Hello community,
here is the log from the commit of package python-social-auth-core for
openSUSE:Factory checked in at 2020-04-18 00:31:11
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-social-auth-core (Old)
and /work/SRC/openSUSE:Factory/.python-social-auth-core.new.2738 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-social-auth-core"
Sat Apr 18 00:31:11 2020 rev:9 rq:794808 version:3.3.3
Changes:
--------
---
/work/SRC/openSUSE:Factory/python-social-auth-core/python-social-auth-core.changes
2020-03-27 22:01:51.930952182 +0100
+++
/work/SRC/openSUSE:Factory/.python-social-auth-core.new.2738/python-social-auth-core.changes
2020-04-18 00:32:32.398314408 +0200
@@ -1,0 +2,8 @@
+Fri Apr 17 07:17:50 UTC 2020 - Tomáš Chvátal <tchva...@suse.com>
+
+- Update to 3.3.3:
+ * Reverted PR #388 due to dependency license incompatibility
+ * Updated package upload method to use twine
+ * Updated list of default user protected fields to include admin flags and
password
+
+-------------------------------------------------------------------
Old:
----
social-auth-core-3.3.0.tar.gz
New:
----
social-auth-core-3.3.3.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-social-auth-core.spec ++++++
--- /var/tmp/diff_new_pack.wBmYKm/_old 2020-04-18 00:32:33.934317588 +0200
+++ /var/tmp/diff_new_pack.wBmYKm/_new 2020-04-18 00:32:33.934317588 +0200
@@ -19,7 +19,7 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-social-auth-core
-Version: 3.3.0
+Version: 3.3.3
Release: 0
Summary: Python Social Auth Core
License: BSD-3-Clause
@@ -49,7 +49,6 @@
BuildRequires: fdupes
BuildRequires: python-rpm-macros
BuildRequires: python2-python-openid >= 2.2.5
-BuildRequires: python3 >= 3.4.0
BuildRequires: python3-defusedxml >= 0.5.0
BuildRequires: python3-python3-openid >= 3.0.10
Requires: python-PyJWT >= 1.4.0
@@ -60,15 +59,14 @@
Requires: python-requests >= 2.9.1
Requires: python-requests-oauthlib >= 0.6.1
Requires: python-six >= 1.10.0
-Suggests: python-python3-saml
BuildArch: noarch
%ifpython2
Requires: python2-python-openid >= 2.2.5
%endif
%ifpython3
-Requires: python3 >= 3.4.0
Requires: python3-defusedxml >= 0.5.0
Requires: python3-python3-openid >= 3.0.10
+Recommends: python-python3-saml
%endif
%python_subpackages
@@ -95,8 +93,9 @@
%check
# python3 only: assertRaisesRegexp -> assertRaisesRegex
+# skipped tests are online based
rm -r _build.python2
-python3 -m pytest
+python3 -m pytest -v -k 'not (test_login or test_partial_pipeline)'
%files %{python_files}
%doc CHANGELOG.md README.md
++++++ social-auth-core-3.3.0.tar.gz -> social-auth-core-3.3.3.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/social-auth-core-3.3.0/CHANGELOG.md
new/social-auth-core-3.3.3/CHANGELOG.md
--- old/social-auth-core-3.3.0/CHANGELOG.md 2020-03-17 20:33:36.000000000
+0100
+++ new/social-auth-core-3.3.3/CHANGELOG.md 2020-04-02 21:47:06.000000000
+0200
@@ -7,6 +7,20 @@
##
[Unreleased](https://github.com/python-social-auth/social-core/commits/master)
+### Changed
+- Updated list of default user protected fields to include admin flags and
password
+
+##
[3.3.2](https://github.com/python-social-auth/social-core/releases/tag/3.3.2) -
2020-03-25
+
+### Changed
+- Updated package upload method to use `twine`
+
+##
[3.3.1](https://github.com/python-social-auth/social-core/releases/tag/3.3.1) -
2020-03-25
+
+### Changed
+- Reverted [PR
#388](https://github.com/python-social-auth/social-core/pull/388/) due to
+ dependency license incompatibility
+
##
[3.3.0](https://github.com/python-social-auth/social-core/releases/tag/3.3.0) -
2020-03-17
### Added
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/social-auth-core-3.3.0/PKG-INFO
new/social-auth-core-3.3.3/PKG-INFO
--- old/social-auth-core-3.3.0/PKG-INFO 2020-03-17 20:35:54.954877900 +0100
+++ new/social-auth-core-3.3.3/PKG-INFO 2020-04-02 23:29:34.255384200 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: social-auth-core
-Version: 3.3.0
+Version: 3.3.3
Summary: Python social authentication made simple.
Home-page: https://github.com/python-social-auth/social-core
Author: Matias Aguirre
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/social-auth-core-3.3.0/requirements-python2.txt
new/social-auth-core-3.3.3/requirements-python2.txt
--- old/social-auth-core-3.3.0/requirements-python2.txt 2020-02-09
06:08:29.000000000 +0100
+++ new/social-auth-core-3.3.3/requirements-python2.txt 2020-03-25
16:01:59.000000000 +0100
@@ -1,3 +1,2 @@
python-openid>=2.2.5
-unidecode>=1.1.1
-r requirements-base.txt
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/social-auth-core-3.3.0/requirements-python3.txt
new/social-auth-core-3.3.3/requirements-python3.txt
--- old/social-auth-core-3.3.0/requirements-python3.txt 2020-02-09
06:08:29.000000000 +0100
+++ new/social-auth-core-3.3.3/requirements-python3.txt 2020-03-25
16:01:59.000000000 +0100
@@ -1,4 +1,3 @@
defusedxml>=0.5.0rc1
python3-openid>=3.0.10
-unidecode>=1.0.23
-r requirements-base.txt
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/social-auth-core-3.3.0/social_auth_core.egg-info/PKG-INFO
new/social-auth-core-3.3.3/social_auth_core.egg-info/PKG-INFO
--- old/social-auth-core-3.3.0/social_auth_core.egg-info/PKG-INFO
2020-03-17 20:35:54.000000000 +0100
+++ new/social-auth-core-3.3.3/social_auth_core.egg-info/PKG-INFO
2020-04-02 23:29:33.000000000 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: social-auth-core
-Version: 3.3.0
+Version: 3.3.3
Summary: Python social authentication made simple.
Home-page: https://github.com/python-social-auth/social-core
Author: Matias Aguirre
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/social-auth-core-3.3.0/social_auth_core.egg-info/requires.txt
new/social-auth-core-3.3.3/social_auth_core.egg-info/requires.txt
--- old/social-auth-core-3.3.0/social_auth_core.egg-info/requires.txt
2020-03-17 20:35:54.000000000 +0100
+++ new/social-auth-core-3.3.3/social_auth_core.egg-info/requires.txt
2020-04-02 23:29:33.000000000 +0200
@@ -7,12 +7,10 @@
[:python_version < "3.0"]
python-openid>=2.2.5
-unidecode>=1.1.1
[:python_version >= "3.0"]
defusedxml>=0.5.0rc1
python3-openid>=3.0.10
-unidecode>=1.0.23
[all]
python-jose>=3.0.0
@@ -26,7 +24,6 @@
python-saml>=2.2.0
cryptography>=2.1.1
python-openid>=2.2.5
-unidecode>=1.1.1
[allpy3]
python-jose>=3.0.0
@@ -35,7 +32,6 @@
cryptography>=2.1.1
defusedxml>=0.5.0rc1
python3-openid>=3.0.10
-unidecode>=1.0.23
[azuread]
cryptography>=2.1.1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/social-auth-core-3.3.0/social_core/__init__.py
new/social-auth-core-3.3.3/social_core/__init__.py
--- old/social-auth-core-3.3.0/social_core/__init__.py 2020-03-17
20:32:32.000000000 +0100
+++ new/social-auth-core-3.3.3/social_core/__init__.py 2020-04-02
23:28:49.000000000 +0200
@@ -1 +1 @@
-__version__ = '3.3.0'
+__version__ = '3.3.3'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/social-auth-core-3.3.0/social_core/backends/keycloak.py
new/social-auth-core-3.3.3/social_core/backends/keycloak.py
--- old/social-auth-core-3.3.0/social_core/backends/keycloak.py 2020-02-09
06:08:46.000000000 +0100
+++ new/social-auth-core-3.3.3/social_core/backends/keycloak.py 2020-03-21
12:12:24.000000000 +0100
@@ -7,19 +7,21 @@
"""Keycloak OAuth2 authentication backend
This backend has been tested working with a standard Keycloak installation,
- but you might have to specialize it and tune the parameters per your
configuration.
+ but you might have to specialize it and tune the parameters per your
+ configuration.
- This setup specializes the OAuth2 backend which, strictly speaking,
- offers authorization without authentication capabilities.
+ This setup specializes the OAuth2 backend which, strictly speaking, offers
+ authorization without authentication capabilities.
- Keycloak does offer a full OpenID Connect implementation,
- but the implementation is rather labor intensive to implement.
+ Keycloak does offer a full OpenID Connect implementation, but the
+ implementation is rather labor intensive to implement.
- This backend is configured to get an access token instead, and assume that
the
- access token contains the necessary user details for authentication.
+ This backend is configured to get an access token instead, and assume that
+ the access token contains the necessary user details for authentication.
- The integrity of the authentication process is followed by public key
verification
- for the `access_token` along with OpenID Connect specification `aud` field
checking.
+ The integrity of the authentication process is followed by public key
+ verification for the `access_token` along with OpenID Connect specification
+ `aud` field checking.
To set up, please take the following steps:
@@ -27,26 +29,42 @@
2. Configure the following parameters in the Client setup:
- Settings > Client ID (copy to settings as `KEY` value)
- Credentials > Client Authenticator > Secret (copy to settings as
`SECRET` value)
+ Settings >
+ Client ID (copy to settings as `KEY` value)
+ Credentials >
+ Client Authenticator >
+ Secret (copy to settings as `SECRET` value)
+
+ 3. For the tokens to work with the JWT setup the following configuration
has
+ to be made in Keycloak:
+
+ Settings >
+ Access Type >
+ confidential
+ Settings >
+ Fine Grain OpenID Connect Configuration >
+ User Info Signed
+ Response Algorithm >
+ RS256
+ Settings >
+ Fine Grain OpenID Connect Configuration >
+ Request Object Signature Algorithm > RS256
- 3. For the tokens to work with the JWT setup the following configuration
has to be made in Keycloak:
-
- Settings > Access Type > confidential
- Settings > Fine Grain OpenID Connect Configuration > User Info Signed
Response Algorithm > RS256
- Settings > Fine Grain OpenID Connect Configuration > Request Object
Signature Algorithm > RS256
-
- 4. Get the public key (copy to settings as `PUBLIC_KEY` value) to be used
with the backend:
+ 4. Get the public key (copy to settings as `PUBLIC_KEY` value) to be used
+ with the backend:
Realm Settings > Keys > Public key
- 5. Configure access token fields are configured via the Keycloak Client
mappers:
+ 5. Configure access token fields are configured via the Keycloak Client
+ mappers:
Clients > Client ID > Mappers
- They have to include at least the `ID_KEY` value and the dictionary keys
defined in the `get_user_details` method.
+ They have to include at least the `ID_KEY` value and the dictionary keys
+ defined in the `get_user_details` method.
- 6. Configure your web backend. Example setting values for Django settings
could be:
+ 6. Configure your web backend. Example setting values for Django settings
+ could be:
SOCIAL_AUTH_KEYCLOAK_KEY = 'example'
SOCIAL_AUTH_KEYCLOAK_SECRET = '1234abcd-1234-abcd-1234-abcd1234adcd'
@@ -54,12 +72,14 @@
SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL =
'https://sso.example.com/auth/realms/example/protocol/openid-connect/auth'
SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL =
'https://sso.example.com/auth/realms/example/protocol/openid-connect/token'
- 7. The default behaviour is to associate users via username field, but you
can change the key with e.g.
+ 7. The default behaviour is to associate users via username field, but you
+ can change the key with e.g.
SOCIAL_AUTH_KEYCLOAK_ID_KEY = 'email'
- Please make sure your Keycloak user database and Django user database do
not conflict
- and that there is no risk of user account hijacking by false account
association.
+ Please make sure your Keycloak user database and Django user database do
not
+ conflict and that there is no risk of user account hijacking by false
+ account association.
"""
name = 'keycloak'
@@ -101,9 +121,7 @@
)
def get_user_details(self, response):
- """Map fields in user_data into Django User fields
- """
-
+ """Map fields in user_data into Django User fields"""
return {
'username': response.get('preferred_username'),
'email': response.get('email'),
@@ -113,7 +131,5 @@
}
def get_user_id(self, details, response):
- """Get and associate Django User by the field indicated by ID_KEY
- """
-
+ """Get and associate Django User by the field indicated by ID_KEY"""
return details.get(self.ID_KEY)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/social-auth-core-3.3.0/social_core/pipeline/user.py
new/social-auth-core-3.3.3/social_core/pipeline/user.py
--- old/social-auth-core-3.3.0/social_core/pipeline/user.py 2020-03-16
14:05:33.000000000 +0100
+++ new/social-auth-core-3.3.3/social_core/pipeline/user.py 2020-04-02
21:46:24.000000000 +0200
@@ -88,7 +88,8 @@
if strategy.setting('NO_DEFAULT_PROTECTED_USER_FIELDS') is True:
protected = ()
else:
- protected = ('username', 'id', 'pk', 'email')
+ protected = ('username', 'id', 'pk', 'email', 'password',
+ 'is_active', 'is_staff', 'is_superuser',)
protected = protected + tuple(strategy.setting('PROTECTED_USER_FIELDS',
[]))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/social-auth-core-3.3.0/social_core/storage.py
new/social-auth-core-3.3.3/social_core/storage.py
--- old/social-auth-core-3.3.0/social_core/storage.py 2020-02-09
06:08:46.000000000 +0100
+++ new/social-auth-core-3.3.3/social_core/storage.py 2020-03-25
16:01:59.000000000 +0100
@@ -10,12 +10,12 @@
import six
from openid.association import Association as OpenIdAssociation
-from unidecode import unidecode
from .exceptions import MissingBackend
from .backends.utils import get_backend
+NO_ASCII_REGEX = re.compile(r'[^\x00-\x7F]+')
NO_SPECIAL_REGEX = re.compile(r'[^\w.@+_-]+', re.UNICODE)
@@ -122,7 +122,7 @@
@classmethod
def clean_username(cls, value):
"""Clean username removing any unsupported character"""
- value = unidecode(value)
+ value = NO_ASCII_REGEX.sub('', value)
value = NO_SPECIAL_REGEX.sub('', value)
return value
