devpi-admin 1.4.2__tar.gz → 1.4.3__tar.gz

{devpi_admin-1.4.2 → devpi_admin-1.4.3}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: devpi-admin
-Version: 1.4.2
+Version: 1.4.3
 Summary: Modern web UI plugin for devpi-server — drop-in replacement for devpi-web
 Author-email: Pavel Revak <pavelrevak@gmail.com>
 License: MIT
@@ -61,6 +61,10 @@ talks to the standard devpi JSON API directly.
   - **`Tokens`** (owner / root only) — opens the per-index unified Tokens modal with two
     sections (Admin + Devpi), shows existing tokens for this index, lets you issue new
     ones with the index pre-filled and locked
+  - **`Refresh cache`** (mirror indexes only, any authenticated user) — invalidates
+    the in-memory per-project and project-names caches; the next `+simple/<project>/`
+    query (from pip, the UI, or `devpi-client`) goes back to upstream
+    (etag-conditional, cheap)
   - **`Edit`** / **`Delete`** (owner / root)
 - Create / edit / delete indexes via modal dialogs
 - `bases` editor with drag & drop priority ordering and transitive inheritance display
@@ -597,6 +601,30 @@ Revoke a single token.
 - **200:** `{"revoked": true, "id": "abc..."}`
 - **404:** token id not found
 
+### Mirror cache
+
+#### `POST /+admin-api/mirror/{user}/{index}/refresh-cache`
+Invalidate the in-memory mirror caches so the next pip / UI / `devpi-client` request
+re-checks upstream. Lazy — no upstream fetch happens at the moment of the call; the
+re-fetch is triggered by the next `+simple/<project>/` lookup that traverses this
+mirror (etag-conditional, typically one cheap HTTP round-trip per project actually
+queried). Two caches are expired:
+
+- `cache_retrieve_times` — per-project last-fetch timestamp + etag (every tracked
+  project, in one pass)
+- `cache_projectnames` — full PyPI project-name list (refetched on the next "list all
+  projects" call)
+
+Useful when waiting for a freshly-published upstream release that's still hidden
+behind the `mirror_cache_expiry` TTL (default 30 min).
+
+- **Auth:** required (any authenticated user)
+- **Primary only:** replicas return 400 (caches are process-local; replicas sync the
+  persisted state via the changelog stream once the primary refetches)
+- **200:** `{"result": {"projects_invalidated": N, "projectnames_invalidated": true}}`
+- **400:** index is not a mirror, or the call hit a replica
+- **404:** index doesn't exist
+
 ### Replication observability (primary only)
 
 #### `GET /+admin-api/replicas`

{devpi_admin-1.4.2 → devpi_admin-1.4.3}/README.md

@@ -37,6 +37,10 @@ talks to the standard devpi JSON API directly.
   - **`Tokens`** (owner / root only) — opens the per-index unified Tokens modal with two
     sections (Admin + Devpi), shows existing tokens for this index, lets you issue new
     ones with the index pre-filled and locked
+  - **`Refresh cache`** (mirror indexes only, any authenticated user) — invalidates
+    the in-memory per-project and project-names caches; the next `+simple/<project>/`
+    query (from pip, the UI, or `devpi-client`) goes back to upstream
+    (etag-conditional, cheap)
   - **`Edit`** / **`Delete`** (owner / root)
 - Create / edit / delete indexes via modal dialogs
 - `bases` editor with drag & drop priority ordering and transitive inheritance display
@@ -573,6 +577,30 @@ Revoke a single token.
 - **200:** `{"revoked": true, "id": "abc..."}`
 - **404:** token id not found
 
+### Mirror cache
+
+#### `POST /+admin-api/mirror/{user}/{index}/refresh-cache`
+Invalidate the in-memory mirror caches so the next pip / UI / `devpi-client` request
+re-checks upstream. Lazy — no upstream fetch happens at the moment of the call; the
+re-fetch is triggered by the next `+simple/<project>/` lookup that traverses this
+mirror (etag-conditional, typically one cheap HTTP round-trip per project actually
+queried). Two caches are expired:
+
+- `cache_retrieve_times` — per-project last-fetch timestamp + etag (every tracked
+  project, in one pass)
+- `cache_projectnames` — full PyPI project-name list (refetched on the next "list all
+  projects" call)
+
+Useful when waiting for a freshly-published upstream release that's still hidden
+behind the `mirror_cache_expiry` TTL (default 30 min).
+
+- **Auth:** required (any authenticated user)
+- **Primary only:** replicas return 400 (caches are process-local; replicas sync the
+  persisted state via the changelog stream once the primary refetches)
+- **200:** `{"result": {"projects_invalidated": N, "projectnames_invalidated": true}}`
+- **400:** index is not a mirror, or the call hit a replica
+- **404:** index doesn't exist
+
 ### Replication observability (primary only)
 
 #### `GET /+admin-api/replicas`

{devpi_admin-1.4.2 → devpi_admin-1.4.3}/devpi_admin/_version.py

@@ -18,7 +18,7 @@ version_tuple: tuple[int | str, ...]
 commit_id: str | None
 __commit_id__: str | None
 
-__version__ = version = '1.4.2'
-__version_tuple__ = version_tuple = (1, 4, 2)
+__version__ = version = '1.4.3'
+__version_tuple__ = version_tuple = (1, 4, 3)
 
-__commit_id__ = commit_id = 'g1bf2e00e1'
+__commit_id__ = commit_id = 'geb4eac9d6'

{devpi_admin-1.4.2 → devpi_admin-1.4.3}/devpi_admin/main.py

@@ -255,6 +255,16 @@ def devpiserver_pyramid_configure(config, pyramid_config):
         _revoke_token_view, route_name="devpi_admin_token_revoke",
         request_method="DELETE")
 
+    # Mirror cache refresh — invalidate per-project retrieve-times and
+    # the project-names list so the next pip request re-fetches upstream.
+    pyramid_config.add_route(
+        "devpi_admin_mirror_refresh_cache",
+        "/+admin-api/mirror/{user}/{index}/refresh-cache")
+    pyramid_config.add_view(
+        _refresh_mirror_cache_view,
+        route_name="devpi_admin_mirror_refresh_cache",
+        request_method="POST")
+
     # Redirect browser visits to "/" to the SPA. Other routes (JSON API
     # calls, CLI requests) pass through untouched because they send
     # Accept: application/json.
@@ -1415,6 +1425,61 @@ def _revoke_token_view(request):
     return _json_response({"revoked": True, "id": tid})
 
 
+def _refresh_mirror_cache_view(request):
+    """POST /+admin-api/mirror/{user}/{index}/refresh-cache
+
+    Invalidate the in-memory mirror caches so the next pip request goes
+    back to upstream:
+
+    * ``cache_retrieve_times`` — per-project last-fetch timestamp + etag.
+      Expiring forces a conditional GET on the next ``+simple/<project>/``
+      lookup; etag match still reuses the persisted ``PROJSIMPLELINKS``
+      keyfs entry, so the only cost is one HTTP round-trip per project
+      that pip actually queries (we don't pre-fetch).
+    * ``cache_projectnames`` — full PyPI manifest. Expiring forces the
+      next "list all projects" call to refetch (rare path — mostly used
+      by ``pip install <unknown>`` to discover the project exists).
+
+    Caches are process-local: this only works on the primary (the
+    replica's local cache is meaningless to invalidate, and replicas
+    sync persisted state via the changelog stream). Any authenticated
+    user may trigger the refresh — anonymous spam is blocked by auth,
+    upstream-side abuse is bounded by mirror semantics (etag-conditional
+    requests dominate).
+    """
+    xom = request.registry["xom"]
+    _refuse_on_replica(xom)
+    _require_authenticated(request)
+    user = request.matchdict["user"]
+    index = request.matchdict["index"]
+    _validate_name(user, "user")
+    _validate_name(index, "index")
+    with xom.keyfs.read_transaction(allow_reuse=True):
+        stage = xom.model.getstage(user, index)
+        if stage is None:
+            raise HTTPNotFound(
+                json_body={"error": f"index {user}/{index} does not exist"})
+        if stage.ixconfig.get("type") != "mirror":
+            raise HTTPBadRequest(json_body={
+                "error": "cache refresh applies to mirror indexes only"})
+    # `_project2time` is the per-xom singleton dict that backs the
+    # per-project cache; iterating its keys lets us expire only entries
+    # devpi has actually populated. The public `expire(project)` API is
+    # safe for non-tracked projects too (it's pop-with-default), so we
+    # don't need to special-case empty caches.
+    crt = stage.cache_retrieve_times
+    projects = list(getattr(crt, "_project2time", {}).keys())
+    for project in projects:
+        crt.expire(project)
+    stage.cache_projectnames.expire()
+    return _json_response({
+        "result": {
+            "projects_invalidated": len(projects),
+            "projectnames_invalidated": True,
+        },
+    })
+
+
 def _reset_tokens_view(request):
     """DELETE /+admin-api/users/{user}/tokens — revoke all for a user."""
     xom = request.registry["xom"]

{devpi_admin-1.4.2 → devpi_admin-1.4.3}/devpi_admin/static/css/style.css

@@ -428,7 +428,7 @@ body {
 
 .index-grid {
     display: grid;
-    grid-template-columns: repeat(auto-fill, minmax(280px, 1fr));
+    grid-template-columns: repeat(auto-fill, minmax(320px, 1fr));
     gap: 12px;
 }
 
@@ -461,10 +461,19 @@ body {
     gap: 8px;
 }
 
+.index-card-path {
+    display: flex;
+    align-items: baseline;
+    gap: 2px;
+    min-width: 0;
+    flex: 1 1 auto;
+}
+
 .index-card-tags {
     display: flex;
     gap: 4px;
     margin-left: auto;
+    flex-shrink: 0;
 }
 
 .index-card-owner {
@@ -481,7 +490,7 @@ body {
 .index-card-sep {
     font-size: 16px;
     color: var(--text-faint);
-    margin: 0 1px;
+    margin: 0;
 }
 
 .index-card-name {
@@ -1088,6 +1097,44 @@ body {
     color: var(--tag-text);
 }
 
+/* Compact single-letter variant used in index-card heads where the
+   full word (mirror/stage/volatile/...) would push the kebab off the
+   row in narrow grid columns. Hover tooltip (data-tooltip) carries
+   the long form — uses a CSS pseudo so it appears instantly instead
+   of waiting for the browser's native title delay. */
+.tag-letter {
+    padding: 1px 6px;
+    font-size: 11px;
+    font-weight: 700;
+    font-family: var(--mono, ui-monospace, monospace);
+    min-width: 18px;
+    text-align: center;
+    position: relative;
+}
+
+.tag-letter[data-tooltip]:hover::after,
+.tag-letter[data-tooltip]:focus-visible::after {
+    content: attr(data-tooltip);
+    position: absolute;
+    bottom: calc(100% + 6px);
+    left: 50%;
+    transform: translateX(-50%);
+    background: var(--bg-surface);
+    color: var(--text);
+    border: 1px solid var(--border);
+    box-shadow: 0 4px 12px rgba(0, 0, 0, 0.18);
+    padding: 5px 8px;
+    border-radius: 4px;
+    font-size: 12px;
+    font-weight: 400;
+    font-family: inherit;
+    white-space: normal;
+    max-width: 260px;
+    width: max-content;
+    z-index: 100;
+    pointer-events: none;
+}
+
 .tag-volatile {
     background: #fef3c7;
     color: #92400e;

{devpi_admin-1.4.2 → devpi_admin-1.4.3}/devpi_admin/static/js/app.js

@@ -2421,7 +2421,13 @@
                 closeModal();
                 updateAuthUI();
                 navigate();
-                _triggerPasswordSave(user, pass);
+                // Preserve the current hash through the PRG redirect that
+                // form.submit() to /+admin triggers — otherwise the
+                // browser lands on /+admin/ with no fragment and the
+                // user's original deep link (or the page they were on
+                // when the session expired) is lost.
+                var currentHash = (window.location.hash || '').replace(/^#/, '');
+                _triggerPasswordSave(user, pass, currentHash);
             })
             .catch(showModalError);
     }
@@ -2825,47 +2831,61 @@
 
                 // Card header: name + type badge
                 var cardHead = el('div', {className: 'index-card-head'});
-                cardHead.appendChild(el('a', {
+                // Path container groups owner / sep / name so the only
+                // wide flex gap in the head is between path, tags, and
+                // kebab — the separator hugs both sides like a real
+                // filesystem path.
+                var pathWrap = el('div', {className: 'index-card-path'});
+                pathWrap.appendChild(el('a', {
                     href: '#indexes/' + idx._user,
                     className: 'index-card-owner',
                     textContent: idx._user,
                 }));
-                cardHead.appendChild(el('span', {
+                pathWrap.appendChild(el('span', {
                     className: 'index-card-sep',
                     textContent: '/',
                 }));
-                cardHead.appendChild(el('a', {
+                pathWrap.appendChild(el('a', {
                     href: '#packages/' + idx._full,
                     className: 'index-card-name',
                     textContent: idx._name,
                 }));
+                cardHead.appendChild(pathWrap);
+                // Type / state badges. Single-letter labels (M/S/V/W/N)
+                // keep multi-badge headers from wrapping in tight grids;
+                // `title` exposes the full word on hover for clarity.
                 var tagGroup = el('div', {className: 'index-card-tags'});
                 tagGroup.appendChild(el('span', {
-                    className: 'tag' + (isMirror ? ' tag-mirror' : ' tag-stage'),
-                    textContent: idx.type || 'stage',
+                    className: 'tag tag-letter'
+                        + (isMirror ? ' tag-mirror' : ' tag-stage'),
+                    textContent: isMirror ? 'M' : 'S',
+                    'data-tooltip': idx.type || 'stage',
                 }));
                 if (!isMirror && idx.volatile) {
                     tagGroup.appendChild(el('span', {
-                        className: 'tag tag-volatile',
-                        textContent: 'volatile',
+                        className: 'tag tag-letter tag-volatile',
+                        textContent: 'V',
+                        'data-tooltip': 'volatile — uploads may overwrite '
+                            + 'existing versions',
                     }));
                 }
                 if (!isMirror && isAnonymousAclUpload(idx.acl_upload)) {
                     tagGroup.appendChild(el('span', {
-                        className: 'tag tag-world-writable',
-                        textContent: 'world-writable',
-                        title: 'acl_upload contains :ANONYMOUS: — anyone, '
-                            + 'including unauthenticated callers, can '
-                            + 'publish packages to this index.',
+                        className: 'tag tag-letter tag-world-writable',
+                        textContent: 'W',
+                        'data-tooltip': 'world-writable — acl_upload '
+                            + 'contains :ANONYMOUS:; anyone (including '
+                            + 'unauthenticated callers) can publish to '
+                            + 'this index.',
                     }));
                 } else if (!isMirror && isUploadFrozen(idx.acl_upload)) {
                     tagGroup.appendChild(el('span', {
-                        className: 'tag tag-no-upload',
-                        textContent: 'no upload',
-                        title: 'acl_upload is empty — nobody can publish '
-                            + 'to this index, not even the owner or root. '
-                            + 'Add a principal to acl_upload to enable '
-                            + 'uploads.',
+                        className: 'tag tag-letter tag-no-upload',
+                        textContent: 'N',
+                        'data-tooltip': 'no upload — acl_upload is empty; '
+                            + 'nobody can publish to this index, not even '
+                            + 'the owner or root. Add a principal to '
+                            + 'acl_upload to enable uploads.',
                     }));
                 }
                 cardHead.appendChild(tagGroup);
@@ -2959,6 +2979,22 @@
                         });
                     })(idx);
                 }
+                // Mirror-only: any authenticated user may trigger an
+                // upstream re-fetch (etag-conditional, low cost). Useful
+                // when waiting for a freshly-published upstream release
+                // that's hidden behind the `mirror_cache_expiry` TTL.
+                if (isMirror && loggedIn) {
+                    (function (idxRef) {
+                        menuItems.push({
+                            label: 'Refresh cache',
+                            onclick: function () {
+                                closeAllKebabs();
+                                refreshMirrorCache(
+                                    idxRef._user, idxRef._name);
+                            },
+                        });
+                    })(idx);
+                }
                 if (menuItems.length) {
                     cardHead.appendChild(buildKebabMenu(menuItems));
                 }
@@ -3223,6 +3259,51 @@
             .catch(handleApiError);
     }
 
+    function refreshMirrorCache(user, index) {
+        // Non-destructive: just bumps the upstream-fetch clocks. Skip
+        // the confirm dialog; show a small result modal so the user
+        // knows whether the request reached the primary.
+        Api.post(
+            '/+admin-api/mirror/'
+                + encodeURIComponent(user) + '/'
+                + encodeURIComponent(index) + '/refresh-cache',
+            {})
+            .then(function (data) {
+                var r = (data && data.result) || {};
+                var count = r.projects_invalidated;
+                openModal('Cache refreshed', function (body) {
+                    body.appendChild(el('p', {
+                        textContent: 'Mirror "' + user + '/' + index
+                            + '" cache invalidated. '
+                            + count + ' project'
+                            + (count === 1 ? '' : 's')
+                            + ' will re-check upstream on next access.',
+                    }));
+                    body.appendChild(el('p', {
+                        className: 'note',
+                        textContent: 'Note: cache is process-local; '
+                            + 'replicas will sync once the primary refetches.',
+                    }));
+                }, [el('button', {
+                    className: 'btn btn-primary',
+                    textContent: 'OK',
+                    onclick: closeModal,
+                })]);
+            })
+            .catch(function (err) {
+                openModal('Cache refresh failed', function (body) {
+                    body.appendChild(el('p', {
+                        className: 'error',
+                        textContent: (err && err.message) || String(err),
+                    }));
+                }, [el('button', {
+                    className: 'btn btn-primary',
+                    textContent: 'Close',
+                    onclick: closeModal,
+                })]);
+            });
+    }
+
     // ========== PACKAGES ==========
 
     var PKG_LIMIT = 100;

{devpi_admin-1.4.2 → devpi_admin-1.4.3}/devpi_admin.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: devpi-admin
-Version: 1.4.2
+Version: 1.4.3
 Summary: Modern web UI plugin for devpi-server — drop-in replacement for devpi-web
 Author-email: Pavel Revak <pavelrevak@gmail.com>
 License: MIT
@@ -61,6 +61,10 @@ talks to the standard devpi JSON API directly.
   - **`Tokens`** (owner / root only) — opens the per-index unified Tokens modal with two
     sections (Admin + Devpi), shows existing tokens for this index, lets you issue new
     ones with the index pre-filled and locked
+  - **`Refresh cache`** (mirror indexes only, any authenticated user) — invalidates
+    the in-memory per-project and project-names caches; the next `+simple/<project>/`
+    query (from pip, the UI, or `devpi-client`) goes back to upstream
+    (etag-conditional, cheap)
   - **`Edit`** / **`Delete`** (owner / root)
 - Create / edit / delete indexes via modal dialogs
 - `bases` editor with drag & drop priority ordering and transitive inheritance display
@@ -597,6 +601,30 @@ Revoke a single token.
 - **200:** `{"revoked": true, "id": "abc..."}`
 - **404:** token id not found
 
+### Mirror cache
+
+#### `POST /+admin-api/mirror/{user}/{index}/refresh-cache`
+Invalidate the in-memory mirror caches so the next pip / UI / `devpi-client` request
+re-checks upstream. Lazy — no upstream fetch happens at the moment of the call; the
+re-fetch is triggered by the next `+simple/<project>/` lookup that traverses this
+mirror (etag-conditional, typically one cheap HTTP round-trip per project actually
+queried). Two caches are expired:
+
+- `cache_retrieve_times` — per-project last-fetch timestamp + etag (every tracked
+  project, in one pass)
+- `cache_projectnames` — full PyPI project-name list (refetched on the next "list all
+  projects" call)
+
+Useful when waiting for a freshly-published upstream release that's still hidden
+behind the `mirror_cache_expiry` TTL (default 30 min).
+
+- **Auth:** required (any authenticated user)
+- **Primary only:** replicas return 400 (caches are process-local; replicas sync the
+  persisted state via the changelog stream once the primary refetches)
+- **200:** `{"result": {"projects_invalidated": N, "projectnames_invalidated": true}}`
+- **400:** index is not a mirror, or the call hit a replica
+- **404:** index doesn't exist
+
 ### Replication observability (primary only)
 
 #### `GET /+admin-api/replicas`

devpi_admin-1.4.3/tests/test_view_helpers.py

@@ -0,0 +1,151 @@
+"""Tests for view-layer helpers (_get_stage_or_404, _check_read_access)."""
+import json
+import unittest
+from unittest.mock import MagicMock, patch
+
+from pyramid.httpexceptions import HTTPBadRequest, HTTPForbidden, HTTPNotFound
+
+from devpi_admin.main import (
+    _check_read_access, _get_stage_or_404, _refresh_mirror_cache_view,
+    _serve_index)
+
+
+class GetStageOr404Tests(unittest.TestCase):
+
+    def test_returns_stage(self):
+        xom = MagicMock()
+        stage = MagicMock()
+        xom.model.getstage.return_value = stage
+        self.assertIs(_get_stage_or_404(xom, "alice", "dev"), stage)
+
+    def test_raises_404_when_missing(self):
+        xom = MagicMock()
+        xom.model.getstage.return_value = None
+        with self.assertRaises(HTTPNotFound):
+            _get_stage_or_404(xom, "ghost", "ix")
+
+
+class CheckReadAccessTests(unittest.TestCase):
+
+    def _make(self, allow, auth_user):
+        req = MagicMock()
+        req.has_permission.return_value = allow
+        req.authenticated_userid = auth_user
+        return req
+
+    def test_allowed_returns_none(self):
+        # Should silently pass — no exception, no return value relied upon.
+        self.assertIsNone(
+            _check_read_access(self._make(True, "alice"), MagicMock()))
+
+    def test_denied_anonymous_gets_403(self):
+        # Anonymous denial returns 403 so devpi-cli / pip can retry with auth.
+        with self.assertRaises(HTTPForbidden):
+            _check_read_access(self._make(False, None), MagicMock())
+
+    def test_denied_authenticated_gets_404(self):
+        # Authenticated user without read access gets 404 — hides the
+        # existence of the private index.
+        with self.assertRaises(HTTPNotFound):
+            _check_read_access(self._make(False, "bob"), MagicMock())
+
+
+class ServeIndexTests(unittest.TestCase):
+
+    def _serve(self):
+        # FileResponse needs a real file on disk; STATIC_DIR/index.html
+        # is bundled and exists in test runs (verified by test_package).
+        request = MagicMock()
+        return _serve_index(request)
+
+    def test_csp_header_present(self):
+        resp = self._serve()
+        csp = resp.headers.get("Content-Security-Policy", "")
+        self.assertIn("default-src 'self'", csp)
+        self.assertIn("frame-ancestors 'none'", csp)
+        self.assertIn("script-src 'self'", csp)
+        # inline script must NOT be allowed
+        self.assertNotIn("'unsafe-inline'", csp.split("script-src")[1].split(";")[0])
+
+    def test_csp_allows_pypi_for_readme_fallback(self):
+        resp = self._serve()
+        csp = resp.headers.get("Content-Security-Policy", "")
+        self.assertIn("https://pypi.org", csp)
+
+    def test_security_headers_present(self):
+        resp = self._serve()
+        self.assertEqual(resp.headers.get("X-Content-Type-Options"), "nosniff")
+        self.assertEqual(resp.headers.get("Referrer-Policy"), "no-referrer")
+
+
+class RefreshMirrorCacheViewTests(unittest.TestCase):
+
+    def _stub_xom(self, stage=None, is_replica=False):
+        xom = MagicMock()
+        xom.config.role = "replica" if is_replica else "primary"
+        xom.model.getstage.return_value = stage
+        ctx = MagicMock()
+        ctx.__enter__ = MagicMock(return_value=ctx)
+        ctx.__exit__ = MagicMock(return_value=False)
+        xom.keyfs.read_transaction.return_value = ctx
+        return xom
+
+    def _stub_mirror_stage(self, tracked_projects=("setuptools", "pip")):
+        stage = MagicMock()
+        stage.ixconfig = {"type": "mirror"}
+        stage.cache_retrieve_times._project2time = {
+            p: (1.0, None) for p in tracked_projects}
+        stage.cache_retrieve_times.expire = MagicMock()
+        stage.cache_projectnames.expire = MagicMock()
+        return stage
+
+    def _make(self, xom, user="root", index="pypi", auth_user="alice"):
+        req = MagicMock()
+        req.registry = {"xom": xom}
+        req.matchdict = {"user": user, "index": index}
+        req.authenticated_userid = auth_user
+        return req
+
+    def test_expires_all_tracked_projects_and_projectnames(self):
+        stage = self._stub_mirror_stage(("setuptools", "pip", "wheel"))
+        xom = self._stub_xom(stage=stage)
+        with patch("devpi_admin.main._is_replica", return_value=False):
+            resp = _refresh_mirror_cache_view(self._make(xom))
+        body = json.loads(resp.body)
+        self.assertEqual(body["result"]["projects_invalidated"], 3)
+        self.assertTrue(body["result"]["projectnames_invalidated"])
+        # Every tracked project must have been expired exactly once;
+        # the project-names cache must be expired regardless.
+        self.assertEqual(stage.cache_retrieve_times.expire.call_count, 3)
+        stage.cache_projectnames.expire.assert_called_once_with()
+
+    def test_404_when_index_missing(self):
+        xom = self._stub_xom(stage=None)
+        with patch("devpi_admin.main._is_replica", return_value=False):
+            with self.assertRaises(HTTPNotFound):
+                _refresh_mirror_cache_view(self._make(xom))
+
+    def test_400_when_index_is_not_mirror(self):
+        stage = MagicMock()
+        stage.ixconfig = {"type": "stage"}
+        xom = self._stub_xom(stage=stage)
+        with patch("devpi_admin.main._is_replica", return_value=False):
+            with self.assertRaises(HTTPBadRequest):
+                _refresh_mirror_cache_view(self._make(xom))
+
+    def test_replica_refuses(self):
+        xom = self._stub_xom(stage=self._stub_mirror_stage())
+        with patch("devpi_admin.main._is_replica", return_value=True):
+            with self.assertRaises(HTTPBadRequest):
+                _refresh_mirror_cache_view(self._make(xom))
+
+    def test_unauthenticated_blocked(self):
+        xom = self._stub_xom(stage=self._stub_mirror_stage())
+        with patch("devpi_admin.main._is_replica", return_value=False):
+            with self.assertRaises(HTTPForbidden):
+                _refresh_mirror_cache_view(
+                    self._make(xom, auth_user=None))
+
+
+if __name__ == "__main__":
+    unittest.main()

devpi_admin-1.4.2/tests/test_view_helpers.py

@@ -1,79 +0,0 @@
-"""Tests for view-layer helpers (_get_stage_or_404, _check_read_access)."""
-import unittest
-from unittest.mock import MagicMock, patch
-
-from pyramid.httpexceptions import HTTPForbidden, HTTPNotFound
-
-from devpi_admin.main import _check_read_access, _get_stage_or_404, _serve_index
-
-
-class GetStageOr404Tests(unittest.TestCase):
-
-    def test_returns_stage(self):
-        xom = MagicMock()
-        stage = MagicMock()
-        xom.model.getstage.return_value = stage
-        self.assertIs(_get_stage_or_404(xom, "alice", "dev"), stage)
-
-    def test_raises_404_when_missing(self):
-        xom = MagicMock()
-        xom.model.getstage.return_value = None
-        with self.assertRaises(HTTPNotFound):
-            _get_stage_or_404(xom, "ghost", "ix")
-
-
-class CheckReadAccessTests(unittest.TestCase):
-
-    def _make(self, allow, auth_user):
-        req = MagicMock()
-        req.has_permission.return_value = allow
-        req.authenticated_userid = auth_user
-        return req
-
-    def test_allowed_returns_none(self):
-        # Should silently pass — no exception, no return value relied upon.
-        self.assertIsNone(
-            _check_read_access(self._make(True, "alice"), MagicMock()))
-
-    def test_denied_anonymous_gets_403(self):
-        # Anonymous denial returns 403 so devpi-cli / pip can retry with auth.
-        with self.assertRaises(HTTPForbidden):
-            _check_read_access(self._make(False, None), MagicMock())
-
-    def test_denied_authenticated_gets_404(self):
-        # Authenticated user without read access gets 404 — hides the
-        # existence of the private index.
-        with self.assertRaises(HTTPNotFound):
-            _check_read_access(self._make(False, "bob"), MagicMock())
-
-
-class ServeIndexTests(unittest.TestCase):
-
-    def _serve(self):
-        # FileResponse needs a real file on disk; STATIC_DIR/index.html
-        # is bundled and exists in test runs (verified by test_package).
-        request = MagicMock()
-        return _serve_index(request)
-
-    def test_csp_header_present(self):
-        resp = self._serve()
-        csp = resp.headers.get("Content-Security-Policy", "")
-        self.assertIn("default-src 'self'", csp)
-        self.assertIn("frame-ancestors 'none'", csp)
-        self.assertIn("script-src 'self'", csp)
-        # inline script must NOT be allowed
-        self.assertNotIn("'unsafe-inline'", csp.split("script-src")[1].split(";")[0])
-
-    def test_csp_allows_pypi_for_readme_fallback(self):
-        resp = self._serve()
-        csp = resp.headers.get("Content-Security-Policy", "")
-        self.assertIn("https://pypi.org", csp)
-
-    def test_security_headers_present(self):
-        resp = self._serve()
-        self.assertEqual(resp.headers.get("X-Content-Type-Options"), "nosniff")
-        self.assertEqual(resp.headers.get("Referrer-Policy"), "no-referrer")
-
-
-if __name__ == "__main__":
-    unittest.main()