UA-4672 | Merge branch 'juanifioren-master' into UA-4672-attempt3

Author: mcohoon

.github/workflows/main.yml

@@ -1,26 +1,61 @@
-name: Django Tests CI
-
+name: "CI"
 on:
   push:
     branches: ["master", "develop"]
   pull_request:
-    branches: ["develop"]
+
+concurrency:
+  group: check-${{ github.ref }}
+  cancel-in-progress: true
 
 jobs:
-  tests:
+  formatting:
+    name: "Check Code Formatting"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: astral-sh/ruff-action@v3
+        with:
+          args: "--version"
+      - run: "ruff format --check --diff"
+  
+  linting:
+    name: "Check Code Linting"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: astral-sh/ruff-action@v3
+        with:
+          args: "--version"
+      - run: "ruff check --diff"
+
+  test_matrix_prep:
+    name: "Prepare Test Matrix"
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: "${{ steps.set-matrix.outputs.matrix }}"
+    steps:
+      - uses: actions/checkout@v4
+      - uses: astral-sh/setup-uv@v3
+      - run: uv tool install tox
+      - id: set-matrix
+        run: |
+          matrix=$(tox -l | jq -Rc 'select(test("^py\\d+.*django\\d+")) | capture("^py(?<python>\\d+).*django(?<django>\\d+)") | {"python": (.python | tostring | .[0:1] + "." + .[1:]), "django": (.django | tostring | .[0:1] + "." + .[1:])}' | jq -sc '{include: .}')
+          echo "matrix=$matrix" >> $GITHUB_OUTPUT
+
+  test:
+    name: "Test Django ${{ matrix.django }} | Python ${{ matrix.python }}"
+    needs: test_matrix_prep
     runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix: ${{ fromJson(needs.test_matrix_prep.outputs.matrix) }}
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
+    - uses: astral-sh/setup-uv@v3
+    - run: uv tool install tox
     - uses: actions/setup-python@v4
       with:
-        python-version: |
-            3.8
-            3.9
-            3.10
-            3.11
-    - name: Install tox
-      run: |
-        python -m pip install --upgrade pip
-        pip install tox
+        python-version: ${{ matrix.python }}
     - name: Run tox
-      run: tox
+      run: tox run --skip-missing-interpreters=false -e py$(echo "${{ matrix.python }}" | tr -d '.')-django$(echo "${{ matrix.django }}" | tr -d '.')

.vscode/settings.json

@@ -2,9 +2,14 @@
     "[python]": {
         "editor.formatOnSave": true,
         "editor.codeActionsOnSave": {
-            "source.fixAll": "explicit",
-            "source.organizeImports": "explicit"
+            "source.fixAll.ruff": "explicit",
+            "source.organizeImports.ruff": "explicit"
         },
         "editor.defaultFormatter": "charliermarsh.ruff"
-    }
+    },
+    "ruff.enable": true,
+    "ruff.nativeServer": true,
+    "python.analysis.ignore": ["*"],
+    "python.analysis.autoImportCompletions": false,
+    "pylint.enabled": false
 }

README.md

@@ -1,7 +1,7 @@
 # Django OpenID Connect Provider
 
 [![Python Versions](https://img.shields.io/pypi/pyversions/django-oidc-provider.svg)](https://pypi.python.org/pypi/django-oidc-provider)
-[![Django Versions](https://img.shields.io/badge/Django-3.2%20%7C%204.2-green)](https://pypi.python.org/pypi/django-oidc-provider)
+[![Django Versions](https://img.shields.io/badge/Django-3.2%20%7C%204.2%20%7C%205.2-green)](https://pypi.python.org/pypi/django-oidc-provider)
 [![PyPI Versions](https://img.shields.io/pypi/v/django-oidc-provider.svg)](https://pypi.python.org/pypi/django-oidc-provider)
 [![Documentation Status](https://readthedocs.org/projects/django-oidc-provider/badge/?version=master)](http://django-oidc-provider.readthedocs.io/)
 
@@ -18,3 +18,7 @@ Support for Python 3 and latest versions of django.
 [Read documentation for more info.](http://django-oidc-provider.readthedocs.org/)
 
 [Do you want to contribute? Please read this.](http://django-oidc-provider.readthedocs.io/en/master/sections/contribute.html)
+
+## Thanks to our sponsors
+
+[![Agilentia](https://avatars.githubusercontent.com/u/1707212?s=60&v=4)](https://github.com/agilentia)

docs/sections/changelog.rst

@@ -8,7 +8,28 @@ All notable changes to this project will be documented in this file.
 Unreleased
 ==========
 
-None
+0.9.0
+=====
+
+*2025-09-23*
+
+* Changed: Use PyJWT+cryptography instead of jwkest+Cryptodrome.
+* Added: Translation to Russian.
+* Changed: Ruff as a fast Python linter and code formatter.
+* Fixed: client_id sanitization to prevent database errors.
+
+0.8.4
+=====
+
+*2025-05-24*
+
+* Added: test package against Python 3.12 and 3.13.
+* Added: test package against Django 5.
+* Added: support of max_age parameter on authorization request.
+* Added: Passing Request Parameters as JWTs now returning request_not_supported error.
+* Added: Simplified chinese translation.
+* Changed: ID Token JSON encoder improved using DjangoJSONEncoder.
+* Changed: Use unittest.mock in tests. Remove mock library.
 
 0.8.3
 =====

docs/sections/contribute.rst

@@ -34,7 +34,7 @@ Improve Documentation
 
 We use `Sphinx <http://www.sphinx-doc.org/>`_ to generate this documentation. If you want to add or modify something just:
 
-* Install Sphinx (``pip install sphinx sphinx_rtd_theme``) and the auto-build tool (``pip install sphinx-autobuild``).
+* Install Sphinx and the auto-build tool (``pip install sphinx sphinx_rtd_theme sphinx-autobuild``).
 * Move inside the docs folder. ``cd docs/``
 * Generate and watch docs by running ``sphinx-autobuild . _build/``.
 * Open ``http://127.0.0.1:8000`` in a browser.

docs/sections/installation.rst

@@ -6,8 +6,8 @@ Installation
 Requirements
 ============
 
-* Python: ``3.8`` ``3.9`` ``3.10`` ``3.11``
-* Django: ``3.2`` ``4.2``
+* Python: ``3.8`` ``3.9`` ``3.10`` ``3.11`` ``3.12``
+* Django: ``3.2`` ``4.2`` ``5.1``
 
 Quick Installation
 ==================

docs/sections/templates.rst

@@ -6,7 +6,9 @@ Templates
 Add your own templates files inside a folder named ``templates/oidc_provider/``.
 You can copy the sample html files here and customize them with your own style.
 
-**authorize.html**::
+authorize.html
+==============
+::
 
     <h1>Request for Permission</h1>
 
@@ -29,7 +31,9 @@ You can copy the sample html files here and customize them with your own style.
 
     </form>
 
-**error.html**::
+error.html
+==========
+::
 
     <h3>{{ error }}</h3>
     <p>{{ description }}</p>
@@ -51,3 +55,18 @@ The following contexts will be passed to the ``authorize`` and ``error`` templat
         'error': 'string stating the error',
         'description': 'string stating description of the error'
     }
+
+end_session_prompt.html
+=======================
+
+Read more at :doc:`Session Management > Logout consent prompt </sections/sessionmanagement>` section.
+
+end_session_completed.html
+==========================
+
+Read more at :doc:`Session Management > Other scenarios <../sections/sessionmanagement>` section.
+
+end_session_failed.html
+=======================
+
+Read more at :doc:`Session Management > Other scenarios <../sections/sessionmanagement>` section.

example/Dockerfile

@@ -1,6 +1,23 @@
-FROM python:3-onbuild
+FROM python:3.11-slim
+
+WORKDIR /usr/src/app
+
+# Copy requirements and install dependencies
+COPY requirements.txt .
+RUN pip install --upgrade pip && \
+    pip install --no-cache-dir -r requirements.txt
+
+# Copy application code
+COPY . .
 
 RUN [ "python", "manage.py", "migrate" ]
 RUN [ "python", "manage.py", "creatersakey" ]
+
+# Create superuser with admin:admin credentials
+ENV DJANGO_SUPERUSER_USERNAME=admin
+ENV [email protected]
+ENV DJANGO_SUPERUSER_PASSWORD=admin
+RUN [ "python", "manage.py", "createsuperuser", "--noinput" ]
+
 EXPOSE 8000
 CMD [ "python", "manage.py", "runserver", "0.0.0.0:8000" ]

example/README.md

@@ -1,48 +1,18 @@
 # Example Project
 
-![Example Project](https://s17.postimg.org/4jjj8lavj/Screen_Shot_2016_09_07_at_15_58_43.png)
-
 On this example you'll be running your own OIDC provider in a second. This is a Django app with all the necessary things to work with `django-oidc-provider` package.
 
-## Setup & Running
-
-- [Manually](#manually)
-- [Using Docker](#using-docker)
-
-### Manually
-
-Setup project environment with [virtualenv](https://virtualenv.pypa.io) and [pip](https://pip.pypa.io).
-
-```bash
-$ virtualenv -p /usr/bin/python3 project_env
-
-$ source project_env/bin/activate
-
-$ git clone https://github.com/juanifioren/django-oidc-provider.git
-$ cd django-oidc-provider/example
-$ pip install -r requirements.txt
-```
-
-Run your provider.
-
-```bash
-$ python manage.py migrate
-$ python manage.py creatersakey
-$ python manage.py createsuperuser
-$ python manage.py runserver
-```
-
-Open your browser and go to `http://localhost:8000`. Voilà!
-
-### Using Docker
+## Setup & running using Docker
 
 Build and run the container.
 
 ```bash
 $ docker build -t django-oidc-provider .
-$ docker run -d -p 8000:8000 django-oidc-provider
+$ docker run -p 8000:8000 --name django-oidc-provider-app django-oidc-provider
 ```
 
+Go to http://localhost:8000/ and create your Client.
+
 ## Install package for development
 
 After you run `pip install -r requirements.txt`.

oidc_provider/admin.py

@@ -6,6 +6,7 @@
 from django.forms import ModelForm
 from django.utils.translation import gettext_lazy as _
 
+from oidc_provider.lib.utils.sanitization import sanitize_client_id
 from oidc_provider.models import Client
 from oidc_provider.models import Code
 from oidc_provider.models import RSAKey
@@ -23,12 +24,15 @@ def __init__(self, *args, **kwargs):
         self.fields["client_id"].widget.attrs["disabled"] = "true"
         self.fields["client_secret"].required = False
         self.fields["client_secret"].widget.attrs["disabled"] = "true"
+        self.fields["jwt_alg"].required = False
 
     def clean_client_id(self):
         instance = getattr(self, "instance", None)
         if instance and instance.pk:
-            return instance.client_id
+            # Sanitize existing client_id to remove any problematic characters
+            return sanitize_client_id(instance.client_id)
         else:
+            # Generate new client_id (digits only)
             return str(randint(1, 999999)).zfill(6)
 
     def clean_client_secret(self):