Merge branch 'release/19.24.0'

Author: pattisdr

.travis.yml

@@ -4,8 +4,9 @@ language: python
 
 python:
     - "2.7"
-dist: trusty
+
 sudo: false
+dist: trusty
 
 # TODO: uncomment when https://github.com/travis-ci/travis-ci/issues/8836 is resolved
 # addons:

CHANGELOG

@@ -2,6 +2,21 @@
 
 We follow the CalVer (https://calver.org/) versioning scheme: YY.MINOR.MICRO.
 
+19.24.0 (2019-08-27)
+===================
+- APIv2: Allow creating a node with a license attached on creation
+- APIv2: Prevent creating a node link to the node itself, a parent, or a child
+- APIv2: Have the move/copy WB hooks update storage usage
+- Exclude collection groups from user page in Django's admin app
+- Have osfstorage move/copy hooks recursively update the latest file version's region
+- Fix password reset tokens
+- Do not reveal entire google drive file path in node logs
+- Allow logging in from password reset and forgot password pages
+- Fix broken social links on add contributors modal
+- Fix email typos in embargoed registration emails
+- Improve registration and retraction node log display text
+- Fix logs if cron job automatically approves a withdrawal
+
 19.23.0 (2019-08-19)
 ===================
 - Represents scopes as an m2m field on personal access tokens instead of a CharField

addons/osfstorage/models.py

@@ -166,16 +166,16 @@ def delete(self, user=None, parent=None, **kwargs):
         self._materialized_path = self.materialized_path
         return super(OsfStorageFileNode, self).delete(user=user, parent=parent) if self._check_delete_allowed() else None
 
+    def update_region_from_latest_version(self, destination_parent):
+        raise NotImplementedError
+
     def move_under(self, destination_parent, name=None):
         if self.is_preprint_primary:
             if self.target != destination_parent.target or self.provider != destination_parent.provider:
                 raise exceptions.FileNodeIsPrimaryFile()
         if self.is_checked_out:
             raise exceptions.FileNodeCheckedOutError()
-        most_recent_fileversion = self.versions.select_related('region').order_by('-created').first()
-        if most_recent_fileversion and most_recent_fileversion.region != destination_parent.target.osfstorage_region:
-            most_recent_fileversion.region = destination_parent.target.osfstorage_region
-            most_recent_fileversion.save()
+        self.update_region_from_latest_version(destination_parent)
         return super(OsfStorageFileNode, self).move_under(destination_parent, name)
 
     def check_in_or_out(self, user, checkout, save=False):
@@ -293,6 +293,12 @@ def serialize(self, include_full=None, version=None):
         })
         return ret
 
+    def update_region_from_latest_version(self, destination_parent):
+        most_recent_fileversion = self.versions.select_related('region').order_by('-created').first()
+        if most_recent_fileversion and most_recent_fileversion.region != destination_parent.target.osfstorage_region:
+            most_recent_fileversion.region = destination_parent.target.osfstorage_region
+            most_recent_fileversion.save()
+
     def create_version(self, creator, location, metadata=None):
         latest_version = self.get_version()
         version = FileVersion(identifier=self.versions.count() + 1, creator=creator, location=location)
@@ -451,6 +457,9 @@ def serialize(self, include_full=False, version=None):
             ret['fullPath'] = self.materialized_path
         return ret
 
+    def update_region_from_latest_version(self, destination_parent):
+        for child in self.children.all().prefetch_related('versions'):
+            child.update_region_from_latest_version(destination_parent)
 
 class Region(models.Model):
     _id = models.CharField(max_length=255, db_index=True)

addons/osfstorage/tests/test_models.py

@@ -334,6 +334,30 @@ def test_move_nested(self):
         assert_equal(new_project, move_to.target)
         assert_equal(new_project, child.target)
 
+    def test_move_nested_between_regions(self):
+        canada = RegionFactory()
+        new_component = NodeFactory(parent=self.project)
+        component_node_settings = new_component.get_addon('osfstorage')
+        component_node_settings.region = canada
+        component_node_settings.save()
+
+        move_to = component_node_settings.get_root()
+        to_move = self.node_settings.get_root().append_folder('Aaah').append_folder('Woop')
+        child = to_move.append_file('There it is')
+
+        for _ in range(2):
+            version = factories.FileVersionFactory(region=self.node_settings.region)
+            child.versions.add(version)
+        child.save()
+
+        moved = to_move.move_under(move_to)
+        child.reload()
+
+        assert new_component == child.target
+        versions = child.versions.order_by('-created')
+        assert versions.first().region == component_node_settings.region
+        assert versions.last().region == self.node_settings.region
+
     def test_copy_rename(self):
         to_copy = self.node_settings.get_root().append_file('Carp')
         copy_to = self.node_settings.get_root().append_folder('Cloud')

addons/wiki/tests/test_wiki.py

@@ -1238,7 +1238,6 @@ def test_serialize_wiki_settings(self):
         node = NodeFactory(parent=self.project, creator=self.user, is_public=True)
         node.get_addon('wiki').set_editing(
             permissions=True, auth=self.consolidate_auth, log=True)
-        node.add_pointer(self.project, Auth(self.user))
         node.save()
         data = serialize_wiki_settings(self.user, [node])
         expected = [{

admin_tests/base/test_utils.py

@@ -1,22 +1,30 @@
 from nose.tools import *  # noqa: F403
 import datetime as datetime
+import pytest
 
+from django.test import RequestFactory
 from django.db.models import Q
 from django.contrib.auth.models import Group
 from django.core.exceptions import ValidationError, PermissionDenied
+from django.contrib.admin.sites import AdminSite
+from django.forms.models import model_to_dict
+from django.http import QueryDict
+
 
 from tests.base import AdminTestCase
 
-from osf_tests.factories import SubjectFactory, UserFactory, RegistrationFactory
+from osf_tests.factories import SubjectFactory, UserFactory, RegistrationFactory, PreprintFactory
 
-from osf.models import Subject
+from osf.models import Subject, OSFUser, Collection
 from osf.models.provider import rules_to_subjects
 from admin.base.utils import get_subject_rules, change_embargo_date
+from osf.admin import OSFUserAdmin
 
 
 import logging
 logger = logging.getLogger(__name__)
 logging.basicConfig(level=logging.INFO)
+pytestmark = pytest.mark.django_db
 
 
 class TestSubjectRules(AdminTestCase):
@@ -158,3 +166,82 @@ def test_change_embargo_date(self):
         assert_almost_equal(self.registration.embargo.end_date, self.date_valid2, delta=datetime.timedelta(days=1))
 
         # Add a test to check privatizing
+
+site = AdminSite()
+
+class TestGroupCollectionsPreprints:
+    @pytest.mark.enable_bookmark_creation
+    @pytest.fixture()
+    def user(self):
+        return UserFactory()
+
+    @pytest.fixture()
+    def admin_url(self, user):
+        return '/admin/osf/osfuser/{}/change/'.format(user.id)
+
+    @pytest.fixture()
+    def preprint(self, user):
+        return PreprintFactory(creator=user)
+
+    @pytest.fixture()
+    def get_request(self, admin_url, user):
+        request = RequestFactory().get(admin_url)
+        request.user = user
+        return request
+
+    @pytest.fixture()
+    def post_request(self, admin_url, user):
+        request = RequestFactory().post(admin_url)
+        request.user = user
+        return request
+
+    @pytest.fixture()
+    def osf_user_admin(self):
+        return OSFUserAdmin(OSFUser, site)
+
+    @pytest.mark.enable_bookmark_creation
+    def test_admin_app_formfield_collections(self, preprint, user, get_request, osf_user_admin):
+        """ Testing OSFUserAdmin.formfield_many_to_many.
+        This should not return any bookmark collections or preprint groups, even if the user is a member.
+        """
+
+        formfield = (osf_user_admin.formfield_for_manytomany(OSFUser.groups.field, request=get_request))
+        queryset = formfield.queryset
+
+        collections_group = Collection.objects.filter(creator=user, is_bookmark_collection=True)[0].get_group('admin')
+        assert(collections_group not in queryset)
+
+        assert(preprint.get_group('admin') not in queryset)
+
+    @pytest.mark.enable_bookmark_creation
+    def test_admin_app_save_related_collections(self, post_request, osf_user_admin, user, preprint):
+        """ Testing OSFUserAdmin.save_related
+        This should maintain the bookmark collections and preprint groups the user is a member of
+        even though they aren't explicitly returned by the form.
+        """
+
+        form = osf_user_admin.get_form(request=post_request, obj=user)
+        data_dict = model_to_dict(user)
+        post_form = form(data_dict, instance=user)
+
+        # post_form.errors.keys() generates a list of fields causing JSON Related errors
+        # which are preventing the form from being valid (which is required for the form to be saved).
+        # By setting the field to '{}', this makes the form valid and resolves JSON errors.
+
+        for field in post_form.errors.keys():
+            if field == 'groups':
+                data_dict['groups'] = []
+            else:
+                data_dict[field] = '{}'
+        post_form = form(data_dict, instance=user)
+        assert(post_form.is_valid())
+        post_form.save(commit=False)
+        qdict = QueryDict('', mutable=True)
+        qdict.update(data_dict)
+        post_request.POST = qdict
+        osf_user_admin.save_related(request=post_request, form=post_form, formsets=[], change=True)
+
+        collections_group = Collection.objects.filter(creator=user, is_bookmark_collection=True)[0].get_group('admin')
+        assert(collections_group in user.groups.all())
+
+        assert(preprint.get_group('admin') in user.groups.all())

api/base/serializers.py

@@ -1674,7 +1674,12 @@ def update(self, instance, validated_data):
         for pointer in remove:
             collection.rm_pointer(pointer, auth)
         for node in add:
-            collection.add_pointer(node, auth)
+            try:
+                collection.add_pointer(node, auth)
+            except ValueError as e:
+                raise api_exceptions.InvalidModelValueError(
+                    detail=str(e),
+                )
 
         return self.make_instance_obj(collection)
 
@@ -1689,8 +1694,12 @@ def create(self, validated_data):
             raise api_exceptions.RelationshipPostMakesNoChanges
 
         for node in add:
-            collection.add_pointer(node, auth)
-
+            try:
+                collection.add_pointer(node, auth)
+            except ValueError as e:
+                raise api_exceptions.InvalidModelValueError(
+                    detail=str(e),
+                )
         return self.make_instance_obj(collection)
 
 
@@ -1747,7 +1756,12 @@ def update(self, instance, validated_data):
         for pointer in remove:
             collection.rm_pointer(pointer, auth)
         for node in add:
-            collection.add_pointer(node, auth)
+            try:
+                collection.add_pointer(node, auth)
+            except ValueError as e:
+                raise api_exceptions.InvalidModelValueError(
+                    detail=str(e),
+                )
 
         return self.make_instance_obj(collection)
 
@@ -1762,7 +1776,12 @@ def create(self, validated_data):
             raise api_exceptions.RelationshipPostMakesNoChanges
 
         for node in add:
-            collection.add_pointer(node, auth)
+            try:
+                collection.add_pointer(node, auth)
+            except ValueError as e:
+                raise api_exceptions.InvalidModelValueError(
+                    detail=str(e),
+                )
 
         return self.make_instance_obj(collection)
 

api/nodes/serializers.py

@@ -141,8 +141,8 @@ def to_internal_value(self, data):
 
 class NodeLicenseSerializer(BaseAPISerializer):
 
-    copyright_holders = ser.ListField(allow_empty=True)
-    year = ser.CharField(allow_blank=True)
+    copyright_holders = ser.ListField(allow_empty=True, required=False)
+    year = ser.CharField(allow_blank=True, required=False)
 
     class Meta:
         type_ = 'node_licenses'
@@ -206,8 +206,12 @@ class Meta:
         type_ = 'styled-citations'
 
 def get_license_details(node, validated_data):
-    license = node.license if isinstance(node, Preprint) else node.node_license
-
+    if node:
+        license = node.license if isinstance(node, Preprint) else node.node_license
+    else:
+        license = None
+    if ('license_type' not in validated_data and not (license and license.node_license.license_id)):
+        raise exceptions.ValidationError(detail='License ID must be provided for a Node License.')
     license_id = license.node_license.license_id if license else None
     license_year = license.year if license else None
     license_holders = license.copyright_holders if license else []
@@ -747,10 +751,18 @@ def create(self, validated_data):
         tag_instances = []
         affiliated_institutions = None
         region_id = None
+        license_details = None
         if 'affiliated_institutions' in validated_data:
             affiliated_institutions = validated_data.pop('affiliated_institutions')
         if 'region_id' in validated_data:
             region_id = validated_data.pop('region_id')
+        if 'license_type' in validated_data or 'license' in validated_data:
+            try:
+                license_details = get_license_details(None, validated_data)
+            except ValidationError as e:
+                raise InvalidModelValueError(detail=str(e.messages[0]))
+            validated_data.pop('license', None)
+            validated_data.pop('license_type', None)
         if 'tags' in validated_data:
             tags = validated_data.pop('tags')
             for tag in tags:
@@ -806,6 +818,20 @@ def create(self, validated_data):
             node.subjects.add(parent.subjects.all())
             node.save()
 
+        if license_details:
+            try:
+                node.set_node_license(
+                    {
+                        'id': license_details.get('id') if license_details.get('id') else 'NONE',
+                        'year': license_details.get('year'),
+                        'copyrightHolders': license_details.get('copyrightHolders') or license_details.get('copyright_holders', []),
+                    },
+                    auth=get_user_auth(request),
+                    save=True,
+                )
+            except ValidationError as e:
+                raise InvalidModelValueError(detail=str(e.message))
+
         if not region_id:
             region_id = self.context.get('region_id')
         if region_id:
@@ -1314,10 +1340,10 @@ def create(self, validated_data):
         try:
             pointer = node.add_pointer(pointer_node, auth, save=True)
             return pointer
-        except ValueError:
+        except ValueError as e:
             raise InvalidModelValueError(
                 source={'pointer': '/data/relationships/node_links/data/id'},
-                detail='Target Node \'{}\' already pointed to by \'{}\'.'.format(target_node_id, node._id),
+                detail=str(e),
             )
 
     def update(self, instance, validated_data):