Make more consistent use of BLENDER_ID_ENDPOINT

Now BLENDER_ID_ENDPOINT is used for the Blender ID OAuth config, and it's directly accessed when building requests for Blender ID token validation (without using utility functions).
2018-06-22 19:38:27 +02:00
parent 58c33074c3
commit 9ee7b742ab
6 changed files with 14 additions and 32 deletions
--- a/pillar/api/blender_id.py
+++ b/pillar/api/blender_id.py
@@ -47,13 +47,6 @@ def store_subclient_token():
                    'subclient_user_id': str(db_user['_id'])}), status


-def blender_id_endpoint():
-    """Gets the endpoint for the authentication API. If the env variable
-    is defined, it's possible to override the (default) production address.
-    """
-    return current_app.config['BLENDER_ID_ENDPOINT'].rstrip('/')
-
-
 def validate_create_user(blender_id_user_id, token, oauth_subclient_id):
    """Validates a user against Blender ID, creating the user in our database.

@@ -121,13 +114,13 @@ def validate_token(user_id, token, oauth_subclient_id):
        # We only want to accept Blender Cloud tokens.
        payload['client_id'] = current_app.config['OAUTH_CREDENTIALS']['blender-id']['id']

-    url = '{0}/u/validate_token'.format(blender_id_endpoint())
+    url = '{0}/u/validate_token'.format(current_app.config['BLENDER_ID_ENDPOINT'])
    log.debug('POSTing to %r', url)

    # Retry a few times when POSTing to BlenderID fails.
    # Source: http://stackoverflow.com/a/15431343/875379
    s = requests.Session()
-    s.mount(blender_id_endpoint(), HTTPAdapter(max_retries=5))
+    s.mount(current_app.config['BLENDER_ID_ENDPOINT'], HTTPAdapter(max_retries=5))

    # POST to Blender ID, handling errors as negative verification results.
    try:
@@ -225,7 +218,7 @@ def fetch_blenderid_user() -> dict:

    my_log = log.getChild('fetch_blenderid_user')

-    bid_url = '%s/api/user' % blender_id_endpoint()
+    bid_url = '%s/api/user' % current_app.config['BLENDER_ID_ENDPOINT']
    my_log.debug('Fetching user info from %s', bid_url)

    credentials = current_app.config['OAUTH_CREDENTIALS']['blender-id']
@@ -270,7 +263,7 @@ def setup_app(app, url_prefix):
 def switch_user_url(next_url: str) -> str:
    from urllib.parse import quote

-    base_url = '%s/switch' % blender_id_endpoint()
+    base_url = '%s/switch' % current_app.config['BLENDER_ID_ENDPOINT']
    if next_url:
        return '%s?next=%s' % (base_url, quote(next_url))
    return base_url
--- a/pillar/auth/oauth.py
+++ b/pillar/auth/oauth.py
@@ -131,16 +131,15 @@ class BlenderIdSignIn(OAuthSignIn):
    def __init__(self):
        super().__init__()

-        base_url = current_app.config['OAUTH_CREDENTIALS']['blender-id'].get(
-            'base_url', 'https://www.blender.org/id/')
+        base_url = current_app.config['BLENDER_ID_ENDPOINT']

        self.service = OAuth2Service(
            name='blender-id',
            client_id=self.consumer_id,
            client_secret=self.consumer_secret,
-            authorize_url='%soauth/authorize' % base_url,
-            access_token_url='%soauth/token' % base_url,
-            base_url='%sapi/' % base_url
+            authorize_url='%s/oauth/authorize' % base_url,
+            access_token_url='%s/oauth/token' % base_url,
+            base_url='%s/api/' % base_url
        )

    def authorize(self):
--- a/pillar/config.py
+++ b/pillar/config.py
@@ -32,7 +32,7 @@ SECRET_KEY = ''
 AUTH_TOKEN_HMAC_KEY = b''

 # Authentication settings
-BLENDER_ID_ENDPOINT = 'http://blender-id:8000/'
+BLENDER_ID_ENDPOINT = 'https://id.local:8000'

 CDN_USE_URL_SIGNING = True
 CDN_SERVICE_DOMAIN_PROTOCOL = 'https'
@@ -124,9 +124,8 @@ BLENDER_ID_USER_INFO_TOKEN = '-set-in-config-local-'
 # Example entry:
 # OAUTH_CREDENTIALS = {
 #    'blender-id': {
-#        'id': 'CLOUD-OF-SNOWFLAKES-43',
+#        'id': 'CLOUD-OF-SNOWFLAKES-42',
 #        'secret': 'thesecret',
-#        'base_url': 'http://blender-id:8000/'
 #     }
 # }
 # OAuth providers are defined in pillar.auth.oauth
--- a/pillar/tests/config_testing.py
+++ b/pillar/tests/config_testing.py
@@ -1,6 +1,6 @@
 """Flask configuration file for unit testing."""

-BLENDER_ID_ENDPOINT = 'http://127.0.0.1:8001'  # nonexistant server, no trailing slash!
+BLENDER_ID_ENDPOINT = 'http://id.local:8001'  # Non existant server

 SERVER_NAME = 'localhost'
 PILLAR_SERVER_ENDPOINT = 'http://localhost/api/'
@@ -26,7 +26,6 @@ OAUTH_CREDENTIALS = {
    'blender-id': {
        'id': 'blender-id-app-id',
        'secret': 'blender-id–secret',
-        'base_url': 'http://blender-id:8000/'
    },
    'facebook': {
        'id': 'fb-app-id',
--- a/pillar/web/system_util.py
+++ b/pillar/web/system_util.py
@@ -12,14 +12,6 @@ from pillar.sdk import FlaskInternalApi
 log = logging.getLogger(__name__)


-def blender_id_endpoint():
-    """Gets the endpoint for the authentication API. If the env variable
-    is defined, it's possible to override the (default) production address.
-    """
-    return os.environ.get('BLENDER_ID_ENDPOINT',
-                          "https://www.blender.org/id").rstrip('/')
-
-
 def pillar_server_endpoint():
    """Gets the endpoint for the authentication API. If the env variable
    is defined, we will use the one from the config object.