Add support for temp usernames and an interstitial to confirm username

When a user now logs in for the first time for any external auth (LDAP, JWT, Keystone, Github, Google, Dex), they will be presented with a confirmation screen that affords them the opportunity to change their Quay-assigned username. Addresses most of the user issues around #74
2016-09-08 18:43:50 -04:00 · 2016-09-08 18:43:50 -04:00 · 1e3b354201
commit 1e3b354201
parent 840ea4e768
18 changed files with 388 additions and 24 deletions
--- a/test/test_api_usage.py
+++ b/test/test_api_usage.py
@ -144,6 +144,14 @@ class ApiTestCase(unittest.TestCase):
    with self.app.session_transaction() as sess:
      sess[CSRF_TOKEN_KEY] = token

+  @contextmanager
+  def toggleFeature(self, name, enabled):
+    import features
+    previous_value = getattr(features, name)
+    setattr(features, name, enabled)
+    yield
+    setattr(features, name, previous_value)
+
  def getJsonResponse(self, resource_name, params={}, expected_code=200):
    rv = self.app.get(api.url_for(resource_name, **params))
    self.assertEquals(expected_code, rv.status_code)
@ -523,6 +531,76 @@ class TestChangeUserDetails(ApiTestCase):
                                data=dict(invoice_email=False))
    self.assertEquals(False, json['invoice_email'])

+  def test_changeusername_temp(self):
+    self.login(READ_ACCESS_USER)
+    user = model.user.get_user(READ_ACCESS_USER)
+    model.user.create_user_prompt(user, 'confirm_username')
+    self.assertTrue(model.user.has_user_prompt(user, 'confirm_username'))
+
+    # Add a robot under the user's namespace.
+    model.user.create_robot('somebot', user)
+
+    # Rename the user.
+    json = self.putJsonResponse(User, data=dict(username='someotherusername'))
+
+    # Ensure the username was changed.
+    self.assertEquals('someotherusername', json['username'])
+    self.assertFalse(model.user.has_user_prompt(user, 'confirm_username'))
+
+    # Ensure the robot was changed.
+    self.assertIsNone(model.user.get_user(READ_ACCESS_USER + '+somebot'))
+    self.assertIsNotNone(model.user.get_user('someotherusername+somebot'))
+
+  def test_changeusername_temp_samename(self):
+    self.login(READ_ACCESS_USER)
+    user = model.user.get_user(READ_ACCESS_USER)
+    model.user.create_user_prompt(user, 'confirm_username')
+    self.assertTrue(model.user.has_user_prompt(user, 'confirm_username'))
+
+    json = self.putJsonResponse(User, data=dict(username=READ_ACCESS_USER))
+
+    # Ensure the username was not changed but they are no longer temporarily named.
+    self.assertEquals(READ_ACCESS_USER, json['username'])
+    self.assertFalse(model.user.has_user_prompt(user, 'confirm_username'))
+
+  def test_changeusername_notallowed(self):
+    with self.toggleFeature('USER_RENAME', False):
+      self.login(ADMIN_ACCESS_USER)
+      user = model.user.get_user(ADMIN_ACCESS_USER)
+      self.assertFalse(model.user.has_user_prompt(user, 'confirm_username'))
+
+      json = self.putJsonResponse(User, data=dict(username='someotherusername'))
+      self.assertEquals(ADMIN_ACCESS_USER, json['username'])
+      self.assertTrue('prompts' in json)
+
+      self.assertIsNone(model.user.get_user('someotherusername'))
+      self.assertIsNotNone(model.user.get_user(ADMIN_ACCESS_USER))
+
+  def test_changeusername_allowed(self):
+    with self.toggleFeature('USER_RENAME', True):
+      self.login(ADMIN_ACCESS_USER)
+      user = model.user.get_user(ADMIN_ACCESS_USER)
+      self.assertFalse(model.user.has_user_prompt(user, 'confirm_username'))
+
+      json = self.putJsonResponse(User, data=dict(username='someotherusername'))
+      self.assertEquals('someotherusername', json['username'])
+      self.assertTrue('prompts' in json)
+
+      self.assertIsNotNone(model.user.get_user('someotherusername'))
+      self.assertIsNone(model.user.get_user(ADMIN_ACCESS_USER))
+
+  def test_changeusername_already_used(self):
+    self.login(READ_ACCESS_USER)
+    user = model.user.get_user(READ_ACCESS_USER)
+    model.user.create_user_prompt(user, 'confirm_username')
+    self.assertTrue(model.user.has_user_prompt(user, 'confirm_username'))
+
+    # Try to change to a used username.
+    self.putJsonResponse(User, data=dict(username=ADMIN_ACCESS_USER), expected_code=400)
+
+    # Change to a new username.
+    self.putJsonResponse(User, data=dict(username='unusedusername'))
+

 class TestCreateNewUser(ApiTestCase):
  def test_existingusername(self):