From 52599819d5778d19ad684b83f2d503d1475f4c81 Mon Sep 17 00:00:00 2001 From: Asif Saif Uddin Date: Sat, 10 Sep 2022 15:11:38 +0600 Subject: [PATCH 01/15] draft CI --- .github/workflows/python-publish.yml | 39 ++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 .github/workflows/python-publish.yml diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml new file mode 100644 index 00000000..ec703542 --- /dev/null +++ b/.github/workflows/python-publish.yml @@ -0,0 +1,39 @@ +# This workflow will upload a Python Package using Twine when a release is created +# For more information see: https://help.github.com/en/actions/language-and-framework-guides/using-python-with-github-actions#publishing-to-package-registries + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +name: Upload Python Package + +on: + release: + types: [published] + +permissions: + contents: read + +jobs: + deploy: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - name: Set up Python + uses: actions/setup-python@v3 + with: + python-version: '3.x' + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install build + - name: Build package + run: python -m build + - name: Publish package + uses: pypa/gh-action-pypi-publish@27b31702a0e7fc50959f5ad993c78deac1bdfc29 + with: + user: __token__ + password: ${{ secrets.PYPI_API_TOKEN }} From 88e7ae82d9cd7433e19cd1fa4fa449a3c40b2aff Mon Sep 17 00:00:00 2001 From: Jonathan Huot Date: Wed, 23 Aug 2023 15:48:21 +0100 Subject: [PATCH 02/15] Update .github/workflows/python-publish.yml Co-authored-by: Christian Clauss --- .github/workflows/python-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml index ec703542..1a79796b 100644 --- a/.github/workflows/python-publish.yml +++ b/.github/workflows/python-publish.yml @@ -23,7 +23,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: Set up Python - uses: actions/setup-python@v3 + uses: actions/setup-python@v4 with: python-version: '3.x' - name: Install dependencies From a8d29ff192ff0c0bcb6fcee56ddea34034233efd Mon Sep 17 00:00:00 2001 From: Asif Saif Uddin Date: Wed, 23 Aug 2023 22:07:27 +0600 Subject: [PATCH 03/15] Update .github/workflows/python-publish.yml Co-authored-by: Christian Clauss --- .github/workflows/python-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml index 1a79796b..de1b8f15 100644 --- a/.github/workflows/python-publish.yml +++ b/.github/workflows/python-publish.yml @@ -28,7 +28,7 @@ jobs: python-version: '3.x' - name: Install dependencies run: | - python -m pip install --upgrade pip + python -m pip install --upgrade pip setuptools pip install build - name: Build package run: python -m build From 9139b72753cd1423d325cd7641f4b3c16ed27e43 Mon Sep 17 00:00:00 2001 From: Jonathan Huot Date: Thu, 24 Aug 2023 13:36:49 +0200 Subject: [PATCH 04/15] Initial build & publish rules with GH Actions --- .github/workflows/python-build.yml | 40 ++++++++++++++++++ .github/workflows/python-publish.yml | 61 ++++++++++++---------------- .travis.yml | 58 -------------------------- Makefile | 2 +- tox.ini | 18 ++++---- 5 files changed, 77 insertions(+), 102 deletions(-) create mode 100644 .github/workflows/python-build.yml delete mode 100644 .travis.yml diff --git a/.github/workflows/python-build.yml b/.github/workflows/python-build.yml new file mode 100644 index 00000000..e2d4dfdd --- /dev/null +++ b/.github/workflows/python-build.yml @@ -0,0 +1,40 @@ +name: Python Tests +run-name: Run Tests by ${{ github.actor }} +on: [push] +jobs: + tests: + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + strategy: + matrix: + python: ["3.8", "3.9", "3.10", "3.11"] + runs-on: ubuntu-latest + steps: + - name: Set up Python ${{ matrix.python }} + uses: actions/setup-python@v4 + with: + python-version: ${{ matrix.python }} + - name: Check out repository code + uses: actions/checkout@v3 + - name: Install prereq + run: pip install tox coveralls + - name: Run python tests + run: tox -e ${{ matrix.python }} + - name: Coveralls + run: coveralls + docs: + strategy: + matrix: + toxenv: ["docs", "readme"] + runs-on: ubuntu-latest + steps: + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: "3.11" + - name: Check out repository code + uses: actions/checkout@v3 + - name: Install prereq + run: pip install tox + - name: Run python tests + run: tox -e ${{ matrix.toxenv }} diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml index de1b8f15..89262709 100644 --- a/.github/workflows/python-publish.yml +++ b/.github/workflows/python-publish.yml @@ -1,39 +1,32 @@ -# This workflow will upload a Python Package using Twine when a release is created -# For more information see: https://help.github.com/en/actions/language-and-framework-guides/using-python-with-github-actions#publishing-to-package-registries - -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -name: Upload Python Package - +name: Production deploy on: - release: - types: [published] - -permissions: - contents: read - + workflow_run: + workflows: ["Python Tests"] + types: + - completed jobs: - deploy: - + pypi-publish: + if: | + ${{ github.event.workflow_run.conclusion == 'success' }} && + ${{ github.ref_type == 'tag' }} + name: Upload release to PyPI runs-on: ubuntu-latest - + environment: + name: pypi + url: https://pypi.org/p/oauthlib + permissions: + id-token: write # IMPORTANT: this permission is mandatory for trusted publishing steps: - - uses: actions/checkout@v3 - - name: Set up Python - uses: actions/setup-python@v4 + - name: Check out repository code + uses: actions/checkout@v3 + - uses: actions/setup-python@v4 with: - python-version: '3.x' - - name: Install dependencies - run: | - python -m pip install --upgrade pip setuptools - pip install build - - name: Build package - run: python -m build - - name: Publish package - uses: pypa/gh-action-pypi-publish@27b31702a0e7fc50959f5ad993c78deac1bdfc29 - with: - user: __token__ - password: ${{ secrets.PYPI_API_TOKEN }} + python-version: '3.10' + - name: Install prereq + run: pip install wheel + - name: Build python package + run: python setup.py build + - name: Package python package + run: python setup.py sdist bdist_wheel + - name: Publish package distributions to PyPI + uses: pypa/gh-action-pypi-publish@release/v1 diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 6b5e6e30..00000000 --- a/.travis.yml +++ /dev/null @@ -1,58 +0,0 @@ -language: python -python: 3.8 -os: linux -dist: bionic -cache: pip -jobs: - include: - - python: "3.6" - env: TOXENV=py36 - - python: "3.7" - env: TOXENV=py37,docs - - python: "3.8" - env: TOXENV=py38,bandit,readme - - python: "3.9" - env: TOXENV=py39 - - python: "3.10.2" - env: TOXENV=py310 - - python: "3.11-dev" - env: TOXENV=py311 - - python: "pypy3" - env: TOXENV=pypy3 - allow_failures: - - python: "3.11-dev" -before_install: - - sudo apt-get install graphviz - - python -m pip install --upgrade pip "setuptools<60.9" - - python -m pip install tox coveralls - - if [ "$TOXENV" == "pypy3" ]; then curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y && source $HOME/.cargo/env ; fi -script: tox -after_success: COVERALLS_PARALLEL=true coveralls -notifications: - webhooks: - urls: - - https://coveralls.io/webhook - - https://webhooks.gitter.im/e/6008c872bf0ecee344f4 - on_success: always - on_failure: always - on_start: never -deploy: - - provider: releases - token: - secure: "eqEWOzKWZCuvd1a77CA03OX/HCrsYlsu1/Sz/RhXQIEhKz6tKp10KGw9zr57bHAIl0OfJFK9k63lI2HOctAmwkKeeQ4HdNqw4pHFa8Gk3liGp31KSmshVtHX8Rtn0DuFA028Wm7w5n+fOVc8tJVU/UsKjsfsAzRHnQjMamckoXU=" - skip_cleanup: true - on: - tags: true - all_branches: true - condition: $TOXENV = py36 - repo: oauthlib/oauthlib - - provider: pypi - username: JonathanHuot - password: - secure: "OozNM16flVLvqDoNzmoTENchhS1w0/dEJZvXBQK2KWmh8fyGj2UZus1vkl6bA5V3Yu9MZLYFpDcltl/qraY3Up6iXQpwKz4q+ICygAudYM2kJ5l8ZEe+wy2FikWbD6LkXf5uKIJJnPNSC8AI86ZyxM/XZxbYjj/+jXyJ1YFZwwQ=" - distributions: sdist bdist_wheel - on: - tags: true - all_branches: true - condition: $TOXENV = py36 - repo: oauthlib/oauthlib diff --git a/Makefile b/Makefile index b1fbb39d..2d2e1ed7 100644 --- a/Makefile +++ b/Makefile @@ -81,4 +81,4 @@ dance: .DEFAULT_GOAL := all .PHONY: clean test bottle dance django flask requests -all: clean test bottle dance django flask requests +all: test bottle dance django flask requests diff --git a/tox.ini b/tox.ini index 4eb0813b..3195c771 100644 --- a/tox.ini +++ b/tox.ini @@ -1,5 +1,6 @@ +# require tox>=4 [tox] -envlist = py36,py37,py38,py39,py310,py311,pypy3,docs,readme,bandit,isort +envlist = py38,py39,py310,py311,pypy3,docs,readme,bandit,isort [testenv] deps= @@ -7,33 +8,32 @@ deps= commands= pytest --cov=oauthlib tests/ - # tox -e docs to mimic readthedocs build. # as of today, RTD is using python3.7 and doesn't run "setup.py install" [testenv:docs] -basepython=python3.7 +basepython=python3.11 skipsdist=True deps= sphinx sphinx_rtd_theme changedir=docs -whitelist_externals=make +allowlist_externals=make commands=make clean html # tox -e readme to mimic PyPI long_description check [testenv:readme] -basepython=python3.8 +basepython=python3.11 deps=twine>=1.12.0 -whitelist_externals=echo +allowlist_externals=echo commands= - twine check .tox/dist/* + twine check .tox/.pkg/dist/* [testenv:bandit] -basepython=python3.8 +basepython=python3.11 skipsdist=True deps=bandit commands=bandit -b bandit.json -r oauthlib/ -whitelist_externals=bandit +allowlist_externals=bandit [testenv:isort] basepython = python3.8 From d63d1aea5d3eb1e2240077096177687f018fc32a Mon Sep 17 00:00:00 2001 From: Maximilian Wirtz Date: Fri, 16 Sep 2022 13:28:20 +0200 Subject: [PATCH 05/15] Use proper SPDX identifier --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 0192458b..4c435f9a 100755 --- a/setup.py +++ b/setup.py @@ -32,7 +32,7 @@ def fread(fn): maintainer_email='ib.lundgren@gmail.com', url='https://github.com/oauthlib/oauthlib', platforms='any', - license='BSD', + license='BSD-3-Clause', packages=find_packages(exclude=('docs', 'tests', 'tests.*')), python_requires='>=3.6', extras_require={ From c21c56287d09f0d5f8e565ef201d841af5724004 Mon Sep 17 00:00:00 2001 From: Christian Clauss Date: Thu, 6 Oct 2022 09:20:34 +0200 Subject: [PATCH 06/15] Upgrade GitHub Actions and make bandit, codespell, and pytest mandatory (#835) * Upgrade GitHub Actions * Fix typo discovered by codespell * Update lint_python.yml --- .github/workflows/lint_python.yml | 18 ++++++++++-------- .../openid/connect/core/request_validator.py | 2 +- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/.github/workflows/lint_python.yml b/.github/workflows/lint_python.yml index 3b3be00e..ba4d6c92 100644 --- a/.github/workflows/lint_python.yml +++ b/.github/workflows/lint_python.yml @@ -4,22 +4,24 @@ jobs: lint_python: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: actions/setup-python@v2 + - uses: actions/checkout@v3 + - uses: actions/setup-python@v4 + with: + python-version: 3.x - run: pip install --upgrade pip wheel - run: pip install bandit black codespell flake8 flake8-2020 flake8-bugbear flake8-comprehensions isort mypy pytest pyupgrade safety - - run: bandit --recursive --skip B101 . || true # B101 is assert statements + - run: bandit --recursive --skip B101,B105,B106,B107,B324 . - run: black --check . || true - - run: codespell || true # --ignore-words-list="" --skip="*.css,*.js,*.lock" + - run: codespell # --ignore-words-list="" --skip="*.css,*.js,*.lock" - run: flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics - run: flake8 . --count --exit-zero --max-complexity=10 --max-line-length=88 --show-source --statistics - run: isort --check-only --profile black . || true - - run: pip install -r requirements.txt || pip install --editable . || true + - run: pip install -r requirements-test.txt + - run: pip install --editable . - run: mkdir --parents --verbose .mypy_cache - run: mypy --ignore-missing-imports --install-types --non-interactive . || true - - run: pytest . || true - - run: pytest --doctest-modules . || true - - run: shopt -s globstar && pyupgrade --py36-plus **/*.py || true + - run: pytest + - run: shopt -s globstar && pyupgrade --py37-plus **/*.py || true - run: safety check diff --git a/oauthlib/openid/connect/core/request_validator.py b/oauthlib/openid/connect/core/request_validator.py index 47c4cd94..e3cea79b 100644 --- a/oauthlib/openid/connect/core/request_validator.py +++ b/oauthlib/openid/connect/core/request_validator.py @@ -143,7 +143,7 @@ def finalize_id_token(self, id_token, token, token_handler, request): Token MUST NOT be accepted by the RP when performing authentication with the OP. - Additionals claims must be added, note that `request.scope` + Additional claims must be added, note that `request.scope` should be used to determine the list of claims. More information can be found at `OpenID Connect Core#Claims`_ From 97f5d05357187cad30a4f1e3833620c18a173118 Mon Sep 17 00:00:00 2001 From: Tiphaine LAURENT <25824254+TiphaineLAURENT@users.noreply.github.com> Date: Tue, 3 May 2022 16:39:24 +0200 Subject: [PATCH 07/15] OAuth2Error: Allow falsy values as state The idea is to allow values like `0` to be used a state. The current implementation only checks for truthiness. --- oauthlib/oauth2/rfc6749/errors.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oauthlib/oauth2/rfc6749/errors.py b/oauthlib/oauth2/rfc6749/errors.py index da24feab..6fcb7519 100644 --- a/oauthlib/oauth2/rfc6749/errors.py +++ b/oauthlib/oauth2/rfc6749/errors.py @@ -60,7 +60,7 @@ def __init__(self, description=None, uri=None, state=None, self.response_type = request.response_type self.response_mode = request.response_mode self.grant_type = request.grant_type - if not state: + if state is None: self.state = request.state else: self.redirect_uri = None From 11833b611ed267e30c6746172815c7bc96f5777a Mon Sep 17 00:00:00 2001 From: Burke Livingston Date: Thu, 6 Oct 2022 01:47:12 -0700 Subject: [PATCH 08/15] Update pre-configured OIDC server to use OIDC flavor of Refresh Token grant type (#838) * Modify pre-configured OIDC server to use OIDC Refresh Token grant type * Add test coverage for OIDC refresh token grant type * Use longer variable names --- .../connect/core/endpoints/pre_configured.py | 6 ++-- .../core/endpoints/test_refresh_token.py | 32 +++++++++++++++++++ 2 files changed, 36 insertions(+), 2 deletions(-) create mode 100644 tests/openid/connect/core/endpoints/test_refresh_token.py diff --git a/oauthlib/openid/connect/core/endpoints/pre_configured.py b/oauthlib/openid/connect/core/endpoints/pre_configured.py index 8ce8bee6..1f4370ad 100644 --- a/oauthlib/openid/connect/core/endpoints/pre_configured.py +++ b/oauthlib/openid/connect/core/endpoints/pre_configured.py @@ -12,11 +12,13 @@ from oauthlib.oauth2.rfc6749.grant_types import ( AuthorizationCodeGrant as OAuth2AuthorizationCodeGrant, ClientCredentialsGrant, ImplicitGrant as OAuth2ImplicitGrant, - RefreshTokenGrant, ResourceOwnerPasswordCredentialsGrant, + ResourceOwnerPasswordCredentialsGrant, ) from oauthlib.oauth2.rfc6749.tokens import BearerToken -from ..grant_types import AuthorizationCodeGrant, HybridGrant, ImplicitGrant +from ..grant_types import ( + AuthorizationCodeGrant, HybridGrant, ImplicitGrant, RefreshTokenGrant +) from ..grant_types.dispatchers import ( AuthorizationCodeGrantDispatcher, AuthorizationTokenGrantDispatcher, ImplicitTokenGrantDispatcher, diff --git a/tests/openid/connect/core/endpoints/test_refresh_token.py b/tests/openid/connect/core/endpoints/test_refresh_token.py new file mode 100644 index 00000000..9161f5a5 --- /dev/null +++ b/tests/openid/connect/core/endpoints/test_refresh_token.py @@ -0,0 +1,32 @@ +"""Ensure that the server correctly uses the OIDC flavor of +the Refresh token grant type when appropriate. + +When the OpenID scope is provided, the refresh token response +should include a fresh ID token. +""" +import json +from unittest import mock + +from oauthlib.openid import RequestValidator +from oauthlib.openid.connect.core.endpoints.pre_configured import Server + +from tests.unittest import TestCase + + +class TestRefreshToken(TestCase): + + def setUp(self): + self.validator = mock.MagicMock(spec=RequestValidator) + self.validator.get_id_token.return_value='id_token' + + self.server = Server(self.validator) + + def test_refresh_token_with_openid(self): + request_body = 'scope=openid+test_scope&grant_type=refresh_token&refresh_token=abc' + headers, body, status = self.server.create_token_response('', body=request_body) + self.assertIn('id_token', json.loads(body)) + + def test_refresh_token_no_openid(self): + request_body = 'scope=test_scope&grant_type=refresh_token&refresh_token=abc' + headers, body, status = self.server.create_token_response('', body=request_body) + self.assertNotIn('id_token', json.loads(body)) From 541297b344944d13c77f4ea0356b83bb3b381dba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= Date: Tue, 18 Oct 2022 09:43:17 +0200 Subject: [PATCH 09/15] Update setup.cfg to use license_files (#839) Fixes the following warning: > The license_file parameter is deprecated, use license_files instead. --- setup.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.cfg b/setup.cfg index ca59291b..286d6cbe 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,5 +1,5 @@ [metadata] -license_file = LICENSE +license_files = LICENSE [isort] combine_as_imports = true From 120c88e7aeae1a0f184c4aaf888cc0aef1c5f2b7 Mon Sep 17 00:00:00 2001 From: Jonathan Huot Date: Mon, 17 Oct 2022 21:42:56 +0200 Subject: [PATCH 10/15] Add 3.2.2 version --- CHANGELOG.rst | 6 +++++- oauthlib/__init__.py | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 9e150100..82dbd75a 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,11 +1,15 @@ Changelog ========= +3.2.2 (2022-10-17) +------------------ +OAuth2.0 Provider: +* CVE-2022-36087 + 3.2.1 (2022-09-09) ------------------ OAuth2.0 Provider: * #803: Metadata endpoint support of non-HTTPS -* CVE-2022-36087 OAuth1.0: * #818: Allow IPv6 being parsed by signature diff --git a/oauthlib/__init__.py b/oauthlib/__init__.py index 9b7eff2f..d9a5e38e 100644 --- a/oauthlib/__init__.py +++ b/oauthlib/__init__.py @@ -12,7 +12,7 @@ from logging import NullHandler __author__ = 'The OAuthlib Community' -__version__ = '3.2.1' +__version__ = '3.2.2' logging.getLogger('oauthlib').addHandler(NullHandler()) From 761c1bf7b18c33abd24cdd7dd19b002a87f61866 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sindri=20Gu=C3=B0mundsson?= Date: Mon, 22 Aug 2022 16:32:14 +0000 Subject: [PATCH 11/15] Ensure expires_at is always int As discussed in #745 --- oauthlib/oauth2/rfc6749/clients/base.py | 4 +-- oauthlib/oauth2/rfc6749/parameters.py | 5 ++- tests/oauth2/rfc6749/clients/test_base.py | 33 +++++++++++++++++++ .../clients/test_service_application.py | 2 +- 4 files changed, 40 insertions(+), 4 deletions(-) diff --git a/oauthlib/oauth2/rfc6749/clients/base.py b/oauthlib/oauth2/rfc6749/clients/base.py index d5eb0cc1..1d12638e 100644 --- a/oauthlib/oauth2/rfc6749/clients/base.py +++ b/oauthlib/oauth2/rfc6749/clients/base.py @@ -589,11 +589,11 @@ def populate_token_attributes(self, response): if 'expires_in' in response: self.expires_in = response.get('expires_in') - self._expires_at = time.time() + int(self.expires_in) + self._expires_at = round(time.time()) + int(self.expires_in) if 'expires_at' in response: try: - self._expires_at = int(response.get('expires_at')) + self._expires_at = round(float(response.get('expires_at'))) except: self._expires_at = None diff --git a/oauthlib/oauth2/rfc6749/parameters.py b/oauthlib/oauth2/rfc6749/parameters.py index 8f6ce2c7..0f0f423a 100644 --- a/oauthlib/oauth2/rfc6749/parameters.py +++ b/oauthlib/oauth2/rfc6749/parameters.py @@ -345,7 +345,7 @@ def parse_implicit_response(uri, state=None, scope=None): params['scope'] = scope_to_list(params['scope']) if 'expires_in' in params: - params['expires_at'] = time.time() + int(params['expires_in']) + params['expires_at'] = round(time.time()) + int(params['expires_in']) if state and params.get('state', None) != state: raise ValueError("Mismatching or missing state in params.") @@ -437,6 +437,9 @@ def parse_token_response(body, scope=None): else: params['expires_at'] = time.time() + int(params['expires_in']) + if isinstance(params.get('expires_at'), float): + params['expires_at'] = round(params['expires_at']) + params = OAuth2Token(params, old_scope=scope) validate_token_parameters(params) return params diff --git a/tests/oauth2/rfc6749/clients/test_base.py b/tests/oauth2/rfc6749/clients/test_base.py index 70a22834..7286b991 100644 --- a/tests/oauth2/rfc6749/clients/test_base.py +++ b/tests/oauth2/rfc6749/clients/test_base.py @@ -1,5 +1,6 @@ # -*- coding: utf-8 -*- import datetime +from unittest.mock import patch from oauthlib import common from oauthlib.oauth2 import Client, InsecureTransportError, TokenExpiredError @@ -353,3 +354,35 @@ def test_create_code_challenge_s256(self): code_verifier = client.create_code_verifier(length=128) code_challenge_s256 = client.create_code_challenge(code_verifier=code_verifier, code_challenge_method='S256') self.assertEqual(code_challenge_s256, client.code_challenge) + + def test_parse_token_response_expires_at_is_int(self): + expected_expires_at = 1661185149 + token_json = ('{ "access_token":"2YotnFZFEjr1zCsicMWpAA",' + ' "token_type":"example",' + ' "expires_at":1661185148.6437678,' + ' "scope":"/profile",' + ' "example_parameter":"example_value"}') + + client = Client(self.client_id) + + response = client.parse_request_body_response(token_json, scope=["/profile"]) + + self.assertEqual(response['expires_at'], expected_expires_at) + self.assertEqual(client._expires_at, expected_expires_at) + + @patch('time.time') + def test_parse_token_response_generated_expires_at_is_int(self, t): + t.return_value = 1661185148.6437678 + expected_expires_at = round(t.return_value) + 3600 + token_json = ('{ "access_token":"2YotnFZFEjr1zCsicMWpAA",' + ' "token_type":"example",' + ' "expires_in":3600,' + ' "scope":"/profile",' + ' "example_parameter":"example_value"}') + + client = Client(self.client_id) + + response = client.parse_request_body_response(token_json, scope=["/profile"]) + + self.assertEqual(response['expires_at'], expected_expires_at) + self.assertEqual(client._expires_at, expected_expires_at) diff --git a/tests/oauth2/rfc6749/clients/test_service_application.py b/tests/oauth2/rfc6749/clients/test_service_application.py index b97d8554..84361d8b 100644 --- a/tests/oauth2/rfc6749/clients/test_service_application.py +++ b/tests/oauth2/rfc6749/clients/test_service_application.py @@ -166,7 +166,7 @@ def test_request_body_no_initial_private_key(self, t): @patch('time.time') def test_parse_token_response(self, t): t.return_value = time() - self.token['expires_at'] = self.token['expires_in'] + t.return_value + self.token['expires_at'] = self.token['expires_in'] + round(t.return_value) client = ServiceApplicationClient(self.client_id) From ae242d89100be709e6b137594e45cf8df8eb634e Mon Sep 17 00:00:00 2001 From: Asif Saif Uddin Date: Tue, 30 Aug 2022 10:13:24 +0600 Subject: [PATCH 12/15] create security policy --- SECURITY.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..ddb8632d --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,14 @@ +# Security Policy + +## Supported Versions + +following versions are currently being supported with security updates. + +| Version | Supported | +| ------- | ------------------ | +| 3.2.x | :white_check_mark: | +| 3.1.x | :x: | +| < 3.2.0 | :x: | + +## Reporting a Vulnerability +Contact auvipy@gmail.com for reporting any vulnerability. From 38b2b4198d2a6b6232b68dab347618d4bc0a6a35 Mon Sep 17 00:00:00 2001 From: Christian Clauss Date: Wed, 23 Aug 2023 19:51:38 +0200 Subject: [PATCH 13/15] Fix failing GitHub Action lint_python.yml --- .github/workflows/lint_python.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint_python.yml b/.github/workflows/lint_python.yml index ba4d6c92..7cb2b28e 100644 --- a/.github/workflows/lint_python.yml +++ b/.github/workflows/lint_python.yml @@ -8,7 +8,7 @@ jobs: - uses: actions/setup-python@v4 with: python-version: 3.x - - run: pip install --upgrade pip wheel + - run: pip install --upgrade pip setuptools wheel - run: pip install bandit black codespell flake8 flake8-2020 flake8-bugbear flake8-comprehensions isort mypy pytest pyupgrade safety - run: bandit --recursive --skip B101,B105,B106,B107,B324 . From 2c9811b7c9180270412b2420d0b54b4cb4afa791 Mon Sep 17 00:00:00 2001 From: Jonathan Huot Date: Thu, 24 Aug 2023 14:36:08 +0200 Subject: [PATCH 14/15] Add graphviz to generate dot graphs in docs --- .github/workflows/python-build.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/python-build.yml b/.github/workflows/python-build.yml index e2d4dfdd..d20d5b38 100644 --- a/.github/workflows/python-build.yml +++ b/.github/workflows/python-build.yml @@ -28,6 +28,8 @@ jobs: toxenv: ["docs", "readme"] runs-on: ubuntu-latest steps: + - name: Install dot + run: sudo apt install -y graphviz - name: Set up Python uses: actions/setup-python@v4 with: From a2c70e457a11287d0649a71877ed451c55821d34 Mon Sep 17 00:00:00 2001 From: Jonathan Huot Date: Thu, 24 Aug 2023 15:55:45 +0100 Subject: [PATCH 15/15] Remove unnecessary name Co-authored-by: Christian Clauss --- .github/workflows/python-build.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/python-build.yml b/.github/workflows/python-build.yml index d20d5b38..c7af97ad 100644 --- a/.github/workflows/python-build.yml +++ b/.github/workflows/python-build.yml @@ -28,8 +28,7 @@ jobs: toxenv: ["docs", "readme"] runs-on: ubuntu-latest steps: - - name: Install dot - run: sudo apt install -y graphviz + - run: sudo apt install -y graphviz - name: Set up Python uses: actions/setup-python@v4 with: pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy