Esempio n. 1
0
    def test_recovery_codes_regenerate(self, email_log):
        interface = RecoveryCodeInterface()
        interface.enroll(self.user)

        url = reverse(
            "sentry-api-0-user-authenticator-details",
            kwargs={"user_id": self.user.id, "auth_id": interface.authenticator.id},
        )

        resp = self.client.get(url)
        assert resp.status_code == 200
        old_codes = resp.data["codes"]
        old_created_at = resp.data["createdAt"]

        resp = self.client.get(url)
        assert old_codes == resp.data["codes"]
        assert old_created_at == resp.data["createdAt"]

        # regenerate codes
        tomorrow = timezone.now() + datetime.timedelta(days=1)
        with mock.patch.object(timezone, "now", return_value=tomorrow):
            resp = self.client.put(url)

            resp = self.client.get(url)
            assert old_codes != resp.data["codes"]
            assert old_created_at != resp.data["createdAt"]

        self._assert_security_email_sent("recovery-codes-regenerated", email_log)
Esempio n. 2
0
    def test_recovery_codes_regenerate(self):
        interface = RecoveryCodeInterface()
        interface.enroll(self.user)

        resp = self.get_success_response(self.user.id,
                                         interface.authenticator.id)
        old_codes = resp.data["codes"]
        old_created_at = resp.data["createdAt"]

        resp = self.get_success_response(self.user.id,
                                         interface.authenticator.id)
        assert old_codes == resp.data["codes"]
        assert old_created_at == resp.data["createdAt"]

        # regenerate codes
        tomorrow = timezone.now() + datetime.timedelta(days=1)
        with mock.patch.object(timezone, "now", return_value=tomorrow):
            with self.tasks():
                self.get_success_response(self.user.id,
                                          interface.authenticator.id,
                                          method="put")
                resp = self.get_success_response(self.user.id,
                                                 interface.authenticator.id)
            assert old_codes != resp.data["codes"]
            assert old_created_at != resp.data["createdAt"]

        assert_security_email_sent("recovery-codes-regenerated")
Esempio n. 3
0
    def test_get_recovery_codes(self):
        interface = RecoveryCodeInterface()
        interface.enroll(self.user)

        with self.tasks():
            resp = self.get_success_response(self.user.id,
                                             interface.authenticator.id)

        assert resp.data["id"] == "recovery"
        assert resp.data["authId"] == str(interface.authenticator.id)
        assert len(resp.data["codes"])

        assert len(mail.outbox) == 0
Esempio n. 4
0
    def test_get_recovery_codes(self, email_log):
        interface = RecoveryCodeInterface()
        interface.enroll(self.user)

        url = reverse(
            "sentry-api-0-user-authenticator-details",
            kwargs={"user_id": self.user.id, "auth_id": interface.authenticator.id},
        )

        resp = self.client.get(url)
        assert resp.status_code == 200
        assert resp.data["id"] == "recovery"
        assert resp.data["authId"] == six.text_type(interface.authenticator.id)
        assert len(resp.data["codes"])

        assert email_log.info.call_count == 0
Esempio n. 5
0
    def test_owner_can_only_reset_member_2fa(self):
        self.login_as(self.owner)

        path = reverse("sentry-api-0-user-authenticator-details",
                       args=[self.member.id, self.interface_id])
        resp = self.client.get(path)
        assert resp.status_code == 403

        # cannot regenerate recovery codes
        recovery = RecoveryCodeInterface()
        recovery.enroll(self.user)
        path = reverse(
            "sentry-api-0-user-authenticator-details",
            args=[self.member.id, recovery.authenticator.id],
        )
        resp = self.client.put(path)
        assert resp.status_code == 403