Hello community, here is the log from the commit of package python-oauthlib for openSUSE:Factory checked in at 2018-05-29 10:42:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-oauthlib (Old) and /work/SRC/openSUSE:Factory/.python-oauthlib.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-oauthlib" Tue May 29 10:42:27 2018 rev:21 rq:611829 version:2.1.0 Changes: -------- --- /work/SRC/openSUSE:Factory/python-oauthlib/python-oauthlib.changes 2018-03-28 10:33:24.732663311 +0200 +++ /work/SRC/openSUSE:Factory/.python-oauthlib.new/python-oauthlib.changes 2018-05-29 10:42:32.209769489 +0200 @@ -1,0 +2,13 @@ +Wed May 23 02:49:49 UTC 2018 - [email protected] + +- specfile: + * fix fdupes call for single-spec + +- update to version 2.1.0: + * Fixed some copy and paste typos (#535) + * Use secrets module in Python 3.6 and later (#533) + * Add request argument to confirm_redirect_uri (#504) + * Avoid populating spurious token credentials (#542) + * Make populate attributes API public (#546) + +------------------------------------------------------------------- Old: ---- oauthlib-2.0.7.tar.gz New: ---- oauthlib-2.1.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-oauthlib.spec ++++++ --- /var/tmp/diff_new_pack.QVqhxl/_old 2018-05-29 10:42:34.725676630 +0200 +++ /var/tmp/diff_new_pack.QVqhxl/_new 2018-05-29 10:42:34.725676630 +0200 @@ -18,12 +18,12 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-oauthlib -Version: 2.0.7 +Version: 2.1.0 Release: 0 Summary: A Generic Implementation of the OAuth Request-Signing Logic License: BSD-3-Clause Group: Development/Languages/Python -Url: https://github.com/oauthlib/oauthlib +URL: https://github.com/oauthlib/oauthlib Source: https://files.pythonhosted.org/packages/source/o/oauthlib/oauthlib-%{version}.tar.gz BuildRequires: %{python_module PyJWT} BuildRequires: %{python_module blinker} @@ -67,9 +67,7 @@ %install %python_install - -#hardlink duplicated files -%fdupes %{buildroot} +%python_expand %fdupes %{buildroot}%{$python_sitelib} %check %python_exec setup.py test ++++++ oauthlib-2.0.7.tar.gz -> oauthlib-2.1.0.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oauthlib-2.0.7/CHANGELOG.rst new/oauthlib-2.1.0/CHANGELOG.rst --- old/oauthlib-2.0.7/CHANGELOG.rst 2018-03-19 14:40:22.000000000 +0100 +++ new/oauthlib-2.1.0/CHANGELOG.rst 2018-05-22 12:20:07.000000000 +0200 @@ -1,6 +1,15 @@ Changelog ========= +2.1.0 (2018-05-21) +------------------ + +* Fixed some copy and paste typos (#535) +* Use secrets module in Python 3.6 and later (#533) +* Add request argument to confirm_redirect_uri (#504) +* Avoid populating spurious token credentials (#542) +* Make populate attributes API public (#546) + 2.0.7 (2018-03-19) ------------------ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oauthlib-2.0.7/PKG-INFO new/oauthlib-2.1.0/PKG-INFO --- old/oauthlib-2.0.7/PKG-INFO 2018-03-19 14:41:22.000000000 +0100 +++ new/oauthlib-2.1.0/PKG-INFO 2018-05-22 12:21:04.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: oauthlib -Version: 2.0.7 +Version: 2.1.0 Summary: A generic, spec-compliant, thorough implementation of the OAuth request-signing logic Home-page: https://github.com/oauthlib/oauthlib Author: Idan Gazit diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oauthlib-2.0.7/oauthlib/__init__.py new/oauthlib-2.1.0/oauthlib/__init__.py --- old/oauthlib-2.0.7/oauthlib/__init__.py 2018-03-19 14:40:22.000000000 +0100 +++ new/oauthlib-2.1.0/oauthlib/__init__.py 2018-05-22 12:20:07.000000000 +0200 @@ -10,7 +10,7 @@ """ __author__ = 'The OAuthlib Community' -__version__ = '2.0.7' +__version__ = '2.1.0' import logging diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oauthlib-2.0.7/oauthlib/common.py new/oauthlib-2.1.0/oauthlib/common.py --- old/oauthlib-2.0.7/oauthlib/common.py 2018-03-19 14:40:22.000000000 +0100 +++ new/oauthlib-2.1.0/oauthlib/common.py 2018-05-22 12:20:07.000000000 +0200 @@ -11,12 +11,17 @@ import collections import datetime import logging -import random import re import sys import time try: + from secrets import randbits + from secrets import SystemRandom +except ImportError: + from random import getrandbits as randbits + from random import SystemRandom +try: from urllib import quote as _quote from urllib import unquote as _unquote from urllib import urlencode as _urlencode @@ -202,7 +207,7 @@ .. _`section 3.2.1`: https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01#section-3.2.1 .. _`section 3.3`: https://tools.ietf.org/html/rfc5849#section-3.3 """ - return unicode_type(unicode_type(random.getrandbits(64)) + generate_timestamp()) + return unicode_type(unicode_type(randbits(64)) + generate_timestamp()) def generate_timestamp(): @@ -225,7 +230,7 @@ and entropy when generating the random characters is important. Which is why SystemRandom is used instead of the default random.choice method. """ - rand = random.SystemRandom() + rand = SystemRandom() return ''.join(rand.choice(chars) for x in range(length)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oauthlib-2.0.7/oauthlib/oauth2/rfc6749/clients/base.py new/oauthlib-2.1.0/oauthlib/oauth2/rfc6749/clients/base.py --- old/oauthlib-2.0.7/oauthlib/oauth2/rfc6749/clients/base.py 2018-03-19 14:40:22.000000000 +0100 +++ new/oauthlib-2.1.0/oauthlib/oauth2/rfc6749/clients/base.py 2018-05-22 12:20:07.000000000 +0200 @@ -9,6 +9,7 @@ from __future__ import absolute_import, unicode_literals import time +import warnings from oauthlib.common import generate_token from oauthlib.oauth2.rfc6749 import tokens @@ -111,8 +112,10 @@ self.state_generator = state_generator self.state = state self.redirect_url = redirect_url + self.code = None + self.expires_in = None self._expires_at = None - self._populate_attributes(self.token) + self.populate_token_attributes(self.token) @property def token_types(self): @@ -406,7 +409,7 @@ .. _`Section 7.1`: https://tools.ietf.org/html/rfc6749#section-7.1 """ self.token = parse_token_response(body, scope=scope) - self._populate_attributes(self.token) + self.populate_token_attributes(self.token) return self.token def prepare_refresh_body(self, body='', refresh_token=None, scope=None, **kwargs): @@ -460,7 +463,18 @@ return uri, headers, body def _populate_attributes(self, response): - """Add commonly used values such as access_token to self.""" + warnings.warn("Please switch to the public method " + "populate_token_attributes.", DeprecationWarning) + return self.populate_token_attributes(response) + + def populate_code_attributes(self, response): + """Add attributes from an auth code response to self.""" + + if 'code' in response: + self.code = response.get('code') + + def populate_token_attributes(self, response): + """Add attributes from a token exchange response to self.""" if 'access_token' in response: self.access_token = response.get('access_token') @@ -478,9 +492,6 @@ if 'expires_at' in response: self._expires_at = int(response.get('expires_at')) - if 'code' in response: - self.code = response.get('code') - if 'mac_key' in response: self.mac_key = response.get('mac_key') diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oauthlib-2.0.7/oauthlib/oauth2/rfc6749/clients/mobile_application.py new/oauthlib-2.1.0/oauthlib/oauth2/rfc6749/clients/mobile_application.py --- old/oauthlib-2.0.7/oauthlib/oauth2/rfc6749/clients/mobile_application.py 2018-03-19 14:40:22.000000000 +0100 +++ new/oauthlib-2.1.0/oauthlib/oauth2/rfc6749/clients/mobile_application.py 2018-05-22 12:20:07.000000000 +0200 @@ -168,5 +168,5 @@ .. _`Section 3.3`: https://tools.ietf.org/html/rfc6749#section-3.3 """ self.token = parse_implicit_response(uri, state=state, scope=scope) - self._populate_attributes(self.token) + self.populate_token_attributes(self.token) return self.token diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oauthlib-2.0.7/oauthlib/oauth2/rfc6749/clients/service_application.py new/oauthlib-2.1.0/oauthlib/oauth2/rfc6749/clients/service_application.py --- old/oauthlib-2.0.7/oauthlib/oauth2/rfc6749/clients/service_application.py 2018-03-19 14:40:22.000000000 +0100 +++ new/oauthlib-2.1.0/oauthlib/oauth2/rfc6749/clients/service_application.py 2018-05-22 12:20:07.000000000 +0200 @@ -146,8 +146,8 @@ ' token requests.') claim = { 'iss': issuer or self.issuer, - 'aud': audience or self.issuer, - 'sub': subject or self.issuer, + 'aud': audience or self.audience, + 'sub': subject or self.subject, 'exp': int(expires_at or time.time() + 3600), 'iat': int(issued_at or time.time()), } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oauthlib-2.0.7/oauthlib/oauth2/rfc6749/clients/web_application.py new/oauthlib-2.1.0/oauthlib/oauth2/rfc6749/clients/web_application.py --- old/oauthlib-2.0.7/oauthlib/oauth2/rfc6749/clients/web_application.py 2018-03-19 14:40:22.000000000 +0100 +++ new/oauthlib-2.1.0/oauthlib/oauth2/rfc6749/clients/web_application.py 2018-05-22 12:20:07.000000000 +0200 @@ -172,5 +172,5 @@ oauthlib.oauth2.rfc6749.errors.MismatchingStateError """ response = parse_authorization_code_response(uri, state=state) - self._populate_attributes(response) + self.populate_code_attributes(response) return response diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oauthlib-2.0.7/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py new/oauthlib-2.1.0/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py --- old/oauthlib-2.0.7/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py 2018-03-19 14:40:22.000000000 +0100 +++ new/oauthlib-2.1.0/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py 2018-05-22 12:20:07.000000000 +0200 @@ -421,7 +421,8 @@ # authorization request as described in Section 4.1.1, and their # values MUST be identical. if not self.request_validator.confirm_redirect_uri(request.client_id, request.code, - request.redirect_uri, request.client): + request.redirect_uri, request.client, + request): log.debug('Redirect_uri (%r) invalid for client %r (%r).', request.redirect_uri, request.client_id, request.client) raise errors.MismatchingRedirectURIError(request=request) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oauthlib-2.0.7/oauthlib/oauth2/rfc6749/request_validator.py new/oauthlib-2.1.0/oauthlib/oauth2/rfc6749/request_validator.py --- old/oauthlib-2.0.7/oauthlib/oauth2/rfc6749/request_validator.py 2018-03-19 14:40:22.000000000 +0100 +++ new/oauthlib-2.1.0/oauthlib/oauth2/rfc6749/request_validator.py 2018-05-22 12:20:07.000000000 +0200 @@ -82,7 +82,7 @@ """ raise NotImplementedError('Subclasses must implement this method.') - def confirm_redirect_uri(self, client_id, code, redirect_uri, client, + def confirm_redirect_uri(self, client_id, code, redirect_uri, client, request, *args, **kwargs): """Ensure that the authorization process represented by this authorization code began with this 'redirect_uri'. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oauthlib-2.0.7/oauthlib.egg-info/PKG-INFO new/oauthlib-2.1.0/oauthlib.egg-info/PKG-INFO --- old/oauthlib-2.0.7/oauthlib.egg-info/PKG-INFO 2018-03-19 14:41:22.000000000 +0100 +++ new/oauthlib-2.1.0/oauthlib.egg-info/PKG-INFO 2018-05-22 12:21:04.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: oauthlib -Version: 2.0.7 +Version: 2.1.0 Summary: A generic, spec-compliant, thorough implementation of the OAuth request-signing logic Home-page: https://github.com/oauthlib/oauthlib Author: Idan Gazit diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oauthlib-2.0.7/tests/oauth2/rfc6749/clients/test_mobile_application.py new/oauthlib-2.1.0/tests/oauth2/rfc6749/clients/test_mobile_application.py --- old/oauthlib-2.0.7/tests/oauth2/rfc6749/clients/test_mobile_application.py 2018-03-19 14:40:22.000000000 +0100 +++ new/oauthlib-2.1.0/tests/oauth2/rfc6749/clients/test_mobile_application.py 2018-05-22 12:20:07.000000000 +0200 @@ -69,6 +69,18 @@ uri = client.prepare_request_uri(self.uri, **self.kwargs) self.assertURLEqual(uri, self.uri_kwargs) + def test_populate_attributes(self): + + client = MobileApplicationClient(self.client_id) + + response_uri = (self.response_uri + "&code=EVIL-CODE") + + client.parse_request_uri_response(response_uri, scope=self.scope) + + # We must not accidentally pick up any further security + # credentials at this point. + self.assertIsNone(client.code) + def test_parse_token_response(self): client = MobileApplicationClient(self.client_id) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oauthlib-2.0.7/tests/oauth2/rfc6749/clients/test_web_application.py new/oauthlib-2.1.0/tests/oauth2/rfc6749/clients/test_web_application.py --- old/oauthlib-2.0.7/tests/oauth2/rfc6749/clients/test_web_application.py 2018-03-19 14:40:22.000000000 +0100 +++ new/oauthlib-2.1.0/tests/oauth2/rfc6749/clients/test_web_application.py 2018-05-22 12:20:07.000000000 +0200 @@ -117,6 +117,25 @@ self.response_uri, state="invalid") + def test_populate_attributes(self): + + client = WebApplicationClient(self.client_id) + + response_uri = (self.response_uri + + "&access_token=EVIL-TOKEN" + "&refresh_token=EVIL-TOKEN" + "&mac_key=EVIL-KEY") + + client.parse_request_uri_response(response_uri, self.state) + + self.assertEqual(client.code, self.code) + + # We must not accidentally pick up any further security + # credentials at this point. + self.assertIsNone(client.access_token) + self.assertIsNone(client.refresh_token) + self.assertIsNone(client.mac_key) + def test_parse_token_response(self): client = WebApplicationClient(self.client_id)
