Return API URL as part of status

CHANGELOG.md

@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## Unreleased
 
+### Changed
+
+- Grafana plugin app to use common PluginAuthentication, allow mobile app to access status endpoint @mderynck ([#2791](https://github.com/grafana/oncall/pull/2791))
+
 ### Fixed
 
 - Ignore ical cancelled events when calculating shifts ([#2776](https://github.com/grafana/oncall/pull/2776))

engine/apps/grafana_plugin/tests/test_status.py

@@ -59,8 +59,28 @@ def test_allow_signup(make_organization_and_user_with_plugin_token, make_user_au
     )
     response = client.get(reverse("grafana-plugin:status"), format="json", **auth_headers)
 
-    # if the org doesn't exist this will never return 200 due to
-    # the PluginTokenVerified permission class..
     # should consider removing the DynamicSetting logic because technically this
     # condition will never be reached in the code...
     assert response.status_code == status.HTTP_403_FORBIDDEN
+
+
+@pytest.mark.django_db
+def test_status_mobile_app_auth_token(
+    make_organization_and_user_with_mobile_app_auth_token,
+    make_user_auth_headers,
+):
+    organization, user, auth_token = make_organization_and_user_with_mobile_app_auth_token()
+
+    client = APIClient()
+    url = reverse("grafana-plugin:status")
+
+    response = client.post(url)
+    assert response.status_code == status.HTTP_403_FORBIDDEN
+
+    auth_headers = make_user_auth_headers(
+        user,
+        auth_token,
+    )
+
+    response = client.post(url, format="json", **auth_headers)
+    assert response.status_code == status.HTTP_200_OK

engine/apps/grafana_plugin/views/install.py

@@ -3,14 +3,14 @@
 from rest_framework.response import Response
 from rest_framework.views import APIView
 
-from apps.grafana_plugin.permissions import PluginTokenVerified
+from apps.auth_token.auth import PluginAuthentication
 from apps.user_management.models import Organization
 from apps.user_management.sync import sync_organization
 from common.api_helpers.mixins import GrafanaHeadersMixin
 
 
 class InstallView(GrafanaHeadersMixin, APIView):
-    permission_classes = (PluginTokenVerified,)
+    authentication_classes = (PluginAuthentication,)
 
     def post(self, request: Request) -> Response:
         stack_id = self.instance_context["stack_id"]

engine/apps/grafana_plugin/views/status.py

@@ -7,14 +7,17 @@
 from apps.auth_token.auth import PluginAuthentication
 from apps.base.models import DynamicSetting
 from apps.grafana_plugin.helpers import GrafanaAPIClient
-from apps.grafana_plugin.permissions import PluginTokenVerified
 from apps.grafana_plugin.tasks.sync import plugin_sync_organization_async
+from apps.mobile_app.auth import MobileAppAuthTokenAuthentication
 from apps.user_management.models import Organization
 from common.api_helpers.mixins import GrafanaHeadersMixin
 
 
 class StatusView(GrafanaHeadersMixin, APIView):
-    permission_classes = (PluginTokenVerified,)
+    authentication_classes = (
+        MobileAppAuthTokenAuthentication,
+        PluginAuthentication,
+    )
 
     def post(self, request: Request) -> Response:
         """
@@ -36,11 +39,14 @@ def post(self, request: Request) -> Response:
         is_installed = False
         token_ok = False
         allow_signup = True
+        api_url = settings.BASE_URL
 
         # Check if organization is in OnCall database
         if organization := Organization.objects.get(stack_id=stack_id, org_id=org_id):
             is_installed = True
             token_ok = organization.api_token_status == Organization.API_TOKEN_STATUS_OK
+            if organization.is_moved:
+                api_url = organization.migration_destination.oncall_backend_url
         else:
             allow_signup = DynamicSetting.objects.get_or_create(
                 name="allow_plugin_organization_signup", defaults={"boolean_value": True}
@@ -64,11 +70,12 @@ def post(self, request: Request) -> Response:
                 "is_installed": is_installed,
                 "token_ok": token_ok,
                 "allow_signup": allow_signup,
-                "is_user_anonymous": self.grafana_context["IsAnonymous"],
+                "is_user_anonymous": self.grafana_context.get("IsAnonymous", False),
                 "license": settings.LICENSE,
                 "version": settings.VERSION,
                 "recaptcha_site_key": settings.RECAPTCHA_V3_SITE_KEY,
                 "currently_undergoing_maintenance_message": settings.CURRENTLY_UNDERGOING_MAINTENANCE_MESSAGE,
+                "api_url": api_url,
             }
         )
 
@@ -96,7 +103,7 @@ def get(self, _request: Request) -> Response:
                 "is_installed": is_installed,
                 "token_ok": token_ok,
                 "allow_signup": allow_signup,
-                "is_user_anonymous": self.grafana_context["IsAnonymous"],
+                "is_user_anonymous": self.grafana_context.get("IsAnonymous", False),
                 "license": settings.LICENSE,
                 "version": settings.VERSION,
             }

engine/apps/grafana_plugin/views/sync.py

@@ -7,7 +7,6 @@
 from rest_framework.views import APIView
 
 from apps.auth_token.auth import PluginAuthentication
-from apps.grafana_plugin.permissions import PluginTokenVerified
 from apps.grafana_plugin.tasks.sync import plugin_sync_organization_async
 from apps.user_management.models import Organization
 from common.api_helpers.mixins import GrafanaHeadersMixin
@@ -16,7 +15,7 @@
 
 
 class PluginSyncView(GrafanaHeadersMixin, APIView):
-    permission_classes = (PluginTokenVerified,)
+    authentication_classes = (PluginAuthentication,)
 
     def post(self, request: Request) -> Response:
         """Deprecated. May be used for the plugins with versions < 1.3.17"""

engine/apps/grafana_plugin/views/sync_organization.py

@@ -5,14 +5,14 @@
 from rest_framework.response import Response
 from rest_framework.views import APIView
 
-from apps.grafana_plugin.permissions import PluginTokenVerified
+from apps.auth_token.auth import PluginAuthentication
 from apps.user_management.models import Organization
 from apps.user_management.sync import sync_organization
 from common.api_helpers.mixins import GrafanaHeadersMixin
 
 
 class SyncOrganizationView(GrafanaHeadersMixin, APIView):
-    permission_classes = (PluginTokenVerified,)
+    authentication_classes = (PluginAuthentication,)
 
     def post(self, request: Request) -> Response:
         stack_id = self.instance_context["stack_id"]

engine/apps/mobile_app/auth.py

@@ -4,7 +4,6 @@
 from rest_framework.authentication import BaseAuthentication, get_authorization_header
 
 from apps.auth_token.exceptions import InvalidToken
-from apps.user_management.exceptions import OrganizationDeletedException, OrganizationMovedException
 from apps.user_management.models import User
 
 from .models import MobileAppAuthToken, MobileAppVerificationToken
@@ -43,9 +42,4 @@ def authenticate_credentials(self, token_string: str) -> Tuple[Optional[User], O
         except InvalidToken:
             return None, None
 
-        if auth_token.organization.is_moved:
-            raise OrganizationMovedException(auth_token.organization)
-        if auth_token.organization.deleted_at:
-            raise OrganizationDeletedException(auth_token.organization)
-
         return auth_token.user, auth_token