Closed Bug 972437 Opened 10 years ago Closed 10 years ago

[IARC] Only allow a single app to be associated with a content rating

Categories

(Marketplace Graveyard :: General, defect, P1)

Product:
Marketplace Graveyard
Component:
General
Version:
Avenir
Platform:
x86
macOS
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
2014-02-25

People

(Reporter: robhudson, Assigned: robhudson)

References

Details

Each night we call IARC’s GET_RATING_CHANGES API in mkt/developers/cron.py. In its response they provide us with the submission ID and any updated ratings we should save.

We perform this query:

    app = Webapp.objects.get(iarc_info__submission_id=iarc_id)

Which assumes there’s a one-to-one relationship between the app and the IARC info. Which, should be true.

Recently via cron we received this error:

    mkt.webapps.models.MultipleObjectsReturned: get() returned more than one Webapp -- it returned 3!

So someone is re-using their certificate for multiple apps. We need to not allow this. Let's update the code when getting the IARC submission ID and secret code to check for a public app that already uses it and not allow another app to be associated with it.

For convenience we could allow it for testing if settings.IARC_ENV != 'prod'.
It'll have to be all apps that use it (i.e. all non-deleted) unless there is logic to stop apps going back to published later.  (e.g. the developer unlists the app, re-uses the code, and re-lists it)
I think this bug can be squashed in a few steps:

1. Change the IARC table to be UNIQUE on submission_id. At the moment it's UNIQUE on both (addon_id, and submission_id). Verify this works and displays a reasonable message to the developer if they try to re-use a submission ID.

2. Delete the associated IARC info when an app is deleted. This will allow devs to delete and app for whatever reason and re-use the submission ID if they submit it again. (E.g. going from hosted to packaged would be a use case for this.)
Priority: -- → P1
Assignee: nobody → kngo
Assignee: kngo → robhudson.mozbugs
https://github.com/mozilla/zamboni/commit/70cb978 

To verify:
1. Try to submit an app and re-use an IARC certificate from another app. Verify that the form shows an appropriate error message.
2. Delete the other app and try to re-use the certificate again. Verify that you can now use the certificate.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → 2014-02-25
Verified as fixed following the scenario from comment #3
Status: RESOLVED → VERIFIED
Just wanted to add Bill to this bug.  We have had some discussions about this internally at IARC/ESRB.
You need to log in before you can comment on or make changes to this bug.