Merge pull request #840 from code-corps/mock-out-pem-access

Mock out pem access

config/test.exs

@@ -54,3 +54,11 @@ config :code_corps,
 
 config :code_corps, :cloudex, CloudexTest
 config :cloudex, api_key: "test_key", secret: "test_secret", cloud_name: "test_cloud_name"
+
+# fall back to sample pem if none is available as an ENV variable
+pem = case System.get_env("GITHUB_APP_PEM") do
+  nil -> "./test/fixtures/github/app.pem" |> File.read!
+  encoded_pem -> encoded_pem |> Base.decode64! |> IO.inspect
+end
+
+config :code_corps, github_app_pem: pem

lib/code_corps/github.ex

@@ -1,6 +1,7 @@
 defmodule CodeCorps.GitHub do
 
-  @app_id Application.get_env(:code_corps, :github_app_id)
+  alias CodeCorps.Github.JWT
+
   @client_id Application.get_env(:code_corps, :github_app_client_id)
   @client_secret Application.get_env(:code_corps, :github_app_client_secret)
 
@@ -124,37 +125,9 @@ defmodule CodeCorps.GitHub do
     Map.put(existing_headers, "Authorization", "token #{access_token}")
   end
 
-  @doc """
-  Generates a JWT from the GitHub App's generated RSA private key using the
-  RS256 algo, where the issuer is the GitHub App's ID.
-
-  Used to exchange the JWT for an access token for a given integration, or
-  for the GitHub App itself.
-
-  Expires in 5 minutes.
-  """
-  def generate_jwt do
-    signer = rsa_key() |> Joken.rs256()
-
-    %{}
-    |> Joken.token
-    |> Joken.with_exp(Timex.now |> Timex.shift(minutes: 5) |> Timex.to_unix)
-    |> Joken.with_iss(@app_id |> String.to_integer())
-    |> Joken.with_iat(Timex.now |> Timex.to_unix)
-    |> Joken.with_signer(signer)
-    |> Joken.sign
-    |> Joken.get_compact
-  end
-
-  defp rsa_key do
-    Application.get_env(:code_corps, :github_app_pem)
-    |> JOSE.JWK.from_pem()
-  end
-
   @spec add_jwt_header(headers) :: headers
   defp add_jwt_header(existing_headers) do
-    jwt = generate_jwt()
-    Map.put(existing_headers, "Authorization", "Bearer #{jwt}")
+    Map.put(existing_headers, "Authorization", "Bearer #{JWT.generate}")
   end
 
   @spec add_default_options(list) :: list

lib/code_corps/github/jwt.ex

@@ -0,0 +1,35 @@
+defmodule CodeCorps.Github.JWT do
+  @moduledoc """
+  In charge of loading a a GitHub app .pem and generating a JSON Web Token from
+  it.
+  """
+
+  @app_id Application.get_env(:code_corps, :github_app_id)
+
+  @doc """
+  Generates a JWT from the GitHub App's generated RSA private key using the
+  RS256 algo, where the issuer is the GitHub App's ID.
+
+  Used to exchange the JWT for an access token for a given integration, or
+  for the GitHub App itself.
+
+  Expires in 5 minutes.
+  """
+  def generate do
+    signer = rsa_key() |> Joken.rs256()
+
+    %{}
+    |> Joken.token
+    |> Joken.with_exp(Timex.now |> Timex.shift(minutes: 5) |> Timex.to_unix)
+    |> Joken.with_iss(@app_id |> String.to_integer())
+    |> Joken.with_iat(Timex.now |> Timex.to_unix)
+    |> Joken.with_signer(signer)
+    |> Joken.sign
+    |> Joken.get_compact
+  end
+
+  defp rsa_key do
+    Application.get_env(:code_corps, :github_app_pem)
+    |> JOSE.JWK.from_pem()
+  end
+end

test/fixtures/github/app.pem

@@ -0,0 +1,13 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUp
+wmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ5
+1s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQABAoGAFijko56+qGyN8M0RVyaRAXz++xTqHBLh
+3tx4VgMtrQ+WEgCjhoTwo23KMBAuJGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2
+pIIVOFMDG+KESnAFV7l2c+cnzRMW0+b6f8mR1CJzZuxVLL6Q02fvLi55/mbSYxECQQDeAw6fiIQX
+GukBI4eMZZt4nscy2o12KyYner3VpoeE+Np2q+Z3pvAMd/aNzQ/W9WaI+NRfcxUJrmfPwIGm63il
+AkEAxCL5HQb2bQr4ByorcMWm/hEP2MZzROV73yF41hPsRC9m66KrheO9HPTJuo3/9s5p+sqGxOlF
+L0NDt4SkosjgGwJAFklyR1uZ/wPJjj611cdBcztlPdqoxssQGnh85BzCj/u3WqBpE2vjvyyvyI5k
+X6zk7S0ljKtt2jny2+00VsBerQJBAJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbu/fhrT8ebHkTz2epl
+U9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ
+37sJ5QsW+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ4p0=
+-----END RSA PRIVATE KEY-----