-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add tokenless mutation and field in owner #826
Draft
RulaKhaled
wants to merge
1
commit into
main
Choose a base branch
from
tokens-required
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Draft
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
43 changes: 43 additions & 0 deletions
43
codecov_auth/commands/owner/interactors/set_tokens_required.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
from dataclasses import dataclass | ||
|
||
from codecov.commands.base import BaseInteractor | ||
from codecov.commands.exceptions import Unauthenticated, Unauthorized, ValidationError | ||
from codecov.db import sync_to_async | ||
from codecov_auth.helpers import current_user_part_of_org | ||
from codecov_auth.models import Owner | ||
|
||
|
||
@dataclass | ||
class SetTokensRequiredInput: | ||
tokens_required: bool | ||
org_username: str | ||
|
||
|
||
class SetTokensRequiredInteractor(BaseInteractor): | ||
def validate(self, owner_obj): | ||
if not self.current_user.is_authenticated: | ||
raise Unauthenticated() | ||
if not owner_obj: | ||
raise ValidationError("Owner not found") | ||
if not current_user_part_of_org(self.current_owner, owner_obj): | ||
raise Unauthorized() | ||
if not owner_obj.is_admin(self.current_owner): | ||
raise Unauthorized("Admin authorization required") | ||
|
||
@sync_to_async | ||
def execute(self, input: dict): | ||
typed_input = SetTokensRequiredInput( | ||
tokens_required=input.get("tokens_required"), | ||
org_username=input.get("org_username"), | ||
) | ||
|
||
owner_obj = Owner.objects.filter( | ||
username=typed_input.org_username, service=self.service | ||
).first() | ||
|
||
self.validate(owner_obj) | ||
|
||
owner_obj.tokens_required = typed_input.tokens_required | ||
owner_obj.save() | ||
|
||
return typed_input.tokens_required |
111 changes: 111 additions & 0 deletions
111
codecov_auth/commands/owner/interactors/tests/test_set_tokesn_required.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,111 @@ | ||
import pytest | ||
from asgiref.sync import async_to_sync | ||
from django.contrib.auth.models import AnonymousUser | ||
from django.test import TransactionTestCase | ||
|
||
from codecov.commands.exceptions import Unauthenticated, Unauthorized, ValidationError | ||
from codecov_auth.tests.factories import OwnerFactory | ||
|
||
from ..set_tokens_required import SetTokensRequiredInteractor | ||
|
||
|
||
class SetTokensRequiredInteractorTest(TransactionTestCase): | ||
def setUp(self): | ||
self.current_user = OwnerFactory(username="codecov-user") | ||
self.service = "github" | ||
self.owner = OwnerFactory( | ||
username="codecov-owner", | ||
service=self.service, | ||
) | ||
|
||
self.owner_with_admins = OwnerFactory( | ||
username="codecov-admin-owner", | ||
service=self.service, | ||
admins=[self.current_user.ownerid], | ||
) | ||
|
||
self.interactor = SetTokensRequiredInteractor( | ||
current_owner=self.owner, | ||
service=self.service, | ||
current_user=self.current_user, | ||
) | ||
|
||
@async_to_sync | ||
async def execute( | ||
self, | ||
interactor: SetTokensRequiredInteractor | None = None, | ||
input: dict | None = None, | ||
): | ||
if not interactor: | ||
interactor = self.interactor | ||
return await interactor.execute(input) | ||
|
||
@pytest.mark.asyncio | ||
async def test_user_is_not_authenticated(self): | ||
with pytest.raises(Unauthenticated): | ||
await self.execute( | ||
interactor=SetTokensRequiredInteractor( | ||
current_owner=None, | ||
service=self.service, | ||
current_user=AnonymousUser(), | ||
), | ||
input={ | ||
"tokens_required": True, | ||
"org_username": self.owner.username, | ||
}, | ||
) | ||
|
||
@pytest.mark.asyncio | ||
async def test_validation_error_when_owner_not_found(self): | ||
with pytest.raises(ValidationError): | ||
await self.execute( | ||
input={ | ||
"tokens_required": True, | ||
"org_username": "non-existent-user", | ||
}, | ||
) | ||
|
||
@pytest.mark.asyncio | ||
async def test_unauthorized_error_when_user_is_not_admin(self): | ||
with pytest.raises(Unauthorized): | ||
await self.execute( | ||
input={ | ||
"tokens_required": True, | ||
"org_username": self.owner.username, | ||
}, | ||
) | ||
|
||
@pytest.mark.asyncio | ||
async def test_set_tokens_required_when_user_is_admin(self): | ||
input_data = { | ||
"tokens_required": True, | ||
"org_username": self.owner_with_admins.username, | ||
} | ||
|
||
interactor = SetTokensRequiredInteractor( | ||
current_owner=self.current_user, service=self.service | ||
) | ||
result = await self.execute(interactor=interactor, input=input_data) | ||
|
||
assert result == True | ||
self.owner_with_admins.refresh_from_db() | ||
assert self.owner_with_admins.tokens_required == True | ||
|
||
@pytest.mark.asyncio | ||
async def test_set_tokens_required_to_false(self): | ||
self.owner_with_admins.tokens_required = True | ||
self.owner_with_admins.save() | ||
|
||
input_data = { | ||
"tokens_required": False, | ||
"org_username": self.owner_with_admins.username, | ||
} | ||
|
||
interactor = SetTokensRequiredInteractor( | ||
current_owner=self.current_user, service=self.service | ||
) | ||
result = await self.execute(interactor=interactor, input=input_data) | ||
|
||
assert result == False | ||
self.owner_with_admins.refresh_from_db() | ||
assert self.owner_with_admins.tokens_required == False |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
from django.test import TransactionTestCase | ||
|
||
from codecov_auth.tests.factories import OwnerFactory | ||
from graphql_api.tests.helper import GraphQLTestHelper | ||
|
||
query = """ | ||
mutation($input: SetTokensRequiredInput!) { | ||
setTokensRequired(input: $input) { | ||
tokensRequired | ||
error { | ||
__typename | ||
... on ResolverError { | ||
message | ||
} | ||
} | ||
} | ||
} | ||
""" | ||
|
||
|
||
class SetTokensRequiredTests(GraphQLTestHelper, TransactionTestCase): | ||
def setUp(self): | ||
self.org = OwnerFactory(username="codecov") | ||
|
||
def test_when_authenticated_updates_tokens_required(self): | ||
user = OwnerFactory( | ||
organizations=[self.org.ownerid], | ||
permission=[self.org.ownerid], | ||
is_admin=True, | ||
) | ||
|
||
data = self.gql_request( | ||
query, | ||
owner=user, | ||
variables={"input": {"org_username": "codecov", "tokensRequired": True}}, | ||
) | ||
|
||
assert data["setTokensRequired"]["tokensRequired"] == True | ||
|
||
def test_when_validation_error_org_not_found(self): | ||
data = self.gql_request( | ||
query, | ||
owner=self.org, | ||
variables={ | ||
"input": { | ||
"org_username": "non_existent_org", | ||
"tokensRequired": True, | ||
} | ||
}, | ||
) | ||
assert data["setTokensRequired"]["error"]["__typename"] == "ValidationError" | ||
|
||
def test_when_unauthorized_non_admin(self): | ||
non_admin_user = OwnerFactory( | ||
organizations=[self.org.ownerid], | ||
permission=[self.org.ownerid], | ||
is_admin=False, | ||
) | ||
|
||
data = self.gql_request( | ||
query, | ||
owner=non_admin_user, | ||
variables={"input": {"org_username": "codecov", "tokensRequired": True}}, | ||
) | ||
|
||
assert data["setTokensRequired"]["error"]["__typename"] == "UnauthorizedError" | ||
|
||
def test_when_unauthenticated(self): | ||
data = self.gql_request( | ||
query, | ||
variables={"input": {"org_username": "codecov", "tokensRequired": True}}, | ||
) | ||
|
||
assert ( | ||
data["setTokensRequired"]["error"]["__typename"] == "UnauthenticatedError" | ||
) | ||
|
||
def test_when_not_part_of_org(self): | ||
non_part_of_org_user = OwnerFactory( | ||
organizations=[self.org.ownerid], | ||
permission=[self.org.ownerid], | ||
is_admin=False, | ||
) | ||
|
||
data = self.gql_request( | ||
query, | ||
owner=non_part_of_org_user, | ||
variables={"input": {"org_username": "codecov", "tokensRequired": True}}, | ||
) | ||
|
||
assert data["setTokensRequired"]["error"]["__typename"] == "UnauthorizedError" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
12 changes: 12 additions & 0 deletions
12
graphql_api/types/mutation/set_tokens_required/__init__.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
from graphql_api.helpers.ariadne import ariadne_load_local_graphql | ||
|
||
from .set_tokens_required import ( | ||
error_set_tokens_required, | ||
resolve_set_tokens_required, | ||
) | ||
|
||
gql_set_tokens_required = ariadne_load_local_graphql( | ||
__file__, "set_tokens_required.graphql" | ||
) | ||
|
||
__all__ = ["error_set_tokens_required", "resolve_set_tokens_required"] |
14 changes: 14 additions & 0 deletions
14
graphql_api/types/mutation/set_tokens_required/set_tokens_required.graphql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
union SetTokensRequiredError = | ||
UnauthenticatedError | ||
| UnauthorizedError | ||
| ValidationError | ||
|
||
type SetTokensRequiredPayload { | ||
error: SetTokensRequiredError | ||
tokensRequired: Boolean! | ||
} | ||
|
||
input SetTokensRequiredInput { | ||
org_username: String! | ||
tokensRequired: Boolean! | ||
} |
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thoughts on this being token_required? And even to be more explicit,
upload_token
required?We use the github/providers token for other things, so differentiating this as the "codecov_token" or "upload_token" would make more sense. I also don't know if this exclusively a coverage token or if it also applies to bundle_analysis/test_results, so I'd confirm what's the expected behavior, and if it is exclusively for coverage (and we don't intend to do it for BA/TR), then I'd call it
coverage_token
orupload_coverage_token
or something like thatThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is just a draft PR not the final code, just put
tokens_required
as it's the suggested name by Trent for Nora, so i will change the name according to what it's called in the DB to avoid any confusionThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good! 👌