Pull out github trigger and login validation into validator class
This commit is contained in:
Joseph Schorr
parent
a31f2267e8
commit
d4eb4f7f3c
3 changed files with 132 additions and 77 deletions
62
util/config/validators/test/test_validate_github.py
Normal file
62
util/config/validators/test/test_validate_github.py
Normal file
|
|
@ -0,0 +1,62 @@
|
|||
import pytest
|
||||
|
||||
from httmock import urlmatch, HTTMock
|
||||
|
||||
from util.config.validators import ConfigValidationException
|
||||
from util.config.validators.validate_github import GitHubLoginValidator, GitHubTriggerValidator
|
||||
|
||||
@pytest.fixture(params=[GitHubLoginValidator, GitHubTriggerValidator])
|
||||
def github_validator(request):
|
||||
return request.param
|
||||
|
||||
|
||||
@pytest.mark.parametrize('github_config', [
|
||||
({}),
|
||||
({'GITHUB_ENDPOINT': 'foo'}),
|
||||
({'GITHUB_ENDPOINT': 'http://github.com'}),
|
||||
({'GITHUB_ENDPOINT': 'http://github.com', 'CLIENT_ID': 'foo'}),
|
||||
({'GITHUB_ENDPOINT': 'http://github.com', 'CLIENT_SECRET': 'foo'}),
|
||||
({
|
||||
'GITHUB_ENDPOINT': 'http://github.com',
|
||||
'CLIENT_ID': 'foo',
|
||||
'CLIENT_SECRET': 'foo',
|
||||
'ORG_RESTRICT': True
|
||||
}),
|
||||
({
|
||||
'GITHUB_ENDPOINT': 'http://github.com',
|
||||
'CLIENT_ID': 'foo',
|
||||
'CLIENT_SECRET': 'foo',
|
||||
'ORG_RESTRICT': True,
|
||||
'ALLOWED_ORGANIZATIONS': [],
|
||||
}),
|
||||
])
|
||||
def test_validate_invalid_github_config(github_config, github_validator):
|
||||
with pytest.raises(ConfigValidationException):
|
||||
unvalidated_config = {}
|
||||
unvalidated_config[github_validator.config_key] = github_config
|
||||
github_validator.validate(unvalidated_config, None, None)
|
||||
|
||||
def test_validate_github(github_validator):
|
||||
url_hit = [False, False]
|
||||
|
||||
@urlmatch(netloc=r'somehost')
|
||||
def handler(url, request):
|
||||
url_hit[0] = True
|
||||
return {'status_code': 200, 'content': '', 'headers': {'X-GitHub-Request-Id': 'foo'}}
|
||||
|
||||
@urlmatch(netloc=r'somehost', path=r'/api/v3/applications/foo/tokens/foo')
|
||||
def app_handler(url, request):
|
||||
url_hit[1] = True
|
||||
return {'status_code': 404, 'content': '', 'headers': {'X-GitHub-Request-Id': 'foo'}}
|
||||
|
||||
with HTTMock(app_handler, handler):
|
||||
github_validator.validate({
|
||||
github_validator.config_key: {
|
||||
'GITHUB_ENDPOINT': 'http://somehost',
|
||||
'CLIENT_ID': 'foo',
|
||||
'CLIENT_SECRET': 'bar',
|
||||
},
|
||||
}, None, None)
|
||||
|
||||
assert url_hit[0]
|
||||
assert url_hit[1]
|
||||
51
util/config/validators/validate_github.py
Normal file
51
util/config/validators/validate_github.py
Normal file
|
|
@ -0,0 +1,51 @@
|
|||
from app import app
|
||||
from oauth.services.github import GithubOAuthService
|
||||
from util.config.validators import BaseValidator, ConfigValidationException
|
||||
|
||||
class BaseGitHubValidator(BaseValidator):
|
||||
name = None
|
||||
config_key = None
|
||||
|
||||
@classmethod
|
||||
def validate(cls, config, user, user_password):
|
||||
""" Validates the OAuth credentials and API endpoint for a Github service. """
|
||||
github_config = config.get(cls.config_key)
|
||||
if not github_config:
|
||||
raise ConfigValidationException('Missing GitHub client id and client secret')
|
||||
|
||||
endpoint = github_config.get('GITHUB_ENDPOINT')
|
||||
if not endpoint:
|
||||
raise ConfigValidationException('Missing GitHub Endpoint')
|
||||
|
||||
if endpoint.find('http://') != 0 and endpoint.find('https://') != 0:
|
||||
raise ConfigValidationException('Github Endpoint must start with http:// or https://')
|
||||
|
||||
if not github_config.get('CLIENT_ID'):
|
||||
raise ConfigValidationException('Missing Client ID')
|
||||
|
||||
if not github_config.get('CLIENT_SECRET'):
|
||||
raise ConfigValidationException('Missing Client Secret')
|
||||
|
||||
if github_config.get('ORG_RESTRICT') and not github_config.get('ALLOWED_ORGANIZATIONS'):
|
||||
raise ConfigValidationException('Organization restriction must have at least one allowed ' +
|
||||
'organization')
|
||||
|
||||
client = app.config['HTTPCLIENT']
|
||||
oauth = GithubOAuthService(config, cls.config_key)
|
||||
result = oauth.validate_client_id_and_secret(client, app.config)
|
||||
if not result:
|
||||
raise ConfigValidationException('Invalid client id or client secret')
|
||||
|
||||
if github_config.get('ALLOWED_ORGANIZATIONS'):
|
||||
for org_id in github_config.get('ALLOWED_ORGANIZATIONS'):
|
||||
if not oauth.validate_organization(org_id, client):
|
||||
raise ConfigValidationException('Invalid organization: %s' % org_id)
|
||||
|
||||
|
||||
class GitHubLoginValidator(BaseGitHubValidator):
|
||||
name = "github-login"
|
||||
config_key = "GITHUB_LOGIN_CONFIG"
|
||||
|
||||
class GitHubTriggerValidator(BaseGitHubValidator):
|
||||
name = "github-trigger"
|
||||
config_key = "GITHUB_TRIGGER_CONFIG"
|
||||
Reference in a new issue