Request organization account (pypi#11184)

* admin-new-organization-requested email template

* new-orgnization-requested email template

* Test admin-new-organization-requested email

* Test new-organization-requested email

* Translate *-organization-requested consistently

* `make translations` for *-organization-requested

* Remove translations from admin-* emails

On second thought, we probably don't want localization for admin emails.

* Initial cut at db model architecture

* Ran code thru make reformat and lint (pypa#11070)

* Added tests for new db models (pypa#11070)

* Numerous tweaks to db models

* Require value for is_active and ran reformat.

* Regenerate migrations for Organization models

    docker-compose run web python -m warehouse db revision --autogenerate --message "Create Organization models"
    make reformat

Forced to regenerate migrations due to recent database changes (pypi#11157).

* Numerous tweaks to alembic scripts

* Initial implementation of organization service.

* Implementing organization events functionality.

* Added tests for organization services.

* Added OrganizationFactory class for model.

* Blank /manage/organizations/ page

* Create organization form on /manage/organizations/

- Organization account name
- Organization name
- Organization URL
- Organization description
- Organization type

* Register DatabaseOrganizationService

Found the droids that we're looking for.

* POST /manage/organizations/ database updates

* Add .get_admins method to user service

* POST /manage/organizations/ email notifications

* Blank /admin/organizations/approve/ page

This is a placeholder so we can reference `admin.organization.approve`
as a route in the admin-new-organization-requested email.

* Test GET /manage/organizations/

- `ManageOrganizationsViews.default_response`
- `ManageOrganizationsViews.manage_organizations()`

* Translations for /manage/organizations/

    make translations

* Fixed OrganizationType enum.

* Test POST /manage/organizations/

- `ManageOrganizationsViews.create_organization()`

* Test CreateOrganizationForm

* Placeholder to test /admin/organizations/approve/

Provides code coverage for the blank page added in 2c70616.

* Test `DatabaseUserService.get_admins()`

* NFC: Add comments about intentionally blank page

* Record events for POST /manage/organizations/

Co-Authored-By: sterbo <matt.sterba@gmail.com>

* Test record events for POST /manage/organizations/

* Functional test for POST /manage/organizations/

* Comment out `OrganizationFactory` for future use

Co-Authored-By: sterbo <matt.sterba@gmail.com>

* NFC: Fix camel case for class names

* Converted OrganizationRoleType to SQLAlchemy Enum

* Add disable-organizations global admin flag

* Add `AdminFlagValue.DISABLE_ORGANIZATIONS`

* Modified org name catalog to store normalized name

* {OrganizationEvents => Organization.Events}

- Remove `OrganizationEvents` class
- Add `HasEvents` mixing to `Organization`
- Update references {OrganizationEvents => Organization.Events}
- Update database migration {organization_id => source_id}

* Store id instead of username in new events

`Organization.Event` with tag:

- organization:create
- organization:catalog_entry:add
- organization:organization_role:invite
- organization:organization_role:accepted

`User.Event` with tag:

- account:organization_role:accepted

* Display CreateOrganizationForm errors

If there is a validation error, return the existing invalid form instead
of a new blank form so user can actually see that validation error.

* Tweak naming in events data {*_id => *_user_id}

- {created_by_id => created_by_user_id}
- {submitted_by_id => submitted_by_user_id}

Discussed with @ewdurbin. Using `*_user_id` seems more clear.

Co-authored-by: sterbo <matt.sterba@gmail.com>

Author: 2 people

tests/common/db/organizations.py

@@ -0,0 +1,97 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import datetime
+
+import factory
+import faker
+
+from warehouse.organizations.models import (
+    Organization,
+    OrganizationInvitation,
+    OrganizationNameCatalog,
+    OrganizationProject,
+    OrganizationRole,
+)
+
+from .accounts import UserFactory
+from .base import WarehouseFactory
+from .packaging import ProjectFactory
+
+fake = faker.Faker()
+
+
+class OrganizationFactory(WarehouseFactory):
+    class Meta:
+        model = Organization
+
+    id = factory.Faker("uuid4", cast_to=None)
+    name = factory.Faker("word")
+    normalized_name = factory.Faker("word")
+    display_name = factory.Faker("word")
+    orgtype = "Community"
+    link_url = factory.Faker("uri")
+    description = factory.Faker("sentence")
+    is_active = True
+    is_approved = False
+    created = factory.Faker(
+        "date_time_between_dates",
+        datetime_start=datetime.datetime(2020, 1, 1),
+        datetime_end=datetime.datetime(2022, 1, 1),
+    )
+    date_approved = factory.Faker(
+        "date_time_between_dates", datetime_start=datetime.datetime(2020, 1, 1)
+    )
+
+
+class OrganizationEventFactory(WarehouseFactory):
+    class Meta:
+        model = Organization.Event
+
+    source = factory.SubFactory(OrganizationFactory)
+
+
+class OrganizationNameCatalogFactory(WarehouseFactory):
+    class Meta:
+        model = OrganizationNameCatalog
+
+    name = factory.Faker("orgname")
+    organization_id = factory.Faker("uuid4", cast_to=None)
+
+
+class OrganizationRoleFactory(WarehouseFactory):
+    class Meta:
+        model = OrganizationRole
+
+    role_name = "Owner"
+    user = factory.SubFactory(UserFactory)
+    organization = factory.SubFactory(OrganizationFactory)
+
+
+class OrganizationInvitationFactory(WarehouseFactory):
+    class Meta:
+        model = OrganizationInvitation
+
+    invite_status = "pending"
+    token = "test_token"
+    user = factory.SubFactory(UserFactory)
+    organization = factory.SubFactory(OrganizationFactory)
+
+
+class OrganizationProjectFactory(WarehouseFactory):
+    class Meta:
+        model = OrganizationProject
+
+    id = factory.Faker("uuid4", cast_to=None)
+    is_active = True
+    organization = factory.SubFactory(OrganizationFactory)
+    project = factory.SubFactory(ProjectFactory)

tests/conftest.py

@@ -45,6 +45,7 @@
 from warehouse.email.interfaces import IEmailSender
 from warehouse.macaroons import services as macaroon_services
 from warehouse.metrics import IMetricsService
+from warehouse.organizations import services as organization_services
 
 from .common.db import Session
 
@@ -285,6 +286,13 @@ def macaroon_service(db_session):
     return macaroon_services.DatabaseMacaroonService(db_session)
 
 
+@pytest.fixture
+def organization_service(db_session, remote_addr):
+    return organization_services.DatabaseOrganizationService(
+        db_session, remote_addr=remote_addr
+    )
+
+
 @pytest.fixture
 def token_service(app_config):
     return account_services.TokenService(secret="secret", salt="salt", max_age=21600)

tests/functional/manage/test_views.py

@@ -15,26 +15,91 @@
 from webob.multidict import MultiDict
 
 from warehouse.accounts.interfaces import IPasswordBreachedService, IUserService
+from warehouse.admin.flags import AdminFlagValue
 from warehouse.manage import views
+from warehouse.organizations.interfaces import IOrganizationService
+from warehouse.organizations.models import OrganizationType
 
 from ...common.db.accounts import EmailFactory, UserFactory
 
 
 class TestManageAccount:
     def test_save_account(self, pyramid_services, user_service, db_request):
         breach_service = pretend.stub()
+        organization_service = pretend.stub()
         pyramid_services.register_service(user_service, IUserService, None)
         pyramid_services.register_service(
             breach_service, IPasswordBreachedService, None
         )
+        pyramid_services.register_service(
+            organization_service, IOrganizationService, None
+        )
         user = UserFactory.create(name="old name")
         EmailFactory.create(primary=True, verified=True, public=True, user=user)
         db_request.user = user
         db_request.method = "POST"
         db_request.path = "/manage/accounts/"
         db_request.POST = MultiDict({"name": "new name", "public_email": ""})
-        views.ManageAccountViews(db_request).save_account()
 
+        views.ManageAccountViews(db_request).save_account()
         user = user_service.get_user(user.id)
+
         assert user.name == "new name"
         assert user.public_email is None
+
+
+class TestManageOrganizations:
+    def test_create_organization(
+        self,
+        pyramid_services,
+        user_service,
+        organization_service,
+        db_request,
+        monkeypatch,
+    ):
+        pyramid_services.register_service(user_service, IUserService, None)
+        pyramid_services.register_service(
+            organization_service, IOrganizationService, None
+        )
+        user = UserFactory.create(name="old name")
+        EmailFactory.create(primary=True, verified=True, public=True, user=user)
+        db_request.user = user
+        db_request.method = "POST"
+        db_request.path = "/manage/organizations/"
+        db_request.POST = MultiDict(
+            {
+                "name": "psf",
+                "display_name": "Python Software Foundation",
+                "orgtype": "Community",
+                "link_url": "https://www.python.org/psf/",
+                "description": (
+                    "To promote, protect, and advance the Python programming "
+                    "language, and to support and facilitate the growth of a "
+                    "diverse and international community of Python programmers"
+                ),
+            }
+        )
+        monkeypatch.setattr(
+            db_request,
+            "flags",
+            pretend.stub(enabled=pretend.call_recorder(lambda *a: False)),
+        )
+        send_email = pretend.call_recorder(lambda *a, **kw: None)
+        monkeypatch.setattr(
+            views, "send_admin_new_organization_requested_email", send_email
+        )
+        monkeypatch.setattr(views, "send_new_organization_requested_email", send_email)
+
+        views.ManageOrganizationsViews(db_request).create_organization()
+        organization = organization_service.get_organization_by_name(
+            db_request.POST["name"]
+        )
+
+        assert db_request.flags.enabled.calls == [
+            pretend.call(AdminFlagValue.DISABLE_ORGANIZATIONS),
+        ]
+        assert organization.name == db_request.POST["name"]
+        assert organization.display_name == db_request.POST["display_name"]
+        assert organization.orgtype == OrganizationType[db_request.POST["orgtype"]]
+        assert organization.link_url == db_request.POST["link_url"]
+        assert organization.description == db_request.POST["description"]

tests/unit/accounts/test_services.py

@@ -408,6 +408,14 @@ def test_get_user_by_email_failure(self, user_service):
 
         assert found_user is None
 
+    def test_get_admins(self, user_service):
+        admin = UserFactory.create(is_superuser=True)
+        user = UserFactory.create(is_superuser=False)
+        admins = user_service.get_admins()
+
+        assert admin in admins
+        assert user not in admins
+
     def test_disable_password(self, user_service):
         user = UserFactory.create()
 

tests/unit/admin/test_routes.py

@@ -26,6 +26,11 @@ def test_includeme():
 
     assert config.add_route.calls == [
         pretend.call("admin.dashboard", "/admin/", domain=warehouse),
+        pretend.call(
+            "admin.organization.approve",
+            "/admin/organizations/approve/",
+            domain=warehouse,
+        ),
         pretend.call("admin.user.list", "/admin/users/", domain=warehouse),
         pretend.call("admin.user.detail", "/admin/users/{user_id}/", domain=warehouse),
         pretend.call(

tests/unit/admin/views/test_organizations.py

@@ -0,0 +1,20 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import pretend
+
+from warehouse.admin.views import organizations as views
+
+
+class TestOrganizations:
+    def test_approve(self):
+        assert views.approve(pretend.stub()) == {}