refactor: make captcha a real service (#15137)

Author: miketheman

dev/environment

@@ -70,3 +70,6 @@ OIDC_AUDIENCE=pypi
 # Default to the reCAPTCHA testing keys from https://developers.google.com/recaptcha/docs/faq
 RECAPTCHA_SITE_KEY=6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI
 RECAPTCHA_SECRET_KEY=6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe
+
+# Example of Captcha backend configuration
+# CAPTCHA_BACKEND=warehouse.captcha.recaptcha.Service

tests/unit/accounts/test_forms.py

@@ -21,7 +21,6 @@
 
 import warehouse.utils.otp as otp
 
-from warehouse import recaptcha
 from warehouse.accounts import forms
 from warehouse.accounts.interfaces import (
     BurnedRecoveryCode,
@@ -30,6 +29,7 @@
     TooManyFailedLogins,
 )
 from warehouse.accounts.models import DisableReason
+from warehouse.captcha import recaptcha
 from warehouse.events.tags import EventTag
 from warehouse.utils.webauthn import AuthenticationRejectedError
 
@@ -374,7 +374,7 @@ def test_validate_password_notok_ip_banned(self, db_session):
 
 class TestRegistrationForm:
     def test_validate(self):
-        recaptcha_service = pretend.stub(
+        captcha_service = pretend.stub(
             enabled=False,
             verify_response=pretend.call_recorder(lambda _: None),
         )
@@ -400,12 +400,12 @@ def test_validate(self):
                 }
             ),
             user_service=user_service,
-            recaptcha_service=recaptcha_service,
+            captcha_service=captcha_service,
             breach_service=breach_service,
         )
 
         assert form.user_service is user_service
-        assert form.recaptcha_service is recaptcha_service
+        assert form.captcha_service is captcha_service
         assert form.validate(), str(form.errors)
 
     def test_password_confirm_required_error(self):
@@ -414,7 +414,7 @@ def test_password_confirm_required_error(self):
             user_service=pretend.stub(
                 find_userid_by_email=pretend.call_recorder(lambda _: pretend.stub())
             ),
-            recaptcha_service=pretend.stub(enabled=True),
+            captcha_service=pretend.stub(enabled=True),
             breach_service=pretend.stub(check_password=lambda pw: False),
         )
 
@@ -430,7 +430,7 @@ def test_passwords_mismatch_error(self, pyramid_config):
                 {"new_password": "password", "password_confirm": "mismatch"}
             ),
             user_service=user_service,
-            recaptcha_service=pretend.stub(enabled=True),
+            captcha_service=pretend.stub(enabled=True),
             breach_service=pretend.stub(check_password=lambda pw, tags=None: False),
         )
 
@@ -452,7 +452,7 @@ def test_passwords_match_success(self):
                 }
             ),
             user_service=user_service,
-            recaptcha_service=pretend.stub(enabled=True),
+            captcha_service=pretend.stub(enabled=True),
             breach_service=pretend.stub(check_password=lambda pw, tags=None: False),
         )
 
@@ -466,7 +466,7 @@ def test_email_required_error(self):
             user_service=pretend.stub(
                 find_userid_by_email=pretend.call_recorder(lambda _: pretend.stub())
             ),
-            recaptcha_service=pretend.stub(enabled=True),
+            captcha_service=pretend.stub(enabled=True),
             breach_service=pretend.stub(check_password=lambda pw, tags=None: False),
         )
 
@@ -480,7 +480,7 @@ def test_invalid_email_error(self, pyramid_config, email):
             user_service=pretend.stub(
                 find_userid_by_email=pretend.call_recorder(lambda _: None)
             ),
-            recaptcha_service=pretend.stub(enabled=True),
+            captcha_service=pretend.stub(enabled=True),
             breach_service=pretend.stub(check_password=lambda pw, tags=None: False),
         )
 
@@ -495,7 +495,7 @@ def test_exotic_email_success(self):
             user_service=pretend.stub(
                 find_userid_by_email=pretend.call_recorder(lambda _: None)
             ),
-            recaptcha_service=pretend.stub(enabled=True),
+            captcha_service=pretend.stub(enabled=True),
             breach_service=pretend.stub(check_password=lambda pw, tags=None: False),
         )
 
@@ -508,7 +508,7 @@ def test_email_exists_error(self, pyramid_config):
             user_service=pretend.stub(
                 find_userid_by_email=pretend.call_recorder(lambda _: pretend.stub())
             ),
-            recaptcha_service=pretend.stub(enabled=True),
+            captcha_service=pretend.stub(enabled=True),
             breach_service=pretend.stub(check_password=lambda pw, tags=None: False),
         )
 
@@ -525,7 +525,7 @@ def test_prohibited_email_error(self, pyramid_config):
             user_service=pretend.stub(
                 find_userid_by_email=pretend.call_recorder(lambda _: None)
             ),
-            recaptcha_service=pretend.stub(enabled=True),
+            captcha_service=pretend.stub(enabled=True),
             breach_service=pretend.stub(check_password=lambda pw, tags=None: False),
         )
 
@@ -540,7 +540,7 @@ def test_recaptcha_disabled(self):
         form = forms.RegistrationForm(
             formdata=MultiDict({"g_recpatcha_response": ""}),
             user_service=pretend.stub(),
-            recaptcha_service=pretend.stub(
+            captcha_service=pretend.stub(
                 enabled=False,
                 verify_response=pretend.call_recorder(lambda _: None),
             ),
@@ -555,7 +555,7 @@ def test_recaptcha_required_error(self):
         form = forms.RegistrationForm(
             formdata=MultiDict({"g_recaptcha_response": ""}),
             user_service=pretend.stub(),
-            recaptcha_service=pretend.stub(
+            captcha_service=pretend.stub(
                 enabled=True,
                 verify_response=pretend.call_recorder(lambda _: None),
             ),
@@ -568,7 +568,7 @@ def test_recaptcha_error(self):
         form = forms.RegistrationForm(
             formdata=MultiDict({"g_recaptcha_response": "asd"}),
             user_service=pretend.stub(),
-            recaptcha_service=pretend.stub(
+            captcha_service=pretend.stub(
                 verify_response=pretend.raiser(recaptcha.RecaptchaError),
                 enabled=True,
             ),
@@ -584,7 +584,7 @@ def test_username_exists(self, pyramid_config):
                 find_userid=pretend.call_recorder(lambda name: 1),
                 username_is_prohibited=lambda a: False,
             ),
-            recaptcha_service=pretend.stub(
+            captcha_service=pretend.stub(
                 enabled=False,
                 verify_response=pretend.call_recorder(lambda _: None),
             ),
@@ -603,7 +603,7 @@ def test_username_prohibted(self, pyramid_config):
             user_service=pretend.stub(
                 username_is_prohibited=lambda a: True,
             ),
-            recaptcha_service=pretend.stub(
+            captcha_service=pretend.stub(
                 enabled=False,
                 verify_response=pretend.call_recorder(lambda _: None),
             ),
@@ -624,7 +624,7 @@ def test_username_is_valid(self, username, pyramid_config):
                 find_userid=pretend.call_recorder(lambda _: None),
                 username_is_prohibited=lambda a: False,
             ),
-            recaptcha_service=pretend.stub(
+            captcha_service=pretend.stub(
                 enabled=False,
                 verify_response=pretend.call_recorder(lambda _: None),
             ),
@@ -649,7 +649,7 @@ def test_password_strength(self):
             form = forms.RegistrationForm(
                 formdata=MultiDict({"new_password": pwd, "password_confirm": pwd}),
                 user_service=pretend.stub(),
-                recaptcha_service=pretend.stub(
+                captcha_service=pretend.stub(
                     enabled=False,
                     verify_response=pretend.call_recorder(lambda _: None),
                 ),
@@ -664,7 +664,7 @@ def test_password_breached(self):
             user_service=pretend.stub(
                 find_userid=pretend.call_recorder(lambda _: None)
             ),
-            recaptcha_service=pretend.stub(
+            captcha_service=pretend.stub(
                 enabled=False,
                 verify_response=pretend.call_recorder(lambda _: None),
             ),
@@ -688,7 +688,7 @@ def test_name_too_long(self, pyramid_config):
             user_service=pretend.stub(
                 find_userid=pretend.call_recorder(lambda _: None)
             ),
-            recaptcha_service=pretend.stub(
+            captcha_service=pretend.stub(
                 enabled=False,
                 verify_response=pretend.call_recorder(lambda _: None),
             ),

tests/unit/accounts/test_views.py

@@ -53,6 +53,7 @@
     two_factor_and_totp_validate,
 )
 from warehouse.admin.flags import AdminFlag, AdminFlagValue
+from warehouse.captcha.interfaces import ICaptchaService
 from warehouse.events.tags import EventTag
 from warehouse.metrics.interfaces import IMetricsService
 from warehouse.oidc.interfaces import TooManyOIDCRegistrations
@@ -1570,7 +1571,7 @@ def _find_service(service=None, name=None, context=None):
                 ),
                 IRateLimiter: pretend.stub(hit=lambda user_id: None),
                 "csp": pretend.stub(merge=lambda *a, **kw: {}),
-                "recaptcha": pretend.stub(
+                ICaptchaService: pretend.stub(
                     csp_policy={}, enabled=True, verify_response=lambda a: True
                 ),
             }[key]

tests/unit/captcha/__init__.py

@@ -0,0 +1,11 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.

tests/unit/captcha/test_init.py

@@ -0,0 +1,55 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import pretend
+
+from warehouse.captcha import includeme, interfaces, recaptcha
+
+
+def test_includeme_defaults_to_recaptcha():
+    config = pretend.stub(
+        registry=pretend.stub(settings={}),
+        maybe_dotted=lambda i: i,
+        register_service_factory=pretend.call_recorder(
+            lambda factory, iface, name: None
+        ),
+    )
+    includeme(config)
+
+    assert config.register_service_factory.calls == [
+        pretend.call(
+            recaptcha.Service.create_service,
+            interfaces.ICaptchaService,
+            name="captcha",
+        ),
+    ]
+
+
+def test_include_with_custom_backend():
+    cache_class = pretend.stub(create_service=pretend.stub())
+    config = pretend.stub(
+        registry=pretend.stub(settings={"captcha.backend": "tests.CustomBackend"}),
+        maybe_dotted=pretend.call_recorder(lambda n: cache_class),
+        register_service_factory=pretend.call_recorder(
+            lambda factory, iface, name: None
+        ),
+    )
+    includeme(config)
+
+    assert config.maybe_dotted.calls == [pretend.call("tests.CustomBackend")]
+    assert config.register_service_factory.calls == [
+        pretend.call(
+            cache_class.create_service,
+            interfaces.ICaptchaService,
+            name="captcha",
+        )
+    ]