Protect against identity merging during take_over

gratipay · May 11, 2016 · df1f985 · df1f985
1 parent c64b3ba
commit df1f985
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 1 deletion.
diff --git a/gratipay/models/participant/__init__.py b/gratipay/models/participant/__init__.py
@@ -1439,6 +1439,15 @@ def take_over(self, account, have_confirmation=False):
                 return
 
 
+            # Hard fail if the other participant has an identity.
+            # ===================================================
+            # Our identity system is very young. Maybe some day we'll do
+            # something smarter here.
+
+            if other.list_identity_metadata():
+                raise WontTakeOverWithIdentities()
+
+
             # Make sure we have user confirmation if needed.
             # ==============================================
             # We need confirmation in whatever combination of the following
@@ -1653,3 +1662,5 @@ class LastElsewhere(Exception): pass
 class NonexistingElsewhere(Exception): pass
 
 class TeamCantBeOnlyAuth(Exception): pass
+
+class WontTakeOverWithIdentities(Exception): pass
diff --git a/tests/py/test_participant.py b/tests/py/test_participant.py
@@ -22,7 +22,8 @@
 from gratipay.models.account_elsewhere import AccountElsewhere
 from gratipay.models.exchange_route import ExchangeRoute
 from gratipay.models.participant import (
-    LastElsewhere, NeedConfirmation, NonexistingElsewhere, Participant, TeamCantBeOnlyAuth
+    LastElsewhere, NeedConfirmation, NonexistingElsewhere, Participant, TeamCantBeOnlyAuth,
+    WontTakeOverWithIdentities
 )
 from gratipay.models.team import Team
 from gratipay.testing import Harness
@@ -192,6 +193,31 @@ def test_take_over_fails_if_it_would_result_in_just_a_team_account(self):
                      , have_confirmation=True
                       )
 
+    def test_take_over_is_fine_with_identity_info_on_primary(self):
+        TT = self.db.one("SELECT id FROM countries WHERE code='TT'")
+        alice = self.make_participant('alice')
+        alice.add_email('[email protected]')
+        alice.verify_email('[email protected]', alice.get_email('[email protected]').nonce)
+        alice.store_identity_info(TT, 'nothing-enforced', {})
+
+        bob_github = self.make_elsewhere('github', 2, 'bob')
+        bob_github.opt_in('bob')
+
+        alice.take_over(bob_github, have_confirmation=True)
+        self.db.self_check()
+
+    def test_take_over_fails_if_secondary_has_identity_info(self):
+        TT = self.db.one("SELECT id FROM countries WHERE code='TT'")
+        alice = self.make_participant('alice')
+
+        bob_github = self.make_elsewhere('github', 2, 'bob')
+        bob = bob_github.opt_in('bob')[0].participant
+        bob.add_email('[email protected]')
+        bob.verify_email('[email protected]', bob.get_email('[email protected]').nonce)
+        bob.store_identity_info(TT, 'nothing-enforced', {})
+
+        pytest.raises(WontTakeOverWithIdentities, alice.take_over, bob_github)
+
     def test_idempotent(self):
         alice_twitter = self.make_elsewhere('twitter', 1, 'alice')
         bob_github    = self.make_elsewhere('github', 2, 'bob')