diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 64302e819..0c4329265 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,7 +7,7 @@ on: jobs: build: - if: github.repository == 'jazzband/django-oauth-toolkit' + if: github.repository == 'django-oauth/django-oauth-toolkit' runs-on: ubuntu-latest steps: @@ -29,10 +29,9 @@ jobs: python -m build twine check dist/* - - name: Upload packages to Jazzband + - name: Upload packages to PyPI if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') - uses: pypa/gh-action-pypi-publish@master + uses: pypa/gh-action-pypi-publish@release/v1 with: - user: jazzband - password: ${{ secrets.JAZZBAND_RELEASE_KEY }} - repository_url: https://jazzband.co/projects/django-oauth-toolkit/upload + user: __token__ + password: ${{ secrets.PYPI_PUBLISH_TOKEN }} \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index 32dd1734c..59eb50c61 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,8 +10,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 * #1506 Support for Wildcard Origin and Redirect URIs * #1586 Turkish language support added - @@ -241,7 +243,7 @@ This is a major release with **BREAKING** changes. Please make sure to review th ## [1.6.1] 2021-12-23 ### Changed -* Note: Only Django 4.0.1+ is supported due to a regression in Django 4.0.0. [Explanation](https://github.com/jazzband/django-oauth-toolkit/pull/1046#issuecomment-998015272) +* Note: Only Django 4.0.1+ is supported due to a regression in Django 4.0.0. [Explanation](https://github.com/django-oauth/django-oauth-toolkit/pull/1046#issuecomment-998015272) ### Fixed * Miscellaneous 1.6.0 packaging issues. @@ -332,7 +334,7 @@ This is a major release with **BREAKING** changes. Please make sure to review th ### Fixed * #812: Reverts #643 pass wrong request object to authenticate function. -* Fix concurrency issue with refresh token requests (#[810](https://github.com/jazzband/django-oauth-toolkit/pull/810)) +* Fix concurrency issue with refresh token requests (#[810](https://github.com/django-oauth/django-oauth-toolkit/pull/810)) * #817: Reverts #734 tutorial documentation error. @@ -371,16 +373,16 @@ This is a major release with **BREAKING** changes. Please make sure to review th ### Fixed * Fix a race condition in creation of AccessToken with external oauth2 server. -* Fix several concurrency issues. (#[638](https://github.com/jazzband/django-oauth-toolkit/issues/638)) -* Fix to pass `request` to `django.contrib.auth.authenticate()` (#[636](https://github.com/jazzband/django-oauth-toolkit/issues/636)) +* Fix several concurrency issues. (#[638](https://github.com/django-oauth/django-oauth-toolkit/issues/638)) +* Fix to pass `request` to `django.contrib.auth.authenticate()` (#[636](https://github.com/django-oauth/django-oauth-toolkit/issues/636)) * Fix missing `oauth2_error` property exception oauthlib_core.verify_request method raises exceptions in authenticate. - (#[633](https://github.com/jazzband/django-oauth-toolkit/issues/633)) + (#[633](https://github.com/django-oauth/django-oauth-toolkit/issues/633)) * Fix "django.db.utils.NotSupportedError: FOR UPDATE cannot be applied to the nullable side of an outer join" for postgresql. - (#[714](https://github.com/jazzband/django-oauth-toolkit/issues/714)) + (#[714](https://github.com/django-oauth/django-oauth-toolkit/issues/714)) * Fix to return a new refresh token during grace period rather than the recently-revoked one. - (#[702](https://github.com/jazzband/django-oauth-toolkit/issues/702)) + (#[702](https://github.com/django-oauth/django-oauth-toolkit/issues/702)) * Fix a bug in refresh token revocation. - (#[625](https://github.com/jazzband/django-oauth-toolkit/issues/625)) + (#[625](https://github.com/django-oauth/django-oauth-toolkit/issues/625)) ## 1.2.0 [2018-06-03] @@ -402,7 +404,7 @@ This is a major release with **BREAKING** changes. Please make sure to review th * **Critical**: Django OAuth Toolkit 1.1.0 contained a migration that would revoke all existing RefreshTokens (`0006_auto_20171214_2232`). This release corrects the migration. If you have already ran it in production, please see the following issue for more details: - https://github.com/jazzband/django-oauth-toolkit/issues/589 + https://github.com/django-oauth/django-oauth-toolkit/issues/589 ## 1.1.0 [2018-04-13] diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index e0d5efab5..e5ee8d275 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -1,46 +1,108 @@ # Code of Conduct -As contributors and maintainers of the Jazzband projects, and in the interest of -fostering an open and welcoming community, we pledge to respect all people who -contribute through reporting issues, posting feature requests, updating documentation, -submitting pull requests or patches, and other activities. - -We are committed to making participation in the Jazzband a harassment-free experience -for everyone, regardless of the level of experience, gender, gender identity and -expression, sexual orientation, disability, personal appearance, body size, race, -ethnicity, age, religion, or nationality. - -Examples of unacceptable behavior by participants include: - -- The use of sexualized language or imagery -- Personal attacks -- Trolling or insulting/derogatory comments -- Public or private harassment -- Publishing other's private information, such as physical or electronic addresses, - without explicit permission -- Other unethical or unprofessional conduct - -The Jazzband roadies have the right and responsibility to remove, edit, or reject -comments, commits, code, wiki edits, issues, and other contributions that are not -aligned to this Code of Conduct, or to ban temporarily or permanently any contributor -for other behaviors that they deem inappropriate, threatening, offensive, or harmful. - -By adopting this Code of Conduct, the roadies commit themselves to fairly and -consistently applying these principles to every aspect of managing the jazzband -projects. Roadies who do not follow or enforce the Code of Conduct may be permanently -removed from the Jazzband roadies. - -This code of conduct applies both within project spaces and in public spaces when an -individual is representing the project or its community. - -Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by -contacting the roadies at `roadies@jazzband.co`. All complaints will be reviewed and -investigated and will result in a response that is deemed necessary and appropriate to -the circumstances. Roadies are obligated to maintain confidentiality with regard to the -reporter of an incident. - -This Code of Conduct is adapted from the [Contributor Covenant][homepage], version -1.3.0, available at [https://contributor-covenant.org/version/1/3/0/][version] - -[homepage]: https://contributor-covenant.org -[version]: https://contributor-covenant.org/version/1/3/0/ +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, caste, color, religion, or sexual +identity and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment for our +community include: + +* Demonstrating empathy and kindness toward other people +* Being respectful of differing opinions, viewpoints, and experiences +* Giving and gracefully accepting constructive feedback +* Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +* Focusing on what is best not just for us as individuals, but for the overall + community + +Examples of unacceptable behavior include: + +* The use of sexualized language or imagery, and sexual attention or advances of + any kind +* Trolling, insulting or derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or email address, + without their explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Enforcement Responsibilities + +Maintainers are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. + +Maintainers have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. + +## Scope + +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official email address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported to the community leaders responsible for enforcement at +[django-oauth-coc@googlegroups.com](mailto:django-oauth-coc@googlegroups.com). +All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Warning + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or permanent +ban. + +### 2. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. + +### 3. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within the +community. + +## Attribution + +This Code of Conduct is adapted from the [Django Commons Code of Conduct](https://github.com/django-commons/membership/blob/main/CODE_OF_CONDUCT.md) \ No newline at end of file diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 49518f460..b89d471e6 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,10 +1,10 @@ -[![Jazzband](https://jazzband.co/static/img/jazzband.svg)](https://jazzband.co/) +# Contribute to Django OAuth Toolkit -This is a [Jazzband](https://jazzband.co/) project. By contributing you agree to abide by the [Contributor Code of Conduct](https://jazzband.co/about/conduct) and follow the [guidelines](https://jazzband.co/about/guidelines). +Thanks for your interest, we love contributions! There are many ways to participate. We are always in need of help with code review, bug fixes, feature development, documentation, and community development. -# Contribute to Django OAuth Toolkit +By contributing you agree to abide by the [Code of Conduct](./CODE_OF_CONDUCT.md) -Thanks for your interest, we love contributions! +We are striving to make a free and open source standards compliant OAuth2/OIDC Identity Provider that adheres to best practices out of the box. Let that goal be your guide as you make decisions related to the project. Please [follow these guidelines](https://django-oauth-toolkit.readthedocs.io/en/latest/contributing.html) when submitting pull requests. diff --git a/Dockerfile b/Dockerfile index 4565df5ff..8828cead5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -37,8 +37,8 @@ FROM python:3.11.6-slim # allow embed sha1 at build time as release. ARG GIT_SHA1 -LABEL org.opencontainers.image.authors="https://jazzband.co/projects/django-oauth-toolkit" -LABEL org.opencontainers.image.source="https://github.com/jazzband/django-oauth-toolkit" +LABEL org.opencontainers.image.authors="https://github.com/django-oauth/django-oauth-toolkit/blob/master/AUTHORS" +LABEL org.opencontainers.image.source="https://github.com/django-oauth/django-oauth-toolkit" LABEL org.opencontainers.image.revision=${GIT_SHA1} diff --git a/README.rst b/README.rst index e8b49d2a6..e58098806 100644 --- a/README.rst +++ b/README.rst @@ -1,21 +1,17 @@ Django OAuth Toolkit ==================== -.. image:: https://jazzband.co/static/img/badge.svg - :target: https://jazzband.co/ - :alt: Jazzband - *OAuth2 goodies for the Djangonauts!* .. image:: https://badge.fury.io/py/django-oauth-toolkit.svg :target: http://badge.fury.io/py/django-oauth-toolkit -.. image:: https://github.com/jazzband/django-oauth-toolkit/workflows/Test/badge.svg - :target: https://github.com/jazzband/django-oauth-toolkit/actions +.. image:: https://github.com/django-oauth/django-oauth-toolkit/workflows/Test/badge.svg + :target: https://github.com/django-oauth/django-oauth-toolkit/actions :alt: GitHub Actions -.. image:: https://codecov.io/gh/jazzband/django-oauth-toolkit/branch/master/graph/badge.svg - :target: https://codecov.io/gh/jazzband/django-oauth-toolkit +.. image:: https://codecov.io/gh/django-oauth/django-oauth-toolkit/branch/master/graph/badge.svg + :target: https://codecov.io/gh/django-oauth/django-oauth-toolkit :alt: Coverage .. image:: https://img.shields.io/pypi/pyversions/django-oauth-toolkit.svg @@ -38,7 +34,7 @@ capabilities to your Django projects. Django OAuth Toolkit makes extensive use o Reporting security issues ------------------------- -Please report any security issues to the JazzBand security team at . Do not file an issue on the tracker. +Please report any security issues to the Django OAuth security team at . Do not file an issue on the tracker. Requirements ------------ @@ -78,7 +74,7 @@ If you need an OAuth2 provider you'll want to add the following to your ``urls.p Changelog --------- -See `CHANGELOG.md `_. +See `CHANGELOG.md `_. Documentation @@ -99,9 +95,8 @@ We need help maintaining and enhancing django-oauth-toolkit (DOT). Join the team ~~~~~~~~~~~~~ -Please consider joining `Jazzband `__ (If not -already a member) and the `DOT project -team `__. +There are no barriers to participation. Anyone can open an issue, pr, or review a pull request. Please +dive in! How you can help ~~~~~~~~~~~~~~~~ @@ -109,15 +104,15 @@ How you can help See our `contributing `__ info and the open -`issues `__ and -`PRs `__, +`issues `__ and +`PRs `__, especially those labeled -`help-wanted `__. +`help-wanted `__. Discussions ~~~~~~~~~~~ Have questions or want to discuss the project? -See `the discussions `__. +See `the discussions `__. Submit PRs and Perform Reviews @@ -127,18 +122,12 @@ PR submissions and reviews are always appreciated! Since we require an independent review of any PR before it can be merged, having your second set of eyes looking at PRs is extremely valuable. -Please don’t merge PRs -~~~~~~~~~~~~~~~~~~~~~~ - -Please be aware that we don’t want *every* Jazzband member to merge PRs -but just a handful of project team members so that we can maintain a -modicum of control over what goes into a release of this security oriented code base. Only `project -leads `__ are able to -publish releases to Pypi and it becomes difficult when creating a new -release for the leads to deal with “unexpected” merged PRs. -Become a Project Lead +Become a Maintainer ~~~~~~~~~~~~~~~~~~~~~ -If you are interested in stepping up to be a Project Lead, please take a look at -the `discussion about this `__. +If you are interested in stepping up to be a Maintainer, please open an issue. For maintainers we're +looking for a positive attitude, attentiveness to the specifications, strong coding and +communication skills, and a willingness to work with others. Maintainers are responsible for +merging pull requests, managing issues, creating releases, and ensuring the overall health of the +project. diff --git a/docs/advanced_topics.rst b/docs/advanced_topics.rst index 204e3f860..a99559e93 100644 --- a/docs/advanced_topics.rst +++ b/docs/advanced_topics.rst @@ -63,7 +63,7 @@ That's all, now Django OAuth Toolkit will use your model wherever an Application .. note:: ``OAUTH2_PROVIDER_APPLICATION_MODEL`` is the only setting variable that is not namespaced, this is because of the way Django currently implements swappable models. - See `issue #90 `_ for details. + See `issue #90 `_ for details. Configuring multiple databases ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/docs/contributing.rst b/docs/contributing.rst index 569f5eab2..1b491d70b 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -2,17 +2,13 @@ Contributing ============ -.. image:: https://jazzband.co/static/img/jazzband.svg - :target: https://jazzband.co/ - :alt: Jazzband - -This is a `Jazzband `_ project. By contributing you agree to abide by the `Contributor Code of Conduct `_ and follow the `guidelines `_. +By contributing you agree to abide by the `Code of Conduct `_ and follow the `guidelines `_. Setup ===== -Fork ``django-oauth-toolkit`` repository on `GitHub `_ and follow these steps: +Fork ``django-oauth-toolkit`` repository on `GitHub `_ and follow these steps: * Create a virtualenv and activate it * Clone your repository locally @@ -21,7 +17,7 @@ Issues ====== You can find the list of bugs, enhancements and feature requests on the -`issue tracker `_. If you want to fix an issue, pick up one and +`issue tracker `_. If you want to fix an issue, pick up one and add a comment stating you're working on it. Code Style @@ -161,7 +157,7 @@ When you begin your PR, you'll be asked to provide the following: * ``Fixed`` for any bug fixes. * ``Security`` in case of vulnerabilities. (Please report any security issues to the - JazzBand security team ````. Do not file an issue on the tracker + security team ````. Do not file an issue on the tracker or submit a PR until directed to do so.) * Make sure your name is in :file:`AUTHORS`. We want to give credit to all contributors! @@ -169,7 +165,7 @@ When you begin your PR, you'll be asked to provide the following: If your PR is not yet ready to be merged mark it as a Work-in-Progress By prepending ``WIP:`` to the PR title so that it doesn't get inadvertently approved and merged. -Make sure to request a review by assigning Reviewer ``jazzband/django-oauth-toolkit``. +Make sure to request a review by assigning Reviewer ``django-oauth/django-oauth-toolkit``. This will assign the review to the project team and a member will review it. In the meantime you can continue to add commits to your topic branch (and push them up to GitHub) either if you see something that needs changing, or in response to a reviewer's comments. If a reviewer asks for changes, you do not need to close the pull and reissue it @@ -184,7 +180,7 @@ outdated code and your changes diverge too far from master, the pull request has To pull in upstream changes:: - git remote add upstream https://github.com/jazzband/django-oauth-toolkit.git + git remote add upstream https://github.com/django-oauth/django-oauth-toolkit.git git fetch upstream Then merge the changes that you fetched:: @@ -316,7 +312,7 @@ Reviewing and Merging PRs ------------------------- - Make sure the PR description includes the `pull request template - `_ + `_ - Confirm that all required checklist items from the PR template are both indicated as done in the PR description and are actually done. - Perform a careful review and ask for any needed changes. @@ -351,11 +347,11 @@ password: password Publishing a Release -------------------- -Only Project Leads can `publish a release `_ to pypi.org +Only maintainers can publish a release to pypi.org and rtfd.io. This checklist is a reminder of the required steps. - When planning a new release, create a `milestone - `_ + `_ and assign issues, PRs, etc. to that milestone. - Review all commits since the last release and confirm that they are properly documented in the CHANGELOG. Reword entries as appropriate with links to docs @@ -366,7 +362,7 @@ and rtfd.io. This checklist is a reminder of the required steps. - :file:`oauth2_provider/__init__.py` to set ``__version__ = "..."`` - Once the final PR is merged, create and push a tag for the release. You'll shortly - get a notification from Jazzband of the availability of two pypi packages (source tgz + get a notification of the availability of two pypi packages (source tgz and wheel). Download these locally before releasing them. - Do a ``tox -e build`` and extract the downloaded and built wheel zip and tgz files into temp directories and do a ``diff -r`` to make sure they have the same content. diff --git a/docs/index.rst b/docs/index.rst index 07ed24314..8519827ed 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -16,7 +16,7 @@ See our :doc:`Changelog ` for information on updates. Support ------- -If you need help please submit a `question `_. +If you need help please submit a `question `_. Requirements ------------ diff --git a/docs/settings.rst b/docs/settings.rst index 985ca5d2c..9c71bb2a8 100644 --- a/docs/settings.rst +++ b/docs/settings.rst @@ -449,7 +449,7 @@ List of non-namespaced settings .. note:: These settings must be set as top-level Django settings (outside of ``OAUTH2_PROVIDER``), because of the way Django currently implements swappable models. - See `issue #90 `_ for details. + See `issue #90 `_ for details. OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL diff --git a/pyproject.toml b/pyproject.toml index 401d33cab..2bb4a83b2 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -50,7 +50,7 @@ dev = [ [project.urls] Homepage = "https://django-oauth-toolkit.readthedocs.io/" -Repository = "https://github.com/jazzband/django-oauth-toolkit" +Repository = "https://github.com/django-oauth/django-oauth-toolkit" [tool.setuptools.dynamic] version = {attr = "oauth2_provider.__version__"} diff --git a/tests/test_authorization_code.py b/tests/test_authorization_code.py index f162e211a..bf164d630 100644 --- a/tests/test_authorization_code.py +++ b/tests/test_authorization_code.py @@ -505,7 +505,7 @@ def test_code_post_auth_failing_redirection_uri_with_querystring(self): """ Test that in case of error the querystring of the redirection uri is preserved - See https://github.com/jazzband/django-oauth-toolkit/issues/238 + See https://github.com/django-oauth/django-oauth-toolkit/issues/238 """ self.client.login(username="test_user", password="123456") diff --git a/tests/test_models.py b/tests/test_models.py index 2c7ff8114..377c2349b 100644 --- a/tests/test_models.py +++ b/tests/test_models.py @@ -168,7 +168,7 @@ def test_custom_application_model(self): If a custom application model is installed, it should be present in the related objects and not the swapped out one. - See issue #90 (https://github.com/jazzband/django-oauth-toolkit/issues/90) + See issue #90 (https://github.com/django-oauth/django-oauth-toolkit/issues/90) """ related_object_names = [ f.name