Merge branch 'master' into cors-oauthlib

Author: akanstantsinau

.gitignore

@@ -51,3 +51,6 @@ _build
 
 /venv/
 /coverage.xml
+
+db.sqlite3
+venv/

.pre-commit-config.yaml

@@ -5,7 +5,7 @@ repos:
       - id: black
         exclude: ^(oauth2_provider/migrations/|tests/migrations/)
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.4.0
+    rev: v4.5.0
     hooks:
       - id: check-ast
       - id: trailing-whitespace

AUTHORS

@@ -15,6 +15,7 @@ Alan Crosswell
 Alejandro Mantecon Guillen
 Aleksander Vaskevich
 Alessandro De Angelis
+Alex Manning
 Alex Szabó
 Aliaksei Kanstantsinau
 Allisson Azevedo
@@ -71,6 +72,7 @@ Jun Zhou
 Kaleb Porter
 Kristian Rune Larsen
 Ludwig Hähne
+Łukasz Skarżyński
 Marcus Sonestedt
 Matias Seniquiel
 Michael Howitz
@@ -83,6 +85,7 @@ Peter Carnesciali
 Peter Karman
 Peter McDonald
 Petr Dlouhý
+pySilver
 Rodney Richardson
 Rustem Saiargaliev
 Rustem Saiargaliev
@@ -97,6 +100,4 @@ Tom Evans
 Vinay Karanam
 Víðir Valberg Guðmundsson
 Will Beaufoy
-pySilver
-Łukasz Skarżyński
 Yuri Savin

oauth2_provider/models.py

@@ -22,6 +22,7 @@
 from .utils import jwk_from_pem
 from .validators import RedirectURIValidator, URIValidator, WildcardSet, AllowedURIValidator
 
+
 logger = logging.getLogger(__name__)
 
 

oauth2_provider/oauth2_validators.py

@@ -190,7 +190,7 @@ def _authenticate_request_body(self, request):
         if self._load_application(client_id, request) is None:
             log.debug("Failed body auth: Application %s does not exists" % client_id)
             return False
-        elif not check_password(client_secret, request.client.client_secret):
+        elif not self._check_secret(client_secret, request.client.client_secret):
             log.debug("Failed body auth: wrong client secret %s" % client_secret)
             return False
         else:

tests/app/README.md

@@ -0,0 +1,48 @@
+# Test Apps
+
+These apps are for local end to end testing of DOT features. They were implemented to save maintainers the trouble of setting up
+local test environments.
+
+## /tests/app/idp
+
+This is an example IDP implementation for end to end testing. There are pre-configured fixtures which will work with the sample RP.
+
+username: superuser
+password: password
+
+### Development Tasks
+
+* starting up the idp
+
+  ```bash
+  cd tests/app/idp
+  # create a virtual env if that is something you do
+  python manage.py migrate
+  python manage.py loaddata fixtures/seed.json
+  python manage.py runserver
+  # open http://localhost:8000/admin
+
+  ```
+
+* update fixtures
+
+  You can update data in the IDP and then dump the data to a new seed file as follows.
+
+  ```
+  python -Xutf8 ./manage.py dumpdata -e sessions  -e admin.logentry -e auth.permission -e contenttypes.contenttype --natural-foreign --natural-primary --indent 2 > fixtures/seed.json
+  ```
+
+## /test/app/rp
+
+This is an example RP. It is a SPA built with Svelte.
+
+### Development Tasks
+
+* starting the RP
+
+  ```bash
+  cd test/apps/rp
+  npm install
+  npm run dev
+  # open http://localhost:5173
+  ```

tests/app/idp/README.md

@@ -0,0 +1,16 @@
+# TEST IDP
+
+This is an example IDP implementation for end to end testing.
+
+username: superuser
+password: password
+
+## Development Tasks
+
+* update fixtures
+
+  ```
+  python -Xutf8 ./manage.py dumpdata -e sessions  -e admin.logentry -e auth.permission -e contenttypes.contenttype -e oauth2_provider.grant -e oauth2_provider.accesstoken -e oauth2_provider.refreshtoken -e oauth2_provider.idtoken --natural-foreign --natural-primary --indent 2 > fixtures/seed.json
+  ```
+
+  *check seeds as you produce them to makre sure any unrequired models are excluded to keep our seeds as small as possible.*

tests/app/idp/fixtures/seed.json

@@ -0,0 +1,37 @@
+[
+{
+  "model": "auth.user",
+  "fields": {
+    "password": "pbkdf2_sha256$390000$29LoVHfFRlvEOJ9clv73Wx$fx5ejfUJ+nYsnBXFf21jZvDsq4o3p5io3TrAGKAVTq4=",
+    "last_login": "2023-10-05T14:39:15.980Z",
+    "is_superuser": true,
+    "username": "superuser",
+    "first_name": "",
+    "last_name": "",
+    "email": "",
+    "is_staff": true,
+    "is_active": true,
+    "date_joined": "2023-05-01T19:53:59.622Z",
+    "groups": [],
+    "user_permissions": []
+  }
+},
+{
+  "model": "oauth2_provider.application",
+  "fields": {
+    "client_id": "2EIxgjlyy5VgCp2fjhEpKLyRtSMMPK0hZ0gBpNdm",
+    "user": null,
+    "redirect_uris": "http://localhost:5173\r\nhttp://127.0.0.1:5173",
+    "post_logout_redirect_uris": "http://localhost:5173\r\nhttp://127.0.0.1:5173",
+    "client_type": "public",
+    "authorization_grant_type": "authorization-code",
+    "client_secret": "pbkdf2_sha256$600000$HEYByn6WXiQUI1D6ezTnAf$qPLekt0t3ZssnzEOvQkeOSfxx7tbs/gcC3O0CthtP2A=",
+    "hash_client_secret": true,
+    "name": "OIDC - Authorization Code",
+    "skip_authorization": true,
+    "created": "2023-05-01T20:27:46.167Z",
+    "updated": "2023-05-11T16:37:21.669Z",
+    "algorithm": "RS256"
+  }
+}
+]

tests/app/idp/idp/__init__.py

@@ -0,0 +1,17 @@
+"""
+ASGI config for idp project.
+
+It exposes the ASGI callable as a module-level variable named ``application``.
+
+For more information on this file, see
+https://docs.djangoproject.com/en/4.2/howto/deployment/asgi/
+"""
+
+import os
+
+from django.core.asgi import get_asgi_application
+
+
+os.environ.setdefault("DJANGO_SETTINGS_MODULE", "idp.settings")
+
+application = get_asgi_application()