Merge pull request #404 from supertokens/provider-fixes

fix: bitbucket gitlab impl and other fixes

Author: rishabhpoddar

supertokens_python/recipe/multitenancy/recipe.py

@@ -20,9 +20,7 @@
 from supertokens_python.recipe.session.claim_base_classes.primitive_array_claim import (
     PrimitiveArrayClaim,
 )
-from supertokens_python.recipe.session.interfaces import JSONObject
 from supertokens_python.recipe_module import APIHandled, RecipeModule
-from supertokens_python.utils import get_timestamp_ms
 
 from ...post_init_callbacks import PostSTInitCallbacks
 
@@ -207,26 +205,5 @@ async def fetch_value(
 
         super().__init__("st-t-dmns", fetch_value, default_max_age_in_sec)
 
-    def get_value_from_payload(
-        self, payload: JSONObject, user_context: Optional[Dict[str, Any]] = None
-    ) -> Optional[List[str]]:
-        _ = user_context
-
-        res = payload.get(self.key, {}).get("v")
-        if res is None:
-            return []
-        return res
-
-    def get_last_refetch_time(
-        self, payload: JSONObject, user_context: Optional[Dict[str, Any]] = None
-    ) -> Optional[int]:
-        _ = user_context
-
-        res = payload.get(self.key, {}).get("t")
-        if res is None:
-            return get_timestamp_ms()
-
-        return res
-
 
 AllowedDomainsClaim = AllowedDomainsClaimClass()

supertokens_python/recipe/thirdparty/provider.py

@@ -155,9 +155,7 @@ def __init__(
         third_party_id: str,
         name: Optional[str] = None,
         authorization_endpoint: Optional[str] = None,
-        authorization_endpoint_query_params: Optional[
-            Dict[str, Union[str, None]]
-        ] = None,
+        authorization_endpoint_query_params: Optional[Dict[str, Any]] = None,
         token_endpoint: Optional[str] = None,
         token_endpoint_body_params: Optional[Dict[str, Union[str, None]]] = None,
         user_info_endpoint: Optional[str] = None,

supertokens_python/recipe/thirdparty/providers/active_directory.py

@@ -54,13 +54,4 @@ def ActiveDirectory(
     if input.config.name is None:
         input.config.name = "Active Directory"
 
-    if input.config.user_info_map is None:
-        input.config.user_info_map = UserInfoMap(UserFields(), UserFields())
-
-    if input.config.user_info_map.from_id_token_payload.user_id is None:
-        input.config.user_info_map.from_id_token_payload.user_id = "sub"
-
-    if input.config.user_info_map.from_id_token_payload.email is None:
-        input.config.user_info_map.from_id_token_payload.email = "email"
-
     return NewProvider(input, ActiveDirectoryImpl)

supertokens_python/recipe/thirdparty/providers/bitbucket.py

@@ -14,13 +14,79 @@
 
 from __future__ import annotations
 
-from supertokens_python.recipe.thirdparty.provider import Provider
+from typing import Dict, Any, Optional
+
+from supertokens_python.recipe.thirdparty.provider import (
+    ProviderConfigForClient,
+    ProviderInput,
+    Provider,
+)
 from .custom import GenericProvider, NewProvider
-from ..provider import Provider, ProviderInput
+
+from .utils import do_get_request
+from ..types import RawUserInfoFromProvider, UserInfo, UserInfoEmail
 
 
 class BitbucketImpl(GenericProvider):
-    pass
+    async def get_config_for_client_type(
+        self, client_type: Optional[str], user_context: Dict[str, Any]
+    ) -> ProviderConfigForClient:
+        config = await super().get_config_for_client_type(client_type, user_context)
+
+        if config.scope is None:
+            config.scope = ["account", "email"]
+
+        return config
+
+    async def get_user_info(
+        self, oauth_tokens: Dict[str, Any], user_context: Dict[str, Any]
+    ) -> UserInfo:
+        _ = user_context
+        access_token = oauth_tokens.get("access_token")
+        if access_token is None:
+            raise Exception("Access token not found")
+
+        headers = {
+            "Authorization": f"Bearer {access_token}",
+        }
+
+        raw_user_info_from_provider = RawUserInfoFromProvider({}, {})
+
+        user_info_from_access_token = await do_get_request(
+            "https://api.bitbucket.org/2.0/user",
+            query_params=None,
+            headers=headers,
+        )
+
+        raw_user_info_from_provider.from_user_info_api = user_info_from_access_token
+
+        user_info_from_email = await do_get_request(
+            "https://api.bitbucket.org/2.0/user/emails",
+            query_params=None,
+            headers=headers,
+        )
+
+        if raw_user_info_from_provider.from_id_token_payload is None:
+            # Actually this should never happen but python type
+            # checker is not agreeing so doing this:
+            raw_user_info_from_provider.from_id_token_payload = {}
+
+        raw_user_info_from_provider.from_id_token_payload[
+            "email"
+        ] = user_info_from_email
+
+        email = None
+        is_verified = False
+        for email_info in user_info_from_email.values():
+            if email_info["is_primary"]:
+                email = email_info["email"]
+                is_verified = email_info["is_confirmed"]
+
+        return UserInfo(
+            third_party_user_id=raw_user_info_from_provider.from_user_info_api["uuid"],
+            email=None if email is None else UserInfoEmail(email, is_verified),
+            raw_user_info_from_provider=raw_user_info_from_provider,
+        )
 
 
 def Bitbucket(input: ProviderInput) -> Provider:  # pylint: disable=redefined-builtin
@@ -35,7 +101,9 @@ def Bitbucket(input: ProviderInput) -> Provider:  # pylint: disable=redefined-bu
     if input.config.token_endpoint is None:
         input.config.token_endpoint = "https://bitbucket.org/site/oauth2/access_token"
 
-    if input.config.user_info_endpoint is None:
-        input.config.user_info_endpoint = "https://api.bitbucket.org/2.0/user"
+    if input.config.authorization_endpoint_query_params is None:
+        input.config.authorization_endpoint_query_params = {
+            "audience": "api.atlassian.com",
+        }
 
     return NewProvider(input, BitbucketImpl)

supertokens_python/recipe/thirdparty/providers/config_utils.py

@@ -4,10 +4,12 @@
 from supertokens_python.normalised_url_path import NormalisedURLPath
 from .active_directory import ActiveDirectory
 from .apple import Apple
+from .bitbucket import Bitbucket
 from .boxy_saml import BoxySAML
 from .discord import Discord
 from .facebook import Facebook
 from .github import Github
+from .gitlab import Gitlab
 from .google_workspaces import GoogleWorkspaces
 from .google import Google
 from .linkedin import Linkedin
@@ -176,12 +178,16 @@ def create_provider(provider_input: ProviderInput) -> Provider:
         return ActiveDirectory(provider_input)
     if provider_input.config.third_party_id.startswith("apple"):
         return Apple(provider_input)
+    if provider_input.config.third_party_id.startswith("bitbucket"):
+        return Bitbucket(provider_input)
     if provider_input.config.third_party_id.startswith("discord"):
         return Discord(provider_input)
     if provider_input.config.third_party_id.startswith("facebook"):
         return Facebook(provider_input)
     if provider_input.config.third_party_id.startswith("github"):
         return Github(provider_input)
+    if provider_input.config.third_party_id.startswith("gitlab"):
+        return Gitlab(provider_input)
     if provider_input.config.third_party_id.startswith("google-workspaces"):
         return GoogleWorkspaces(provider_input)
     if provider_input.config.third_party_id.startswith("google"):

supertokens_python/recipe/thirdparty/providers/custom.py

@@ -215,6 +215,8 @@ def _normalize_input(  # pylint: disable=no-self-use
                 from_user_info_api=UserFields(),
             )
 
+        # These are safe defaults common to most providers. Each provider
+        # implementations override these as necessary
         if input_config.user_info_map.from_id_token_payload.user_id is None:
             input_config.user_info_map.from_id_token_payload.user_id = "sub"
 
@@ -226,6 +228,17 @@ def _normalize_input(  # pylint: disable=no-self-use
                 "email_verified"
             )
 
+        if input_config.user_info_map.from_user_info_api.user_id is None:
+            input_config.user_info_map.from_user_info_api.user_id = "sub"
+
+        if input_config.user_info_map.from_user_info_api.email is None:
+            input_config.user_info_map.from_user_info_api.email = "email"
+
+        if input_config.user_info_map.from_user_info_api.email_verified is None:
+            input_config.user_info_map.from_user_info_api.email_verified = (
+                "email_verified"
+            )
+
         if input_config.generate_fake_email is None:
 
             async def default_generate_fake_email(

supertokens_python/recipe/thirdparty/providers/facebook.py

@@ -76,10 +76,4 @@ def Facebook(input: ProviderInput) -> Provider:  # pylint: disable=redefined-bui
     if input.config.user_info_map.from_user_info_api.user_id is None:
         input.config.user_info_map.from_user_info_api.user_id = "id"
 
-    if input.config.user_info_map.from_user_info_api.email is None:
-        input.config.user_info_map.from_user_info_api.email = "email"
-
-    if input.config.user_info_map.from_user_info_api.email_verified is None:
-        input.config.user_info_map.from_user_info_api.email = "verified"
-
     return NewProvider(input, FacebookImpl)

supertokens_python/recipe/thirdparty/providers/gitlab.py

@@ -14,14 +14,43 @@
 
 from __future__ import annotations
 
-from supertokens_python.recipe.thirdparty.provider import Provider
+from typing import Optional, Dict, Any
+
+from supertokens_python.recipe.thirdparty.provider import (
+    Provider,
+    ProviderConfigForClient,
+)
 from .custom import GenericProvider, NewProvider
 from ..provider import Provider, ProviderInput
 
 
 class GitlabImpl(GenericProvider):
-    pass
+    async def get_config_for_client_type(
+        self, client_type: Optional[str], user_context: Dict[str, Any]
+    ) -> ProviderConfigForClient:
+        config = await super().get_config_for_client_type(client_type, user_context)
+
+        if config.scope is None:
+            config.scope = ["openid", "email"]
+
+        if config.oidc_discovery_endpoint is None:
+            if config.additional_config is not None and config.additional_config.get(
+                "gitlabBaseUrl"
+            ):
+                config.oidc_discovery_endpoint = config.additional_config[
+                    "gitlabBaseUrl"
+                ]
+            else:
+                config.oidc_discovery_endpoint = "https://gitlab.com"
+
+        return config
 
 
 def Gitlab(input: ProviderInput) -> Provider:  # pylint: disable=redefined-builtin
+    if input.config.name is None:
+        input.config.name = "Gitlab"
+
+    if input.config.oidc_discovery_endpoint is None:
+        input.config.oidc_discovery_endpoint = "https://gitlab.com"
+
     return NewProvider(input, GitlabImpl)

supertokens_python/recipe/thirdparty/providers/google.py

@@ -54,15 +54,6 @@ def Google(
     if input.config.user_info_map is None:
         input.config.user_info_map = UserInfoMap(UserFields(), UserFields())
 
-    if input.config.user_info_map.from_user_info_api.user_id is None:
-        input.config.user_info_map.from_user_info_api.user_id = "id"
-
-    if input.config.user_info_map.from_user_info_api.email is None:
-        input.config.user_info_map.from_user_info_api.email = "email"
-
-    if input.config.user_info_map.from_user_info_api.email_verified is None:
-        input.config.user_info_map.from_user_info_api.email = "email_verified"
-
     if input.config.authorization_endpoint_query_params is None:
         input.config.authorization_endpoint_query_params = {}
 

supertokens_python/recipe/thirdparty/providers/linkedin.py

@@ -64,8 +64,10 @@ async def get_user_info(
         )
         raw_user_info_from_provider.from_user_info_api = user_info
 
+        email_api_url = "https://api.linkedin.com/v2/emailAddress"
         email_info: Dict[str, Any] = await do_get_request(
-            "https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))",
+            email_api_url,
+            query_params={"q": "members", "projection": "(elements*(handle~))"},
             headers=headers,
         )