This repository was archived by the owner on Aug 29, 2023. It is now read-only.
Remove token and Update to 1.7.0 #9
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…to Django projects with USE_TZ set to True (django-oauth#948) * Add breaking tests * Add fix for breaking tests Restrict usage of timezone aware expire dates to Django projects with USE_TZ set to True. * Update authors file * Update changelog file * Update the docs * Fix broken tests (missing import) Co-authored-by: Alan Crosswell <[email protected]>
…biity with more backends. (django-oauth#949) * Provide django.contrib.auth.authenticate() with a request for compatibiity with more backends. Resolves django-oauth#712. Resolves django-oauth#636. Resolves django-oauth#808. Co-authored-by: Alan Crosswell <[email protected]>
* Fix double oauth2_provider mountpoint in oidc view Fixes the doubling of mountpoint path in the OIDC endpoints values for `.well-known/openid-configuration/` * Updated tests According to the `django-oauth-toolkit` documentation for [OIDC_ISS_ENDPOINT](https://django-oauth-toolkit.readthedocs.io/en/latest/settings.html#oidc-iss-endpoint) this settings variable should enable discovery at `OIDC_ISS_ENDPOINT` + `/.well-known/openid-configuration/`. But if you use the variable as described you'll end up with the correct URL for the `issuer` value but incorrect URL's for the values of `authorization_endpoint`, `token_endpoint`, `userinfo_endpoint`, and `jwks_uri`. So if the `OIDC_ISS_ENDPOINT` is `http://localhost:8001/some-initial-path/o` the `issuer` will be `http://localhost:8001/some-initial-path/o` but `authorization_endpoint` will be `http://localhost:8001/some-initial-path/o/some-initial-path/o/authorize/`. Same pattern for `token_endpoint`, `userinfo_endpoint`, and `jwks_uri` This commit updates the tests to expect `OIDC_ISS_ENDPOINT` to end in `/o` * Updated AUTHORS * Update CHANGELOG * updated CHANGELOG To include possible breaking change message Co-authored-by: Jonas Nygaard Pedersen <[email protected]>
…ngo-oauth#953) * Allow loopback redirect URIs using ports as described in RFC8252 * Update Changelog and Authors * Docs update and adjustment for explicit port config on loopback * Wrap and clarify Changelog * Clarify documentation * Split out redirect uri logic for easier testing This adds some unit tests for loopback IP code in particular, as part of reviewing the change Co-authored-by: Raphael Gaschignard <[email protected]> Co-authored-by: Asif Saif Uddin <[email protected]> Co-authored-by: Raphael Gaschignard <[email protected]>
* Remove support for Django 3.0. * Add support for Django 3.2 * Add supported Python and Django badges. * Added my name to AUTHORS.
* Change remaining HttpResponse to JsonResponse * Add Andrew-Chen-Wang to AUTHORS * Added CHANGELOG entry * Lint
* Use django-cors-headers * Add @Andrew-Chen-Wang to AUTHORS.contributors Co-authored-by: Asif Saif Uddin <[email protected]>
This is needed to avoid 2 extra DB queries per each line in the list view, so that is usually +200 unnecessary queries. Co-authored-by: Asif Saif Uddin <[email protected]>
Add that REFRESH_TOKEN_EXPIRE_SECONDS can be an `Int` or `datetime.timedelta` to settings.rst. Co-authored-by: Asif Saif Uddin <[email protected]>
* Add Farsi/fa language support * Update AUTHORS Co-authored-by: Asif Saif Uddin <[email protected]>
* Add missing import In a newly created Django project (version 3.2.1) the `include` function is not imported. * Register myself as an author Co-authored-by: Asif Saif Uddin <[email protected]>
* Support rotation of RSA keys * add author * changelog for django-oauth#950 Co-authored-by: Asif Saif Uddin <[email protected]>
`AUTHENTICATION_BACKENDS` and `MIDDLEWARE` should be arrays, not tuples. Using tuples seems to work, but everything else in the settings.py file is an array.
updates: - https://github.com/ambv/black → https://github.com/psf/black - [github.com/psf/black: 20.8b1 → 21.9b0](psf/black@20.8b1...21.9b0) - [github.com/pre-commit/pre-commit-hooks: v3.2.0 → v4.0.1](pre-commit/pre-commit-hooks@v3.2.0...v4.0.1) - [github.com/PyCQA/isort: 5.6.3 → 5.9.3](PyCQA/isort@5.6.3...5.9.3) - https://gitlab.com/pycqa/flake8 → https://github.com/PyCQA/flake8 - [github.com/PyCQA/flake8: 3.8.4 → 4.0.1](PyCQA/flake8@3.8.4...4.0.1)
for more information, see https://pre-commit.ci
…oauth#954) (django-oauth#963) * Handles ValueErrors with invalid hex values in query strings and reraises them as SuspiciousOperations (django-oauth#954) * Unified erorr naming (err and error) when handling ValueErrors * Added Alex Szabó to AUTHORS * Adds fix message to CHANGELOG.md * Narrows handling of ValueErrors to a specific error (invalid hex in query string) * Fixes formatting Co-authored-by: Asif Saif Uddin <[email protected]>
* Require redirect_uri if multiple uris are registered * update changelog for django-oauth#981 Co-authored-by: Asif Saif Uddin <[email protected]>
updates: - [github.com/psf/black: 21.9b0 → 21.10b0](psf/black@21.9b0...21.10b0)
It is better to make setup.cfg infer version info from the package instead of vice versa. Previous method only works where the package is "installed". It doesn't work if we were to use this as a git submodule or frozen environments like nuitka.
updates: - [github.com/PyCQA/isort: 5.9.3 → 5.10.0](PyCQA/isort@5.9.3...5.10.0)
updates: - [github.com/PyCQA/isort: 5.10.0 → 5.10.1](PyCQA/isort@5.10.0...5.10.1)
* OpenID: Claims: Add claims inside well-known Some client can't use userinfo, and get propelty from claims. Add claims key inside wellknow. * OpenID: Claims: Additional test in well-know update test * OpenID: Claims: Docs: Add docs wellknow claims * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci Co-authored-by: Asif Saif Uddin <[email protected]> Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Andrew Chen Wang <[email protected]>
updates: - [github.com/psf/black: 21.10b0 → 21.11b1](psf/black@21.10b0...21.11b1)
…th#1035) * Removes default_app_config for Django Deprecation Warning * Update AUTHORS * Update __init__.py * import django * Install django so tox tests work * Pin mistune to fix docs
Co-authored-by: Asif Saif Uddin <[email protected]>
* Revert "Add migration that alters client_secret to ClientSecretField. (django-oauth#1075)" This reverts commit 58f4f5f. * revert 250120d * bad merge
* Add tox test to check if migrations were missed. * Document how to contribute migrations.
…elds to all remaining admin classes (django-oauth#1085) * fix django-oauth#1083 ('token' not valid search field), add search fields to all remaining admin classes
* Set default value for CLEAR_EXPIRED_TOKENS_BATCH_INTERVAL to sleep(0). * Document default value of 0 for CLEAR_EXPIRED_TOKENS_BATCH_INTERVAL. Co-authored-by: Andrew Chen Wang <[email protected]>
Some client can't use userinfo, and get propelty from claims. Add claims key inside well-known.
* always propagate request * have get_additional_claims return a dict again * allow get_additional_claims to return plain data instead of callables
This splits get_additional_claims into two forms. See documentation change for rationale.
Release 1.6.0
ryanluker
changed the title
|
Hmmm For some reason the 3.9/3.2 tests are also running the |
Yeahhhhh I am trying to steal some of this from the "future" test.yml as the old yml had no django 4.0 knowledge and it was breaking the tests when it tried to use 4 with 3.9.16. |
ryanluker
changed the title
mackosx
approved these changes
Apr 12, 2023
| to improve performance for removal of large numers of expired tokens. Configure with | ||
| [`CLEAR_EXPIRED_TOKENS_BATCH_SIZE`](https://django-oauth-toolkit.readthedocs.io/en/latest/settings.html#clear-expired-tokens-batch-size) and | ||
| [`CLEAR_EXPIRED_TOKENS_BATCH_INTERVAL`](https://django-oauth-toolkit.readthedocs.io/en/latest/settings.html#clear-expired-tokens-batch-interval). | ||
| * #1070 Add a Celery task for clearing expired tokens, e.g. to be scheduled as a [periodic task](https://docs.celeryproject.org/en/stable/userguide/periodic-tasks.html). |
There was a problem hiding this comment.
Oooh this is cool! We should add this (maybe after the migration is done)
There was a problem hiding this comment.
yeah reduce the burden on that table a bunch...
| * #968, #1039 Add support for Django 3.2 and 4.0. | ||
| * #953 Allow loopback redirect URIs using random ports as described in [RFC8252 section 7.3](https://datatracker.ietf.org/doc/html/rfc8252#section-7.3). | ||
| * #972 Add Farsi/fa language support. | ||
| * #978 OIDC: Add support for [rotating multiple RSA private keys](https://django-oauth-toolkit.readthedocs.io/en/latest/oidc.html#rotating-the-rsa-private-key). |
There was a problem hiding this comment.
Yep it was in the lower versions, so we could get this feature now, we might need to see how to rotate though as did they make this backwards compatible for us who uses a single value?
There was a problem hiding this comment.
I have a ticket logged here but it shouldn't blow up in the meantime... 😅
https://app.shortcut.com/greenspace/story/78692/adjust-usage-of-the-oidc-rsa-private-key-to-allow-for-multiple
| ('oauth2_provider', '0004_auto_20200902_2022'), | ||
| ] | ||
|
|
||
| operations = [ |
There was a problem hiding this comment.
question: Did we figure out what changes these operations are doing?
I don't see any changes to the models file that would cause this. Maybe its just a Django 4 related change?
There was a problem hiding this comment.
Yeah I couldn't figure it out exactly why they needed this noop PR but I am pretty sure it is due to django 4
django-oauth#1056
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
@mackosx
Work
Important Commits
7f891c1
f4a4bc7
6e46403
3997c82 - Django 4.0 doesn't support python 3.9?
New Schema Migrations
Migration reasons django-oauth#1056