Merge branch 'develop' into zvyn/issue-304

juanifioren · Jul 27, 2023 · 14ab614 · 14ab614
2 parents 7048f29 + d5f06f1
commit 14ab614
Show file tree

Hide file tree

Showing 33 changed files with 359 additions and 182 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -0,0 +1,26 @@
+name: Django Tests CI
+
+on:
+  push:
+    branches: ["master", "develop"]
+  pull_request:
+    branches: ["develop"]
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-python@v4
+      with:
+        python-version: |
+            3.8
+            3.9
+            3.10
+            3.11
+    - name: Install tox
+      run: |
+        python -m pip install --upgrade pip
+        pip install tox
+    - name: Run tox
+      run: tox
diff --git a/.travis.yml b/.travis.yml
diff --git a/README.md b/README.md
@@ -1,9 +1,9 @@
 # Django OpenID Connect Provider
 
 [![Python Versions](https://img.shields.io/pypi/pyversions/django-oidc-provider.svg)](https://pypi.python.org/pypi/django-oidc-provider)
+[![Django Versions](https://img.shields.io/badge/Django-3.2%20%7C%204.2-green)](https://pypi.python.org/pypi/django-oidc-provider)
 [![PyPI Versions](https://img.shields.io/pypi/v/django-oidc-provider.svg)](https://pypi.python.org/pypi/django-oidc-provider)
 [![Documentation Status](https://readthedocs.org/projects/django-oidc-provider/badge/?version=master)](http://django-oidc-provider.readthedocs.io/)
-[![Travis](https://travis-ci.org/juanifioren/django-oidc-provider.svg?branch=master)](https://travis-ci.org/juanifioren/django-oidc-provider)
 
 ## About OpenID
 

diff --git a/docs/conf.py b/docs/conf.py
@@ -45,24 +45,24 @@
 
 # General information about the project.
 project = u'django-oidc-provider'
-copyright = u'2016, Juan Ignacio Fiorentino'
+copyright = u'2023, Juan Ignacio Fiorentino'
 author = u'Juan Ignacio Fiorentino'
 
 # The version info for the project you're documenting, acts as replacement for
 # |version| and |release|, also used in various other places throughout the
 # built documents.
 #
 # The short X.Y version.
-version = u'0.5'
+version = u'0.8'
 # The full version, including alpha/beta/rc tags.
-release = u'0.5.x'
+release = u'0.8.0'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.
 #
 # This is also used if you do content translation via gettext catalogs.
 # Usually you set "language" from the command line for these cases.
-language = None
+language = 'en'
 
 # There are two options for replacing |today|: either, you set today to some
 # non-false value, then it is used:

diff --git a/docs/sections/changelog.rst b/docs/sections/changelog.rst
@@ -8,7 +8,18 @@ All notable changes to this project will be documented in this file.
 Unreleased
 ==========
 
-* Fixed: example project on Django 2.1.
+* Changed: create_token and create_code are now methods on base classes to enable customization.
+* Changed: extract "is consent skip allowed" decision from the view to the endpoint.
+
+0.8.0
+=====
+
+*2023-05-05*
+
+* Changed: now supporting latest versions of Django.
+* Changed: drop support for Python 2 and Django lower than 3.2.
+* Added: scope on token and introspection endpoints.
+* Changed: Use static instead of deprecated staticfiles template tag.
 * Fixed: example in docs for translatable scopes (ugettext).
 
 0.7.0

diff --git a/docs/sections/contribute.rst b/docs/sections/contribute.rst
@@ -7,10 +7,10 @@ We love contributions, so please feel free to fix bugs, improve things, provide
 
 * Create an issue and explain your feature/bugfix.
 * Wait collaborators comments.
-* Fork the project and create new branch from `develop`.
+* Fork the project and create new branch from ``develop``.
 * Make your feature addition or bug fix.
 * Add tests and documentation if needed.
-* Create pull request for the issue to the `develop` branch.
+* Create pull request for the issue to the ``develop`` branch.
 * Wait collaborators reviews.
 
 Running Tests
@@ -21,18 +21,18 @@ Use `tox <https://pypi.python.org/pypi/tox>`_ for running tests in each of the e
     # Run all tests.
     $ tox
 
-    # Run with Python 3.5 and Django 2.0.
-    $ tox -e py35-django20
+    # Run with Python 3.11 and Django 4.2.
+    $ tox -e py311-django42
 
     # Run single test file on specific environment.
-    $ tox -e py35-django20 tests/cases/test_authorize_endpoint.py
+    $ tox -e py311-django42 tests/cases/test_authorize_endpoint.py
 
-We also use `travis <https://travis-ci.org/juanifioren/django-oidc-provider/>`_ to automatically test every commit to the project.
+We use `Github Actions <https://github.com/juanifioren/django-oidc-provider/actions>`_ to automatically test every commit to the project.
 
 Improve Documentation
 =====================
 
-We use `Sphinx <http://www.sphinx-doc.org/>`_ for generate this documentation. I you want to add or modify something just:
+We use `Sphinx <http://www.sphinx-doc.org/>`_ to generate this documentation. If you want to add or modify something just:
 
 * Install Sphinx (``pip install sphinx``) and the auto-build tool (``pip install sphinx-autobuild``).
 * Move inside the docs folder. ``cd docs/``

diff --git a/docs/sections/installation.rst b/docs/sections/installation.rst
@@ -6,8 +6,8 @@ Installation
 Requirements
 ============
 
-* Python: ``2.7`` ``3.4`` ``3.5`` ``3.6``
-* Django: ``1.8`` ``1.9`` ``1.10`` ``1.11`` ``2.0``
+* Python: ``3.8`` ``3.9`` ``3.10`` ``3.11``
+* Django: ``3.2`` ``4.2``
 
 Quick Installation
 ==================
@@ -20,24 +20,19 @@ Install the package using pip::
 
 Add it to your apps in your project's django settings::
 
-    INSTALLED_APPS = (
-        'django.contrib.admin',
-        'django.contrib.auth',
-        'django.contrib.contenttypes',
-        'django.contrib.sessions',
-        'django.contrib.messages',
-        'django.contrib.staticfiles',
+    INSTALLED_APPS = [
+        # ...
         'oidc_provider',
         # ...
-    )
+    ]
 
 Include our urls to your project's ``urls.py``::
 
-    urlpatterns = patterns('',
+    urlpatterns = [
         # ...
-        url(r'^openid/', include('oidc_provider.urls', namespace='oidc_provider')),
+        path('openid/', include('oidc_provider.urls', namespace='oidc_provider')),
         # ...
-    )
+    ]
 
 Run the migrations and generate a server RSA key::
 

diff --git a/docs/sections/relyingparties.rst b/docs/sections/relyingparties.rst
@@ -19,7 +19,7 @@ Properties
 * ``client_type``: Values are ``confidential`` and ``public``.
 * ``client_id``: Client unique identifier.
 * ``client_secret``: Client secret for confidential applications.
-* ``response_types``: The flows and associated ```response_type``` values that can be used by the client.
+* ``response_types``: The flows and associated ``response_type`` values that can be used by the client.
 * ``jwt_alg``: Clients can choose which algorithm will be used to sign id_tokens. Values are ``HS256`` and ``RS256``.
 * ``date_created``: Date automatically added when created.
 * ``redirect_uris``: List of redirect URIs.

diff --git a/docs/sections/settings.rst b/docs/sections/settings.rst
@@ -234,3 +234,14 @@ Default is::
 See the :ref:`templates` section.
 
 The templates that are not specified here will use the default ones.
+
+OIDC_INTROSPECTION_RESPONSE_SCOPE_ENABLE
+==========================================
+
+OPTIONAL ``bool``
+
+A flag which toggles whether the scope is returned with successful response on introspection request.
+
+Must be ``True`` to include ``scope`` into the successful response
+
+Default is ``False``.
diff --git a/oidc_provider/admin.py b/oidc_provider/admin.py
@@ -4,7 +4,7 @@
 
 from django.forms import ModelForm
 from django.contrib import admin
-from django.utils.translation import ugettext_lazy as _
+from django.utils.translation import gettext_lazy as _
 
 from oidc_provider.models import Client, Code, Token, RSAKey
 
@@ -75,13 +75,17 @@ class ClientAdmin(admin.ModelAdmin):
 @admin.register(Code)
 class CodeAdmin(admin.ModelAdmin):
 
+    raw_id_fields = ['user']
+
     def has_add_permission(self, request):
         return False
 
 
 @admin.register(Token)
 class TokenAdmin(admin.ModelAdmin):
 
+    raw_id_fields = ['user']
+
     def has_add_permission(self, request):
         return False
 

diff --git a/oidc_provider/lib/claims.py b/oidc_provider/lib/claims.py
@@ -1,6 +1,6 @@
 import copy
 
-from django.utils.translation import ugettext_lazy as _
+from django.utils.translation import gettext_lazy as _
 
 from oidc_provider import settings
 

diff --git a/oidc_provider/lib/endpoints/authorize.py b/oidc_provider/lib/endpoints/authorize.py
@@ -126,31 +126,42 @@ def validate_params(self):
                 raise AuthorizeError(
                     self.params['redirect_uri'], 'invalid_request', self.grant_type)
 
+    def create_code(self):
+        code = create_code(
+            user=self.request.user,
+            client=self.client,
+            scope=self.params['scope'],
+            nonce=self.params['nonce'],
+            is_authentication=self.is_authentication,
+            code_challenge=self.params['code_challenge'],
+            code_challenge_method=self.params['code_challenge_method'],
+        )
+
+        return code
+
+    def create_token(self):
+        token = create_token(
+            user=self.request.user,
+            client=self.client,
+            scope=self.params['scope'],
+        )
+
+        return token
+
     def create_response_uri(self):
         uri = urlsplit(self.params['redirect_uri'])
         query_params = parse_qs(uri.query)
         query_fragment = {}
 
         try:
             if self.grant_type in ['authorization_code', 'hybrid']:
-                code = create_code(
-                    user=self.request.user,
-                    client=self.client,
-                    scope=self.params['scope'],
-                    nonce=self.params['nonce'],
-                    is_authentication=self.is_authentication,
-                    code_challenge=self.params['code_challenge'],
-                    code_challenge_method=self.params['code_challenge_method'])
+                code = self.create_code()
                 code.save()
-
             if self.grant_type == 'authorization_code':
                 query_params['code'] = code.code
                 query_params['state'] = self.params['state'] if self.params['state'] else ''
             elif self.grant_type in ['implicit', 'hybrid']:
-                token = create_token(
-                    user=self.request.user,
-                    client=self.client,
-                    scope=self.params['scope'])
+                token = self.create_token()
 
                 # Check if response_type must include access_token in the response.
                 if (self.params['response_type'] in
@@ -270,6 +281,13 @@ def client_has_user_consent(self):
 
         return value
 
+    def is_client_allowed_to_skip_consent(self):
+        implicit_flow_resp_types = {'id_token', 'id_token token'}
+        return (
+            self.client.client_type != 'public' or
+            self.params['response_type'] in implicit_flow_resp_types
+        )
+
     def get_scopes_information(self):
         """
         Return a list with the description of all the scopes requested.

diff --git a/oidc_provider/lib/endpoints/introspection.py b/oidc_provider/lib/endpoints/introspection.py
@@ -85,7 +85,8 @@ def create_response_dic(self):
                 response_dic[k] = self.id_token[k]
         response_dic['active'] = True
         response_dic['client_id'] = self.token.client.client_id
-
+        if settings.get('OIDC_INTROSPECTION_RESPONSE_SCOPE_ENABLE'):
+            response_dic['scope'] = ' '.join(self.token.scope)
         response_dic = run_processing_hook(response_dic,
                                            'OIDC_INTROSPECTION_PROCESSING_HOOK',
                                            client=self.client,