From aeb0dc726967eae6c0ec8d4c5fa084cd2ca5e1c5 Mon Sep 17 00:00:00 2001
From: Anders Kaseorg <anders@zulip.com>
Date: Fri, 28 Aug 2020 16:34:36 -0700
Subject: [PATCH] video_calls: Support separate testing credentials for Zoom.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
---
 zerver/views/video_calls.py  | 18 ++++++++++++++----
 zproject/default_settings.py |  5 ++++-
 2 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/zerver/views/video_calls.py b/zerver/views/video_calls.py
index 14f9ca7257..3a44eb90b0 100644
--- a/zerver/views/video_calls.py
+++ b/zerver/views/video_calls.py
@@ -44,13 +44,19 @@ def get_zoom_session(user: UserProfile) -> OAuth2Session:
     if settings.VIDEO_ZOOM_CLIENT_ID is None:
         raise JsonableError(_("Zoom credentials have not been configured"))
 
+    client_id = settings.VIDEO_ZOOM_CLIENT_ID
+    client_secret = settings.VIDEO_ZOOM_CLIENT_SECRET
+    if user.realm.string_id in settings.VIDEO_ZOOM_TESTING_REALMS:  # nocoverage
+        client_id = settings.VIDEO_ZOOM_TESTING_CLIENT_ID
+        client_secret = settings.VIDEO_ZOOM_TESTING_CLIENT_SECRET
+
     return OAuth2Session(
-        settings.VIDEO_ZOOM_CLIENT_ID,
+        client_id,
         redirect_uri=urljoin(settings.ROOT_DOMAIN_URI, "/calls/zoom/complete"),
         auto_refresh_url="https://zoom.us/oauth/token",
         auto_refresh_kwargs={
-            "client_id": settings.VIDEO_ZOOM_CLIENT_ID,
-            "client_secret": settings.VIDEO_ZOOM_CLIENT_SECRET,
+            "client_id": client_id,
+            "client_secret": client_secret,
         },
         token=user.zoom_token,
         token_updater=partial(do_set_zoom_token, user),
@@ -116,12 +122,16 @@ def complete_zoom_user_in_realm(
     if not constant_time_compare(state["sid"], get_zoom_sid(request)):
         raise JsonableError(_("Invalid Zoom session identifier"))
 
+    client_secret = settings.VIDEO_ZOOM_CLIENT_SECRET
+    if request.user.realm.string_id in settings.VIDEO_ZOOM_TESTING_REALMS:  # nocoverage
+        client_secret = settings.VIDEO_ZOOM_TESTING_CLIENT_SECRET
+
     oauth = get_zoom_session(request.user)
     try:
         token = oauth.fetch_token(
             "https://zoom.us/oauth/token",
             code=code,
-            client_secret=settings.VIDEO_ZOOM_CLIENT_SECRET,
+            client_secret=client_secret,
         )
     except OAuth2Error:
         raise JsonableError(_("Invalid Zoom credentials"))
diff --git a/zproject/default_settings.py b/zproject/default_settings.py
index 45b2db097a..ed57d43841 100644
--- a/zproject/default_settings.py
+++ b/zproject/default_settings.py
@@ -1,5 +1,5 @@
 import os
-from typing import TYPE_CHECKING, Any, Dict, List, Optional
+from typing import TYPE_CHECKING, Any, Dict, List, Optional, Set
 
 from scripts.lib.zulip_tools import deport
 
@@ -110,6 +110,9 @@ SSO_APPEND_DOMAIN: Optional[str] = None
 
 VIDEO_ZOOM_CLIENT_ID = get_secret("video_zoom_client_id", development_only=True)
 VIDEO_ZOOM_CLIENT_SECRET = get_secret("video_zoom_client_secret")
+VIDEO_ZOOM_TESTING_REALMS: Set[str] = set()
+VIDEO_ZOOM_TESTING_CLIENT_ID = get_secret("video_zoom_testing_client_id", development_only=True)
+VIDEO_ZOOM_TESTING_CLIENT_SECRET = get_secret("video_zoom_testing_client_secret")
 
 # Email gateway
 EMAIL_GATEWAY_PATTERN = ""