def test_it_raises_if_the_environment_variable_isnt_set_and_required(
self, os_fixture):
os_fixture.environ = {}
with pytest.raises(settings.SettingError) as exc_info:
settings.env_setting("FOOBAR", required=True)
assert str(exc_info.value) == "environment variable FOOBAR isn't set"
def test_it_returns_the_value_from_the_environment_variable(
self, os_fixture):
os_fixture.environ = {"FOOBAR": "the_value"}
result = settings.env_setting("FOOBAR")
assert result == "the_value"
def test_if_a_default_is_given_and_theres_no_env_var_it_returns_the_default(
self, os_fixture):
os_fixture.environ = {}
result = settings.env_setting("FOOBAR", default="DEFAULT")
assert result == "DEFAULT"
def test_it_returns_none_when_environment_variable_isnt_set_and_optional(
self, os_fixture):
os_fixture.environ = {}
result = settings.env_setting("FOOBAR")
assert result is None
def test_environment_variables_override_default_settings(self, os_fixture):
os_fixture.environ = {"FOOBAR": "the_value"}
result = settings.env_setting("FOOBAR", default="DEFAULT")
assert result == "the_value"
def configure(settings):
"""Return a Configurator for the Pyramid application."""
# Settings from the config file are extended / overwritten by settings from
# the environment.
env_settings = {
# The URL of the https://github.com/hypothesis/via instance to
# integrate with.
"via_url": env_setting("VIA_URL", required=True),
"jwt_secret": env_setting("JWT_SECRET", required=True),
"google_client_id": env_setting("GOOGLE_CLIENT_ID"),
"google_developer_key": env_setting("GOOGLE_DEVELOPER_KEY"),
"google_app_id": env_setting("GOOGLE_APP_ID"),
"lms_secret": env_setting("LMS_SECRET"),
"hashed_pw": env_setting("HASHED_PW"),
"salt": env_setting("SALT"),
"username": env_setting("USERNAME"),
# We need to use a randomly generated 16 byte array to encrypt secrets.
# For now we will use the first 16 bytes of the lms_secret
"aes_secret": env_setting("LMS_SECRET", required=True),
# The OAuth 2.0 client_id and client_secret for authenticating to the h API.
"h_client_id": env_setting("H_CLIENT_ID", required=True),
"h_client_secret": env_setting("H_CLIENT_SECRET", required=True),
# The OAuth 2.0 client_id and client_secret for logging users in to h.
"h_jwt_client_id": env_setting("H_JWT_CLIENT_ID", required=True),
"h_jwt_client_secret": env_setting("H_JWT_CLIENT_SECRET",
required=True),
# The authority that we'll create h users and groups in (e.g. "lms.hypothes.is").
"h_authority": env_setting("H_AUTHORITY", required=True),
# The base URL of the h API (e.g. "https://hypothes.is/api).
"h_api_url": env_setting("H_API_URL", required=True),
# The postMessage origins from which to accept RPC requests.
"rpc_allowed_origins": env_setting("RPC_ALLOWED_ORIGINS",
required=True),
}
database_url = env_setting("DATABASE_URL")
if database_url:
env_settings["sqlalchemy.url"] = database_url
env_settings["via_url"] = _append_trailing_slash(env_settings["via_url"])
env_settings["h_api_url"] = _append_trailing_slash(
env_settings["h_api_url"])
try:
env_settings["aes_secret"] = env_settings["aes_secret"].encode(
"ascii")[0:16]
except UnicodeEncodeError:
raise SettingError("LMS_SECRET must contain only ASCII characters")
env_settings["rpc_allowed_origins"] = aslist(
env_settings["rpc_allowed_origins"])
settings.update(env_settings)
config = Configurator(settings=settings, root_factory=".resources.Root")
# Security policies
authn_policy = AuthTktAuthenticationPolicy(settings["lms_secret"],
callback=groupfinder,
hashalg="sha512")
authz_policy = ACLAuthorizationPolicy()
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(authz_policy)
return config