feat(admin): quarantine all projects for user (#18479)

Author: miketheman

tests/unit/accounts/test_models.py

@@ -159,6 +159,7 @@ def test_acl(self, db_session):
                 "Allow",
                 "group:admins",
                 (
+                    Permissions.AdminProjectsWrite,
                     Permissions.AdminUsersRead,
                     Permissions.AdminUsersWrite,
                     Permissions.AdminUsersEmailWrite,

tests/unit/admin/test_routes.py

@@ -147,6 +147,20 @@ def test_includeme():
             factory="warehouse.accounts.models:UserFactory",
             traverse="/{username}",
         ),
+        pretend.call(
+            "admin.user.quarantine_projects",
+            "/admin/users/{username}/quarantine_projects/",
+            domain=warehouse,
+            factory="warehouse.accounts.models:UserFactory",
+            traverse="/{username}",
+        ),
+        pretend.call(
+            "admin.user.clear_quarantine_projects",
+            "/admin/users/{username}/clear_quarantine_projects/",
+            domain=warehouse,
+            factory="warehouse.accounts.models:UserFactory",
+            traverse="/{username}",
+        ),
         pretend.call(
             "admin.macaroon.decode_token", "/admin/token/decode", domain=warehouse
         ),

tests/unit/admin/views/test_users.py

@@ -1590,3 +1590,213 @@ def test_user_email_delete_not_found(self, db_request):
         assert db_request.session.flash.calls == [
             pretend.call("Email not found", queue="error")
         ]
+
+
+class TestUserQuarantineProjects:
+    def test_quarantines_user_projects(self, db_request):
+        user = UserFactory.create()
+        project1 = ProjectFactory.create()
+        project2 = ProjectFactory.create()
+        RoleFactory(project=project1, user=user, role_name="Owner")
+        RoleFactory(project=project2, user=user, role_name="Maintainer")
+
+        db_request.matchdict["username"] = str(user.username)
+        db_request.params = {"username": user.username}
+        db_request.route_path = pretend.call_recorder(lambda *a, **kw: "/foobar")
+        db_request.session = pretend.stub(
+            flash=pretend.call_recorder(lambda *a, **kw: None)
+        )
+        db_request.user = UserFactory.create()
+
+        result = views.user_quarantine_projects(user, db_request)
+
+        assert isinstance(result, HTTPSeeOther)
+        assert result.headers["Location"] == "/foobar"
+        assert db_request.session.flash.calls == [
+            pretend.call(
+                f"Quarantined 2 project(s) for user {user.username!r}",
+                queue="success",
+            )
+        ]
+        assert project1.lifecycle_status == "quarantine-enter"
+        assert project2.lifecycle_status == "quarantine-enter"
+
+    def test_quarantines_user_projects_skips_already_quarantined(self, db_request):
+        user = UserFactory.create()
+        project1 = ProjectFactory.create(lifecycle_status="quarantine-enter")
+        project2 = ProjectFactory.create()
+        RoleFactory(project=project1, user=user, role_name="Owner")
+        RoleFactory(project=project2, user=user, role_name="Maintainer")
+
+        db_request.matchdict["username"] = str(user.username)
+        db_request.params = {"username": user.username}
+        db_request.route_path = pretend.call_recorder(lambda *a, **kw: "/foobar")
+        db_request.session = pretend.stub(
+            flash=pretend.call_recorder(lambda *a, **kw: None)
+        )
+        db_request.user = UserFactory.create()
+
+        result = views.user_quarantine_projects(user, db_request)
+
+        assert isinstance(result, HTTPSeeOther)
+        assert result.headers["Location"] == "/foobar"
+        assert db_request.session.flash.calls == [
+            pretend.call(
+                f"Quarantined 1 project(s) for user {user.username!r}",
+                queue="success",
+            )
+        ]
+        assert project1.lifecycle_status == "quarantine-enter"
+        assert project2.lifecycle_status == "quarantine-enter"
+
+    def test_quarantines_user_projects_no_projects_to_quarantine(self, db_request):
+        user = UserFactory.create()
+        project1 = ProjectFactory.create(lifecycle_status="quarantine-enter")
+        project2 = ProjectFactory.create(lifecycle_status="quarantine-enter")
+        RoleFactory(project=project1, user=user, role_name="Owner")
+        RoleFactory(project=project2, user=user, role_name="Maintainer")
+
+        db_request.matchdict["username"] = str(user.username)
+        db_request.params = {"username": user.username}
+        db_request.route_path = pretend.call_recorder(lambda *a, **kw: "/foobar")
+        db_request.session = pretend.stub(
+            flash=pretend.call_recorder(lambda *a, **kw: None)
+        )
+        db_request.user = UserFactory.create()
+
+        result = views.user_quarantine_projects(user, db_request)
+
+        assert isinstance(result, HTTPSeeOther)
+        assert result.headers["Location"] == "/foobar"
+        assert db_request.session.flash.calls == [
+            pretend.call(
+                f"No projects needed quarantining for user {user.username!r}",
+                queue="info",
+            )
+        ]
+
+    def test_quarantine_user_projects_bad_confirm(self, db_request):
+        user = UserFactory.create()
+        project = ProjectFactory.create()
+        RoleFactory(project=project, user=user, role_name="Owner")
+
+        db_request.matchdict["username"] = str(user.username)
+        db_request.params = {"username": "wrong"}
+        db_request.route_path = pretend.call_recorder(lambda a, **k: "/foobar")
+        db_request.session = pretend.stub(
+            flash=pretend.call_recorder(lambda *a, **kw: None)
+        )
+
+        result = views.user_quarantine_projects(user, db_request)
+
+        assert isinstance(result, HTTPSeeOther)
+        assert result.headers["Location"] == "/foobar"
+        assert db_request.session.flash.calls == [
+            pretend.call("Wrong confirmation input", queue="error")
+        ]
+        assert project.lifecycle_status is None
+
+
+class TestUserClearQuarantineProjects:
+    def test_clears_quarantine_user_projects(self, db_request):
+        user = UserFactory.create()
+        project1 = ProjectFactory.create(lifecycle_status="quarantine-enter")
+        project2 = ProjectFactory.create(lifecycle_status="quarantine-enter")
+        RoleFactory(project=project1, user=user, role_name="Owner")
+        RoleFactory(project=project2, user=user, role_name="Maintain")
+
+        db_request.matchdict["username"] = str(user.username)
+        db_request.params = {"username": user.username}
+        db_request.route_path = pretend.call_recorder(lambda *a, **kw: "/foobar")
+        db_request.session = pretend.stub(
+            flash=pretend.call_recorder(lambda *a, **kw: None)
+        )
+        db_request.user = UserFactory.create()
+
+        result = views.user_clear_quarantine_projects(user, db_request)
+
+        assert isinstance(result, HTTPSeeOther)
+        assert result.headers["Location"] == "/foobar"
+        assert db_request.session.flash.calls == [
+            pretend.call(
+                f"Cleared quarantine for 2 project(s) for {user.username!r}",
+                queue="success",
+            )
+        ]
+        assert project1.lifecycle_status == "quarantine-exit"
+        assert project2.lifecycle_status == "quarantine-exit"
+
+    def test_clears_quarantine_user_projects_skips_non_quarantined(self, db_request):
+        user = UserFactory.create()
+        project1 = ProjectFactory.create()  # Not quarantined
+        project2 = ProjectFactory.create(lifecycle_status="quarantine-enter")
+        RoleFactory(project=project1, user=user, role_name="Owner")
+        RoleFactory(project=project2, user=user, role_name="Maintainer")
+
+        db_request.matchdict["username"] = str(user.username)
+        db_request.params = {"username": user.username}
+        db_request.route_path = pretend.call_recorder(lambda *a, **kw: "/foobar")
+        db_request.session = pretend.stub(
+            flash=pretend.call_recorder(lambda *a, **kw: None)
+        )
+        db_request.user = UserFactory.create()
+
+        result = views.user_clear_quarantine_projects(user, db_request)
+
+        assert isinstance(result, HTTPSeeOther)
+        assert result.headers["Location"] == "/foobar"
+        assert db_request.session.flash.calls == [
+            pretend.call(
+                f"Cleared quarantine for 1 project(s) for {user.username!r}",
+                queue="success",
+            )
+        ]
+        assert project1.lifecycle_status is None
+        assert project2.lifecycle_status == "quarantine-exit"
+
+    def test_clears_quarantine_user_projects_no_quarantined_projects(self, db_request):
+        user = UserFactory.create()
+        project1 = ProjectFactory.create()
+        project2 = ProjectFactory.create()
+        RoleFactory(project=project1, user=user, role_name="Owner")
+        RoleFactory(project=project2, user=user, role_name="Maintainer")
+
+        db_request.matchdict["username"] = str(user.username)
+        db_request.params = {"username": user.username}
+        db_request.route_path = pretend.call_recorder(lambda *a, **kw: "/foobar")
+        db_request.session = pretend.stub(
+            flash=pretend.call_recorder(lambda *a, **kw: None)
+        )
+        db_request.user = UserFactory.create()
+
+        result = views.user_clear_quarantine_projects(user, db_request)
+
+        assert isinstance(result, HTTPSeeOther)
+        assert result.headers["Location"] == "/foobar"
+        assert db_request.session.flash.calls == [
+            pretend.call(
+                f"No quarantined projects found for user {user.username!r}",
+                queue="info",
+            )
+        ]
+
+    def test_clear_quarantine_user_projects_bad_confirm(self, db_request):
+        user = UserFactory.create()
+        project = ProjectFactory.create(lifecycle_status="quarantine-enter")
+        RoleFactory(project=project, user=user, role_name="Owner")
+
+        db_request.matchdict["username"] = str(user.username)
+        db_request.params = {"username": "wrong"}
+        db_request.route_path = pretend.call_recorder(lambda a, **k: "/foobar")
+        db_request.session = pretend.stub(
+            flash=pretend.call_recorder(lambda *a, **kw: None)
+        )
+
+        result = views.user_clear_quarantine_projects(user, db_request)
+
+        assert isinstance(result, HTTPSeeOther)
+        assert result.headers["Location"] == "/foobar"
+        assert db_request.session.flash.calls == [
+            pretend.call("Wrong confirmation input", queue="error")
+        ]
+        assert project.lifecycle_status == "quarantine-enter"

warehouse/accounts/models.py

@@ -294,6 +294,7 @@ def __acl__(self):
                 Allow,
                 "group:admins",
                 (
+                    Permissions.AdminProjectsWrite,
                     Permissions.AdminUsersRead,
                     Permissions.AdminUsersWrite,
                     Permissions.AdminUsersEmailWrite,

warehouse/admin/routes.py

@@ -145,6 +145,20 @@ def includeme(config):
         factory="warehouse.accounts.models:UserFactory",
         traverse="/{username}",
     )
+    config.add_route(
+        "admin.user.quarantine_projects",
+        "/admin/users/{username}/quarantine_projects/",
+        domain=warehouse,
+        factory="warehouse.accounts.models:UserFactory",
+        traverse="/{username}",
+    )
+    config.add_route(
+        "admin.user.clear_quarantine_projects",
+        "/admin/users/{username}/clear_quarantine_projects/",
+        domain=warehouse,
+        factory="warehouse.accounts.models:UserFactory",
+        traverse="/{username}",
+    )
 
     # Macaroon related Admin pages
     config.add_route(

warehouse/admin/templates/admin/users/detail.html

@@ -4,6 +4,7 @@
 
 {% import "admin/utils/pagination.html" as pagination %}
 
+{% set perms_admin_projects_write = request.has_permission(Permissions.AdminProjectsWrite) %}
 {% set perms_admin_users_write = request.has_permission(Permissions.AdminUsersWrite) %}
 {% set perms_admin_users_email_write = request.has_permission(Permissions.AdminUsersEmailWrite) %}
 {% set perms_admin_users_account_recovery_write = request.has_permission(Permissions.AdminUsersAccountRecoveryWrite) %}
@@ -127,6 +128,12 @@ <h2 class="card-title">Actions</h2>
               <i class="fa-solid fa-toilet-paper"></i> Wipe 2FA and recovery codes
             </button>
             {% endif %}
+            <button type="button" class="btn btn-block btn-warning" data-toggle="modal" data-target="#quarantineAllProjectsModal" {{ "disabled" if not perms_admin_projects_write }}>
+              <i class="icon fa fa-lock"></i> Quarantine all projects & freeze user
+            </button>
+            <button type="button" class="btn btn-block btn-success" data-toggle="modal" data-target="#clearQuarantineAllProjectsModal" {{ "disabled" if not perms_admin_projects_write }}>
+              <i class="icon fa fa-unlock"></i> Clear all projects from quarantine
+            </button>
             <div class="modal fade" id="freezeModal" tabindex="-1" role="dialog">
               <form method="POST" action="{{ request.route_path('admin.user.freeze', username=user.username) }}">
                 <input name="csrf_token" type="hidden" value="{{ request.session.get_csrf_token() }}">
@@ -172,7 +179,7 @@ <h4 class="modal-title" id="nukeModalLabel">Freeze user {{ user.username }} and
                 </div>
               </form>
             </div>
-<div class="modal fade" id="nukeModal" tabindex="-1" role="dialog">
+            <div class="modal fade" id="nukeModal" tabindex="-1" role="dialog">
               <form method="POST" action="{{ request.route_path('admin.user.delete', username=user.username) }}">
                 <input name="csrf_token" type="hidden" value="{{ request.session.get_csrf_token() }}">
                 <div class="modal-dialog" role="document">
@@ -280,6 +287,59 @@ <h4 class="modal-title" id="wipeFactorsModalLabel">Wipe second/recovery factors
                 </div>
               </form>
             </div>
+            <!-- Quarantine All Projects Modal -->
+            <div class="modal fade" id="quarantineAllProjectsModal" tabindex="-1" role="dialog">
+              <form method="POST" action="{{ request.route_path('admin.user.quarantine_projects', username=user.username) }}">
+                <input name="csrf_token" type="hidden" value="{{ request.session.get_csrf_token() }}">
+                <div class="modal-dialog" role="document">
+                  <div class="modal-content">
+                    <div class="modal-header">
+                      <h4 class="modal-title">Quarantine all projects for {{ user.username }}?</h4>
+                      <button type="button" class="close" data-dismiss="modal">
+                        <span>&times;</span>
+                      </button>
+                    </div>
+                    <div class="modal-body">
+                      <p>This will quarantine all projects owned by this user, removing them from public APIs until cleared or removed.</p>
+                      <p>This action is reversible.</p>
+                      <hr>
+                      <p>Enter username '{{ user.username }}' to confirm:</p>
+                      <input type="text" name="username" placeholder="{{ user.username }}" autocomplete="off" autocorrect="off" autocapitalize="off">
+                    </div>
+                    <div class="modal-footer">
+                      <button type="button" class="btn btn-secondary" data-dismiss="modal">Close</button>
+                      <button type="submit" class="btn btn-warning">Quarantine all projects</button>
+                    </div>
+                  </div>
+                </div>
+              </form>
+            </div>
+            <!-- Clear Quarantine All Projects Modal -->
+            <div class="modal fade" id="clearQuarantineAllProjectsModal" tabindex="-1" role="dialog">
+              <form method="POST" action="{{ request.route_path('admin.user.clear_quarantine_projects', username=user.username) }}">
+                <input name="csrf_token" type="hidden" value="{{ request.session.get_csrf_token() }}">
+                <div class="modal-dialog" role="document">
+                  <div class="modal-content">
+                    <div class="modal-header">
+                      <h4 class="modal-title">Clear quarantine for all projects for {{ user.username }}?</h4>
+                      <button type="button" class="close" data-dismiss="modal">
+                        <span>&times;</span>
+                      </button>
+                    </div>
+                    <div class="modal-body">
+                      <p>This will clear quarantine for all quarantined projects owned by this user, making them publicly available again.</p>
+                      <hr>
+                      <p>Enter username '{{ user.username }}' to confirm:</p>
+                      <input type="text" name="username" placeholder="{{ user.username }}" autocomplete="off" autocorrect="off" autocapitalize="off">
+                    </div>
+                    <div class="modal-footer">
+                      <button type="button" class="btn btn-secondary" data-dismiss="modal">Close</button>
+                      <button type="submit" class="btn btn-success">Clear quarantine for all projects</button>
+                    </div>
+                  </div>
+                </div>
+              </form>
+            </div>
           </div>
         </div>
       </div> <!-- .card -->