From 9ee7b742abc0d0c8e8de261b2db10a652206059f Mon Sep 17 00:00:00 2001
From: Francesco Siddi <francesco.siddi@gmail.com>
Date: Fri, 22 Jun 2018 19:38:27 +0200
Subject: [PATCH] Make more consistent use of BLENDER_ID_ENDPOINT

Now BLENDER_ID_ENDPOINT is used for the Blender ID OAuth config,
and it's directly accessed when building requests for Blender ID token
validation (without using utility functions).
---
 pillar/api/blender_id.py       | 15 ++++-----------
 pillar/auth/oauth.py           |  9 ++++-----
 pillar/config.py               |  5 ++---
 pillar/tests/config_testing.py |  3 +--
 pillar/web/system_util.py      |  8 --------
 tests/test_api/test_oauth.py   |  6 +++---
 6 files changed, 14 insertions(+), 32 deletions(-)

diff --git a/pillar/api/blender_id.py b/pillar/api/blender_id.py
index a0cfdfb6..b6f11bc6 100644
--- a/pillar/api/blender_id.py
+++ b/pillar/api/blender_id.py
@@ -47,13 +47,6 @@ def store_subclient_token():
                     'subclient_user_id': str(db_user['_id'])}), status
 
 
-def blender_id_endpoint():
-    """Gets the endpoint for the authentication API. If the env variable
-    is defined, it's possible to override the (default) production address.
-    """
-    return current_app.config['BLENDER_ID_ENDPOINT'].rstrip('/')
-
-
 def validate_create_user(blender_id_user_id, token, oauth_subclient_id):
     """Validates a user against Blender ID, creating the user in our database.
 
@@ -121,13 +114,13 @@ def validate_token(user_id, token, oauth_subclient_id):
         # We only want to accept Blender Cloud tokens.
         payload['client_id'] = current_app.config['OAUTH_CREDENTIALS']['blender-id']['id']
 
-    url = '{0}/u/validate_token'.format(blender_id_endpoint())
+    url = '{0}/u/validate_token'.format(current_app.config['BLENDER_ID_ENDPOINT'])
     log.debug('POSTing to %r', url)
 
     # Retry a few times when POSTing to BlenderID fails.
     # Source: http://stackoverflow.com/a/15431343/875379
     s = requests.Session()
-    s.mount(blender_id_endpoint(), HTTPAdapter(max_retries=5))
+    s.mount(current_app.config['BLENDER_ID_ENDPOINT'], HTTPAdapter(max_retries=5))
 
     # POST to Blender ID, handling errors as negative verification results.
     try:
@@ -225,7 +218,7 @@ def fetch_blenderid_user() -> dict:
 
     my_log = log.getChild('fetch_blenderid_user')
 
-    bid_url = '%s/api/user' % blender_id_endpoint()
+    bid_url = '%s/api/user' % current_app.config['BLENDER_ID_ENDPOINT']
     my_log.debug('Fetching user info from %s', bid_url)
 
     credentials = current_app.config['OAUTH_CREDENTIALS']['blender-id']
@@ -270,7 +263,7 @@ def setup_app(app, url_prefix):
 def switch_user_url(next_url: str) -> str:
     from urllib.parse import quote
 
-    base_url = '%s/switch' % blender_id_endpoint()
+    base_url = '%s/switch' % current_app.config['BLENDER_ID_ENDPOINT']
     if next_url:
         return '%s?next=%s' % (base_url, quote(next_url))
     return base_url
diff --git a/pillar/auth/oauth.py b/pillar/auth/oauth.py
index 13be31a6..44e6c770 100644
--- a/pillar/auth/oauth.py
+++ b/pillar/auth/oauth.py
@@ -131,16 +131,15 @@ class BlenderIdSignIn(OAuthSignIn):
     def __init__(self):
         super().__init__()
 
-        base_url = current_app.config['OAUTH_CREDENTIALS']['blender-id'].get(
-            'base_url', 'https://www.blender.org/id/')
+        base_url = current_app.config['BLENDER_ID_ENDPOINT']
 
         self.service = OAuth2Service(
             name='blender-id',
             client_id=self.consumer_id,
             client_secret=self.consumer_secret,
-            authorize_url='%soauth/authorize' % base_url,
-            access_token_url='%soauth/token' % base_url,
-            base_url='%sapi/' % base_url
+            authorize_url='%s/oauth/authorize' % base_url,
+            access_token_url='%s/oauth/token' % base_url,
+            base_url='%s/api/' % base_url
         )
 
     def authorize(self):
diff --git a/pillar/config.py b/pillar/config.py
index 05b9be2a..81e8ae54 100644
--- a/pillar/config.py
+++ b/pillar/config.py
@@ -32,7 +32,7 @@ SECRET_KEY = ''
 AUTH_TOKEN_HMAC_KEY = b''
 
 # Authentication settings
-BLENDER_ID_ENDPOINT = 'http://blender-id:8000/'
+BLENDER_ID_ENDPOINT = 'https://id.local:8000'
 
 CDN_USE_URL_SIGNING = True
 CDN_SERVICE_DOMAIN_PROTOCOL = 'https'
@@ -124,9 +124,8 @@ BLENDER_ID_USER_INFO_TOKEN = '-set-in-config-local-'
 # Example entry:
 # OAUTH_CREDENTIALS = {
 #    'blender-id': {
-#        'id': 'CLOUD-OF-SNOWFLAKES-43',
+#        'id': 'CLOUD-OF-SNOWFLAKES-42',
 #        'secret': 'thesecret',
-#        'base_url': 'http://blender-id:8000/'
 #     }
 # }
 # OAuth providers are defined in pillar.auth.oauth
diff --git a/pillar/tests/config_testing.py b/pillar/tests/config_testing.py
index 2954683e..4c9d03a9 100644
--- a/pillar/tests/config_testing.py
+++ b/pillar/tests/config_testing.py
@@ -1,6 +1,6 @@
 """Flask configuration file for unit testing."""
 
-BLENDER_ID_ENDPOINT = 'http://127.0.0.1:8001'  # nonexistant server, no trailing slash!
+BLENDER_ID_ENDPOINT = 'http://id.local:8001'  # Non existant server
 
 SERVER_NAME = 'localhost'
 PILLAR_SERVER_ENDPOINT = 'http://localhost/api/'
@@ -26,7 +26,6 @@ OAUTH_CREDENTIALS = {
     'blender-id': {
         'id': 'blender-id-app-id',
         'secret': 'blender-id–secret',
-        'base_url': 'http://blender-id:8000/'
     },
     'facebook': {
         'id': 'fb-app-id',
diff --git a/pillar/web/system_util.py b/pillar/web/system_util.py
index 0999c638..7ebb813a 100644
--- a/pillar/web/system_util.py
+++ b/pillar/web/system_util.py
@@ -12,14 +12,6 @@ from pillar.sdk import FlaskInternalApi
 log = logging.getLogger(__name__)
 
 
-def blender_id_endpoint():
-    """Gets the endpoint for the authentication API. If the env variable
-    is defined, it's possible to override the (default) production address.
-    """
-    return os.environ.get('BLENDER_ID_ENDPOINT',
-                          "https://www.blender.org/id").rstrip('/')
-
-
 def pillar_server_endpoint():
     """Gets the endpoint for the authentication API. If the env variable
     is defined, we will use the one from the config object.
diff --git a/tests/test_api/test_oauth.py b/tests/test_api/test_oauth.py
index 6c5c358b..06be3c3c 100644
--- a/tests/test_api/test_oauth.py
+++ b/tests/test_api/test_oauth.py
@@ -12,7 +12,7 @@ class OAuthTests(AbstractPillarTest):
 
         oauth_provider = OAuthSignIn.get_provider('blender-id')
         self.assertIsInstance(oauth_provider, BlenderIdSignIn)
-        self.assertEqual(oauth_provider.service.base_url, 'http://blender-id:8000/api/')
+        self.assertEqual(oauth_provider.service.base_url, 'http://id.local:8001/api/')
 
     def test_provider_not_implemented(self):
         from pillar.auth.oauth import OAuthSignIn, ProviderNotImplemented
@@ -46,11 +46,11 @@ class OAuthTests(AbstractPillarTest):
     def test_provider_callback_happy(self):
         from pillar.auth.oauth import OAuthSignIn
 
-        responses.add(responses.POST, 'http://blender-id:8000/oauth/token',
+        responses.add(responses.POST, 'http://id.local:8001/oauth/token',
                       json={'access_token': 'successful-token'},
                       status=200)
 
-        responses.add(responses.GET, 'http://blender-id:8000/api/user',
+        responses.add(responses.GET, 'http://id.local:8001/api/user',
                       json={'id': '7',
                             'email': 'harry@blender.org'},
                       status=200)