WIP

Author: dakshbhayana11811137

tests/common/constants.py

@@ -0,0 +1,39 @@
+# Pytest Fixture Constants
+
+REMOTE_ADDR = "1.2.3.4"
+
+REMOTE_ADDR_HASHED = "6694f83c9f476da31f5df6bcc520034e7e57d421d247b9d34f49edbfc84a764c"
+
+REMOTE_ADDR_SALTED = "a69a49383d81404e4b1df297c7baa28e1cd6c4ee1495ed5d0ab165a63a147763"
+
+DUMMY_GITHUB_OIDC_JWT = (
+        "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiI2ZTY3YjFjYi0yYjhkLTRiZ"
+        "TUtOTFjYi03NTdlZGIyZWM5NzAiLCJzdWIiOiJyZXBvOmZvby9iYXIiLCJhdWQiOiJweXB"
+        "pIiwicmVmIjoiZmFrZSIsInNoYSI6ImZha2UiLCJyZXBvc2l0b3J5IjoiZm9vL2JhciIsI"
+        "nJlcG9zaXRvcnlfb3duZXIiOiJmb28iLCJyZXBvc2l0b3J5X293bmVyX2lkIjoiMTIzIiw"
+        "icnVuX2lkIjoiZmFrZSIsInJ1bl9udW1iZXIiOiJmYWtlIiwicnVuX2F0dGVtcHQiOiIxI"
+        "iwicmVwb3NpdG9yeV9pZCI6ImZha2UiLCJhY3Rvcl9pZCI6ImZha2UiLCJhY3RvciI6ImZ"
+        "vbyIsIndvcmtmbG93IjoiZmFrZSIsImhlYWRfcmVmIjoiZmFrZSIsImJhc2VfcmVmIjoiZ"
+        "mFrZSIsImV2ZW50X25hbWUiOiJmYWtlIiwicmVmX3R5cGUiOiJmYWtlIiwiZW52aXJvbm1"
+        "lbnQiOiJmYWtlIiwiam9iX3dvcmtmbG93X3JlZiI6ImZvby9iYXIvLmdpdGh1Yi93b3JrZ"
+        "mxvd3MvZXhhbXBsZS55bWxAZmFrZSIsImlzcyI6Imh0dHBzOi8vdG9rZW4uYWN0aW9ucy5"
+        "naXRodWJ1c2VyY29udGVudC5jb20iLCJuYmYiOjE2NTA2NjMyNjUsImV4cCI6MTY1MDY2N"
+        "DE2NSwiaWF0IjoxNjUwNjYzODY1fQ.f-FMv5FF5sdxAWeUilYDt9NoE7Et0vbdNhK32c2o"
+        "C-E"
+    )
+
+DUMMY_ACTIVESTATE_OIDC_JWT = (
+        "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiI2ZTY3YjFjYi0yYjhkLTRi"
+        "ZTUtOTFjYi03NTdlZGIyZWM5NzAiLCJzdWIiOiJvcmc6ZmFrZW9yZzpwcm9qZWN0OmZha"
+        "2Vwcm9qZWN0IiwiYXVkIjoicHlwaSIsImFjdG9yX2lkIjoiZmFrZSIsImFjdG9yIjoiZm"
+        "9vIiwib3JhZ2FuaXphdGlvbl9pZCI6IjdlNjdiMWNiLTJiOGQtNGJlNS05MWNiLTc1N2V"
+        "kYjJlYzk3MCIsIm9yZ2FuaXphdGlvbiI6ImZha2VvcmciLCJwcm9qZWN0X3Zpc2liaWxp"
+        "dHkiOiJwcml2YXRlIiwicHJvamVjdF9pZCI6IjhlNjdiMWNiLTJiOGQtNGJlNS05MWNiL"
+        "Tc1N2VkYjJlYzk3MCIsInByb2plY3RfcGF0aCI6ImZha2VvcmcvZmFrZXByb2plY3QiLC"
+        "Jwcm9qZWN0IjoiZmFrZXByb2plY3QiLCJidWlsZGVyIjoicHlwaV9idWlsZGVyIiwiaW5"
+        "ncmVkaWVudF9uYW1lIjoiZmFrZWluZ3JlZGllbnQiLCJhcnRpZmFjdF9pZCI6IjllNjdi"
+        "MWNiLTJiOGQtNGJlNS05MWNiLTc1N2VkYjJlYzk3MCIsImlzcyI6Imh0dHBzOi8vcGxhd"
+        "GZvcm0uYWN0aXZlc3RhdGUuY29tL2FwaS92MS9vYXV0aC9vaWRjIiwibmJmIjoxNjUwNj"
+        "YzMjY1LCJleHAiOjE2NTA2NjQxNjUsImlhdCI6MTY1MDY2Mzg2NX0.R4q-vWAFXHrBSBK"
+        "AZuHHIsGOkqlirPxEtLfjLIDiLr0"
+    )

tests/conftest.py

@@ -69,6 +69,8 @@
 from .common.db.accounts import EmailFactory, UserFactory
 from .common.db.ip_addresses import IpAddressFactory
 
+from common.constants import REMOTE_ADDR, REMOTE_ADDR_HASHED, REMOTE_ADDR_SALTED
+
 _HERE = Path(__file__).parent.resolve()
 _FIXTURES = _HERE / "_fixtures"
 
@@ -216,8 +218,8 @@ def pyramid_request(pyramid_services, jinja, remote_addr, remote_addr_hashed):
     pyramid.testing.setUp()
     dummy_request = pyramid.testing.DummyRequest()
     dummy_request.find_service = pyramid_services.find_service
-    dummy_request.remote_addr = remote_addr
-    dummy_request.remote_addr_hashed = remote_addr_hashed
+    dummy_request.remote_addr = REMOTE_ADDR
+    dummy_request.remote_addr_hashed = REMOTE_ADDR_HASHED
     dummy_request.authentication_method = pretend.stub()
     dummy_request._unauthenticated_userid = None
     dummy_request.user = None
@@ -438,7 +440,7 @@ def db_session(app_config):
 @pytest.fixture
 def user_service(db_session, metrics, remote_addr):
     return account_services.DatabaseUserService(
-        db_session, metrics=metrics, remote_addr=remote_addr
+        db_session, metrics=metrics, remote_addr=REMOTE_ADDR
     )
 
 
@@ -768,7 +770,7 @@ def webtest(app_config_dbsession_from_env, remote_addr, tm):
                 "warehouse.db_session": _db_session,
                 "tm.active": True,  # disable pyramid_tm
                 "tm.manager": tm,  # pass in our own tm for the app to use
-                "REMOTE_ADDR": remote_addr,  # set the same address for all requests
+                "REMOTE_ADDR": REMOTE_ADDR,  # set the same address for all requests
             },
         )
         yield testapp

tests/unit/accounts/test_forms.py

@@ -33,12 +33,12 @@
 from warehouse.captcha import recaptcha
 from warehouse.events.tags import EventTag
 from warehouse.utils.webauthn import AuthenticationRejectedError
-
+from common.constants import REMOTE_ADDR
 
 class TestLoginForm:
     def test_validate(self):
         request = pretend.stub(
-            remote_addr="1.2.3.4",
+            remote_addr=REMOTE_ADDR,
             banned=pretend.stub(
                 by_ip=lambda ip_address: False,
             ),
@@ -119,7 +119,7 @@ def test_validate_username_with_user(self, input_username, expected_username):
 
     def test_validate_password_no_user(self):
         request = pretend.stub(
-            remote_addr="1.2.3.4",
+            remote_addr=REMOTE_ADDR,
             banned=pretend.stub(
                 by_ip=lambda ip_address: False,
             ),
@@ -145,7 +145,7 @@ def test_validate_password_no_user(self):
 
     def test_validate_password_disabled_for_compromised_pw(self, db_session):
         request = pretend.stub(
-            remote_addr="1.2.3.4", banned=pretend.stub(by_ip=lambda ip_address: False)
+            remote_addr=REMOTE_ADDR, banned=pretend.stub(by_ip=lambda ip_address: False)
         )
         user_service = pretend.stub(
             find_userid=pretend.call_recorder(lambda userid: 1),
@@ -176,7 +176,7 @@ def test_validate_password_disabled_for_compromised_pw(self, db_session):
 
     def test_validate_password_ok(self):
         request = pretend.stub(
-            remote_addr="1.2.3.4",
+            remote_addr=REMOTE_ADDR,
             banned=pretend.stub(
                 by_ip=lambda ip_address: False,
             ),
@@ -216,7 +216,7 @@ def test_validate_password_ok(self):
 
     def test_validate_password_notok(self, db_session):
         request = pretend.stub(
-            remote_addr="1.2.3.4",
+            remote_addr=REMOTE_ADDR,
             banned=pretend.stub(
                 by_ip=lambda ip_address: False,
             ),
@@ -259,7 +259,7 @@ def test_validate_password_notok(self, db_session):
 
     def test_validate_password_too_many_failed(self):
         request = pretend.stub(
-            remote_addr="1.2.3.4",
+            remote_addr=REMOTE_ADDR,
             banned=pretend.stub(
                 by_ip=lambda ip_address: False,
             ),
@@ -297,7 +297,7 @@ def test_password_breached(self, monkeypatch):
 
         user = pretend.stub(id=1)
         request = pretend.stub(
-            remote_addr="1.2.3.4",
+            remote_addr=REMOTE_ADDR,
             banned=pretend.stub(
                 by_ip=lambda ip_address: False,
             ),
@@ -334,7 +334,7 @@ def test_password_breached(self, monkeypatch):
 
     def test_validate_password_ok_ip_banned(self):
         request = pretend.stub(
-            remote_addr="1.2.3.4",
+            remote_addr=REMOTE_ADDR,
             banned=pretend.stub(
                 by_ip=lambda ip_address: True,
             ),
@@ -368,7 +368,7 @@ def test_validate_password_ok_ip_banned(self):
 
     def test_validate_password_notok_ip_banned(self, db_session):
         request = pretend.stub(
-            remote_addr="1.2.3.4",
+            remote_addr=REMOTE_ADDR,
             banned=pretend.stub(
                 by_ip=lambda ip_address: True,
             ),
@@ -980,7 +980,7 @@ class TestTOTPAuthenticationForm:
     def test_validate(self, totp_value):
         user = pretend.stub(record_event=pretend.call_recorder(lambda *a, **kw: None))
         get_user = pretend.call_recorder(lambda userid: user)
-        request = pretend.stub(remote_addr="1.2.3.4")
+        request = pretend.stub(remote_addr=REMOTE_ADDR)
 
         form = forms.TOTPAuthenticationForm(
             formdata=MultiDict({"totp_value": totp_value}),
@@ -1003,7 +1003,7 @@ def test_validate(self, totp_value):
     def test_totp_secret_not_valid(self, pyramid_config, totp_value, expected_error):
         user = pretend.stub(record_event=pretend.call_recorder(lambda *a, **kw: None))
         get_user = pretend.call_recorder(lambda userid: user)
-        request = pretend.stub(remote_addr="1.2.3.4")
+        request = pretend.stub(remote_addr=REMOTE_ADDR)
 
         form = forms.TOTPAuthenticationForm(
             formdata=MultiDict({"totp_value": totp_value}),
@@ -1028,7 +1028,7 @@ def test_totp_secret_raises(
     ):
         user = pretend.stub(record_event=pretend.call_recorder(lambda *a, **kw: None))
         get_user = pretend.call_recorder(lambda userid: user)
-        request = pretend.stub(remote_addr="1.2.3.4")
+        request = pretend.stub(remote_addr=REMOTE_ADDR)
 
         user_service = pretend.stub(
             check_totp_value=pretend.raiser(exception),
@@ -1163,7 +1163,7 @@ def test_validate(self):
 
 class TestRecoveryCodeForm:
     def test_validate(self, monkeypatch):
-        request = pretend.stub(remote_addr="1.2.3.4")
+        request = pretend.stub(remote_addr=REMOTE_ADDR)
         user = pretend.stub(id=pretend.stub(), username="foobar")
         user_service = pretend.stub(
             check_recovery_code=pretend.call_recorder(lambda *a, **kw: True),

tests/unit/accounts/test_security_policy.py

@@ -21,7 +21,7 @@
 from warehouse.accounts import UserContext, security_policy
 from warehouse.accounts.interfaces import IUserService
 from warehouse.utils.security_policy import AuthenticationMethod
-
+from common.constants import REMOTE_ADDR
 
 class TestBasicAuthSecurityPolicy:
     def test_verify(self):
@@ -99,12 +99,12 @@ def test_identity_credentials_fail(self, monkeypatch):
             pretend.stub(
                 matched_route=None,
                 banned=pretend.stub(by_ip=lambda ip_address: False),
-                remote_addr="1.2.3.4",
+                remote_addr=REMOTE_ADDR,
             ),
             pretend.stub(
                 matched_route=pretend.stub(name="an.invalid.route"),
                 banned=pretend.stub(by_ip=lambda ip_address: False),
-                remote_addr="1.2.3.4",
+                remote_addr=REMOTE_ADDR,
             ),
         ],
     )
@@ -203,7 +203,7 @@ def test_identity_missing_route(self, monkeypatch):
             add_response_callback=pretend.call_recorder(lambda cb: None),
             matched_route=None,
             banned=pretend.stub(by_ip=lambda ip_address: False),
-            remote_addr="1.2.3.4",
+            remote_addr=REMOTE_ADDR,
         )
 
         assert policy.identity(request) is None
@@ -237,7 +237,7 @@ def test_identity_invalid_route(self, route_name, monkeypatch):
             add_response_callback=pretend.call_recorder(lambda cb: None),
             matched_route=pretend.stub(name=route_name),
             banned=pretend.stub(by_ip=lambda ip_address: False),
-            remote_addr="1.2.3.4",
+            remote_addr=REMOTE_ADDR,
         )
 
         assert policy.identity(request) is None
@@ -266,7 +266,7 @@ def test_identity_no_userid(self, monkeypatch):
             add_response_callback=pretend.call_recorder(lambda cb: None),
             matched_route=pretend.stub(name="a.permitted.route"),
             banned=pretend.stub(by_ip=lambda ip_address: False),
-            remote_addr="1.2.3.4",
+            remote_addr=REMOTE_ADDR,
         )
 
         assert policy.identity(request) is None
@@ -299,7 +299,7 @@ def test_identity_no_user(self, monkeypatch):
             matched_route=pretend.stub(name="a.permitted.route"),
             find_service=pretend.call_recorder(lambda i, **kw: user_service),
             banned=pretend.stub(by_ip=lambda ip_address: False),
-            remote_addr="1.2.3.4",
+            remote_addr=REMOTE_ADDR,
         )
 
         assert policy.identity(request) is None
@@ -345,7 +345,7 @@ def test_identity_password_outdated(self, monkeypatch):
                 flash=pretend.call_recorder(lambda *a, **kw: None),
             ),
             banned=pretend.stub(by_ip=lambda ip_address: False),
-            remote_addr="1.2.3.4",
+            remote_addr=REMOTE_ADDR,
         )
 
         assert policy.identity(request) is None
@@ -397,7 +397,7 @@ def test_identity_is_disabled(self, monkeypatch):
                 flash=pretend.call_recorder(lambda *a, **kw: None),
             ),
             banned=pretend.stub(by_ip=lambda ip_address: False),
-            remote_addr="1.2.3.4",
+            remote_addr=REMOTE_ADDR,
         )
 
         assert policy.identity(request) is None
@@ -448,7 +448,7 @@ def test_identity(self, monkeypatch):
                 password_outdated=pretend.call_recorder(lambda ts: False)
             ),
             banned=pretend.stub(by_ip=lambda ip_address: False),
-            remote_addr="1.2.3.4",
+            remote_addr=REMOTE_ADDR,
         )
 
         assert policy.identity(request).user is user
@@ -493,7 +493,7 @@ def test_identity_ip_banned(self, monkeypatch):
                 password_outdated=pretend.call_recorder(lambda ts: False)
             ),
             banned=pretend.stub(by_ip=lambda ip_address: True),
-            remote_addr="1.2.3.4",
+            remote_addr=REMOTE_ADDR,
         )
 
         assert policy.identity(request) is None

tests/unit/accounts/test_services.py

@@ -49,7 +49,7 @@
 
 from ...common.db.accounts import EmailFactory, UserFactory
 from ...common.db.ip_addresses import IpAddressFactory
-
+from common.constants import REMOTE_ADDR
 
 class TestDatabaseUserService:
     def test_verify_service(self):
@@ -62,7 +62,7 @@ def test_service_creation(self, monkeypatch, remote_addr):
 
         session = pretend.stub()
         service = services.DatabaseUserService(
-            session, metrics=NullMetrics(), remote_addr=remote_addr
+            session, metrics=NullMetrics(), remote_addr=REMOTE_ADDR
         )
 
         assert service.db is session
@@ -95,7 +95,7 @@ def test_service_creation_ratelimiters(self, monkeypatch, remote_addr):
         service = services.DatabaseUserService(
             session,
             metrics=NullMetrics(),
-            remote_addr=remote_addr,
+            remote_addr=REMOTE_ADDR,
             ratelimiters=ratelimiters,
         )
 
@@ -227,8 +227,8 @@ def test_check_password_ip_rate_limited(self, user_service, metrics, remote_addr
             user_service.check_password(user.id, None)
 
         assert excinfo.value.resets_in is resets
-        assert limiter.test.calls == [pretend.call(remote_addr)]
-        assert limiter.resets_in.calls == [pretend.call(remote_addr)]
+        assert limiter.test.calls == [pretend.call(REMOTE_ADDR)]
+        assert limiter.resets_in.calls == [pretend.call(REMOTE_ADDR)]
         assert metrics.increment.calls == [
             pretend.call(
                 "warehouse.authentication.start", tags=["mechanism:check_password"]
@@ -397,8 +397,8 @@ def test_add_email_rate_limited(self, user_service, metrics, remote_addr):
             user_service.add_email(user.id, user.email)
 
         assert excinfo.value.resets_in is resets
-        assert limiter.test.calls == [pretend.call(remote_addr)]
-        assert limiter.resets_in.calls == [pretend.call(remote_addr)]
+        assert limiter.test.calls == [pretend.call(REMOTE_ADDR)]
+        assert limiter.resets_in.calls == [pretend.call(REMOTE_ADDR)]
         assert metrics.increment.calls == [
             pretend.call(
                 "warehouse.email.add.ratelimited", tags=["ratelimiter:email.add"]
@@ -1165,15 +1165,15 @@ def find_service(iface, name=None, context=None):
 
     context = pretend.stub()
     request = pretend.stub(
-        db=pretend.stub(), find_service=find_service, remote_addr=remote_addr
+        db=pretend.stub(), find_service=find_service, remote_addr=REMOTE_ADDR
     )
 
     assert services.database_login_factory(context, request) is service_obj
     assert service_cls.calls == [
         pretend.call(
             request.db,
             metrics=metrics,
-            remote_addr=remote_addr,
+            remote_addr=REMOTE_ADDR,
             ratelimiters={
                 "global.login": global_login_ratelimiter,
                 "user.login": user_login_ratelimiter,

tests/unit/email/test_init.py

@@ -26,7 +26,7 @@
 
 from ...common.db.accounts import EmailFactory, UserFactory
 from ...common.db.organizations import TeamFactory
-
+from common.constants import REMOTE_ADDR
 
 @pytest.mark.parametrize(
     ("user", "address", "expected"),
@@ -66,11 +66,11 @@ def test_compute_recipient(user, address, expected):
 @pytest.mark.parametrize(
     ("unauthenticated_userid", "user", "remote_addr", "expected"),
     [
-        ("the_users_id", None, "1.2.3.4", False),
-        ("some_other_id", None, "1.2.3.4", True),
-        (None, pretend.stub(id="the_users_id"), "1.2.3.4", False),
-        (None, pretend.stub(id="some_other_id"), "1.2.3.4", True),
-        (None, None, "1.2.3.4", False),
+        ("the_users_id", None, REMOTE_ADDR, False),
+        ("some_other_id", None, REMOTE_ADDR, True),
+        (None, pretend.stub(id="the_users_id"), REMOTE_ADDR, False),
+        (None, pretend.stub(id="some_other_id"), REMOTE_ADDR, True),
+        (None, None, REMOTE_ADDR, False),
         (None, None, "127.0.0.1", True),
     ],
 )
@@ -85,7 +85,7 @@ def test_redact_ip(unauthenticated_userid, user, remote_addr, expected):
                 filter=lambda a: pretend.stub(one=lambda: user_email)
             )
         ),
-        remote_addr=remote_addr,
+        remote_addr=REMOTE_ADDR,
     )
     assert email._redact_ip(request, user_email) == expected