def test_recovery_codes_regenerate(self, email_log):
interface = RecoveryCodeInterface()
interface.enroll(self.user)
url = reverse('sentry-api-0-user-authenticator-details',
kwargs={
'user_id': self.user.id,
'auth_id': interface.authenticator.id,
})
resp = self.client.get(url)
assert resp.status_code == 200
old_codes = resp.data['codes']
old_created_at = resp.data['createdAt']
resp = self.client.get(url)
assert old_codes == resp.data['codes']
assert old_created_at == resp.data['createdAt']
# regenerate codes
tomorrow = timezone.now() + datetime.timedelta(days=1)
with mock.patch.object(timezone, 'now', return_value=tomorrow):
resp = self.client.put(url)
resp = self.client.get(url)
assert old_codes != resp.data['codes']
assert old_created_at != resp.data['createdAt']
self._assert_security_email_sent('recovery-codes-regenerated',
email_log)
def test_recovery_codes_regenerate(self, email_log):
interface = RecoveryCodeInterface()
interface.enroll(self.user)
url = reverse(
"sentry-api-0-user-authenticator-details",
kwargs={
"user_id": self.user.id,
"auth_id": interface.authenticator.id
},
)
resp = self.client.get(url)
assert resp.status_code == 200
old_codes = resp.data["codes"]
old_created_at = resp.data["createdAt"]
resp = self.client.get(url)
assert old_codes == resp.data["codes"]
assert old_created_at == resp.data["createdAt"]
# regenerate codes
tomorrow = timezone.now() + datetime.timedelta(days=1)
with mock.patch.object(timezone, "now", return_value=tomorrow):
resp = self.client.put(url)
resp = self.client.get(url)
assert old_codes != resp.data["codes"]
assert old_created_at != resp.data["createdAt"]
self._assert_security_email_sent("recovery-codes-regenerated",
email_log)
def test_recovery_codes_regenerate(self, email_log):
interface = RecoveryCodeInterface()
interface.enroll(self.user)
url = reverse('sentry-api-0-user-authenticator-details',
kwargs={
'user_id': self.user.id,
'auth_id': interface.authenticator.id,
})
resp = self.client.get(url)
assert resp.status_code == 200
old_codes = resp.data['codes']
resp = self.client.get(url)
assert old_codes == resp.data['codes']
# regenerate codes
resp = self.client.put(url)
resp = self.client.get(url)
assert old_codes != resp.data['codes']
self._assert_security_email_sent('recovery-codes-regenerated',
email_log)
def test_recovery_codes_regenerate(self, email_log):
interface = RecoveryCodeInterface()
interface.enroll(self.user)
url = reverse(
'sentry-api-0-user-authenticator-details',
kwargs={
'user_id': self.user.id,
'auth_id': interface.authenticator.id,
}
)
resp = self.client.get(url)
assert resp.status_code == 200
old_codes = resp.data['codes']
old_created_at = resp.data['createdAt']
resp = self.client.get(url)
assert old_codes == resp.data['codes']
assert old_created_at == resp.data['createdAt']
# regenerate codes
tomorrow = timezone.now() + datetime.timedelta(days=1)
with mock.patch.object(timezone, 'now', return_value=tomorrow):
resp = self.client.put(url)
resp = self.client.get(url)
assert old_codes != resp.data['codes']
assert old_created_at != resp.data['createdAt']
self._assert_security_email_sent('recovery-codes-regenerated', email_log)
def test_recovery_codes_regenerate(self, email_log):
interface = RecoveryCodeInterface()
interface.enroll(self.user)
url = reverse(
'sentry-api-0-user-authenticator-details',
kwargs={
'user_id': self.user.id,
'auth_id': interface.authenticator.id,
}
)
resp = self.client.get(url)
assert resp.status_code == 200
old_codes = resp.data['codes']
resp = self.client.get(url)
assert old_codes == resp.data['codes']
# regenerate codes
resp = self.client.put(url)
resp = self.client.get(url)
assert old_codes != resp.data['codes']
self._assert_security_email_sent('recovery-codes-regenerated', email_log)
def test_owner_can_only_reset_member_2fa(self):
self.login_as(self.owner)
path = reverse('sentry-api-0-user-authenticator-details',
args=[self.member.id, self.interface_id])
resp = self.client.get(path)
assert resp.status_code == 403
# cannot regenerate recovery codes
recovery = RecoveryCodeInterface()
recovery.enroll(self.user)
path = reverse('sentry-api-0-user-authenticator-details',
args=[self.member.id, recovery.authenticator.id])
resp = self.client.put(path)
assert resp.status_code == 403
def test_get_recovery_codes(self):
interface = RecoveryCodeInterface()
interface.enroll(self.user)
url = reverse('sentry-api-0-user-authenticator-details',
kwargs={
'user_id': self.user.id,
'auth_id': interface.authenticator.id,
})
resp = self.client.get(url)
assert resp.status_code == 200
assert resp.data['id'] == "recovery"
assert resp.data['authId'] == six.text_type(interface.authenticator.id)
assert len(resp.data['codes'])
def test_owner_can_only_reset_member_2fa(self):
self.login_as(self.owner)
path = reverse(
'sentry-api-0-user-authenticator-details', args=[self.member.id, self.interface_id]
)
resp = self.client.get(path)
assert resp.status_code == 403
# cannot regenerate recovery codes
recovery = RecoveryCodeInterface()
recovery.enroll(self.user)
path = reverse(
'sentry-api-0-user-authenticator-details', args=[self.member.id, recovery.authenticator.id]
)
resp = self.client.put(path)
assert resp.status_code == 403
def test_get_recovery_codes(self):
interface = RecoveryCodeInterface()
interface.enroll(self.user)
url = reverse(
'sentry-api-0-user-authenticator-details',
kwargs={
'user_id': self.user.id,
'auth_id': interface.authenticator.id,
}
)
resp = self.client.get(url)
assert resp.status_code == 200
assert resp.data['id'] == "recovery"
assert resp.data['authId'] == six.text_type(interface.authenticator.id)
assert len(resp.data['codes'])
def test_get_recovery_codes(self, email_log):
interface = RecoveryCodeInterface()
interface.enroll(self.user)
url = reverse(
"sentry-api-0-user-authenticator-details",
kwargs={
"user_id": self.user.id,
"auth_id": interface.authenticator.id
},
)
resp = self.client.get(url)
assert resp.status_code == 200
assert resp.data["id"] == "recovery"
assert resp.data["authId"] == six.text_type(interface.authenticator.id)
assert len(resp.data["codes"])
assert email_log.info.call_count == 0