implement OWASP awards system improvements

Author: trucodd

backend/apps/owasp/Makefile

@@ -26,6 +26,8 @@ owasp-process-snapshots:
 	@echo "Processing OWASP snapshots"
 	@CMD="python manage.py owasp_process_snapshots" $(MAKE) exec-backend-command
 
+.PHONY: owasp-sync-awards
+
 owasp-sync-awards:
 	@echo "Syncing OWASP awards data"
 	@CMD="python manage.py owasp_sync_awards" $(MAKE) exec-backend-command
@@ -68,6 +70,8 @@ owasp-update-sponsors:
 	@echo "Getting OWASP sponsors data"
 	@CMD="python manage.py owasp_update_sponsors" $(MAKE) exec-backend-command
 
+.PHONY: owasp-update-badges
+
 owasp-update-badges:
 	@echo "Updating OWASP user badges"
 	@CMD="python manage.py owasp_update_badges" $(MAKE) exec-backend-command

backend/apps/owasp/admin/award.py

@@ -26,14 +26,16 @@ class AwardAdmin(admin.ModelAdmin):
     )
     search_fields = (
         "name",
-        "category",
         "winner_name",
         "description",
         "winner_info",
+        "user__login",
     )
     ordering = ("-year", "category", "name")
 
     autocomplete_fields = ("user",)
+    actions = ("mark_reviewed", "mark_not_reviewed")
+    list_select_related = ("user",)
 
     fieldsets = (
         (
@@ -64,6 +66,14 @@ class AwardAdmin(admin.ModelAdmin):
 
     readonly_fields = ("nest_created_at", "nest_updated_at")
 
-    def get_queryset(self, request):
-        """Optimize queryset with select_related."""
-        return super().get_queryset(request).select_related("user")
+    @admin.action(description="Mark selected awards as reviewed")
+    def mark_reviewed(self, request, queryset):
+        """Mark selected awards as reviewed."""
+        updated = queryset.update(is_reviewed=True)
+        self.message_user(request, f"Marked {updated} award(s) as reviewed.")
+
+    @admin.action(description="Mark selected awards as not reviewed")
+    def mark_not_reviewed(self, request, queryset):
+        """Mark selected awards as not reviewed."""
+        updated = queryset.update(is_reviewed=False)
+        self.message_user(request, f"Marked {updated} award(s) as not reviewed.")

backend/apps/owasp/management/commands/owasp_sync_awards.py

@@ -58,12 +58,20 @@ def handle(self, *args, **options):
                 self.stdout.write(self.style.ERROR("Failed to download awards.yml from GitHub"))
                 return
 
-            awards_data = yaml.safe_load(yaml_content)
+            try:
+                awards_data = yaml.safe_load(yaml_content)
+            except yaml.YAMLError as e:
+                self.stdout.write(self.style.ERROR(f"Failed to parse awards.yml: {e}"))
+                return
 
             if not awards_data:
                 self.stdout.write(self.style.ERROR("Failed to parse awards.yml content"))
                 return
 
+            if not isinstance(awards_data, list):
+                self.stdout.write(self.style.ERROR("awards.yml root must be a list of entries"))
+                return
+
             # Process awards data
             if options["dry_run"]:
                 self.stdout.write(self.style.WARNING("DRY RUN MODE - No changes will be made"))
@@ -75,6 +83,10 @@ def handle(self, *args, **options):
             # Print summary
             self._print_summary()
 
+            # Update badges after successful sync
+            if not options["dry_run"]:
+                self._update_badges()
+
         except Exception as e:
             logger.exception("Error syncing awards")
             self.stdout.write(self.style.ERROR(f"Error syncing awards: {e!s}"))
@@ -90,6 +102,7 @@ def _process_award(self, award_data: dict, *, dry_run: bool = False):
         award_name = award_data.get("title", "")
         category = award_data.get("category", "")
         year = award_data.get("year")
+        award_description = award_data.get("description", "") or ""
         winners = award_data.get("winners", [])
 
         if not award_name or not category or not year:
@@ -106,6 +119,7 @@ def _process_award(self, award_data: dict, *, dry_run: bool = False):
                 "name": winner_data.get("name", ""),
                 "info": winner_data.get("info", ""),
                 "image": winner_data.get("image", ""),
+                "description": award_description,
             }
 
             self._process_winner(winner_with_context, dry_run=dry_run)
@@ -138,6 +152,8 @@ def _process_winner(self, winner_data: dict, *, dry_run: bool = False):
                 is_new = False
             except Award.DoesNotExist:
                 is_new = True
+            except Award.MultipleObjectsReturned:
+                is_new = False
 
             # Use the model's update_data method
             award = Award.update_data(winner_data, save=True)
@@ -239,15 +255,29 @@ def _extract_github_username(self, text: str) -> str | None:
         if not text:
             return None
 
-        # Pattern 1: github.com/username
-        github_url_pattern = r"github\.com/([a-zA-Z0-9\-_]+)"
+        # Pattern 1: github.com/<username> (exclude known non-user segments)
+        excluded = {
+            "orgs",
+            "organizations",
+            "topics",
+            "enterprise",
+            "marketplace",
+            "settings",
+            "apps",
+            "features",
+            "pricing",
+            "sponsors",
+        }
+        github_url_pattern = r"(?:https?://)?(?:www\.)?github\.com/([A-Za-z0-9-]+)(?=[/\s]|$)"
         match = re.search(github_url_pattern, text, re.IGNORECASE)
         if match:
-            return match.group(1)
+            candidate = match.group(1)
+            if candidate.lower() not in excluded:
+                return candidate
 
-        # Pattern 2: @username mentions
-        mention_pattern = r"@([a-zA-Z0-9\-_]+)"
-        match = re.search(mention_pattern, text)
+        # Pattern 2: @username mentions (avoid emails/local-parts)
+        mention_pattern = r"(?<![A-Za-z0-9._%+-])@([A-Za-z0-9-]+)\b"
+        match = re.search(mention_pattern, text, re.IGNORECASE)
         if match:
             return match.group(1)
 
@@ -259,31 +289,25 @@ def _generate_potential_logins(self, name: str, min_login_length: int = 2) -> li
             return []
 
         potential_logins = []
-        clean_name = re.sub(r"[^a-zA-Z0-9\s\-_]", "", name).strip()
+        clean_name = re.sub(r"[^a-zA-Z0-9\s\-]", "", name).strip()
 
         # Convert to lowercase and replace spaces
         base_variations = [
             clean_name.lower().replace(" ", ""),
             clean_name.lower().replace(" ", "-"),
-            clean_name.lower().replace(" ", "_"),
         ]
 
         # Add variations with different cases
         for variation in base_variations:
-            potential_logins.extend(
-                [
-                    variation,
-                    variation.replace("-", ""),
-                    variation.replace("_", ""),
-                    variation.replace("-", "_"),
-                    variation.replace("_", "-"),
-                ]
-            )
+            potential_logins.extend([variation, variation.replace("-", "")])
 
         # Remove duplicates while preserving order
         seen = set()
         unique_logins = []
         for login in potential_logins:
+            # Skip invalid characters for GitHub logins
+            if "_" in login:
+                continue
             if login and login not in seen and len(login) >= min_login_length:
                 seen.add(login)
                 unique_logins.append(login)
@@ -306,3 +330,15 @@ def _print_summary(self):
                 self.stdout.write(f"  - {name}")
 
         self.stdout.write("\nSync completed successfully!")
+
+    def _update_badges(self):
+        """Update user badges based on synced awards."""
+        from django.core.management import call_command
+
+        self.stdout.write("Updating user badges...")
+        try:
+            call_command("owasp_update_badges")
+            self.stdout.write("Badge update completed successfully!")
+        except Exception as e:
+            logger.exception("Error updating badges")
+            self.stdout.write(self.style.ERROR(f"Error updating badges: {e!s}"))

backend/apps/owasp/management/commands/owasp_update_badges.py

@@ -29,17 +29,18 @@ def handle(self, *args, **options):
 
         # Get users with WASPY awards using the model method
         waspy_winners = Award.get_waspy_award_winners()
+        waspy_winner_ids = set(waspy_winners.values_list("id", flat=True))
+        waspy_winners_count = len(waspy_winner_ids)
 
         # Add badge to WASPY winners
         for user in waspy_winners:
             user.badges.add(waspy_badge)
 
         # Remove badge from users no longer on the WASPY winners list
         users_with_badge = User.objects.filter(badges=waspy_badge)
-        waspy_winner_ids = set(waspy_winners.values_list("id", flat=True))
 
         for user in users_with_badge:
             if user.id not in waspy_winner_ids:
                 user.badges.remove(waspy_badge)
 
-        self.stdout.write(f"Updated badges for {waspy_winners.count()} WASPY winners")
+        self.stdout.write(f"Updated badges for {waspy_winners_count} WASPY winners")

backend/apps/owasp/migrations/0049_award_unique_constraint.py

@@ -0,0 +1,12 @@
+# No-op migration: Award.name field is already unique
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("owasp", "0048_entitymember"),
+    ]
+
+    # No operations: Award.name field is already unique and sufficient
+    operations = []

backend/apps/owasp/models/award.py

@@ -140,10 +140,10 @@ def update_data(award_data: dict, *, save: bool = True) -> Award:
 
         """
         # Create unique name for each winner to satisfy unique constraint
-        award_title = award_data.get("title", "")
-        category = award_data.get("category", "")
+        award_title = (award_data.get("title") or "").strip()
+        category = (award_data.get("category") or "").strip()
         year = award_data.get("year")
-        winner_name = award_data.get("name", "").strip()
+        winner_name = (award_data.get("name") or "").strip()
 
         # Create unique name combining award title, winner, and year
         unique_name = f"{award_title} - {winner_name} ({year})"
@@ -157,6 +157,8 @@ def update_data(award_data: dict, *, save: bool = True) -> Award:
                 year=year,
                 winner_name=winner_name,
             )
+        except Award.MultipleObjectsReturned:
+            award = Award.objects.filter(name=unique_name).order_by("id").first()
 
         award.from_dict(award_data)
         if save:
@@ -172,9 +174,9 @@ def from_dict(self, data: dict) -> None:
 
         """
         fields = {
-            "description": data.get("description", ""),
-            "winner_info": data.get("info", ""),
-            "winner_image_url": data.get("image", ""),
+            "description": (data.get("description") or "").strip(),
+            "winner_info": (data.get("info") or data.get("winner_info") or "").strip(),
+            "winner_image_url": (data.get("image") or data.get("winner_image_url") or "").strip(),
         }
 
         for key, value in fields.items():

backend/tests/apps/owasp/management/__init__.py

@@ -0,0 +1 @@
+"""OWASP management tests module."""

backend/tests/apps/owasp/management/commands/__init__.py

@@ -0,0 +1 @@
+"""OWASP management commands tests module."""

backend/tests/apps/owasp/management/commands/owasp_update_badges_test.py

@@ -0,0 +1,90 @@
+"""Tests for owasp_update_badges management command."""
+
+from django.core.management import call_command
+from django.test import TestCase
+
+from apps.github.models.user import User
+from apps.nest.models.badge import Badge
+from apps.owasp.models.award import Award
+
+WASPY_BADGE_NAME = "WASPY Award Winner"
+
+
+class TestOwaspUpdateBadges(TestCase):
+    """Test cases for owasp_update_badges command."""
+
+    def setUp(self):
+        """Set up test data."""
+        self.user1 = User.objects.create(login="winner1", name="Winner One")
+        self.user2 = User.objects.create(login="not_winner", name="Not Winner")
+
+        # Reviewed WASPY award -> should receive badge
+        Award.objects.create(
+            category=Award.Category.WASPY,
+            name="Event Person of the Year - Winner One (2024)",
+            description="",
+            year=2024,
+            winner_name="Winner One",
+            user=self.user1,
+            is_reviewed=True,
+        )
+
+    def test_award_badge_add_and_remove(self):
+        """Test badge assignment and removal based on award status."""
+        # Run command - should assign badge to user1
+        call_command("owasp_update_badges")
+
+        waspy_badge = Badge.objects.get(name=WASPY_BADGE_NAME)
+        assert self.user1.badges.filter(pk=waspy_badge.pk).exists()
+        assert not self.user2.badges.filter(pk=waspy_badge.pk).exists()
+
+        # Make user1 no longer eligible by marking award as not reviewed
+        Award.objects.filter(user=self.user1).update(is_reviewed=False)
+        call_command("owasp_update_badges")
+
+        # Refresh and check badge was removed
+        self.user1.refresh_from_db()
+        assert not self.user1.badges.filter(pk=waspy_badge.pk).exists()
+
+    def test_repeated_runs(self):
+        """Test that running command twice doesn't create duplicates."""
+        call_command("owasp_update_badges")
+        call_command("owasp_update_badges")  # Run twice
+
+        waspy_badge = Badge.objects.get(name=WASPY_BADGE_NAME)
+        # Should still have exactly one badge association
+        assert self.user1.badges.filter(pk=waspy_badge.pk).count() == 1
+
+    def test_badge_creation(self):
+        """Test that badge is created if it doesn't exist."""
+        # Ensure badge doesn't exist
+        Badge.objects.filter(name=WASPY_BADGE_NAME).delete()
+
+        call_command("owasp_update_badges")
+
+        # Badge should be created
+        assert Badge.objects.filter(name=WASPY_BADGE_NAME).exists()
+
+        # User should have the badge
+        waspy_badge = Badge.objects.get(name=WASPY_BADGE_NAME)
+        assert self.user1.badges.filter(pk=waspy_badge.pk).exists()
+
+    def test_only_reviewed_awards_get_badges(self):
+        """Test that only reviewed awards result in badge assignment."""
+        # Create not reviewed award
+        Award.objects.create(
+            category=Award.Category.WASPY,
+            name="Another Award - Not Winner (2024)",
+            description="",
+            year=2024,
+            winner_name="Not Winner",
+            user=self.user2,
+            is_reviewed=False,  # Not reviewed
+        )
+
+        call_command("owasp_update_badges")
+
+        waspy_badge = Badge.objects.get(name=WASPY_BADGE_NAME)
+        # Only user1 (reviewed award) should have badge
+        assert self.user1.badges.filter(pk=waspy_badge.pk).exists()
+        assert not self.user2.badges.filter(pk=waspy_badge.pk).exists()