Add a security scanner api config object for params

Change SecScanAPI to use a uri creation func instead of test context Pass config provider through validator context Remove app config dependency for validators
2018-05-29 13:50:51 -04:00 · 2018-05-29 13:50:51 -04:00 · 7df8ed4a60
commit 7df8ed4a60
parent 554d4f47a8
47 changed files with 305 additions and 166 deletions
--- a/oauth/login.py
+++ b/oauth/login.py
@ -6,7 +6,6 @@ from six import add_metaclass
 import features

 from oauth.base import OAuthService, OAuthExchangeCodeException, OAuthGetUserInfoException
-from util.config import URLSchemeAndHostname

 logger = logging.getLogger(__name__)

@ -65,7 +64,6 @@ class OAuthLoginService(OAuthService):

    # Retrieve the token for the OAuth code.
    try:
-      # url_scheme_and_hostname = URLSchemeAndHostname(app_config['PREFERRED_URL_SCHEME'], app_config['SERVER_HOSTNAME'])
      token = self.exchange_code_for_token(app_config, http_client, code,
                                           redirect_suffix=redirect_suffix,
                                           form_encode=self.requires_form_encoding())
--- a/oauth/services/github.py
+++ b/oauth/services/github.py
@ -75,7 +75,8 @@ class GithubOAuthService(OAuthLoginService):
  def orgs_endpoint(self):
    return slash_join(self._api_endpoint(), 'user/orgs')

-  def validate_client_id_and_secret(self, http_client, app_config):
+  # TODO(sam): refactor the base method to not take app config
+  def validate_client_id_and_secret(self, http_client):
    # First: Verify that the github endpoint is actually Github by checking for the
    # X-GitHub-Request-Id here.
    api_endpoint = self._api_endpoint()
--- a/oauth/services/google.py
+++ b/oauth/services/google.py
@ -41,7 +41,8 @@ class GoogleOAuthService(OAuthLoginService):
  def requires_form_encoding(self):
    return True

-  def validate_client_id_and_secret(self, http_client, app_config):
+  # TODO(sam): this signature does not match its parent class. refactor the base method to take the namedtuple URLSchemeAndHostname
+  def validate_client_id_and_secret(self, http_client):
    # To verify the Google client ID and secret, we hit the
    # https://www.googleapis.com/oauth2/v3/token endpoint with an invalid request. If the client
    # ID or secret are invalid, we get returned a 403 Unauthorized. Otherwise, we get returned