def test_members_cannot_set_2fa(self):
self.assert_cannot_enable_org_2fa(self.organization, self.org_user,
403)
TotpInterface().enroll(self.org_user)
self.assert_cannot_enable_org_2fa(self.organization, self.org_user,
403)
def _enroll_user_in_2fa(self):
interface = TotpInterface()
interface.enroll(self.user)
assert Authenticator.objects.user_has_2fa(self.user)
def test_various_options(self):
initial = self.organization.get_audit_log_data()
AuditLogEntry.objects.filter(organization=self.organization).delete()
data = {
"openMembership": False,
"isEarlyAdopter": True,
"allowSharedIssues": False,
"enhancedPrivacy": True,
"dataScrubber": True,
"dataScrubberDefaults": True,
"sensitiveFields": ["password"],
"eventsMemberAdmin": False,
"alertsMemberWrite": False,
"safeFields": ["email"],
"storeCrashReports": 10,
"scrubIPAddresses": True,
"scrapeJavaScript": False,
"defaultRole": "owner",
"require2FA": True,
"allowJoinRequests": False,
"apdexThreshold": 450,
}
# needed to set require2FA
interface = TotpInterface()
interface.enroll(self.user)
assert Authenticator.objects.user_has_2fa(self.user)
self.get_success_response(self.organization.slug, **data)
org = Organization.objects.get(id=self.organization.id)
assert initial != org.get_audit_log_data()
assert org.flags.early_adopter
assert not org.flags.allow_joinleave
assert org.flags.disable_shared_issues
assert org.flags.enhanced_privacy
assert org.flags.require_2fa
assert org.default_role == "owner"
options = {
o.key: o.value
for o in OrganizationOption.objects.filter(organization=org)
}
assert options.get("sentry:require_scrub_defaults")
assert options.get("sentry:require_scrub_data")
assert options.get("sentry:require_scrub_ip_address")
assert options.get("sentry:sensitive_fields") == ["password"]
assert options.get("sentry:safe_fields") == ["email"]
assert options.get("sentry:store_crash_reports") == 10
assert options.get("sentry:scrape_javascript") is False
assert options.get("sentry:join_requests") is False
assert options.get("sentry:events_member_admin") is False
assert options.get("sentry:apdex_threshold") == 450
# log created
log = AuditLogEntry.objects.get(organization=org)
assert log.get_event_display() == "org.edit"
# org fields & flags
assert "to {}".format(data["defaultRole"]) in log.data["default_role"]
assert "to {}".format(
data["openMembership"]) in log.data["allow_joinleave"]
assert "to {}".format(
data["isEarlyAdopter"]) in log.data["early_adopter"]
assert "to {}".format(
data["enhancedPrivacy"]) in log.data["enhanced_privacy"]
assert "to {}".format(
not data["allowSharedIssues"]) in log.data["disable_shared_issues"]
assert "to {}".format(data["require2FA"]) in log.data["require_2fa"]
# org options
assert "to {}".format(data["dataScrubber"]) in log.data["dataScrubber"]
assert "to {}".format(
data["dataScrubberDefaults"]) in log.data["dataScrubberDefaults"]
assert "to {}".format(
data["sensitiveFields"]) in log.data["sensitiveFields"]
assert "to {}".format(data["safeFields"]) in log.data["safeFields"]
assert "to {}".format(
data["storeCrashReports"]) in log.data["storeCrashReports"]
assert "to {}".format(
data["scrubIPAddresses"]) in log.data["scrubIPAddresses"]
assert "to {}".format(
data["scrapeJavaScript"]) in log.data["scrapeJavaScript"]
assert "to {}".format(
data["allowJoinRequests"]) in log.data["allowJoinRequests"]
assert "to {}".format(
data["eventsMemberAdmin"]) in log.data["eventsMemberAdmin"]
assert "to {}".format(
data["alertsMemberWrite"]) in log.data["alertsMemberWrite"]
assert "to {}".format(
data["apdexThreshold"]) in log.data["apdexThreshold"]
def test_preexisting_members_must_enable_2fa(self):
self.login_as(self.no_2fa_user)
self.assert_cannot_access_org_details(self.path)
TotpInterface().enroll(self.no_2fa_user)
self.assert_can_access_org_details(self.path)
def enroll_user_and_require_2fa(self, user, organization):
TotpInterface().enroll(user)
organization.update(
flags=models.F("flags").bitor(Organization.flags.require_2fa))
assert organization.flags.require_2fa.is_set
def test_owner_can_set_2fa_single_member(self):
org = self.create_organization(owner=self.owner)
TotpInterface().enroll(self.owner)
with self.options({"system.url-prefix": "http://example.com"}), self.tasks():
self.assert_can_enable_org_2fa(org, self.owner)
assert len(mail.outbox) == 0
def test_preexisting_members_must_enable_2fa(self):
self.login_as(self.no_2fa_user)
self.assert_redirected_to_2fa()
TotpInterface().enroll(self.no_2fa_user)
self.assert_can_access_org_home()
def test_preexisting_members_must_enable_2fa(self):
self.login_as(self.no_2fa_user)
self.get_error_response(self.org_2fa.slug, status_code=401)
TotpInterface().enroll(self.no_2fa_user)
self.get_success_response(self.org_2fa.slug)
def setUp(self):
self.owner = self.create_user("*****@*****.**")
TotpInterface().enroll(self.owner)
self.org = self.create_organization(owner=self.owner)
self.request = self.make_request(user=self.owner)
def test_preexisting_members_must_enable_2fa(self):
self.login_as(self.no_2fa_user)
self.assert_redirected_to_2fa()
TotpInterface().enroll(self.no_2fa_user)
self.get_success_response(self.org_2fa.slug)
