oncall-engine/engine/apps/auth_token/models/slack_auth_token.py

from typing import Tuple

from django.db import models
from django.utils import timezone

from apps.auth_token import constants, crypto
from apps.auth_token.models import BaseAuthToken
from apps.user_management.models import Organization, User
from settings.base import AUTH_TOKEN_TIMEOUT_SECONDS


def get_expire_date():
    return timezone.now() + timezone.timedelta(seconds=AUTH_TOKEN_TIMEOUT_SECONDS)


class SlackAuthTokenQueryset(models.QuerySet):
    def filter(self, *args, **kwargs):
        now = timezone.now()
        return super().filter(*args, **kwargs, revoked_at=None, expire_date__gte=now)

    def delete(self):
        self.update(revoked_at=timezone.now())


class SlackAuthToken(BaseAuthToken):
    objects = SlackAuthTokenQueryset.as_manager()
    user = models.ForeignKey(
        "user_management.User",
        related_name="slack_auth_token_set",
        on_delete=models.CASCADE,
    )
    organization = models.ForeignKey(
        "user_management.Organization", related_name="slack_auth_token_set", on_delete=models.CASCADE
    )
    expire_date = models.DateTimeField(default=get_expire_date)

    @classmethod
    def create_auth_token(cls, user: User, organization: Organization) -> Tuple["SlackAuthToken", str]:
        token_string = crypto.generate_token_string()
        digest = crypto.hash_token_string(token_string)

        instance = cls.objects.create(
            token_key=token_string[: constants.TOKEN_KEY_LENGTH],
            digest=digest,
            user=user,
            organization=organization,
        )
        return instance, token_string
World, meet OnCall! Co-authored-by: Eve832 <eve.meelan@grafana.com> Co-authored-by: Francisco Montes de Oca <nevermind89x@gmail.com> Co-authored-by: Ildar Iskhakov <ildar.iskhakov@grafana.com> Co-authored-by: Innokentii Konstantinov <innokenty.konstantinov@grafana.com> Co-authored-by: Julia <ferril.darkdiver@gmail.com> Co-authored-by: maskin25 <kengurek@gmail.com> Co-authored-by: Matias Bordese <mbordese@gmail.com> Co-authored-by: Matvey Kukuy <motakuk@gmail.com> Co-authored-by: Michael Derynck <michael.derynck@grafana.com> Co-authored-by: Richard Hartmann <richih@richih.org> Co-authored-by: Robby Milo <robbymilo@fastmail.com> Co-authored-by: Timur Olzhabayev <timur.olzhabayev@grafana.com> Co-authored-by: Vadim Stepanov <vadimkerr@gmail.com> Co-authored-by: Yulia Shanyrova <yulia.shanyrova@grafana.com> 2022-06-03 08:09:47 -06:00			`from typing import Tuple`

			`from django.db import models`
			`from django.utils import timezone`

			`from apps.auth_token import constants, crypto`
			`from apps.auth_token.models import BaseAuthToken`
			`from apps.user_management.models import Organization, User`
Google OAuth2 flow + fetch Google Calendar OOO events (#4067) # What this PR does The following is deployed under a feature flag. How it works 1. The user clicks on the "Connect using your Google account" button in the user profile settings modal 2. The UI makes a call to `GET /api/internal/v1/login/google-oauth2`. The backend has now been configured to add `apps.social_auth.backends.GoogleOAuth2` as a "`social_auth` backend". 3. The backend will respond w/ a URL which points to the Google OAuth2 consent screen. The frontend then proceeds by sending the user to this page. This URL includes the following query parameters (amongst others): - `redirect_uri` - this will send the user back to `/api/internal/v1/complete/google-oauth2` (ie. make another API call to the OnCall backend to finalize the Google OAuth2 flow) - `state` - this represents an `apps.auth_token.models.GoogleOAuth2Token` token. This allows us to identify the OnCall user once they've linked their Google account. 4. Once redirected back to `/api/internal/v1/complete/google-oauth2`, this will complete the OAuth2 flow. At this point, the backend has access to several pieces of information about the Google user, including their `access_token` and `refresh_token`. We persist these (encrypted) for future use to fetch the user's out-of-office calendar events 5. The response from the API call in 4 above ☝️ is HTTP 302 (redirect) to `/a/grafana-oncall-app/users/me` (ie. open the user profile settings modal). At this point the user will see that their account has been connected and they can further configure the settings ![image](https://github.com/grafana/oncall/assets/9406895/c7673055-8485-4f9a-98df-b4f7347229ce) ## Which issue(s) this PR closes Closes https://github.com/grafana/oncall-private/issues/2584 ## Checklist - [x] Unit, integration, and e2e (if applicable) tests updated - [x] Documentation added (or `pr:no public docs` PR label added if not required) - will be done in https://github.com/grafana/oncall-private/issues/2591 - [x] Added the relevant release notes label (see labels prefixed w/ `release:`). These labels dictate how your PR will show up in the autogenerated release notes. - will be done in https://github.com/grafana/oncall-private/issues/2591 --------- Co-authored-by: Dominik <dominik.broj@grafana.com> Co-authored-by: Maxim Mordasov <maxim.mordasov@grafana.com> 2024-04-02 14:59:03 -04:00			`from settings.base import AUTH_TOKEN_TIMEOUT_SECONDS`
World, meet OnCall! Co-authored-by: Eve832 <eve.meelan@grafana.com> Co-authored-by: Francisco Montes de Oca <nevermind89x@gmail.com> Co-authored-by: Ildar Iskhakov <ildar.iskhakov@grafana.com> Co-authored-by: Innokentii Konstantinov <innokenty.konstantinov@grafana.com> Co-authored-by: Julia <ferril.darkdiver@gmail.com> Co-authored-by: maskin25 <kengurek@gmail.com> Co-authored-by: Matias Bordese <mbordese@gmail.com> Co-authored-by: Matvey Kukuy <motakuk@gmail.com> Co-authored-by: Michael Derynck <michael.derynck@grafana.com> Co-authored-by: Richard Hartmann <richih@richih.org> Co-authored-by: Robby Milo <robbymilo@fastmail.com> Co-authored-by: Timur Olzhabayev <timur.olzhabayev@grafana.com> Co-authored-by: Vadim Stepanov <vadimkerr@gmail.com> Co-authored-by: Yulia Shanyrova <yulia.shanyrova@grafana.com> 2022-06-03 08:09:47 -06:00

			`def get_expire_date():`
Google OAuth2 flow + fetch Google Calendar OOO events (#4067) # What this PR does The following is deployed under a feature flag. How it works 1. The user clicks on the "Connect using your Google account" button in the user profile settings modal 2. The UI makes a call to `GET /api/internal/v1/login/google-oauth2`. The backend has now been configured to add `apps.social_auth.backends.GoogleOAuth2` as a "`social_auth` backend". 3. The backend will respond w/ a URL which points to the Google OAuth2 consent screen. The frontend then proceeds by sending the user to this page. This URL includes the following query parameters (amongst others): - `redirect_uri` - this will send the user back to `/api/internal/v1/complete/google-oauth2` (ie. make another API call to the OnCall backend to finalize the Google OAuth2 flow) - `state` - this represents an `apps.auth_token.models.GoogleOAuth2Token` token. This allows us to identify the OnCall user once they've linked their Google account. 4. Once redirected back to `/api/internal/v1/complete/google-oauth2`, this will complete the OAuth2 flow. At this point, the backend has access to several pieces of information about the Google user, including their `access_token` and `refresh_token`. We persist these (encrypted) for future use to fetch the user's out-of-office calendar events 5. The response from the API call in 4 above ☝️ is HTTP 302 (redirect) to `/a/grafana-oncall-app/users/me` (ie. open the user profile settings modal). At this point the user will see that their account has been connected and they can further configure the settings ![image](https://github.com/grafana/oncall/assets/9406895/c7673055-8485-4f9a-98df-b4f7347229ce) ## Which issue(s) this PR closes Closes https://github.com/grafana/oncall-private/issues/2584 ## Checklist - [x] Unit, integration, and e2e (if applicable) tests updated - [x] Documentation added (or `pr:no public docs` PR label added if not required) - will be done in https://github.com/grafana/oncall-private/issues/2591 - [x] Added the relevant release notes label (see labels prefixed w/ `release:`). These labels dictate how your PR will show up in the autogenerated release notes. - will be done in https://github.com/grafana/oncall-private/issues/2591 --------- Co-authored-by: Dominik <dominik.broj@grafana.com> Co-authored-by: Maxim Mordasov <maxim.mordasov@grafana.com> 2024-04-02 14:59:03 -04:00			`return timezone.now() + timezone.timedelta(seconds=AUTH_TOKEN_TIMEOUT_SECONDS)`
World, meet OnCall! Co-authored-by: Eve832 <eve.meelan@grafana.com> Co-authored-by: Francisco Montes de Oca <nevermind89x@gmail.com> Co-authored-by: Ildar Iskhakov <ildar.iskhakov@grafana.com> Co-authored-by: Innokentii Konstantinov <innokenty.konstantinov@grafana.com> Co-authored-by: Julia <ferril.darkdiver@gmail.com> Co-authored-by: maskin25 <kengurek@gmail.com> Co-authored-by: Matias Bordese <mbordese@gmail.com> Co-authored-by: Matvey Kukuy <motakuk@gmail.com> Co-authored-by: Michael Derynck <michael.derynck@grafana.com> Co-authored-by: Richard Hartmann <richih@richih.org> Co-authored-by: Robby Milo <robbymilo@fastmail.com> Co-authored-by: Timur Olzhabayev <timur.olzhabayev@grafana.com> Co-authored-by: Vadim Stepanov <vadimkerr@gmail.com> Co-authored-by: Yulia Shanyrova <yulia.shanyrova@grafana.com> 2022-06-03 08:09:47 -06:00

			`class SlackAuthTokenQueryset(models.QuerySet):`
			`def filter(self, args, *kwargs):`
			`now = timezone.now()`
			`return super().filter(args, *kwargs, revoked_at=None, expire_date__gte=now)`

			`def delete(self):`
			`self.update(revoked_at=timezone.now())`


			`class SlackAuthToken(BaseAuthToken):`
			`objects = SlackAuthTokenQueryset.as_manager()`
			`user = models.ForeignKey(`
			`"user_management.User",`
			`related_name="slack_auth_token_set",`
			`on_delete=models.CASCADE,`
			`)`
			`organization = models.ForeignKey(`
			`"user_management.Organization", related_name="slack_auth_token_set", on_delete=models.CASCADE`
			`)`
			`expire_date = models.DateTimeField(default=get_expire_date)`

			`@classmethod`
			`def create_auth_token(cls, user: User, organization: Organization) -> Tuple["SlackAuthToken", str]:`
			`token_string = crypto.generate_token_string()`
			`digest = crypto.hash_token_string(token_string)`

			`instance = cls.objects.create(`
			`token_key=token_string[: constants.TOKEN_KEY_LENGTH],`
			`digest=digest,`
			`user=user,`
			`organization=organization,`
			`)`
			`return instance, token_string`