Skip to content

Add support for Google trusted publishing #15144

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 17 commits into from
Jan 10, 2024
Merged

Add support for Google trusted publishing #15144

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
932cc79
Add a Google trusted publisher
di Jan 4, 2024
7619ec6
Make PendingPublisher tests more generic
di Jan 6, 2024
9e2d29e
Add Google PendingPublisher tests
di Jan 6, 2024
c5fbf75
Remove old ip_address param
di Jan 9, 2024
4df0692
This is why we write tests
di Jan 9, 2024
d70c873
Make Publisher tests more generic
di Jan 9, 2024
dd46850
Add Google Publisher tests
di Jan 9, 2024
68e771e
Update translations
di Jan 9, 2024
a3d865a
Update warehouse/templates/manage/account/publishing.html
di Jan 10, 2024
9cad9d9
Update translations
di Jan 10, 2024
6325694
Add missing help text
di Jan 10, 2024
7d1e357
Have the AdminFlag disable the creation form as well
di Jan 10, 2024
5f85dd2
Add links to Google docs in form
di Jan 10, 2024
3cbfd59
Fixup tests
di Jan 10, 2024
c7a9a35
Update email address validators
di Jan 10, 2024
d16e2f4
Linting
di Jan 10, 2024
415c4fe
Merge branch 'main' into fix/13551
di Jan 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
501 changes: 377 additions & 124 deletions tests/unit/accounts/test_views.py
View file
Open in desktop

Large diffs are not rendered by default.

373 changes: 257 additions & 116 deletions tests/unit/manage/test_views.py
View file
Open in desktop

Large diffs are not rendered by default.

41 changes: 38 additions & 3 deletions warehouse/accounts/views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,10 +77,17 @@
)
from warehouse.events.tags import EventTag
from warehouse.metrics.interfaces import IMetricsService
from warehouse.oidc.forms import DeletePublisherForm
from warehouse.oidc.forms.github import PendingGitHubPublisherForm
from warehouse.oidc.forms import (
DeletePublisherForm,
PendingGitHubPublisherForm,
PendingGooglePublisherForm,
)
from warehouse.oidc.interfaces import TooManyOIDCRegistrations
from warehouse.oidc.models import PendingGitHubPublisher, PendingOIDCPublisher
from warehouse.oidc.models import (
PendingGitHubPublisher,
PendingGooglePublisher,
PendingOIDCPublisher,
)
from warehouse.organizations.interfaces import IOrganizationService
from warehouse.organizations.models import OrganizationRole, OrganizationRoleType
from warehouse.packaging.models import (
Expand Down Expand Up @@ -1467,6 +1474,10 @@ def __init__(self, request):
api_token=self.request.registry.settings.get("github.token"),
project_factory=self.project_factory,
)
self.pending_google_publisher_form = PendingGooglePublisherForm(
self.request.POST,
project_factory=self.project_factory,
)

@property
def _ratelimiters(self):
Expand Down Expand Up @@ -1502,6 +1513,7 @@ def _check_ratelimits(self):
def default_response(self):
return {
"pending_github_publisher_form": self.pending_github_publisher_form,
"pending_google_publisher_form": self.pending_google_publisher_form,
}

@view_config(request_method="GET")
Expand Down Expand Up @@ -1640,6 +1652,29 @@ def _add_pending_oidc_publisher(

return HTTPSeeOther(self.request.path)

@view_config(
request_method="POST",
request_param=PendingGooglePublisherForm.__params__,
)
def add_pending_google_oidc_publisher(self):
form = self.default_response["pending_google_publisher_form"]
return self._add_pending_oidc_publisher(
publisher_name="Google",
publisher_class=PendingGooglePublisher,
admin_flag=AdminFlagValue.DISALLOW_GOOGLE_OIDC,
form=form,
make_pending_publisher=lambda request, form: PendingGooglePublisher(
project_name=form.project_name.data,
added_by=request.user,
email=form.email.data,
sub=form.sub.data,
),
make_existence_filters=lambda form: dict(
email=form.email.data,
sub=form.sub.data,
),
)

@view_config(
request_method="POST",
request_param=PendingGitHubPublisherForm.__params__,
Expand Down
Loading