Merge branch 'release/19.25.0'

CHANGELOG

@@ -2,6 +2,12 @@
 
 We follow the CalVer (https://calver.org/) versioning scheme: YY.MINOR.MICRO.
 
+19.25.0 (2019-09-05)
+===================
+- Automate account deactivation if users have no content
+- Clean up EZID workflow
+- Check redirect URL's for spam
+
 19.24.0 (2019-08-27)
 ===================
 - APIv2: Allow creating a node with a license attached on creation

addons/forward/models.py

@@ -1,10 +1,12 @@
 # -*- coding: utf-8 -*-
+from osf.utils.requests import get_request_and_user_id, get_headers_from_request
 
 from addons.base.models import BaseNodeSettings
 from dirtyfields import DirtyFieldsMixin
 from django.db import models
 from osf.exceptions import ValidationValueError
 from osf.models.validators import validate_no_html
+from osf.models import OSFUser
 
 
 class NodeSettings(DirtyFieldsMixin, BaseNodeSettings):
@@ -33,6 +35,17 @@ def after_register(self, node, registration, user, save=True):
 
  return clone, None
 
+ def save(self, request=None, *args, **kwargs):
+ super(NodeSettings, self).save(*args, **kwargs)
+ if request:
+ if not hasattr(request, 'user'): # TODO: remove when Flask is removed
+ _, user_id = get_request_and_user_id()
+ user = OSFUser.load(user_id)
+ else:
+ user = request.user
+
+ self.owner.check_spam(user, {'addons_forward_node_settings__url'}, get_headers_from_request(request))
+
  def clean(self):
  if self.url and self.owner._id in self.url:
  raise ValidationValueError('Circular URL')

addons/forward/tests/test_views.py

@@ -1,16 +1,18 @@
+import mock
 import pytest
 
 from nose.tools import assert_equal
 
 from addons.forward.tests.utils import ForwardAddonTestCase
 from tests.base import OsfTestCase
+from website import settings
 
 pytestmark = pytest.mark.django_db
 
-class TestForwardLogs(ForwardAddonTestCase, OsfTestCase):
+class TestForward(ForwardAddonTestCase, OsfTestCase):
 
  def setUp(self):
- super(TestForwardLogs, self).setUp()
+ super(TestForward, self).setUp()
  self.app.authenticate(*self.user.auth)
 
  def test_change_url_log_added(self):
@@ -40,3 +42,19 @@ def test_change_timeout_log_not_added(self):
  self.project.logs.count(),
  log_count
  )
+
+ @mock.patch.object(settings, 'SPAM_CHECK_ENABLED', True)
+ @mock.patch('osf.models.node.Node.do_check_spam')
+ def test_change_url_check_spam(self, mock_check_spam):
+ self.project.is_public = True
+ self.project.save()
+ self.app.put_json(self.project.api_url_for('forward_config_put'), {'url': 'http://possiblyspam.com'})
+
+ assert mock_check_spam.called
+ data, _ = mock_check_spam.call_args
+ author, author_email, content, request_headers = data
+
+ assert author == self.user.fullname
+ assert author_email == self.user.username
+ assert content == 'http://possiblyspam.com'
+

addons/forward/views/config.py

@@ -44,7 +44,7 @@ def forward_config_put(auth, node_addon, **kwargs):
  # Save settings and get changed fields; crash if validation fails
  try:
  dirty_fields = node_addon.get_dirty_fields()
- node_addon.save()
+ node_addon.save(request=request)
  except ValidationValueError:
  raise HTTPError(http.BAD_REQUEST)
 

api/addons/forward/test_views.py

@@ -0,0 +1,81 @@
+import mock
+import pytest
+
+from addons.forward.tests.utils import ForwardAddonTestCase
+from tests.base import OsfTestCase
+from website import settings
+from tests.json_api_test_app import JSONAPITestApp
+
+pytestmark = pytest.mark.django_db
+
+class TestForward(ForwardAddonTestCase, OsfTestCase):
+ """
+ Forward (the redirect url has two v2 routes, one is addon based `/v2/nodes/{}/addons/forward/` one is node settings
+ based `/v2/nodes/{}/settings/` they both need to be checked for spam each time they are used to modify a redirect url.
+ """
+
+ django_app = JSONAPITestApp()
+
+ def setUp(self):
+ super(TestForward, self).setUp()
+ self.app.authenticate(*self.user.auth)
+
+ @mock.patch.object(settings, 'SPAM_CHECK_ENABLED', True)
+ @mock.patch('osf.models.node.Node.do_check_spam')
+ def test_change_url_check_spam(self, mock_check_spam):
+ self.project.is_public = True
+ self.project.save()
+ self.django_app.put_json_api(
+ '/v2/nodes/{}/addons/forward/'.format(self.project._id),
+ {'data': {'attributes': {'url': 'http://possiblyspam.com'}}},
+ auth=self.user.auth,
+ )
+
+ assert mock_check_spam.called
+ data, _ = mock_check_spam.call_args
+ author, author_email, content, request_headers = data
+
+ assert author == self.user.fullname
+ assert author_email == self.user.username
+ assert content == 'http://possiblyspam.com'
+
+ @mock.patch.object(settings, 'SPAM_CHECK_ENABLED', True)
+ @mock.patch('osf.models.node.Node.do_check_spam')
+ def test_change_url_check_spam_node_settings(self, mock_check_spam):
+ self.project.is_public = True
+ self.project.save()
+
+ payload = {
+ 'data': {
+ 'type': 'node-settings',
+ 'attributes': {
+ 'access_requests_enabled': False,
+ 'redirect_link_url': 'http://possiblyspam.com',
+ },
+ },
+ }
+
+ self.django_app.put_json_api(
+ '/v2/nodes/{}/settings/'.format(self.project._id),
+ payload,
+ auth=self.user.auth,
+ )
+
+ assert mock_check_spam.called
+ data, _ = mock_check_spam.call_args
+ author, author_email, content, request_headers = data
+
+ assert author == self.user.fullname
+ assert author_email == self.user.username
+ assert content == 'http://possiblyspam.com'
+
+ def test_invalid_url(self):
+ res = self.django_app.put_json_api(
+ '/v2/nodes/{}/addons/forward/'.format(self.project._id),
+ {'data': {'attributes': {'url': 'bad url'}}},
+ auth=self.user.auth, expect_errors=True,
+ )
+ assert res.status_code == 400
+ error = res.json['errors'][0]
+
+ assert error['detail'] == 'Enter a valid URL.'

api/nodes/serializers.py

@@ -897,7 +897,7 @@ class Meta:
 
  # Forward-specific
  label = ser.CharField(required=False, allow_blank=True)
- url = ser.CharField(required=False, allow_blank=True)
+ url = ser.URLField(required=False, allow_blank=True)
 
  links = LinksField({
  'self': 'get_absolute_url',
@@ -923,7 +923,9 @@ def create(self, validated_data):
 class ForwardNodeAddonSettingsSerializer(NodeAddonSettingsSerializerBase):
 
  def update(self, instance, validated_data):
- auth = Auth(self.context['request'].user)
+ request = self.context['request']
+ user = request.user
+ auth = Auth(user)
  set_url = 'url' in validated_data
  set_label = 'label' in validated_data
 
@@ -953,7 +955,10 @@ def update(self, instance, validated_data):
  instance.label = label
  url_changed = True
 
- instance.save()
+ try:
+ instance.save(request=request)
+ except ValidationError as e:
+ raise exceptions.ValidationError(detail=str(e))
 
  if url_changed:
  # add log here because forward architecture isn't great
@@ -968,7 +973,6 @@ def update(self, instance, validated_data):
  auth=auth,
  save=True,
  )
-
  return instance
 
 
@@ -1805,7 +1809,10 @@ def update_forward_fields(self, obj, validated_data, auth):
  save_forward = True
 
  if save_forward:
- forward_addon.save()
+ try:
+ forward_addon.save(request=self.context['request'])
+ except ValidationError as e:
+ raise exceptions.ValidationError(detail=str(e))
 
  def enable_or_disable_addon(self, obj, should_enable, addon_name, auth):
  """

api/users/serializers.py

@@ -20,9 +20,8 @@
 from osf.exceptions import ValidationValueError, ValidationError, BlacklistedEmailError
 from osf.models import OSFUser, QuickFilesNode, Preprint
 from osf.utils.requests import string_type_request_headers
-from website.settings import MAILCHIMP_GENERAL_LIST, OSF_HELP_LIST, CONFIRM_REGISTRATIONS_BY_EMAIL, OSF_SUPPORT_EMAIL
+from website.settings import MAILCHIMP_GENERAL_LIST, OSF_HELP_LIST, CONFIRM_REGISTRATIONS_BY_EMAIL
 from osf.models.provider import AbstractProviderGroupObjectPermission
-from website import mails
 from website.profile.views import update_osf_help_mails_subscription, update_mailchimp_subscription
 from api.nodes.serializers import NodeSerializer, RegionRelationshipField
 from api.base.schemas.utils import validate_user_json, from_json
@@ -428,6 +427,7 @@ class UserSettingsSerializer(JSONAPISerializer):
  subscribe_osf_general_email = ser.SerializerMethodField()
  subscribe_osf_help_email = ser.SerializerMethodField()
  deactivation_requested = ser.BooleanField(source='requested_deactivation', required=False)
+ contacted_deactivation = ser.BooleanField(required=False, read_only=True)
  secret = ser.SerializerMethodField(read_only=True)
 
  def to_representation(self, instance):
@@ -526,18 +526,12 @@ def verify_two_factor(self, instance, value, two_factor_addon):
  two_factor_addon.save()
 
  def request_deactivation(self, instance, requested_deactivation):
+
  if instance.requested_deactivation != requested_deactivation:
- if requested_deactivation:
- mails.send_mail(
- to_addr=OSF_SUPPORT_EMAIL,
- mail=mails.REQUEST_DEACTIVATION,
- user=instance,
- can_change_preferences=False,
- )
- instance.email_last_sent = timezone.now()
  instance.requested_deactivation = requested_deactivation
+ if not requested_deactivation:
+ instance.contacted_deactivation = False
  instance.save()
- return
 
  def to_representation(self, instance):
  """

api_tests/nodes/views/test_node_detail.py

@@ -1348,8 +1348,7 @@ def test_set_node_private_updates_doi(
  assert res.status_code == 200
  project_public.reload()
  assert not project_public.is_public
- mock_update_doi_metadata.assert_called_with(
- project_public._id, status='unavailable')
+ mock_update_doi_metadata.assert_called_with(project_public._id)
 
  @pytest.mark.enable_enqueue_task
  @mock.patch('website.preprints.tasks.update_or_enqueue_on_preprint_updated')

api_tests/nodes/views/test_node_wiki_list.py

@@ -338,7 +338,7 @@ def test_create_public_wiki_page(self, app, user_write_contributor, url_node_pub
  assert res.json['data']['attributes']['name'] == page_name
 
  def test_create_public_wiki_page_with_content(self, app, user_write_contributor, url_node_public, project_public):
- page_name = fake.word()
+ page_name = 'using random variables in tests can sometimes expose Testmon problems!'
  payload = create_wiki_payload(page_name)
  payload['data']['attributes']['content'] = 'my first wiki page'
  res = app.post_json_api(url_node_public, payload, auth=user_write_contributor.auth)

api_tests/users/views/test_user_settings_detail.py

@@ -250,31 +250,24 @@ def test_patch_requested_deactivation(self, mock_mail, app, user_one, user_two,
  assert res.status_code == 403
 
  # Logged in, request to deactivate
- assert user_one.email_last_sent is None
  assert user_one.requested_deactivation is False
  res = app.patch_json_api(url, payload, auth=user_one.auth)
  assert res.status_code == 200
  user_one.reload()
- assert user_one.email_last_sent is not None
  assert user_one.requested_deactivation is True
- assert mock_mail.call_count == 1
 
  # Logged in, deactivation already requested
  res = app.patch_json_api(url, payload, auth=user_one.auth)
  assert res.status_code == 200
  user_one.reload()
- assert user_one.email_last_sent is not None
  assert user_one.requested_deactivation is True
- assert mock_mail.call_count == 1
 
  # Logged in, request to cancel deactivate request
  payload['data']['attributes']['deactivation_requested'] = False
  res = app.patch_json_api(url, payload, auth=user_one.auth)
  assert res.status_code == 200
  user_one.reload()
- assert user_one.email_last_sent is not None
  assert user_one.requested_deactivation is False
- assert mock_mail.call_count == 1
 
  @mock.patch('framework.auth.views.mails.send_mail')
  def test_patch_invalid_type(self, mock_mail, app, user_one, url, payload):