Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix access token expiration and refresh token handling in GitHub backend #933

Merged
merged 1 commit into from
Sep 2, 2024
Merged

Fix access token expiration and refresh token handling in GitHub backend #933

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/).

### Changed
- Handle case where user has not registered a `family-name` with ORCID
- Fix access token expiration and refresh token handling in GitHub backend

## [4.5.4](https://github.com/python-social-auth/social-core/releases/tag/4.5.4) - 2024-04-25

Expand Down
7 changes: 6 additions & 1 deletion social_core/backends/github.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,12 @@ class GithubOAuth2(BaseOAuth2):
REDIRECT_STATE = False
STATE_PARAMETER = True
SEND_USER_AGENT = True
EXTRA_DATA = [("id", "id"), ("expires", "expires"), ("login", "login")]
EXTRA_DATA = [
("id", "id"),
("expires_in", "expires"),
("login", "login"),
("refresh_token", "refresh_token"),
]

def api_url(self):
return self.API_URL
Expand Down
61 changes: 60 additions & 1 deletion social_core/tests/backends/test_github.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,24 @@ class GithubOAuth2Test(OAuth2Test):
backend_path = "social_core.backends.github.GithubOAuth2"
user_data_url = "https://api.github.com/user"
expected_username = "foobar"
access_token_body = json.dumps({"access_token": "foobar", "token_type": "bearer"})
access_token_body = json.dumps(
{
"access_token": "foobar",
"token_type": "bearer",
"expires_in": 28800,
"refresh_token": "foobar-refresh-token",
}
)
refresh_token_body = json.dumps(
{
"access_token": "foobar-new-token",
"token_type": "bearer",
"expires_in": 28800,
"refresh_token": "foobar-new-refresh-token",
"refresh_token_expires_in": 15897600,
"scope": "",
}
)
user_data_body = json.dumps(
{
"login": "foobar",
Expand Down Expand Up @@ -46,12 +63,25 @@ class GithubOAuth2Test(OAuth2Test):
}
)

def do_login(self):
user = super().do_login()
social = user.social[0]

self.assertIsNotNone(social.extra_data["expires"])
self.assertIsNotNone(social.extra_data["refresh_token"])

return user

def test_login(self):
self.do_login()

def test_partial_pipeline(self):
self.do_partial_pipeline()

def test_refresh_token(self):
user, social = self.do_refresh_token()
self.assertEqual(social.extra_data["access_token"], "foobar-new-token")


class GithubOAuth2NoEmailTest(GithubOAuth2Test):
user_data_body = json.dumps(
Expand Down Expand Up @@ -122,6 +152,17 @@ def test_partial_pipeline(self):
)
self.do_partial_pipeline()

def test_refresh_token(self):
url = "https://api.github.com/user/emails"
HTTPretty.register_uri(
HTTPretty.GET,
url,
status=200,
body=json.dumps([{"email": "foo@bar.com"}]),
content_type="application/json",
)
self.do_refresh_token()


class GithubOrganizationOAuth2Test(GithubOAuth2Test):
backend_path = "social_core.backends.github.GithubOrganizationOAuth2"
Expand All @@ -139,6 +180,10 @@ def test_partial_pipeline(self):
self.strategy.set_settings({"SOCIAL_AUTH_GITHUB_ORG_NAME": "foobar"})
self.do_partial_pipeline()

def test_refresh_token(self):
self.strategy.set_settings({"SOCIAL_AUTH_GITHUB_ORG_NAME": "foobar"})
self.do_refresh_token()


class GithubOrganizationOAuth2FailTest(GithubOAuth2Test):
backend_path = "social_core.backends.github.GithubOrganizationOAuth2"
Expand All @@ -164,6 +209,11 @@ def test_partial_pipeline(self):
with self.assertRaises(AuthFailed):
self.do_partial_pipeline()

def test_refresh_token(self):
self.strategy.set_settings({"SOCIAL_AUTH_GITHUB_ORG_NAME": "foobar"})
with self.assertRaises(AuthFailed):
self.do_refresh_token()


class GithubTeamOAuth2Test(GithubOAuth2Test):
backend_path = "social_core.backends.github.GithubTeamOAuth2"
Expand All @@ -181,6 +231,10 @@ def test_partial_pipeline(self):
self.strategy.set_settings({"SOCIAL_AUTH_GITHUB_TEAM_ID": "123"})
self.do_partial_pipeline()

def test_refresh_token(self):
self.strategy.set_settings({"SOCIAL_AUTH_GITHUB_TEAM_ID": "123"})
self.do_refresh_token()


class GithubTeamOAuth2FailTest(GithubOAuth2Test):
backend_path = "social_core.backends.github.GithubTeamOAuth2"
Expand All @@ -205,3 +259,8 @@ def test_partial_pipeline(self):
self.strategy.set_settings({"SOCIAL_AUTH_GITHUB_TEAM_ID": "123"})
with self.assertRaises(AuthFailed):
self.do_partial_pipeline()

def test_refresh_token(self):
self.strategy.set_settings({"SOCIAL_AUTH_GITHUB_TEAM_ID": "123"})
with self.assertRaises(AuthFailed):
self.do_refresh_token()
Loading