
            sentry_app_installation_id=self.install.id,
            exchange_type="refresh",
        )
Beispiel #3
0
    def post(self, request, installation):
        with sentry_sdk.configure_scope() as scope:
            scope.set_tag("organization", installation.organization_id)
            scope.set_tag("sentry_app_id", installation.sentry_app_id)
            scope.set_tag("sentry_app_slug", installation.sentry_app.slug)

            try:
                if request.json_body.get("grant_type") == GrantTypes.AUTHORIZATION:
                    token = GrantExchanger.run(
                        install=installation,
                        code=request.json_body.get("code"),
                        client_id=request.json_body.get("client_id"),
                        user=request.user,
                    )
                elif request.json_body.get("grant_type") == GrantTypes.REFRESH:
                    token = Refresher.run(
                        install=installation,
                        refresh_token=request.json_body.get("refresh_token"),
                        client_id=request.json_body.get("client_id"),
                        user=request.user,
                    )
                else:
                    return Response({"error": "Invalid grant_type"}, status=403)
            except APIUnauthorized as e:
                logger.error(e, exc_info=True)
                return Response({"error": e.msg or "Unauthorized"}, status=403)

            attrs = {"state": request.json_body.get("state"), "application": None}

            body = ApiTokenSerializer().serialize(token, attrs, request.user)

            return Response(body, status=201)
Beispiel #4
0
    def post(self, request, installation):
        try:
            if request.json_body.get("grant_type") == GrantTypes.AUTHORIZATION:
                token = GrantExchanger.run(
                    install=installation,
                    code=request.json_body.get("code"),
                    client_id=request.json_body.get("client_id"),
                    user=request.user,
                )
            elif request.json_body.get("grant_type") == GrantTypes.REFRESH:
                token = Refresher.run(
                    install=installation,
                    refresh_token=request.json_body.get("refresh_token"),
                    client_id=request.json_body.get("client_id"),
                    user=request.user,
                )
            else:
                return Response({"error": "Invalid grant_type"}, status=403)
        except APIUnauthorized as e:
            return Response({"error": e.msg or "Unauthorized"}, status=403)

        attrs = {"state": request.json_body.get("state"), "application": None}

        body = ApiTokenSerializer().serialize(token, attrs, request.user)

        return Response(body, status=201)
Beispiel #5
0
    def post(self, request, installation):
        try:
            if request.json_body.get('grant_type') == GrantTypes.AUTHORIZATION:
                token = GrantExchanger.run(
                    install=installation,
                    code=request.json_body.get('code'),
                    client_id=request.json_body.get('client_id'),
                    user=request.user,
                )
            elif request.json_body.get('grant_type') == GrantTypes.REFRESH:
                token = Refresher.run(
                    install=installation,
                    refresh_token=request.json_body.get('refresh_token'),
                    client_id=request.json_body.get('client_id'),
                    user=request.user,
                )
            else:
                return Response({'error': 'Invalid grant_type'}, status=403)
        except APIUnauthorized as e:
            return Response({'error': e.msg or 'Unauthorized'}, status=403)

        attrs = {
            'state': request.json_body.get('state'),
            'application': None,
        }

        body = ApiTokenSerializer().serialize(token, attrs, request.user)

        return Response(body, status=201)
Beispiel #6
0
    def setUp(self):
        self.install = self.create_sentry_app_installation()
        self.client_id = self.install.sentry_app.application.client_id
        self.user = self.install.sentry_app.proxy_user

        self.token = GrantExchanger.run(
            install=self.install,
            code=self.install.api_grant.code,
            client_id=self.client_id,
            user=self.user,
        )

        self.refresher = Refresher(
            install=self.install,
            client_id=self.client_id,
            refresh_token=self.token.refresh_token,
            user=self.user,
        )
Beispiel #7
0
    def setUp(self):
        self.install = self.create_sentry_app_installation()
        self.client_id = self.install.sentry_app.application.client_id
        self.user = self.install.sentry_app.proxy_user

        self.token = GrantExchanger.run(
            install=self.install,
            code=self.install.api_grant.code,
            client_id=self.client_id,
            user=self.user,
        )

        self.refresher = Refresher(
            install=self.install,
            client_id=self.client_id,
            refresh_token=self.token.refresh_token,
            user=self.user,
        )
Beispiel #8
0
class TestRefresher(TestCase):
    def setUp(self):
        self.install = self.create_sentry_app_installation()
        self.client_id = self.install.sentry_app.application.client_id
        self.user = self.install.sentry_app.proxy_user

        self.token = GrantExchanger.run(
            install=self.install,
            code=self.install.api_grant.code,
            client_id=self.client_id,
            user=self.user,
        )

        self.refresher = Refresher(
            install=self.install,
            client_id=self.client_id,
            refresh_token=self.token.refresh_token,
            user=self.user,
        )

    def test_happy_path(self):
        assert self.refresher.call()

    def test_adds_token_to_installation(self):
        token = self.refresher.call()
        assert SentryAppInstallation.objects.get(id=self.install.id).api_token == token

    def test_deletes_refreshed_token(self):
        self.refresher.call()
        assert not ApiToken.objects.filter(id=self.token.id).exists()

    @patch("sentry.mediators.token_exchange.Validator.run")
    def test_validates_generic_token_exchange_requirements(self, validator):
        self.refresher.call()

        validator.assert_called_once_with(
            install=self.install, client_id=self.client_id, user=self.user
        )

    def test_validates_token_belongs_to_sentry_app(self):
        self.refresher.refresh_token = ApiToken.objects.create(
            user=self.user,
            application=ApiApplication.objects.create(owner_id=self.create_user().id),
        ).refresh_token

        with self.assertRaises(APIUnauthorized):
            self.refresher.call()

    @patch("sentry.models.ApiToken.objects.get", side_effect=ApiToken.DoesNotExist)
    def test_token_must_exist(self, _):
        with self.assertRaises(APIUnauthorized):
            self.refresher.call()

    @patch("sentry.models.ApiApplication.objects.get", side_effect=ApiApplication.DoesNotExist)
    def test_api_application_must_exist(self, _):
        with self.assertRaises(APIUnauthorized):
            self.refresher.call()

    @patch("sentry.models.ApiApplication.sentry_app", side_effect=SentryApp.DoesNotExist)
    def test_sentry_app_must_exist(self, _):
        with self.assertRaises(APIUnauthorized):
            self.refresher.call()

    @patch("sentry.analytics.record")
    def test_records_analytics(self, record):
        Refresher.run(
            install=self.install,
            client_id=self.client_id,
            refresh_token=self.token.refresh_token,
            user=self.user,
        )

        record.assert_called_with(
            "sentry_app.token_exchanged",
            sentry_app_installation_id=self.install.id,
            exchange_type="refresh",
        )
Beispiel #9
0
class TestRefresher(TestCase):
    def setUp(self):
        self.install = self.create_sentry_app_installation()
        self.client_id = self.install.sentry_app.application.client_id
        self.user = self.install.sentry_app.proxy_user

        self.token = GrantExchanger.run(
            install=self.install,
            code=self.install.api_grant.code,
            client_id=self.client_id,
            user=self.user,
        )

        self.refresher = Refresher(
            install=self.install,
            client_id=self.client_id,
            refresh_token=self.token.refresh_token,
            user=self.user,
        )

    def test_happy_path(self):
        assert self.refresher.call()

    def test_adds_token_to_installation(self):
        token = self.refresher.call()
        assert SentryAppInstallation.objects.get(id=self.install.id).api_token == token

    def test_deletes_refreshed_token(self):
        self.refresher.call()
        assert not ApiToken.objects.filter(id=self.token.id).exists()

    @patch('sentry.mediators.token_exchange.Validator.run')
    def test_validates_generic_token_exchange_requirements(self, validator):
        self.refresher.call()

        validator.assert_called_once_with(
            install=self.install,
            client_id=self.client_id,
            user=self.user,
        )

    def test_validates_token_belongs_to_sentry_app(self):
        self.refresher.refresh_token = ApiToken.objects.create(
            user=self.user,
            application=ApiApplication.objects.create(
                owner_id=self.create_user().id,
            ),
        ).refresh_token

        with self.assertRaises(APIUnauthorized):
            self.refresher.call()

    @patch('sentry.models.ApiToken.objects.get', side_effect=ApiToken.DoesNotExist)
    def test_token_must_exist(self, _):
        with self.assertRaises(APIUnauthorized):
            self.refresher.call()

    @patch('sentry.models.ApiApplication.objects.get', side_effect=ApiApplication.DoesNotExist)
    def test_api_application_must_exist(self, _):
        with self.assertRaises(APIUnauthorized):
            self.refresher.call()

    @patch('sentry.models.ApiApplication.sentry_app', side_effect=SentryApp.DoesNotExist)
    def test_sentry_app_must_exist(self, _):
        with self.assertRaises(APIUnauthorized):
            self.refresher.call()

    @patch('sentry.analytics.record')
    def test_records_analytics(self, record):
        Refresher.run(
            install=self.install,
            client_id=self.client_id,
            refresh_token=self.token.refresh_token,
            user=self.user,
        )

        record.assert_called_with(
            'sentry_app.token_exchanged',
            sentry_app_installation_id=self.install.id,
            exchange_type='refresh',
        )
Beispiel #10
0
class TestRefresher(TestCase):
    def setUp(self):
        self.install = self.create_sentry_app_installation()
        self.client_id = self.install.sentry_app.application.client_id
        self.user = self.install.sentry_app.proxy_user

        self.token = GrantExchanger.run(
            install=self.install,
            code=self.install.api_grant.code,
            client_id=self.client_id,
            user=self.user,
        )

        self.refresher = Refresher(
            install=self.install,
            client_id=self.client_id,
            refresh_token=self.token.refresh_token,
            user=self.user,
        )

    def test_happy_path(self):
        assert self.refresher.call()

    def test_expires_active_token(self):
        self.refresher.call()
        assert ApiToken.objects.get(id=self.token.id).expires_at < datetime.now(pytz.UTC)

    @patch('sentry.mediators.token_exchange.Validator.run')
    def test_validates_generic_token_exchange_requirements(self, validator):
        self.refresher.call()

        validator.assert_called_once_with(
            install=self.install,
            client_id=self.client_id,
            user=self.user,
        )

    def test_validates_token_belongs_to_sentry_app(self):
        self.refresher.refresh_token = ApiToken.objects.create(
            user=self.user,
            application=ApiApplication.objects.create(
                owner_id=self.create_user().id,
            ),
        ).refresh_token

        with self.assertRaises(APIUnauthorized):
            self.refresher.call()

    def test_cannot_exchange_expired_token(self):
        self.token.update(expires_at=(datetime.utcnow() - timedelta(hours=1)))

        with self.assertRaises(APIUnauthorized):
            self.refresher.call()

    @patch('sentry.models.ApiToken.objects.get', side_effect=ApiToken.DoesNotExist)
    def test_token_must_exist(self, _):
        with self.assertRaises(APIUnauthorized):
            self.refresher.call()

    @patch('sentry.models.ApiApplication.objects.get', side_effect=ApiApplication.DoesNotExist)
    def test_api_application_must_exist(self, _):
        with self.assertRaises(APIUnauthorized):
            self.refresher.call()

    @patch('sentry.models.ApiApplication.sentry_app', side_effect=SentryApp.DoesNotExist)
    def test_sentry_app_must_exist(self, _):
        with self.assertRaises(APIUnauthorized):
            self.refresher.call()
Beispiel #11
0
class TestRefresher(TestCase):
    def setUp(self):
        self.install = self.create_sentry_app_installation()
        self.client_id = self.install.sentry_app.application.client_id
        self.user = self.install.sentry_app.proxy_user

        self.token = GrantExchanger.run(
            install=self.install,
            code=self.install.api_grant.code,
            client_id=self.client_id,
            user=self.user,
        )

        self.refresher = Refresher(
            install=self.install,
            client_id=self.client_id,
            refresh_token=self.token.refresh_token,
            user=self.user,
        )

    def test_happy_path(self):
        assert self.refresher.call()

    def test_expires_active_token(self):
        self.refresher.call()
        assert ApiToken.objects.get(
            id=self.token.id).expires_at < datetime.now(pytz.UTC)

    @patch('sentry.mediators.token_exchange.Validator.run')
    def test_validates_generic_token_exchange_requirements(self, validator):
        self.refresher.call()

        validator.assert_called_once_with(
            install=self.install,
            client_id=self.client_id,
            user=self.user,
        )

    def test_validates_token_belongs_to_sentry_app(self):
        self.refresher.refresh_token = ApiToken.objects.create(
            user=self.user,
            application=ApiApplication.objects.create(
                owner_id=self.create_user().id, ),
        ).refresh_token

        with self.assertRaises(APIUnauthorized):
            self.refresher.call()

    def test_cannot_exchange_expired_token(self):
        self.token.update(expires_at=(datetime.utcnow() - timedelta(hours=1)))

        with self.assertRaises(APIUnauthorized):
            self.refresher.call()

    @patch('sentry.models.ApiToken.objects.get',
           side_effect=ApiToken.DoesNotExist)
    def test_token_must_exist(self, _):
        with self.assertRaises(APIUnauthorized):
            self.refresher.call()

    @patch('sentry.models.ApiApplication.objects.get',
           side_effect=ApiApplication.DoesNotExist)
    def test_api_application_must_exist(self, _):
        with self.assertRaises(APIUnauthorized):
            self.refresher.call()

    @patch('sentry.models.ApiApplication.sentry_app',
           side_effect=SentryApp.DoesNotExist)
    def test_sentry_app_must_exist(self, _):
        with self.assertRaises(APIUnauthorized):
            self.refresher.call()