archive/blender-cloud
0
1
Fork 1
Code Issues 24 Pull Requests Projects Releases Wiki Activity
Files
a2c24375e590e97d73606490738e999deaacee05
blender-cloud/tests/test_webhooks.py

257 lines
11 KiB
Python
Raw Normal View History

Implemented Blender ID webhook for user change notifications Handles changes in: - roles - full name - email address
2017-12-01 19:06:16 +01:00
import hashlib
import hmac
import json
from abstract_cloud_test import AbstractCloudTest
class UserModifiedTest(AbstractCloudTest):
def setUp(self, **kwargs):
super().setUp(**kwargs)
self.enter_app_context()
self.hmac_secret = b'1234 je moeder'
self.app.config['BLENDER_ID_WEBHOOK_USER_CHANGED_SECRET'] = self.hmac_secret.decode()
self.uid = self.create_user(24 * 'a',
roles={'subscriber'},
email='old@email.address')
def test_change_full_name(self):
payload = {'id': 1112333,
'old_email': 'old@email.address',
'full_name': 'ကြယ်ဆွတ်',
'email': 'old@email.address',
'roles': ['cloud_subscriber']}
as_json = json.dumps(payload).encode()
mac = hmac.new(self.hmac_secret,
as_json, hashlib.sha256)
self.post('/api/webhooks/user-modified',
data=as_json,
content_type='application/json',
headers={'X-Webhook-HMAC': mac.hexdigest()},
expected_status=204)
# Check the effect on the user
db_user = self.fetch_user_from_db(self.uid)
self.assertEqual('old@email.address', db_user['email'])
self.assertEqual('ကြယ်ဆွတ်', db_user['full_name'])
self.assertEqual(['subscriber'], db_user['roles'])
Fixed webhook so that users' full_name isn't reset to the empty string.
2017-12-08 14:04:11 +01:00
def test_clear_full_name(self):
"""An empty full name should make it fall back to the username"""
payload = {'id': 1112333,
'old_email': 'old@email.address',
'full_name': '',
'email': 'old@email.address',
'roles': ['cloud_subscriber']}
as_json = json.dumps(payload).encode()
mac = hmac.new(self.hmac_secret,
as_json, hashlib.sha256)
self.post('/api/webhooks/user-modified',
data=as_json,
content_type='application/json',
headers={'X-Webhook-HMAC': mac.hexdigest()},
expected_status=204)
# Check the effect on the user
db_user = self.fetch_user_from_db(self.uid)
self.assertNotEqual('', db_user['username'])
self.assertEqual('old@email.address', db_user['email'])
self.assertEqual(db_user['username'], db_user['full_name'])
self.assertEqual(['subscriber'], db_user['roles'])
Implemented Blender ID webhook for user change notifications Handles changes in: - roles - full name - email address
2017-12-01 19:06:16 +01:00
def test_change_email(self):
payload = {'id': 1112333,
'old_email': 'old@email.address',
'full_name': 'ကြယ်ဆွတ်',
'email': 'new.address+here-there@email.address',
'roles': ['cloud_subscriber']}
as_json = json.dumps(payload).encode()
mac = hmac.new(self.hmac_secret,
as_json, hashlib.sha256)
self.post('/api/webhooks/user-modified',
data=as_json,
content_type='application/json',
headers={'X-Webhook-HMAC': mac.hexdigest()},
expected_status=204)
# Check the effect on the user
db_user = self.fetch_user_from_db(self.uid)
self.assertEqual('new.address+here-there@email.address', db_user['email'])
self.assertEqual('ကြယ်ဆွတ်', db_user['full_name'])
self.assertEqual(['subscriber'], db_user['roles'])
Also accept user-modified webhook when old email address is unknown. When the old email address is unknown, and the new one does map to a user, use the webhook to update the new user.
2017-12-20 11:40:56 +01:00
def test_change_email_unknown_old(self):
payload = {'id': 1112333,
'old_email': 'ancient@email.address',
'full_name': 'ကြယ်ဆွတ်',
'email': 'old@email.address',
'roles': ['cloud_demo']}
as_json = json.dumps(payload).encode()
mac = hmac.new(self.hmac_secret,
as_json, hashlib.sha256)
self.post('/api/webhooks/user-modified',
data=as_json,
content_type='application/json',
headers={'X-Webhook-HMAC': mac.hexdigest()},
expected_status=204)
# Check the effect on the user
db_user = self.fetch_user_from_db(self.uid)
self.assertEqual('old@email.address', db_user['email'])
self.assertEqual('ကြယ်ဆွတ်', db_user['full_name'])
self.assertEqual(['demo'], db_user['roles'])
Webhooks: smarter way to find the user the webhook applies to. We now also match on Blender ID (through the 'auth' section of the user document), so that even when we have missed an email change we can still apply the changes from the webhook.
2017-12-20 12:22:51 +01:00
def test_change_email_unknown_bid_known(self):
users_coll = self.app.db('users')
users_coll.update_one({'_id': self.uid},
{'$set': {'auth': [
{'provider': 'mastodon', 'user_id': 'hey@there'},
{'provider': 'blender-id', 'user_id': '1112333'}
]}})
payload = {'id': 1112333,
'old_email': 'new@elsewhere.address',
'full_name': 'ကြယ်ဆွတ်',
'email': 'new@elsewhere.address',
'roles': ['cloud_demo']}
as_json = json.dumps(payload).encode()
mac = hmac.new(self.hmac_secret,
as_json, hashlib.sha256)
self.post('/api/webhooks/user-modified',
data=as_json,
content_type='application/json',
headers={'X-Webhook-HMAC': mac.hexdigest()},
expected_status=204)
# Check the effect on the user
db_user = self.fetch_user_from_db(self.uid)
self.assertEqual('new@elsewhere.address', db_user['email'])
self.assertEqual('ကြယ်ဆွတ်', db_user['full_name'])
self.assertEqual(['demo'], db_user['roles'])
Implemented Blender ID webhook for user change notifications Handles changes in: - roles - full name - email address
2017-12-01 19:06:16 +01:00
def test_change_roles(self):
payload = {'id': 1112333,
'old_email': 'old@email.address',
'full_name': 'ကြယ်ဆွတ်',
'email': 'old@email.address',
'roles': ['cloud_demo']}
as_json = json.dumps(payload).encode()
mac = hmac.new(self.hmac_secret,
as_json, hashlib.sha256)
self.post('/api/webhooks/user-modified',
data=as_json,
content_type='application/json',
headers={'X-Webhook-HMAC': mac.hexdigest()},
expected_status=204)
# Check the effect on the user
db_user = self.fetch_user_from_db(self.uid)
self.assertEqual('old@email.address', db_user['email'])
self.assertEqual('ကြယ်ဆွတ်', db_user['full_name'])
Removed flamenco-user and attract-user role linking to subscriber/demo/admin It was a hack due to the lack of a capabilities system.
2017-12-07 17:09:06 +01:00
self.assertEqual({'demo'}, set(db_user['roles']))
Implemented Blender ID webhook for user change notifications Handles changes in: - roles - full name - email address
2017-12-01 19:06:16 +01:00
def test_bad_hmac(self):
payload = {'id': 1112333,
'old_email': 'old@email.address',
'full_name': 'ကြယ်ဆွတ်',
'email': 'new@email.address',
'roles': ['cloud_demo']}
as_json = json.dumps(payload).encode()
mac = hmac.new(self.hmac_secret,
as_json, hashlib.sha256)
self.post('/api/webhooks/user-modified',
data=as_json,
content_type='application/json',
headers={'X-Webhook-HMAC': mac.hexdigest()[:-2]},
expected_status=400)
# Check the effect on the user
db_user = self.fetch_user_from_db(self.uid)
self.assertEqual('old@email.address', db_user['email'])
self.assertEqual('คนรักของผัดไทย', db_user['full_name'])
self.assertEqual({'subscriber'}, set(db_user['roles']))
def test_no_hmac(self):
payload = {'id': 1112333,
'old_email': 'old@email.address',
'full_name': 'ကြယ်ဆွတ်',
'email': 'new@email.address',
'roles': ['cloud_demo']}
as_json = json.dumps(payload).encode()
self.post('/api/webhooks/user-modified',
data=as_json,
content_type='application/json',
expected_status=400)
# Check the effect on the user
db_user = self.fetch_user_from_db(self.uid)
self.assertEqual('old@email.address', db_user['email'])
self.assertEqual('คนรักของผัดไทย', db_user['full_name'])
self.assertEqual({'subscriber'}, set(db_user['roles']))
def test_huge_request(self):
payload = b'a' * 1024 * 100
mac = hmac.new(self.hmac_secret, payload, hashlib.sha256)
self.post('/api/webhooks/user-modified',
data=payload,
content_type='application/json',
headers={'X-Webhook-HMAC': mac.hexdigest()},
expected_status=400)
# Check the effect on the user
db_user = self.fetch_user_from_db(self.uid)
self.assertEqual('old@email.address', db_user['email'])
self.assertEqual('คนรักของผัดไทย', db_user['full_name'])
self.assertEqual({'subscriber'}, set(db_user['roles']))
def test_invalid_json(self):
payload = b'\x00' * 1024 * 5
mac = hmac.new(self.hmac_secret, payload, hashlib.sha256)
self.post('/api/webhooks/user-modified',
data=payload,
content_type='application/json',
headers={'X-Webhook-HMAC': mac.hexdigest()},
expected_status=400)
# Check the effect on the user
db_user = self.fetch_user_from_db(self.uid)
self.assertEqual('old@email.address', db_user['email'])
self.assertEqual('คนรักของผัดไทย', db_user['full_name'])
self.assertEqual({'subscriber'}, set(db_user['roles']))
Webhooks: smarter way to find the user the webhook applies to. We now also match on Blender ID (through the 'auth' section of the user document), so that even when we have missed an email change we can still apply the changes from the webhook.
2017-12-20 12:22:51 +01:00
class UserScoreTest(AbstractCloudTest):
def setUp(self, **kwargs):
super().setUp(**kwargs)
self.payload = {'id': 123,
'old_email': 'old@email.address',
'full_name': 'ကြယ်ဆွတ်',
'email': 'new@email.address',
'roles': ['cloud_demo']}
def test_score_bid_only(self):
from cloud.webhooks import score
self.assertEqual(10, score(self.payload,
{'auth': [
{'provider': 'mastodon', 'user_id': 'hey@there'},
{'provider': 'blender-id', 'user_id': '123'}
]}))
def test_score_old_mail_only(self):
from cloud.webhooks import score
self.assertEqual(1, score(self.payload, {'email': 'old@email.address'}))
def test_score_new_mail_only(self):
from cloud.webhooks import score
self.assertEqual(2, score(self.payload, {'email': 'new@email.address'}))
def test_match_everything(self):
from cloud.webhooks import score
self.payload['old_email'] = self.payload['email']
self.assertEqual(13, score(self.payload,
{'auth': [
{'provider': 'mastodon', 'user_id': 'hey@there'},
{'provider': 'blender-id', 'user_id': '123'}
],
'email': 'new@email.address'
}))
Reference in New Issue Copy Permalink