Esempio n. 1
0
    def test_permits_if_user_has_2fa(
        self,
        monkeypatch,
        owners_require_2fa,
        pypi_mandates_2fa,
        two_factor_requirement_enabled,
        two_factor_mandate_available,
        two_factor_mandate_enabled,
        db_request,
    ):
        db_request.registry.settings = {
            "warehouse.two_factor_requirement.enabled":
            two_factor_requirement_enabled,
            "warehouse.two_factor_mandate.available":
            two_factor_mandate_available,
            "warehouse.two_factor_mandate.enabled": two_factor_mandate_enabled,
        }
        user = pretend.stub(has_two_factor=True)
        db_request.user = user
        get_current_request = pretend.call_recorder(lambda: db_request)
        monkeypatch.setattr(security_policy, "get_current_request",
                            get_current_request)

        permits_result = Allowed("Because")
        backing_policy = pretend.stub(
            permits=pretend.call_recorder(lambda *a, **kw: permits_result))
        policy = security_policy.TwoFactorAuthorizationPolicy(
            policy=backing_policy)
        context = ProjectFactory.create(owners_require_2fa=owners_require_2fa,
                                        pypi_mandates_2fa=pypi_mandates_2fa)
        result = policy.permits(context, pretend.stub(), pretend.stub())

        assert result == permits_result
Esempio n. 2
0
    def test_flashes_if_context_requires_2fa_but_not_enabled(
            self, monkeypatch, db_request):
        db_request.registry.settings = {
            "warehouse.two_factor_mandate.enabled": False,
            "warehouse.two_factor_mandate.available": True,
            "warehouse.two_factor_requirement.enabled": True,
        }
        db_request.session.flash = pretend.call_recorder(lambda m, queue: None)
        db_request.user = pretend.stub(has_two_factor=False)
        get_current_request = pretend.call_recorder(lambda: db_request)
        monkeypatch.setattr(security_policy, "get_current_request",
                            get_current_request)

        permits_result = Allowed("Because")
        backing_policy = pretend.stub(
            permits=pretend.call_recorder(lambda *a, **kw: permits_result))
        policy = security_policy.TwoFactorAuthorizationPolicy(
            policy=backing_policy)
        context = ProjectFactory.create(
            owners_require_2fa=False,
            pypi_mandates_2fa=True,
        )
        result = policy.permits(context, pretend.stub(), pretend.stub())

        assert result == permits_result
        assert db_request.session.flash.calls == [
            pretend.call(
                "This project is included in PyPI's two-factor mandate "
                "for critical projects. In the future, you will be unable to "
                "perform this action without enabling 2FA for your account",
                queue="warning",
            ),
        ]
Esempio n. 3
0
    def test_principals_allowed_by_permission(self):
        principals = pretend.stub()
        backing_policy = pretend.stub(principals_allowed_by_permission=pretend.
                                      call_recorder(lambda *a: principals))
        policy = security_policy.TwoFactorAuthorizationPolicy(
            policy=backing_policy)

        assert (policy.principals_allowed_by_permission(
            pretend.stub(), pretend.stub()) is principals)
Esempio n. 4
0
    def test_permits_no_active_request(self, monkeypatch):
        get_current_request = pretend.call_recorder(lambda: None)
        monkeypatch.setattr(security_policy, "get_current_request",
                            get_current_request)

        backing_policy = pretend.stub(
            permits=pretend.call_recorder(lambda *a, **kw: pretend.stub()))
        policy = security_policy.TwoFactorAuthorizationPolicy(
            policy=backing_policy)
        result = policy.permits(pretend.stub(), pretend.stub(), pretend.stub())

        assert result == WarehouseDenied("")
        assert result.s == "There was no active request."
Esempio n. 5
0
    def test_permits_if_non_2fa_requireable_context(self, monkeypatch):
        request = pretend.stub()
        get_current_request = pretend.call_recorder(lambda: request)
        monkeypatch.setattr(security_policy, "get_current_request",
                            get_current_request)

        permits_result = Allowed("Because")
        backing_policy = pretend.stub(
            permits=pretend.call_recorder(lambda *a, **kw: permits_result))
        policy = security_policy.TwoFactorAuthorizationPolicy(
            policy=backing_policy)
        result = policy.permits(pretend.stub(), pretend.stub(), pretend.stub())

        assert result == permits_result
Esempio n. 6
0
    def test_denies_if_2fa_is_required_but_user_doesnt_have_2fa(
        self,
        monkeypatch,
        owners_require_2fa,
        pypi_mandates_2fa,
        reason,
        db_request,
    ):
        db_request.registry.settings = {
            "warehouse.two_factor_requirement.enabled": owners_require_2fa,
            "warehouse.two_factor_mandate.enabled": pypi_mandates_2fa,
        }
        user = pretend.stub(has_two_factor=False)
        db_request.user = user
        get_current_request = pretend.call_recorder(lambda: db_request)
        monkeypatch.setattr(security_policy, "get_current_request",
                            get_current_request)

        permits_result = Allowed("Because")
        backing_policy = pretend.stub(
            permits=pretend.call_recorder(lambda *a, **kw: permits_result))
        policy = security_policy.TwoFactorAuthorizationPolicy(
            policy=backing_policy)
        context = ProjectFactory.create(owners_require_2fa=owners_require_2fa,
                                        pypi_mandates_2fa=pypi_mandates_2fa)
        result = policy.permits(context, pretend.stub(), pretend.stub())

        summary = {
            "owners_require_2fa":
            ("This project requires two factor authentication to be enabled "
             "for all contributors.", ),
            "pypi_mandates_2fa":
            ("PyPI requires two factor authentication to be enabled "
             "for all contributors to this project.", ),
        }[reason]

        assert result == WarehouseDenied(summary, reason="two_factor_required")