def test_bump_version_in_model(self, mock_sign_file): # We want to make sure each file has been signed. self.file2 = amo.tests.file_factory(version=self.version) self.file2.update(filename='jetpack-b.xpi') backup_file2_path = u'{0}.backup_signature'.format( self.file2.file_path) try: fpath = 'src/olympia/files/fixtures/files/jetpack.xpi' with amo.tests.copy_file(fpath, self.file_.file_path): with amo.tests.copy_file( 'src/olympia/files/fixtures/files/jetpack.xpi', self.file2.file_path): file_hash = self.file_.generate_hash() file2_hash = self.file2.generate_hash() assert self.version.version == '1.3' assert self.version.version_int == version_int('1.3') tasks.sign_addons([self.addon.pk]) assert mock_sign_file.call_count == 2 self.version.reload() assert self.version.version == '1.3.1-signed' assert self.version.version_int == version_int( '1.3.1-signed') assert file_hash != self.file_.generate_hash() assert file2_hash != self.file2.generate_hash() self.assert_backup() assert os.path.exists(backup_file2_path) finally: if os.path.exists(backup_file2_path): os.unlink(backup_file2_path)
def test_bump_version_in_model(self, mock_sign_file): # We want to make sure each file has been signed. self.file2 = amo.tests.file_factory(version=self.version) self.file2.update(filename='webextension-b.xpi') backup_file2_path = f'{self.file2.file_path}.backup_signature' try: fpath = 'src/olympia/files/fixtures/files/webextension.xpi' with amo.tests.copy_file(fpath, self.file_.file_path): with amo.tests.copy_file( 'src/olympia/files/fixtures/files/webextension.xpi', self.file2.file_path, ): file_hash = self.file_.generate_hash() file2_hash = self.file2.generate_hash() assert self.version.version == '0.0.1' tasks.sign_addons([self.addon.pk]) assert mock_sign_file.call_count == 2 self.version.reload() assert self.version.version == '0.0.1.1-signed' assert file_hash != self.file_.generate_hash() assert file2_hash != self.file2.generate_hash() self.assert_backup() assert os.path.exists(backup_file2_path) finally: if os.path.exists(backup_file2_path): os.unlink(backup_file2_path)
def test_resign_only_current_versions(self, mock_sign_file): fname = './src/olympia/files/fixtures/files/webextension.xpi' new_current_version = amo.tests.version_factory(addon=self.addon, version='0.0.2') new_file = new_current_version.current_file with amo.tests.copy_file(fname, new_file.file_path): with amo.tests.copy_file(fname, self.file_.file_path): file_hash = self.file_.generate_hash() new_file_hash = new_file.generate_hash() tasks.sign_addons([self.addon.pk]) # Only one signing call since we only sign the most recent # versions assert mock_sign_file.call_count == 1 new_current_version.reload() assert new_current_version.version == '0.0.2.1-signed' assert new_file_hash != new_file.generate_hash() # Verify that the old version hasn't been resigned self.version.reload() assert self.version.version == '0.0.1' assert file_hash == self.file_.generate_hash()
def test_sign_full(self, mock_sign_file): """Use the signing server if files are approved.""" self.file_.update(status=amo.STATUS_APPROVED) with amo.tests.copy_file( 'src/olympia/files/fixtures/files/webextension.xpi', self.file_.file_path): tasks.sign_addons([self.addon.pk]) mock_sign_file.assert_called_with(self.file_)
def test_sign_full(self, mock_sign_file): """Use the signing server if files are approved.""" self.file_.update(status=amo.STATUS_PUBLIC) with amo.tests.copy_file( 'src/olympia/files/fixtures/files/jetpack.xpi', self.file_.file_path): tasks.sign_addons([self.addon.pk]) mock_sign_file.assert_called_with(self.file_, use_autograph=False)
def test_sign_full(self, mock_sign_file): """Use the signing server if files are approved.""" self.file_.update(status=amo.STATUS_PUBLIC) with amo.tests.copy_file( 'src/olympia/files/fixtures/files/jetpack.xpi', self.file_.file_path): tasks.sign_addons([self.addon.pk]) mock_sign_file.assert_called_with(self.file_)
def test_sign_prelim(self, mock_sign_file): """Use the prelim signing server if files aren't fully reviewed.""" self.file_.update(status=amo.STATUS_LITE) with amo.tests.copy_file( 'src/olympia/files/fixtures/files/jetpack.xpi', self.file_.file_path): tasks.sign_addons([self.addon.pk]) mock_sign_file.assert_called_with( self.file_, settings.PRELIMINARY_SIGNING_SERVER)
def test_sign_supported_applications(self, mock_sign_file): """Make sure we sign for all supported applications.""" with amo.tests.copy_file( 'src/olympia/files/fixtures/files/jetpack.xpi', self.file_.file_path): for app in (amo.ANDROID.id, amo.FIREFOX.id): self.max_appversion.update(application=app) tasks.sign_addons([self.addon.pk]) mock_sign_file.assert_called_with(self.file_) mock_sign_file.reset_mock()
def approve_for_addon(self): """This sets up the addon as approved for the current promoted group. The current version will be signed for approval, and if there's special signing needed for that group the version will be resigned.""" from olympia.lib.crypto.tasks import sign_addons self.approve_for_version(self.addon.current_version) if self.group.autograph_signing_states: sign_addons([self.addon.id], send_emails=False)
def test_sign_mail_cose_message_contains_addon_name(self, mock_sign_file): self.file_.update(status=amo.STATUS_APPROVED) AddonUser.objects.create(addon=self.addon, user_id=999) with amo.tests.copy_file( 'src/olympia/files/fixtures/files/webextension.xpi', self.file_.file_path): tasks.sign_addons([self.addon.pk]) mock_sign_file.assert_called_with(self.file_) assert 'Rændom add-on' in mail.outbox[0].message().as_string()
def test_dont_sign_dont_bump_version_bad_zipfile(self, mock_sign_file): with amo.tests.copy_file(__file__, self.file_.file_path): file_hash = self.file_.generate_hash() assert self.version.version == '0.0.1' tasks.sign_addons([self.addon.pk]) assert not mock_sign_file.called self.version.reload() assert self.version.version == '0.0.1' assert file_hash == self.file_.generate_hash() self.assert_no_backup()
def test_sign_mail(self, mock_sign_file): """Check that an email reason can be provided.""" self.file_.update(status=amo.STATUS_PUBLIC) AddonUser.objects.create(addon=self.addon, user_id=999) with amo.tests.copy_file( 'src/olympia/files/fixtures/files/jetpack.xpi', self.file_.file_path): tasks.sign_addons([self.addon.pk], reason='expiry') mock_sign_file.assert_called_with(self.file_) assert 'expiration' in mail.outbox[0].message().as_string()
def test_bump_version_in_model(self, mock_sign_file): fpath = 'src/olympia/files/fixtures/files/webextension.xpi' with amo.tests.copy_file(fpath, self.file_.file_path): file_hash = self.file_.generate_hash() assert self.version.version == '0.0.1' tasks.sign_addons([self.addon.pk]) assert mock_sign_file.call_count == 1 self.version.reload() assert self.version.version == '0.0.1.1-signed' assert file_hash != self.file_.generate_hash() self.assert_backup()
def test_sign_supported_applications(self, mock_sign_file): """Make sure we sign for all supported applications.""" with amo.tests.copy_file( 'src/olympia/files/fixtures/files/jetpack.xpi', self.file_.file_path): for app in packaged.SIGN_FOR_APPS: self.max_appversion.update(application=app) tasks.sign_addons([self.addon.pk]) mock_sign_file.assert_called_with( self.file_, settings.SIGNING_SERVER) mock_sign_file.reset_mock()
def test_resign_and_bump_version_in_model(self, mock_sign_file): fname = './src/olympia/files/fixtures/files/webextension_signed_already.xpi' with amo.tests.copy_file(fname, self.file_.file_path): self.file_.update(is_signed=True) file_hash = self.file_.generate_hash() assert self.version.version == '0.0.1' tasks.sign_addons([self.addon.pk]) assert mock_sign_file.called self.version.reload() assert self.version.version == '0.0.1.1-signed' assert file_hash != self.file_.generate_hash() self.assert_backup()
def test_dont_sign_dont_bump_sign_error(self, mock_sign_file): mock_sign_file.side_effect = IOError() fpath = 'src/olympia/files/fixtures/files/webextension.xpi' with amo.tests.copy_file(fpath, self.file_.file_path): file_hash = self.file_.generate_hash() assert self.version.version == '0.0.1' tasks.sign_addons([self.addon.pk]) assert mock_sign_file.called self.version.reload() assert self.version.version == '0.0.1' assert file_hash == self.file_.generate_hash() self.assert_no_backup()
def test_dont_sign_dont_bump_version_bad_zipfile(self, mock_sign_file): with amo.tests.copy_file(__file__, self.file_.file_path): file_hash = self.file_.generate_hash() assert self.version.version == '1.3' assert self.version.version_int == version_int('1.3') tasks.sign_addons([self.addon.pk]) assert not mock_sign_file.called self.version.reload() assert self.version.version == '1.3' assert self.version.version_int == version_int('1.3') assert file_hash == self.file_.generate_hash() self.assert_no_backup()
def test_dont_bump_not_signed(self, mock_sign_file): mock_sign_file.return_value = None # Pretend we didn't sign. fpath = 'src/olympia/files/fixtures/files/webextension.xpi' with amo.tests.copy_file(fpath, self.file_.file_path): file_hash = self.file_.generate_hash() assert self.version.version == '0.0.1' tasks.sign_addons([self.addon.pk]) assert mock_sign_file.called self.version.reload() assert self.version.version == '0.0.1' assert file_hash == self.file_.generate_hash() self.assert_no_backup()
def handle(self, *args, **options): if len(args) == 0: # Sign all the addons? raise CommandError( 'Please provide at least one addon id to sign. If you want to ' 'sign them all, use the "process_addons --task sign_addons" ' 'management command.') full_server = options.get('signing_server') or settings.SIGNING_SERVER addon_ids = [int(addon_id) for addon_id in args] with override_settings(SIGNING_SERVER=full_server): sign_addons(addon_ids, force=options['force'], reason=options['reason'])
def handle(self, *args, **options): if len(args) == 0: # Sign all the addons? raise CommandError( 'Please provide at least one addon id to sign. If you want to ' 'sign them all, use the "process_addons --task sign_addons" ' 'management command.') full_server = options.get('signing_server') or settings.SIGNING_SERVER addon_ids = [int(addon_id) for addon_id in args] with override_settings( SIGNING_SERVER=full_server): sign_addons( addon_ids, force=options['force'], reason=options['reason'])
def test_dont_bump_not_signed(self, mock_sign_file): mock_sign_file.return_value = None # Pretend we didn't sign. fpath = 'src/olympia/files/fixtures/files/jetpack.xpi' with amo.tests.copy_file(fpath, self.file_.file_path): file_hash = self.file_.generate_hash() assert self.version.version == '1.3' assert self.version.version_int == version_int('1.3') tasks.sign_addons([self.addon.pk]) assert mock_sign_file.called self.version.reload() assert self.version.version == '1.3' assert self.version.version_int == version_int('1.3') assert file_hash == self.file_.generate_hash() self.assert_no_backup()
def test_no_bump_unreviewed(self, mock_sign_file): """Don't bump nor sign unreviewed files.""" for status in amo.UNREVIEWED_FILE_STATUSES: self.file_.update(status=status) fpath = 'src/olympia/files/fixtures/files/webextension.xpi' with amo.tests.copy_file(fpath, self.file_.file_path): file_hash = self.file_.generate_hash() assert self.version.version == '0.0.1' tasks.sign_addons([self.addon.pk]) assert not mock_sign_file.called self.version.reload() assert self.version.version == '0.0.1' assert file_hash == self.file_.generate_hash() self.assert_no_backup()
def test_dont_sign_dont_bump_sign_error(self, mock_sign_file): mock_sign_file.side_effect = IOError() fpath = 'src/olympia/files/fixtures/files/jetpack.xpi' with amo.tests.copy_file(fpath, self.file_.file_path): file_hash = self.file_.generate_hash() assert self.version.version == '1.3' assert self.version.version_int == version_int('1.3') tasks.sign_addons([self.addon.pk]) assert mock_sign_file.called self.version.reload() assert self.version.version == '1.3' assert self.version.version_int == version_int('1.3') assert file_hash == self.file_.generate_hash() self.assert_no_backup()
def test_sign_bump_non_ascii_version(self, mock_sign_file): """Sign versions which have non-ascii version numbers.""" self.version.update(version='é0.0.1') with amo.tests.copy_file( 'src/olympia/files/fixtures/files/webextension.xpi', self.file_.file_path): file_hash = self.file_.generate_hash() assert self.version.version == 'é0.0.1' tasks.sign_addons([self.addon.pk]) assert mock_sign_file.called self.version.reload() assert self.version.version == 'é0.0.1.1-signed' assert file_hash != self.file_.generate_hash() self.assert_backup()
def test_sign_bump_old_versions_default_compat(self, mock_sign_file): """Sign files which are old, but default to compatible.""" with amo.tests.copy_file( 'src/olympia/files/fixtures/files/webextension.xpi', self.file_.file_path): file_hash = self.file_.generate_hash() assert self.version.version == '0.0.1' self.set_max_appversion('4') tasks.sign_addons([self.addon.pk]) assert mock_sign_file.called self.version.reload() assert self.version.version == '0.0.1.1-signed' assert file_hash != self.file_.generate_hash() self.assert_backup()
def test_resign_bump_version_in_model_if_force(self, mock_sign_file): with amo.tests.copy_file( 'src/olympia/files/fixtures/files/new-addon-signature.xpi', self.file_.file_path): self.file_.update(is_signed=True) file_hash = self.file_.generate_hash() assert self.version.version == '1.3' assert self.version.version_int == version_int('1.3') tasks.sign_addons([self.addon.pk], force=True) assert mock_sign_file.called self.version.reload() assert self.version.version == '1.3.1-signed' assert self.version.version_int == version_int('1.3.1-signed') assert file_hash != self.file_.generate_hash() self.assert_backup()
def test_dont_sign_dont_bump_other_applications(self, mock_sign_file): """Don't sign files which are for applications we don't sign for.""" path = 'src/olympia/files/fixtures/files/jetpack.xpi' with amo.tests.copy_file(path, self.file_.file_path): file_hash = self.file_.generate_hash() assert self.version.version == '1.3' assert self.version.version_int == version_int('1.3') apps_without_signing = [app for app in amo.APPS_ALL.keys() if app not in packaged.SIGN_FOR_APPS] for app in apps_without_signing: self.max_appversion.update(application=app) tasks.sign_addons([self.addon.pk]) self.assert_not_signed(mock_sign_file, file_hash)
def test_no_bump_unreviewed(self, mock_sign_file): """Don't bump nor sign unreviewed files.""" for status in (amo.UNREVIEWED_STATUSES + (amo.STATUS_BETA,)): self.file_.update(status=amo.STATUS_UNREVIEWED) fpath = 'src/olympia/files/fixtures/files/jetpack.xpi' with amo.tests.copy_file(fpath, self.file_.file_path): file_hash = self.file_.generate_hash() assert self.version.version == '1.3' assert self.version.version_int == version_int('1.3') tasks.sign_addons([self.addon.pk]) assert not mock_sign_file.called self.version.reload() assert self.version.version == '1.3' assert self.version.version_int == version_int('1.3') assert file_hash == self.file_.generate_hash() self.assert_no_backup()
def test_sign_bump_old_versions_default_compat(self, mock_sign_file): """Sign files which are old, but default to compatible.""" with amo.tests.copy_file( 'src/olympia/files/fixtures/files/jetpack.xpi', self.file_.file_path): file_hash = self.file_.generate_hash() assert self.version.version == '1.3' assert self.version.version_int == version_int('1.3') self.set_max_appversion(settings.MIN_D2C_VERSION) tasks.sign_addons([self.addon.pk]) assert mock_sign_file.called self.version.reload() assert self.version.version == '1.3.1-signed' assert self.version.version_int == version_int('1.3.1-signed') assert file_hash != self.file_.generate_hash() self.assert_backup()
def test_sign_bump_non_ascii_version(self, mock_sign_file): """Sign versions which have non-ascii version numbers.""" self.version.update(version=u'é1.3') with amo.tests.copy_file( 'src/olympia/files/fixtures/files/jetpack.xpi', self.file_.file_path): file_hash = self.file_.generate_hash() assert self.version.version == u'é1.3' assert self.version.version_int == version_int('1.3') tasks.sign_addons([self.addon.pk]) assert mock_sign_file.called self.version.reload() assert self.version.version == u'é1.3.1-signed' assert self.version.version_int == version_int(u'é1.3.1-signed') assert file_hash != self.file_.generate_hash() self.assert_backup()
def test_sign_bump_non_ascii_filename(self, mock_sign_file): """Sign files which have non-ascii filenames.""" self.file_.update(filename=u'jétpack.xpi') with amo.tests.copy_file( 'src/olympia/files/fixtures/files/jetpack.xpi', self.file_.file_path): file_hash = self.file_.generate_hash() assert self.version.version == '1.3' assert self.version.version_int == version_int('1.3') tasks.sign_addons([self.addon.pk]) assert mock_sign_file.called self.version.reload() assert self.version.version == '1.3.1-signed' assert self.version.version_int == version_int('1.3.1-signed') assert file_hash != self.file_.generate_hash() self.assert_backup()
def test_sign_bump_new_versions_not_default_compat(self, mock_sign_file): """Sign files which are recent, event if not default to compatible.""" with amo.tests.copy_file( 'src/olympia/files/fixtures/files/jetpack.xpi', self.file_.file_path): file_hash = self.file_.generate_hash() assert self.version.version == '1.3' assert self.version.version_int == version_int('1.3') self.file_.update(binary_components=True, strict_compatibility=True) tasks.sign_addons([self.addon.pk]) assert mock_sign_file.called self.version.reload() assert self.version.version == '1.3.1-signed' assert self.version.version_int == version_int('1.3.1-signed') assert file_hash != self.file_.generate_hash() self.assert_backup()
def handle(self, *args, **options): if len(options['addon_id']) == 0: # Sign all the addons? raise CommandError( 'Please provide at least one addon id to sign. If you want to ' 'sign them all, use the "process_addons --task sign_addons" ' 'management command.') defaults = settings.AUTOGRAPH_CONFIG def _get_option_or_default(key): return options.get('autograph_{}'.format(key), defaults[key]) autograph_config = { 'server_url': _get_option_or_default('server_url'), 'user_id': _get_option_or_default('user_id'), 'key': _get_option_or_default('key'), 'signer': _get_option_or_default('signer')} with override_settings(AUTOGRAPH_CONFIG=autograph_config): addon_ids = [int(addon_id) for addon_id in options['addon_id']] sign_addons( addon_ids, force=options['force'], reason=options['reason'])
def handle(self, *args, **options): if len(options['addon_id']) == 0: # Sign all the addons? raise CommandError( 'Please provide at least one addon id to sign. If you want to ' 'sign them all, use the "process_addons --task sign_addons" ' 'management command.') defaults = settings.AUTOGRAPH_CONFIG def _get_option_or_default(key): return options.get('autograph_{}'.format(key), defaults[key]) autograph_config = { 'server_url': _get_option_or_default('server_url'), 'user_id': _get_option_or_default('user_id'), 'key': _get_option_or_default('key'), 'signer': _get_option_or_default('signer') } with override_settings(AUTOGRAPH_CONFIG=autograph_config): addon_ids = [int(addon_id) for addon_id in options['addon_id']] sign_addons(addon_ids, force=options['force'], reason=options['reason'])
def test_dont_sign_dont_bump_old_versions(self, mock_sign_file): """Don't sign files which are too old, or not default to compatible.""" fpath = fpath = 'src/olympia/files/fixtures/files/jetpack.xpi' with amo.tests.copy_file(fpath, self.file_.file_path): file_hash = self.file_.generate_hash() assert self.version.version == '1.3' assert self.version.version_int == version_int('1.3') # Too old, don't sign. self.set_max_appversion('1') # Very very old. tasks.sign_addons([self.addon.pk]) self.assert_not_signed(mock_sign_file, file_hash) # MIN_D2C_VERSION, but strict compat: don't sign. self.set_max_appversion(settings.MIN_D2C_VERSION) self.file_.update(strict_compatibility=True) tasks.sign_addons([self.addon.pk]) self.assert_not_signed(mock_sign_file, file_hash) # MIN_D2C_VERSION, but binary component: don't sign. self.file_.update(strict_compatibility=False, binary_components=True) tasks.sign_addons([self.addon.pk]) self.assert_not_signed(mock_sign_file, file_hash)