Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make anitya use authlib instead of social_auth #1220

Merged
merged 7 commits into from
Dec 3, 2024

Conversation

LenkaSeg
Copy link
Contributor

Allow authentication with Fedora, GitHub and Google.
This PR aims to get rid of the social_auth library and use authlib instead.

Related issue #1139

@LenkaSeg LenkaSeg requested a review from a team as a code owner November 12, 2021 08:10
@LenkaSeg LenkaSeg changed the title Migrate social_auth to authlib [WIP] Migrate social_auth to authlib Nov 12, 2021
@LenkaSeg
Copy link
Contributor Author

What is working so far: authentication with GitHub and Google.
What is needed: Fedora, create a new social table in models, do something with the next, so it does not redirect to main page, tests, documentation.

@softwarefactory-project-zuul
Copy link

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci

@lgtm-com
Copy link

lgtm-com bot commented Nov 12, 2021

This pull request introduces 2 alerts when merging ffbba79 into b16ca5e - view on LGTM.com

new alerts:

  • 1 for Unused import
  • 1 for Module is imported with 'import' and 'import from'

@Zlopez Zlopez linked an issue Nov 15, 2021 that may be closed by this pull request
requirements.txt Outdated
@@ -11,7 +11,6 @@ ordered-set>=3.1, <5.0.0
packaging>=20.0 # (no upper limit, this is a calendar-based version)
python-dateutil>=2.8.0, <3.0.0
semver>=2.8.1, <3.0.0
social-auth-app-flask>=1.0.0, <2.0.0
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be nice to add the authlib to requirements.txt as well.

@@ -42,6 +42,7 @@
fedora-messaging,
python3-alembic,
python3-arrow,
python-authlib,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's nice that the authlib is available in Fedora, one less package to download from PyPi.

SSE_FEED="http://firehose.libraries.io/events",
CRON_POOL=10, # Number of workers for check service
CHECK_TIMEOUT=600, # Timeout for check service
# When this number of failed checks is reached,
# project will be automatically removed, if no version was retrieved yet
CHECK_ERROR_THRESHOLD=100,
# Enabled authentication backends
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be also done in the example config and config for vagrant and container setup.

@@ -0,0 +1,59 @@
import flask
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This file deserves some comments. :-)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I saw that the social_auth stuff was registered as flask blueprint in the app.py, so I was trying to make it similar.
The rest is from authlib examples. The def oauthlogin is usually named login in the authlib documentation. I renamed it because there already is login function in ui.py.
Then I created the tokens in github and google for the anitya app and since both parties send a different user_info, so it is processed differently.
I will add docstrings and comments.

@LenkaSeg LenkaSeg changed the title [WIP] Migrate social_auth to authlib [WIP] Make anitya use authlib instead of social_auth Nov 15, 2021
@romulasry
Copy link

This would be nice for https://rpmfusion.org/ next. Good job.

@Zlopez
Copy link
Contributor

Zlopez commented Apr 28, 2022

Because there is now initiative working on Flask OIDC to remove the deprecated parts, we should probably use it instead of using authlib directly.

@romulasry
Copy link

romulasry commented Jan 29, 2023

@Zlopez Zlopez mentioned this pull request Jul 11, 2024
anitya/app.py Fixed Show fixed Hide fixed
anitya/app.py Fixed Show fixed Hide fixed
Copy link

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci
https://fedora.softwarefactory-project.io/zuul/buildset/dc194463201c4311ac2115d0343ab20d

fi-tox-mypy FAILURE in 4m 09s
fi-tox-lint FAILURE in 4m 56s
fi-tox-format FAILURE in 5m 00s
fi-tox-python310 FAILURE in 5m 10s
fi-tox-python311 FAILURE in 5m 22s
fi-tox-python312 FAILURE in 5m 47s
fi-tox-docs FAILURE in 5m 03s
✔️ fi-tox-bandit SUCCESS in 4m 54s
fi-tox-diff-cover FAILURE in 6m 16s

Removes social_auth_sqlalchemy references as the social_auth tables are
no longer needed with authlib.
All tests are now passing.

Signed-off-by: Michal Konecny <[email protected]>
Copy link

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci
https://fedora.softwarefactory-project.io/zuul/buildset/53927e9b46d24e17a6270826206050e3

✔️ fi-tox-mypy SUCCESS in 4m 35s
fi-tox-lint FAILURE in 4m 29s
fi-tox-format FAILURE in 4m 15s
✔️ fi-tox-python310 SUCCESS in 8m 03s
✔️ fi-tox-python311 SUCCESS in 7m 19s
✔️ fi-tox-python312 SUCCESS in 8m 19s
✔️ fi-tox-docs SUCCESS in 5m 03s
✔️ fi-tox-bandit SUCCESS in 4m 27s
fi-tox-diff-cover FAILURE in 8m 55s

@Zlopez
Copy link
Contributor

Zlopez commented Nov 27, 2024

So here is the list of things I need to finish after initial work with this PR:

  • Update documentation
  • Update default config file
  • Add Fedora oauth support
  • Remove social_auth tables
  • Create alembic migration for social_auth tables
  • Update web page design

I found out that the social_auth tables are no longer needed as the e-mail is enough for authlib.

After merging this I will probably release a new major version, as the removal of social_auth tables is backwards compatibility breaking change.

With the removal of social_auth libraries the dev environment needs to
be updated as well.

Signed-off-by: Michal Konecny <[email protected]>
Copy link

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci
https://fedora.softwarefactory-project.io/zuul/buildset/4fab9e7ecb1c4959950c96f5a2ab33a0

✔️ fi-tox-mypy SUCCESS in 5m 26s
fi-tox-lint FAILURE in 4m 43s
✔️ fi-tox-format SUCCESS in 4m 56s
✔️ fi-tox-python310 SUCCESS in 8m 09s
✔️ fi-tox-python311 SUCCESS in 7m 48s
✔️ fi-tox-python312 SUCCESS in 8m 32s
✔️ fi-tox-docs SUCCESS in 5m 37s
✔️ fi-tox-bandit SUCCESS in 4m 45s
fi-tox-diff-cover FAILURE in 9m 01s

Signed-off-by: Michal Konecny <[email protected]>
Copy link

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci
https://fedora.softwarefactory-project.io/zuul/buildset/6af90a3e45d943239e34c2c1bccc36d1

✔️ fi-tox-mypy SUCCESS in 4m 55s
fi-tox-lint FAILURE in 4m 26s
✔️ fi-tox-format SUCCESS in 4m 23s
fi-tox-python310 FAILURE in 7m 28s
fi-tox-python311 FAILURE in 7m 27s
fi-tox-python312 FAILURE in 8m 18s
✔️ fi-tox-docs SUCCESS in 5m 11s
✔️ fi-tox-bandit SUCCESS in 4m 21s
fi-tox-diff-cover FAILURE in 9m 02s

Signed-off-by: Michal Konecny <[email protected]>
Copy link

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci
https://fedora.softwarefactory-project.io/zuul/buildset/f664bd1d7a804f479a9be4442236f384

✔️ fi-tox-mypy SUCCESS in 4m 58s
fi-tox-lint FAILURE in 4m 22s
✔️ fi-tox-format SUCCESS in 4m 48s
fi-tox-python310 FAILURE in 7m 47s
fi-tox-python311 FAILURE in 7m 39s
fi-tox-python312 FAILURE in 8m 35s
✔️ fi-tox-docs SUCCESS in 5m 32s
✔️ fi-tox-bandit SUCCESS in 4m 36s
fi-tox-diff-cover FAILURE in 8m 45s

Signed-off-by: Michal Konecny <[email protected]>
Copy link

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci
https://fedora.softwarefactory-project.io/zuul/buildset/97c861828cb04a76ace449bfe8ca7d82

✔️ fi-tox-mypy SUCCESS in 5m 02s
✔️ fi-tox-lint SUCCESS in 4m 39s
✔️ fi-tox-format SUCCESS in 4m 25s
✔️ fi-tox-python310 SUCCESS in 7m 52s
✔️ fi-tox-python311 SUCCESS in 7m 59s
✔️ fi-tox-python312 SUCCESS in 8m 01s
✔️ fi-tox-docs SUCCESS in 5m 29s
✔️ fi-tox-bandit SUCCESS in 4m 48s
fi-tox-diff-cover FAILURE in 8m 19s

The authentication callback isn't easy to test as the authlib is tightly
integrated to flask and hard to mock. That is why it's not covered by tests.

Signed-off-by: Michal Konecny <[email protected]>
Copy link

Build succeeded.
https://fedora.softwarefactory-project.io/zuul/buildset/c1f20d8f7b004f56a52c21966ef7a934

✔️ fi-tox-mypy SUCCESS in 5m 55s
✔️ fi-tox-lint SUCCESS in 4m 49s
✔️ fi-tox-format SUCCESS in 4m 49s
✔️ fi-tox-python310 SUCCESS in 8m 06s
✔️ fi-tox-python311 SUCCESS in 8m 34s
✔️ fi-tox-python312 SUCCESS in 9m 02s
✔️ fi-tox-docs SUCCESS in 6m 13s
✔️ fi-tox-bandit SUCCESS in 5m 11s
✔️ fi-tox-diff-cover SUCCESS in 9m 38s

@Zlopez
Copy link
Contributor

Zlopez commented Dec 2, 2024

I would need to review all the changes, but I think we are ready to go.

@Zlopez Zlopez changed the title [WIP] Make anitya use authlib instead of social_auth Make anitya use authlib instead of social_auth Dec 2, 2024
@Zlopez Zlopez merged commit b02796e into fedora-infra:master Dec 3, 2024
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Migrate from social_auth to something else
3 participants