From 6ea8f7e11e2b08080be475f5fcb18ad80c85fea0 Mon Sep 17 00:00:00 2001 From: Shauna Gordon-McKeon Date: Fri, 17 Dec 2021 15:17:05 -0500 Subject: [PATCH] have github token exchange use new config system --- metagov/metagov/plugins/github/models.py | 8 ++++++-- metagov/metagov/plugins/github/utils.py | 20 +++++++++++--------- 2 files changed, 17 insertions(+), 11 deletions(-) diff --git a/metagov/metagov/plugins/github/models.py b/metagov/metagov/plugins/github/models.py index 376521d1..42d5332b 100644 --- a/metagov/metagov/plugins/github/models.py +++ b/metagov/metagov/plugins/github/models.py @@ -25,7 +25,7 @@ def refresh_token(self): """Requests a new installation access token from Github using a JWT signed by private key.""" installation_id = self.config["installation_id"] self.state.set("installation_id", installation_id) - token = get_access_token(installation_id) + token = get_access_token(installation_id, community=self.community) self.state.set("installation_access_token", token) def initialize(self): @@ -55,7 +55,11 @@ def github_request(self, method, route, data=None, add_headers=None, refresh=Fal """Makes request to Github. If status code returned is 401 (bad credentials), refreshes the access token and tries again. Refresh parameter is used to make sure we only try once.""" - authorization = f"Bearer {get_jwt()}" if use_jwt else f"token {self.state.get('installation_access_token')}" + if use_jwt: + authorization = f"Bearer {get_jwt(community=self.community)}" + else: + authorization = f"token {self.state.get('installation_access_token')}" + headers = { "Authorization": authorization, "Accept": "application/vnd.github.v3+json" diff --git a/metagov/metagov/plugins/github/utils.py b/metagov/metagov/plugins/github/utils.py index 6be9837b..0e1378ed 100644 --- a/metagov/metagov/plugins/github/utils.py +++ b/metagov/metagov/plugins/github/utils.py @@ -1,8 +1,9 @@ """ Authentication """ import jwt, datetime, logging, requests -from django.conf import settings + from metagov.core.errors import PluginErrorInternal +from metagov.core.utils import get_configuration import sys @@ -10,12 +11,13 @@ logger = logging.getLogger(__name__) -github_settings = settings.METAGOV_SETTINGS["GITHUB"] -PRIVATE_KEY_PATH = github_settings["PRIVATE_KEY_PATH"] APP_ID = github_settings["APP_ID"] -def get_private_key(): + + +def get_private_key(community): + PRIVATE_KEY_PATH = get_configuration("GITHUB_PRIVATE_KEY_PATH", community=community) with open(PRIVATE_KEY_PATH) as f: lines = f.readlines() if len(lines) == 1: @@ -24,25 +26,25 @@ def get_private_key(): return "".join(lines) -def get_jwt(): +def get_jwt(community): if TEST: return "" payload = { # GitHub App's identifier - "iss": APP_ID, + "iss": get_configuration("GITHUB_PRIVATE_KEY_PATH", community=community), # issued at time, 60 seconds in the past to allow for clock drift "iat": int(datetime.datetime.now().timestamp()) - 60, # JWT expiration time (10 minute maximum) "exp": int(datetime.datetime.now().timestamp()) + (9 * 60) } - return jwt.encode(payload, get_private_key(), algorithm="RS256") + return jwt.encode(payload, get_private_key(community), algorithm="RS256") -def get_access_token(installation_id): +def get_access_token(installation_id, community=community): """Get installation access token using installation id""" headers = { "Accept": "application/vnd.github.v3+json", - "Authorization": f"Bearer {get_jwt()}" + "Authorization": f"Bearer {get_jwt(community)}" } url = f"https://api.github.com/app/installations/{installation_id}/access_tokens" resp = requests.request("POST", url, headers=headers)