def test_require_2fa__cannot_delete_last_auth(self, email_log): self._require_2fa_for_organization() # enroll in one auth method interface = TotpInterface() interface.enroll(self.user) auth = interface.authenticator url = reverse( 'sentry-api-0-user-authenticator-details', kwargs={ 'user_id': self.user.id, 'auth_id': auth.id, } ) resp = self.client.delete(url, format='json') assert resp.status_code == 403, (resp.status_code, resp.content) self.assertIn('requires 2FA', resp.content) assert Authenticator.objects.filter( id=auth.id, ).exists() assert email_log.info.call_count == 0
def setUp(self): self.owner = self.create_user() self.org = self.create_organization(owner=self.owner) self.member = self.create_user() self.member_om = self.create_member( organization=self.org, user=self.member, role="member", teams=[] ) self.login_as(self.member) totp = TotpInterface() totp.enroll(self.member) self.interface_id = totp.authenticator.id assert Authenticator.objects.filter(user=self.member).exists()
def setUp(self): self.owner = self.create_user() self.org = self.create_organization(owner=self.owner) self.member = self.create_user() self.member_om = self.create_member( organization=self.org, user=self.member, role='member', teams=[], ) self.login_as(self.member) totp = TotpInterface() totp.enroll(self.member) self.interface_id = totp.authenticator.id assert Authenticator.objects.filter(user=self.member).exists()
def test_get_authenticator_details(self): interface = TotpInterface() interface.enroll(self.user) auth = interface.authenticator url = reverse('sentry-api-0-user-authenticator-details', kwargs={ 'user_id': self.user.id, 'auth_id': auth.id, }) resp = self.client.get(url) assert resp.status_code == 200 assert resp.data['isEnrolled'] assert resp.data['id'] == "totp" assert resp.data['authId'] == six.text_type(auth.id) # should not have these because enrollment assert 'totp_secret' not in resp.data assert 'form' not in resp.data assert 'qrcode' not in resp.data
def test_require_2fa__cannot_delete_last_auth(self, email_log): self._require_2fa_for_organization() # enroll in one auth method interface = TotpInterface() interface.enroll(self.user) auth = interface.authenticator url = reverse('sentry-api-0-user-authenticator-details', kwargs={ 'user_id': self.user.id, 'auth_id': auth.id, }) resp = self.client.delete(url, format='json') assert resp.status_code == 403, (resp.status_code, resp.content) self.assertIn('requires 2FA', resp.content) assert Authenticator.objects.filter(id=auth.id, ).exists() assert email_log.info.call_count == 0
def test_get_authenticator_details(self): interface = TotpInterface() interface.enroll(self.user) auth = interface.authenticator url = reverse( "sentry-api-0-user-authenticator-details", kwargs={ "user_id": self.user.id, "auth_id": auth.id }, ) resp = self.client.get(url) assert resp.status_code == 200 assert resp.data["isEnrolled"] assert resp.data["id"] == "totp" assert resp.data["authId"] == six.text_type(auth.id) # should not have these because enrollment assert "totp_secret" not in resp.data assert "form" not in resp.data assert "qrcode" not in resp.data
def test_get_authenticator_details(self): interface = TotpInterface() interface.enroll(self.user) auth = interface.authenticator url = reverse( 'sentry-api-0-user-authenticator-details', kwargs={ 'user_id': self.user.id, 'auth_id': auth.id, } ) resp = self.client.get(url) assert resp.status_code == 200 assert resp.data['isEnrolled'] assert resp.data['id'] == "totp" assert resp.data['authId'] == six.text_type(auth.id) # should not have these because enrollment assert 'totp_secret' not in resp.data assert 'form' not in resp.data assert 'qrcode' not in resp.data
def test_various_options(self): org = self.create_organization(owner=self.user) initial = org.get_audit_log_data() AuditLogEntry.objects.filter(organization=org).delete() self.login_as(user=self.user) url = reverse("sentry-api-0-organization-details", kwargs={"organization_slug": org.slug}) data = { "openMembership": False, "isEarlyAdopter": True, "allowSharedIssues": False, "enhancedPrivacy": True, "dataScrubber": True, "dataScrubberDefaults": True, "sensitiveFields": [u"password"], "safeFields": [u"email"], "storeCrashReports": 10, "scrubIPAddresses": True, "scrapeJavaScript": False, "defaultRole": "owner", "require2FA": True, "allowJoinRequests": False, } # needed to set require2FA interface = TotpInterface() interface.enroll(self.user) assert Authenticator.objects.user_has_2fa(self.user) response = self.client.put(url, data=data) assert response.status_code == 200, response.content org = Organization.objects.get(id=org.id) assert initial != org.get_audit_log_data() assert org.flags.early_adopter assert not org.flags.allow_joinleave assert org.flags.disable_shared_issues assert org.flags.enhanced_privacy assert org.flags.require_2fa assert org.default_role == "owner" options = { o.key: o.value for o in OrganizationOption.objects.filter(organization=org) } assert options.get("sentry:require_scrub_defaults") assert options.get("sentry:require_scrub_data") assert options.get("sentry:require_scrub_ip_address") assert options.get("sentry:sensitive_fields") == ["password"] assert options.get("sentry:safe_fields") == ["email"] assert options.get("sentry:store_crash_reports") == 10 assert options.get("sentry:scrape_javascript") is False assert options.get("sentry:join_requests") is False # log created log = AuditLogEntry.objects.get(organization=org) assert log.get_event_display() == "org.edit" # org fields & flags assert u"to {}".format(data["defaultRole"]) in log.data["default_role"] assert u"to {}".format( data["openMembership"]) in log.data["allow_joinleave"] assert u"to {}".format( data["isEarlyAdopter"]) in log.data["early_adopter"] assert u"to {}".format( data["enhancedPrivacy"]) in log.data["enhanced_privacy"] assert u"to {}".format( not data["allowSharedIssues"]) in log.data["disable_shared_issues"] assert u"to {}".format(data["require2FA"]) in log.data["require_2fa"] # org options assert u"to {}".format( data["dataScrubber"]) in log.data["dataScrubber"] assert u"to {}".format( data["dataScrubberDefaults"]) in log.data["dataScrubberDefaults"] assert u"to {}".format( data["sensitiveFields"]) in log.data["sensitiveFields"] assert u"to {}".format(data["safeFields"]) in log.data["safeFields"] assert u"to {}".format( data["storeCrashReports"]) in log.data["storeCrashReports"] assert u"to {}".format( data["scrubIPAddresses"]) in log.data["scrubIPAddresses"] assert u"to {}".format( data["scrapeJavaScript"]) in log.data["scrapeJavaScript"] assert u"to {}".format( data["allowJoinRequests"]) in log.data["allowJoinRequests"]
def test_various_options(self): org = self.create_organization(owner=self.user) initial = org.get_audit_log_data() AuditLogEntry.objects.filter(organization=org).delete() self.login_as(user=self.user) url = reverse( 'sentry-api-0-organization-details', kwargs={ 'organization_slug': org.slug, } ) data = { 'openMembership': False, 'isEarlyAdopter': True, 'allowSharedIssues': False, 'enhancedPrivacy': True, 'dataScrubber': True, 'dataScrubberDefaults': True, 'sensitiveFields': [u'password'], 'safeFields': [u'email'], 'storeCrashReports': True, 'scrubIPAddresses': True, 'scrapeJavaScript': False, 'defaultRole': 'owner', 'require2FA': True } # needed to set require2FA interface = TotpInterface() interface.enroll(self.user) assert Authenticator.objects.user_has_2fa(self.user) response = self.client.put(url, data=data) assert response.status_code == 200, response.content org = Organization.objects.get(id=org.id) assert initial != org.get_audit_log_data() assert org.flags.early_adopter assert not org.flags.allow_joinleave assert org.flags.disable_shared_issues assert org.flags.enhanced_privacy assert org.flags.require_2fa assert org.default_role == 'owner' options = {o.key: o.value for o in OrganizationOption.objects.filter( organization=org, )} assert options.get('sentry:require_scrub_defaults') assert options.get('sentry:require_scrub_data') assert options.get('sentry:require_scrub_ip_address') assert options.get('sentry:sensitive_fields') == ['password'] assert options.get('sentry:safe_fields') == ['email'] assert options.get('sentry:store_crash_reports') is True assert options.get('sentry:scrape_javascript') is False # log created log = AuditLogEntry.objects.get(organization=org) assert log.get_event_display() == 'org.edit' # org fields & flags assert u'to {}'.format(data['defaultRole']) in log.data['default_role'] assert u'to {}'.format(data['openMembership']) in log.data['allow_joinleave'] assert u'to {}'.format(data['isEarlyAdopter']) in log.data['early_adopter'] assert u'to {}'.format(data['enhancedPrivacy']) in log.data['enhanced_privacy'] assert u'to {}'.format(not data['allowSharedIssues']) in log.data['disable_shared_issues'] assert u'to {}'.format(data['require2FA']) in log.data['require_2fa'] # org options assert u'to {}'.format(data['dataScrubber']) in log.data['dataScrubber'] assert u'to {}'.format(data['dataScrubberDefaults']) in log.data['dataScrubberDefaults'] assert u'to {}'.format(data['sensitiveFields']) in log.data['sensitiveFields'] assert u'to {}'.format(data['safeFields']) in log.data['safeFields'] assert u'to {}'.format(data['scrubIPAddresses']) in log.data['scrubIPAddresses'] assert u'to {}'.format(data['scrapeJavaScript']) in log.data['scrapeJavaScript']
def _enroll_user_in_2fa(self): interface = TotpInterface() interface.enroll(self.user) self.assertTrue(Authenticator.objects.user_has_2fa(self.user))
def _enroll_user_in_2fa(self): interface = TotpInterface() interface.enroll(self.user) self.assertTrue(Authenticator.objects.user_has_2fa(self.user))
def test_various_options(self): org = self.create_organization(owner=self.user) initial = org.get_audit_log_data() AuditLogEntry.objects.filter(organization=org).delete() self.login_as(user=self.user) url = reverse('sentry-api-0-organization-details', kwargs={ 'organization_slug': org.slug, }) data = { 'openMembership': False, 'isEarlyAdopter': True, 'allowSharedIssues': False, 'enhancedPrivacy': True, 'dataScrubber': True, 'dataScrubberDefaults': True, 'sensitiveFields': [u'password'], 'safeFields': [u'email'], 'storeCrashReports': True, 'scrubIPAddresses': True, 'scrapeJavaScript': False, 'defaultRole': 'owner', 'require2FA': True } # needed to set require2FA interface = TotpInterface() interface.enroll(self.user) assert Authenticator.objects.user_has_2fa(self.user) response = self.client.put(url, data=data) assert response.status_code == 200, response.content org = Organization.objects.get(id=org.id) assert initial != org.get_audit_log_data() assert org.flags.early_adopter assert not org.flags.allow_joinleave assert org.flags.disable_shared_issues assert org.flags.enhanced_privacy assert org.flags.require_2fa assert org.default_role == 'owner' options = { o.key: o.value for o in OrganizationOption.objects.filter(organization=org, ) } assert options.get('sentry:require_scrub_defaults') assert options.get('sentry:require_scrub_data') assert options.get('sentry:require_scrub_ip_address') assert options.get('sentry:sensitive_fields') == ['password'] assert options.get('sentry:safe_fields') == ['email'] assert options.get('sentry:store_crash_reports') is True assert options.get('sentry:scrape_javascript') is False # log created log = AuditLogEntry.objects.get(organization=org) assert log.get_event_display() == 'org.edit' # org fields & flags assert u'to {}'.format(data['defaultRole']) in log.data['default_role'] assert u'to {}'.format( data['openMembership']) in log.data['allow_joinleave'] assert u'to {}'.format( data['isEarlyAdopter']) in log.data['early_adopter'] assert u'to {}'.format( data['enhancedPrivacy']) in log.data['enhanced_privacy'] assert u'to {}'.format( not data['allowSharedIssues']) in log.data['disable_shared_issues'] assert u'to {}'.format(data['require2FA']) in log.data['require_2fa'] # org options assert u'to {}'.format( data['dataScrubber']) in log.data['dataScrubber'] assert u'to {}'.format( data['dataScrubberDefaults']) in log.data['dataScrubberDefaults'] assert u'to {}'.format( data['sensitiveFields']) in log.data['sensitiveFields'] assert u'to {}'.format(data['safeFields']) in log.data['safeFields'] assert u'to {}'.format( data['scrubIPAddresses']) in log.data['scrubIPAddresses'] assert u'to {}'.format( data['scrapeJavaScript']) in log.data['scrapeJavaScript']