apple_auth: Change BUNDLE_ID setting to APP_ID everywhere.

The apple developer webapp consistently refers this App ID. So, this clears any confusion that can occur. Since python social auth only requires us to include App ID in _AUDIENCE(a list), we do that in computed settings making it easier for server admin and we make it much clear by having it set to APP_ID instead of BUNDLE_ID.
matt- · Jul 29, 2020 · 4afce5d · 4afce5d
1 parent 782970d
commit 4afce5d
Show file tree

Hide file tree

Showing 8 changed files with 11 additions and 11 deletions.
diff --git a/docs/development/authentication.md b/docs/development/authentication.md
@@ -96,8 +96,8 @@ details worth understanding:
 * In `dev-secrets.conf`, set
     * `social_auth_apple_services_id` to your
       "Services ID" (eg. com.application.your).
-    * `social_auth_apple_bundle_id` to "Bundle ID". This is
-      only required if you are testing Apple auth on iOS.
+    * `social_auth_apple_app_id` to "App ID" or "Bundle ID".
+      This is only required if you are testing Apple auth on iOS.
     * `social_auth_apple_key` to your "Key ID".
     * `social_auth_apple_team` to your "Team ID".
 * Put the private key file you got from apple at the path

diff --git a/docs/production/authentication-methods.md b/docs/production/authentication-methods.md
@@ -601,7 +601,7 @@ domain for your server).
      string like "A1B2C3D4E5".
    * `SOCIAL_AUTH_APPLE_SERVICES_ID`: The Services ID you created in
      step 1, which might look like "com.example.services".
-   * `SOCIAL_AUTH_APPLE_BUNDLE_ID`: The Bundle ID, or App ID, of your
+   * `SOCIAL_AUTH_APPLE_APP_ID`: The App ID, or Bundle ID, of your
      app that you used in step 1 to configure your Services ID.
      This might look like "com.example.app".
    * `SOCIAL_AUTH_APPLE_KEY`: Despite the name this is not a key, but

diff --git a/templates/zerver/apple-error.md b/templates/zerver/apple-error.md
@@ -7,7 +7,7 @@ properly configured. Please check the following:
   [Certificates, Identifiers & Profiles](https://developer.apple.com/account/resources/).
 
 * You have set `SOCIAL_AUTH_APPLE_SERVICES_ID`,
-  `SOCIAL_AUTH_APPLE_BUNDLE_ID`, `SOCIAL_AUTH_APPLE_TEAM`,
+  `SOCIAL_AUTH_APPLE_APP_ID`, `SOCIAL_AUTH_APPLE_TEAM`,
   `SOCIAL_AUTH_APPLE_KEY` and `SOCIAL_AUTH_APPLE_TEAM` in `{{
   settings_path }}` and stored the private key provided by Apple at
   `/etc/zulip/apple-auth-key.p8` on the Zulip server, with

diff --git a/zerver/tests/test_auth_backends.py b/zerver/tests/test_auth_backends.py
@@ -2262,7 +2262,7 @@ class for details.
         """
 
         if not skip_id_token:
-            id_token: Optional[str] = self.generate_id_token(account_data_dict, settings.SOCIAL_AUTH_APPLE_BUNDLE_ID)
+            id_token: Optional[str] = self.generate_id_token(account_data_dict, settings.SOCIAL_AUTH_APPLE_APP_ID)
         else:
             id_token = None
 

diff --git a/zproject/computed_settings.py b/zproject/computed_settings.py
@@ -47,7 +47,7 @@
     REMOTE_POSTGRES_SSLMODE,
     SENDFILE_BACKEND,
     SENTRY_DSN,
-    SOCIAL_AUTH_APPLE_BUNDLE_ID,
+    SOCIAL_AUTH_APPLE_APP_ID,
     SOCIAL_AUTH_APPLE_SERVICES_ID,
     SOCIAL_AUTH_GITHUB_KEY,
     SOCIAL_AUTH_GITHUB_ORG_NAME,
@@ -1029,7 +1029,7 @@ def zulip_path(path: str) -> str:
 # SERVICES_ID to make things more readable in the configuration
 # and our own custom backend code.
 SOCIAL_AUTH_APPLE_CLIENT = SOCIAL_AUTH_APPLE_SERVICES_ID
-SOCIAL_AUTH_APPLE_AUDIENCE = [id for id in [SOCIAL_AUTH_APPLE_CLIENT, SOCIAL_AUTH_APPLE_BUNDLE_ID] if id is not None]
+SOCIAL_AUTH_APPLE_AUDIENCE = [id for id in [SOCIAL_AUTH_APPLE_CLIENT, SOCIAL_AUTH_APPLE_APP_ID] if id is not None]
 
 if PRODUCTION:
     SOCIAL_AUTH_APPLE_SECRET = get_from_file_if_exists("/etc/zulip/apple-auth-key.p8")

diff --git a/zproject/default_settings.py b/zproject/default_settings.py
@@ -81,7 +81,7 @@
 
 # Apple:
 SOCIAL_AUTH_APPLE_SERVICES_ID = get_secret('social_auth_apple_services_id', development_only=True)
-SOCIAL_AUTH_APPLE_BUNDLE_ID = get_secret('social_auth_apple_bundle_id', development_only=True)
+SOCIAL_AUTH_APPLE_APP_ID = get_secret('social_auth_apple_app_id', development_only=True)
 SOCIAL_AUTH_APPLE_KEY = get_secret('social_auth_apple_key', development_only=True)
 SOCIAL_AUTH_APPLE_TEAM = get_secret('social_auth_apple_team', development_only=True)
 SOCIAL_AUTH_APPLE_SCOPE = ['name', 'email']

diff --git a/zproject/prod_settings_template.py b/zproject/prod_settings_template.py
@@ -294,7 +294,7 @@
 #
 #SOCIAL_AUTH_APPLE_TEAM = "<your Team ID>"
 #SOCIAL_AUTH_APPLE_SERVICES_ID = "<your Services ID>"
-#SOCIAL_AUTH_APPLE_BUNDLE_ID = "<your Bundle ID>"
+#SOCIAL_AUTH_APPLE_APP_ID = "<your App ID>"
 #SOCIAL_AUTH_APPLE_KEY = "<your Key ID>"
 
 ########

diff --git a/zproject/test_extra_settings.py b/zproject/test_extra_settings.py
@@ -178,9 +178,9 @@ def set_loglevel(logger_name: str, level: str) -> None:
 SOCIAL_AUTH_GOOGLE_SECRET = "secret"
 SOCIAL_AUTH_SUBDOMAIN = 'auth'
 SOCIAL_AUTH_APPLE_SERVICES_ID = 'com.zulip.chat'
-SOCIAL_AUTH_APPLE_BUNDLE_ID = 'com.zulip.bundle.id'
+SOCIAL_AUTH_APPLE_APP_ID = 'com.zulip.bundle.id'
 SOCIAL_AUTH_APPLE_CLIENT = 'com.zulip.chat'
-SOCIAL_AUTH_APPLE_AUDIENCE = [SOCIAL_AUTH_APPLE_BUNDLE_ID, SOCIAL_AUTH_APPLE_SERVICES_ID]
+SOCIAL_AUTH_APPLE_AUDIENCE = [SOCIAL_AUTH_APPLE_APP_ID, SOCIAL_AUTH_APPLE_SERVICES_ID]
 SOCIAL_AUTH_APPLE_KEY = 'KEYISKEY'
 SOCIAL_AUTH_APPLE_TEAM = 'TEAMSTRING'
 SOCIAL_AUTH_APPLE_SECRET = get_from_file_if_exists("zerver/tests/fixtures/apple/private_key.pem")