pypi
diff --git a/‎tests/conftest.py‎
Lines changed: 2 additions & 2 deletions b/‎tests/conftest.py‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎tests/unit/accounts/test_core.py‎
Lines changed: 6 additions & 2 deletions b/‎tests/unit/accounts/test_core.py‎
Lines changed: 6 additions & 2 deletions
diff --git a/‎tests/unit/accounts/test_forms.py‎
Lines changed: 8 additions & 2 deletions b/‎tests/unit/accounts/test_forms.py‎
Lines changed: 8 additions & 2 deletions
diff --git a/‎tests/unit/accounts/test_services.py‎
Lines changed: 19 additions & 3 deletions b/‎tests/unit/accounts/test_services.py‎
Lines changed: 19 additions & 3 deletions
diff --git a/‎tests/unit/accounts/test_views.py‎
Lines changed: 13 additions & 0 deletions b/‎tests/unit/accounts/test_views.py‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎tests/unit/admin/views/test_users.py‎
Lines changed: 4 additions & 2 deletions b/‎tests/unit/admin/views/test_users.py‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎tests/unit/email/test_init.py‎
Lines changed: 3 additions & 1 deletion b/‎tests/unit/email/test_init.py‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎tests/unit/integration/github/test_utils.py‎
Lines changed: 1 addition & 0 deletions b/‎tests/unit/integration/github/test_utils.py‎
Lines changed: 1 addition & 0 deletions
@@ -341,9 +341,9 @@ def user_service(db_session, metrics, remote_addr):
 
 
 @pytest.fixture
-def project_service(db_session, remote_addr, metrics, ratelimiters=None):
+def project_service(db_session, metrics, ratelimiters=None):
     return packaging_services.ProjectService(
-        db_session, remote_addr, metrics, ratelimiters=ratelimiters
+        db_session, metrics, ratelimiters=ratelimiters
     )
 
 
 
@@ -105,6 +105,7 @@ def test_with_invalid_password(self, pyramid_request, pyramid_services):
             pretend.call(
                 tag=EventTag.Account.LoginFailure,
                 ip_address="1.2.3.4",
+                request=pyramid_request,
                 additional={"reason": "invalid_password", "auth_method": "basic"},
             )
         ]
@@ -245,6 +246,7 @@ def test_with_valid_password(self, monkeypatch, pyramid_request, pyramid_service
         assert user.record_event.calls == [
             pretend.call(
                 ip_address="1.2.3.4",
+                request=pyramid_request,
                 tag=EventTag.Account.LoginSuccess,
                 additional={"auth_method": "basic"},
             )
@@ -267,7 +269,7 @@ def test_via_basic_auth_compromised(
             ),
             is_disabled=pretend.call_recorder(lambda user_id: (False, None)),
             disable_password=pretend.call_recorder(
-                lambda user_id, reason=None, ip_address="127.0.0.1": None
+                lambda user_id, request, reason=None: None
             ),
         )
         breach_service = pretend.stub(
@@ -301,7 +303,9 @@ def test_via_basic_auth_compromised(
         ]
         assert service.disable_password.calls == [
             pretend.call(
-                2, reason=DisableReason.CompromisedPassword, ip_address="1.2.3.4"
+                2,
+                pyramid_request,
+                reason=DisableReason.CompromisedPassword,
             )
         ]
         assert send_email.calls == [pretend.call(pyramid_request, user)]
 
@@ -203,6 +203,7 @@ def test_validate_password_notok(self, db_session):
             pretend.call(
                 tag=EventTag.Account.LoginFailure,
                 ip_address=request.remote_addr,
+                request=request,
                 additional={"reason": "invalid_password"},
             )
         ]
@@ -258,7 +259,7 @@ def test_password_breached(self, monkeypatch):
             get_user=lambda _: user,
             check_password=lambda userid, pw, tags=None: True,
             disable_password=pretend.call_recorder(
-                lambda user_id, reason=None, ip_address="127.0.0.1": None
+                lambda user_id, request, reason=None: None
             ),
             is_disabled=lambda userid: (False, None),
         )
@@ -276,7 +277,9 @@ def test_password_breached(self, monkeypatch):
         assert form.password.errors.pop() == "Bad Password!"
         assert user_service.disable_password.calls == [
             pretend.call(
-                1, reason=DisableReason.CompromisedPassword, ip_address="1.2.3.4"
+                1,
+                request,
+                reason=DisableReason.CompromisedPassword,
             )
         ]
         assert send_email.calls == [pretend.call(request, user)]
@@ -846,6 +849,7 @@ def test_totp_secret_exists(self, pyramid_config):
             pretend.call(
                 tag=EventTag.Account.LoginFailure,
                 ip_address=request.remote_addr,
+                request=request,
                 additional={"reason": "invalid_totp"},
             )
         ]
@@ -944,6 +948,7 @@ def test_credential_invalid(self):
             pretend.call(
                 tag=EventTag.Account.LoginFailure,
                 ip_address=request.remote_addr,
+                request=request,
                 additional={"reason": "invalid_webauthn"},
             )
         ]
@@ -1045,6 +1050,7 @@ def test_invalid_recovery_code(
             pretend.call(
                 tag=EventTag.Account.LoginFailure,
                 ip_address=request.remote_addr,
+                request=request,
                 additional={"reason": expected_reason},
             )
         ]
 
@@ -49,6 +49,7 @@
 from warehouse.rate_limiting.interfaces import IRateLimiter
 
 from ...common.db.accounts import EmailFactory, UserFactory
+from ...common.db.ip_addresses import IpAddressFactory
 
 
 class TestDatabaseUserService:
@@ -440,6 +441,10 @@ def test_get_admin_user(self, user_service):
         ],
     )
     def test_disable_password(self, user_service, reason, expected):
+        request = pretend.stub(
+            remote_addr="127.0.0.1",
+            ip_address=IpAddressFactory.create(),
+        )
         user = UserFactory.create()
         user.record_event = pretend.call_recorder(lambda *a, **kw: None)
 
@@ -448,13 +453,14 @@ def test_disable_password(self, user_service, reason, expected):
         assert user.password != "!"
 
         # Now we'll actually test our disable function.
-        user_service.disable_password(user.id, reason=reason)
+        user_service.disable_password(user.id, reason=reason, request=request)
         assert user.password == "!"
 
         assert user.record_event.calls == [
             pretend.call(
                 tag=EventTag.Account.PasswordDisabled,
                 ip_address="127.0.0.1",
+                request=request,
                 additional={"reason": expected},
             )
         ]
@@ -464,19 +470,29 @@ def test_disable_password(self, user_service, reason, expected):
         [(True, None), (True, DisableReason.CompromisedPassword), (False, None)],
     )
     def test_is_disabled(self, user_service, disabled, reason):
+        request = pretend.stub(
+            remote_addr="127.0.0.1",
+            ip_address=IpAddressFactory.create(),
+        )
         user = UserFactory.create()
         user_service.update_user(user.id, password="foo")
         if disabled:
-            user_service.disable_password(user.id, reason=reason)
+            user_service.disable_password(user.id, reason=reason, request=request)
         assert user_service.is_disabled(user.id) == (disabled, reason)
 
     def test_is_disabled_user_frozen(self, user_service):
         user = UserFactory.create(is_frozen=True)
         assert user_service.is_disabled(user.id) == (True, DisableReason.AccountFrozen)
 
     def test_updating_password_undisables(self, user_service):
+        request = pretend.stub(
+            remote_addr="127.0.0.1",
+            ip_address=IpAddressFactory.create(),
+        )
         user = UserFactory.create()
-        user_service.disable_password(user.id, reason=DisableReason.CompromisedPassword)
+        user_service.disable_password(
+            user.id, reason=DisableReason.CompromisedPassword, request=request
+        )
         assert user_service.is_disabled(user.id) == (
             True,
             DisableReason.CompromisedPassword,
 
@@ -288,6 +288,7 @@ def test_post_validate_redirects(
             pretend.call(
                 tag=EventTag.Account.LoginSuccess,
                 ip_address=pyramid_request.remote_addr,
+                request=pyramid_request,
                 additional={"two_factor_method": None, "two_factor_label": None},
             )
         ]
@@ -351,6 +352,7 @@ def test_post_validate_no_redirects(
             pretend.call(
                 tag=EventTag.Account.LoginSuccess,
                 ip_address=pyramid_request.remote_addr,
+                request=pyramid_request,
                 additional={"two_factor_method": None, "two_factor_label": None},
             )
         ]
@@ -714,6 +716,7 @@ def test_totp_auth(
             pretend.call(
                 tag=EventTag.Account.LoginSuccess,
                 ip_address=pyramid_request.remote_addr,
+                request=pyramid_request,
                 additional={"two_factor_method": "totp", "two_factor_label": "totp"},
             )
         ]
@@ -1157,6 +1160,7 @@ def test_recovery_code_auth(self, monkeypatch, pyramid_request, redirect_url):
             pretend.call(
                 tag=EventTag.Account.LoginSuccess,
                 ip_address=pyramid_request.remote_addr,
+                request=pyramid_request,
                 additional={
                     "two_factor_method": "recovery-code",
                     "two_factor_label": None,
@@ -1165,6 +1169,7 @@ def test_recovery_code_auth(self, monkeypatch, pyramid_request, redirect_url):
             pretend.call(
                 tag=EventTag.Account.RecoveryCodesUsed,
                 ip_address=pyramid_request.remote_addr,
+                request=pyramid_request,
             ),
         ]
         assert pyramid_request.session.flash.calls == [
@@ -1411,11 +1416,13 @@ def _find_service(service=None, name=None, context=None):
             pretend.call(
                 tag=EventTag.Account.AccountCreate,
                 ip_address=db_request.remote_addr,
+                request=db_request,
                 additional={"email": "[email protected]"},
             ),
             pretend.call(
                 tag=EventTag.Account.LoginSuccess,
                 ip_address=db_request.remote_addr,
+                request=db_request,
                 additional={"two_factor_method": None, "two_factor_label": None},
             ),
         ]
@@ -1524,6 +1531,7 @@ def test_request_password_reset(
             pretend.call(
                 tag=EventTag.Account.PasswordResetRequest,
                 ip_address=pyramid_request.remote_addr,
+                request=pyramid_request,
             )
         ]
 
@@ -1588,6 +1596,7 @@ def test_request_password_reset_with_email(
             pretend.call(
                 tag=EventTag.Account.PasswordResetRequest,
                 ip_address=pyramid_request.remote_addr,
+                request=pyramid_request,
             )
         ]
         assert user_service.ratelimiters["password.reset"].test.calls == [
@@ -1663,6 +1672,7 @@ def test_request_password_reset_with_non_primary_email(
             pretend.call(
                 tag=EventTag.Account.PasswordResetRequest,
                 ip_address=pyramid_request.remote_addr,
+                request=pyramid_request,
             )
         ]
         assert user_service.ratelimiters["password.reset"].test.calls == [
@@ -1762,6 +1772,7 @@ def test_password_reset_prohibited(
             pretend.call(
                 tag=EventTag.Account.PasswordResetAttempt,
                 ip_address=pyramid_request.remote_addr,
+                request=pyramid_request,
             )
         ]
 
@@ -3569,6 +3580,7 @@ def test_add_pending_github_oidc_publisher(self, monkeypatch, db_request):
             pretend.call(
                 tag=EventTag.Account.PendingOIDCPublisherAdded,
                 ip_address="1.2.3.4",
+                request=db_request,
                 additional={
                     "project": "some-project-name",
                     "publisher": pending_publisher.publisher_name,
@@ -3802,6 +3814,7 @@ def test_delete_pending_oidc_publisher(self, monkeypatch, db_request):
             pretend.call(
                 tag=EventTag.Account.PendingOIDCPublisherRemoved,
                 ip_address="1.2.3.4",
+                request=db_request,
                 additional={
                     "project": "some-project-name",
                     "publisher": "GitHub",
 
@@ -405,7 +405,9 @@ def test_resets_password(self, db_request, monkeypatch):
         db_request.user = UserFactory.create()
         service = pretend.stub(
             find_userid=pretend.call_recorder(lambda username: user.username),
-            disable_password=pretend.call_recorder(lambda userid, reason: None),
+            disable_password=pretend.call_recorder(
+                lambda userid, request, reason: None
+            ),
         )
         db_request.find_service = pretend.call_recorder(lambda iface, context: service)
 
@@ -419,7 +421,7 @@ def test_resets_password(self, db_request, monkeypatch):
         ]
         assert send_email.calls == [pretend.call(db_request, user)]
         assert service.disable_password.calls == [
-            pretend.call(user.id, reason=DisableReason.CompromisedPassword)
+            pretend.call(user.id, db_request, reason=DisableReason.CompromisedPassword)
         ]
         assert db_request.route_path.calls == [
             pretend.call("admin.user.detail", username=user.username)
 
@@ -308,10 +308,11 @@ class FakeUser:
             def __init__(self):
                 self.events = []
 
-            def record_event(self, tag, ip_address, additional):
+            def record_event(self, tag, ip_address, request=None, additional=None):
                 self.events.append(
                     {
                         "ip_address": ip_address,
+                        "request": request,
                         "tag": tag,
                         "additional": additional,
                     }
@@ -382,6 +383,7 @@ def get_user(self, user_id):
             assert user_service.user.events == [
                 {
                     "tag": "account:email:sent",
+                    "request": request,
                     "ip_address": request.remote_addr,
                     "additional": {
                         "from_": "[email protected]",
 
@@ -610,6 +610,7 @@ def metrics_increment(key):
         pretend.call(
             tag=EventTag.Account.APITokenRemovedLeak,
             ip_address=request.remote_addr,
+            request=request,
             additional={
                 "macaroon_id": "12",
                 "public_url": "http://example.com",
Original file line number	Diff line number	Diff line change
`@@ -341,9 +341,9 @@ def user_service(db_session, metrics, remote_addr):`
`341`	`341`
`342`	`342`
`343`	`343`	`@pytest.fixture`
`344`		`-def project_service(db_session, remote_addr, metrics, ratelimiters=None):`
	`344`	`+def project_service(db_session, metrics, ratelimiters=None):`
`345`	`345`	`return packaging_services.ProjectService(`
`346`		`- db_session, remote_addr, metrics, ratelimiters=ratelimiters`
	`346`	`+ db_session, metrics, ratelimiters=ratelimiters`
`347`	`347`	`)`
`348`	`348`
`349`	`349`
Original file line number	Diff line number	Diff line change
`@@ -105,6 +105,7 @@ def test_with_invalid_password(self, pyramid_request, pyramid_services):`
`105`	`105`	`pretend.call(`
`106`	`106`	`tag=EventTag.Account.LoginFailure,`
`107`	`107`	`ip_address="1.2.3.4",`
	`108`	`+ request=pyramid_request,`
`108`	`109`	`additional={"reason": "invalid_password", "auth_method": "basic"},`
`109`	`110`	`)`
`110`	`111`	`]`
`@@ -245,6 +246,7 @@ def test_with_valid_password(self, monkeypatch, pyramid_request, pyramid_service`
`245`	`246`	`assert user.record_event.calls == [`
`246`	`247`	`pretend.call(`
`247`	`248`	`ip_address="1.2.3.4",`
	`249`	`+ request=pyramid_request,`
`248`	`250`	`tag=EventTag.Account.LoginSuccess,`
`249`	`251`	`additional={"auth_method": "basic"},`
`250`	`252`	`)`
`@@ -267,7 +269,7 @@ def test_via_basic_auth_compromised(`
`267`	`269`	`),`
`268`	`270`	`is_disabled=pretend.call_recorder(lambda user_id: (False, None)),`
`269`	`271`	`disable_password=pretend.call_recorder(`
`270`		`- lambda user_id, reason=None, ip_address="127.0.0.1": None`
	`272`	`+ lambda user_id, request, reason=None: None`
`271`	`273`	`),`
`272`	`274`	`)`
`273`	`275`	`breach_service = pretend.stub(`
`@@ -301,7 +303,9 @@ def test_via_basic_auth_compromised(`
`301`	`303`	`]`
`302`	`304`	`assert service.disable_password.calls == [`
`303`	`305`	`pretend.call(`
`304`		`- 2, reason=DisableReason.CompromisedPassword, ip_address="1.2.3.4"`
	`306`	`+ 2,`
	`307`	`+ pyramid_request,`
	`308`	`+ reason=DisableReason.CompromisedPassword,`
`305`	`309`	`)`
`306`	`310`	`]`
`307`	`311`	`assert send_email.calls == [pretend.call(pyramid_request, user)]`
Original file line number	Diff line number	Diff line change
`@@ -203,6 +203,7 @@ def test_validate_password_notok(self, db_session):`
`203`	`203`	`pretend.call(`
`204`	`204`	`tag=EventTag.Account.LoginFailure,`
`205`	`205`	`ip_address=request.remote_addr,`
	`206`	`+ request=request,`
`206`	`207`	`additional={"reason": "invalid_password"},`
`207`	`208`	`)`
`208`	`209`	`]`
`@@ -258,7 +259,7 @@ def test_password_breached(self, monkeypatch):`
`258`	`259`	`get_user=lambda _: user,`
`259`	`260`	`check_password=lambda userid, pw, tags=None: True,`
`260`	`261`	`disable_password=pretend.call_recorder(`
`261`		`- lambda user_id, reason=None, ip_address="127.0.0.1": None`
	`262`	`+ lambda user_id, request, reason=None: None`
`262`	`263`	`),`
`263`	`264`	`is_disabled=lambda userid: (False, None),`
`264`	`265`	`)`
`@@ -276,7 +277,9 @@ def test_password_breached(self, monkeypatch):`
`276`	`277`	`assert form.password.errors.pop() == "Bad Password!"`
`277`	`278`	`assert user_service.disable_password.calls == [`
`278`	`279`	`pretend.call(`
`279`		`- 1, reason=DisableReason.CompromisedPassword, ip_address="1.2.3.4"`
	`280`	`+ 1,`
	`281`	`+ request,`
	`282`	`+ reason=DisableReason.CompromisedPassword,`
`280`	`283`	`)`
`281`	`284`	`]`
`282`	`285`	`assert send_email.calls == [pretend.call(request, user)]`
`@@ -846,6 +849,7 @@ def test_totp_secret_exists(self, pyramid_config):`
`846`	`849`	`pretend.call(`
`847`	`850`	`tag=EventTag.Account.LoginFailure,`
`848`	`851`	`ip_address=request.remote_addr,`
	`852`	`+ request=request,`
`849`	`853`	`additional={"reason": "invalid_totp"},`
`850`	`854`	`)`
`851`	`855`	`]`
`@@ -944,6 +948,7 @@ def test_credential_invalid(self):`
`944`	`948`	`pretend.call(`
`945`	`949`	`tag=EventTag.Account.LoginFailure,`
`946`	`950`	`ip_address=request.remote_addr,`
	`951`	`+ request=request,`
`947`	`952`	`additional={"reason": "invalid_webauthn"},`
`948`	`953`	`)`
`949`	`954`	`]`
`@@ -1045,6 +1050,7 @@ def test_invalid_recovery_code(`
`1045`	`1050`	`pretend.call(`
`1046`	`1051`	`tag=EventTag.Account.LoginFailure,`
`1047`	`1052`	`ip_address=request.remote_addr,`
	`1053`	`+ request=request,`
`1048`	`1054`	`additional={"reason": expected_reason},`
`1049`	`1055`	`)`
`1050`	`1056`	`]`
Original file line number	Diff line number	Diff line change
`@@ -405,7 +405,9 @@ def test_resets_password(self, db_request, monkeypatch):`
`405`	`405`	`db_request.user = UserFactory.create()`
`406`	`406`	`service = pretend.stub(`
`407`	`407`	`find_userid=pretend.call_recorder(lambda username: user.username),`
`408`		`- disable_password=pretend.call_recorder(lambda userid, reason: None),`
	`408`	`+ disable_password=pretend.call_recorder(`
	`409`	`+ lambda userid, request, reason: None`
	`410`	`+ ),`
`409`	`411`	`)`
`410`	`412`	`db_request.find_service = pretend.call_recorder(lambda iface, context: service)`
`411`	`413`
`@@ -419,7 +421,7 @@ def test_resets_password(self, db_request, monkeypatch):`
`419`	`421`	`]`
`420`	`422`	`assert send_email.calls == [pretend.call(db_request, user)]`
`421`	`423`	`assert service.disable_password.calls == [`
`422`		`- pretend.call(user.id, reason=DisableReason.CompromisedPassword)`
	`424`	`+ pretend.call(user.id, db_request, reason=DisableReason.CompromisedPassword)`
`423`	`425`	`]`
`424`	`426`	`assert db_request.route_path.calls == [`
`425`	`427`	`pretend.call("admin.user.detail", username=user.username)`
Original file line number	Diff line number	Diff line change
`@@ -308,10 +308,11 @@ class FakeUser:`
`308`	`308`	`def __init__(self):`
`309`	`309`	`self.events = []`
`310`	`310`
`311`		`- def record_event(self, tag, ip_address, additional):`
	`311`	`+ def record_event(self, tag, ip_address, request=None, additional=None):`
`312`	`312`	`self.events.append(`
`313`	`313`	`{`
`314`	`314`	`"ip_address": ip_address,`
	`315`	`+ "request": request,`
`315`	`316`	`"tag": tag,`
`316`	`317`	`"additional": additional,`
`317`	`318`	`}`
`@@ -382,6 +383,7 @@ def get_user(self, user_id):`
`382`	`383`	`assert user_service.user.events == [`
`383`	`384`	`{`
`384`	`385`	`"tag": "account:email:sent",`
	`386`	`+ "request": request,`
`385`	`387`	`"ip_address": request.remote_addr,`
`386`	`388`	`"additional": {`
`387`	`389`	`"from_": "[email protected]",`