Fixes #1432 Refactors the invite + registration system to be simpler and more consistent with regards to existing user invites. Previously, per-user invites are stored in the user.invites dict instead of in the invites collection, which creates a few issues: - Existing user do not show up in Org Invites list: #1432 - Existing user invites also do not expire, unlike new user invites, creating potential security issue. Instead, existing user invites should be treated like new user invites. This PR moves them into the same collection, adding a `userid` field to InvitePending to match with an existing user. If a user already exists, it will be matched by userid, instead of by email. This allows for user to update their email while still being invited. Note that the email of the invited existing user will not change in the invite email. This is also by design: an admin of one org should not be given any hint that an invited user already has an account, such as by having their email automatically update. For an org admin, the invite to a new or existing user should be indistinguishable. The sha256 of invite token is stored instead of actual token for better security. The registration system has also been refactored with the following changes: - Auto-creation of new orgs for new users has been removed - User.create_user() replaces the old User._create() and just creates the user with additional complex logic around org auto-add - Users are added to org in org add_user_to_org() - Users are added to org through invites with add_user_with_invite() Tests: - Additional tests include verifying that existing and new pending invites appear in the pending invites list - Tests for `/users/invite/<token>?email=` and `/users/me/invite/<token>` endpoints - Deleting pending invites - Additional tests added for user self-registration, including existing user self-registration to default org of existing user (in nightly tests)
		
			
				
	
	
		
			94 lines
		
	
	
		
			2.7 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			94 lines
		
	
	
		
			2.7 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
| name: Nightly tests (K3d)
 | |
| 
 | |
| on:
 | |
|   schedule:
 | |
|     # Run daily at 8am UTC
 | |
|     - cron:  '0 8 * * *'
 | |
| 
 | |
|   workflow_dispatch:
 | |
| 
 | |
| jobs:
 | |
|   btrix-k3d-nightly-test:
 | |
|     runs-on: ubuntu-latest
 | |
|     steps:
 | |
|       - name: Create k3d Cluster
 | |
|         uses: AbsaOSS/k3d-action@v2
 | |
|         with:
 | |
|           cluster-name: btrix-nightly
 | |
|           args: >-
 | |
|             -p "30870:30870@agent:0:direct"
 | |
|             -p "30090:30090@agent:0:direct"
 | |
|             --agents 1
 | |
|             --no-lb
 | |
|             --k3s-arg "--disable=traefik,servicelb@server:*"            
 | |
| 
 | |
|       - name: Checkout
 | |
|         uses: actions/checkout@v3
 | |
| 
 | |
|       - name: Set up Docker Buildx
 | |
|         uses: docker/setup-buildx-action@v2
 | |
|         with:
 | |
|           driver-opts: network=host
 | |
| 
 | |
|       - name: Build Backend
 | |
|         uses: docker/build-push-action@v3
 | |
|         with:
 | |
|           context: backend
 | |
|           load: true
 | |
|           #outputs: type=tar,dest=backend.tar
 | |
|           tags: webrecorder/browsertrix-backend:latest
 | |
|           cache-from: type=gha,scope=backend
 | |
|           cache-to: type=gha,scope=backend,mode=max
 | |
| 
 | |
|       - name: Build Frontend
 | |
|         uses: docker/build-push-action@v3
 | |
|         with:
 | |
|           context: frontend
 | |
|           load: true
 | |
|           #outputs: type=tar,dest=frontend.tar
 | |
|           tags: webrecorder/browsertrix-frontend:latest
 | |
|           cache-from: type=gha,scope=frontend
 | |
|           cache-to: type=gha,scope=frontend,mode=max
 | |
| 
 | |
|       - name: 'Import Images'
 | |
|         run: |
 | |
|           k3d image import webrecorder/browsertrix-backend:latest -m direct -c btrix-nightly --verbose
 | |
|           k3d image import webrecorder/browsertrix-frontend:latest -m direct -c btrix-nightly --verbose          
 | |
| 
 | |
|       - name: Install Kubectl
 | |
|         uses: azure/setup-kubectl@v3
 | |
| 
 | |
|       - name: Install Helm
 | |
|         uses: azure/setup-helm@v3
 | |
|         with:
 | |
|           version: 3.10.2
 | |
| 
 | |
|       - name: Start Cluster with Helm
 | |
|         run: |
 | |
|           helm upgrade --install -f ./chart/values.yaml -f ./chart/test/test.yaml -f ./chart/test/test-nightly-addons.yaml btrix ./chart/          
 | |
| 
 | |
|       - name: Install Python
 | |
|         uses: actions/setup-python@v3
 | |
|         with:
 | |
|           python-version: '3.9'
 | |
| 
 | |
|       - name: Install Python Libs
 | |
|         run: pip install -r ./backend/test-requirements.txt
 | |
| 
 | |
|       - name: Wait for all pods to be ready
 | |
|         run: kubectl wait --for=condition=ready pod --all --timeout=240s
 | |
| 
 | |
|       - name: Create Extra Test Buckets
 | |
|         run:  kubectl exec -i deployment/local-minio -c minio mkdir /data/replica-0
 | |
| 
 | |
|       - name: Run Tests
 | |
|         run: pytest -vv ./backend/test_nightly/test_*.py
 | |
| 
 | |
|       - name: Print Backend Logs (API)
 | |
|         if: ${{ failure() }}
 | |
|         run: kubectl logs svc/browsertrix-cloud-backend -c api
 | |
| 
 | |
|       - name: Print Backend Logs (Operator)
 | |
|         if: ${{ failure() }}
 | |
|         run: kubectl logs svc/browsertrix-cloud-backend -c op
 |