allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From brond...@apache.org
Subject allura git commit: [#6876] on webpages requiring GH access, check that existing tokens are valid
Date Fri, 02 Dec 2016 22:10:53 GMT
Repository: allura
Updated Branches:
  refs/heads/db/6876 [created] 5a74fc10e


[#6876] on webpages requiring GH access, check that existing tokens are valid


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/5a74fc10
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/5a74fc10
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/5a74fc10

Branch: refs/heads/db/6876
Commit: 5a74fc10ead51ce863c55cd6001890f5463a90a5
Parents: c823719
Author: Dave Brondsema <dave@brondsema.net>
Authored: Fri Dec 2 14:10:14 2016 -0500
Committer: Dave Brondsema <dave@brondsema.net>
Committed: Fri Dec 2 17:10:31 2016 -0500

----------------------------------------------------------------------
 ForgeImporters/forgeimporters/github/__init__.py    | 16 +++++++++++++---
 .../tests/github/functional/test_github.py          | 10 ++++++++--
 2 files changed, 21 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/5a74fc10/ForgeImporters/forgeimporters/github/__init__.py
----------------------------------------------------------------------
diff --git a/ForgeImporters/forgeimporters/github/__init__.py b/ForgeImporters/forgeimporters/github/__init__.py
index fe501dd..777c8d0 100644
--- a/ForgeImporters/forgeimporters/github/__init__.py
+++ b/ForgeImporters/forgeimporters/github/__init__.py
@@ -177,17 +177,27 @@ class GitHubProjectExtractor(base.ProjectExtractor):
         return self.get_page('project_info').get('has_issues')
 
 
-class GitHubOAuthMixin(object):
+def valid_access_token(access_token):
+    # https://developer.github.com/v3/oauth_authorizations/#check-an-authorization
+    client_id = config['github_importer.client_id']
+    secret = config['github_importer.client_secret']
+    token_valid_resp = requests.get('https://api.github.com/applications/{}/tokens/{}'.format(client_id,
access_token),
+                                    auth=requests.auth.HTTPBasicAuth(client_id, secret))
+    return token_valid_resp.status_code == 200
+
 
+class GitHubOAuthMixin(object):
     '''Support for github oauth web application flow.'''
 
     def oauth_begin(self, scope=None):
         client_id = config.get('github_importer.client_id')
         secret = config.get('github_importer.client_secret')
         if not client_id or not secret:
+            log.warn('github_importer.* not set up in .ini file; cannot use OAuth for GitHub')
             return  # GitHub app is not configured
-        if c.user.get_tool_data('GitHubProjectImport', 'token'):
-            return  # token already exists, nothing to do
+        access_token = c.user.get_tool_data('GitHubProjectImport', 'token')
+        if access_token and valid_access_token(access_token):
+            return
         redirect_uri = request.url.rstrip('/') + '/oauth_callback'
         oauth = OAuth2Session(client_id, redirect_uri=redirect_uri, scope=scope)
         auth_url, state = oauth.authorization_url(

http://git-wip-us.apache.org/repos/asf/allura/blob/5a74fc10/ForgeImporters/forgeimporters/tests/github/functional/test_github.py
----------------------------------------------------------------------
diff --git a/ForgeImporters/forgeimporters/tests/github/functional/test_github.py b/ForgeImporters/forgeimporters/tests/github/functional/test_github.py
index 3f6950e..eb38671 100644
--- a/ForgeImporters/forgeimporters/tests/github/functional/test_github.py
+++ b/ForgeImporters/forgeimporters/tests/github/functional/test_github.py
@@ -14,7 +14,7 @@
 #       KIND, either express or implied.  See the License for the
 #       specific language governing permissions and limitations
 #       under the License.
-
+import requests
 import tg
 from mock import patch, call, Mock
 from nose.tools import assert_equal
@@ -81,6 +81,12 @@ class TestGitHubOAuth(TestController):
         user = M.User.by_username('test-admin')
         assert_equal(user.get_tool_data('GitHubProjectImport', 'token'), 'abc')
 
-        r = self.app.get('/p/import_project/github/')
+        with patch('forgeimporters.github.requests.get') as valid_access_token_get:
+            valid_access_token_get.return_value = Mock(status_code=200)
+            r = self.app.get('/p/import_project/github/')
+
         # token in user data, so oauth isn't triggered
         assert_equal(r.status_int, 200)
+
+        valid_access_token_get.assert_called_once_with('https://api.github.com/applications/client_id/tokens/abc',
+                                                       auth=requests.auth.HTTPBasicAuth('client_id',
'secret'))


Mime
View raw message