agateau-gg · April 21, 2022 09:08
diff --git a/webauth-feature-flag.diff b/webauth-feature-flag.diff
 diff --git a/.env.example b/.env.example
 index 223b4e5..ba6693d 100644
 --- a/.env.example
 +++ b/.env.example
 @@ -1,2 +1,3 @@
 GITGUARDIAN_API_KEY=__________FILL ME__________
 GITGUARDIAN_API_URL=https://api.gitguardian.com/
 +IS_WEB_AUTH_ENABLED=1
 diff --git a/ggshield/auth.py b/ggshield/auth.py
 index 2abab90..ccfc461 100644
 --- a/ggshield/auth.py
 +++ b/ggshield/auth.py
 @@ -8,11 +8,18 @@ from .oauth import OAuthClient
 from .utils import clean_url
 
 
 +def get_auth_methods():
 +    methods = ["token"]
 +    if int(os.getenv("IS_WEB_AUTH_ENABLED", 0)):
 +        methods.append("web")
 +    return methods
 +
 +
 @click.command()
 @click.option(
     "--method",
     required=True,
 -    type=click.Choice(["token", "web"]),
 +    type=click.Choice(get_auth_methods()),
     help="Authentication method.",
 )
 @click.option(
 @@ -78,10 +85,7 @@ def login_cmd(ctx: click.Context, method: str, instance: str) -> int:
         config.save()
         click.echo("Authentication was successful.")
     elif method == "web":
 -        if os.getenv("IS_WEB_AUTH_ENABLED", False):
 -            OAuthClient(config, instance).oauth_process()
 -        else:
 -            raise click.ClickException("The web auth login method is not enabled.")
 +        OAuthClient(config, instance).oauth_process()
     return 0
 
 
 diff --git a/tests/test_auth_cli.py b/tests/test_auth_cli.py
 index 0cfd822..7bde496 100644
 --- a/tests/test_auth_cli.py
 +++ b/tests/test_auth_cli.py
 @@ -36,11 +36,6 @@ def tmp_config(monkeypatch, tmp_path):
     monkeypatch.setattr("ggshield.config.get_auth_config_dir", lambda: str(tmp_path))
 
 
 [email protected]()
 -def enable_web_auth(monkeypatch):
 -    monkeypatch.setenv("IS_WEB_AUTH_ENABLED", True)
 -
 -
 class TestAuthLoginToken:
     VALID_TOKEN_PAYLOAD = {**_TOKEN_RESPONSE_PAYLOAD}
     INVALID_TOKEN_PAYLOAD = {"detail": "Invalid API key."}
 @@ -173,12 +168,6 @@ class TestAuthLoginToken:
 
 
 class TestAuthLoginWeb:
 -    def test_auth_login_web_not_enabled(self, cli_fs_runner):
 -        cmd = ["auth", "login", "--method=web"]
 -        result = cli_fs_runner.invoke(cli, cmd, color=False, catch_exceptions=True)
 -        assert result.exit_code == 1
 -        assert result.output == "Error: The web auth login method is not enabled.\n"
 -
     @pytest.mark.parametrize(
         ["port_used_count", "authorization_code", "is_exchange_ok", "is_token_valid"],
         [
 @@ -198,7 +187,6 @@ class TestAuthLoginWeb:
         is_token_valid,
         monkeypatch,
         cli_fs_runner,
 -        enable_web_auth,
     ):
         """
         GIVEN a valid API token
	diff --git a/.env.example b/.env.example
	index 223b4e5..ba6693d 100644
	--- a/.env.example
	+++ b/.env.example
	@@ -1,2 +1,3 @@
	GITGUARDIAN_API_KEY=__________FILL ME__________
	GITGUARDIAN_API_URL=https://api.gitguardian.com/
	+IS_WEB_AUTH_ENABLED=1
	diff --git a/ggshield/auth.py b/ggshield/auth.py
	index 2abab90..ccfc461 100644
	--- a/ggshield/auth.py
	+++ b/ggshield/auth.py
	@@ -8,11 +8,18 @@ from .oauth import OAuthClient
	from .utils import clean_url


	+def get_auth_methods():
	+ methods = ["token"]
	+ if int(os.getenv("IS_WEB_AUTH_ENABLED", 0)):
	+ methods.append("web")
	+ return methods
	+
	+
	@click.command()
	@click.option(
	"--method",
	required=True,
	- type=click.Choice(["token", "web"]),
	+ type=click.Choice(get_auth_methods()),
	help="Authentication method.",
	)
	@click.option(
	@@ -78,10 +85,7 @@ def login_cmd(ctx: click.Context, method: str, instance: str) -> int:
	config.save()
	click.echo("Authentication was successful.")
	elif method == "web":
	- if os.getenv("IS_WEB_AUTH_ENABLED", False):
	- OAuthClient(config, instance).oauth_process()
	- else:
	- raise click.ClickException("The web auth login method is not enabled.")
	+ OAuthClient(config, instance).oauth_process()
	return 0


	diff --git a/tests/test_auth_cli.py b/tests/test_auth_cli.py
	index 0cfd822..7bde496 100644
	--- a/tests/test_auth_cli.py
	+++ b/tests/test_auth_cli.py
	@@ -36,11 +36,6 @@ def tmp_config(monkeypatch, tmp_path):
	monkeypatch.setattr("ggshield.config.get_auth_config_dir", lambda: str(tmp_path))


	[email protected]()
	-def enable_web_auth(monkeypatch):
	- monkeypatch.setenv("IS_WEB_AUTH_ENABLED", True)
	-
	-
	class TestAuthLoginToken:
	VALID_TOKEN_PAYLOAD = {**_TOKEN_RESPONSE_PAYLOAD}
	INVALID_TOKEN_PAYLOAD = {"detail": "Invalid API key."}
	@@ -173,12 +168,6 @@ class TestAuthLoginToken:


	class TestAuthLoginWeb:
	- def test_auth_login_web_not_enabled(self, cli_fs_runner):
	- cmd = ["auth", "login", "--method=web"]
	- result = cli_fs_runner.invoke(cli, cmd, color=False, catch_exceptions=True)
	- assert result.exit_code == 1
	- assert result.output == "Error: The web auth login method is not enabled.\n"
	-
	@pytest.mark.parametrize(
	["port_used_count", "authorization_code", "is_exchange_ok", "is_token_valid"],
	[
	@@ -198,7 +187,6 @@ class TestAuthLoginWeb:
	is_token_valid,
	monkeypatch,
	cli_fs_runner,
	- enable_web_auth,
	):
	"""
	GIVEN a valid API token