ref(control_silo): Move LostPasswordHash to users module (#76072)

Part of moving control silo user related resources into the users module. Includes adding of types for functions and an import shim for any getsentry refs.

Apart of (#73856)

---------

Co-authored-by: Mark Story <[email protected]>

Author: Christinarlong

src/sentry/management/commands/generate_reset_password_link.py

@@ -4,7 +4,7 @@
 from django.core.management.base import BaseCommand
 from django.utils import timezone
 
-from sentry.models.lostpasswordhash import LostPasswordHash
+from sentry.users.models.lostpasswordhash import LostPasswordHash
 from sentry.utils.auth import find_users
 
 

src/sentry/models/__init__.py

@@ -1,5 +1,6 @@
 from sentry.users.models.authenticator import *  # NOQA
 from sentry.users.models.email import *  # NOQA
+from sentry.users.models.lostpasswordhash import *  # NOQA
 from sentry.users.models.user import *  # NOQA
 from sentry.users.models.userrole import *  # NOQA
 
@@ -66,7 +67,6 @@
 from .importchunk import *  # NOQA
 from .integrations import *  # NOQA
 from .latestreporeleaseenvironment import *  # NOQA
-from .lostpasswordhash import *  # NOQA
 from .notificationmessage import *  # NOQA
 from .notificationsettingoption import *  # NOQA
 from .notificationsettingprovider import *  # NOQA

src/sentry/models/lostpasswordhash.py

@@ -1,104 +1,3 @@
-from datetime import timedelta
-from typing import TYPE_CHECKING
+from sentry.users.models.lostpasswordhash import LostPasswordHash
 
-from django.conf import settings
-from django.db import models
-from django.urls import reverse
-from django.utils import timezone
-
-from sentry.backup.scopes import RelocationScope
-from sentry.db.models import FlexibleForeignKey, Model, control_silo_model, sane_repr
-from sentry.utils.http import absolute_uri
-from sentry.utils.security import get_secure_token
-
-if TYPE_CHECKING:
-    from sentry.users.services.lost_password_hash import RpcLostPasswordHash
-
-
-@control_silo_model
-class LostPasswordHash(Model):
-    __relocation_scope__ = RelocationScope.Excluded
-
-    user = FlexibleForeignKey(settings.AUTH_USER_MODEL, unique=True)
-    hash = models.CharField(max_length=32)
-    date_added = models.DateTimeField(default=timezone.now)
-
-    class Meta:
-        app_label = "sentry"
-        db_table = "sentry_lostpasswordhash"
-
-    __repr__ = sane_repr("user_id", "hash")
-
-    def save(self, *args, **kwargs):
-        if not self.hash:
-            self.set_hash()
-        super().save(*args, **kwargs)
-
-    def set_hash(self) -> None:
-        self.hash = get_secure_token()
-
-    def is_valid(self) -> bool:
-        return self.date_added > timezone.now() - timedelta(hours=1)
-
-    @classmethod
-    def send_recover_password_email(cls, user, hash, ip_address) -> None:
-        extra = {
-            "ip_address": ip_address,
-        }
-        cls._send_email("recover_password", user, hash, extra)
-
-    @classmethod
-    def send_relocate_account_email(cls, user, hash, orgs) -> None:
-        cls._send_email("relocate_account", user, hash, {"orgs": orgs})
-
-    @classmethod
-    def _send_email(cls, mode, user, hash, extra) -> None:
-        from sentry import options
-        from sentry.http import get_server_hostname
-        from sentry.utils.email import MessageBuilder
-
-        context = {
-            "user": user,
-            "domain": get_server_hostname(),
-            "url": cls.get_lostpassword_url(user.id, hash, mode),
-            "datetime": timezone.now(),
-            **extra,
-        }
-
-        subject = "Password Recovery"
-        template = "recover_account"
-        if mode == "set_password":
-            template = "set_password"
-        elif mode == "relocate_account":
-            template = "relocate_account"
-            subject = "Set Username and Password for Your Relocated Sentry.io Account"
-
-        msg = MessageBuilder(
-            subject="{}{}".format(options.get("mail.subject-prefix"), subject),
-            template=f"sentry/emails/{template}.txt",
-            html_template=f"sentry/emails/{template}.html",
-            type="user.password_recovery",
-            context=context,
-        )
-        msg.send_async([user.email])
-
-    # Duplicated from RpcLostPasswordHash
-    def get_absolute_url(self, mode: str = "recover") -> str:
-        return LostPasswordHash.get_lostpassword_url(self.user_id, self.hash, mode)
-
-    @classmethod
-    def get_lostpassword_url(self, user_id: int, hash: str, mode: str = "recover") -> str:
-        url_key = "sentry-account-recover-confirm"
-        if mode == "set_password":
-            url_key = "sentry-account-set-password-confirm"
-        elif mode == "relocate_account":
-            url_key = "sentry-account-relocate-confirm"
-
-        return absolute_uri(reverse(url_key, args=[user_id, hash]))
-
-    @classmethod
-    def for_user(cls, user) -> "RpcLostPasswordHash":
-        from sentry.users.services.lost_password_hash import lost_password_hash_service
-
-        password_hash = lost_password_hash_service.get_or_create(user_id=user.id)
-        return password_hash
+__all__ = ("LostPasswordHash",)

src/sentry/runner/commands/cleanup.py

@@ -175,6 +175,7 @@ def cleanup(
         from sentry.models.rulefirehistory import RuleFireHistory
         from sentry.monitors import models as monitor_models
         from sentry.replays import models as replay_models
+        from sentry.users.models.lostpasswordhash import LostPasswordHash
         from sentry.utils import metrics
         from sentry.utils.query import RangeQuerySetWrapper
 
@@ -234,10 +235,10 @@ def is_filtered(model: type[Model]) -> bool:
         ]
 
         debug_output("Removing expired values for LostPasswordHash")
-        if is_filtered(models.LostPasswordHash):
+        if is_filtered(LostPasswordHash):
             debug_output(">> Skipping LostPasswordHash")
         else:
-            models.LostPasswordHash.objects.filter(
+            LostPasswordHash.objects.filter(
                 date_added__lte=timezone.now() - timedelta(hours=48)
             ).delete()
 

src/sentry/tasks/relocation.py

@@ -43,7 +43,6 @@
 from sentry.models.files.file import File
 from sentry.models.files.utils import get_relocation_storage
 from sentry.models.importchunk import ControlImportChunkReplica, RegionImportChunk
-from sentry.models.lostpasswordhash import LostPasswordHash as LostPasswordHash
 from sentry.models.organization import Organization, OrganizationStatus
 from sentry.models.organizationmember import OrganizationMember
 from sentry.models.relocation import (
@@ -62,6 +61,7 @@
 from sentry.silo.base import SiloMode
 from sentry.tasks.base import instrumented_task
 from sentry.types.region import get_local_region
+from sentry.users.models.lostpasswordhash import LostPasswordHash
 from sentry.users.models.user import User
 from sentry.users.services.lost_password_hash import lost_password_hash_service
 from sentry.users.services.user.service import user_service
@@ -1585,7 +1585,7 @@ def notifying_users(uuid: UUID) -> None:
         for control_chunk in chunks:
             imported_user_ids = imported_user_ids.union(set(control_chunk.inserted_map.values()))
 
-        imported_org_slugs: set[int] = set()
+        imported_org_slugs: set[str] = set()
         for region_chunk in RegionImportChunk.objects.filter(
             import_uuid=uuid_str, model="sentry.organization"
         ):

src/sentry/users/models/lostpasswordhash.py

@@ -0,0 +1,111 @@
+from __future__ import annotations
+
+from collections.abc import Iterable
+from datetime import timedelta
+from typing import TYPE_CHECKING, Any
+
+from django.conf import settings
+from django.db import models
+from django.urls import reverse
+from django.utils import timezone
+
+from sentry.backup.scopes import RelocationScope
+from sentry.db.models import FlexibleForeignKey, Model, control_silo_model, sane_repr
+from sentry.users.services.user.model import RpcUser
+from sentry.utils.http import absolute_uri
+from sentry.utils.security import get_secure_token
+
+if TYPE_CHECKING:
+    from sentry.models.user import User
+    from sentry.users.services.lost_password_hash import RpcLostPasswordHash
+
+
+@control_silo_model
+class LostPasswordHash(Model):
+    __relocation_scope__ = RelocationScope.Excluded
+
+    user = FlexibleForeignKey(settings.AUTH_USER_MODEL, unique=True)
+    hash = models.CharField(max_length=32)
+    date_added = models.DateTimeField(default=timezone.now)
+
+    class Meta:
+        app_label = "sentry"
+        db_table = "sentry_lostpasswordhash"
+
+    __repr__ = sane_repr("user_id", "hash")
+
+    def save(self, *args: Any, **kwargs: Any) -> None:
+        if not self.hash:
+            self.set_hash()
+        super().save(*args, **kwargs)
+
+    def set_hash(self) -> None:
+        self.hash = get_secure_token()
+
+    def is_valid(self) -> bool:
+        return self.date_added > timezone.now() - timedelta(hours=1)
+
+    @classmethod
+    def send_recover_password_email(cls, user: User, hash: str, ip_address: str) -> None:
+        extra = {
+            "ip_address": ip_address,
+        }
+        cls._send_email("recover_password", user, hash, extra)
+
+    @classmethod
+    def send_relocate_account_email(
+        cls, user: User | RpcUser, hash: str, orgs: Iterable[str]
+    ) -> None:
+        cls._send_email("relocate_account", user, hash, {"orgs": orgs})
+
+    @classmethod
+    def _send_email(cls, mode: str, user: User | RpcUser, hash: str, extra: dict[str, Any]) -> None:
+        from sentry import options
+        from sentry.http import get_server_hostname
+        from sentry.utils.email import MessageBuilder
+
+        context = {
+            "user": user,
+            "domain": get_server_hostname(),
+            "url": cls.get_lostpassword_url(user.id, hash, mode),
+            "datetime": timezone.now(),
+            **extra,
+        }
+
+        subject = "Password Recovery"
+        template = "recover_account"
+        if mode == "set_password":
+            template = "set_password"
+        elif mode == "relocate_account":
+            template = "relocate_account"
+            subject = "Set Username and Password for Your Relocated Sentry.io Account"
+
+        msg = MessageBuilder(
+            subject="{}{}".format(options.get("mail.subject-prefix"), subject),
+            template=f"sentry/emails/{template}.txt",
+            html_template=f"sentry/emails/{template}.html",
+            type="user.password_recovery",
+            context=context,
+        )
+        msg.send_async([user.email])
+
+    # Duplicated from RpcLostPasswordHash
+    def get_absolute_url(self, mode: str = "recover") -> str:
+        return LostPasswordHash.get_lostpassword_url(self.user_id, self.hash, mode)
+
+    @classmethod
+    def get_lostpassword_url(self, user_id: int, hash: str, mode: str = "recover") -> str:
+        url_key = "sentry-account-recover-confirm"
+        if mode == "set_password":
+            url_key = "sentry-account-set-password-confirm"
+        elif mode == "relocate_account":
+            url_key = "sentry-account-relocate-confirm"
+
+        return absolute_uri(reverse(url_key, args=[user_id, hash]))
+
+    @classmethod
+    def for_user(cls, user: User) -> RpcLostPasswordHash:
+        from sentry.users.services.lost_password_hash import lost_password_hash_service
+
+        password_hash = lost_password_hash_service.get_or_create(user_id=user.id)
+        return password_hash

src/sentry/users/services/lost_password_hash/impl.py

@@ -1,6 +1,6 @@
 import datetime
 
-from sentry.models.lostpasswordhash import LostPasswordHash
+from sentry.users.models.lostpasswordhash import LostPasswordHash
 from sentry.users.services.lost_password_hash import LostPasswordHashService, RpcLostPasswordHash
 from sentry.users.services.lost_password_hash.serial import serialize_lostpasswordhash
 

src/sentry/users/services/lost_password_hash/model.py

@@ -9,7 +9,7 @@
 from pydantic import Field
 
 from sentry.hybridcloud.rpc import RpcModel
-from sentry.models.lostpasswordhash import LostPasswordHash
+from sentry.users.models.lostpasswordhash import LostPasswordHash
 
 
 class RpcLostPasswordHash(RpcModel):

src/sentry/users/services/lost_password_hash/serial.py

@@ -1,4 +1,4 @@
-from sentry.models.lostpasswordhash import LostPasswordHash
+from sentry.users.models.lostpasswordhash import LostPasswordHash
 from sentry.users.services.lost_password_hash import RpcLostPasswordHash
 
 

src/sentry/web/frontend/accounts.py

@@ -10,14 +10,14 @@
 from django.utils.translation import gettext as _
 from django.views.decorators.http import require_http_methods
 
-from sentry.models.lostpasswordhash import LostPasswordHash
 from sentry.models.organizationmapping import OrganizationMapping
 from sentry.models.organizationmembermapping import OrganizationMemberMapping
 from sentry.models.useremail import UserEmail
 from sentry.organizations.services.organization import organization_service
 from sentry.security.utils import capture_security_activity
 from sentry.signals import email_verified, terms_accepted
 from sentry.silo.base import control_silo_function
+from sentry.users.models.lostpasswordhash import LostPasswordHash
 from sentry.users.models.user import User
 from sentry.users.services.lost_password_hash import lost_password_hash_service
 from sentry.users.services.user.service import user_service

src/sentry/web/frontend/debug/mail.py

@@ -36,7 +36,6 @@
 from sentry.mail.notifications import get_builder_args
 from sentry.models.activity import Activity
 from sentry.models.group import Group, GroupStatus
-from sentry.models.lostpasswordhash import LostPasswordHash
 from sentry.models.organization import Organization
 from sentry.models.organizationmember import OrganizationMember
 from sentry.models.project import Project
@@ -61,6 +60,7 @@
 )
 from sentry.types.actor import Actor
 from sentry.types.group import GroupSubStatus
+from sentry.users.models.lostpasswordhash import LostPasswordHash
 from sentry.utils import json, loremipsum
 from sentry.utils.auth import AuthenticatedHttpRequest
 from sentry.utils.dates import to_datetime

tests/sentry/backup/test_imports.py

@@ -39,7 +39,6 @@
     ControlImportChunkReplica,
     RegionImportChunk,
 )
-from sentry.models.lostpasswordhash import LostPasswordHash
 from sentry.models.options.option import ControlOption, Option
 from sentry.models.options.project_option import ProjectOption
 from sentry.models.options.user_option import UserOption
@@ -79,6 +78,7 @@
 from sentry.testutils.silo import assume_test_silo_mode
 from sentry.users.models.authenticator import Authenticator
 from sentry.users.models.email import Email
+from sentry.users.models.lostpasswordhash import LostPasswordHash
 from sentry.users.models.user import User
 from sentry.users.models.userrole import UserRole, UserRoleUser
 from tests.sentry.backup import (

tests/sentry/tasks/test_relocation.py

@@ -64,7 +64,6 @@
     MAX_FAST_TASK_RETRIES,
     MAX_VALIDATION_POLL_ATTEMPTS,
     MAX_VALIDATION_POLLS,
-    LostPasswordHash,
     completed,
     importing,
     notifying_owner,
@@ -92,6 +91,7 @@
 )
 from sentry.testutils.outbox import outbox_runner
 from sentry.testutils.silo import assume_test_silo_mode, create_test_regions, region_silo_test
+from sentry.users.models.lostpasswordhash import LostPasswordHash
 from sentry.users.models.user import User
 from sentry.utils import json
 from sentry.utils.relocation import RELOCATION_BLOB_SIZE, RELOCATION_FILE_TYPE, OrderedTask

tests/sentry/models/test_lostpasswordhash.py renamed to tests/sentry/users/models/test_lostpasswordhash.py

@@ -1,9 +1,9 @@
 from django.core import mail
 from django.urls import reverse
 
-from sentry.models.lostpasswordhash import LostPasswordHash
 from sentry.testutils.cases import TestCase
 from sentry.testutils.silo import control_silo_test
+from sentry.users.models.lostpasswordhash import LostPasswordHash
 
 
 @control_silo_test