Launchpad itself

Merge lp:~michael.nelson/launchpad/598464-get-or-create-in-devel into lp:launchpad

598464-get-or-create-in-devel
Merge into devel

Proposed by Michael Nelson on 2010-07-08

Status:

Merged

Approved by:

Michael Nelson on 2010-07-09

Approved revision:

no longer in the source branch.

Merged at revision:

11112

Proposed branch:

lp:~michael.nelson/launchpad/598464-get-or-create-in-devel

Merge into:

lp:launchpad

Diff against target:

853 lines (+462/-77)

14 files modified

lib/canonical/launchpad/interfaces/account.py (+13/-1)
lib/canonical/launchpad/interfaces/launchpad.py (+3/-0)
lib/canonical/launchpad/webapp/login.py (+20/-63)
lib/canonical/launchpad/webapp/tests/test_login.py (+13/-9)
lib/canonical/launchpad/xmlrpc/application.py (+6/-0)
lib/canonical/launchpad/xmlrpc/configure.zcml (+3/-0)
lib/canonical/launchpad/xmlrpc/faults.py (+11/-0)
lib/lp/registry/configure.zcml (+10/-0)
lib/lp/registry/interfaces/person.py (+58/-1)
lib/lp/registry/model/person.py (+56/-0)
lib/lp/registry/tests/test_personset.py (+92/-1)
lib/lp/registry/tests/test_xmlrpc.py (+125/-0)
lib/lp/registry/xmlrpc/softwarecenteragent.py (+47/-0)
lib/lp/testopenid/browser/server.py (+5/-2)

To merge this branch:

bzr merge lp:~michael.nelson/launchpad/598464-get-or-create-in-devel

High

Fix Released

Link a bug report

Reviewer	Review Type	Date Requested	Status
Abel Deuring (community)	code	2010-07-08	Approve on 2010-07-09
Review via email: mp+29442@code.launchpad.net

Commit message

Refactor login code that gets-or-creates an LP account based on an open_id onto IPersonSet and expose the functionality via private xml-rpc for use by the software center agent web-app.

Description of the change

Overview
========

This branch merges some approved work which didn't land on db-devel last cycle:

https://code.edge.launchpad.net/~michael.nelson/launchpad/db-598464-get-or-create-from-identity/+merge/28885
https://code.edge.launchpad.net/~michael.nelson/launchpad/db-598464-priv-xmlrpc-access-getOrCreate/+merge/29059

And cleans up by reverting some changes that had been made in the first MP above, but were unnecessary in the end (an extra registrant attribute for createPerson).

The diff of the extra changes since the last approved MP above is `bzr diff -r11095..11097`
http://pastebin.ubuntu.com/460538/

Initially the extra permissions were required as we were planning on exposing this functionality via the API, but after consideration, it was decided to expose it via private xmlrpc instead and re-use code that was already doing what we needed (but which needs to be run by anyone who logs in to LP).

Revision history for this message

Abel Deuring (adeuring) on 2010-07-09:

review: Approve (code)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Barki Mustapha

Celso Providelo

Christian Reis

Christy Awad

Colin Watson

Harpianto,ANDI

James Troup

John A Meinel

Kevin bush

Launchpad code reviewers

Launchpad code reviewers from Canonical

Matthew Tanner

Maximiliano Bertacchini

Michael Nelson

Oguz Ersoz

Simon Brakhane

Ubuntu-BR DevOps

William Grant

alhawiti

api.ng

pedro cavazos

todaioan

wenjingwen

to status/vote changes:

Tzaddi

Tzaddi Belding

 === modified file 'lib/canonical/launchpad/interfaces/account.py'
 --- lib/canonical/launchpad/interfaces/account.py	2009-12-24 11:06:04 +0000
 +++ lib/canonical/launchpad/interfaces/account.py	2010-07-08 13:40:20 +0000
@@ -8,6 +8,7 @@
  __all__ = [
      'AccountStatus',
++    'AccountSuspendedError',
      'AccountCreationRationale',
      'IAccount',
      'IAccountPrivate',
@@ -27,6 +28,10 @@
  from lazr.restful.fields import CollectionField, Reference
++class AccountSuspendedError(Exception):
++    """The account being accessed has been suspended."""
++
++
  class AccountStatus(DBEnumeratedType):
      """The status of an account."""
@@ -179,6 +184,13 @@
          commented on.
          """)
++    SOFTWARE_CENTER_PURCHASE = DBItem(16, """
++        Created by purchasing commercial software through Software Center.
++
++        A purchase of commercial software (ie. subscriptions to a private
++        and commercial archive) was made via Software Center.
++        """)
++
  class IAccountPublic(Interface):
      """Public information on an `IAccount`."""
@@ -261,7 +273,7 @@
      password = PasswordField(
          title=_("Password."), readonly=False, required=True)
--    def createPerson(self, rationale, name=None, comment=None):
++    def createPerson(rationale, name=None, comment=None):
          """Create and return a new `IPerson` associated with this account.
          :param rationale: A member of `AccountCreationRationale`.
 === modified file 'lib/canonical/launchpad/interfaces/launchpad.py'
 --- lib/canonical/launchpad/interfaces/launchpad.py	2010-06-22 17:08:23 +0000
 +++ lib/canonical/launchpad/interfaces/launchpad.py	2010-07-08 13:40:20 +0000
@@ -296,6 +296,9 @@
      bugs = Attribute("""Launchpad Bugs XML-RPC end point.""")
++    softwarecenteragent = Attribute(
++        """Software center agent XML-RPC end point.""")
++
  class IAuthServerApplication(ILaunchpadApplication):
      """Launchpad legacy AuthServer application root."""
 === modified file 'lib/canonical/launchpad/webapp/login.py'
 --- lib/canonical/launchpad/webapp/login.py	2010-05-15 17:43:59 +0000
 +++ lib/canonical/launchpad/webapp/login.py	2010-07-08 13:40:20 +0000
@@ -32,10 +32,9 @@
  from canonical.cachedproperty import cachedproperty
  from canonical.config import config
  from canonical.launchpad import _
--from canonical.launchpad.interfaces.account import AccountStatus, IAccountSet
--from canonical.launchpad.interfaces.emailaddress import IEmailAddressSet
++from canonical.launchpad.interfaces.account import AccountSuspendedError
  from canonical.launchpad.interfaces.openidconsumer import IOpenIDConsumerStore
--from lp.registry.interfaces.person import IPerson, PersonCreationRationale
++from lp.registry.interfaces.person import IPersonSet, PersonCreationRationale
  from canonical.launchpad.readonly import is_read_only
  from canonical.launchpad.webapp.dbpolicy import MasterDatabasePolicy
  from canonical.launchpad.webapp.error import SystemErrorView
@@ -199,7 +198,7 @@
          return_to = "%s?%s" % (return_to, starting_url)
          form_html = self.openid_request.htmlMarkup(trust_root, return_to)
--        # The consumer.begin() call above will insert rows into the
++        # The consumer.begin() call above will insert rows into the
          # OpenIDAssociations table, but since this will be a GET request, the
          # transaction would be rolled back, so we need an explicit commit
          # here.
@@ -278,23 +277,14 @@
              "No email address or full name found in sreg response")
          return email_address, full_name
--    def _createAccount(self, openid_identifier, email_address, full_name):
--        account, email = getUtility(IAccountSet).createAccountAndEmail(
--            email_address, PersonCreationRationale.OWNER_CREATED_LAUNCHPAD,
--            full_name, password=None, openid_identifier=openid_identifier)
--        return account
--
      def processPositiveAssertion(self):
          """Process an OpenID response containing a positive assertion.
--        We'll get the account with the given OpenID identifier (creating one
--        if it doesn't already exist) and act according to the account's state:
--          - If the account is suspended, we stop and render an error page;
--          - If the account is deactivated, we reactivate it and proceed;
--          - If the account is active, we just proceed.
++        We'll get the person and account with the given OpenID
++        identifier (creating one if necessary), and then login using
++        that account.
--        After that we ensure there's an IPerson associated with the account
--        and login using that account.
++        If the account is suspended, we stop and render an error page.
          We also update the 'last_write' key in the session if we've done any
          DB writes, to ensure subsequent requests use the master DB and see
@@ -302,56 +292,23 @@
          """
          identifier = self.openid_response.identity_url.split('/')[-1]
          should_update_last_write = False
--        email_set = getUtility(IEmailAddressSet)
          # Force the use of the master database to make sure a lagged slave
          # doesn't fool us into creating a Person/Account when one already
          # exists.
++        person_set = getUtility(IPersonSet)
++        email_address, full_name = self._getEmailAddressAndFullName()
++        try:
++            person, db_updated = person_set.getOrCreateByOpenIDIdentifier(
++                identifier, email_address, full_name,
++                comment='when logging in to Launchpad.',
++                creation_rationale=(
++                    PersonCreationRationale.OWNER_CREATED_LAUNCHPAD))
++            should_update_last_write = db_updated
++        except AccountSuspendedError:
++            return self.suspended_account_template()
++
          with MasterDatabasePolicy():
--            try:
--                account = getUtility(IAccountSet).getByOpenIDIdentifier(
--                    identifier)
--            except LookupError:
--                # The two lines below are duplicated a few more lines down,
--                # but to avoid this duplication we'd have to refactor most of
--                # our tests to provide an SREG response, which would be rather
--                # painful.
--                email_address, full_name = self._getEmailAddressAndFullName()
--                email = email_set.getByEmail(email_address)
--                if email is None:
--                    # We got an OpenID response containing a positive
--                    # assertion, but we don't have an account for the
--                    # identifier or for the email address.  We'll create one.
--                    account = self._createAccount(
--                        identifier, email_address, full_name)
--                else:
--                    account = email.account
--                    assert account is not None, (
--                        "This email address should have an associated "
--                        "account.")
--                    removeSecurityProxy(account).openid_identifier = (
--                        identifier)
--                should_update_last_write = True
--
--            if account.status == AccountStatus.SUSPENDED:
--                return self.suspended_account_template()
--            elif account.status in [AccountStatus.DEACTIVATED,
--                                    AccountStatus.NOACCOUNT]:
--                comment = 'Reactivated by the user'
--                password = '' # Needed just to please reactivate() below.
--                email_address, dummy = self._getEmailAddressAndFullName()
--                email = email_set.getByEmail(email_address)
--                if email is None:
--                    email = email_set.new(email_address, account=account)
--                removeSecurityProxy(account).reactivate(
--                    comment, password, removeSecurityProxy(email))
--            else:
--                # Account is active, so nothing to do.
--                pass
--            if IPerson(account, None) is None:
--                removeSecurityProxy(account).createPerson(
--                    PersonCreationRationale.OWNER_CREATED_LAUNCHPAD)
--                should_update_last_write = True
--            self.login(account)
++            self.login(person.account)
          if should_update_last_write:
              # This is a GET request but we changed the database, so update
 === modified file 'lib/canonical/launchpad/webapp/tests/test_login.py'
 --- lib/canonical/launchpad/webapp/tests/test_login.py	2010-04-27 15:50:02 +0000
 +++ lib/canonical/launchpad/webapp/tests/test_login.py	2010-07-08 13:40:20 +0000
@@ -111,7 +111,8 @@
              view_class=StubbedOpenIDCallbackView):
          openid_response = FakeOpenIDResponse(
              ITestOpenIDPersistentIdentity(account).openid_identity_url,
--            status=response_status, message=response_msg)
++            status=response_status, message=response_msg,
++            email='non-existent@example.com', full_name='Foo User')
          return self._createAndRenderView(
              openid_response, view_class=view_class)
@@ -140,7 +141,8 @@
          # In the common case we just login and redirect to the URL specified
          # in the 'starting_url' query arg.
          person = self.factory.makePerson()
--        view, html = self._createViewWithResponse(person.account)
++        with SRegResponse_fromSuccessResponse_stubbed():
++            view, html = self._createViewWithResponse(person.account)
          self.assertTrue(view.login_called)
          response = view.request.response
          self.assertEquals(httplib.TEMPORARY_REDIRECT, response.getStatus())
@@ -157,7 +159,8 @@
          # create one.
          account = self.factory.makeAccount('Test account')
          self.assertIs(None, IPerson(account, None))
--        view, html = self._createViewWithResponse(account)
++        with SRegResponse_fromSuccessResponse_stubbed():
++            view, html = self._createViewWithResponse(account)
          self.assertIsNot(None, IPerson(account, None))
          self.assertTrue(view.login_called)
          response = view.request.response
@@ -167,7 +170,7 @@
          # We also update the last_write flag in the session, to make sure
          # further requests use the master DB and thus see the newly created
--        # stuff.
++        # stuff.
          self.assertLastWriteIsSet(view.request)
      def test_unseen_identity(self):
@@ -196,7 +199,7 @@
          # We also update the last_write flag in the session, to make sure
          # further requests use the master DB and thus see the newly created
--        # stuff.
++        # stuff.
          self.assertLastWriteIsSet(view.request)
      def test_unseen_identity_with_registered_email(self):
@@ -230,7 +233,7 @@
          # We also update the last_write flag in the session, to make sure
          # further requests use the master DB and thus see the newly created
--        # stuff.
++        # stuff.
          self.assertLastWriteIsSet(view.request)
      def test_deactivated_account(self):
@@ -256,7 +259,7 @@
          self.assertEquals(email, account.preferredemail.email)
          # We also update the last_write flag in the session, to make sure
          # further requests use the master DB and thus see the newly created
--        # stuff.
++        # stuff.
          self.assertLastWriteIsSet(view.request)
      def test_never_used_account(self):
@@ -278,7 +281,7 @@
          self.assertEquals(email, account.preferredemail.email)
          # We also update the last_write flag in the session, to make sure
          # further requests use the master DB and thus see the newly created
--        # stuff.
++        # stuff.
          self.assertLastWriteIsSet(view.request)
      def test_suspended_account(self):
@@ -286,7 +289,8 @@
          # login, but we must not allow that.
          account = self.factory.makeAccount(
              'Test account', status=AccountStatus.SUSPENDED)
--        view, html = self._createViewWithResponse(account)
++        with SRegResponse_fromSuccessResponse_stubbed():
++            view, html = self._createViewWithResponse(account)
          self.assertFalse(view.login_called)
          main_content = extract_text(find_main_content(html))
          self.assertIn('This account has been suspended', main_content)
 === modified file 'lib/canonical/launchpad/xmlrpc/application.py'
 --- lib/canonical/launchpad/xmlrpc/application.py	2010-04-19 06:35:23 +0000
 +++ lib/canonical/launchpad/xmlrpc/application.py	2010-07-08 13:40:20 +0000
@@ -27,6 +27,7 @@
  from lp.code.interfaces.codehosting import ICodehostingApplication
  from lp.code.interfaces.codeimportscheduler import (
      ICodeImportSchedulerApplication)
++from lp.registry.interfaces.person import ISoftwareCenterAgentApplication
  from canonical.launchpad.webapp import LaunchpadXMLRPCView
@@ -58,6 +59,11 @@
          """See `IPrivateApplication`."""
          return getUtility(IPrivateMaloneApplication)
++    @property
++    def softwarecenteragent(self):
++        """See `IPrivateApplication`."""
++        return getUtility(ISoftwareCenterAgentApplication)
++
  class ISelfTest(Interface):
      """XMLRPC external interface for testing the XMLRPC external interface."""
 === modified file 'lib/canonical/launchpad/xmlrpc/configure.zcml'
 --- lib/canonical/launchpad/xmlrpc/configure.zcml	2010-04-19 23:35:41 +0000
 +++ lib/canonical/launchpad/xmlrpc/configure.zcml	2010-07-08 13:40:20 +0000
@@ -204,4 +204,7 @@
      <require like_class="xmlrpclib.Fault" />
    </class>
++  <class class="canonical.launchpad.xmlrpc.faults.AccountSuspended">
++    <require like_class="xmlrpclib.Fault" />
++  </class>
  </configure>
 === modified file 'lib/canonical/launchpad/xmlrpc/faults.py'
 --- lib/canonical/launchpad/xmlrpc/faults.py	2010-04-09 12:58:01 +0000
 +++ lib/canonical/launchpad/xmlrpc/faults.py	2010-07-08 13:40:20 +0000
@@ -450,3 +450,14 @@
      def __init__(self, job_id):
          LaunchpadFault.__init__(self, job_id=job_id)
++
++
++class AccountSuspended(LaunchpadFault):
++    """Raised by `ISoftwareCenterAgentAPI` when an account is suspended."""
++
++    error_code = 370
++    msg_template = ('The openid_identifier \'%(openid_identifier)s\''
++                    ' is linked to a suspended account.')
++
++    def __init__(self, openid_identifier):
++        LaunchpadFault.__init__(self, openid_identifier=openid_identifier)
 === modified file 'lib/lp/registry/configure.zcml'
 --- lib/lp/registry/configure.zcml	2010-06-09 08:26:26 +0000
 +++ lib/lp/registry/configure.zcml	2010-07-08 13:40:20 +0000
@@ -1006,6 +1006,16 @@
          interface="lp.registry.interfaces.mailinglist.IMailingListAPIView"
          class="canonical.launchpad.xmlrpc.MailingListAPIView"
          permission="zope.Public"/>
++    <securedutility
++        class="lp.registry.xmlrpc.softwarecenteragent.SoftwareCenterAgentApplication"
++        provides="lp.registry.interfaces.person.ISoftwareCenterAgentApplication">
++      <allow interface="lp.registry.interfaces.person.ISoftwareCenterAgentApplication" />
++    </securedutility>
++    <xmlrpc:view
++        for="lp.registry.interfaces.person.ISoftwareCenterAgentApplication"
++        interface="lp.registry.interfaces.person.ISoftwareCenterAgentAPI"
++        class="lp.registry.xmlrpc.softwarecenteragent.SoftwareCenterAgentAPI"
++        permission="zope.Public"/>
      <!-- Helper page for held message approval -->
 === modified file 'lib/lp/registry/interfaces/person.py'
 --- lib/lp/registry/interfaces/person.py	2010-06-03 14:51:07 +0000
 +++ lib/lp/registry/interfaces/person.py	2010-07-08 13:40:20 +0000
@@ -16,6 +16,8 @@
      'IPersonClaim',
      'IPersonPublic', # Required for a monkey patch in interfaces/archive.py
      'IPersonSet',
++    'ISoftwareCenterAgentAPI',
++    'ISoftwareCenterAgentApplication',
      'IPersonViewRestricted',
      'IRequestPeopleMerge',
      'ITeam',
@@ -75,7 +77,8 @@
  from canonical.launchpad.validators.email import email_validator
  from canonical.launchpad.validators.name import name_validator
  from canonical.launchpad.webapp.authorization import check_permission
--from canonical.launchpad.webapp.interfaces import NameLookupFailed
++from canonical.launchpad.webapp.interfaces import (
++    ILaunchpadApplication, NameLookupFailed)
  from lp.app.interfaces.headings import IRootContext
  from lp.blueprints.interfaces.specificationtarget import (
@@ -297,6 +300,13 @@
          commented on.
          """)
++    SOFTWARE_CENTER_PURCHASE = DBItem(16, """
++        Created by purchasing commercial software through Software Center.
++
++        A purchase of commercial software (ie. subscriptions to a private
++        and commercial archive) was made via Software Center.
++        """)
++
  class TeamMembershipRenewalPolicy(DBEnumeratedType):
      """TeamMembership Renewal Policy.
@@ -1754,6 +1764,33 @@
          on the displayname or other arguments.
          """
++    def getOrCreateByOpenIDIdentifier(openid_identifier, email,
++                                      full_name, creation_rationale, comment):
++        """Get or create a person for a given OpenID identifier.
++
++        This is used when users login. We get the account with the given
++        OpenID identifier (creating one if it doesn't already exist) and
++        act according to the account's state:
++          - If the account is suspended, we stop and raise an error.
++          - If the account is deactivated, we reactivate it and proceed;
++          - If the account is active, we just proceed.
++
++        If there is no existing Launchpad person for the account, we
++        create it.
++
++        :param openid_identifier: representing the authenticated user.
++        :param email_address: the email address of the user.
++        :param full_name: the full name of the user.
++        :param creation_rationale: When an account or person needs to
++            be created, this indicates why it was created.
++        :param comment: If the account is reactivated or person created,
++            this comment indicates why.
++        :return: a tuple of `IPerson` and a boolean indicating whether the
++            database was updated.
++        :raises AccountSuspendedError: if the account associated with the
++            identifier has been suspended.
++        """
++
      @call_with(teamowner=REQUEST_USER)
      @rename_parameters_as(
          displayname='display_name', teamdescription='team_description',
@@ -2052,6 +2089,26 @@
          required=True, vocabulary=TeamContactMethod)
++class ISoftwareCenterAgentAPI(Interface):
++    """XMLRPC API used by the software center agent."""
++
++    def getOrCreateSoftwareCenterCustomer(openid_identifier, email,
++                                          full_name):
++        """Get or create an LP person based on a given identifier.
++
++        See the method of the same name on `IPersonSet`. This XMLRPC version
++        doesn't require the creation rationale and comment.
++
++        This is added as a private XMLRPC method instead of exposing via the
++        API as it should not be needed long-term. Long term we should allow
++        the software center to create subscriptions to private PPAs without
++        requiring a Launchpad account.
++        """
++
++class ISoftwareCenterAgentApplication(ILaunchpadApplication):
++    """XMLRPC application root for ISoftwareCenterAgentAPI."""
++
++
  class JoinNotAllowed(Exception):
      """User is not allowed to join a given team."""
 === modified file 'lib/lp/registry/model/person.py'
 --- lib/lp/registry/model/person.py	2010-06-22 11:19:34 +0000
 +++ lib/lp/registry/model/person.py	2010-07-08 13:40:20 +0000
@@ -1,5 +1,6 @@
  # Copyright 2009 Canonical Ltd.  This software is licensed under the
  # GNU Affero General Public License version 3 (see the file LICENSE).
++from __future__ import with_statement
  # vars() causes W0612
  # pylint: disable-msg=E0611,W0212,W0612,C0322
@@ -61,6 +62,7 @@
  from canonical.lazr.utils import get_current_browser_request, safe_hasattr
  from canonical.launchpad.database.account import Account, AccountPassword
++from canonical.launchpad.interfaces.account import AccountSuspendedError
  from lp.bugs.model.bugtarget import HasBugsBase
  from canonical.launchpad.database.stormsugar import StartsWith
  from lp.registry.model.karma import KarmaCategory
@@ -152,6 +154,7 @@
  from canonical.launchpad.validators.email import valid_email
  from canonical.launchpad.validators.name import sanitize_name, valid_name
++from canonical.launchpad.webapp.dbpolicy import MasterDatabasePolicy
  from lp.registry.interfaces.person import validate_public_person
@@ -2429,6 +2432,59 @@
              key=lambda obj: (obj.karma, obj.displayname, obj.id),
              reverse=True)
++    def getOrCreateByOpenIDIdentifier(
++        self, openid_identifier, email_address, full_name,
++        creation_rationale, comment):
++        """See `IPersonSet`."""
++        assert email_address is not None and full_name is not None, (
++                "Both email address and full name are required to "
++                "create an account.")
++        db_updated = False
++        with MasterDatabasePolicy():
++            account_set = getUtility(IAccountSet)
++            email_set = getUtility(IEmailAddressSet)
++            email = email_set.getByEmail(email_address)
++            try:
++                account = account_set.getByOpenIDIdentifier(
++                    openid_identifier)
++            except LookupError:
++                if email is None:
++                    # There is no account associated with the identifier
++                    # nor an email associated with the email address.
++                    # We'll create one.
++                    account, email = account_set.createAccountAndEmail(
++                            email_address, creation_rationale, full_name,
++                            password=None,
++                            openid_identifier=openid_identifier)
++                else:
++                    account = email.account
++                    assert account is not None, (
++                        "This email address should have an associated "
++                        "account.")
++                    removeSecurityProxy(account).openid_identifier = (
++                        openid_identifier)
++                db_updated = True
++
++            if account.status == AccountStatus.SUSPENDED:
++                raise AccountSuspendedError(
++                    "The account matching the identifier is suspended.")
++            elif account.status in [AccountStatus.DEACTIVATED,
++                                    AccountStatus.NOACCOUNT]:
++                password = '' # Needed just to please reactivate() below.
++                if email is None:
++                    email = email_set.new(email_address, account=account)
++                removeSecurityProxy(account).reactivate(
++                    comment, password, removeSecurityProxy(email))
++            else:
++                # Account is active, so nothing to do.
++                pass
++            if IPerson(account, None) is None:
++                removeSecurityProxy(account).createPerson(
++                    creation_rationale, comment=comment)
++                db_updated = True
++
++        return IPerson(account), db_updated
++
      def newTeam(self, teamowner, name, displayname, teamdescription=None,
                  subscriptionpolicy=TeamSubscriptionPolicy.MODERATED,
                  defaultmembershipperiod=None, defaultrenewalperiod=None):
 === modified file 'lib/lp/registry/tests/test_personset.py'
 --- lib/lp/registry/tests/test_personset.py	2010-03-31 18:51:32 +0000
 +++ lib/lp/registry/tests/test_personset.py	2010-07-08 13:40:20 +0000
@@ -16,9 +16,12 @@
      MailingListAutoSubscribePolicy)
  from lp.registry.interfaces.person import (
      PersonCreationRationale, IPersonSet)
--from lp.testing import TestCaseWithFactory, login_person, logout
++from lp.testing import (
++    TestCaseWithFactory, login_person, logout)
  from canonical.database.sqlbase import cursor
++from canonical.launchpad.interfaces.account import (
++    AccountStatus, AccountSuspendedError)
  from canonical.launchpad.testing.databasehelpers import (
      remove_all_sample_data_branches)
  from canonical.testing import DatabaseFunctionalLayer
@@ -146,5 +149,93 @@
          self.assertEqual(1, self.cur.rowcount)
++class TestPersonSetGetOrCreateByOpenIDIdentifier(TestCaseWithFactory):
++
++    layer = DatabaseFunctionalLayer
++
++    def setUp(self):
++        super(TestPersonSetGetOrCreateByOpenIDIdentifier, self).setUp()
++        self.person_set = getUtility(IPersonSet)
++
++    def callGetOrCreate(self, identifier, email='a@b.com'):
++        return self.person_set.getOrCreateByOpenIDIdentifier(
++            identifier, email, "Joe Bloggs",
++            PersonCreationRationale.SOFTWARE_CENTER_PURCHASE,
++            "when purchasing an application via Software Center.")
++
++    def test_existing_person(self):
++        person = self.factory.makePerson()
++        openid_ident = removeSecurityProxy(person.account).openid_identifier
++        person_set = getUtility(IPersonSet)
++
++        result, db_updated = self.callGetOrCreate(openid_ident)
++
++        self.assertEqual(person, result)
++        self.assertFalse(db_updated)
++
++    def test_existing_account_no_person(self):
++        # A person is created with the correct rationale.
++        account = self.factory.makeAccount('purchaser')
++        openid_ident = removeSecurityProxy(account).openid_identifier
++
++        person, db_updated = self.callGetOrCreate(openid_ident)
++
++        self.assertEqual(account, person.account)
++        # The person is created with the correct rationale and creation
++        # comment.
++        self.assertEqual(
++            "when purchasing an application via Software Center.",
++            person.creation_comment)
++        self.assertEqual(
++            PersonCreationRationale.SOFTWARE_CENTER_PURCHASE,
++            person.creation_rationale)
++        self.assertTrue(db_updated)
++
++    def test_existing_deactivated_account(self):
++        # An existing deactivated account will be reactivated.
++        account = self.factory.makeAccount('purchaser',
++            status=AccountStatus.DEACTIVATED)
++        openid_ident = removeSecurityProxy(account).openid_identifier
++
++        person, db_updated = self.callGetOrCreate(openid_ident)
++        self.assertEqual(AccountStatus.ACTIVE, person.account.status)
++        self.assertTrue(db_updated)
++        self.assertEqual(
++            "when purchasing an application via Software Center.",
++            removeSecurityProxy(person.account).status_comment)
++
++    def test_existing_suspended_account(self):
++        # An existing suspended account will raise an exception.
++        account = self.factory.makeAccount('purchaser',
++            status=AccountStatus.SUSPENDED)
++        openid_ident = removeSecurityProxy(account).openid_identifier
++
++        self.assertRaises(
++            AccountSuspendedError, self.callGetOrCreate, openid_ident)
++
++    def test_no_account_or_email(self):
++        # An identifier can be used to create an account (it is assumed
++        # to be already authenticated with SSO).
++        person, db_updated = self.callGetOrCreate('openid-identifier')
++
++        self.assertEqual(
++            "openid-identifier",
++            removeSecurityProxy(person.account).openid_identifier)
++        self.assertTrue(db_updated)
++
++    def test_no_matching_account_existing_email(self):
++        # The openid_identity of the account matching the email will
++        # updated.
++        other_account = self.factory.makeAccount('test', email='a@b.com')
++
++        person, db_updated = self.callGetOrCreate(
++            'other-openid-identifier', 'a@b.com')
++
++        self.assertEqual(other_account, person.account)
++        self.assertEqual(
++            'other-openid-identifier',
++            removeSecurityProxy(person.account).openid_identifier)
++
++
  def test_suite():
      return TestLoader().loadTestsFromName(__name__)
 === added file 'lib/lp/registry/tests/test_xmlrpc.py'
 --- lib/lp/registry/tests/test_xmlrpc.py	1970-01-01 00:00:00 +0000
 +++ lib/lp/registry/tests/test_xmlrpc.py	2010-07-08 13:40:20 +0000
@@ -0,0 +1,125 @@
++# Copyright 2010 Canonical Ltd.  This software is licensed under the
++# GNU Affero General Public License version 3 (see the file LICENSE).
++
++"""Testing registry-related xmlrpc calls."""
++
++__metaclass__ = type
++
++import unittest
++import xmlrpclib
++from zope.component import getUtility
++from zope.security.proxy import removeSecurityProxy
++
++from canonical.functional import XMLRPCTestTransport
++from canonical.launchpad.interfaces import IPrivateApplication
++from canonical.launchpad.interfaces.account import AccountStatus
++from canonical.launchpad.webapp.servers import LaunchpadTestRequest
++from canonical.testing.layers import LaunchpadFunctionalLayer
++from lp.registry.interfaces.person import (
++    IPersonSet, ISoftwareCenterAgentAPI, ISoftwareCenterAgentApplication,
++    PersonCreationRationale)
++from lp.registry.xmlrpc.softwarecenteragent import SoftwareCenterAgentAPI
++from lp.testing import TestCaseWithFactory
++
++
++class TestSoftwareCenterAgentAPI(TestCaseWithFactory):
++
++    layer = LaunchpadFunctionalLayer
++
++    def setUp(self):
++        super(TestSoftwareCenterAgentAPI, self).setUp()
++        self.private_root = getUtility(IPrivateApplication)
++        self.sca_api = SoftwareCenterAgentAPI(
++            context=self.private_root.softwarecenteragent,
++            request=LaunchpadTestRequest())
++
++    def test_provides_interface(self):
++        # The view interface is provided.
++        self.assertProvides(self.sca_api, ISoftwareCenterAgentAPI)
++
++    def test_getOrCreateSoftwareCenterCustomer(self):
++        # The method returns the username of the person, and sets the
++        # correct creation rational/comment.
++        user_name = self.sca_api.getOrCreateSoftwareCenterCustomer(
++            'openid-ident', 'alice@b.com', 'Joe Blogs')
++
++        self.assertEqual('alice', user_name)
++        person = getUtility(IPersonSet).getByName(user_name)
++        self.assertEqual(
++            'openid-ident',
++            removeSecurityProxy(person.account).openid_identifier)
++        self.assertEqual(
++            PersonCreationRationale.SOFTWARE_CENTER_PURCHASE,
++            person.creation_rationale)
++        self.assertEqual(
++            "when purchasing an application via Software Center.",
++            person.creation_comment)
++
++
++class TestSoftwareCenterAgentApplication(TestCaseWithFactory):
++
++    layer = LaunchpadFunctionalLayer
++
++    def setUp(self):
++        super(TestSoftwareCenterAgentApplication, self).setUp()
++        self.private_root = getUtility(IPrivateApplication)
++        self.rpc_proxy = xmlrpclib.ServerProxy(
++            'http://xmlrpc-private.launchpad.dev:8087/softwarecenteragent',
++            transport=XMLRPCTestTransport())
++
++    def test_provides_interface(self):
++        # The application is provided.
++        self.assertProvides(
++            self.private_root.softwarecenteragent,
++            ISoftwareCenterAgentApplication)
++
++    def test_getOrCreateSoftwareCenterCustomer_xmlrpc(self):
++        # The method can be called via xmlrpc
++        user_name = self.rpc_proxy.getOrCreateSoftwareCenterCustomer(
++            'openid-ident', 'a@b.com', 'Joe Blogs')
++        person = getUtility(IPersonSet).getByName(user_name)
++        self.assertEqual(
++            'openid-ident',
++            removeSecurityProxy(person.account).openid_identifier)
++
++    def test_getOrCreateSoftwareCenterCustomer_xmlrpc_error(self):
++        # A suspended account results in an appropriate xmlrpc fault.
++        suspended_account = self.factory.makeAccount(
++            'Joe Blogs', email='a@b.com', status=AccountStatus.SUSPENDED)
++        openid_identifier = removeSecurityProxy(
++            suspended_account).openid_identifier
++
++        # assertRaises doesn't let us check the type of Fault.
++        fault_raised = False
++        try:
++            self.rpc_proxy.getOrCreateSoftwareCenterCustomer(
++                openid_identifier, 'a@b.com', 'Joe Blogs')
++        except xmlrpclib.Fault, e:
++            fault_raised = True
++            self.assertEqual(370, e.faultCode)
++            self.assertIn(openid_identifier, e.faultString)
++
++        self.assertTrue(fault_raised)
++
++    def test_not_available_on_public_api(self):
++        # The person set api is not available on the public xmlrpc
++        # service.
++        public_rpc_proxy = xmlrpclib.ServerProxy(
++            'http://test@canonical.com:test@'
++            'xmlrpc.launchpad.dev/softwarecenteragent',
++            transport=XMLRPCTestTransport())
++
++        # assertRaises doesn't let us check the type of Fault.
++        protocol_error_raised = False
++        try:
++            public_rpc_proxy.getOrCreateSoftwareCenterCustomer(
++                'openid-ident', 'a@b.com', 'Joe Blogs')
++        except xmlrpclib.ProtocolError, e:
++            protocol_error_raised = True
++            self.assertEqual(404, e.errcode)
++
++        self.assertTrue(protocol_error_raised)
++
++
++def test_suite():
++    return unittest.TestLoader().loadTestsFromName(__name__)
 === added directory 'lib/lp/registry/xmlrpc'
 === added file 'lib/lp/registry/xmlrpc/__init__.py'
 === added file 'lib/lp/registry/xmlrpc/softwarecenteragent.py'
 --- lib/lp/registry/xmlrpc/softwarecenteragent.py	1970-01-01 00:00:00 +0000
 +++ lib/lp/registry/xmlrpc/softwarecenteragent.py	2010-07-08 13:40:20 +0000
@@ -0,0 +1,47 @@
++# Copyright 2010 Canonical Ltd.  This software is licensed under the
++# GNU Affero General Public License version 3 (see the file LICENSE).
++
++"""XMLRPC APIs for person set."""
++
++__metaclass__ = type
++__all__ = [
++    'SoftwareCenterAgentAPI',
++    ]
++
++
++from zope.component import getUtility
++from zope.interface import implements
++
++from canonical.launchpad.interfaces.account import AccountSuspendedError
++from canonical.launchpad.webapp import LaunchpadXMLRPCView
++from canonical.launchpad.xmlrpc import faults
++from lp.registry.interfaces.person import (
++    IPersonSet, ISoftwareCenterAgentAPI, ISoftwareCenterAgentApplication,
++    PersonCreationRationale)
++
++
++class SoftwareCenterAgentAPI(LaunchpadXMLRPCView):
++    """See `ISoftwareCenterAgentAPI`."""
++
++    implements(ISoftwareCenterAgentAPI)
++
++    def getOrCreateSoftwareCenterCustomer(self, openid_identifier, email,
++                                      full_name):
++        try:
++            person, db_updated = getUtility(
++                IPersonSet).getOrCreateByOpenIDIdentifier(
++                    openid_identifier, email, full_name,
++                    PersonCreationRationale.SOFTWARE_CENTER_PURCHASE,
++                    "when purchasing an application via Software Center.")
++        except AccountSuspendedError:
++            return faults.AccountSuspended(openid_identifier)
++
++        return person.name
++
++
++class SoftwareCenterAgentApplication:
++    """Software center agent end-point."""
++    implements(ISoftwareCenterAgentApplication)
++
++    title = "Software Center Agent API"
++
 === modified file 'lib/lp/testopenid/browser/server.py'
 --- lib/lp/testopenid/browser/server.py	2010-05-15 17:43:59 +0000
 +++ lib/lp/testopenid/browser/server.py	2010-07-08 13:40:20 +0000
@@ -198,7 +198,10 @@
          else:
              response = self.openid_request.answer(True)
--        sreg_fields = dict(nickname=IPerson(self.account).name)
++        sreg_fields = dict(
++            nickname=IPerson(self.account).name,
++            email=self.account.preferredemail.email,
++            fullname=self.account.displayname)
          sreg_request = SRegRequest.fromOpenIDRequest(self.openid_request)
          sreg_response = SRegResponse.extractResponse(
              sreg_request, sreg_fields)
@@ -224,7 +227,7 @@
      This class implements an OpenID endpoint using the python-openid
      library.  In addition to the normal modes of operation, it also
      implements the OpenID 2.0 identifier select mode.
--
++
      Note that the checkid_immediate mode is not supported.
      """