fix(GitHub Integration): Fix JWT generation for GitHub API calls (#6983)

Author: emyller

api/integrations/github/client.py

@@ -50,10 +50,9 @@ def build_request_headers(
     }
 
 
-# TODO: Add test coverage for this function
-def generate_token(installation_id: str, app_id: int) -> str:  # pragma: no cover
+def generate_token(installation_id: str, app_id: int) -> str:
     auth: Auth.AppInstallationAuth = Auth.AppAuth(
-        app_id=int(app_id), private_key=settings.GITHUB_PEM
+        app_id=str(app_id), private_key=settings.GITHUB_PEM
     ).get_installation_auth(
         installation_id=int(installation_id),
         token_permissions=None,
@@ -63,10 +62,9 @@ def generate_token(installation_id: str, app_id: int) -> str:  # pragma: no cove
     return token
 
 
-# TODO: Add test coverage for this function
-def generate_jwt_token(app_id: int) -> str:  # pragma: no cover
+def generate_jwt_token(app_id: int) -> str:
     github_auth: Auth.AppAuth = Auth.AppAuth(
-        app_id=app_id,
+        app_id=str(app_id),
         private_key=settings.GITHUB_PEM,
     )
     token = github_auth.create_jwt()

api/poetry.lock

@@ -159,7 +159,7 @@ pyngo = "~2.4.1"
 flagsmith = "^5.1.1"
 python-gnupg = "^0.5.1"
 django-redis = "^5.4.0"
-pygithub = "2.1.1"
+pygithub = "~2.8"
 hubspot-api-client = "^12.0.0"
 djangorestframework-dataclasses = "^1.3.1"
 pyotp = "^2.9.0"

api/pyproject.toml

@@ -0,0 +1,60 @@
+import jwt
+import pytest
+from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives.asymmetric import rsa
+from pytest_django.fixtures import SettingsWrapper
+from pytest_mock import MockerFixture
+
+from integrations.github.client import generate_jwt_token, generate_token
+
+
+@pytest.fixture()
+def rsa_private_key() -> rsa.RSAPrivateKey:
+    return rsa.generate_private_key(public_exponent=65537, key_size=2048)
+
+
+@pytest.fixture(autouse=True)
+def github_pem(settings: SettingsWrapper, rsa_private_key: rsa.RSAPrivateKey) -> None:
+    settings.GITHUB_PEM = rsa_private_key.private_bytes(
+        encoding=serialization.Encoding.PEM,
+        format=serialization.PrivateFormat.PKCS8,
+        encryption_algorithm=serialization.NoEncryption(),
+    ).decode()
+
+
+def test_generate_token__valid_credentials__returns_installation_token(
+    mocker: MockerFixture,
+) -> None:
+    # Given
+    mock_installation_auth = mocker.MagicMock()
+    mock_installation_auth.token = "installation-token"
+    mocker.patch(
+        "integrations.github.client.Auth.AppAuth.get_installation_auth",
+        return_value=mock_installation_auth,
+    )
+    mocker.patch("integrations.github.client.Github")
+
+    # When
+    result = generate_token(installation_id="12345", app_id=67890)
+
+    # Then
+    assert result == "installation-token"
+
+
+def test_generate_jwt_token__valid_credentials__returns_decodable_jwt(
+    rsa_private_key: rsa.RSAPrivateKey,
+) -> None:
+    # Given
+    app_id = 12345
+
+    # When
+    token = generate_jwt_token(app_id=app_id)
+
+    # Then
+    decoded = jwt.decode(
+        token,
+        rsa_private_key.public_key(),
+        algorithms=["RS256"],
+        options={"verify_exp": False},
+    )
+    assert decoded["iss"] == str(app_id)