Hello community, here is the log from the commit of package python-adal for openSUSE:Factory checked in at 2019-04-19 18:37:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-adal (Old) and /work/SRC/openSUSE:Factory/.python-adal.new.5536 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-adal" Fri Apr 19 18:37:16 2019 rev:5 rq:694364 version:1.2.1 Changes: -------- --- /work/SRC/openSUSE:Factory/python-adal/python-adal.changes 2018-09-26 16:12:23.323389833 +0200 +++ /work/SRC/openSUSE:Factory/.python-adal.new.5536/python-adal.changes 2019-04-19 18:37:17.455101483 +0200 @@ -1,0 +2,10 @@ +Mon Mar 4 11:02:25 UTC 2019 - John Paul Adrian Glaubitz <[email protected]> + +- New upstream release + + Version 1.2.1 + + For detailed information about changes see the + HISTORY.txt file provided with this package +- Run %fdupes with %python_expand +- Update Url field to point to actual project homepage + +------------------------------------------------------------------- Old: ---- adal-1.0.2.tar.gz New: ---- adal-1.2.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-adal.spec ++++++ --- /var/tmp/diff_new_pack.z5hSJo/_old 2019-04-19 18:37:18.111102316 +0200 +++ /var/tmp/diff_new_pack.z5hSJo/_new 2019-04-19 18:37:18.115102321 +0200 @@ -1,7 +1,7 @@ # # spec file for package python-adal # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,18 +12,18 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-adal -Version: 1.0.2 +Version: 1.2.1 Release: 0 Summary: Azure Active Directory library License: MIT Group: Development/Languages/Python -Url: https://pypi.python.org/pypi/adal +Url: https://github.com/AzureAD/azure-activedirectory-library-for-python Source: https://files.pythonhosted.org/packages/source/a/adal/adal-%{version}.tar.gz Source1: HISTORY.txt BuildRequires: %{python_module devel} @@ -52,8 +52,7 @@ %install %python_install - -%fdupes %{buildroot}/%{python_sitelib}/* +%python_expand %fdupes %{buildroot}%{$python_sitelib} %files %{python_files} %defattr(-,root,root,-) ++++++ adal-1.0.2.tar.gz -> adal-1.2.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/adal-1.0.2/PKG-INFO new/adal-1.2.1/PKG-INFO --- old/adal-1.0.2/PKG-INFO 2018-06-26 21:24:16.000000000 +0200 +++ new/adal-1.2.1/PKG-INFO 2019-01-25 02:31:09.000000000 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: adal -Version: 1.0.2 +Version: 1.2.1 Summary: The ADAL for Python library makes it easy for python application to authenticate to Azure Active Directory (AAD) in order to access AAD protected web resources. Home-page: https://github.com/AzureAD/azure-activedirectory-library-for-python Author: Microsoft Corporation diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/adal-1.0.2/adal/__init__.py new/adal-1.2.1/adal/__init__.py --- old/adal-1.0.2/adal/__init__.py 2018-06-26 21:23:14.000000000 +0200 +++ new/adal-1.2.1/adal/__init__.py 2019-01-25 02:30:39.000000000 +0100 @@ -27,7 +27,7 @@ # pylint: disable=wrong-import-position -__version__ = '1.0.2' +__version__ = '1.2.1' import logging diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/adal-1.0.2/adal/authentication_context.py new/adal-1.2.1/adal/authentication_context.py --- old/adal-1.0.2/adal/authentication_context.py 2018-06-26 21:23:14.000000000 +0200 +++ new/adal-1.2.1/adal/authentication_context.py 2019-01-25 02:30:39.000000000 +0100 @@ -235,19 +235,22 @@ return self._acquire_token(token_func) def acquire_token_with_client_certificate(self, resource, client_id, - certificate, thumbprint): + certificate, thumbprint, public_certificate=None): '''Gets a token for a given resource via certificate credentials :param str resource: A URI that identifies the resource for which the token is valid. :param str client_id: The OAuth client id of the calling application. :param str certificate: A PEM encoded certificate private key. - :param str thumbprint: hex encoded thumbprint of the certificate. + :param str thumbprint: hex encoded thumbprint of the certificate. + :param public_certificate(optional): if not None, it will be sent to the service for subject name + and issuer based authentication, which is to support cert auto rolls. The value must match the + certificate private key parameter. :returns: dict with several keys, include "accessToken". ''' def token_func(self): token_request = TokenRequest(self._call_context, self, client_id, resource) - return token_request.get_token_with_certificate(certificate, thumbprint) + return token_request.get_token_with_certificate(certificate, thumbprint, public_certificate) return self._acquire_token(token_func) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/adal-1.0.2/adal/authority.py new/adal-1.2.1/adal/authority.py --- old/adal-1.0.2/adal/authority.py 2018-06-26 21:23:14.000000000 +0200 +++ new/adal-1.2.1/adal/authority.py 2019-01-25 02:30:39.000000000 +0100 @@ -1,20 +1,20 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # -# Copyright (c) Microsoft Corporation. +# Copyright (c) Microsoft Corporation. # All rights reserved. -# +# # This code is licensed under the MIT License. -# +# # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files(the "Software"), to deal # in the Software without restriction, including without limitation the rights # to use, copy, modify, merge, publish, distribute, sublicense, and / or sell # copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions : -# +# # The above copyright notice and this permission notice shall be included in # all copies or substantial portions of the Software. -# +# # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE @@ -62,6 +62,12 @@ def url(self): return self._url.geturl() + def _whitelisted(self): # testing if self._url.hostname is a dsts whitelisted domain + for domain in AADConstants.WHITELISTED_DOMAINS: + if self._url.hostname.endswith(domain): + return True + return False + def _validate_authority_url(self): if self._url.scheme != 'https': @@ -71,7 +77,7 @@ raise ValueError("The authority url must not have a query string.") path_parts = [part for part in self._url.path.split('/') if part] - if len(path_parts) > 1: + if (len(path_parts) > 1) and (not self._whitelisted()): #if dsts host, path_parts will be 2 raise ValueError("The authority url must be of the format https://login.microsoftonline.com/your_tenant";) elif len(path_parts) == 1: self._url = urlparse(self._url.geturl().rstrip('/')) @@ -89,6 +95,9 @@ self._log.debug("Performing static instance discovery") + if self._whitelisted(): # testing if self._url.hostname is a dsts whitelisted domain + self._log.debug("Authority validated via static instance discovery") + return True try: AADConstants.WELL_KNOWN_AUTHORITY_HOSTS.index(self._url.hostname) except ValueError: @@ -98,16 +107,16 @@ return True def _create_authority_url(self): - return "https://{}/{}{}".format(self._url.hostname, - self._tenant, + return "https://{}/{}{}".format(self._url.hostname, + self._tenant, AADConstants.AUTHORIZE_ENDPOINT_PATH) def _create_instance_discovery_endpoint_from_template(self, authority_host): discovery_endpoint = AADConstants.INSTANCE_DISCOVERY_ENDPOINT_TEMPLATE discovery_endpoint = discovery_endpoint.replace('{authorize_host}', authority_host) - discovery_endpoint = discovery_endpoint.replace('{authorize_endpoint}', - quote(self._create_authority_url(), + discovery_endpoint = discovery_endpoint.replace('{authorize_endpoint}', + quote(self._create_authority_url(), safe='~()*!.\'')) return urlparse(discovery_endpoint) @@ -132,7 +141,7 @@ if resp.status_code == 429: resp.raise_for_status() # Will raise requests.exceptions.HTTPError if not util.is_http_success(resp.status_code): - return_error_string = u"{} request returned http error: {}".format(operation, + return_error_string = u"{} request returned http error: {}".format(operation, resp.status_code) error_response = "" if resp.text: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/adal-1.0.2/adal/constants.py new/adal-1.2.1/adal/constants.py --- old/adal-1.0.2/adal/constants.py 2018-06-26 21:23:14.000000000 +0200 +++ new/adal-1.2.1/adal/constants.py 2019-01-25 02:30:39.000000000 +0100 @@ -1,4 +1,4 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # # Copyright (c) Microsoft Corporation. # All rights reserved. @@ -173,6 +173,8 @@ TokenTypeV1 = 'urn:oasis:names:tc:SAML:1.0:assertion' TokenTypeV2 = 'urn:oasis:names:tc:SAML:2.0:assertion' + OasisWssSaml11TokenProfile11 = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"; + OasisWssSaml2TokenProfile2 = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"; class XmlNamespaces(object): @@ -215,6 +217,15 @@ 'login.microsoftonline.us', 'login.microsoftonline.de', ] + WHITELISTED_DOMAINS = [ + # Define dSTS domains whitelist based on its Supported Environments & National Clouds list here + # https://microsoft.sharepoint.com/teams/AzureSecurityCompliance/Security/SitePages/dSTS%20Fundamentals.aspx + 'dsts.core.windows.net', + 'dsts.core.chinacloudapi.cn', + 'dsts.core.cloudapi.de', + 'dsts.core.usgovcloudapi.net', + 'dsts.core.azure-test.net', + ] INSTANCE_DISCOVERY_ENDPOINT_TEMPLATE = 'https://{authorize_host}/common/discovery/instance?authorization_endpoint={authorize_endpoint}&api-version=1.0' # pylint: disable=invalid-name AUTHORIZE_ENDPOINT_PATH = '/oauth2/authorize' TOKEN_ENDPOINT_PATH = '/oauth2/token' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/adal-1.0.2/adal/log.py new/adal-1.2.1/adal/log.py --- old/adal-1.0.2/adal/log.py 2018-06-26 21:23:14.000000000 +0200 +++ new/adal-1.2.1/adal/log.py 2019-01-25 02:30:39.000000000 +0100 @@ -42,7 +42,7 @@ Basic Usages:: >>>adal.set_logging_options({ - >>> 'level': 'DEBUG' + >>> 'level': 'DEBUG', >>> 'handler': logging.FileHandler('adal.log') >>>}) ''' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/adal-1.0.2/adal/mex.py new/adal-1.2.1/adal/mex.py --- old/adal-1.0.2/adal/mex.py 2018-06-26 21:23:14.000000000 +0200 +++ new/adal-1.2.1/adal/mex.py 2019-01-25 02:30:39.000000000 +0100 @@ -144,7 +144,7 @@ policy_id = self._check_policy(policy_node) if policy_id: id_ref = '#' + policy_id - policies[id_ref] = {id:id_ref} + policies[id_ref] = {policy_id:id_ref} return policies if policies else None diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/adal-1.0.2/adal/self_signed_jwt.py new/adal-1.2.1/adal/self_signed_jwt.py --- old/adal-1.0.2/adal/self_signed_jwt.py 2018-06-26 21:23:14.000000000 +0200 +++ new/adal-1.2.1/adal/self_signed_jwt.py 2019-01-25 02:30:39.000000000 +0100 @@ -78,12 +78,13 @@ self._token_endpoint = authority.token_endpoint self._client_id = client_id - def _create_header(self, thumbprint): + def _create_header(self, thumbprint, public_certificate): x5t = _create_x5t_value(thumbprint) header = {'typ':'JWT', 'alg':'RS256', 'x5t':x5t} - - self._log.debug("Creating self signed JWT header. x5t: %(x5t)s", - {"x5t": x5t}) + if public_certificate: + header['x5c'] = public_certificate + self._log.debug("Creating self signed JWT header. x5t: %(x5t)s, x5c: %(x5c)s", + {"x5t": x5t, "x5c": public_certificate}) return header @@ -117,8 +118,9 @@ self._raise_on_invalid_thumbprint(canonical) return canonical - def create(self, certificate, thumbprint): + def create(self, certificate, thumbprint, public_certificate): thumbprint = self._reduce_thumbprint(thumbprint) - header = self._create_header(thumbprint) + + header = self._create_header(thumbprint, public_certificate) payload = self._create_payload() return _sign_jwt(header, payload, certificate) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/adal-1.0.2/adal/token_request.py new/adal-1.2.1/adal/token_request.py --- old/adal-1.0.2/adal/token_request.py 2018-06-26 21:23:14.000000000 +0200 +++ new/adal-1.2.1/adal/token_request.py 2019-01-25 02:30:39.000000000 +0100 @@ -55,10 +55,10 @@ def _get_saml_grant_type(wstrust_response): token_type = wstrust_response.token_type - if token_type == SAML.TokenTypeV1: + if token_type == SAML.TokenTypeV1 or token_type == SAML.OasisWssSaml11TokenProfile11: return OAUTH2_GRANT_TYPE.SAML1 - elif token_type == SAML.TokenTypeV2: + elif token_type == SAML.TokenTypeV2 or token_type == SAML.OasisWssSaml2TokenProfile2: return OAUTH2_GRANT_TYPE.SAML2 else: @@ -351,20 +351,20 @@ self._user_id = user_id return self._find_token_from_cache() - def _create_jwt(self, certificate, thumbprint): + def _create_jwt(self, certificate, thumbprint, public_certificate): ssj = self._create_self_signed_jwt() - jwt = ssj.create(certificate, thumbprint) + jwt = ssj.create(certificate, thumbprint, public_certificate) if not jwt: raise AdalError("Failed to create JWT.") return jwt - def get_token_with_certificate(self, certificate, thumbprint): + def get_token_with_certificate(self, certificate, thumbprint, public_certificate): self._log.info("Getting a token via certificate.") - jwt = self._create_jwt(certificate, thumbprint) + jwt = self._create_jwt(certificate, thumbprint, public_certificate) oauth_parameters = self._create_oauth_parameters(OAUTH2_GRANT_TYPE.CLIENT_CREDENTIALS) oauth_parameters[OAUTH2_PARAMETERS.CLIENT_ASSERTION_TYPE] = OAUTH2_GRANT_TYPE.JWT_BEARER diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/adal-1.0.2/adal.egg-info/PKG-INFO new/adal-1.2.1/adal.egg-info/PKG-INFO --- old/adal-1.0.2/adal.egg-info/PKG-INFO 2018-06-26 21:24:16.000000000 +0200 +++ new/adal-1.2.1/adal.egg-info/PKG-INFO 2019-01-25 02:31:09.000000000 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: adal -Version: 1.0.2 +Version: 1.2.1 Summary: The ADAL for Python library makes it easy for python application to authenticate to Azure Active Directory (AAD) in order to access AAD protected web resources. Home-page: https://github.com/AzureAD/azure-activedirectory-library-for-python Author: Microsoft Corporation
