mozilla-services · ethowitz · Mar 31, 2022 · Feb 4, 2022 · Feb 18, 2022 · Feb 18, 2022
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -43,7 +43,7 @@ commands:
       - run:
           name: Core Python Checks
           command: |
-            flake8 src/tokenserver/verify.py
+            flake8 src/tokenserver
             flake8 tools/integration_tests
             flake8 tools/tokenserver
   rust-clippy:
@@ -56,7 +56,7 @@ commands:
     steps:
       - run:
           name: cargo build
-          command: cargo build --features tokenserver_test_mode
+          command: cargo build
   setup-gcp-grpc:
     steps:
       - run:
@@ -201,14 +201,14 @@ jobs:
     steps:
       - setup_remote_docker:
           docker_layer_caching: true
-          = run:
-            name: Login to Dockerhub
-            command: |
-              if [ "${DOCKER_USER}" == "" ] || [ "${DOCKER_PASS}" == "" ]; then
-                echo "Skipping Login to DockerHub, credentials unavailable"
-              else
-                echo "${DOCKER_PASS}" | docker login -u="${DOCKER_USER}" --password-stdin
-              fi
+      - run:
+          name: Login to Dockerhub
+          command: |
+            if [ "${DOCKER_USER}" == "" ] || [ "${DOCKER_PASS}" == "" ]; then
+              echo "Skipping Login to DockerHub, credentials unavailable"
+            else
+              echo "${DOCKER_PASS}" | docker login -u="${DOCKER_USER}" --password-stdin
+            fi
       - checkout
       - setup-rust
       - setup-python
@@ -226,6 +226,7 @@ jobs:
       - run:
           name: Build Docker image
           command: docker build -t app:build .
+          no_output_timeout: 30m
       # save the built docker container into CircleCI's cache. This is
       # required since Workflows do not have the same remote docker instance.
       - run:

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -36,6 +36,7 @@ diesel = { version = "1.4", features = ["mysql", "r2d2"] }
 diesel_logger = "0.1.1"
 diesel_migrations = { version = "1.4.0", features = ["mysql"] }
 docopt = "1.1.0"
+dyn-clone = "1.0.4"
 env_logger = "0.9"
 futures = { version = "0.3", features = ["compat"] }
 google-cloud-rust-raw = "0.11.0"
@@ -44,7 +45,6 @@ google-cloud-rust-raw = "0.11.0"
 # `cargo build --features grpcio/openssl ...`
 grpcio = { version = "0.9" }
 lazy_static = "1.4.0"
-pyo3 = { version = "0.14", features = ["auto-initialize"] }
 hawk = "3.2"
 hex = "0.4.3"
 hostname = "0.3.1"
@@ -53,11 +53,14 @@ hmac = "0.11"
 http = "0.2.5"
 log = { version = "0.4", features = ["max_level_debug", "release_max_level_info"] }
 mime = "0.3"
+mockito = "0.30.0"
 num_cpus = "1"
 # must match what's used by googleapis-raw
 protobuf = "2.20.0"
+pyo3 = { version = "0.14", features = ["auto-initialize"] }
 rand = "0.8"
 regex = "1.4"
+reqwest = { version = "0.10.10", features = ["json"] }
 # pin to 0.19: https://github.com/getsentry/sentry-rust/issues/277
 sentry = { version = "0.19", features = ["with_curl_transport"] }# pin to 0.19 until on-prem sentry server is updated
 sentry-backtrace = "0.19"
@@ -84,12 +87,8 @@ validator = "0.14"
 validator_derive = "0.14"
 woothee = "0.11"
 
-[dev-dependencies]
-jsonwebtoken = "7.2.0"
-
 [features]
 no_auth = []
-tokenserver_test_mode = []
 
 [[bin]]
 name = "purge_ttl"
diff --git a/Dockerfile b/Dockerfile
@@ -11,8 +11,8 @@ RUN apt-get -q update && \
 RUN \
     cargo --version && \
     rustc --version && \
-    cargo install --features tokenserver_test_mode --path . --locked --root /app && \
-    cargo install --features tokenserver_test_mode --path . --bin purge_ttl --locked --root /app
+    cargo install --path . --locked --root /app --features grpcio/openssl && \
+    cargo install --path . --locked --root /app --features grpcio/openssl --bin purge_ttl
 
 FROM debian:buster-slim
 WORKDIR /app
@@ -43,6 +43,7 @@ COPY --from=builder /app/scripts/prepare-spanner.sh /app/scripts/prepare-spanner
 COPY --from=builder /app/src/db/spanner/schema.ddl /app/schema.ddl
 
 RUN chmod +x /app/scripts/prepare-spanner.sh
+RUN pip3 install -r /app/tools/integration_tests/requirements.txt
 
 USER app:app
 

diff --git a/Makefile b/Makefile
@@ -44,10 +44,10 @@ python:
 	venv/bin/python -m pip install -r requirements.txt
 
 run: python
-	PATH=./venv/bin:$(PATH) RUST_LOG=debug RUST_BACKTRACE=full cargo run --features tokenserver_test_mode -- --config config/local.toml
+	PATH=./venv/bin:$(PATH) RUST_LOG=debug RUST_BACKTRACE=full cargo run -- --config config/local.toml
 
 run_spanner:
 	GOOGLE_APPLICATION_CREDENTIALS=$(PATH_TO_SYNC_SPANNER_KEYS) GRPC_DEFAULT_SSL_ROOTS_FILE_PATH=$(PATH_TO_GRPC_CERT) make run
 
 test:
-	SYNC_DATABASE_URL=$(SYNC_DATABASE_URL) SYNC_TOKENSERVER__DATABASE_URL=$(SYNC_TOKENSERVER__DATABASE_URL) RUST_TEST_THREADS=1 cargo test --features tokenserver_test_mode
+	SYNC_DATABASE_URL=$(SYNC_DATABASE_URL) SYNC_TOKENSERVER__DATABASE_URL=$(SYNC_TOKENSERVER__DATABASE_URL) RUST_TEST_THREADS=1 cargo test
diff --git a/config/local.example.toml b/config/local.example.toml
@@ -22,7 +22,9 @@ tokenserver.enabled = true
 tokenserver.fxa_email_domain = "api-accounts.stage.mozaws.net"
 tokenserver.fxa_metrics_hash_secret = "INSERT_SECRET_KEY_HERE"
 tokenserver.fxa_oauth_server_url = "https://oauth.stage.mozaws.net"
-tokenserver.test_mode_enabled = false
+tokenserver.fxa_browserid_audience = "https://token.stage.mozaws.net"
+tokenserver.fxa_browserid_issuer = "https://api-accounts.stage.mozaws.net"
+tokenserver.fxa_browserid_server_url = "https://verifier.stage.mozaws.net/v2"
 
 # cors settings
 # cors_allowed_origin = "localhost"

diff --git a/docker-compose.e2e.mysql.yaml b/docker-compose.e2e.mysql.yaml
@@ -17,21 +17,24 @@ services:
           "
     e2e-tests:
         depends_on:
+          - mock-fxa-server
           - syncstorage-rs
         image: app:build
         privileged: true
         user: root
         environment:
+          MOCK_FXA_SERVER_URL: http://mock-fxa-server:6000
           SYNC_HOST: 0.0.0.0
           SYNC_MASTER_SECRET: secret0
           SYNC_DATABASE_URL: mysql://test:test@sync-db:3306/syncstorage
           SYNC_TOKENSERVER__DATABASE_URL: mysql://test:test@tokenserver-db:3306/tokenserver
           SYNC_TOKENSERVER__ENABLED: "true"
+          SYNC_TOKENSERVER__FXA_BROWSERID_AUDIENCE: "https://token.stage.mozaws.net/"
+          SYNC_TOKENSERVER__FXA_BROWSERID_ISSUER: "api-accounts.stage.mozaws.net"
           SYNC_TOKENSERVER__FXA_EMAIL_DOMAIN: api-accounts.stage.mozaws.net
           SYNC_TOKENSERVER__FXA_METRICS_HASH_SECRET: secret0
-          SYNC_TOKENSERVER__FXA_OAUTH_SERVER_URL: https://oauth.stage.mozaws.net
           TOKENSERVER_HOST: http://localhost:8000
         entrypoint: >
           /bin/sh -c "
-            sleep 28; pip3 install -r /app/tools/integration_tests/requirements.txt && python3 /app/tools/integration_tests/run.py 'http://localhost:8000#secret0'
+            sleep 28; python3 /app/tools/integration_tests/run.py 'http://localhost:8000#secret0'
           "
diff --git a/docker-compose.e2e.spanner.yaml b/docker-compose.e2e.spanner.yaml
@@ -17,22 +17,25 @@ services:
           "
     e2e-tests:
         depends_on:
+          - mock-fxa-server
           - syncstorage-rs
         image: app:build
         privileged: true
         user: root
         environment:
+          MOCK_FXA_SERVER_URL: http://mock-fxa-server:6000
           SYNC_HOST: 0.0.0.0
           SYNC_MASTER_SECRET: secret0
           SYNC_DATABASE_URL: spanner://projects/test-project/instances/test-instance/databases/test-database
           SYNC_SPANNER_EMULATOR_HOST: sync-db:9010
           SYNC_TOKENSERVER__DATABASE_URL: mysql://test:test@tokenserver-db:3306/tokenserver
           SYNC_TOKENSERVER__ENABLED: "true"
+          SYNC_TOKENSERVER__FXA_BROWSERID_AUDIENCE: "https://token.stage.mozaws.net/"
+          SYNC_TOKENSERVER__FXA_BROWSERID_ISSUER: "api-accounts.stage.mozaws.net"
           SYNC_TOKENSERVER__FXA_EMAIL_DOMAIN: api-accounts.stage.mozaws.net
           SYNC_TOKENSERVER__FXA_METRICS_HASH_SECRET: secret0
-          SYNC_TOKENSERVER__FXA_OAUTH_SERVER_URL: https://oauth.stage.mozaws.net
           TOKENSERVER_HOST: http://localhost:8000
         entrypoint: >
           /bin/sh -c "
-            sleep 28; pip3 install -r /app/tools/integration_tests/requirements.txt && python3 /app/tools/integration_tests/run.py 'http://localhost:8000#secret0'
+            sleep 28; python3 /app/tools/integration_tests/run.py 'http://localhost:8000#secret0'
           "
diff --git a/docker-compose.mysql.yaml b/docker-compose.mysql.yaml
@@ -28,6 +28,14 @@ services:
             MYSQL_USER: test
             MYSQL_PASSWORD: test
 
+    mock-fxa-server:
+        image: app:build
+        restart: "no"
+        entrypoint: python3 /app/tools/integration_tests/tokenserver/mock_fxa_server.py
+        environment:
+            MOCK_FXA_SERVER_HOST: 0.0.0.0
+            MOCK_FXA_SERVER_PORT: 6000
+
     syncstorage-rs:
         image: ${SYNCSTORAGE_RS_IMAGE:-syncstorage-rs:latest}
         restart: always