Ran black and added a test

simonw · simonw · commit aa0b84e85d1c · 2025-11-15T15:48:11.000-08:00
http://gistpreview.github.io/?1e3016b4e52380fd9e6e7ad84386db09
diff --git a/datasette_auth_github/utils.py b/datasette_auth_github/utils.py
@@ -39,10 +39,8 @@ async def load_orgs_and_teams(config, profile, access_token):
             else:
                 continue
             # Now check if user is an active member of the team:
-            team_membership_url = (
-                "https://api.{}/teams/{}/memberships/{}".format(
-                    config["host"], team_id, profile["login"]
-                )
+            team_membership_url = "https://api.{}/teams/{}/memberships/{}".format(
+                config["host"], team_id, profile["login"]
             )
             async with httpx.AsyncClient() as client:
                 response = await client.get(
diff --git a/datasette_auth_github/views.py b/datasette_auth_github/views.py
@@ -11,7 +11,7 @@ def verify_config(config):
     config = config or {}
     for key in DEPRECATED_KEYS:
         assert key not in config, "{} is no longer a supported option".format(key)
-    config.setdefault('host', "github.com")
+    config.setdefault("host", "github.com")
 
 
 async def github_auth_start(datasette):
@@ -21,10 +21,8 @@ async def github_auth_start(datasette):
         scope = "read:org"
     else:
         scope = "user:email"
-    github_login_url = (
-        "https://{}/login/oauth/authorize?scope={}&client_id={}".format(
-            config["host"], scope, config["client_id"]
-        )
+    github_login_url = "https://{}/login/oauth/authorize?scope={}&client_id={}".format(
+        config["host"], scope, config["client_id"]
     )
     return Response.redirect(github_login_url)
 
@@ -87,7 +85,7 @@ async def github_auth_callback(datasette, request, scope, receive, send):
     extras = await load_orgs_and_teams(config, profile, access_token)
     actor.update(extras)
 
-   # Set a signed cookie and redirect to homepage (respecting 'base_url' setting)
+    # Set a signed cookie and redirect to homepage (respecting 'base_url' setting)
     response = Response.redirect(datasette.urls.path("/"))
     response.set_cookie("ds_actor", datasette.sign({"a": actor}, "actor"))
     return response
diff --git a/tests/test_datasette_auth_github.py b/tests/test_datasette_auth_github.py
@@ -198,3 +198,76 @@ async def test_database_access_permissions(
         cookies = {"ds_actor": auth_response.cookies["ds_actor"]}
     databases = await ds.client.get("/.json", cookies=cookies)
     assert set(databases.json()["databases"].keys()) == expected_databases
+
+
+@pytest.mark.asyncio
+async def test_github_enterprise_host(tmpdir, httpx_mock):
+    """Test that GitHub Enterprise host configuration works correctly"""
+    # Mock GitHub Enterprise endpoints
+    enterprise_host = "github.example.com"
+
+    httpx_mock.add_response(
+        url=f"https://{enterprise_host}/login/oauth/access_token",
+        method="POST",
+        content=b"access_token=enterprise_access_token",
+    )
+
+    httpx_mock.add_response(
+        url=f"https://api.{enterprise_host}/user",
+        json={
+            "id": 456,
+            "name": "Enterprise User",
+            "login": "enterpriseuser",
+            "email": "enterprise@example.com",
+        },
+    )
+
+    httpx_mock.add_response(
+        url=re.compile(
+            rf"^https://api\.{re.escape(enterprise_host)}/orgs/enterprise-org/memberships/.*"
+        ),
+        json={"state": "active", "role": "member"},
+    )
+
+    # Create Datasette instance with GitHub Enterprise configuration
+    filepath = str(tmpdir / "test.db")
+    ds = Datasette(
+        [filepath],
+        metadata={
+            "plugins": {
+                "datasette-auth-github": {
+                    "client_id": "enterprise_client_id",
+                    "client_secret": "enterprise_client_secret",
+                    "host": enterprise_host,
+                    "load_orgs": ["enterprise-org"],
+                }
+            }
+        },
+    )
+
+    def create_tables(conn):
+        sqlite_utils.Database(conn)["example"].insert({"name": "example"})
+
+    await ds.get_database().execute_write_fn(create_tables, block=True)
+
+    # Test that the auth start URL uses the enterprise host
+    response = await ds.client.get("/-/github-auth-start", follow_redirects=False)
+    expected_url = f"https://{enterprise_host}/login/oauth/authorize?scope=read:org&client_id=enterprise_client_id"
+    assert expected_url == response.headers["location"]
+
+    # Test that the auth callback uses the enterprise host for API calls
+    response = await ds.client.get(
+        "/-/github-auth-callback?code=enterprise-code",
+        follow_redirects=False,
+    )
+
+    actor = ds.unsign(response.cookies["ds_actor"], "actor")["a"]
+    assert {
+        "id": "github:456",
+        "display": "enterpriseuser",
+        "gh_id": "456",
+        "gh_name": "Enterprise User",
+        "gh_login": "enterpriseuser",
+        "gh_email": "enterprise@example.com",
+        "gh_orgs": ["enterprise-org"],
+    }.items() <= actor.items()
