Merge pull request #10 from oreillymedia/UA-3234

UA-3234 | Sync with upstream.
oreillymedia · Jan 22, 2024 · 72701b7 · 72701b7
2 parents ef43d9a + 5c9d080
commit 72701b7
Show file tree

Hide file tree

Showing 39 changed files with 601 additions and 219 deletions.
diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
@@ -0,0 +1 @@
+github: juanifioren
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -0,0 +1,26 @@
+name: Django Tests CI
+
+on:
+  push:
+    branches: ["master", "develop"]
+  pull_request:
+    branches: ["develop"]
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-python@v4
+      with:
+        python-version: |
+            3.8
+            3.9
+            3.10
+            3.11
+    - name: Install tox
+      run: |
+        python -m pip install --upgrade pip
+        pip install tox
+    - name: Run tox
+      run: tox
diff --git a/.gitignore b/.gitignore
@@ -14,3 +14,4 @@ docs/_build/
 .python-version
 .vscode
 .pytest_cache/
+.coverage*
diff --git a/.readthedocs.yaml b/.readthedocs.yaml
@@ -0,0 +1,24 @@
+# Read the Docs configuration file for Sphinx projects
+# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
+
+# Required
+version: 2
+
+# Set the OS, Python version and other tools you might need
+build:
+  os: ubuntu-22.04
+  tools:
+    python: "3.10"
+
+# Build documentation in the "docs/" directory with Sphinx
+sphinx:
+  configuration: docs/conf.py
+
+# Optionally build your docs in additional formats such as PDF and ePub
+formats:
+  - pdf
+
+# Python requirements required to build your documentation
+python:
+  install:
+    - requirements: docs/requirements.txt
diff --git a/.travis.yml b/.travis.yml
diff --git a/README.md b/README.md
@@ -1,9 +1,9 @@
 # Django OpenID Connect Provider
 
 [![Python Versions](https://img.shields.io/pypi/pyversions/django-oidc-provider.svg)](https://pypi.python.org/pypi/django-oidc-provider)
+[![Django Versions](https://img.shields.io/badge/Django-3.2%20%7C%204.2-green)](https://pypi.python.org/pypi/django-oidc-provider)
 [![PyPI Versions](https://img.shields.io/pypi/v/django-oidc-provider.svg)](https://pypi.python.org/pypi/django-oidc-provider)
 [![Documentation Status](https://readthedocs.org/projects/django-oidc-provider/badge/?version=master)](http://django-oidc-provider.readthedocs.io/)
-[![Travis](https://travis-ci.org/juanifioren/django-oidc-provider.svg?branch=master)](https://travis-ci.org/juanifioren/django-oidc-provider)
 
 ## About OpenID
 
@@ -13,8 +13,8 @@ OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol, whic
 
 `django-oidc-provider` can help you providing out of the box all the endpoints, data and logic needed to add OpenID Connect (and OAuth2) capabilities to your Django projects.
 
-Support for Python 3 and 2. Also latest versions of django.
+Support for Python 3 and latest versions of django.
 
 [Read documentation for more info.](http://django-oidc-provider.readthedocs.org/)
 
-[Do you want to contribute? Please read this.](http://django-oidc-provider.readthedocs.io/en/latest/sections/contribute.html)
+[Do you want to contribute? Please read this.](http://django-oidc-provider.readthedocs.io/en/master/sections/contribute.html)
diff --git a/docs/conf.py b/docs/conf.py
@@ -45,17 +45,17 @@
 
 # General information about the project.
 project = u'django-oidc-provider'
-copyright = u'2016, Juan Ignacio Fiorentino'
+copyright = u'2023, Juan Ignacio Fiorentino'
 author = u'Juan Ignacio Fiorentino'
 
 # The version info for the project you're documenting, acts as replacement for
 # |version| and |release|, also used in various other places throughout the
 # built documents.
 #
 # The short X.Y version.
-version = u'0.5'
+version = u'0.8'
 # The full version, including alpha/beta/rc tags.
-release = u'0.5.x'
+release = u'0.8.0'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.

diff --git a/docs/requirements.txt b/docs/requirements.txt
@@ -0,0 +1,2 @@
+sphinx
+sphinx_rtd_theme
diff --git a/docs/sections/changelog.rst b/docs/sections/changelog.rst
@@ -8,6 +8,36 @@ All notable changes to this project will be documented in this file.
 Unreleased
 ==========
 
+
+0.8.2
+=====
+
+*2023-12-15*
+
+* Added: Discovery endpoint response caching. Introducing OIDC_DISCOVERY_CACHE_ENABLE.
+* Fixed: ResponseType data migration.
+* Fixed: correctly verify PKCE secret in token endpoint.
+
+0.8.1
+=====
+
+*2023-10-22*
+
+* Changed: create_token and create_code are now methods on base classes to enable customization.
+* Changed: extract "is consent skip allowed" decision from the view to the endpoint.
+* Fixed: race condition in authorization code, parallel requests may reuse same token.
+
+0.8.0
+=====
+
+*2023-05-05*
+
+* Changed: now supporting latest versions of Django.
+* Changed: drop support for Python 2 and Django lower than 3.2.
+* Added: scope on token and introspection endpoints.
+* Changed: Use static instead of deprecated staticfiles template tag.
+* Fixed: example in docs for translatable scopes (ugettext).
+
 0.7.0
 =====
 

diff --git a/docs/sections/contribute.rst b/docs/sections/contribute.rst
@@ -7,10 +7,10 @@ We love contributions, so please feel free to fix bugs, improve things, provide
 
 * Create an issue and explain your feature/bugfix.
 * Wait collaborators comments.
-* Fork the project and create new branch from `develop`.
+* Fork the project and create new branch from ``develop``.
 * Make your feature addition or bug fix.
 * Add tests and documentation if needed.
-* Create pull request for the issue to the `develop` branch.
+* Create pull request for the issue to the ``develop`` branch.
 * Wait collaborators reviews.
 
 Running Tests
@@ -21,18 +21,18 @@ Use `tox <https://pypi.python.org/pypi/tox>`_ for running tests in each of the e
     # Run all tests.
     $ tox
 
-    # Run with Python 3.5 and Django 2.0.
-    $ tox -e py35-django20
+    # Run with Python 3.11 and Django 4.2.
+    $ tox -e py311-django42
 
     # Run single test file on specific environment.
-    $ tox -e py35-django20 tests/cases/test_authorize_endpoint.py
+    $ tox -e py311-django42 -- tests/cases/test_authorize_endpoint.py
 
-We also use `travis <https://travis-ci.org/juanifioren/django-oidc-provider/>`_ to automatically test every commit to the project.
+We use `Github Actions <https://github.com/juanifioren/django-oidc-provider/actions>`_ to automatically test every commit to the project.
 
 Improve Documentation
 =====================
 
-We use `Sphinx <http://www.sphinx-doc.org/>`_ for generate this documentation. I you want to add or modify something just:
+We use `Sphinx <http://www.sphinx-doc.org/>`_ to generate this documentation. If you want to add or modify something just:
 
 * Install Sphinx (``pip install sphinx``) and the auto-build tool (``pip install sphinx-autobuild``).
 * Move inside the docs folder. ``cd docs/``

diff --git a/docs/sections/installation.rst b/docs/sections/installation.rst
@@ -6,8 +6,8 @@ Installation
 Requirements
 ============
 
-* Python: ``2.7`` ``3.4`` ``3.5`` ``3.6``
-* Django: ``1.8`` ``1.9`` ``1.10`` ``1.11`` ``2.0``
+* Python: ``3.8`` ``3.9`` ``3.10`` ``3.11``
+* Django: ``3.2`` ``4.2``
 
 Quick Installation
 ==================
@@ -20,24 +20,19 @@ Install the package using pip::
 
 Add it to your apps in your project's django settings::
 
-    INSTALLED_APPS = (
-        'django.contrib.admin',
-        'django.contrib.auth',
-        'django.contrib.contenttypes',
-        'django.contrib.sessions',
-        'django.contrib.messages',
-        'django.contrib.staticfiles',
+    INSTALLED_APPS = [
+        # ...
         'oidc_provider',
         # ...
-    )
+    ]
 
 Include our urls to your project's ``urls.py``::
 
-    urlpatterns = patterns('',
+    urlpatterns = [
         # ...
-        url(r'^openid/', include('oidc_provider.urls', namespace='oidc_provider')),
+        path('openid/', include('oidc_provider.urls', namespace='oidc_provider')),
         # ...
-    )
+    ]
 
 Run the migrations and generate a server RSA key::
 

diff --git a/docs/sections/relyingparties.rst b/docs/sections/relyingparties.rst
@@ -19,7 +19,7 @@ Properties
 * ``client_type``: Values are ``confidential`` and ``public``.
 * ``client_id``: Client unique identifier.
 * ``client_secret``: Client secret for confidential applications.
-* ``response_types``: The flows and associated ```response_type``` values that can be used by the client.
+* ``response_types``: The flows and associated ``response_type`` values that can be used by the client.
 * ``jwt_alg``: Clients can choose which algorithm will be used to sign id_tokens. Values are ``HS256`` and ``RS256``.
 * ``date_created``: Date automatically added when created.
 * ``redirect_uris``: List of redirect URIs.

diff --git a/docs/sections/scopesclaims.rst b/docs/sections/scopesclaims.rst
@@ -82,7 +82,7 @@ Somewhere in your Django ``settings.py``::
 
 Inside your oidc_provider_settings.py file add the following class::
 
-    from django.utils.translation import gettext as _
+    from django.utils.translation import ugettext_lazy as _
     from oidc_provider.lib.claims import ScopeClaims
 
     class CustomScopeClaims(ScopeClaims):

diff --git a/docs/sections/settings.rst b/docs/sections/settings.rst
@@ -55,6 +55,20 @@ OPTIONAL. ``int``. Code object expiration after been delivered.
 
 Expressed in seconds. Default is ``60*10``.
 
+OIDC_DISCOVERY_CACHE_ENABLE
+===========================
+
+OPTIONAL. ``bool``. Enable caching the response on the discovery endpoint, by using default cache. Cache key will be a combination of site URL and types supported by the provider, changing any of these will invalidate stored value.
+
+Default is ``False``.
+
+OIDC_DISCOVERY_CACHE_EXPIRE
+===========================
+
+OPTIONAL. ``int``. Discovery endpoint cache expiration time expressed in seconds.
+
+Expressed in seconds. Default is ``60*10``.
+
 OIDC_EXTRA_SCOPE_CLAIMS
 =======================
 
@@ -234,3 +248,14 @@ Default is::
 See the :ref:`templates` section.
 
 The templates that are not specified here will use the default ones.
+
+OIDC_INTROSPECTION_RESPONSE_SCOPE_ENABLE
+==========================================
+
+OPTIONAL ``bool``
+
+A flag which toggles whether the scope is returned with successful response on introspection request.
+
+Must be ``True`` to include ``scope`` into the successful response
+
+Default is ``False``.
diff --git a/example/app/urls.py b/example/app/urls.py
@@ -5,9 +5,9 @@
 
 
 urlpatterns = [
-    re_path(r'^$', TemplateView.as_view(template_name='home.html'), name='home'),
-    re_path(r'^accounts/login/$', auth_views.LoginView.as_view(template_name='login.html'), name='login'),
-    re_path(r'^accounts/logout/$', auth_views.LogoutView.as_view(next_page='/'), name='logout'),
-    re_path(r'^', include('oidc_provider.urls', namespace='oidc_provider')),
-    re_path(r'^admin/', admin.site.urls),
+    url(r'^$', TemplateView.as_view(template_name='home.html'), name='home'),
+    url(r'^accounts/login/$', auth_views.LoginView.as_view(template_name='login.html'), name='login'),  # noqa
+    url(r'^accounts/logout/$', auth_views.LogoutView.as_view(next_page='/'), name='logout'),
+    url(r'^', include('oidc_provider.urls', namespace='oidc_provider')),
+    url(r'^admin/', admin.site.urls),
 ]
diff --git a/oidc_provider/admin.py b/oidc_provider/admin.py
@@ -75,13 +75,17 @@ class ClientAdmin(admin.ModelAdmin):
 @admin.register(Code)
 class CodeAdmin(admin.ModelAdmin):
 
+    raw_id_fields = ['user']
+
     def has_add_permission(self, request):
         return False
 
 
 @admin.register(Token)
 class TokenAdmin(admin.ModelAdmin):
 
+    raw_id_fields = ['user']
+
     def has_add_permission(self, request):
         return False