Merge master into vulnerability-tool

endpoints/api/billing.py

@@ -18,15 +18,14 @@ import features
 import uuid
 import json
 
-def lookup_allowed_private_repos(namespace):
-  """ Returns false if the given namespace has used its allotment of private repositories. """
-  # Lookup the namespace and verify it has a subscription.
+def get_namespace_plan(namespace):
+  """ Returns the plan of the given namespace. """
   namespace_user = model.user.get_namespace_user(namespace)
   if namespace_user is None:
-    return False
+    return None
 
   if not namespace_user.stripe_id:
-    return False
+    return None
 
   # Ask Stripe for the subscribed plan.
   # TODO: Can we cache this or make it faster somehow?
@@ -36,14 +35,20 @@ def lookup_allowed_private_repos(namespace):
     abort(503, message='Cannot contact Stripe')
 
   if not cus.subscription:
+    return None
+
+  return get_plan(cus.subscription.plan.id)
+
+
+def lookup_allowed_private_repos(namespace):
+  """ Returns false if the given namespace has used its allotment of private repositories. """
+  current_plan = get_namespace_plan(namespace)
+  if current_plan is None:
     return False
 
   # Find the number of private repositories used by the namespace and compare it to the
   # plan subscribed.
   private_repos = model.user.get_private_repo_count(namespace)
-  current_plan = get_plan(cus.subscription.plan.id)
-  if current_plan is None:
-    return False
 
   return private_repos < current_plan['privateRepos']
 

endpoints/api/repository.py

@@ -17,7 +17,8 @@ from endpoints.api import (truthy_bool, format_date, nickname, log_action, valid
                            RepositoryParamResource, resource, query_param, parse_args, ApiResource,
                            request_error, require_scope, Unauthorized, NotFound, InvalidRequest,
                            path_param, ExceedsLicenseException)
-from endpoints.api.billing import lookup_allowed_private_repos
+from endpoints.api.billing import lookup_allowed_private_repos, get_namespace_plan
+from endpoints.common import check_repository_usage
 
 from auth.permissions import (ModifyRepositoryPermission, AdministerRepositoryPermission,
                               CreateRepositoryPermission)
@@ -329,6 +330,9 @@ class Repository(RepositoryParamResource):
   def delete(self, namespace, repository):
     """ Delete a repository. """
     model.repository.purge_repository(namespace, repository)
+    user = model.user.get_namespace_user(namespace)
+    plan = get_namespace_plan(namespace)
+    check_repository_usage(user, plan)
     log_action('delete_repo', namespace,
                {'repo': repository, 'namespace': namespace})
     return 'Deleted', 204

endpoints/api/suconfig.py

@@ -16,6 +16,7 @@ from auth.permissions import SuperUserPermission
 from auth.auth_context import get_authenticated_user
 from data.database import User
 from util.config.configutil import add_enterprise_config_defaults
+from util.config.database import sync_database_with_config
 from util.config.validator import validate_service_for_config, CONFIG_FILENAMES
 from data.runmigration import run_alembic_migration
 from data.users import get_federated_service_name
@@ -216,6 +217,9 @@ class SuperUserConfig(ApiResource):
         current_user = get_authenticated_user()
         model.user.confirm_attached_federated_login(current_user, service_name)
 
+      # Ensure database is up-to-date with config
+      sync_database_with_config(config_object)
+
       return {
         'exists': True,
         'config': config_object
@@ -373,4 +377,4 @@ class SuperUserConfigValidate(ApiResource):
       config = request.get_json()['config']
       return validate_service_for_config(service, config, request.get_json().get('password', ''))
 
-    abort(403)
+    abort(403)

endpoints/api/user.py

@@ -643,6 +643,7 @@ class Recovery(ApiResource):
   }
 
   @nickname('requestRecoveryEmail')
+  @anon_allowed
   @validate_json_request('RequestRecovery')
   def post(self):
     """ Request a password recovery email."""