[tor-commits] [bridgedb/main] Read the rdsys token from a file

Wed Feb 2 10:00:27 UTC 2022

commit 81d8644844b685f4f1b8bd0c9a538f77bdf89c71
Author: meskio <meskio at torproject.org>
Date:   Mon Jan 31 20:11:47 2022 +0100

    Read the rdsys token from a file
    
    Let's keep all private data out of the config file.
---
 bridgedb.conf                   | 4 ++--
 bridgedb/configure.py           | 3 +++
 bridgedb/test/test_configure.py | 2 ++
 bridgedb/test/test_main.py      | 6 +++++-
 scripts/setup-tests             | 1 +
 5 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/bridgedb.conf b/bridgedb.conf
index 9e1374a..fc56db8 100644
--- a/bridgedb.conf
+++ b/bridgedb.conf
@@ -150,8 +150,8 @@ STATUS_FILE = "networkstatus-bridges"
 #
 IGNORE_NETWORKSTATUS = True
 
-# The token to access the rdsys backend
-RDSYS_TOKEN = "ApiTokenPlaceholder"
+# The file containing the token to access the rdsys backend
+RDSYS_TOKEN_FILE = "rdsys-token"
 
 # The address of the rdsys backend
 RDSYS_ADDRESS = "localhost:7100"
diff --git a/bridgedb/configure.py b/bridgedb/configure.py
index ab8e08a..5fb1492 100644
--- a/bridgedb/configure.py
+++ b/bridgedb/configure.py
@@ -157,6 +157,9 @@ def loadConfig(configFile=None, configCls=None):
     if conffile: # Store the pathname of the config file, if one was used
         config.CONFIG_FILE = os.path.abspath(os.path.expanduser(conffile))
 
+    with open(config.RDSYS_TOKEN_FILE) as f:
+        setattr(config, "RDSYS_TOKEN", f.read())
+
     return config
 
 
diff --git a/bridgedb/test/test_configure.py b/bridgedb/test/test_configure.py
index aca7c8d..9cac758 100644
--- a/bridgedb/test/test_configure.py
+++ b/bridgedb/test/test_configure.py
@@ -26,6 +26,8 @@ class ConfigureTests(unittest.TestCase):
         here = os.getcwd()
         topdir = here.rstrip('_trial_temp')
         self.configFilename = os.path.join(topdir, 'bridgedb.conf')
+        with open("rdsys-token", 'w') as f:
+            f.write('ApiTokenPlaceholder')
 
     def test_loadConfig_with_file(self):
         """We should be able to load and parse the standard ``bridgedb.conf``
diff --git a/bridgedb/test/test_main.py b/bridgedb/test/test_main.py
index ae6ed9a..71738b4 100644
--- a/bridgedb/test/test_main.py
+++ b/bridgedb/test/test_main.py
@@ -179,6 +179,8 @@ class BridgedbTests(unittest.TestCase):
 
         # Get the bridgedb.conf file in the top-level directory of this repo:
         self.configFile = os.path.join(TOPDIR, 'bridgedb.conf')
+        with open("rdsys-token", 'w') as f:
+            f.write('ApiTokenPlaceholder')
         self.config = main.loadConfig(self.configFile)
         self.config.BRIDGE_AUTHORITY_DIRECTORIES = ["from-bifroest"]
 
@@ -333,7 +335,9 @@ EMAIL_N_BRIDGES_PER_ANSWER = 3
 EMAIL_INCLUDE_FINGERPRINTS = True
 HTTPS_SHARE = 10
 EMAIL_SHARE = 5
-RESERVED_SHARE = 2"""
+RESERVED_SHARE = 2
+RDSYS_TOKEN_FILE = "rdsys-token"
+"""
         configFile = self._writeConfig(config)
         
         # Fake some options:
diff --git a/scripts/setup-tests b/scripts/setup-tests
index fc89d8f..a78faa5 100755
--- a/scripts/setup-tests
+++ b/scripts/setup-tests
@@ -14,6 +14,7 @@ cd $THERE
 mkdir -p run/from-authority
 mkdir -p run/from-bifroest
 cp -R -t run bridgedb.conf captchas
+echo -n 'ApiTokenPlaceholder' > run/rdsys-token
 # Add '127.0.0.1' to EMAIL_DOMAINS in bridgedb.conf. This should ONLY be
 # done on testing servers, never on production servers.
 sed -r -i -e "s/(EMAIL_DOMAINS)(.*)(])/\1\2\, '127.0.0.1']/" run/bridgedb.conf

