Home Explore Help
Sign In
SMusatov
/
sentry
mirror of https://github.com/getsentry/sentry
1
0
Fork 0
Files
Browse Source

fix(relocation): Handle expired superuser gracefully (#62243)

Issue: getsentry/team-ospo#214
Alex Zaslavsky 1 year ago
parent
d373ff8981
commit
cbfdce1635
2 changed files with 32 additions and 1 deletions
Split View Show Diff Stats
  1. 5 1
      src/sentry/api/endpoints/relocations/index.py
  2. 27 0
      tests/sentry/api/endpoints/relocations/test_index.py

+ 5 - 1
src/sentry/api/endpoints/relocations/index.py
View File 

@@ -17,6 +17,7 @@ from sentry.api.api_owners import ApiOwner
 
 from sentry.api.api_publish_status import ApiPublishStatus
 
 from sentry.api.base import Endpoint, region_silo_endpoint
 
 from sentry.api.endpoints.relocations import ERR_FEATURE_DISABLED
 
+from sentry.api.exceptions import SuperuserRequired
 
 from sentry.api.fields.sentry_slug import ORG_SLUG_PATTERN
 
 from sentry.api.paginator import OffsetPaginator
 
 from sentry.api.permissions import SuperuserPermission
 
@@ -164,7 +165,10 @@ class RelocationIndexEndpoint(Endpoint):
 
 
         logger.info("relocations.index.post.start", extra={"caller": request.user.id})
 
 
-        is_superuser = SuperuserPermission().has_permission(request, None)
 
+        try:
 
+            is_superuser = SuperuserPermission().has_permission(request, None)
 
+        except SuperuserRequired:
 
+            is_superuser = False
 
         if not options.get("relocation.enabled") and not is_superuser:
 
             return Response({"detail": ERR_FEATURE_DISABLED}, status=status.HTTP_403_FORBIDDEN)

+ 27 - 0
tests/sentry/api/endpoints/relocations/test_index.py
View File 

@@ -382,6 +382,33 @@ class PostRelocationsTest(APITestCase):
 
         assert response.data.get("detail") is not None
 
         assert response.data.get("detail") == ERR_FEATURE_DISABLED
 
 
+    def test_fail_expired_superuser_when_feature_disabled(self):
 
+        self.login_as(user=self.owner, superuser=True)
 
+        with tempfile.TemporaryDirectory() as tmp_dir:
 
+            (_, tmp_pub_key_path) = self.tmp_keys(tmp_dir)
 
+            with open(FRESH_INSTALL_PATH) as f:
 
+                data = json.load(f)
 
+                with open(tmp_pub_key_path, "rb") as p:
 
+                    response = self.client.post(
 
+                        reverse(self.endpoint),
 
+                        {
 
+                            "owner": self.owner.username,
 
+                            "file": SimpleUploadedFile(
 
+                                "export.tar",
 
+                                create_encrypted_export_tarball(
 
+                                    data, LocalFileEncryptor(p)
 
+                                ).getvalue(),
 
+                                content_type="application/tar",
 
+                            ),
 
+                            "orgs": "testing, foo",
 
+                        },
 
+                        format="multipart",
 
+                    )
 
+
 
+        assert response.status_code == status.HTTP_403_FORBIDDEN
 
+        assert response.data.get("detail") is not None
 
+        assert response.data.get("detail") == ERR_FEATURE_DISABLED
 
+
 
     # pytest parametrize does not work in TestCase subclasses, so hack around this
 
     for org_slugs, expected in [
 
         ("testing,foo,", ["testing", "foo"]),