Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-social-auth-core for
openSUSE:Factory checked in at 2023-04-25 16:43:00
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-social-auth-core (Old)
and /work/SRC/openSUSE:Factory/.python-social-auth-core.new.1533 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-social-auth-core"
Tue Apr 25 16:43:00 2023 rev:20 rq:1082742 version:4.4.2
Changes:
--------
---
/work/SRC/openSUSE:Factory/python-social-auth-core/python-social-auth-core.changes
2023-04-15 22:32:49.897428718 +0200
+++
/work/SRC/openSUSE:Factory/.python-social-auth-core.new.1533/python-social-auth-core.changes
2023-04-25 16:44:47.178924848 +0200
@@ -1,0 +2,7 @@
+Tue Apr 25 06:55:46 UTC 2023 - David Anes <[email protected]>
+
+- Update to 4.4.2
+ - Fixed Azure AD Tenant authentication with custom signing keys
+ - Added CAS OIDC backend
+
+-------------------------------------------------------------------
Old:
----
social-core-4.4.1.tar.gz
New:
----
social-core-4.4.2.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-social-auth-core.spec ++++++
--- /var/tmp/diff_new_pack.aaKsuP/_old 2023-04-25 16:44:47.642927599 +0200
+++ /var/tmp/diff_new_pack.aaKsuP/_new 2023-04-25 16:44:47.642927599 +0200
@@ -23,7 +23,7 @@
%bcond_with saml
Name: python-social-auth-core
-Version: 4.4.1
+Version: 4.4.2
Release: 0
Summary: Python Social Auth Core
License: BSD-3-Clause
++++++ social-core-4.4.1.tar.gz -> social-core-4.4.2.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/social-core-4.4.1/.pre-commit-config.yaml
new/social-core-4.4.2/.pre-commit-config.yaml
--- old/social-core-4.4.1/.pre-commit-config.yaml 2023-03-30
12:50:25.000000000 +0200
+++ new/social-core-4.4.2/.pre-commit-config.yaml 2023-04-22
07:47:59.000000000 +0200
@@ -20,7 +20,7 @@
- id: pyupgrade
args: [--py36-plus]
- repo: https://github.com/psf/black
- rev: 23.1.0
+ rev: 23.3.0
hooks:
- id: black
- repo: https://github.com/PyCQA/flake8
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/social-core-4.4.1/CHANGELOG.md
new/social-core-4.4.2/CHANGELOG.md
--- old/social-core-4.4.1/CHANGELOG.md 2023-03-30 12:50:25.000000000 +0200
+++ new/social-core-4.4.2/CHANGELOG.md 2023-04-22 07:47:59.000000000 +0200
@@ -5,6 +5,12 @@
The format is based on [Keep a Changelog](http://keepachangelog.com/)
and this project adheres to [Semantic Versioning](http://semver.org/).
+##
[4.4.2](https://github.com/python-social-auth/social-core/releases/tag/4.4.2) -
2023-43-22
+
+### Changed
+- Fixed Azure AD Tenant authentication with custom signing keys
+- Added CAS OIDC backend
+
##
[4.4.1](https://github.com/python-social-auth/social-core/releases/tag/4.4.1) -
2023-03-30
### Changed
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/social-core-4.4.1/requirements-dev.txt
new/social-core-4.4.2/requirements-dev.txt
--- old/social-core-4.4.1/requirements-dev.txt 2023-03-30 12:50:25.000000000
+0200
+++ new/social-core-4.4.2/requirements-dev.txt 2023-04-22 07:47:59.000000000
+0200
@@ -1 +1 @@
-pre-commit==3.2.1
+pre-commit==3.2.2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/social-core-4.4.1/social_core/__init__.py
new/social-core-4.4.2/social_core/__init__.py
--- old/social-core-4.4.1/social_core/__init__.py 2023-03-30
12:50:25.000000000 +0200
+++ new/social-core-4.4.2/social_core/__init__.py 2023-04-22
07:47:59.000000000 +0200
@@ -1 +1 @@
-__version__ = "4.4.1"
+__version__ = "4.4.2"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/social-core-4.4.1/social_core/backends/azuread_tenant.py
new/social-core-4.4.2/social_core/backends/azuread_tenant.py
--- old/social-core-4.4.1/social_core/backends/azuread_tenant.py
2023-03-30 12:50:25.000000000 +0200
+++ new/social-core-4.4.2/social_core/backends/azuread_tenant.py
2023-04-22 07:47:59.000000000 +0200
@@ -46,18 +46,25 @@
class AzureADTenantOAuth2(AzureADOAuth2):
name = "azuread-tenant-oauth2"
- OPENID_CONFIGURATION_URL = "{base_url}/.well-known/openid-configuration"
- JWKS_URL = "{base_url}/discovery/keys"
+ OPENID_CONFIGURATION_URL =
"{base_url}/.well-known/openid-configuration{appid}"
+ JWKS_URL = "{base_url}/discovery/keys{appid}"
@property
def tenant_id(self):
return self.setting("TENANT_ID", "common")
def openid_configuration_url(self):
- return self.OPENID_CONFIGURATION_URL.format(base_url=self.base_url)
+ return self.OPENID_CONFIGURATION_URL.format(
+ base_url=self.base_url, appid=self._appid()
+ )
def jwks_url(self):
- return self.JWKS_URL.format(base_url=self.base_url)
+ return self.JWKS_URL.format(base_url=self.base_url,
appid=self._appid())
+
+ def _appid(self):
+ return (
+ f"?appid={self.setting('KEY')}" if self.setting("KEY") is not None
else ""
+ )
def get_certificate(self, kid):
# retrieve keys from jwks_url
@@ -101,10 +108,10 @@
class AzureADV2TenantOAuth2(AzureADTenantOAuth2):
name = "azuread-v2-tenant-oauth2"
- OPENID_CONFIGURATION_URL =
"{base_url}/v2.0/.well-known/openid-configuration"
+ OPENID_CONFIGURATION_URL =
"{base_url}/v2.0/.well-known/openid-configuration{appid}"
AUTHORIZATION_URL = "{base_url}/oauth2/v2.0/authorize"
ACCESS_TOKEN_URL = "{base_url}/oauth2/v2.0/token"
- JWKS_URL = "{base_url}/discovery/v2.0/keys"
+ JWKS_URL = "{base_url}/discovery/v2.0/keys{appid}"
DEFAULT_SCOPE = ["openid", "profile", "offline_access"]
def get_user_id(self, details, response):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/social-core-4.4.1/social_core/backends/cas.py
new/social-core-4.4.2/social_core/backends/cas.py
--- old/social-core-4.4.1/social_core/backends/cas.py 1970-01-01
01:00:00.000000000 +0100
+++ new/social-core-4.4.2/social_core/backends/cas.py 2023-04-22
07:47:59.000000000 +0200
@@ -0,0 +1,61 @@
+"""
+CAS OIDC backend
+https://apereo.github.io/cas/6.6.x/authentication/OIDC-Authentication.html
+
+Backend for authenticating with Apereo CAS using OIDC. This backend handles
+the minor implementation differences between the Apereo CAS OIDC server
+implementation and the standard OIDC implementation in Python Social Auth.
+"""
+
+import logging
+
+from .open_id_connect import OpenIdConnectAuth
+
+logger = logging.getLogger("social")
+
+
+class CASOpenIdConnectAuth(OpenIdConnectAuth):
+ """
+ Open ID Connect backends for use with Apereo CAS.
+ Currently only the code response type is supported.
+
+ It can also be directly instantiated as a generic OIDC backend.
+ To use it you will need to set at minimum:
+
+ SOCIAL_AUTH_CAS_OIDC_ENDPOINT = 'https://.....' # endpoint without
/.well-known/openid-configuration
+ SOCIAL_AUTH_CAS_KEY = '<client_id>'
+ SOCIAL_AUTH_CAS_SECRET = '<client_secret>'
+ """
+
+ name = "cas"
+ STATE_PARAMETER = True
+
+ def oidc_endpoint(self):
+ endpoint = self.setting("OIDC_ENDPOINT", self.OIDC_ENDPOINT)
+ logger.debug(f"backend: CAS, endpoint: {endpoint}")
+ return endpoint
+
+ def get_user_id(self, details, response):
+ logger.debug(
+ f"backend: CAS, method: get_user_id, details: {details},
{response}"
+ )
+ return details.get("username")
+
+ def user_data(self, access_token, *args, **kwargs):
+ data = self.get_json(
+ self.userinfo_url(), headers={"Authorization": f"Bearer
{access_token}"}
+ )
+ logger.debug(f"backend: CAS, user_data: {data}")
+ return data.get("attributes", {})
+
+ def get_user_details(self, response):
+ username_key = self.setting("USERNAME_KEY", self.USERNAME_KEY)
+ logger.debug(f"backend: CAS, username_key: {username_key}")
+ attributes = self.user_data(response.get("access_token"))
+ return {
+ "username": attributes.get(username_key),
+ "email": attributes.get("email"),
+ "fullname": attributes.get("name"),
+ "first_name": attributes.get("given_name"),
+ "last_name": attributes.get("family_name"),
+ }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/social-core-4.4.1/social_core/tests/backends/test_cas.py
new/social-core-4.4.2/social_core/tests/backends/test_cas.py
--- old/social-core-4.4.1/social_core/tests/backends/test_cas.py
1970-01-01 01:00:00.000000000 +0100
+++ new/social-core-4.4.2/social_core/tests/backends/test_cas.py
2023-04-22 07:47:59.000000000 +0200
@@ -0,0 +1,65 @@
+import json
+
+from httpretty import HTTPretty
+
+from .oauth import OAuth2Test
+from .test_open_id_connect import OpenIdConnectTestMixin
+
+ROOT_URL = "https://cas.example.net/";
+
+
+class CASOpenIdConnectTest(OpenIdConnectTestMixin, OAuth2Test):
+ backend_path = "social_core.backends.cas.CASOpenIdConnectAuth"
+ issuer = f"{ROOT_URL}oidc"
+ openid_config_body = json.dumps(
+ {
+ "issuer": f"{ROOT_URL}oidc",
+ "jwks_uri": f"{ROOT_URL}oidc/jwks",
+ "authorization_endpoint": f"{ROOT_URL}oidc/oidcAuthorize",
+ "token_endpoint": f"{ROOT_URL}oidc/oidcAccessToken",
+ "userinfo_endpoint": f"{ROOT_URL}oidc/oidcProfile",
+ "request_uri_parameter_supported": False,
+ "grant_types_supported": ["authorization_code"],
+ "token_endpoint_auth_methods_supported": ["client_secret_basic"],
+ }
+ )
+
+ expected_username = "cartman"
+
+ user_data_body = json.dumps(
+ {
+ "sub": "Cartman",
+ "service": "https://cas.example.net/complete/cas/";,
+ "auth_time": 1677057708,
+ "attributes": {
+ "name": "Eric",
+ "groups": ["users", "admins"],
+ "preferred_username": "cartman",
+ "email": "[email protected]",
+ },
+ "id": "Cartman",
+ "client_id": "dev",
+ }
+ )
+
+ def extra_settings(self):
+ settings = super().extra_settings()
+ settings.update(
+ {
+ f"SOCIAL_AUTH_{self.name}_OIDC_ENDPOINT": f"{ROOT_URL}oidc",
+ }
+ )
+ return settings
+
+ def pre_complete_callback(self, start_url):
+ super().pre_complete_callback(start_url)
+ HTTPretty.register_uri(
+ "GET",
+ uri=self.backend.userinfo_url(),
+ status=200,
+ body=self.user_data_body,
+ content_type="text/json",
+ )
+
+ def test_everything_works(self):
+ self.do_login()
