def test_prevent_confirmation_replay_attacks(self):
# Ensure that if the workflow requires two confirmations, e.g. first
# the user confirming their subscription, and then the moderator
# approving it, that different tokens are used in these two cases.
self._mlist.unsubscription_policy = (
SubscriptionPolicy.confirm_then_moderate)
workflow = UnSubscriptionWorkflow(self._mlist, self.anne)
# Run the state machine up to the first confirmation, and cache the
# confirmation token.
list(workflow)
token = workflow.token
# Anne is still a member of the mailing list.
member = self._mlist.regular_members.get_member(self._anne)
self.assertIsNotNone(member)
self.assertIsNotNone(workflow.member)
# The token is owned by the subscriber.
self.assertIsNotNone(workflow.token)
self.assertEqual(workflow.token_owner, TokenOwner.subscriber)
# The old token will not work for moderator approval.
moderator_workflow = UnSubscriptionWorkflow(self._mlist)
moderator_workflow.token = token
moderator_workflow.restore()
list(moderator_workflow)
# The token is owned by the moderator.
self.assertIsNotNone(moderator_workflow.token)
self.assertEqual(moderator_workflow.token_owner, TokenOwner.moderator)
# While we wait for the moderator to approve the subscription, note
# that there's a new token for the next steps.
self.assertNotEqual(token, moderator_workflow.token)
# The old token won't work.
final_workflow = UnSubscriptionWorkflow(self._mlist)
final_workflow.token = token
self.assertRaises(LookupError, final_workflow.restore)
# Running this workflow will fail.
self.assertRaises(AssertionError, list, final_workflow)
# Anne is still not unsubscribed.
member = self._mlist.regular_members.get_member(self._anne)
self.assertIsNotNone(member)
self.assertIsNone(final_workflow.member)
# However, if we use the new token, her unsubscription request will be
# approved by the moderator.
final_workflow.token = moderator_workflow.token
final_workflow.restore()
list(final_workflow)
# And now Anne is unsubscribed.
member = self._mlist.regular_members.get_member(self._anne)
self.assertIsNone(member)
# No further token is needed.
self.assertIsNone(final_workflow.token)
self.assertEqual(final_workflow.token_owner, TokenOwner.no_one)
def test_do_confirmation_unsubscribes_address(self):
# Unsubscriptions to the mailing list must be confirmed. Once that's
# done, the address is unsubscribed.
address = self.anne.register('*****@*****.**')
self._mlist.subscribe(address)
self._mlist.unsubscription_policy = SubscriptionPolicy.confirm
workflow = UnSubscriptionWorkflow(self._mlist, address)
list(workflow)
# Bart is a member.
member = self._mlist.regular_members.get_member(
'*****@*****.**')
self.assertIsNotNone(member)
self.assertEqual(member, workflow.member)
# The token is owned by the subscriber.
self.assertIsNotNone(workflow.token)
self.assertEqual(workflow.token_owner, TokenOwner.subscriber)
# Confirm.
confirm_workflow = UnSubscriptionWorkflow(self._mlist)
confirm_workflow.token = workflow.token
confirm_workflow.restore()
list(confirm_workflow)
# Bart is now unsubscribed.
member = self._mlist.regular_members.get_member(
'*****@*****.**')
self.assertIsNone(member)
# No further token is needed.
self.assertIsNone(confirm_workflow.token)
self.assertEqual(confirm_workflow.token_owner, TokenOwner.no_one)
def test_do_confirmation_nonmember_final_step(self):
# Attempt to confirm the unsubscription of a member who has already
# been unsubscribed.
self._mlist.unsubscription_policy = SubscriptionPolicy.confirm
workflow = UnSubscriptionWorkflow(self._mlist, self.anne)
list(workflow)
# Anne is a member.
member = self._mlist.regular_members.get_member(self._anne)
self.assertIsNotNone(member)
self.assertEqual(member, workflow.member)
# The token is owned by the subscriber.
self.assertIsNotNone(workflow.token)
self.assertEqual(workflow.token_owner, TokenOwner.subscriber)
# Confirm.
confirm_workflow = UnSubscriptionWorkflow(self._mlist)
confirm_workflow.token = workflow.token
confirm_workflow.restore()
confirm_workflow.run_until('do_unsubscription')
self.assertEqual(member, confirm_workflow.member)
# Unsubscribe Anne out of band.
member.unsubscribe()
list(confirm_workflow)
self.assertIsNone(confirm_workflow.member)
# No further token is needed.
self.assertIsNone(confirm_workflow.token)
self.assertEqual(confirm_workflow.token_owner, TokenOwner.no_one)
def test_moderator_approves(self):
# The workflow runs until moderator approval is required, at which
# point the workflow is saved. Once the moderator approves, the
# workflow resumes and the user is unsubscribed.
self._mlist.unsubscription_policy = SubscriptionPolicy.moderate
workflow = UnSubscriptionWorkflow(self._mlist,
self.anne,
pre_confirmed=True)
# Run the entire workflow.
list(workflow)
# The user is currently subscribed to the mailing list.
member = self._mlist.regular_members.get_member(self._anne)
self.assertIsNotNone(member)
self.assertIsNotNone(workflow.member)
# The token is owned by the moderator.
self.assertIsNotNone(workflow.token)
self.assertEqual(workflow.token_owner, TokenOwner.moderator)
# Create a new workflow with the previous workflow's save token, and
# restore its state. This models an approved un-sunscription request
# and should result in the user getting subscribed.
approved_workflow = UnSubscriptionWorkflow(self._mlist)
approved_workflow.token = workflow.token
approved_workflow.restore()
list(approved_workflow)
# Now the user is unsubscribed from the mailing list.
member = self._mlist.regular_members.get_member(self._anne)
self.assertIsNone(member)
self.assertEqual(approved_workflow.member, member)
# No further token is needed.
self.assertIsNone(approved_workflow.token)
self.assertEqual(approved_workflow.token_owner, TokenOwner.no_one)
def test_confirmation_needed_moderator_address(self):
address = self.anne.register('*****@*****.**')
self._mlist.subscribe(address)
self._mlist.unsubscription_policy = SubscriptionPolicy.moderate
workflow = UnSubscriptionWorkflow(self._mlist, address)
# Get moderator approval.
list(workflow)
approved_workflow = UnSubscriptionWorkflow(self._mlist)
approved_workflow.token = workflow.token
approved_workflow.restore()
list(approved_workflow)
self.assertEqual(approved_workflow.subscriber, address)
# Anne was unsubscribed.
self.assertIsNone(approved_workflow.token)
self.assertEqual(approved_workflow.token_owner, TokenOwner.no_one)
self.assertIsNone(approved_workflow.member)
member = self._mlist.regular_members.get_member(
'*****@*****.**')
self.assertIsNone(member)
