archive/pillar
0
0
Fork 0
Code Issues 42 Pull Requests Projects Releases Wiki Activity

Make more consistent use of BLENDER_ID_ENDPOINT

Browse Source 
Now BLENDER_ID_ENDPOINT is used for the Blender ID OAuth config,
and it's directly accessed when building requests for Blender ID token
validation (without using utility functions).
This commit is contained in:
Francesco Siddi 2018-06-22 19:38:27 +02:00
parent 58c33074c3
commit 9ee7b742ab
6 changed files with 14 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
pillar/api/blender_id.py
View File

@ -47,13 +47,6 @@ def store_subclient_token():
'subclient_user_id': str(db_user['_id'])}), status 'subclient_user_id': str(db_user['_id'])}), status
def blender_id_endpoint():
"""Gets the endpoint for the authentication API. If the env variable
is defined, it's possible to override the (default) production address.
"""
return current_app.config['BLENDER_ID_ENDPOINT'].rstrip('/')
def validate_create_user(blender_id_user_id, token, oauth_subclient_id): def validate_create_user(blender_id_user_id, token, oauth_subclient_id):
"""Validates a user against Blender ID, creating the user in our database. """Validates a user against Blender ID, creating the user in our database.
@ -121,13 +114,13 @@ def validate_token(user_id, token, oauth_subclient_id):
# We only want to accept Blender Cloud tokens. # We only want to accept Blender Cloud tokens.
payload['client_id'] = current_app.config['OAUTH_CREDENTIALS']['blender-id']['id'] payload['client_id'] = current_app.config['OAUTH_CREDENTIALS']['blender-id']['id']
url = '{0}/u/validate_token'.format(blender_id_endpoint()) url = '{0}/u/validate_token'.format(current_app.config['BLENDER_ID_ENDPOINT'])
log.debug('POSTing to %r', url) log.debug('POSTing to %r', url)
# Retry a few times when POSTing to BlenderID fails. # Retry a few times when POSTing to BlenderID fails.
# Source: http://stackoverflow.com/a/15431343/875379 # Source: http://stackoverflow.com/a/15431343/875379
s = requests.Session() s = requests.Session()
s.mount(blender_id_endpoint(), HTTPAdapter(max_retries=5)) s.mount(current_app.config['BLENDER_ID_ENDPOINT'], HTTPAdapter(max_retries=5))
# POST to Blender ID, handling errors as negative verification results. # POST to Blender ID, handling errors as negative verification results.
try: try:
@ -225,7 +218,7 @@ def fetch_blenderid_user() -> dict:
my_log = log.getChild('fetch_blenderid_user') my_log = log.getChild('fetch_blenderid_user')
bid_url = '%s/api/user' % blender_id_endpoint() bid_url = '%s/api/user' % current_app.config['BLENDER_ID_ENDPOINT']
my_log.debug('Fetching user info from %s', bid_url) my_log.debug('Fetching user info from %s', bid_url)
credentials = current_app.config['OAUTH_CREDENTIALS']['blender-id'] credentials = current_app.config['OAUTH_CREDENTIALS']['blender-id']
@ -270,7 +263,7 @@ def setup_app(app, url_prefix):
def switch_user_url(next_url: str) -> str: def switch_user_url(next_url: str) -> str:
from urllib.parse import quote from urllib.parse import quote
base_url = '%s/switch' % blender_id_endpoint() base_url = '%s/switch' % current_app.config['BLENDER_ID_ENDPOINT']
if next_url: if next_url:
return '%s?next=%s' % (base_url, quote(next_url)) return '%s?next=%s' % (base_url, quote(next_url))
return base_url return base_url

9
pillar/auth/oauth.py
View File

@ -131,16 +131,15 @@ class BlenderIdSignIn(OAuthSignIn):
def __init__(self): def __init__(self):
super().__init__() super().__init__()
base_url = current_app.config['OAUTH_CREDENTIALS']['blender-id'].get( base_url = current_app.config['BLENDER_ID_ENDPOINT']
'base_url', 'https://www.blender.org/id/')
self.service = OAuth2Service( self.service = OAuth2Service(
name='blender-id', name='blender-id',
client_id=self.consumer_id, client_id=self.consumer_id,
client_secret=self.consumer_secret, client_secret=self.consumer_secret,
authorize_url='%soauth/authorize' % base_url, authorize_url='%s/oauth/authorize' % base_url,
access_token_url='%soauth/token' % base_url, access_token_url='%s/oauth/token' % base_url,
base_url='%sapi/' % base_url base_url='%s/api/' % base_url
) )
def authorize(self): def authorize(self):

5
pillar/config.py
View File

@ -32,7 +32,7 @@ SECRET_KEY = ''
AUTH_TOKEN_HMAC_KEY = b'' AUTH_TOKEN_HMAC_KEY = b''
# Authentication settings # Authentication settings
BLENDER_ID_ENDPOINT = 'http://blender-id:8000/' BLENDER_ID_ENDPOINT = 'https://id.local:8000'
CDN_USE_URL_SIGNING = True CDN_USE_URL_SIGNING = True
CDN_SERVICE_DOMAIN_PROTOCOL = 'https' CDN_SERVICE_DOMAIN_PROTOCOL = 'https'
@ -124,9 +124,8 @@ BLENDER_ID_USER_INFO_TOKEN = '-set-in-config-local-'
# Example entry: # Example entry:
# OAUTH_CREDENTIALS = { # OAUTH_CREDENTIALS = {
# 'blender-id': { # 'blender-id': {
# 'id': 'CLOUD-OF-SNOWFLAKES-43', # 'id': 'CLOUD-OF-SNOWFLAKES-42',
# 'secret': 'thesecret', # 'secret': 'thesecret',
# 'base_url': 'http://blender-id:8000/'
# } # }
# } # }
# OAuth providers are defined in pillar.auth.oauth # OAuth providers are defined in pillar.auth.oauth

3
pillar/tests/config_testing.py
View File

@ -1,6 +1,6 @@
"""Flask configuration file for unit testing.""" """Flask configuration file for unit testing."""
BLENDER_ID_ENDPOINT = 'http://127.0.0.1:8001' # nonexistant server, no trailing slash! BLENDER_ID_ENDPOINT = 'http://id.local:8001' # Non existant server
SERVER_NAME = 'localhost' SERVER_NAME = 'localhost'
PILLAR_SERVER_ENDPOINT = 'http://localhost/api/' PILLAR_SERVER_ENDPOINT = 'http://localhost/api/'
@ -26,7 +26,6 @@ OAUTH_CREDENTIALS = {
'blender-id': { 'blender-id': {
'id': 'blender-id-app-id', 'id': 'blender-id-app-id',
'secret': 'blender-idsecret', 'secret': 'blender-idsecret',
'base_url': 'http://blender-id:8000/'
}, },
'facebook': { 'facebook': {
'id': 'fb-app-id', 'id': 'fb-app-id',

8
pillar/web/system_util.py
View File

@ -12,14 +12,6 @@ from pillar.sdk import FlaskInternalApi
log = logging.getLogger(__name__) log = logging.getLogger(__name__)
def blender_id_endpoint():
"""Gets the endpoint for the authentication API. If the env variable
is defined, it's possible to override the (default) production address.
"""
return os.environ.get('BLENDER_ID_ENDPOINT',
"https://www.blender.org/id").rstrip('/')
def pillar_server_endpoint(): def pillar_server_endpoint():
"""Gets the endpoint for the authentication API. If the env variable """Gets the endpoint for the authentication API. If the env variable
is defined, we will use the one from the config object. is defined, we will use the one from the config object.

6
tests/test_api/test_oauth.py
View File

@ -12,7 +12,7 @@ class OAuthTests(AbstractPillarTest):
oauth_provider = OAuthSignIn.get_provider('blender-id') oauth_provider = OAuthSignIn.get_provider('blender-id')
self.assertIsInstance(oauth_provider, BlenderIdSignIn) self.assertIsInstance(oauth_provider, BlenderIdSignIn)
self.assertEqual(oauth_provider.service.base_url, 'http://blender-id:8000/api/') self.assertEqual(oauth_provider.service.base_url, 'http://id.local:8001/api/')
def test_provider_not_implemented(self): def test_provider_not_implemented(self):
from pillar.auth.oauth import OAuthSignIn, ProviderNotImplemented from pillar.auth.oauth import OAuthSignIn, ProviderNotImplemented
@ -46,11 +46,11 @@ class OAuthTests(AbstractPillarTest):
def test_provider_callback_happy(self): def test_provider_callback_happy(self):
from pillar.auth.oauth import OAuthSignIn from pillar.auth.oauth import OAuthSignIn
responses.add(responses.POST, 'http://blender-id:8000/oauth/token', responses.add(responses.POST, 'http://id.local:8001/oauth/token',
json={'access_token': 'successful-token'}, json={'access_token': 'successful-token'},
status=200) status=200)
responses.add(responses.GET, 'http://blender-id:8000/api/user', responses.add(responses.GET, 'http://id.local:8001/api/user',
json={'id': '7', json={'id': '7',
'email': 'harry@blender.org'}, 'email': 'harry@blender.org'},
status=200) status=200)