Decouple oauth methods from app with a namedtuple

endpoints/githubtrigger.py

@@ -10,6 +10,7 @@ from auth.decorators import require_session_login
 from auth.permissions import AdministerRepositoryPermission
 from data import model
 from endpoints.decorators import route_show_if, parse_repository_name
+from util.config import URLSchemeAndHostname
 from util.http import abort
 
 
@@ -26,6 +27,7 @@ def attach_github_build_trigger(namespace_name, repo_name):
   permission = AdministerRepositoryPermission(namespace_name, repo_name)
   if permission.can():
     code = request.args.get('code')
+    # url_scheme_and_hostname = URLSchemeAndHostname(app.config['PREFERRED_URL_SCHEME'], app.config['SERVER_HOSTNAME'])
     token = github_trigger.exchange_code_for_token(app.config, client, code)
     repo = model.repository.get_repository(namespace_name, repo_name)
     if not repo:

endpoints/gitlabtrigger.py

@@ -10,6 +10,7 @@ from auth.decorators import require_session_login
 from auth.permissions import AdministerRepositoryPermission
 from data import model
 from endpoints.decorators import route_show_if
+from util.config import URLSchemeAndHostname
 from util.http import abort
 
 
@@ -34,6 +35,7 @@ def attach_gitlab_build_trigger():
   permission = AdministerRepositoryPermission(namespace, repository)
   if permission.can():
     code = request.args.get('code')
+    # url_scheme_and_hostname = URLSchemeAndHostname(app.config['PREFERRED_URL_SCHEME'], app.config['SERVER_HOSTNAME'])
     token = gitlab_trigger.exchange_code_for_token(app.config, client, code,
                                                    redirect_suffix='/trigger')
     if not token:

oauth/base.py

@@ -7,6 +7,7 @@ from abc import ABCMeta, abstractmethod
 from six import add_metaclass
 
 from util import get_app_url
+from util.config import URLSchemeAndHostname
 
 logger = logging.getLogger(__name__)
 
@@ -111,9 +112,9 @@ class OAuthService(object):
 
     return self.authorize_endpoint().with_params(params).to_url()
 
-  def get_redirect_uri(self, app_config, redirect_suffix=''):
+  def get_redirect_uri(self, url_scheme_and_hostname, redirect_suffix=''):
-    return '%s://%s/oauth2/%s/callback%s' % (app_config['PREFERRED_URL_SCHEME'],
+    return '%s://%s/oauth2/%s/callback%s' % (url_scheme_and_hostname.url_scheme,
-                                             app_config['SERVER_HOSTNAME'],
+                                             url_scheme_and_hostname.hostname,
                                              self.service_id(),
                                              redirect_suffix)
 
@@ -153,10 +154,11 @@ class OAuthService(object):
   def exchange_code(self, app_config, http_client, code, form_encode=False, redirect_suffix='',
                     client_auth=False):
     """ Exchanges an OAuth access code for associated OAuth token and other data. """
+    url_scheme_and_hostname = URLSchemeAndHostname(app_config['PREFERRED_URL_SCHEME'], app_config['SERVER_HOSTNAME'])
     payload = {
       'code': code,
       'grant_type': 'authorization_code',
-      'redirect_uri': self.get_redirect_uri(app_config, redirect_suffix)
+      'redirect_uri': self.get_redirect_uri(url_scheme_and_hostname, redirect_suffix)
     }
 
     headers = {

oauth/login.py

@@ -6,6 +6,7 @@ from six import add_metaclass
 import features
 
 from oauth.base import OAuthService, OAuthExchangeCodeException, OAuthGetUserInfoException
+from util.config import URLSchemeAndHostname
 
 logger = logging.getLogger(__name__)
 
@@ -64,6 +65,7 @@ class OAuthLoginService(OAuthService):
 
     # Retrieve the token for the OAuth code.
     try:
+      # url_scheme_and_hostname = URLSchemeAndHostname(app_config['PREFERRED_URL_SCHEME'], app_config['SERVER_HOSTNAME'])
       token = self.exchange_code_for_token(app_config, http_client, code,
                                            redirect_suffix=redirect_suffix,
                                            form_encode=self.requires_form_encoding())

oauth/services/gitlab.py

@@ -29,13 +29,13 @@ class GitLabOAuthService(OAuthService):
   def token_endpoint(self):
     return OAuthEndpoint(slash_join(self._endpoint(), '/oauth/token'))
 
-  def validate_client_id_and_secret(self, http_client, app_config):
+  def validate_client_id_and_secret(self, http_client, url_scheme_and_hostname):
     # We validate the client ID and secret by hitting the OAuth token exchange endpoint with
     # the real client ID and secret, but a fake auth code to exchange. Gitlab's implementation will
     # return `invalid_client` as the `error` if the client ID or secret is invalid; otherwise, it
     # will return another error.
     url = self.token_endpoint().to_url()
-    redirect_uri = self.get_redirect_uri(app_config, redirect_suffix='trigger')
+    redirect_uri = self.get_redirect_uri(url_scheme_and_hostname, redirect_suffix='trigger')
     data = {
       'code': 'fakecode',
       'client_id': self.client_id(),

util/config/__init__.py

@@ -0,0 +1,3 @@
+from collections import namedtuple
+
+URLSchemeAndHostname = namedtuple('URLSchemeAndHostname', ['url_scheme', 'hostname'])

util/config/validators/validate_gitlab_trigger.py

@@ -1,4 +1,5 @@
 from oauth.services.gitlab import GitLabOAuthService
+from util.config import URLSchemeAndHostname
 from util.config.validators import BaseValidator, ConfigValidationException
 
 class GitLabTriggerValidator(BaseValidator):
@@ -24,6 +25,7 @@ class GitLabTriggerValidator(BaseValidator):
 
     client = app.config['HTTPCLIENT']
     oauth = GitLabOAuthService(config, 'GITLAB_TRIGGER_CONFIG')
-    result = oauth.validate_client_id_and_secret(client, app.config)
+    url_scheme_and_hostname = URLSchemeAndHostname(app.config['PREFERRED_URL_SCHEME'], app.config['SERVER_HOSTNAME'])
+    result = oauth.validate_client_id_and_secret(client, url_scheme_and_hostname)
     if not result:
       raise ConfigValidationException('Invalid client id or client secret')