move all record_event instances to send a request

tests/conftest.py

@@ -341,9 +341,9 @@ def user_service(db_session, metrics, remote_addr):
 
 
 @pytest.fixture
-def project_service(db_session, remote_addr, metrics, ratelimiters=None):
+def project_service(db_session, metrics, ratelimiters=None):
     return packaging_services.ProjectService(
-        db_session, remote_addr, metrics, ratelimiters=ratelimiters
+        db_session, metrics, ratelimiters=ratelimiters
     )
 
 

tests/unit/accounts/test_core.py

@@ -105,6 +105,7 @@ def test_with_invalid_password(self, pyramid_request, pyramid_services):
             pretend.call(
                 tag=EventTag.Account.LoginFailure,
                 ip_address="1.2.3.4",
+                request=pyramid_request,
                 additional={"reason": "invalid_password", "auth_method": "basic"},
             )
         ]
@@ -245,6 +246,7 @@ def test_with_valid_password(self, monkeypatch, pyramid_request, pyramid_service
         assert user.record_event.calls == [
             pretend.call(
                 ip_address="1.2.3.4",
+                request=pyramid_request,
                 tag=EventTag.Account.LoginSuccess,
                 additional={"auth_method": "basic"},
             )
@@ -267,7 +269,7 @@ def test_via_basic_auth_compromised(
             ),
             is_disabled=pretend.call_recorder(lambda user_id: (False, None)),
             disable_password=pretend.call_recorder(
-                lambda user_id, reason=None, ip_address="127.0.0.1": None
+                lambda user_id, request, reason=None: None
             ),
         )
         breach_service = pretend.stub(
@@ -301,7 +303,9 @@ def test_via_basic_auth_compromised(
         ]
         assert service.disable_password.calls == [
             pretend.call(
-                2, reason=DisableReason.CompromisedPassword, ip_address="1.2.3.4"
+                2,
+                pyramid_request,
+                reason=DisableReason.CompromisedPassword,
             )
         ]
         assert send_email.calls == [pretend.call(pyramid_request, user)]

tests/unit/accounts/test_forms.py

@@ -203,6 +203,7 @@ def test_validate_password_notok(self, db_session):
             pretend.call(
                 tag=EventTag.Account.LoginFailure,
                 ip_address=request.remote_addr,
+                request=request,
                 additional={"reason": "invalid_password"},
             )
         ]
@@ -258,7 +259,7 @@ def test_password_breached(self, monkeypatch):
             get_user=lambda _: user,
             check_password=lambda userid, pw, tags=None: True,
             disable_password=pretend.call_recorder(
-                lambda user_id, reason=None, ip_address="127.0.0.1": None
+                lambda user_id, request, reason=None: None
             ),
             is_disabled=lambda userid: (False, None),
         )
@@ -276,7 +277,9 @@ def test_password_breached(self, monkeypatch):
         assert form.password.errors.pop() == "Bad Password!"
         assert user_service.disable_password.calls == [
             pretend.call(
-                1, reason=DisableReason.CompromisedPassword, ip_address="1.2.3.4"
+                1,
+                request,
+                reason=DisableReason.CompromisedPassword,
             )
         ]
         assert send_email.calls == [pretend.call(request, user)]
@@ -846,6 +849,7 @@ def test_totp_secret_exists(self, pyramid_config):
             pretend.call(
                 tag=EventTag.Account.LoginFailure,
                 ip_address=request.remote_addr,
+                request=request,
                 additional={"reason": "invalid_totp"},
             )
         ]
@@ -944,6 +948,7 @@ def test_credential_invalid(self):
             pretend.call(
                 tag=EventTag.Account.LoginFailure,
                 ip_address=request.remote_addr,
+                request=request,
                 additional={"reason": "invalid_webauthn"},
             )
         ]
@@ -1045,6 +1050,7 @@ def test_invalid_recovery_code(
             pretend.call(
                 tag=EventTag.Account.LoginFailure,
                 ip_address=request.remote_addr,
+                request=request,
                 additional={"reason": expected_reason},
             )
         ]

tests/unit/accounts/test_services.py

@@ -49,6 +49,7 @@
 from warehouse.rate_limiting.interfaces import IRateLimiter
 
 from ...common.db.accounts import EmailFactory, UserFactory
+from ...common.db.ip_addresses import IpAddressFactory
 
 
 class TestDatabaseUserService:
@@ -440,6 +441,10 @@ def test_get_admin_user(self, user_service):
         ],
     )
     def test_disable_password(self, user_service, reason, expected):
+        request = pretend.stub(
+            remote_addr="127.0.0.1",
+            ip_address=IpAddressFactory.create(),
+        )
         user = UserFactory.create()
         user.record_event = pretend.call_recorder(lambda *a, **kw: None)
 
@@ -448,13 +453,14 @@ def test_disable_password(self, user_service, reason, expected):
         assert user.password != "!"
 
         # Now we'll actually test our disable function.
-        user_service.disable_password(user.id, reason=reason)
+        user_service.disable_password(user.id, reason=reason, request=request)
         assert user.password == "!"
 
         assert user.record_event.calls == [
             pretend.call(
                 tag=EventTag.Account.PasswordDisabled,
                 ip_address="127.0.0.1",
+                request=request,
                 additional={"reason": expected},
             )
         ]
@@ -464,19 +470,29 @@ def test_disable_password(self, user_service, reason, expected):
         [(True, None), (True, DisableReason.CompromisedPassword), (False, None)],
     )
     def test_is_disabled(self, user_service, disabled, reason):
+        request = pretend.stub(
+            remote_addr="127.0.0.1",
+            ip_address=IpAddressFactory.create(),
+        )
         user = UserFactory.create()
         user_service.update_user(user.id, password="foo")
         if disabled:
-            user_service.disable_password(user.id, reason=reason)
+            user_service.disable_password(user.id, reason=reason, request=request)
         assert user_service.is_disabled(user.id) == (disabled, reason)
 
     def test_is_disabled_user_frozen(self, user_service):
         user = UserFactory.create(is_frozen=True)
         assert user_service.is_disabled(user.id) == (True, DisableReason.AccountFrozen)
 
     def test_updating_password_undisables(self, user_service):
+        request = pretend.stub(
+            remote_addr="127.0.0.1",
+            ip_address=IpAddressFactory.create(),
+        )
         user = UserFactory.create()
-        user_service.disable_password(user.id, reason=DisableReason.CompromisedPassword)
+        user_service.disable_password(
+            user.id, reason=DisableReason.CompromisedPassword, request=request
+        )
         assert user_service.is_disabled(user.id) == (
             True,
             DisableReason.CompromisedPassword,

tests/unit/accounts/test_views.py

@@ -288,6 +288,7 @@ def test_post_validate_redirects(
             pretend.call(
                 tag=EventTag.Account.LoginSuccess,
                 ip_address=pyramid_request.remote_addr,
+                request=pyramid_request,
                 additional={"two_factor_method": None, "two_factor_label": None},
             )
         ]
@@ -351,6 +352,7 @@ def test_post_validate_no_redirects(
             pretend.call(
                 tag=EventTag.Account.LoginSuccess,
                 ip_address=pyramid_request.remote_addr,
+                request=pyramid_request,
                 additional={"two_factor_method": None, "two_factor_label": None},
             )
         ]
@@ -714,6 +716,7 @@ def test_totp_auth(
             pretend.call(
                 tag=EventTag.Account.LoginSuccess,
                 ip_address=pyramid_request.remote_addr,
+                request=pyramid_request,
                 additional={"two_factor_method": "totp", "two_factor_label": "totp"},
             )
         ]
@@ -1157,6 +1160,7 @@ def test_recovery_code_auth(self, monkeypatch, pyramid_request, redirect_url):
             pretend.call(
                 tag=EventTag.Account.LoginSuccess,
                 ip_address=pyramid_request.remote_addr,
+                request=pyramid_request,
                 additional={
                     "two_factor_method": "recovery-code",
                     "two_factor_label": None,
@@ -1165,6 +1169,7 @@ def test_recovery_code_auth(self, monkeypatch, pyramid_request, redirect_url):
             pretend.call(
                 tag=EventTag.Account.RecoveryCodesUsed,
                 ip_address=pyramid_request.remote_addr,
+                request=pyramid_request,
             ),
         ]
         assert pyramid_request.session.flash.calls == [
@@ -1411,11 +1416,13 @@ def _find_service(service=None, name=None, context=None):
             pretend.call(
                 tag=EventTag.Account.AccountCreate,
                 ip_address=db_request.remote_addr,
+                request=db_request,
                 additional={"email": "[email protected]"},
             ),
             pretend.call(
                 tag=EventTag.Account.LoginSuccess,
                 ip_address=db_request.remote_addr,
+                request=db_request,
                 additional={"two_factor_method": None, "two_factor_label": None},
             ),
         ]
@@ -1524,6 +1531,7 @@ def test_request_password_reset(
             pretend.call(
                 tag=EventTag.Account.PasswordResetRequest,
                 ip_address=pyramid_request.remote_addr,
+                request=pyramid_request,
             )
         ]
 
@@ -1588,6 +1596,7 @@ def test_request_password_reset_with_email(
             pretend.call(
                 tag=EventTag.Account.PasswordResetRequest,
                 ip_address=pyramid_request.remote_addr,
+                request=pyramid_request,
             )
         ]
         assert user_service.ratelimiters["password.reset"].test.calls == [
@@ -1663,6 +1672,7 @@ def test_request_password_reset_with_non_primary_email(
             pretend.call(
                 tag=EventTag.Account.PasswordResetRequest,
                 ip_address=pyramid_request.remote_addr,
+                request=pyramid_request,
             )
         ]
         assert user_service.ratelimiters["password.reset"].test.calls == [
@@ -1762,6 +1772,7 @@ def test_password_reset_prohibited(
             pretend.call(
                 tag=EventTag.Account.PasswordResetAttempt,
                 ip_address=pyramid_request.remote_addr,
+                request=pyramid_request,
             )
         ]
 
@@ -3569,6 +3580,7 @@ def test_add_pending_github_oidc_publisher(self, monkeypatch, db_request):
             pretend.call(
                 tag=EventTag.Account.PendingOIDCPublisherAdded,
                 ip_address="1.2.3.4",
+                request=db_request,
                 additional={
                     "project": "some-project-name",
                     "publisher": pending_publisher.publisher_name,
@@ -3802,6 +3814,7 @@ def test_delete_pending_oidc_publisher(self, monkeypatch, db_request):
             pretend.call(
                 tag=EventTag.Account.PendingOIDCPublisherRemoved,
                 ip_address="1.2.3.4",
+                request=db_request,
                 additional={
                     "project": "some-project-name",
                     "publisher": "GitHub",

tests/unit/admin/views/test_users.py

@@ -405,7 +405,9 @@ def test_resets_password(self, db_request, monkeypatch):
         db_request.user = UserFactory.create()
         service = pretend.stub(
             find_userid=pretend.call_recorder(lambda username: user.username),
-            disable_password=pretend.call_recorder(lambda userid, reason: None),
+            disable_password=pretend.call_recorder(
+                lambda userid, request, reason: None
+            ),
         )
         db_request.find_service = pretend.call_recorder(lambda iface, context: service)
 
@@ -419,7 +421,7 @@ def test_resets_password(self, db_request, monkeypatch):
         ]
         assert send_email.calls == [pretend.call(db_request, user)]
         assert service.disable_password.calls == [
-            pretend.call(user.id, reason=DisableReason.CompromisedPassword)
+            pretend.call(user.id, db_request, reason=DisableReason.CompromisedPassword)
         ]
         assert db_request.route_path.calls == [
             pretend.call("admin.user.detail", username=user.username)

tests/unit/email/test_init.py

@@ -308,10 +308,11 @@ class FakeUser:
             def __init__(self):
                 self.events = []
 
-            def record_event(self, tag, ip_address, additional):
+            def record_event(self, tag, ip_address, request=None, additional=None):
                 self.events.append(
                     {
                         "ip_address": ip_address,
+                        "request": request,
                         "tag": tag,
                         "additional": additional,
                     }
@@ -382,6 +383,7 @@ def get_user(self, user_id):
             assert user_service.user.events == [
                 {
                     "tag": "account:email:sent",
+                    "request": request,
                     "ip_address": request.remote_addr,
                     "additional": {
                         "from_": "[email protected]",

tests/unit/integration/github/test_utils.py

@@ -610,6 +610,7 @@ def metrics_increment(key):
         pretend.call(
             tag=EventTag.Account.APITokenRemovedLeak,
             ip_address=request.remote_addr,
+            request=request,
             additional={
                 "macaroon_id": "12",
                 "public_url": "http://example.com",