Change Github Login to use its own application/client ID so that we don't accidentally lower valid trigger tokens
This commit is contained in:
Joseph Schorr
parent
6ff46cc450
commit
193824a196
4 changed files with 18 additions and 7 deletions
10
config.py
10
config.py
|
|
@ -152,8 +152,12 @@ class MixpanelProdConfig(MixpanelTestConfig):
|
|||
|
||||
|
||||
class GitHubTestConfig(object):
|
||||
GITHUB_LOGIN_CLIENT_ID = '0e8dbe15c4c7630b5480'
|
||||
GITHUB_LOGIN_CLIENT_SECRET = 'ac50334c10737b7abd004e23875b63a6c527edaa'
|
||||
|
||||
GITHUB_CLIENT_ID = 'cfbc4aca88e5c1b40679'
|
||||
GITHUB_CLIENT_SECRET = '7d1cc21e17e10cd8168410e2cd1e4561cb854ff9'
|
||||
|
||||
GITHUB_TOKEN_URL = 'https://github.com/login/oauth/access_token'
|
||||
GITHUB_USER_URL = 'https://api.github.com/user'
|
||||
GITHUB_USER_EMAILS = GITHUB_USER_URL + '/emails'
|
||||
|
|
@ -163,11 +167,17 @@ class GitHubStagingConfig(GitHubTestConfig):
|
|||
GITHUB_CLIENT_ID = '4886304accbc444f0471'
|
||||
GITHUB_CLIENT_SECRET = '27d8a5d99af02dda821eb10883bcb2e785e70a62'
|
||||
|
||||
GITHUB_LOGIN_CLIENT_ID = 'b5099ca5bc5ff6311981'
|
||||
GITHUB_LOGIN_CLIENT_SECRET = '22b87a8133356a461b92d9b609d5e761c8fbedec'
|
||||
|
||||
|
||||
class GitHubProdConfig(GitHubTestConfig):
|
||||
GITHUB_CLIENT_ID = '5a8c08b06c48d89d4d1e'
|
||||
GITHUB_CLIENT_SECRET = 'f89d8bb28ea3bd4e1c68808500d185a816be53b1'
|
||||
|
||||
GITHUB_LOGIN_CLIENT_ID = 'a77931a0868729722fb5'
|
||||
GITHUB_LOGIN_CLIENT_SECRET = '7d977c8184cef68055cce0aed8658d065b3e8596'
|
||||
|
||||
|
||||
class DigitalOceanConfig(object):
|
||||
DO_CLIENT_ID = 'LJ44y2wwYj1MD0BRxS6qHA'
|
||||
|
|
|
|||
|
|
@ -20,11 +20,11 @@ client = app.config['HTTPCLIENT']
|
|||
callback = Blueprint('callback', __name__)
|
||||
|
||||
|
||||
def exchange_github_code_for_token(code):
|
||||
def exchange_github_code_for_token(code, for_login=True):
|
||||
code = request.args.get('code')
|
||||
payload = {
|
||||
'client_id': app.config['GITHUB_CLIENT_ID'],
|
||||
'client_secret': app.config['GITHUB_CLIENT_SECRET'],
|
||||
'client_id': app.config['GITHUB_LOGIN_CLIENT_ID' if for_login else 'GITHUB_CLIENT_ID'],
|
||||
'client_secret': app.config['GITHUB_LOGIN_CLIENT_SECRET' if for_login else 'GITHUB_CLIENT_SECRET'],
|
||||
'code': code,
|
||||
}
|
||||
headers = {
|
||||
|
|
@ -117,7 +117,7 @@ def github_oauth_attach():
|
|||
def attach_github_build_trigger(namespace, repository):
|
||||
permission = AdministerRepositoryPermission(namespace, repository)
|
||||
if permission.can():
|
||||
token = exchange_github_code_for_token(request.args.get('code'))
|
||||
token = exchange_github_code_for_token(request.args.get('code'), for_login=False)
|
||||
repo = model.get_repository(namespace, repository)
|
||||
if not repo:
|
||||
msg = 'Invalid repository: %s/%s' % (namespace, repository)
|
||||
|
|
|
|||
|
|
@ -839,6 +839,7 @@ quayApp = angular.module('quay', ['ngRoute', 'chieffancypants.loadingBar', 'angu
|
|||
} else {
|
||||
keyService['stripePublishableKey'] = 'pk_test_uEDHANKm9CHCvVa2DLcipGRh';
|
||||
keyService['githubClientId'] = 'cfbc4aca88e5c1b40679';
|
||||
keyService['githubLoginClientId'] = '0e8dbe15c4c7630b5480';
|
||||
keyService['githubRedirectUri'] = 'http://localhost:5000/oauth2/github/callback';
|
||||
}
|
||||
|
||||
|
|
@ -1527,7 +1528,7 @@ quayApp.directive('signinForm', function () {
|
|||
// Needed to ensure that UI work done by the started callback is finished before the location
|
||||
// changes.
|
||||
$timeout(function() {
|
||||
var url = 'https://github.com/login/oauth/authorize?client_id=' + encodeURIComponent(KeyService.githubClientId) +
|
||||
var url = 'https://github.com/login/oauth/authorize?client_id=' + encodeURIComponent(KeyService.githubLoginClientId) +
|
||||
'&scope=user:email' + mixpanelDistinctIdClause;
|
||||
document.location = url;
|
||||
}, 250);
|
||||
|
|
@ -1590,7 +1591,7 @@ quayApp.directive('signupForm', function () {
|
|||
$scope.github_state_clause = '&state=' + mixpanelId;
|
||||
});
|
||||
|
||||
$scope.githubClientId = KeyService.githubClientId;
|
||||
$scope.githubClientId = KeyService.githubLoginClientId;
|
||||
|
||||
$scope.awaitingConfirmation = false;
|
||||
$scope.registering = false;
|
||||
|
|
|
|||
|
|
@ -1616,7 +1616,7 @@ function UserAdminCtrl($scope, $timeout, $location, ApiService, PlanService, Use
|
|||
$scope.convertStep = 0;
|
||||
$scope.org = {};
|
||||
$scope.githubRedirectUri = KeyService.githubRedirectUri;
|
||||
$scope.githubClientId = KeyService.githubClientId;
|
||||
$scope.githubClientId = KeyService.githubLoginClientId;
|
||||
$scope.authorizedApps = null;
|
||||
|
||||
$('.form-change').popover();
|
||||
|
|
|
|||
Reference in a new issue