Git service: attach each service to an allauth provider (#11995)

- With #11942, there
is the need to get an OAuth2 client from an account, so that method was
moved outside the UserService class, and it just depends on the social
account.
- provider_id and provider name don't need to be an instance method, and
can be extracted from the allauth provider attached to the service
class.

This is on top of
#11983

Author: stsewd

readthedocs/api/v2/views/model_views.py

@@ -420,7 +420,7 @@ def get_queryset(self):
             self.model.objects.api_v2(self.request.user)
             .filter(
                 remote_organization_relations__account__provider__in=[
-                    service.adapter.provider_id for service in registry
+                    service.allauth_provider.id for service in registry
                 ]
             )
             .distinct()
@@ -466,7 +466,7 @@ def get_queryset(self):
 
         query = query.filter(
             remote_repository_relations__account__provider__in=[
-                service.adapter.provider_id for service in registry
+                service.allauth_provider.id for service in registry
             ],
         ).distinct()
 

readthedocs/builds/tasks.py

@@ -428,7 +428,7 @@ def send_build_status(build_pk, commit, status):
         message_id=MESSAGE_OAUTH_BUILD_STATUS_FAILURE,
         attached_to=build.project,
         format_values={
-            "provider_name": service_class.provider_name,
+            "provider_name": service_class.allauth_provider.name,
             "url_connect_account": reverse("socialaccount_connections"),
         },
         dismissable=True,

readthedocs/oauth/clients.py

@@ -0,0 +1,71 @@
+from datetime import datetime
+
+import structlog
+from django.utils import timezone
+from requests_oauthlib import OAuth2Session
+
+log = structlog.get_logger(__name__)
+
+
+def _get_token_updater(token):
+    """
+    Update token given data from OAuth response.
+
+    Expect the following response into the closure::
+
+        {
+            u'token_type': u'bearer',
+            u'scopes': u'webhook repository team account',
+            u'refresh_token': u'...',
+            u'access_token': u'...',
+            u'expires_in': 3600,
+            u'expires_at': 1449218652.558185
+        }
+    """
+
+    def _updater(data):
+        token.token = data["access_token"]
+        token.token_secret = data.get("refresh_token", "")
+        token.expires_at = timezone.make_aware(
+            datetime.fromtimestamp(data["expires_at"]),
+        )
+        token.save()
+        log.info("Updated token.", token_id=token.pk)
+
+    return _updater
+
+
+def get_oauth2_client(account):
+    """Get an OAuth2 client for the given social account."""
+    token = account.socialtoken_set.first()
+    if token is None:
+        return None
+
+    token_config = {
+        "access_token": token.token,
+        "token_type": "bearer",
+    }
+    if token.expires_at is not None:
+        token_expires = (token.expires_at - timezone.now()).total_seconds()
+        token_config.update(
+            {
+                "refresh_token": token.token_secret,
+                "expires_in": token_expires,
+            }
+        )
+
+    provider = account.get_provider()
+    social_app = provider.app
+    oauth2_adapter = provider.get_oauth2_adapter(request=provider.request)
+
+    session = OAuth2Session(
+        client_id=social_app.client_id,
+        token=token_config,
+        auto_refresh_kwargs={
+            "client_id": social_app.client_id,
+            "client_secret": social_app.secret,
+        },
+        auto_refresh_url=oauth2_adapter.access_token_url,
+        token_updater=_get_token_updater(token),
+    )
+    return session

readthedocs/oauth/services/base.py

@@ -1,19 +1,18 @@
 """OAuth utility functions."""
 import re
-from datetime import datetime
+from functools import cached_property
 
 import structlog
 from allauth.socialaccount.models import SocialAccount
-from allauth.socialaccount.providers.oauth2.views import OAuth2Adapter
+from allauth.socialaccount.providers.oauth2.provider import OAuth2Provider
 from django.conf import settings
 from django.urls import reverse
-from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 from oauthlib.oauth2.rfc6749.errors import InvalidClientIdError
 from requests.exceptions import RequestException
-from requests_oauthlib import OAuth2Session
 
 from readthedocs.core.permissions import AdminPermission
+from readthedocs.oauth.clients import get_oauth2_client
 
 log = structlog.get_logger(__name__)
 
@@ -33,8 +32,9 @@ class Service:
     """Base class for service that interacts with a VCS provider and a project."""
 
     vcs_provider_slug: str
+    allauth_provider = type[OAuth2Provider]
+
     url_pattern: re.Pattern | None
-    provider_name: str
     default_user_avatar_url = settings.OAUTH_AVATAR_USER_DEFAULT_URL
     default_org_avatar_url = settings.OAUTH_AVATAR_ORG_DEFAULT_URL
     supports_build_status = False
@@ -127,15 +127,12 @@ class UserService(Service):
     :param account: :py:class:`SocialAccount` instance for user
     """
 
-    adapter = None
-
     def __init__(self, user, account):
-        self.session = None
         self.user = user
         self.account = account
         log.bind(
             user_username=self.user.username,
-            social_provider=self.provider_id,
+            social_provider=self.allauth_provider.id,
             social_account_id=self.account.pk,
         )
 
@@ -149,96 +146,14 @@ def for_project(cls, project):
     def for_user(cls, user):
         accounts = SocialAccount.objects.filter(
             user=user,
-            provider=cls.adapter.provider_id,
+            provider=cls.allauth_provider.id,
         )
         for account in accounts:
             yield cls(user=user, account=account)
 
-    def get_adapter(self) -> type[OAuth2Adapter]:
-        return self.adapter
-
-    @property
-    def provider_id(self):
-        return self.get_adapter().provider_id
-
-    def get_session(self):
-        if self.session is None:
-            self.create_session()
-        return self.session
-
-    def get_access_token_url(self):
-        # ``access_token_url`` is a property in some adapters,
-        # so we need to instantiate it to get the actual value.
-        # pylint doesn't recognize that get_adapter returns a class.
-        # pylint: disable=not-callable
-        adapter = self.get_adapter()(request=None)
-        return adapter.access_token_url
-
-    def create_session(self):
-        """
-        Create OAuth session for user.
-
-        This configures the OAuth session based on the :py:class:`SocialToken`
-        attributes. If there is an ``expires_at``, treat the session as an auto
-        renewing token. Some providers expire tokens after as little as 2 hours.
-        """
-        token = self.account.socialtoken_set.first()
-        if token is None:
-            return None
-
-        token_config = {
-            "access_token": token.token,
-            "token_type": "bearer",
-        }
-        if token.expires_at is not None:
-            token_expires = (token.expires_at - timezone.now()).total_seconds()
-            token_config.update(
-                {
-                    "refresh_token": token.token_secret,
-                    "expires_in": token_expires,
-                }
-            )
-
-        social_app = self.account.get_provider().app
-        self.session = OAuth2Session(
-            client_id=social_app.client_id,
-            token=token_config,
-            auto_refresh_kwargs={
-                "client_id": social_app.client_id,
-                "client_secret": social_app.secret,
-            },
-            auto_refresh_url=self.get_access_token_url(),
-            token_updater=self.token_updater(token),
-        )
-
-        return self.session or None
-
-    def token_updater(self, token):
-        """
-        Update token given data from OAuth response.
-
-        Expect the following response into the closure::
-
-            {
-                u'token_type': u'bearer',
-                u'scopes': u'webhook repository team account',
-                u'refresh_token': u'...',
-                u'access_token': u'...',
-                u'expires_in': 3600,
-                u'expires_at': 1449218652.558185
-            }
-        """
-
-        def _updater(data):
-            token.token = data["access_token"]
-            token.token_secret = data.get("refresh_token", "")
-            token.expires_at = timezone.make_aware(
-                datetime.fromtimestamp(data["expires_at"]),
-            )
-            token.save()
-            log.info("Updated token.", token_id=token.pk)
-
-        return _updater
+    @cached_property
+    def session(self):
+        return get_oauth2_client(self.account)
 
     def paginate(self, url, **kwargs):
         """
@@ -251,7 +166,7 @@ def paginate(self, url, **kwargs):
         """
         resp = None
         try:
-            resp = self.get_session().get(url, params=kwargs)
+            resp = self.session.get(url, params=kwargs)
 
             # TODO: this check of the status_code would be better in the
             # ``create_session`` method since it could be used from outside, but
@@ -263,7 +178,7 @@ def paginate(self, url, **kwargs):
                 # needs to reconnect his account
                 raise SyncServiceError(
                     SyncServiceError.INVALID_OR_REVOKED_ACCESS_TOKEN.format(
-                        provider=self.provider_name
+                        provider=self.allauth_provider.name
                     )
                 )
 
@@ -277,7 +192,7 @@ def paginate(self, url, **kwargs):
             log.warning("access_token or refresh_token failed.", url=url)
             raise SyncServiceError(
                 SyncServiceError.INVALID_OR_REVOKED_ACCESS_TOKEN.format(
-                    provider=self.provider_name
+                    provider=self.allauth_provider.name
                 )
             )
         # Catch exceptions with request or deserializing JSON

readthedocs/oauth/services/bitbucket.py

@@ -4,8 +4,8 @@
 import re
 
 import structlog
-from allauth.socialaccount.providers.bitbucket_oauth2.views import (
-    BitbucketOAuth2Adapter,
+from allauth.socialaccount.providers.bitbucket_oauth2.provider import (
+    BitbucketOAuth2Provider,
 )
 from django.conf import settings
 from requests.exceptions import RequestException
@@ -24,12 +24,12 @@ class BitbucketService(UserService):
 
     """Provider service for Bitbucket."""
 
-    adapter = BitbucketOAuth2Adapter
+    vcs_provider_slug = BITBUCKET
+    allauth_provider = BitbucketOAuth2Provider
+    base_api_url = "https://api.bitbucket.org"
     # TODO replace this with a less naive check
     url_pattern = re.compile(r"bitbucket.org")
     https_url_pattern = re.compile(r"^https:\/\/[^@][email protected]/")
-    vcs_provider_slug = BITBUCKET
-    provider_name = "Bitbucket"
 
     def sync_repositories(self):
         """Sync repositories from Bitbucket API."""
@@ -49,7 +49,7 @@ def sync_repositories(self):
             log.warning("Error syncing Bitbucket repositories")
             raise SyncServiceError(
                 SyncServiceError.INVALID_OR_REVOKED_ACCESS_TOKEN.format(
-                    provider=self.vcs_provider_slug
+                    provider=self.allauth_provider.name
                 )
             )
 
@@ -82,7 +82,7 @@ def sync_organizations(self):
 
         try:
             workspaces = self.paginate(
-                "https://api.bitbucket.org/2.0/workspaces/",
+                f"{self.base_api_url}/2.0/workspaces/",
                 role="member",
             )
             for workspace in workspaces:
@@ -102,7 +102,7 @@ def sync_organizations(self):
             log.warning("Error syncing Bitbucket organizations")
             raise SyncServiceError(
                 SyncServiceError.INVALID_OR_REVOKED_ACCESS_TOKEN.format(
-                    provider=self.vcs_provider_slug
+                    provider=self.allauth_provider.name
                 )
             )
 
@@ -235,9 +235,8 @@ def get_provider_data(self, project, integration):
         if integration.provider_data:
             return integration.provider_data
 
-        session = self.get_session()
         owner, repo = build_utils.get_bitbucket_username_repo(url=project.repo)
-        url = f"https://api.bitbucket.org/2.0/repositories/{owner}/{repo}/hooks"
+        url = f"{self.base_api_url}/2.0/repositories/{owner}/{repo}/hooks"
 
         rtd_webhook_url = self.get_webhook_url(project, integration)
 
@@ -247,7 +246,7 @@ def get_provider_data(self, project, integration):
             url=url,
         )
         try:
-            resp = session.get(url)
+            resp = self.session.get(url)
 
             if resp.status_code == 200:
                 recv_data = resp.json()
@@ -284,9 +283,8 @@ def setup_webhook(self, project, integration=None):
         :returns: boolean based on webhook set up success, and requests Response object
         :rtype: (Bool, Response)
         """
-        session = self.get_session()
         owner, repo = build_utils.get_bitbucket_username_repo(url=project.repo)
-        url = f"https://api.bitbucket.org/2.0/repositories/{owner}/{repo}/hooks"
+        url = f"{self.base_api_url}/2.0/repositories/{owner}/{repo}/hooks"
         if not integration:
             integration, _ = Integration.objects.get_or_create(
                 project=project,
@@ -302,7 +300,7 @@ def setup_webhook(self, project, integration=None):
         )
 
         try:
-            resp = session.post(
+            resp = self.session.post(
                 url,
                 data=data,
                 headers={"content-type": "application/json"},
@@ -355,13 +353,12 @@ def update_webhook(self, project, integration):
         if not provider_data:
             return self.setup_webhook(project, integration)
 
-        session = self.get_session()
         data = self.get_webhook_data(project, integration)
         resp = None
         try:
             # Expect to throw KeyError here if provider_data is invalid
             url = provider_data["links"]["self"]["href"]
-            resp = session.put(
+            resp = self.session.put(
                 url,
                 data=data,
                 headers={"content-type": "application/json"},