Fetch HipChat's capabilities document

hc/api/models.py

@@ -388,7 +388,8 @@ class Channel(models.Model):
         if time.time() < doc.get("expires_at", 0):
             return  # Current access token is still valid
 
-        url = "https://api.hipchat.com/v2/oauth/token"
+        endpoints = requests.get(doc["capabilitiesUrl"])
+        url = endpoints.json()["capabilities"]["oauth2Provider"]["tokenUrl"]
         auth = (doc["oauthId"], doc["oauthSecret"])
         r = requests.post(url, auth=auth, data={
             "grant_type": "client_credentials",

hc/api/tests/test_channel_model.py

@@ -8,14 +8,28 @@ from mock import patch
 class ChannelModelTestCase(BaseTestCase):
 
     @patch("hc.api.models.requests.post")
-    def test_it_refreshes_hipchat_access_token(self, mock_post):
+    @patch("hc.api.models.requests.get")
+    def test_it_refreshes_hipchat_access_token(self, mock_get, mock_post):
+        mock_get.return_value.json.return_value = {
+            "capabilities": {
+                "oauth2Provider": {"tokenUrl": "http://example.org"}
+            }
+        }
         mock_post.return_value.json.return_value = {"expires_in": 100}
 
         channel = Channel(kind="hipchat", user=self.alice, value=json.dumps({
             "oauthId": "foo",
-            "oauthSecret": "bar"
+            "oauthSecret": "bar",
+            "capabilitiesUrl": "http://example.org/capabilities.json"
         }))
 
         channel.refresh_hipchat_access_token()
-        self.assertTrue(mock_post.return_value.json.called)
+        # It should fetch the remote capabilities document
+        mock_get.assert_called()
+
+        # It should request a token using a correct tokenUrl
+        mock_post.assert_called()
+        args, kwargs = mock_post.call_args
+        self.assertEqual(args[0], "http://example.org")
+
         self.assertTrue("expires_at" in channel.value)