auth: Allow setting GOOGLE_OAUTH2_CLIENT_ID from dev-secrets.

This makes it much more convenient to use Google/GitHub authentication in a Zulip development environment for testing; one only has to set it up once.
2019-06-14 01:00:55 +05:30 · 2019-06-14 01:00:55 +05:30 · cc91e6cb94
parent 16a345a766
commit cc91e6cb94
5 changed files with 30 additions and 8 deletions
--- a/docs/subsystems/auth.md
+++ b/docs/subsystems/auth.md
@ -41,9 +41,8 @@ Here are the full procedures for dev:
  `https://zulipdev.com:9991/accounts/login/google/done/` .

 * You should get a client ID and a client secret. Copy them. In
-  `dev_settings.py`, set `GOOGLE_OAUTH2_CLIENT_ID` to the client ID,
-  and in `dev-secrets.conf`, set `google_oauth2_client_secret` to the
-  client secret.
+  `dev-secrets.conf`, set `google_auth2_client_id` to the client ID
+  and `google_oauth2_client_secret` to the client secret.

 ### GitHub

--- a/templates/zerver/config_error.html
+++ b/templates/zerver/config_error.html
@ -49,7 +49,11 @@
                    {% endif %}

                    {% if google_error %}
-                    {{ render_markdown_path('zerver/google-error.md', {"root_domain_uri": root_domain_uri, "settings_path": settings_path, "secrets_path": secrets_path}) }}
+                        {% if development_environment %}
+                        {{ render_markdown_path('zerver/google-error.md', {"root_domain_uri": root_domain_uri, "settings_path": secrets_path, "secrets_path": secrets_path, "client_id_key_name": "google_oauth2_client_id"}) }}
+                        {% else %}
+                        {{ render_markdown_path('zerver/google-error.md', {"root_domain_uri": root_domain_uri, "settings_path": settings_path, "secrets_path": secrets_path, "client_id_key_name": "GOOGLE_OAUTH2_CLIENT_ID"}) }}
+                        {% endif %}
                    {% endif %}

                    {% if github_error %}
--- a/templates/zerver/google-error.md
+++ b/templates/zerver/google-error.md
@ -7,7 +7,7 @@ You can create OAuth2 apps at [the Google developer console](https://console.dev
 * You have configured your OAuth2 client to allow redirects to your
 server's Google auth URL: `{{ root_domain_uri }}/accounts/login/google/done/`.

-* You have set `GOOGLE_OAUTH2_CLIENT_ID` in `{{ settings_path }}` and
+* You have set `{{ client_id_key_name }}` in `{{ settings_path }}` and
 `google_oauth2_client_secret` in `{{ secrets_path }}`.

 * Navigate back to the login page and attempt the Google auth flow again.
--- a/zerver/tests/test_docs.py
+++ b/zerver/tests/test_docs.py
@ -330,11 +330,32 @@ class AboutPageTest(ZulipTestCase):
 class ConfigErrorTest(ZulipTestCase):
    @override_settings(GOOGLE_OAUTH2_CLIENT_ID=None)
    def test_google(self) -> None:
+        result = self.client_get("/accounts/login/google/")
+        self.assertEqual(result.status_code, 302)
+        self.assertEqual(result.url, '/config-error/google')
+        result = self.client_get(result.url)
+        self.assert_in_success_response(["google_oauth2_client_id"], result)
+        self.assert_in_success_response(["google_oauth2_client_secret"], result)
+        self.assert_in_success_response(["zproject/dev-secrets.conf"], result)
+        self.assert_not_in_success_response(["GOOGLE_OAUTH2_CLIENT_ID"], result)
+        self.assert_not_in_success_response(["zproject/dev_settings.py"], result)
+        self.assert_not_in_success_response(["/etc/zulip/settings.py"], result)
+        self.assert_not_in_success_response(["/etc/zulip/zulip-secrets.conf"], result)
+
+    @override_settings(GOOGLE_OAUTH2_CLIENT_ID=None)
+    @override_settings(DEVELOPMENT=False)
+    def test_google_production_error(self) -> None:
        result = self.client_get("/accounts/login/google/")
        self.assertEqual(result.status_code, 302)
        self.assertEqual(result.url, '/config-error/google')
        result = self.client_get(result.url)
        self.assert_in_success_response(["GOOGLE_OAUTH2_CLIENT_ID"], result)
+        self.assert_in_success_response(["/etc/zulip/settings.py"], result)
+        self.assert_in_success_response(["google_oauth2_client_secret"], result)
+        self.assert_in_success_response(["/etc/zulip/zulip-secrets.conf"], result)
+        self.assert_not_in_success_response(["google_oauth2_client_id"], result)
+        self.assert_not_in_success_response(["zproject/dev_settings.py"], result)
+        self.assert_not_in_success_response(["zproject/dev-secrets.conf"], result)

    @override_settings(SOCIAL_AUTH_GITHUB_KEY=None)
    def test_github(self) -> None:
--- a/zproject/settings.py
+++ b/zproject/settings.py
@ -136,9 +136,6 @@ DEFAULT_SETTINGS = {
    # Other settings, like EMAIL_HOST_USER, EMAIL_PORT, and EMAIL_USE_TLS,
    # we leave up to Django's defaults.

-    # Google auth
-    'GOOGLE_OAUTH2_CLIENT_ID': None,
-
    # LDAP auth
    'AUTH_LDAP_SERVER_URI': "",
    'LDAP_EMAIL_ATTR': None,
@ -157,6 +154,7 @@ DEFAULT_SETTINGS = {
    # Social auth; we support providing values for some of these
    # settings in zulip-secrets.conf instead of settings.py in development.
    'SOCIAL_AUTH_GITHUB_KEY': get_secret('social_auth_github_key', development_only=True),
+    'GOOGLE_OAUTH2_CLIENT_ID': get_secret('google_oauth2_client_id', development_only=True),
    'SOCIAL_AUTH_GITHUB_ORG_NAME': None,
    'SOCIAL_AUTH_GITHUB_TEAM_ID': None,
    'SOCIAL_AUTH_SUBDOMAIN': None,