vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Change Github Login to use its own application/client ID so that we don't accidentally lower valid trigger tokens

Browse source
This commit is contained in:
Joseph Schorr 2014-04-01 22:49:18 -04:00
parent 6ff46cc450
commit 193824a196
4 changed files with 18 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
config.py
View file

@ -152,8 +152,12 @@ class MixpanelProdConfig(MixpanelTestConfig):
class GitHubTestConfig(object): class GitHubTestConfig(object):
GITHUB_LOGIN_CLIENT_ID = '0e8dbe15c4c7630b5480'
GITHUB_LOGIN_CLIENT_SECRET = 'ac50334c10737b7abd004e23875b63a6c527edaa'
GITHUB_CLIENT_ID = 'cfbc4aca88e5c1b40679' GITHUB_CLIENT_ID = 'cfbc4aca88e5c1b40679'
GITHUB_CLIENT_SECRET = '7d1cc21e17e10cd8168410e2cd1e4561cb854ff9' GITHUB_CLIENT_SECRET = '7d1cc21e17e10cd8168410e2cd1e4561cb854ff9'
GITHUB_TOKEN_URL = 'https://github.com/login/oauth/access_token' GITHUB_TOKEN_URL = 'https://github.com/login/oauth/access_token'
GITHUB_USER_URL = 'https://api.github.com/user' GITHUB_USER_URL = 'https://api.github.com/user'
GITHUB_USER_EMAILS = GITHUB_USER_URL + '/emails' GITHUB_USER_EMAILS = GITHUB_USER_URL + '/emails'
@ -163,11 +167,17 @@ class GitHubStagingConfig(GitHubTestConfig):
GITHUB_CLIENT_ID = '4886304accbc444f0471' GITHUB_CLIENT_ID = '4886304accbc444f0471'
GITHUB_CLIENT_SECRET = '27d8a5d99af02dda821eb10883bcb2e785e70a62' GITHUB_CLIENT_SECRET = '27d8a5d99af02dda821eb10883bcb2e785e70a62'
GITHUB_LOGIN_CLIENT_ID = 'b5099ca5bc5ff6311981'
GITHUB_LOGIN_CLIENT_SECRET = '22b87a8133356a461b92d9b609d5e761c8fbedec'
class GitHubProdConfig(GitHubTestConfig): class GitHubProdConfig(GitHubTestConfig):
GITHUB_CLIENT_ID = '5a8c08b06c48d89d4d1e' GITHUB_CLIENT_ID = '5a8c08b06c48d89d4d1e'
GITHUB_CLIENT_SECRET = 'f89d8bb28ea3bd4e1c68808500d185a816be53b1' GITHUB_CLIENT_SECRET = 'f89d8bb28ea3bd4e1c68808500d185a816be53b1'
GITHUB_LOGIN_CLIENT_ID = 'a77931a0868729722fb5'
GITHUB_LOGIN_CLIENT_SECRET = '7d977c8184cef68055cce0aed8658d065b3e8596'
class DigitalOceanConfig(object): class DigitalOceanConfig(object):
DO_CLIENT_ID = 'LJ44y2wwYj1MD0BRxS6qHA' DO_CLIENT_ID = 'LJ44y2wwYj1MD0BRxS6qHA'

8
endpoints/callbacks.py
View file

@ -20,11 +20,11 @@ client = app.config['HTTPCLIENT']
callback = Blueprint('callback', __name__) callback = Blueprint('callback', __name__)
def exchange_github_code_for_token(code): def exchange_github_code_for_token(code, for_login=True):
code = request.args.get('code') code = request.args.get('code')
payload = { payload = {
'client_id': app.config['GITHUB_CLIENT_ID'], 'client_id': app.config['GITHUB_LOGIN_CLIENT_ID' if for_login else 'GITHUB_CLIENT_ID'],
'client_secret': app.config['GITHUB_CLIENT_SECRET'], 'client_secret': app.config['GITHUB_LOGIN_CLIENT_SECRET' if for_login else 'GITHUB_CLIENT_SECRET'],
'code': code, 'code': code,
} }
headers = { headers = {
@ -117,7 +117,7 @@ def github_oauth_attach():
def attach_github_build_trigger(namespace, repository): def attach_github_build_trigger(namespace, repository):
permission = AdministerRepositoryPermission(namespace, repository) permission = AdministerRepositoryPermission(namespace, repository)
if permission.can(): if permission.can():
token = exchange_github_code_for_token(request.args.get('code')) token = exchange_github_code_for_token(request.args.get('code'), for_login=False)
repo = model.get_repository(namespace, repository) repo = model.get_repository(namespace, repository)
if not repo: if not repo:
msg = 'Invalid repository: %s/%s' % (namespace, repository) msg = 'Invalid repository: %s/%s' % (namespace, repository)

5
static/js/app.js
View file

@ -839,6 +839,7 @@ quayApp = angular.module('quay', ['ngRoute', 'chieffancypants.loadingBar', 'angu
} else { } else {
keyService['stripePublishableKey'] = 'pk_test_uEDHANKm9CHCvVa2DLcipGRh'; keyService['stripePublishableKey'] = 'pk_test_uEDHANKm9CHCvVa2DLcipGRh';
keyService['githubClientId'] = 'cfbc4aca88e5c1b40679'; keyService['githubClientId'] = 'cfbc4aca88e5c1b40679';
keyService['githubLoginClientId'] = '0e8dbe15c4c7630b5480';
keyService['githubRedirectUri'] = 'http://localhost:5000/oauth2/github/callback'; keyService['githubRedirectUri'] = 'http://localhost:5000/oauth2/github/callback';
} }
@ -1527,7 +1528,7 @@ quayApp.directive('signinForm', function () {
// Needed to ensure that UI work done by the started callback is finished before the location // Needed to ensure that UI work done by the started callback is finished before the location
// changes. // changes.
$timeout(function() { $timeout(function() {
var url = 'https://github.com/login/oauth/authorize?client_id=' + encodeURIComponent(KeyService.githubClientId) + var url = 'https://github.com/login/oauth/authorize?client_id=' + encodeURIComponent(KeyService.githubLoginClientId) +
'&scope=user:email' + mixpanelDistinctIdClause; '&scope=user:email' + mixpanelDistinctIdClause;
document.location = url; document.location = url;
}, 250); }, 250);
@ -1590,7 +1591,7 @@ quayApp.directive('signupForm', function () {
$scope.github_state_clause = '&state=' + mixpanelId; $scope.github_state_clause = '&state=' + mixpanelId;
}); });
$scope.githubClientId = KeyService.githubClientId; $scope.githubClientId = KeyService.githubLoginClientId;
$scope.awaitingConfirmation = false; $scope.awaitingConfirmation = false;
$scope.registering = false; $scope.registering = false;

2
static/js/controllers.js
View file

@ -1616,7 +1616,7 @@ function UserAdminCtrl($scope, $timeout, $location, ApiService, PlanService, Use
$scope.convertStep = 0; $scope.convertStep = 0;
$scope.org = {}; $scope.org = {};
$scope.githubRedirectUri = KeyService.githubRedirectUri; $scope.githubRedirectUri = KeyService.githubRedirectUri;
$scope.githubClientId = KeyService.githubClientId; $scope.githubClientId = KeyService.githubLoginClientId;
$scope.authorizedApps = null; $scope.authorizedApps = null;
$('.form-change').popover(); $('.form-change').popover();