Merge pull request #62 from Kinto/61-fix-userid-suffixes

Fix the ``process-account-events`` script to take client user ID suffixes into account (fixes #61)
Kinto · Jul 5, 2018 · 047d873 · 047d873
2 parents 4995d13 + 465dd32
commit 047d873
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 21 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -6,7 +6,9 @@ This document describes changes between each past release.
 2.5.2 (unreleased)
 ------------------
 
-- Nothing changed yet.
+**Bug fixes**
+
+- Fix the ``process-account-events`` script to take client user ID suffixes into account (fixes #61)
 
 
 2.5.1 (2018-06-28)

diff --git a/kinto_fxa/scripts/process_account_events.py b/kinto_fxa/scripts/process_account_events.py
@@ -23,6 +23,7 @@
 import itertools
 import json
 import logging
+import re
 import uuid
 
 import boto3
@@ -81,6 +82,7 @@ def process_account_events(config, queue_name, aws_region=None,
 def process_account_event(config, body):
     """Parse and process a single account event."""
     registry = config['registry']
+    settings = registry.settings
     storage = registry.storage
     permission = registry.permission
 
@@ -100,26 +102,41 @@ def process_account_event(config, body):
             # Delete everything from storage and permissions for
             # this user.
             logger.info("Processing account delete for %r", uid)
-            # FIXME: actually compute prefix correctly using
-            # config instead of just hardcoding fxa
-            uid = 'fxa:{}'.format(uid)
-            default_bucket_id = get_default_bucket_id(config, uid)
-            bucket_uri = '/buckets/{}'.format(default_bucket_id)
-            logger.info('Deleting bucket %r', bucket_uri)
-            # Delete the bucket and all its descendants.
-            # This code is similar to that from kinto.views.buckets:on_buckets_deleted.
-            for parent_id in [bucket_uri, bucket_uri + '/*']:
-                storage.delete_all(
-                    parent_id=parent_id,
-                    collection_id=None,
-                    with_deleted=False,
-                )
-                # Purge tombstones too.
-                storage.purge_deleted(
-                    parent_id=parent_id,
-                    collection_id=None,
-                )
-                permission.delete_object_permissions(parent_id)
+
+            # Go through configured policies to find the policy name.
+            prefix = ""
+            for k, v in settings.items():
+                m = re.match('multiauth\.policy\.(.*)\.use', k)
+                if m:
+                    if v.endswith('FxAOAuthAuthenticationPolicy'):
+                        prefix = "{}:".format(m.group(1))
+
+            userids = [prefix + uid]
+            # Go through configured clients.
+            for k, v in settings.items():
+                m = re.match('fxa-oauth\.clients\.(.*)\.client_id', k)
+                if m:
+                    suffix = "-{}".format(m.group(1))
+                    userids += [prefix + uid + suffix]
+
+            for uid in userids:
+                default_bucket_id = get_default_bucket_id(config, uid)
+                bucket_uri = '/buckets/{}'.format(default_bucket_id)
+                logger.info('Deleting bucket %r', bucket_uri)
+                # Delete the bucket and all its descendants.
+                # This code is similar to that from kinto.views.buckets:on_buckets_deleted.
+                for parent_id in [bucket_uri, bucket_uri + '/*']:
+                    storage.delete_all(
+                        parent_id=parent_id,
+                        collection_id=None,
+                        with_deleted=False,
+                    )
+                    # Purge tombstones too.
+                    storage.purge_deleted(
+                        parent_id=parent_id,
+                        collection_id=None,
+                    )
+                    permission.delete_object_permissions(parent_id)
             current_transaction.commit()
         else:
             logger.warning("Dropping unknown event type %r",

diff --git a/kinto_fxa/tests/test_process_account_events.py b/kinto_fxa/tests/test_process_account_events.py
@@ -61,6 +61,24 @@ def test_get_default_bucket_id(self):
         self.assertEqual(get_default_bucket_id(self.config, self.uid),
                          self.bucket_id)
 
+    @mock.patch('kinto_fxa.scripts.process_account_events.get_default_bucket_id')
+    def test_each_configured_client_is_taken_into_account(self, get_default_bucket_id):
+        self.registry.settings = {
+            'multiauth.policies': 'ffxxaa',
+            'multiauth.policy.ffxxaa.use': 'kinto_fxa.authentication.FxAOAuthAuthenticationPolicy',
+            'fxa-oauth.clients.notes.client_id': 'a',
+            'fxa-oauth.clients.notes.required_scope': 'a-a',
+            'fxa-oauth.clients.lockbox.client_id': 'b',
+            'fxa-oauth.clients.lockbox.required_scope': 'b-b',
+        }
+
+        process_account_event(self.config, self.real_message)
+
+        user_ids = [c[0][1] for c in get_default_bucket_id.call_args_list]
+        assert 'ffxxaa:abcd' in user_ids
+        assert 'ffxxaa:abcd-notes' in user_ids
+        assert 'ffxxaa:abcd-lockbox' in user_ids
+
     @mock.patch('kinto_fxa.scripts.process_account_events.get_default_bucket_id')
     def test_valid_message_calls_deletes(self, get_default_bucket_id):
         get_default_bucket_id.return_value = 'some_fxa_bucket'