Ref #575, ref #412 - Separate tests / light refactoring updates.Auth…

…Validator (#582)
irrdnet · Nov 4, 2021 · e9458f7 · e9458f7
1 parent 1046cca
commit e9458f7
Show file tree

Hide file tree

Showing 5 changed files with 484 additions and 31 deletions.
diff --git a/irrd/updates/handler.py b/irrd/updates/handler.py
@@ -6,6 +6,7 @@
 from ordered_set import OrderedSet
 
 from irrd.conf import get_setting
+from irrd.rpsl.rpsl_objects import RPSLMntner
 from irrd.storage.database_handler import DatabaseHandler
 from irrd.storage.queries import RPSLDatabaseQuery
 from irrd.utils import email
@@ -80,8 +81,8 @@ def load_change_submission(self, data: RPSLChangeSubmission, delete=False, reque
         return self
 
     def _handle_change_requests(self, change_requests: List[ChangeRequest],
-                             reference_validator: ReferenceValidator,
-                             auth_validator: AuthValidator) -> None:
+                                reference_validator: ReferenceValidator,
+                                auth_validator: AuthValidator) -> None:
 
         # When an object references another object, e.g. tech-c referring a person or mntner,
         # an add/update is only valid if those referred objects exist. To complicate matters,
@@ -101,7 +102,12 @@ def _handle_change_requests(self, change_requests: List[ChangeRequest],
         while valid_changes != previous_valid_changes:
             previous_valid_changes = valid_changes
             reference_validator.preload(valid_changes)
-            auth_validator.pre_approve(valid_changes)
+            valid_potential_new_mntners = [
+                r.rpsl_obj_new
+                for r in valid_changes
+                if r.request_type == UpdateRequestType.CREATE and isinstance(r.rpsl_obj_new, RPSLMntner)
+            ]
+            auth_validator.pre_approve(valid_potential_new_mntners)
 
             for result in valid_changes:
                 result.validate()
@@ -261,4 +267,3 @@ def _request_meta_str(self):
         if request_meta_str:
             request_meta_str = '\n' + request_meta_str + '\n\n'
         return request_meta_str
-
diff --git a/irrd/updates/tests/test_parser.py b/irrd/updates/tests/test_parser.py
@@ -416,7 +416,7 @@ def test_check_auth_valid_create_mntner_referencing_self(self, prepare_mocks):
 
         result_mntner = parse_change_requests(SAMPLE_MNTNER + 'override: override-password',
                                               mock_dh, auth_validator, reference_validator)[0]
-        auth_validator.pre_approve([result_mntner])
+        auth_validator.pre_approve([result_mntner.rpsl_obj_new])
 
         assert result_mntner._check_auth()
         assert not result_mntner.error_messages
@@ -437,7 +437,7 @@ def test_check_auth_invalid_create_mntner_referencing_self_wrong_override_passwo
 
         result_mntner = parse_change_requests(SAMPLE_MNTNER + 'override: invalid-password',
                                               mock_dh, auth_validator, reference_validator)[0]
-        auth_validator.pre_approve([result_mntner])
+        auth_validator.pre_approve([result_mntner.rpsl_obj_new])
 
         assert not result_mntner._check_auth()
         assert result_mntner.error_messages == [
@@ -467,7 +467,7 @@ def test_check_auth_valid_update_mntner_submits_new_object_with_all_dummy_hash_v
         data = data.replace('$1$fgW84Y9r$kKEn9MUq8PChNKpQhO6BM.', PASSWORD_HASH_DUMMY_VALUE)
         result_mntner = parse_change_requests(data + 'password: crypt-password',
                                               mock_dh, auth_validator, reference_validator)[0]
-        auth_validator.pre_approve([result_mntner])
+        auth_validator.pre_approve([result_mntner.rpsl_obj_new])
         assert result_mntner._check_auth()
         assert not result_mntner.error_messages
         assert result_mntner.info_messages == ['As you submitted dummy hash values, all password hashes on this object '
@@ -504,7 +504,7 @@ def test_check_auth_invalid_update_mntner_submits_new_object_with_mixed_dummy_ha
         data = SAMPLE_MNTNER.replace('LEuuhsBJNFV0Q', PASSWORD_HASH_DUMMY_VALUE)
         result_mntner = parse_change_requests(data + 'password: md5-password',
                                               mock_dh, auth_validator, reference_validator)[0]
-        auth_validator.pre_approve([result_mntner])
+        auth_validator.pre_approve([result_mntner.rpsl_obj_new])
         assert not result_mntner.is_valid()
         assert result_mntner.error_messages == [
             'Either all password auth hashes in a submitted mntner must be dummy objects, or none.',
@@ -524,7 +524,7 @@ def test_check_auth_invalid_update_mntner_submits_new_object_with_dummy_hash_mul
         data = data.replace('$1$fgW84Y9r$kKEn9MUq8PChNKpQhO6BM.', PASSWORD_HASH_DUMMY_VALUE)
         result_mntner = parse_change_requests(data + 'password: md5-password\npassword: other-password',
                                               mock_dh, auth_validator, reference_validator)[0]
-        auth_validator.pre_approve([result_mntner])
+        auth_validator.pre_approve([result_mntner.rpsl_obj_new])
         result_mntner._check_auth()
         assert not result_mntner.is_valid()
         assert result_mntner.error_messages == [
@@ -544,7 +544,6 @@ def test_check_auth_invalid_update_mntner_wrong_password_current_db_object(self,
         # This password is valid for the new object, but invalid for the current version in the DB
         result_mntner = parse_change_requests(SAMPLE_MNTNER + 'password: crypt-password',
                                               mock_dh, auth_validator, reference_validator)[0]
-        auth_validator.pre_approve([result_mntner])
         assert not result_mntner._check_auth()
         assert result_mntner.error_messages == [
             'Authorisation for mntner TEST-MNT failed: must be authenticated by one of: TEST-MNT, '