From 61ce62b02627414e5d4c65d32146ba8dc89421c4 Mon Sep 17 00:00:00 2001 From: Michael Manfre Date: Sun, 20 Nov 2022 18:03:09 -0500 Subject: Enforce signups_allowed=False (#26) --- .pre-commit-config.yaml | 2 +- requirements-dev.txt | 1 + templates/auth/signup.html | 13 ++- users/tests/models/__init__.py | 0 users/tests/models/test_identity.py | 178 ++++++++++++++++++++++++++++++++++++ users/tests/test_identity.py | 178 ------------------------------------ users/tests/views/__init__.py | 0 users/tests/views/test_auth.py | 59 ++++++++++++ users/views/auth.py | 4 + 9 files changed, 255 insertions(+), 180 deletions(-) create mode 100644 users/tests/models/__init__.py create mode 100644 users/tests/models/test_identity.py delete mode 100644 users/tests/test_identity.py create mode 100644 users/tests/views/__init__.py create mode 100644 users/tests/views/test_auth.py diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 98148fd..940fbbc 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -35,4 +35,4 @@ repos: rev: v0.982 hooks: - id: mypy - additional_dependencies: [types-pyopenssl, types-bleach] + additional_dependencies: [types-pyopenssl, types-bleach, types-mock] diff --git a/requirements-dev.txt b/requirements-dev.txt index 8879356..6be4cd3 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -3,6 +3,7 @@ pre-commit~=2.20.0 black==22.10.0 flake8==5.0.4 isort==5.10.1 +mock~=4.0.3 pre-commit~=2.20.0 pytest-django~=4.5.2 pytest-httpx~=0.21 diff --git a/templates/auth/signup.html b/templates/auth/signup.html index b1aaa50..7924c0a 100644 --- a/templates/auth/signup.html +++ b/templates/auth/signup.html @@ -7,13 +7,24 @@ {% csrf_token %}
Create An Account - {{ config.signup_text|safe|linebreaks }} + {% if config.signup_text %}{{ config.signup_text|safe|linebreaks }}{% endif %} + {% if config.signup_allowed %} {% for field in form %} {% include "forms/_field.html" %} {% endfor %} + {% else %} + {% if not config.signup_text %} +

Not accepting new users at this time

+ {% endif %} + {% endif %} +
+ + {% if config.signup_allowed %}
+ {% endif %} + {% endblock %} diff --git a/users/tests/models/__init__.py b/users/tests/models/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/users/tests/models/test_identity.py b/users/tests/models/test_identity.py new file mode 100644 index 0000000..868894a --- /dev/null +++ b/users/tests/models/test_identity.py @@ -0,0 +1,178 @@ +import pytest +from asgiref.sync import async_to_sync + +from core.models import Config +from users.models import Domain, Identity, User +from users.views.identity import CreateIdentity + + +@pytest.mark.django_db +def test_create_identity_form(client): + """ """ + # Make a user + user = User.objects.create(email="test@example.com") + admin = User.objects.create(email="admin@example.com", admin=True) + # Make a domain + domain = Domain.objects.create(domain="example.com", local=True) + domain.users.add(user) + domain.users.add(admin) + + # Test identity_min_length + data = { + "username": "a", + "domain": domain.domain, + "name": "The User", + } + + form = CreateIdentity.form_class(user=user, data=data) + assert not form.is_valid() + assert "username" in form.errors + assert "value has at least" in form.errors["username"][0] + + form = CreateIdentity.form_class(user=admin, data=data) + assert form.errors == {} + + # Test restricted_usernames + data = { + "username": "@root", + "domain": domain.domain, + "name": "The User", + } + + form = CreateIdentity.form_class(user=user, data=data) + assert not form.is_valid() + assert "username" in form.errors + assert "restricted to administrators" in form.errors["username"][0] + + form = CreateIdentity.form_class(user=admin, data=data) + assert form.errors == {} + + # Test valid chars + data = { + "username": "@someval!!!!", + "domain": domain.domain, + "name": "The User", + } + + for u in (user, admin): + form = CreateIdentity.form_class(user=u, data=data) + assert not form.is_valid() + assert "username" in form.errors + assert form.errors["username"][0].startswith("Only the letters") + + +@pytest.mark.django_db +def test_identity_max_per_user(client): + """ + Ensures that the identity limit is functioning + """ + # Make a user + user = User.objects.create(email="test@example.com") + # Make a domain + domain = Domain.objects.create(domain="example.com", local=True) + domain.users.add(user) + # Make an identity for them + for i in range(Config.system.identity_max_per_user): + identity = Identity.objects.create( + actor_uri=f"https://example.com/@test{i}@example.com/actor/", + username=f"test{i}", + domain=domain, + name=f"Test User{i}", + local=True, + ) + identity.users.add(user) + + data = { + "username": "toomany", + "domain": domain.domain, + "name": "Too Many", + } + form = CreateIdentity.form_class(user=user, data=data) + assert form.errors["__all__"][0].startswith("You are not allowed more than") + + user.admin = True + form = CreateIdentity.form_class(user=user, data=data) + assert form.is_valid() + + +@pytest.mark.django_db +def test_fetch_actor(httpx_mock): + """ + Ensures that making identities via actor fetching works + """ + # Make a shell remote identity + identity = Identity.objects.create( + actor_uri="https://example.com/test-actor/", + local=False, + ) + + # Trigger actor fetch + httpx_mock.add_response( + url="https://example.com/.well-known/webfinger?resource=acct:test@example.com", + json={ + "subject": "acct:test@example.com", + "aliases": [ + "https://example.com/test-actor/", + ], + "links": [ + { + "rel": "http://webfinger.net/rel/profile-page", + "type": "text/html", + "href": "https://example.com/test-actor/", + }, + { + "rel": "self", + "type": "application/activity+json", + "href": "https://example.com/test-actor/", + }, + ], + }, + ) + httpx_mock.add_response( + url="https://example.com/test-actor/", + json={ + "@context": [ + "https://www.w3.org/ns/activitystreams", + "https://w3id.org/security/v1", + ], + "id": "https://example.com/test-actor/", + "type": "Person", + "inbox": "https://example.com/test-actor/inbox/", + "publicKey": { + "id": "https://example.com/test-actor/#main-key", + "owner": "https://example.com/test-actor/", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nits-a-faaaake\n-----END PUBLIC KEY-----\n", + }, + "followers": "https://example.com/test-actor/followers/", + "following": "https://example.com/test-actor/following/", + "icon": { + "type": "Image", + "mediaType": "image/jpeg", + "url": "https://example.com/icon.jpg", + }, + "image": { + "type": "Image", + "mediaType": "image/jpeg", + "url": "https://example.com/image.jpg", + }, + "as:manuallyApprovesFollowers": False, + "name": "Test User", + "preferredUsername": "test", + "published": "2022-11-02T00:00:00Z", + "summary": "

A test user

", + "url": "https://example.com/test-actor/view/", + }, + ) + async_to_sync(identity.fetch_actor)() + + # Verify the data arrived + identity = Identity.objects.get(pk=identity.pk) + assert identity.name == "Test User" + assert identity.username == "test" + assert identity.domain_id == "example.com" + assert identity.profile_uri == "https://example.com/test-actor/view/" + assert identity.inbox_uri == "https://example.com/test-actor/inbox/" + assert identity.icon_uri == "https://example.com/icon.jpg" + assert identity.image_uri == "https://example.com/image.jpg" + assert identity.summary == "

A test user

" + assert "ts-a-faaaake" in identity.public_key diff --git a/users/tests/test_identity.py b/users/tests/test_identity.py deleted file mode 100644 index 868894a..0000000 --- a/users/tests/test_identity.py +++ /dev/null @@ -1,178 +0,0 @@ -import pytest -from asgiref.sync import async_to_sync - -from core.models import Config -from users.models import Domain, Identity, User -from users.views.identity import CreateIdentity - - -@pytest.mark.django_db -def test_create_identity_form(client): - """ """ - # Make a user - user = User.objects.create(email="test@example.com") - admin = User.objects.create(email="admin@example.com", admin=True) - # Make a domain - domain = Domain.objects.create(domain="example.com", local=True) - domain.users.add(user) - domain.users.add(admin) - - # Test identity_min_length - data = { - "username": "a", - "domain": domain.domain, - "name": "The User", - } - - form = CreateIdentity.form_class(user=user, data=data) - assert not form.is_valid() - assert "username" in form.errors - assert "value has at least" in form.errors["username"][0] - - form = CreateIdentity.form_class(user=admin, data=data) - assert form.errors == {} - - # Test restricted_usernames - data = { - "username": "@root", - "domain": domain.domain, - "name": "The User", - } - - form = CreateIdentity.form_class(user=user, data=data) - assert not form.is_valid() - assert "username" in form.errors - assert "restricted to administrators" in form.errors["username"][0] - - form = CreateIdentity.form_class(user=admin, data=data) - assert form.errors == {} - - # Test valid chars - data = { - "username": "@someval!!!!", - "domain": domain.domain, - "name": "The User", - } - - for u in (user, admin): - form = CreateIdentity.form_class(user=u, data=data) - assert not form.is_valid() - assert "username" in form.errors - assert form.errors["username"][0].startswith("Only the letters") - - -@pytest.mark.django_db -def test_identity_max_per_user(client): - """ - Ensures that the identity limit is functioning - """ - # Make a user - user = User.objects.create(email="test@example.com") - # Make a domain - domain = Domain.objects.create(domain="example.com", local=True) - domain.users.add(user) - # Make an identity for them - for i in range(Config.system.identity_max_per_user): - identity = Identity.objects.create( - actor_uri=f"https://example.com/@test{i}@example.com/actor/", - username=f"test{i}", - domain=domain, - name=f"Test User{i}", - local=True, - ) - identity.users.add(user) - - data = { - "username": "toomany", - "domain": domain.domain, - "name": "Too Many", - } - form = CreateIdentity.form_class(user=user, data=data) - assert form.errors["__all__"][0].startswith("You are not allowed more than") - - user.admin = True - form = CreateIdentity.form_class(user=user, data=data) - assert form.is_valid() - - -@pytest.mark.django_db -def test_fetch_actor(httpx_mock): - """ - Ensures that making identities via actor fetching works - """ - # Make a shell remote identity - identity = Identity.objects.create( - actor_uri="https://example.com/test-actor/", - local=False, - ) - - # Trigger actor fetch - httpx_mock.add_response( - url="https://example.com/.well-known/webfinger?resource=acct:test@example.com", - json={ - "subject": "acct:test@example.com", - "aliases": [ - "https://example.com/test-actor/", - ], - "links": [ - { - "rel": "http://webfinger.net/rel/profile-page", - "type": "text/html", - "href": "https://example.com/test-actor/", - }, - { - "rel": "self", - "type": "application/activity+json", - "href": "https://example.com/test-actor/", - }, - ], - }, - ) - httpx_mock.add_response( - url="https://example.com/test-actor/", - json={ - "@context": [ - "https://www.w3.org/ns/activitystreams", - "https://w3id.org/security/v1", - ], - "id": "https://example.com/test-actor/", - "type": "Person", - "inbox": "https://example.com/test-actor/inbox/", - "publicKey": { - "id": "https://example.com/test-actor/#main-key", - "owner": "https://example.com/test-actor/", - "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nits-a-faaaake\n-----END PUBLIC KEY-----\n", - }, - "followers": "https://example.com/test-actor/followers/", - "following": "https://example.com/test-actor/following/", - "icon": { - "type": "Image", - "mediaType": "image/jpeg", - "url": "https://example.com/icon.jpg", - }, - "image": { - "type": "Image", - "mediaType": "image/jpeg", - "url": "https://example.com/image.jpg", - }, - "as:manuallyApprovesFollowers": False, - "name": "Test User", - "preferredUsername": "test", - "published": "2022-11-02T00:00:00Z", - "summary": "

A test user

", - "url": "https://example.com/test-actor/view/", - }, - ) - async_to_sync(identity.fetch_actor)() - - # Verify the data arrived - identity = Identity.objects.get(pk=identity.pk) - assert identity.name == "Test User" - assert identity.username == "test" - assert identity.domain_id == "example.com" - assert identity.profile_uri == "https://example.com/test-actor/view/" - assert identity.inbox_uri == "https://example.com/test-actor/inbox/" - assert identity.icon_uri == "https://example.com/icon.jpg" - assert identity.image_uri == "https://example.com/image.jpg" - assert identity.summary == "

A test user

" - assert "ts-a-faaaake" in identity.public_key diff --git a/users/tests/views/__init__.py b/users/tests/views/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/users/tests/views/test_auth.py b/users/tests/views/test_auth.py new file mode 100644 index 0000000..22e1fb6 --- /dev/null +++ b/users/tests/views/test_auth.py @@ -0,0 +1,59 @@ +import mock +import pytest + +from core.models import Config +from users.models import User + + +@pytest.fixture +def config_system(): + # TODO: Good enough for now, but a better Config mocking system is needed + result = Config.load_system() + with mock.patch("core.models.Config.load_system", return_value=result): + yield result + + +@pytest.mark.django_db +def test_signup_disabled(client, config_system): + # Signup disabled and no signup text + config_system.signup_allowed = False + resp = client.get("/auth/signup/") + assert resp.status_code == 200 + content = str(resp.content) + assert "Not accepting new users at this time" in content + assert "" not in content + + # Signup disabled with signup text configured + config_system.signup_text = "Go away!!!!!!" + resp = client.get("/auth/signup/") + assert resp.status_code == 200 + content = str(resp.content) + assert "Go away!!!!!!" in content + + # Ensure direct POST doesn't side step guard + resp = client.post( + "/auth/signup/", data={"email": "test_signup_disabled@example.org"} + ) + assert resp.status_code == 200 + assert not User.objects.filter(email="test_signup_disabled@example.org").exists() + + # Signup enabled + config_system.signup_allowed = True + resp = client.get("/auth/signup/") + assert resp.status_code == 200 + content = str(resp.content) + assert "Not accepting new users at this time" not in content + assert "" in content + + +@pytest.mark.django_db +def test_signup_invite_only(client, config_system): + config_system.signup_allowed = True + config_system.signup_invite_only = True + + resp = client.get("/auth/signup/") + assert resp.status_code == 200 + content = str(resp.content) + assert 'name="invite_code"' in content + + # TODO: Actually test this diff --git a/users/views/auth.py b/users/views/auth.py index 2257ea5..61e9a29 100644 --- a/users/views/auth.py +++ b/users/views/auth.py @@ -49,6 +49,10 @@ class Signup(FormView): raise forms.ValidationError("That is not a valid invite code") return invite_code + def clean(self): + if not Config.system.signup_allowed: + raise forms.ValidationError("Not accepting new users at this time") + def form_valid(self, form): user = User.objects.create(email=form.cleaned_data["email"]) # Auto-promote the user to admin if that setting is set -- cgit v1.2.3