def test_recovery_codes_regenerate(self, email_log):
        interface = RecoveryCodeInterface()
        interface.enroll(self.user)

        url = reverse(
            "sentry-api-0-user-authenticator-details",
            kwargs={
                "user_id": self.user.id,
                "auth_id": interface.authenticator.id
            },
        )

        resp = self.client.get(url)
        assert resp.status_code == 200
        old_codes = resp.data["codes"]
        old_created_at = resp.data["createdAt"]

        resp = self.client.get(url)
        assert old_codes == resp.data["codes"]
        assert old_created_at == resp.data["createdAt"]

        # regenerate codes
        tomorrow = timezone.now() + datetime.timedelta(days=1)
        with mock.patch.object(timezone, "now", return_value=tomorrow):
            resp = self.client.put(url)

            resp = self.client.get(url)
            assert old_codes != resp.data["codes"]
            assert old_created_at != resp.data["createdAt"]

        self._assert_security_email_sent("recovery-codes-regenerated",
                                         email_log)
Exemple #2
0
    def test_recovery_codes_regenerate(self, email_log):
        interface = RecoveryCodeInterface()
        interface.enroll(self.user)

        url = reverse('sentry-api-0-user-authenticator-details',
                      kwargs={
                          'user_id': self.user.id,
                          'auth_id': interface.authenticator.id,
                      })

        resp = self.client.get(url)
        assert resp.status_code == 200
        old_codes = resp.data['codes']

        resp = self.client.get(url)
        assert old_codes == resp.data['codes']

        # regenerate codes
        resp = self.client.put(url)

        resp = self.client.get(url)
        assert old_codes != resp.data['codes']

        self._assert_security_email_sent('recovery-codes-regenerated',
                                         email_log)
    def test_recovery_codes_regenerate(self, email_log):
        interface = RecoveryCodeInterface()
        interface.enroll(self.user)

        url = reverse(
            'sentry-api-0-user-authenticator-details',
            kwargs={
                'user_id': self.user.id,
                'auth_id': interface.authenticator.id,
            }
        )

        resp = self.client.get(url)
        assert resp.status_code == 200
        old_codes = resp.data['codes']
        old_created_at = resp.data['createdAt']

        resp = self.client.get(url)
        assert old_codes == resp.data['codes']
        assert old_created_at == resp.data['createdAt']

        # regenerate codes
        tomorrow = timezone.now() + datetime.timedelta(days=1)
        with mock.patch.object(timezone, 'now', return_value=tomorrow):
            resp = self.client.put(url)

            resp = self.client.get(url)
            assert old_codes != resp.data['codes']
            assert old_created_at != resp.data['createdAt']

        self._assert_security_email_sent('recovery-codes-regenerated', email_log)
Exemple #4
0
    def test_recovery_codes_regenerate(self, email_log):
        interface = RecoveryCodeInterface()
        interface.enroll(self.user)

        url = reverse('sentry-api-0-user-authenticator-details',
                      kwargs={
                          'user_id': self.user.id,
                          'auth_id': interface.authenticator.id,
                      })

        resp = self.client.get(url)
        assert resp.status_code == 200
        old_codes = resp.data['codes']
        old_created_at = resp.data['createdAt']

        resp = self.client.get(url)
        assert old_codes == resp.data['codes']
        assert old_created_at == resp.data['createdAt']

        # regenerate codes
        tomorrow = timezone.now() + datetime.timedelta(days=1)
        with mock.patch.object(timezone, 'now', return_value=tomorrow):
            resp = self.client.put(url)

            resp = self.client.get(url)
            assert old_codes != resp.data['codes']
            assert old_created_at != resp.data['createdAt']

        self._assert_security_email_sent('recovery-codes-regenerated',
                                         email_log)
    def test_recovery_codes_regenerate(self, email_log):
        interface = RecoveryCodeInterface()
        interface.enroll(self.user)

        url = reverse(
            'sentry-api-0-user-authenticator-details',
            kwargs={
                'user_id': self.user.id,
                'auth_id': interface.authenticator.id,
            }
        )

        resp = self.client.get(url)
        assert resp.status_code == 200
        old_codes = resp.data['codes']

        resp = self.client.get(url)
        assert old_codes == resp.data['codes']

        # regenerate codes
        resp = self.client.put(url)

        resp = self.client.get(url)
        assert old_codes != resp.data['codes']

        self._assert_security_email_sent('recovery-codes-regenerated', email_log)
Exemple #6
0
    def test_owner_can_only_reset_member_2fa(self):
        self.login_as(self.owner)

        path = reverse('sentry-api-0-user-authenticator-details',
                       args=[self.member.id, self.interface_id])
        resp = self.client.get(path)
        assert resp.status_code == 403

        # cannot regenerate recovery codes
        recovery = RecoveryCodeInterface()
        recovery.enroll(self.user)
        path = reverse('sentry-api-0-user-authenticator-details',
                       args=[self.member.id, recovery.authenticator.id])
        resp = self.client.put(path)
        assert resp.status_code == 403
    def test_get_recovery_codes(self):
        interface = RecoveryCodeInterface()
        interface.enroll(self.user)

        url = reverse('sentry-api-0-user-authenticator-details',
                      kwargs={
                          'user_id': self.user.id,
                          'auth_id': interface.authenticator.id,
                      })

        resp = self.client.get(url)
        assert resp.status_code == 200
        assert resp.data['id'] == "recovery"
        assert resp.data['authId'] == six.text_type(interface.authenticator.id)
        assert len(resp.data['codes'])
    def test_owner_can_only_reset_member_2fa(self):
        self.login_as(self.owner)

        path = reverse(
            'sentry-api-0-user-authenticator-details', args=[self.member.id, self.interface_id]
        )
        resp = self.client.get(path)
        assert resp.status_code == 403

        # cannot regenerate recovery codes
        recovery = RecoveryCodeInterface()
        recovery.enroll(self.user)
        path = reverse(
            'sentry-api-0-user-authenticator-details', args=[self.member.id, recovery.authenticator.id]
        )
        resp = self.client.put(path)
        assert resp.status_code == 403
    def test_get_recovery_codes(self):
        interface = RecoveryCodeInterface()
        interface.enroll(self.user)

        url = reverse(
            'sentry-api-0-user-authenticator-details',
            kwargs={
                'user_id': self.user.id,
                'auth_id': interface.authenticator.id,
            }
        )

        resp = self.client.get(url)
        assert resp.status_code == 200
        assert resp.data['id'] == "recovery"
        assert resp.data['authId'] == six.text_type(interface.authenticator.id)
        assert len(resp.data['codes'])
    def test_get_recovery_codes(self, email_log):
        interface = RecoveryCodeInterface()
        interface.enroll(self.user)

        url = reverse(
            "sentry-api-0-user-authenticator-details",
            kwargs={
                "user_id": self.user.id,
                "auth_id": interface.authenticator.id
            },
        )

        resp = self.client.get(url)
        assert resp.status_code == 200
        assert resp.data["id"] == "recovery"
        assert resp.data["authId"] == six.text_type(interface.authenticator.id)
        assert len(resp.data["codes"])

        assert email_log.info.call_count == 0
Exemple #11
0
    def test_user_has_2fa(self):
        user = self.create_user('*****@*****.**')
        assert Authenticator.objects.user_has_2fa(user) is False
        assert Authenticator.objects.filter(user=user).count() == 0

        RecoveryCodeInterface().enroll(user)

        assert Authenticator.objects.user_has_2fa(user) is False
        assert Authenticator.objects.filter(user=user).count() == 1

        TotpInterface().enroll(user)

        assert Authenticator.objects.user_has_2fa(user) is True
        assert Authenticator.objects.filter(user=user).count() == 2