Launchpad itself

Merge lp:~deryck/launchpad/reauth-gpg-363916 into lp:launchpad

  1. reauth-gpg-363916
  2. Merge into devel
Proposed by Deryck Hodge on 2012-08-20
Status: Merged
Approved by: Deryck Hodge on 2012-08-20
Approved revision: no longer in the source branch.
Merged at revision: 15843
Proposed branch: lp:~deryck/launchpad/reauth-gpg-363916
Merge into: lp:launchpad
Diff against target: 132 lines (+38/-10)
4 files modified
lib/lp/registry/browser/person.py (+4/-0)
lib/lp/registry/browser/tests/test_gpgkey.py (+21/-1)
lib/lp/registry/stories/gpg-coc/xx-gpg-coc.txt (+8/-8)
lib/lp/registry/stories/person/xx-person-editgpgkeys-invalid-key.txt (+5/-1)
To merge this branch: bzr merge lp:~deryck/launchpad/reauth-gpg-363916
Reviewer Review Type Date Requested Status
Benji York (community) code 2012-08-20 Approve on 2012-08-20
Review via email: mp+120401@code.launchpad.net

Commit Message

Requrie a fresh login from users editing their gpg keys.

Description of the Change

= Summary =

This branch is the final in a series of branches to fix bug 363916. This will ensure that all authentication info for users cannot be edited with an old session. The user will need to refresh his or her login to edit gpg keys after this lands. The work that has gone before added this fresh login requirement for email and ssh keys.

== Proposed fix ==

The fix is pretty simple -- just use require_fresh_login -- which was added in earlier branches.

== Pre-implementation notes ==

I didn't discuss this particular branch with anyone, but I had several conversations with flacoste about the earlier work and branches.

== LOC Rationale ==

I've got LOC credit from earlier work to refactor doctests. This is the final branch to add code, and I believe I'll be -50 lines all told once this lands.

== Implementation details ==

* Add a test to ensure the view redirects if the login is stale
* Add an initialize method which calls require_fresh_login

== Tests ==

./bin/test -cvvt test_edit_pgp_keys_login_redirect

(There will be a few doctests that break, I expect, but I'm running this through ec2 while I get it reviewed. I'll fix up any tests that I find and do another ec2 run to land it.)

== Demo and Q/A ==

* Login to Launchpad
* Get coffee to wait 2 minutes
* Visit a user's profile page
* Click the edit icon next to OpenPGP Keys

At this point, you should be redirect to the login server.

= Launchpad lint =

Checking for conflicts and issues in changed files.

Linting changed files:
  lib/lp/registry/browser/tests/test_gpgkey.py
  lib/lp/registry/browser/person.py

To post a comment you must log in.
Benji York (benji) wrote :

Looks good.

review: Approve (code)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'lib/lp/registry/browser/person.py'
2--- lib/lp/registry/browser/person.py 2012-08-20 13:28:42 +0000
3+++ lib/lp/registry/browser/person.py 2012-08-21 14:43:20 +0000
4@@ -2495,6 +2495,10 @@
5 error_message = None
6 info_message = None
7
8+ def initialize(self):
9+ require_fresh_login(self.request, self.context, '+editpgpkeys')
10+ super(PersonGPGView, self).initialize()
11+
12 @property
13 def cancel_url(self):
14 return canonical_url(self.context, view_name="+edit")
15
16=== modified file 'lib/lp/registry/browser/tests/test_gpgkey.py'
17--- lib/lp/registry/browser/tests/test_gpgkey.py 2012-01-01 02:58:52 +0000
18+++ lib/lp/registry/browser/tests/test_gpgkey.py 2012-08-21 14:43:20 +0000
19@@ -6,8 +6,12 @@
20 __metaclass__ = type
21
22 from lp.services.webapp import canonical_url
23-from lp.testing import TestCaseWithFactory
24+from lp.testing import (
25+ login_person,
26+ TestCaseWithFactory,
27+ )
28 from lp.testing.layers import DatabaseFunctionalLayer
29+from lp.testing.views import create_initialized_view
30
31
32 class TestCanonicalUrl(TestCaseWithFactory):
33@@ -22,3 +26,19 @@
34 '%s/+gpg-keys/%s' % (
35 canonical_url(person, rootsite='api'), gpgkey.keyid),
36 canonical_url(gpgkey))
37+
38+
39+class TestPersonGPGView(TestCaseWithFactory):
40+
41+ layer = DatabaseFunctionalLayer
42+
43+ def test_edit_pgp_keys_login_redirect(self):
44+ """+editpgpkeys should redirect to force you to re-authenticate."""
45+ person = self.factory.makePerson()
46+ login_person(person)
47+ view = create_initialized_view(person, "+editpgpkeys")
48+ response = view.request.response
49+ self.assertEqual(302, response.getStatus())
50+ expected_url = (
51+ '%s/+editpgpkeys/+login?reauth=1' % canonical_url(person))
52+ self.assertEqual(expected_url, response.getHeader('location'))
53
54=== modified file 'lib/lp/registry/stories/gpg-coc/xx-gpg-coc.txt'
55--- lib/lp/registry/stories/gpg-coc/xx-gpg-coc.txt 2012-08-10 18:16:36 +0000
56+++ lib/lp/registry/stories/gpg-coc/xx-gpg-coc.txt 2012-08-21 14:43:20 +0000
57@@ -6,6 +6,9 @@
58 >>> import email
59 >>> from lp.testing.keyserver import KeyServerTac
60 >>> from lp.services.mail import stub
61+ >>> from zope.component import getUtility
62+ >>> from lp.registry.interfaces.person import IPersonSet
63+ >>> from lp.testing.pages import setupBrowserFreshLogin
64
65 Set up the stub KeyServer:
66
67@@ -19,7 +22,10 @@
68
69 Start out with a clean page containing no imported keys:
70
71- >>> browser = setupBrowser(auth='Basic test@canonical.com:test')
72+ >>> login(ANONYMOUS)
73+ >>> name12 = getUtility(IPersonSet).getByEmail('test@canonical.com')
74+ >>> logout()
75+ >>> browser = setupBrowserFreshLogin(name12)
76 >>> browser.open("http://launchpad.dev/~name12")
77 >>> browser.getLink(url='+editpgpkeys').click()
78 >>> print browser.title
79@@ -86,7 +92,6 @@
80
81 Import the secret keys needed for this test:
82
83- >>> from zope.component import getUtility
84 >>> from lp.services.gpg.interfaces import IGPGHandler
85
86 >>> from lp.testing.gpgkeys import (
87@@ -141,13 +146,7 @@
88 added as an email address:
89
90 >>> from lp.testing.pages import strip_label
91- >>> from lp.registry.interfaces.person import IPersonSet
92- >>> from lp.testing.pages import setupBrowserFreshLogin
93
94- >>> login(ANONYMOUS)
95- >>> person = getUtility(IPersonSet).getByEmail('test@canonical.com')
96- >>> logout()
97- >>> browser = setupBrowserFreshLogin(person)
98 >>> browser.open("http://launchpad.dev/~name12/+editemails")
99 >>> control = browser.getControl(name='field.UNVALIDATED_SELECTED')
100 >>> [strip_label(label) for label in sorted(control.displayOptions)]
101@@ -461,6 +460,7 @@
102
103 Now Sample Person will deactivate his key...
104
105+ >>> browser = setupBrowserFreshLogin(name12)
106 >>> browser.open('http://launchpad.dev/~name12/+editpgpkeys')
107 >>> browser.url
108 'http://launchpad.dev/~name12/+editpgpkeys'
109
110=== modified file 'lib/lp/registry/stories/person/xx-person-editgpgkeys-invalid-key.txt'
111--- lib/lp/registry/stories/person/xx-person-editgpgkeys-invalid-key.txt 2011-12-24 15:18:32 +0000
112+++ lib/lp/registry/stories/person/xx-person-editgpgkeys-invalid-key.txt 2012-08-21 14:43:20 +0000
113@@ -8,6 +8,7 @@
114 ... ILoginTokenSet)
115 >>> from lp.testing.keyserver import KeyServerTac
116 >>> from lp.registry.interfaces.person import IPersonSet
117+ >>> from lp.testing.pages import setupBrowserFreshLogin
118
119 >>> tokenset = getUtility(ILoginTokenSet)
120 >>> tac = KeyServerTac()
121@@ -27,7 +28,10 @@
122
123 Attempts to claim a revoked OpenPGP key fail:
124
125- >>> browser.addHeader('Authorization', 'Basic test@canonical.com:test')
126+ >>> login(ANONYMOUS)
127+ >>> name12 = getUtility(IPersonSet).getByEmail('test@canonical.com')
128+ >>> logout()
129+ >>> browser = setupBrowserFreshLogin(name12)
130 >>> browser.open('http://launchpad.dev/~name12/+editpgpkeys')
131 >>> browser.getControl(
132 ... name='fingerprint').value = (