Add setup UI for the new trigger types (bitbucket and gitlab) and add validation

2015-05-03 11:50:26 -07:00 · 2015-05-03 11:50:26 -07:00 · 4f2a1b3734
commit 4f2a1b3734
parent 0b990677a0
4 changed files with 229 additions and 20 deletions
--- a/util/oauth.py
+++ b/util/oauth.py
@ -15,7 +15,7 @@ class OAuthConfig(object):
  def user_endpoint(self):
    raise NotImplementedError

-  def validate_client_id_and_secret(self, http_client):
+  def validate_client_id_and_secret(self, http_client, app_config):
    raise NotImplementedError

  def client_id(self):
@ -30,6 +30,13 @@ class OAuthConfig(object):

    return endpoint

+  def get_redirect_uri(self, app_config, redirect_suffix=''):
+    return '%s://%s/oauth2/%s/callback%s' % (app_config['PREFERRED_URL_SCHEME'],
+                                             app_config['SERVER_HOSTNAME'],
+                                             self.service_name().lower(),
+                                             redirect_suffix)
+
+
  def exchange_code_for_token(self, app_config, http_client, code, form_encode=False,
                              redirect_suffix=''):
    payload = {
@ -37,10 +44,7 @@ class OAuthConfig(object):
      'client_secret': self.client_secret(),
      'code': code,
      'grant_type': 'authorization_code',
-      'redirect_uri': '%s://%s/oauth2/%s/callback%s' % (app_config['PREFERRED_URL_SCHEME'],
-                                                        app_config['SERVER_HOSTNAME'],
-                                                        self.service_name().lower(),
-                                                        redirect_suffix)
+      'redirect_uri': self.get_redirect_uri(app_config, redirect_suffix)
    }

    headers = {
@ -114,7 +118,7 @@ class GithubOAuthConfig(OAuthConfig):
    api_endpoint = self._api_endpoint()
    return self._get_url(api_endpoint, 'user/orgs')

-  def validate_client_id_and_secret(self, http_client):
+  def validate_client_id_and_secret(self, http_client, app_config):
    # First: Verify that the github endpoint is actually Github by checking for the
    # X-GitHub-Request-Id here.
    api_endpoint = self._api_endpoint()
@ -176,7 +180,7 @@ class GoogleOAuthConfig(OAuthConfig):
  def user_endpoint(self):
    return 'https://www.googleapis.com/oauth2/v1/userinfo'

-  def validate_client_id_and_secret(self, http_client):
+  def validate_client_id_and_secret(self, http_client, app_config):
    # To verify the Google client ID and secret, we hit the
    # https://www.googleapis.com/oauth2/v3/token endpoint with an invalid request. If the client
    # ID or secret are invalid, we get returned a 403 Unauthorized. Otherwise, we get returned
@ -219,8 +223,24 @@ class GitLabOAuthConfig(OAuthConfig):
  def token_endpoint(self):
    return self._get_url(self._endpoint(), '/oauth/token')

-  def validate_client_id_and_secret(self, http_client):
-    pass
+  def validate_client_id_and_secret(self, http_client, app_config):
+    url = self.token_endpoint()
+    redirect_uri = self.get_redirect_uri(app_config, redirect_suffix='trigger')
+    data = {
+      'code': 'fakecode',
+      'client_id': self.client_id(),
+      'client_secret': self.client_secret(),
+      'grant_type': 'authorization_code',
+      'redirect_uri': redirect_uri
+    }
+
+    # We validate by checking the error code we receive from this call.
+    result = http_client.post(url, data=data, timeout=5)
+    value = result.json()
+    if not value:
+      return False
+
+    return value.get('error', '') != 'invalid_client'

  def get_public_config(self):
    return {