Merge branch 'master' into login_not_required

Author: dulmandakh

.github/workflows/test.yml

@@ -10,41 +10,20 @@ jobs:
       fail-fast: false
       matrix:
         python-version:
-        # - '3.8'
-        # - '3.9'
         - '3.10'
         - '3.11'
         - '3.12'
         django-version:
-        # - '3.2'
-        # - '4.0'
-        # - '4.1'
         - '4.2'
         - '5.0'
         - '5.1'
         - 'main'
-        # exclude:
+        include:
           # https://docs.djangoproject.com/en/dev/faq/install/#what-python-version-can-i-use-with-django
-
-          # < Python 3.10 is not supported by Django 5.0+
-          # - python-version: '3.8'
-          #   django-version: '5.0'
-          # - python-version: '3.9'
-          #   django-version: '5.0'
-          # - python-version: '3.8'
-          #   django-version: 'main'
-          # - python-version: '3.9'
-          #   django-version: 'main'
-
-          # # Python 3.12 is not supported by Django < 5.0
-          # - python-version: '3.12'
-          #   django-version: '3.2'
-          # - python-version: '3.12'
-          #   django-version: '4.0'
-          # - python-version: '3.12'
-          #   django-version: '4.1'
-          # - python-version: '3.12'
-          #   django-version: '4.2'
+          - python-version: '3.8'
+            django-version: '4.2'
+          - python-version: '3.9'
+            django-version: '4.2'
 
     steps:
     - uses: actions/checkout@v4

AUTHORS

@@ -104,6 +104,7 @@ Rustem Saiargaliev
 Sandro Rodrigues
 Shaheed Haque
 Shaun Stanworth
+Sayyid Hamid Mahdavi
 Silvano Cerza
 Sora Yanai
 Sören Wegener

CHANGELOG.md

@@ -21,11 +21,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 * #1404 Add a new setting `REFRESH_TOKEN_REUSE_PROTECTION`
 ### Changed
 * Update token to TextField from CharField with 255 character limit and SHA-256 checksum in AbstractAccessToken model. Removing the 255 character limit enables supporting JWT tokens with additional claims
-
 * Update middleware, validators, and views to use token checksums instead of token for token retrieval and validation.
+* #1446 use generic models pk instead of id.
+
 ### Deprecated
 ### Removed
 * #1425 Remove deprecated `RedirectURIValidator`, `WildcardSet` per #1345; `validate_logout_request` per #1274
+* Remove support for Django versions below 4.2
 
 ### Fixed
 * #1443 Query strings with invalid hex values now raise a SuspiciousOperation exception (in DRF extension) instead of raising a 500 ValueError: Invalid hex encoding in query string.

README.rst

@@ -44,7 +44,7 @@ Requirements
 ------------
 
 * Python 3.8+
-* Django 3.2, 4.0 (4.0.1+ due to a regression), 4.1, 4.2, or 5.0
+* Django 4.2, 5.0 or 5.1
 * oauthlib 3.1+
 
 Installation

docs/index.rst

@@ -22,7 +22,7 @@ Requirements
 ------------
 
 * Python 3.8+
-* Django 3.2, 4.0 (4.0.1+ due to a regression), 4.1, 4.2, or 5.0
+* Django 4.2, 5.0 or 5.1
 * oauthlib 3.1+
 
 Index

oauth2_provider/admin.py

@@ -19,7 +19,7 @@
 
 
 class ApplicationAdmin(admin.ModelAdmin):
-    list_display = ("id", "name", "user", "client_type", "authorization_grant_type")
+    list_display = ("pk", "name", "user", "client_type", "authorization_grant_type")
     list_filter = ("client_type", "authorization_grant_type", "skip_authorization")
     radio_fields = {
         "client_type": admin.HORIZONTAL,

oauth2_provider/models.py

@@ -244,7 +244,7 @@ def clean(self):
                 raise ValidationError(_("You cannot use HS256 with public grants or clients"))
 
     def get_absolute_url(self):
-        return reverse("oauth2_provider:detail", args=[str(self.id)])
+        return reverse("oauth2_provider:detail", args=[str(self.pk)])
 
     def get_allowed_schemes(self):
         """
@@ -520,7 +520,7 @@ def revoke(self):
             self = list(token)[0]
 
             try:
-                access_token_model.objects.get(id=self.access_token_id).revoke()
+                access_token_model.objects.get(pk=self.access_token_id).revoke()
             except access_token_model.DoesNotExist:
                 pass
             self.access_token = None

oauth2_provider/oauth2_validators.py

@@ -622,7 +622,7 @@ def save_bearer_token(self, token, request, *args, **kwargs):
                     # from the db while acquiring a lock on it
                     # We also put it in the "request cache"
                     refresh_token_instance = RefreshToken.objects.select_for_update().get(
-                        id=refresh_token_instance.id
+                        pk=refresh_token_instance.pk
                     )
                     request.refresh_token_instance = refresh_token_instance
 
@@ -756,7 +756,7 @@ def get_original_scopes(self, refresh_token, request, *args, **kwargs):
         rt = request.refresh_token_instance
         if not rt.access_token_id:
             try:
-                return AccessToken.objects.get(source_refresh_token_id=rt.id).scope
+                return AccessToken.objects.get(source_refresh_token_id=rt.pk).scope
             except AccessToken.DoesNotExist:
                 return []
         return rt.access_token.scope
@@ -810,9 +810,9 @@ def get_jwt_bearer_token(self, token, token_handler, request):
 
     def get_claim_dict(self, request):
         if self._get_additional_claims_is_request_agnostic():
-            claims = {"sub": lambda r: str(r.user.id)}
+            claims = {"sub": lambda r: str(r.user.pk)}
         else:
-            claims = {"sub": str(request.user.id)}
+            claims = {"sub": str(request.user.pk)}
 
         # https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
         if self._get_additional_claims_is_request_agnostic():

oauth2_provider/templates/oauth2_provider/application_detail.html

@@ -49,8 +49,8 @@ <h3 class="block-center-heading">{{ application.name }}</h3>
 
         <div class="btn-toolbar">
             <a class="btn" href="{% url "oauth2_provider:list" %}">{% trans "Go Back" %}</a>
-            <a class="btn btn-primary" href="{% url "oauth2_provider:update" application.id %}">{% trans "Edit" %}</a>
-            <a class="btn btn-danger" href="{% url "oauth2_provider:delete" application.id %}">{% trans "Delete" %}</a>
+            <a class="btn btn-primary" href="{% url "oauth2_provider:update" application.pk %}">{% trans "Edit" %}</a>
+            <a class="btn btn-danger" href="{% url "oauth2_provider:delete" application.pk %}">{% trans "Delete" %}</a>
         </div>
     </div>
 {% endblock content %}

oauth2_provider/templates/oauth2_provider/application_form.html

@@ -3,7 +3,7 @@
 {% load i18n %}
 {% block content %}
     <div class="block-center">
-        <form class="form-horizontal" method="post" action="{% block app-form-action-url %}{% url 'oauth2_provider:update' application.id %}{% endblock app-form-action-url %}">
+        <form class="form-horizontal" method="post" action="{% block app-form-action-url %}{% url 'oauth2_provider:update' application.pk %}{% endblock app-form-action-url %}">
             <h3 class="block-center-heading">
                 {% block app-form-title %}
                     {% trans "Edit application" %} {{ application.name }}
@@ -31,7 +31,7 @@ <h3 class="block-center-heading">
 
             <div class="control-group">
                 <div class="controls">
-                    <a class="btn" href="{% block app-form-back-url %}{% url "oauth2_provider:detail" application.id %}{% endblock app-form-back-url %}">
+                    <a class="btn" href="{% block app-form-back-url %}{% url "oauth2_provider:detail" application.pk %}{% endblock app-form-back-url %}">
                         {% trans "Go Back" %}
                     </a>
                     <button type="submit" class="btn btn-primary">{% trans "Save" %}</button>