Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add django auth framework #574

Merged
merged 29 commits into from
Apr 6, 2018
Merged

Add django auth framework #574

merged 29 commits into from
Apr 6, 2018

Conversation

mbeacom
Copy link
Contributor

@mbeacom mbeacom commented Mar 8, 2018

Description

The goal of this PR is to enable the Django authentication and user framework, refactoring our current auth flow to use User handling with GH, and remove custom Github middleware / views.

Checklist
  • linter status: 100% pass
  • changes don't break existing behavior
  • commit message follows commit guidelines
Affected core subsystem(s)

Auth, Sessions

Testing

This will need tested on staging before being merged live.

Refers/Fixes

Fixes: #312
Refs: #234

@codecov
Copy link

codecov bot commented Mar 8, 2018

Codecov Report

Merging #574 into master will increase coverage by 0.37%.
The diff coverage is 44.7%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #574      +/-   ##
==========================================
+ Coverage   33.99%   34.36%   +0.37%     
==========================================
  Files         101       99       -2     
  Lines        5775     5735      -40     
  Branches      672      664       -8     
==========================================
+ Hits         1963     1971       +8     
+ Misses       3733     3685      -48     
  Partials       79       79
Impacted Files Coverage Δ
app/app/context.py 0% <0%> (ø) ⬆️
app/github/utils.py 75.59% <0%> (-3.58%) ⬇️
app/app/pipeline.py 0% <0%> (ø)
app/app/urls.py 93.54% <100%> (+0.21%) ⬆️
app/app/settings.py 81.37% <100%> (+1.37%) ⬆️
app/dashboard/views.py 18.67% <26.08%> (+1.02%) ⬆️
app/dashboard/models.py 68.38% <50%> (-0.87%) ⬇️
app/marketing/views.py 11.2% <50%> (+0.36%) ⬆️
app/app/utils.py 20.15% <53.33%> (+3.77%) ⬆️
... and 1 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e6db81c...aebc01b. Read the comment docs.

@mbeacom
Copy link
Contributor Author

mbeacom commented Mar 8, 2018

Ouch. Authentication checks without tested views kills coverage! Adding some view tests in this PR to resolve the coverage issues.

Copy link
Contributor

@owocki owocki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

have not tested but code LGTM. mind posting a little bit about how you regression tested this?

app/app/urls.py Outdated
# Interests
path('actions/bounty/<int:bounty_id>/interest/new/', dashboard.views.new_interest, name='express-interest'),
path('actions/bounty/<int:bounty_id>/interest/remove/', dashboard.views.remove_interest, name='remove-interest'),
path('actions/bounty/<int:bounty_id>/interest/', dashboard.views.interested_profiles, name='interested-profiles'),
# Legacy Support
path('legacy/', include('legacy.urls', namespace='legacy')),
re_path(r'^logout/$', auth_views.logout, name='logout'),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we may have to modify some of the cloudfront settings associated with this

@@ -518,7 +537,7 @@ def bounty_details(request, ghuser='', ghrepo='', ghissue=0):
params['is_legacy'] = bounty.is_legacy # TODO: Remove this following legacy contract sunset.
if profile_id:
profile_ids = list(params['interested_profiles'].values_list('profile_id', flat=True))
params['profile_interested'] = request.session.get('profile_id') in profile_ids
params['profile_interested'] = profile_id in profile_ids
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

strangely enough it doesnt seem like profile_interested is even being used at all in the template

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I noticed that but opted to not yank it out yet. I can remove it here though.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

@owocki
Copy link
Contributor

owocki commented Mar 9, 2018

added a new link to the django github url route in #541 -- will need to make sure that is migrated in this PR!

@jasonrhaas jasonrhaas self-requested a review March 9, 2018 18:09
@mbeacom
Copy link
Contributor Author

mbeacom commented Mar 9, 2018

@owocki Faucet GH URL reverse updated.

Copy link
Contributor

@jasonrhaas jasonrhaas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall the Python looks good! So does the @login_required mean that people need to have accounts now? Or is it still using the github account?

@@ -538,7 +544,21 @@ def bounty_details(request, ghuser='', ghrepo='', ghissue=0):


def profile_helper(handle):
"""Define the profile helper."""
"""Define the profile helper.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Docstrings 👌

@jasonrhaas
Copy link
Contributor

Is there any additional testing that needs to be done? I looked at the code but hard to get a feel for the new changes without running it through the bounty process.

@mbeacom mbeacom removed the wip label Apr 2, 2018
@mbeacom mbeacom changed the title WIP: Add django auth framework Add django auth framework Apr 2, 2018
@mkosowsk
Copy link

mkosowsk commented Apr 5, 2018

Will check for breadth tonight, will check for depth and test on the weekend :)

Copy link
Member

@thelostone-mc thelostone-mc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

PS: the naming convention fixes :D
#impressed

bounty = Bounty.objects.get(pk=bounty_id)
except Bounty.DoesNotExist:
return JsonResponse({'errors': ['Bounty doesn\'t exist!']},
status=401)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor thing but if bounty doesn't exist this should be a 404, right?

Copy link
Member

@thelostone-mc thelostone-mc Apr 6, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Googled it up and came across this
Makes sense @mkosowsk !

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure where/why this showed up here, but I didn't add that xD It was from existing code that changed lines. Agreed, though!

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mbeacom sure we believe you :P

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@thelostone-mc hmm you believe this or not? Not sure if I'm convinced 😂🤣

return JsonResponse({
'errors': ['Party haven\'t expressed interest on this bounty.'],
'success': False},
status=401)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above, 404 here?

@mkosowsk
Copy link

mkosowsk commented Apr 6, 2018

@mbeacom Also digging the naming convention 👍🏻raised very minor concerns over 401 vs 404 in a couple spots but otherwise LGTM :)

@mbeacom mbeacom merged commit cb64fd0 into gitcoinco:master Apr 6, 2018
@mbeacom mbeacom deleted the mark-django-auth-int branch April 6, 2018 15:06
@mkosowsk
Copy link

mkosowsk commented Apr 6, 2018

@mbeacom This guy just go live on production? 😍

Just a brainstorming question on DashboardTokensTest section... @thelostone-mc do you think we hit everything we needed to hit as far as assertions go for this?

@mbeacom mbeacom restored the mark-django-auth-int branch April 6, 2018 15:18
mbeacom added a commit that referenced this pull request Apr 6, 2018
This reverts commit cb64fd0, reversing
changes made to e6db81c.
@mbeacom mbeacom deleted the mark-django-auth-int branch April 6, 2018 16:39
@thelostone-mc
Copy link
Member

@mkosowsk It's on stage, tested it out
works fine ^_^

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backend This needs backend expertise.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants