def test_require_2fa__cannot_delete_last_auth(self, email_log):
self._require_2fa_for_organization()
# enroll in one auth method
interface = TotpInterface()
interface.enroll(self.user)
auth = interface.authenticator
url = reverse(
'sentry-api-0-user-authenticator-details',
kwargs={
'user_id': self.user.id,
'auth_id': auth.id,
}
)
resp = self.client.delete(url, format='json')
assert resp.status_code == 403, (resp.status_code, resp.content)
self.assertIn('requires 2FA', resp.content)
assert Authenticator.objects.filter(
id=auth.id,
).exists()
assert email_log.info.call_count == 0
def setUp(self):
self.owner = self.create_user()
self.org = self.create_organization(owner=self.owner)
self.member = self.create_user()
self.member_om = self.create_member(
organization=self.org, user=self.member, role="member", teams=[]
)
self.login_as(self.member)
totp = TotpInterface()
totp.enroll(self.member)
self.interface_id = totp.authenticator.id
assert Authenticator.objects.filter(user=self.member).exists()
def setUp(self):
self.owner = self.create_user()
self.org = self.create_organization(owner=self.owner)
self.member = self.create_user()
self.member_om = self.create_member(
organization=self.org,
user=self.member,
role='member',
teams=[],
)
self.login_as(self.member)
totp = TotpInterface()
totp.enroll(self.member)
self.interface_id = totp.authenticator.id
assert Authenticator.objects.filter(user=self.member).exists()
def test_get_authenticator_details(self):
interface = TotpInterface()
interface.enroll(self.user)
auth = interface.authenticator
url = reverse('sentry-api-0-user-authenticator-details',
kwargs={
'user_id': self.user.id,
'auth_id': auth.id,
})
resp = self.client.get(url)
assert resp.status_code == 200
assert resp.data['isEnrolled']
assert resp.data['id'] == "totp"
assert resp.data['authId'] == six.text_type(auth.id)
# should not have these because enrollment
assert 'totp_secret' not in resp.data
assert 'form' not in resp.data
assert 'qrcode' not in resp.data
def test_require_2fa__cannot_delete_last_auth(self, email_log):
self._require_2fa_for_organization()
# enroll in one auth method
interface = TotpInterface()
interface.enroll(self.user)
auth = interface.authenticator
url = reverse('sentry-api-0-user-authenticator-details',
kwargs={
'user_id': self.user.id,
'auth_id': auth.id,
})
resp = self.client.delete(url, format='json')
assert resp.status_code == 403, (resp.status_code, resp.content)
self.assertIn('requires 2FA', resp.content)
assert Authenticator.objects.filter(id=auth.id, ).exists()
assert email_log.info.call_count == 0
def test_get_authenticator_details(self):
interface = TotpInterface()
interface.enroll(self.user)
auth = interface.authenticator
url = reverse(
"sentry-api-0-user-authenticator-details",
kwargs={
"user_id": self.user.id,
"auth_id": auth.id
},
)
resp = self.client.get(url)
assert resp.status_code == 200
assert resp.data["isEnrolled"]
assert resp.data["id"] == "totp"
assert resp.data["authId"] == six.text_type(auth.id)
# should not have these because enrollment
assert "totp_secret" not in resp.data
assert "form" not in resp.data
assert "qrcode" not in resp.data
def test_get_authenticator_details(self):
interface = TotpInterface()
interface.enroll(self.user)
auth = interface.authenticator
url = reverse(
'sentry-api-0-user-authenticator-details',
kwargs={
'user_id': self.user.id,
'auth_id': auth.id,
}
)
resp = self.client.get(url)
assert resp.status_code == 200
assert resp.data['isEnrolled']
assert resp.data['id'] == "totp"
assert resp.data['authId'] == six.text_type(auth.id)
# should not have these because enrollment
assert 'totp_secret' not in resp.data
assert 'form' not in resp.data
assert 'qrcode' not in resp.data
def test_various_options(self):
org = self.create_organization(owner=self.user)
initial = org.get_audit_log_data()
AuditLogEntry.objects.filter(organization=org).delete()
self.login_as(user=self.user)
url = reverse("sentry-api-0-organization-details",
kwargs={"organization_slug": org.slug})
data = {
"openMembership": False,
"isEarlyAdopter": True,
"allowSharedIssues": False,
"enhancedPrivacy": True,
"dataScrubber": True,
"dataScrubberDefaults": True,
"sensitiveFields": [u"password"],
"safeFields": [u"email"],
"storeCrashReports": 10,
"scrubIPAddresses": True,
"scrapeJavaScript": False,
"defaultRole": "owner",
"require2FA": True,
"allowJoinRequests": False,
}
# needed to set require2FA
interface = TotpInterface()
interface.enroll(self.user)
assert Authenticator.objects.user_has_2fa(self.user)
response = self.client.put(url, data=data)
assert response.status_code == 200, response.content
org = Organization.objects.get(id=org.id)
assert initial != org.get_audit_log_data()
assert org.flags.early_adopter
assert not org.flags.allow_joinleave
assert org.flags.disable_shared_issues
assert org.flags.enhanced_privacy
assert org.flags.require_2fa
assert org.default_role == "owner"
options = {
o.key: o.value
for o in OrganizationOption.objects.filter(organization=org)
}
assert options.get("sentry:require_scrub_defaults")
assert options.get("sentry:require_scrub_data")
assert options.get("sentry:require_scrub_ip_address")
assert options.get("sentry:sensitive_fields") == ["password"]
assert options.get("sentry:safe_fields") == ["email"]
assert options.get("sentry:store_crash_reports") == 10
assert options.get("sentry:scrape_javascript") is False
assert options.get("sentry:join_requests") is False
# log created
log = AuditLogEntry.objects.get(organization=org)
assert log.get_event_display() == "org.edit"
# org fields & flags
assert u"to {}".format(data["defaultRole"]) in log.data["default_role"]
assert u"to {}".format(
data["openMembership"]) in log.data["allow_joinleave"]
assert u"to {}".format(
data["isEarlyAdopter"]) in log.data["early_adopter"]
assert u"to {}".format(
data["enhancedPrivacy"]) in log.data["enhanced_privacy"]
assert u"to {}".format(
not data["allowSharedIssues"]) in log.data["disable_shared_issues"]
assert u"to {}".format(data["require2FA"]) in log.data["require_2fa"]
# org options
assert u"to {}".format(
data["dataScrubber"]) in log.data["dataScrubber"]
assert u"to {}".format(
data["dataScrubberDefaults"]) in log.data["dataScrubberDefaults"]
assert u"to {}".format(
data["sensitiveFields"]) in log.data["sensitiveFields"]
assert u"to {}".format(data["safeFields"]) in log.data["safeFields"]
assert u"to {}".format(
data["storeCrashReports"]) in log.data["storeCrashReports"]
assert u"to {}".format(
data["scrubIPAddresses"]) in log.data["scrubIPAddresses"]
assert u"to {}".format(
data["scrapeJavaScript"]) in log.data["scrapeJavaScript"]
assert u"to {}".format(
data["allowJoinRequests"]) in log.data["allowJoinRequests"]
def test_various_options(self):
org = self.create_organization(owner=self.user)
initial = org.get_audit_log_data()
AuditLogEntry.objects.filter(organization=org).delete()
self.login_as(user=self.user)
url = reverse(
'sentry-api-0-organization-details', kwargs={
'organization_slug': org.slug,
}
)
data = {
'openMembership': False,
'isEarlyAdopter': True,
'allowSharedIssues': False,
'enhancedPrivacy': True,
'dataScrubber': True,
'dataScrubberDefaults': True,
'sensitiveFields': [u'password'],
'safeFields': [u'email'],
'storeCrashReports': True,
'scrubIPAddresses': True,
'scrapeJavaScript': False,
'defaultRole': 'owner',
'require2FA': True
}
# needed to set require2FA
interface = TotpInterface()
interface.enroll(self.user)
assert Authenticator.objects.user_has_2fa(self.user)
response = self.client.put(url, data=data)
assert response.status_code == 200, response.content
org = Organization.objects.get(id=org.id)
assert initial != org.get_audit_log_data()
assert org.flags.early_adopter
assert not org.flags.allow_joinleave
assert org.flags.disable_shared_issues
assert org.flags.enhanced_privacy
assert org.flags.require_2fa
assert org.default_role == 'owner'
options = {o.key: o.value for o in OrganizationOption.objects.filter(
organization=org,
)}
assert options.get('sentry:require_scrub_defaults')
assert options.get('sentry:require_scrub_data')
assert options.get('sentry:require_scrub_ip_address')
assert options.get('sentry:sensitive_fields') == ['password']
assert options.get('sentry:safe_fields') == ['email']
assert options.get('sentry:store_crash_reports') is True
assert options.get('sentry:scrape_javascript') is False
# log created
log = AuditLogEntry.objects.get(organization=org)
assert log.get_event_display() == 'org.edit'
# org fields & flags
assert u'to {}'.format(data['defaultRole']) in log.data['default_role']
assert u'to {}'.format(data['openMembership']) in log.data['allow_joinleave']
assert u'to {}'.format(data['isEarlyAdopter']) in log.data['early_adopter']
assert u'to {}'.format(data['enhancedPrivacy']) in log.data['enhanced_privacy']
assert u'to {}'.format(not data['allowSharedIssues']) in log.data['disable_shared_issues']
assert u'to {}'.format(data['require2FA']) in log.data['require_2fa']
# org options
assert u'to {}'.format(data['dataScrubber']) in log.data['dataScrubber']
assert u'to {}'.format(data['dataScrubberDefaults']) in log.data['dataScrubberDefaults']
assert u'to {}'.format(data['sensitiveFields']) in log.data['sensitiveFields']
assert u'to {}'.format(data['safeFields']) in log.data['safeFields']
assert u'to {}'.format(data['scrubIPAddresses']) in log.data['scrubIPAddresses']
assert u'to {}'.format(data['scrapeJavaScript']) in log.data['scrapeJavaScript']
def _enroll_user_in_2fa(self):
interface = TotpInterface()
interface.enroll(self.user)
self.assertTrue(Authenticator.objects.user_has_2fa(self.user))
def _enroll_user_in_2fa(self):
interface = TotpInterface()
interface.enroll(self.user)
self.assertTrue(Authenticator.objects.user_has_2fa(self.user))
def test_various_options(self):
org = self.create_organization(owner=self.user)
initial = org.get_audit_log_data()
AuditLogEntry.objects.filter(organization=org).delete()
self.login_as(user=self.user)
url = reverse('sentry-api-0-organization-details',
kwargs={
'organization_slug': org.slug,
})
data = {
'openMembership': False,
'isEarlyAdopter': True,
'allowSharedIssues': False,
'enhancedPrivacy': True,
'dataScrubber': True,
'dataScrubberDefaults': True,
'sensitiveFields': [u'password'],
'safeFields': [u'email'],
'storeCrashReports': True,
'scrubIPAddresses': True,
'scrapeJavaScript': False,
'defaultRole': 'owner',
'require2FA': True
}
# needed to set require2FA
interface = TotpInterface()
interface.enroll(self.user)
assert Authenticator.objects.user_has_2fa(self.user)
response = self.client.put(url, data=data)
assert response.status_code == 200, response.content
org = Organization.objects.get(id=org.id)
assert initial != org.get_audit_log_data()
assert org.flags.early_adopter
assert not org.flags.allow_joinleave
assert org.flags.disable_shared_issues
assert org.flags.enhanced_privacy
assert org.flags.require_2fa
assert org.default_role == 'owner'
options = {
o.key: o.value
for o in OrganizationOption.objects.filter(organization=org, )
}
assert options.get('sentry:require_scrub_defaults')
assert options.get('sentry:require_scrub_data')
assert options.get('sentry:require_scrub_ip_address')
assert options.get('sentry:sensitive_fields') == ['password']
assert options.get('sentry:safe_fields') == ['email']
assert options.get('sentry:store_crash_reports') is True
assert options.get('sentry:scrape_javascript') is False
# log created
log = AuditLogEntry.objects.get(organization=org)
assert log.get_event_display() == 'org.edit'
# org fields & flags
assert u'to {}'.format(data['defaultRole']) in log.data['default_role']
assert u'to {}'.format(
data['openMembership']) in log.data['allow_joinleave']
assert u'to {}'.format(
data['isEarlyAdopter']) in log.data['early_adopter']
assert u'to {}'.format(
data['enhancedPrivacy']) in log.data['enhanced_privacy']
assert u'to {}'.format(
not data['allowSharedIssues']) in log.data['disable_shared_issues']
assert u'to {}'.format(data['require2FA']) in log.data['require_2fa']
# org options
assert u'to {}'.format(
data['dataScrubber']) in log.data['dataScrubber']
assert u'to {}'.format(
data['dataScrubberDefaults']) in log.data['dataScrubberDefaults']
assert u'to {}'.format(
data['sensitiveFields']) in log.data['sensitiveFields']
assert u'to {}'.format(data['safeFields']) in log.data['safeFields']
assert u'to {}'.format(
data['scrubIPAddresses']) in log.data['scrubIPAddresses']
assert u'to {}'.format(
data['scrapeJavaScript']) in log.data['scrapeJavaScript']
