Independent oauth preflight provider check

davegaeddert · davegaeddert · commit fdc5aeef51f9 · 2025-10-10T18:02:31.000-05:00
diff --git a/plain-oauth/plain/oauth/models.py b/plain-oauth/plain/oauth/models.py
@@ -4,8 +4,7 @@
 from plain.auth import get_user_model
 from plain.exceptions import ValidationError
 from plain.models import transaction
-from plain.models.db import IntegrityError, OperationalError, ProgrammingError
-from plain.preflight import PreflightResult
+from plain.models.db import IntegrityError
 from plain.runtime import SettingsReference
 from plain.utils import timezone
 
@@ -15,9 +14,6 @@
     from .providers import OAuthToken, OAuthUser
 
 
-# TODO preflight check for deploy that ensures all provider keys in db are also in settings?
-
-
 @models.register_model
 class OAuthConnection(models.Model):
     created_at = models.DateTimeField(auto_now_add=True)
@@ -154,35 +150,3 @@ def connect(
         connection.save()
 
         return connection
-
-    @classmethod
-    def preflight(cls) -> list[PreflightResult]:
-        """
-        A system check for ensuring that provider_keys in the database are also present in settings.
-        """
-        errors = super().preflight()
-
-        from .providers import get_provider_keys
-
-        try:
-            keys_in_db = set(
-                cls.query.values_list("provider_key", flat=True).distinct()
-            )
-        except (OperationalError, ProgrammingError):
-            # Check runs on plain migrate, and the table may not exist yet
-            # or it may not be installed on the particular database intentionally
-            return errors
-
-        keys_in_settings = set(get_provider_keys())
-
-        if keys_in_db - keys_in_settings:
-            errors.append(
-                PreflightResult(
-                    fix="The following OAuth providers are in the database but not in the settings: {}. Add these providers to your OAUTH_LOGIN_PROVIDERS setting or remove the corresponding OAuthConnection records.".format(
-                        ", ".join(keys_in_db - keys_in_settings)
-                    ),
-                    id="oauth.provider_in_db_not_in_settings",
-                )
-            )
-
-        return errors
diff --git a/plain-oauth/plain/oauth/preflight.py b/plain-oauth/plain/oauth/preflight.py
@@ -0,0 +1,38 @@
+from plain.models import OperationalError, ProgrammingError
+from plain.preflight import PreflightCheck, PreflightResult, register_check
+
+
+@register_check(name="oauth.provider_keys")
+class CheckOAuthProviderKeys(PreflightCheck):
+    """
+    Check for OAuth provider keys in the database that are not present in settings.
+    """
+
+    def run(self) -> list[PreflightResult]:
+        from .models import OAuthConnection
+        from .providers import get_provider_keys
+
+        errors = []
+
+        try:
+            keys_in_db = set(
+                OAuthConnection.query.values_list("provider_key", flat=True).distinct()
+            )
+        except (OperationalError, ProgrammingError):
+            # Check runs on plain migrate, and the table may not exist yet
+            # or it may not be installed on the particular database intentionally
+            return errors
+
+        keys_in_settings = set(get_provider_keys())
+
+        if keys_in_db - keys_in_settings:
+            errors.append(
+                PreflightResult(
+                    fix="The following OAuth providers are in the database but not in the settings: {}. Add these providers to your OAUTH_LOGIN_PROVIDERS setting or remove the corresponding OAuthConnection records.".format(
+                        ", ".join(keys_in_db - keys_in_settings)
+                    ),
+                    id="oauth.provider_settings_missing",
+                )
+            )
+
+        return errors
diff --git a/plain-oauth/tests/test_checks.py b/plain-oauth/tests/test_checks.py
@@ -1,5 +1,6 @@
 from plain.auth import get_user_model
 from plain.oauth.models import OAuthConnection
+from plain.oauth.preflight import CheckOAuthProviderKeys
 
 
 def test_oauth_provider_keys_check_pass(db, settings):
@@ -23,7 +24,8 @@ def test_oauth_provider_keys_check_pass(db, settings):
         access_token="test",
     )
 
-    errors = OAuthConnection.preflight()
+    check = CheckOAuthProviderKeys()
+    errors = check.run()
     assert len(errors) == 0
 
 
@@ -54,7 +56,8 @@ def test_oauth_provider_keys_check_fail(db, settings):
         access_token="test",
     )
 
-    errors = OAuthConnection.preflight()
+    check = CheckOAuthProviderKeys()
+    errors = check.run()
     assert len(errors) == 1
     assert (
         errors[0].fix
