(admin): Account recovery tooling (#16266)

* WIP

* surface all available urls

* add user observations

* check links using JS via camo

* update observation structure

* handle projects with no releases

* display (jankily) active recoveries on user detail

* display account recoveries on admin page

* add cancel/complete functionality for account recoveries

* lint

* support (but don't implement) alternate emails for verification

* patch up easy to fix tests

* allow overriding to email address for verification

* overridable from!

* fixup test coverage for account service and emails

* test coverage for account_recovery_{cancel,complete}

* coverage for GET of user_recover_account_initiate

* flesh out tests for account_recovery.initiate

* fix email templates

* admin: splitting email form from userform

* add an "is_support" role

* remove TODO

* admin js: optimize query selector for link checker

* mikes visual linting

* test_add_email_bypass_ratelimit: update test

* indents

* re-organize admin user-detail

* fix closing tag on account initiate recovery

* mildly repair admin ui for user detail

* be good at js, per mikes visual linter

---------

Co-authored-by: Dustin Ingram <[email protected]>

Author: ewdurbin

docker-compose.yml

@@ -64,7 +64,7 @@ services:
 
   camo:
     image: pypa/warehouse-camo:2.0.0
-    command: /bin/go-camo --listen=0.0.0.0:9000
+    command: "/bin/go-camo --listen=0.0.0.0:9000 --header 'Access-Control-Allow-Origin: http://localhost'"
     ports:
       - "9000:9000"
     environment:

tests/unit/accounts/test_models.py

@@ -171,6 +171,18 @@ def test_acl(self, db_session):
                 (
                     Permissions.AdminUsersRead,
                     Permissions.AdminUsersWrite,
+                    Permissions.AdminUsersEmailWrite,
+                    Permissions.AdminUsersAccountRecoveryWrite,
+                    Permissions.AdminDashboardSidebarRead,
+                ),
+            ),
+            (
+                "Allow",
+                "group:support",
+                (
+                    Permissions.AdminUsersRead,
+                    Permissions.AdminUsersEmailWrite,
+                    Permissions.AdminUsersAccountRecoveryWrite,
                     Permissions.AdminDashboardSidebarRead,
                 ),
             ),
@@ -184,16 +196,18 @@ def test_acl(self, db_session):
     @pytest.mark.parametrize(
         (
             "is_superuser",
+            "is_support",
             "is_moderator",
             "is_psf_staff",
             "expected",
         ),
         [
-            (False, False, False, []),
+            (False, False, False, False, []),
             (
                 True,
                 False,
                 False,
+                False,
                 [
                     "group:admins",
                     "group:moderators",
@@ -202,13 +216,25 @@ def test_acl(self, db_session):
                 ],
             ),
             (
+                False,
+                True,
+                False,
+                False,
+                [
+                    "group:support",
+                    "group:moderators",
+                ],
+            ),
+            (
+                False,
                 False,
                 True,
                 False,
                 ["group:moderators"],
             ),
             (
                 True,
+                False,
                 True,
                 False,
                 [
@@ -219,12 +245,14 @@ def test_acl(self, db_session):
                 ],
             ),
             (
+                False,
                 False,
                 False,
                 True,
                 ["group:psf_staff"],
             ),
             (
+                False,
                 False,
                 True,
                 True,
@@ -235,13 +263,15 @@ def test_acl(self, db_session):
     def test_principals(
         self,
         is_superuser,
+        is_support,
         is_moderator,
         is_psf_staff,
         expected,
     ):
         user = User(
             id=uuid.uuid4(),
             is_superuser=is_superuser,
+            is_support=is_support,
             is_moderator=is_moderator,
             is_psf_staff=is_psf_staff,
         )

tests/unit/accounts/test_services.py

@@ -379,6 +379,24 @@ def test_add_email_rate_limited(self, user_service, metrics, remote_addr):
             )
         ]
 
+    def test_add_email_bypass_ratelimit(self, user_service, metrics, remote_addr):
+        resets = pretend.stub()
+        limiter = pretend.stub(
+            hit=pretend.call_recorder(lambda ip: None),
+            test=pretend.call_recorder(lambda ip: False),
+            resets_in=pretend.call_recorder(lambda ip: resets),
+        )
+        user_service.ratelimiters["email.add"] = limiter
+
+        user = UserFactory.create()
+        new_email = user_service.add_email(user.id, "[email protected]", ratelimit=False)
+
+        assert new_email.email == "[email protected]"
+        assert not new_email.verified
+        assert limiter.test.calls == []
+        assert limiter.resets_in.calls == []
+        assert metrics.increment.calls == []
+
     def test_update_user(self, user_service):
         user = UserFactory.create()
         new_name, password = "new username", "TestPa@@w0rd"

tests/unit/admin/test_routes.py

@@ -62,6 +62,13 @@ def test_includeme():
             factory="warehouse.accounts.models:UserFactory",
             traverse="/{username}",
         ),
+        pretend.call(
+            "admin.user.submit_email",
+            "/admin/users/{username}/emails/",
+            domain=warehouse,
+            factory="warehouse.accounts.models:UserFactory",
+            traverse="/{username}",
+        ),
         pretend.call(
             "admin.user.add_email",
             "/admin/users/{username}/add_email/",
@@ -91,8 +98,22 @@ def test_includeme():
             traverse="/{username}",
         ),
         pretend.call(
-            "admin.user.wipe_factors",
-            "/admin/users/{username}/wipe_factors/",
+            "admin.user.account_recovery.initiate",
+            "/admin/users/{username}/account_recovery/initiate/",
+            domain=warehouse,
+            factory="warehouse.accounts.models:UserFactory",
+            traverse="/{username}",
+        ),
+        pretend.call(
+            "admin.user.account_recovery.cancel",
+            "/admin/users/{username}/account_recovery/cancel/",
+            domain=warehouse,
+            factory="warehouse.accounts.models:UserFactory",
+            traverse="/{username}",
+        ),
+        pretend.call(
+            "admin.user.account_recovery.complete",
+            "/admin/users/{username}/account_recovery/complete/",
             domain=warehouse,
             factory="warehouse.accounts.models:UserFactory",
             traverse="/{username}",