have github token exchange use new config system

metagov · Dec 17, 2021 · 6ea8f7e · 6ea8f7e
1 parent 5878d50
commit 6ea8f7e
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 11 deletions.
diff --git a/metagov/metagov/plugins/github/models.py b/metagov/metagov/plugins/github/models.py
@@ -25,7 +25,7 @@ def refresh_token(self):
         """Requests a new installation access token from Github using a JWT signed by private key."""
         installation_id = self.config["installation_id"]
         self.state.set("installation_id", installation_id)
-        token = get_access_token(installation_id)
+        token = get_access_token(installation_id, community=self.community)
         self.state.set("installation_access_token", token)
 
     def initialize(self):
@@ -55,7 +55,11 @@ def github_request(self, method, route, data=None, add_headers=None, refresh=Fal
         """Makes request to Github. If status code returned is 401 (bad credentials), refreshes the
         access token and tries again. Refresh parameter is used to make sure we only try once."""
 
-        authorization = f"Bearer {get_jwt()}" if use_jwt else f"token {self.state.get('installation_access_token')}"
+        if use_jwt:
+            authorization = f"Bearer {get_jwt(community=self.community)}"
+        else:
+            authorization =  f"token {self.state.get('installation_access_token')}"
+
         headers = {
             "Authorization": authorization,
             "Accept": "application/vnd.github.v3+json"

diff --git a/metagov/metagov/plugins/github/utils.py b/metagov/metagov/plugins/github/utils.py
@@ -1,21 +1,23 @@
 """ Authentication """
 
 import jwt, datetime, logging, requests
-from django.conf import settings
+
 from metagov.core.errors import PluginErrorInternal
+from metagov.core.utils import get_configuration
 
 import sys
 
 TEST = 'test' in sys.argv
 
 logger = logging.getLogger(__name__)
 
-github_settings = settings.METAGOV_SETTINGS["GITHUB"]
-PRIVATE_KEY_PATH = github_settings["PRIVATE_KEY_PATH"]
 APP_ID = github_settings["APP_ID"]
 
 
-def get_private_key():
+
+
+def get_private_key(community):
+    PRIVATE_KEY_PATH = get_configuration("GITHUB_PRIVATE_KEY_PATH", community=community)
     with open(PRIVATE_KEY_PATH) as f:
         lines = f.readlines()
     if len(lines) == 1:
@@ -24,25 +26,25 @@ def get_private_key():
         return "".join(lines)
 
 
-def get_jwt():
+def get_jwt(community):
     if TEST: return ""
 
     payload = {
         # GitHub App's identifier
-        "iss": APP_ID,
+        "iss": get_configuration("GITHUB_PRIVATE_KEY_PATH", community=community),
         # issued at time, 60 seconds in the past to allow for clock drift
         "iat": int(datetime.datetime.now().timestamp()) - 60,
         # JWT expiration time (10 minute maximum)
         "exp": int(datetime.datetime.now().timestamp()) + (9 * 60)
     }
-    return jwt.encode(payload, get_private_key(), algorithm="RS256")
+    return jwt.encode(payload, get_private_key(community), algorithm="RS256")
 
 
-def get_access_token(installation_id):
+def get_access_token(installation_id, community=community):
     """Get installation access token using installation id"""
     headers = {
         "Accept": "application/vnd.github.v3+json",
-        "Authorization": f"Bearer {get_jwt()}"
+        "Authorization": f"Bearer {get_jwt(community)}"
     }
     url = f"https://api.github.com/app/installations/{installation_id}/access_tokens"
     resp = requests.request("POST", url, headers=headers)