drop local fxa credentials; simplify FXA_CONFIGs (#19685)

settings.py

@@ -93,41 +93,16 @@ DATABASES = {
     'default': get_db_config('DATABASES_DEFAULT_URL'),
 }
 
-# FxA config for local development only.
+FXA_CONTENT_HOST = 'https://accounts.stage.mozaws.net'
-FXA_CONFIG = {
+FXA_OAUTH_HOST = 'https://oauth.stage.mozaws.net/v1'
-    'default': {
+FXA_PROFILE_HOST = 'https://profile.stage.mozaws.net/v1'
-        'client_id': env('FXA_CLIENT_ID', default='a25796da7bc73ffa'),
-        'client_secret': env(
-            'FXA_CLIENT_SECRET',
-            default='4828af02f60a12738a79c7121b06d42b481f112dce1831440902a8412d2770c5',
-        ),
-        # fxa redirects to http://olympia.test/api/auth/authenticate-callback/
-    },
-    'amo': {
-        'client_id': env('FXA_CLIENT_ID', default='0f95f6474c24c1dc'),
-        'client_secret': env(
-            'FXA_CLIENT_SECRET',
-            default='ca45e503a1b4ec9e2a3d4855d79849e098da18b7dfe42b6bc76dfed420fc1d38',
-        ),
-        # fxa redirects to http://localhost:3000/fxa-authenticate
-    },
-    'local': {
-        'client_id': env('FXA_CLIENT_ID', default='4dce1adfa7901c08'),
-        'client_secret': env(
-            'FXA_CLIENT_SECRET',
-            default='d7d5f1148a35b12c067fb9eafafc29d35165a90f5d8b0032f1fcd37468ae49fe',
-        ),
-        # fxa redirects to http://localhost:3000/api/auth/authenticate-callback/?config=local  # noqa
-    },
-}
-FXA_CONTENT_HOST = 'https://stable.dev.lcip.org'
-FXA_OAUTH_HOST = 'https://oauth-stable.dev.lcip.org/v1'
-FXA_PROFILE_HOST = 'https://stable.dev.lcip.org/profile/v1'
-ALLOWED_FXA_CONFIGS = ['default', 'amo', 'local']
 
 # When USE_FAKE_FXA_AUTH and settings.DEBUG are both True, we serve a fake
 # authentication page, bypassing FxA. To disable this behavior, set
 # USE_FAKE_FXA = False in your local settings.
+# You will also need to specify `client_id` and `client_secret` in your
+# local_settings.py or environment variables - you must contact the FxA team to get your
+# own credentials for FxA stage.
 USE_FAKE_FXA_AUTH = True
 
 # CSP report endpoint which returns a 204 from addons-nginx in local dev.

src/olympia/accounts/tests/test_views.py

@@ -63,15 +63,15 @@ SKIP_REDIRECT_FXA_CONFIG = {
 }
 
 
-@override_settings(FXA_CONFIG={'current-config': FXA_CONFIG})
+@override_settings(
+    FXA_CONFIG={'current-config': FXA_CONFIG},
+    DEFAULT_FXA_CONFIG_NAME='current-config',
+)
 @override_settings(FXA_OAUTH_HOST='https://accounts.firefox.com/v1')
 class TestLoginStartBaseView(WithDynamicEndpoints, TestCase):
-    class LoginStartView(views.LoginStartView):
-        DEFAULT_FXA_CONFIG_NAME = 'current-config'
-
     def setUp(self):
         super().setUp()
-        self.endpoint(self.LoginStartView, r'^login/start/')
+        self.endpoint(views.LoginStartView, r'^login/start/')
         self.url = '/en-US/firefox/login/start/'
         self.initialize_session({})
 
@@ -174,10 +174,6 @@ def has_cors_headers(response, origin='https://addons-frontend'):
 
 
 class TestLoginStartView(TestCase):
-    def test_default_config_is_used(self):
-        assert views.LoginStartView.DEFAULT_FXA_CONFIG_NAME == 'default'
-        assert views.LoginStartView.ALLOWED_FXA_CONFIGS == (['default', 'amo', 'local'])
-
     @override_settings(DEBUG=True, USE_FAKE_FXA_AUTH=True)
     def test_redirect_url_fake_fxa_auth(self):
         response = self.client.get(reverse_ns('accounts.login_start'))
@@ -690,44 +686,23 @@ class TestWithUser(TestCase):
         'foo': {'FOO': 123},
         'bar': {'BAR': 456},
         'baz': {'BAZ': 789},
-    }
+    },
+    DEFAULT_FXA_CONFIG_NAME='baz',
 )
 class TestFxAConfigMixin(TestCase):
-    class DefaultConfig(views.FxAConfigMixin):
+    def test_no_config(self):
-        DEFAULT_FXA_CONFIG_NAME = 'bar'
-
-    class MultipleConfigs(views.FxAConfigMixin):
-        DEFAULT_FXA_CONFIG_NAME = 'baz'
-        ALLOWED_FXA_CONFIGS = ['foo', 'baz']
-
-    def test_default_only_no_config(self):
         request = RequestFactory().get('/login')
-        config = self.DefaultConfig().get_fxa_config(request)
+        config = views.FxAConfigMixin().get_fxa_config(request)
-        assert config == {'BAR': 456}
+        assert config == {'BAZ': 789}
 
-    def test_default_only_not_allowed(self):
+    def test_config_alternate(self):
-        request = RequestFactory().get('/login?config=foo')
-        config = self.DefaultConfig().get_fxa_config(request)
-        assert config == {'BAR': 456}
-
-    def test_default_only_allowed(self):
         request = RequestFactory().get('/login?config=bar')
-        config = self.DefaultConfig().get_fxa_config(request)
+        config = views.FxAConfigMixin().get_fxa_config(request)
         assert config == {'BAR': 456}
 
-    def test_config_is_allowed(self):
-        request = RequestFactory().get('/login?config=foo')
-        config = self.MultipleConfigs().get_fxa_config(request)
-        assert config == {'FOO': 123}
-
     def test_config_is_default(self):
         request = RequestFactory().get('/login?config=baz')
-        config = self.MultipleConfigs().get_fxa_config(request)
+        config = views.FxAConfigMixin().get_fxa_config(request)
-        assert config == {'BAZ': 789}
-
-    def test_config_is_not_allowed(self):
-        request = RequestFactory().get('/login?config=bar')
-        config = self.MultipleConfigs().get_fxa_config(request)
         assert config == {'BAZ': 789}
 
 

src/olympia/accounts/verify.py

@@ -124,7 +124,7 @@ def check_and_update_fxa_access_token(request):
 
         config_name = (
             request.session['fxa_config_name']
-            if request.session.get('fxa_config_name') in settings.ALLOWED_FXA_CONFIGS
+            if request.session.get('fxa_config_name') in settings.FXA_CONFIG
             else settings.DEFAULT_FXA_CONFIG_NAME
         )
 

src/olympia/accounts/views.py

@@ -322,14 +322,12 @@ def with_user(f):
 
 
 class FxAConfigMixin:
-    DEFAULT_FXA_CONFIG_NAME = settings.DEFAULT_FXA_CONFIG_NAME
-    ALLOWED_FXA_CONFIGS = settings.ALLOWED_FXA_CONFIGS
-
     def get_config_name(self, request):
-        config_name = request.GET.get('config', self.DEFAULT_FXA_CONFIG_NAME)
+        config_name = request.GET.get('config')
-        if config_name not in self.ALLOWED_FXA_CONFIGS:
+        if config_name not in settings.FXA_CONFIG:
-            log.info(f'Using default FxA config instead of {config_name}')
+            if config_name:
-            config_name = self.DEFAULT_FXA_CONFIG_NAME
+                log.info(f'Using default FxA config instead of {config_name}')
+            config_name = settings.DEFAULT_FXA_CONFIG_NAME
         return config_name
 
     def get_fxa_config(self, request):

src/olympia/conf/dev/settings.py

@@ -72,11 +72,7 @@ ADDONS_LINTER_BIN = 'node_modules/.bin/addons-linter'
 ALLOW_SELF_REVIEWS = True
 
 FXA_CONFIG = {
-    'default': {
+    **FXA_CONFIG,
-        'client_id': env('FXA_CLIENT_ID'),
-        'client_secret': env('FXA_CLIENT_SECRET'),
-        # fxa redirects to https://%s/api/auth/authenticate-callback/ % DOMAIN
-    },
     'local': {
         'client_id': env('DEVELOPMENT_FXA_CLIENT_ID'),
         'client_secret': env('DEVELOPMENT_FXA_CLIENT_SECRET'),
@@ -87,9 +83,6 @@ FXA_CONTENT_HOST = 'https://accounts.stage.mozaws.net'
 FXA_OAUTH_HOST = 'https://oauth.stage.mozaws.net/v1'
 FXA_PROFILE_HOST = 'https://profile.stage.mozaws.net/v1'
 
-DEFAULT_FXA_CONFIG_NAME = 'default'
-ALLOWED_FXA_CONFIGS = ['default', 'local']
-
 REMOTE_SETTINGS_IS_TEST_SERVER = True
 
 SITEMAP_DEBUG_AVAILABLE = True

src/olympia/conf/prod/settings.py

@@ -54,16 +54,6 @@ NEW_FEATURES = True
 
 ADDONS_LINTER_BIN = 'node_modules/.bin/addons-linter'
 
-FXA_CONFIG = {
-    'default': {
-        'client_id': env('FXA_CLIENT_ID'),
-        'client_secret': env('FXA_CLIENT_SECRET'),
-        # fxa redirects to https://%s/api/auth/authenticate-callback/ % DOMAIN
-    },
-}
-DEFAULT_FXA_CONFIG_NAME = 'default'
-ALLOWED_FXA_CONFIGS = ['default']
-
 ES_DEFAULT_NUM_SHARDS = 10
 
 RECOMMENDATION_ENGINE_URL = env(

src/olympia/conf/stage/settings.py

@@ -69,19 +69,13 @@ ADDONS_LINTER_BIN = 'node_modules/.bin/addons-linter'
 ALLOW_SELF_REVIEWS = True
 
 FXA_CONFIG = {
-    'default': {
+    **FXA_CONFIG,
-        'client_id': env('FXA_CLIENT_ID'),
-        'client_secret': env('FXA_CLIENT_SECRET'),
-        # fxa redirects to https://%s/api/auth/authenticate-callback/ % DOMAIN
-    },
     'local': {
         'client_id': env('DEVELOPMENT_FXA_CLIENT_ID'),
         'client_secret': env('DEVELOPMENT_FXA_CLIENT_SECRET'),
         # fxa redirects to http://localhost:3000/api/auth/authenticate-callback/?config=local  # noqa
     },
 }
-DEFAULT_FXA_CONFIG_NAME = 'default'
-ALLOWED_FXA_CONFIGS = ['default', 'local']
 
 TAAR_LITE_RECOMMENDATION_ENGINE_URL = env(
     'TAAR_LITE_RECOMMENDATION_ENGINE_URL',

src/olympia/lib/settings_base.py

@@ -1404,11 +1404,19 @@ ignore_logger('django.security.DisallowedHost')
 # Automatically do 'from olympia import amo' when running shell_plus.
 SHELL_PLUS_POST_IMPORTS = (('olympia', 'amo'),)
 
+FXA_CONFIG = {
+    'default': {
+        'client_id': env('FXA_CLIENT_ID', default='.'),
+        'client_secret': env('FXA_CLIENT_SECRET', default='.'),
+        # fxa redirects to https://%s/api/auth/authenticate-callback/ % DOMAIN
+    },
+}
+DEFAULT_FXA_CONFIG_NAME = 'default'
+
 FXA_CONTENT_HOST = 'https://accounts.firefox.com'
 FXA_OAUTH_HOST = 'https://oauth.accounts.firefox.com/v1'
 FXA_PROFILE_HOST = 'https://profile.accounts.firefox.com/v1'
-DEFAULT_FXA_CONFIG_NAME = 'default'
+
-ALLOWED_FXA_CONFIGS = ['default']
 USE_FAKE_FXA_AUTH = False  # Should only be True for local development envs.
 VERIFY_FXA_ACCESS_TOKEN = True