Add a security scanner api config object for params

Change SecScanAPI to use a uri creation func instead of test context Pass config provider through validator context Remove app config dependency for validators
2018-05-29 13:50:51 -04:00 · 2018-05-29 13:50:51 -04:00 · 7df8ed4a60
commit 7df8ed4a60
parent 554d4f47a8
47 changed files with 305 additions and 166 deletions
--- a/oauth/services/github.py
+++ b/oauth/services/github.py
@ -75,7 +75,8 @@ class GithubOAuthService(OAuthLoginService):
  def orgs_endpoint(self):
    return slash_join(self._api_endpoint(), 'user/orgs')

-  def validate_client_id_and_secret(self, http_client, app_config):
+  # TODO(sam): refactor the base method to not take app config
+  def validate_client_id_and_secret(self, http_client):
    # First: Verify that the github endpoint is actually Github by checking for the
    # X-GitHub-Request-Id here.
    api_endpoint = self._api_endpoint()
--- a/oauth/services/google.py
+++ b/oauth/services/google.py
@ -41,7 +41,8 @@ class GoogleOAuthService(OAuthLoginService):
  def requires_form_encoding(self):
    return True

-  def validate_client_id_and_secret(self, http_client, app_config):
+  # TODO(sam): this signature does not match its parent class. refactor the base method to take the namedtuple URLSchemeAndHostname
+  def validate_client_id_and_secret(self, http_client):
    # To verify the Google client ID and secret, we hit the
    # https://www.googleapis.com/oauth2/v3/token endpoint with an invalid request. If the client
    # ID or secret are invalid, we get returned a 403 Unauthorized. Otherwise, we get returned