API: validate RemoteRepository when creating a Project (#8983)

humitos · web-flow · commit 1486de267d39 · 2022-03-07T17:23:28.000-07:00
Extend `ProjectCreateSerializer` to validate if there is a `RemoteRepository`
match for the project's repository created.

If it's not found (matching `ssh_url`, `clone_url` and `html_url`) we call a
validation function that will act depending on the platform:

- community: won't raise any exception and just won't connect the `Project` to a
  `RemoteRepository`. This is the current behavior and this PR keeps it the same

- commercial: if the organization has VCS SSO enabled and we didn't find a
  `RemoteRepository` it will raise a `ValidationError` communicating the user
  that we weren't able to import the `Project`

This is the first step on making SSO UX a little nicer and avoid ending up with
disconnected `Project` -&gt; `RemoteRepository` and loosing access to them.
diff --git a/readthedocs/api/v3/serializers.py b/readthedocs/api/v3/serializers.py
@@ -3,6 +3,7 @@
 
 from django.conf import settings
 from django.contrib.auth.models import User
+from django.db.models import Q
 from django.urls import reverse
 from django.utils.translation import gettext as _
 from rest_flex_fields import FlexFieldsModelSerializer
@@ -473,6 +474,19 @@ class Meta:
             'homepage',
         )
 
+    def _validate_remote_repository(self, data):
+        """
+        Validate connection between `Project` and `RemoteRepository`.
+
+        We don't do anything in community, but we do ensure this relationship
+        is posible before creating the `Project` on commercial when the
+        organization has VCS SSO enabled.
+
+        If we cannot ensure the relationship here, this method should raise a
+        `ValidationError`.
+        """
+        pass
+
     def validate_name(self, value):
         potential_slug = slugify(value)
         if not potential_slug:
@@ -485,6 +499,36 @@ def validate_name(self, value):
             )
         return value
 
+    def validate(self, data):  # pylint: disable=arguments-differ
+        repo = data.get('repo')
+        try:
+            # We are looking for an exact match of the repository URL entered
+            # by the user and any of the known URLs (ssh, clone, html) we have
+            # in our database for this remote repository.
+            #
+            # If the `RemoteRepository` is found, we save it to link with
+            # `Project` object after performing its creating.
+            query = Q(ssh_url=repo) | Q(clone_url=repo) | Q(html_url=repo)
+            remote_repository = RemoteRepository.objects.get(query)
+            data.update({
+                'remote_repository': remote_repository,
+            })
+        except RemoteRepository.DoesNotExist:
+            self._validate_remote_repository(data)
+
+        return data
+
+    def create(self, validated_data):
+        remote_repository = validated_data.pop('remote_repository', None)
+        project = super().create(validated_data)
+
+        # Link the Project with the RemoteRepository if we found it.
+        if remote_repository:
+            project.remote_repository = remote_repository
+            project.save()
+
+        return project
+
 
 class ProjectCreateSerializer(SettingsOverrideObject):
     _default_class = ProjectCreateSerializerBase
diff --git a/readthedocs/api/v3/tests/test_projects.py b/readthedocs/api/v3/tests/test_projects.py
@@ -4,6 +4,7 @@
 from django.urls import reverse
 
 from readthedocs.projects.models import Project
+from readthedocs.oauth.models import RemoteRepository
 
 from .mixins import APIEndpointMixin
 
@@ -129,6 +130,7 @@ def test_import_project(self):
         self.assertTrue(query.exists())
 
         project = query.first()
+        self.assertIsNone(project.remote_repository)
         self.assertEqual(project.name, 'Test Project')
         self.assertEqual(project.slug, 'test-project')
         self.assertEqual(project.repo, 'https://github.com/rtfd/template')
@@ -206,6 +208,34 @@ def test_import_project_with_extra_fields(self):
         self.assertNotEqual(project.default_version, 'v1.0')
         self.assertIn(self.me, project.users.all())
 
+    def test_import_project_with_remote_repository(self):
+        remote_repository = fixture.get(
+            RemoteRepository,
+            full_name='rtfd/template',
+            clone_url='https://github.com/rtfd/template',
+            html_url='https://github.com/rtfd/template',
+            ssh_url='git@github.com:rtfd/template.git',
+        )
+
+        data = {
+            'name': 'Test Project',
+            'repository': {
+                'url': 'https://github.com/rtfd/template',
+                'type': 'git',
+            },
+        }
+
+        self.client.credentials(HTTP_AUTHORIZATION=f'Token {self.token.key}')
+        response = self.client.post(reverse('projects-list'), data)
+        self.assertEqual(response.status_code, 201)
+
+        query = Project.objects.filter(slug='test-project')
+        self.assertTrue(query.exists())
+
+        project = query.first()
+        self.assertIsNotNone(project.remote_repository)
+        self.assertEqual(project.remote_repository, remote_repository)
+
     def test_update_project(self):
         data = {
             'name': 'Updated name',
