Hello community, here is the log from the commit of package python-social-auth-core for openSUSE:Factory checked in at 2020-04-18 00:31:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-social-auth-core (Old) and /work/SRC/openSUSE:Factory/.python-social-auth-core.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-social-auth-core" Sat Apr 18 00:31:11 2020 rev:9 rq:794808 version:3.3.3 Changes: -------- --- /work/SRC/openSUSE:Factory/python-social-auth-core/python-social-auth-core.changes 2020-03-27 22:01:51.930952182 +0100 +++ /work/SRC/openSUSE:Factory/.python-social-auth-core.new.2738/python-social-auth-core.changes 2020-04-18 00:32:32.398314408 +0200 @@ -1,0 +2,8 @@ +Fri Apr 17 07:17:50 UTC 2020 - Tomáš Chvátal <tchva...@suse.com> + +- Update to 3.3.3: + * Reverted PR #388 due to dependency license incompatibility + * Updated package upload method to use twine + * Updated list of default user protected fields to include admin flags and password + +------------------------------------------------------------------- Old: ---- social-auth-core-3.3.0.tar.gz New: ---- social-auth-core-3.3.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-social-auth-core.spec ++++++ --- /var/tmp/diff_new_pack.wBmYKm/_old 2020-04-18 00:32:33.934317588 +0200 +++ /var/tmp/diff_new_pack.wBmYKm/_new 2020-04-18 00:32:33.934317588 +0200 @@ -19,7 +19,7 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-social-auth-core -Version: 3.3.0 +Version: 3.3.3 Release: 0 Summary: Python Social Auth Core License: BSD-3-Clause @@ -49,7 +49,6 @@ BuildRequires: fdupes BuildRequires: python-rpm-macros BuildRequires: python2-python-openid >= 2.2.5 -BuildRequires: python3 >= 3.4.0 BuildRequires: python3-defusedxml >= 0.5.0 BuildRequires: python3-python3-openid >= 3.0.10 Requires: python-PyJWT >= 1.4.0 @@ -60,15 +59,14 @@ Requires: python-requests >= 2.9.1 Requires: python-requests-oauthlib >= 0.6.1 Requires: python-six >= 1.10.0 -Suggests: python-python3-saml BuildArch: noarch %ifpython2 Requires: python2-python-openid >= 2.2.5 %endif %ifpython3 -Requires: python3 >= 3.4.0 Requires: python3-defusedxml >= 0.5.0 Requires: python3-python3-openid >= 3.0.10 +Recommends: python-python3-saml %endif %python_subpackages @@ -95,8 +93,9 @@ %check # python3 only: assertRaisesRegexp -> assertRaisesRegex +# skipped tests are online based rm -r _build.python2 -python3 -m pytest +python3 -m pytest -v -k 'not (test_login or test_partial_pipeline)' %files %{python_files} %doc CHANGELOG.md README.md ++++++ social-auth-core-3.3.0.tar.gz -> social-auth-core-3.3.3.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/social-auth-core-3.3.0/CHANGELOG.md new/social-auth-core-3.3.3/CHANGELOG.md --- old/social-auth-core-3.3.0/CHANGELOG.md 2020-03-17 20:33:36.000000000 +0100 +++ new/social-auth-core-3.3.3/CHANGELOG.md 2020-04-02 21:47:06.000000000 +0200 @@ -7,6 +7,20 @@ ## [Unreleased](https://github.com/python-social-auth/social-core/commits/master) +### Changed +- Updated list of default user protected fields to include admin flags and password + +## [3.3.2](https://github.com/python-social-auth/social-core/releases/tag/3.3.2) - 2020-03-25 + +### Changed +- Updated package upload method to use `twine` + +## [3.3.1](https://github.com/python-social-auth/social-core/releases/tag/3.3.1) - 2020-03-25 + +### Changed +- Reverted [PR #388](https://github.com/python-social-auth/social-core/pull/388/) due to + dependency license incompatibility + ## [3.3.0](https://github.com/python-social-auth/social-core/releases/tag/3.3.0) - 2020-03-17 ### Added diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/social-auth-core-3.3.0/PKG-INFO new/social-auth-core-3.3.3/PKG-INFO --- old/social-auth-core-3.3.0/PKG-INFO 2020-03-17 20:35:54.954877900 +0100 +++ new/social-auth-core-3.3.3/PKG-INFO 2020-04-02 23:29:34.255384200 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: social-auth-core -Version: 3.3.0 +Version: 3.3.3 Summary: Python social authentication made simple. Home-page: https://github.com/python-social-auth/social-core Author: Matias Aguirre diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/social-auth-core-3.3.0/requirements-python2.txt new/social-auth-core-3.3.3/requirements-python2.txt --- old/social-auth-core-3.3.0/requirements-python2.txt 2020-02-09 06:08:29.000000000 +0100 +++ new/social-auth-core-3.3.3/requirements-python2.txt 2020-03-25 16:01:59.000000000 +0100 @@ -1,3 +1,2 @@ python-openid>=2.2.5 -unidecode>=1.1.1 -r requirements-base.txt diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/social-auth-core-3.3.0/requirements-python3.txt new/social-auth-core-3.3.3/requirements-python3.txt --- old/social-auth-core-3.3.0/requirements-python3.txt 2020-02-09 06:08:29.000000000 +0100 +++ new/social-auth-core-3.3.3/requirements-python3.txt 2020-03-25 16:01:59.000000000 +0100 @@ -1,4 +1,3 @@ defusedxml>=0.5.0rc1 python3-openid>=3.0.10 -unidecode>=1.0.23 -r requirements-base.txt diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/social-auth-core-3.3.0/social_auth_core.egg-info/PKG-INFO new/social-auth-core-3.3.3/social_auth_core.egg-info/PKG-INFO --- old/social-auth-core-3.3.0/social_auth_core.egg-info/PKG-INFO 2020-03-17 20:35:54.000000000 +0100 +++ new/social-auth-core-3.3.3/social_auth_core.egg-info/PKG-INFO 2020-04-02 23:29:33.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: social-auth-core -Version: 3.3.0 +Version: 3.3.3 Summary: Python social authentication made simple. Home-page: https://github.com/python-social-auth/social-core Author: Matias Aguirre diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/social-auth-core-3.3.0/social_auth_core.egg-info/requires.txt new/social-auth-core-3.3.3/social_auth_core.egg-info/requires.txt --- old/social-auth-core-3.3.0/social_auth_core.egg-info/requires.txt 2020-03-17 20:35:54.000000000 +0100 +++ new/social-auth-core-3.3.3/social_auth_core.egg-info/requires.txt 2020-04-02 23:29:33.000000000 +0200 @@ -7,12 +7,10 @@ [:python_version < "3.0"] python-openid>=2.2.5 -unidecode>=1.1.1 [:python_version >= "3.0"] defusedxml>=0.5.0rc1 python3-openid>=3.0.10 -unidecode>=1.0.23 [all] python-jose>=3.0.0 @@ -26,7 +24,6 @@ python-saml>=2.2.0 cryptography>=2.1.1 python-openid>=2.2.5 -unidecode>=1.1.1 [allpy3] python-jose>=3.0.0 @@ -35,7 +32,6 @@ cryptography>=2.1.1 defusedxml>=0.5.0rc1 python3-openid>=3.0.10 -unidecode>=1.0.23 [azuread] cryptography>=2.1.1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/social-auth-core-3.3.0/social_core/__init__.py new/social-auth-core-3.3.3/social_core/__init__.py --- old/social-auth-core-3.3.0/social_core/__init__.py 2020-03-17 20:32:32.000000000 +0100 +++ new/social-auth-core-3.3.3/social_core/__init__.py 2020-04-02 23:28:49.000000000 +0200 @@ -1 +1 @@ -__version__ = '3.3.0' +__version__ = '3.3.3' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/social-auth-core-3.3.0/social_core/backends/keycloak.py new/social-auth-core-3.3.3/social_core/backends/keycloak.py --- old/social-auth-core-3.3.0/social_core/backends/keycloak.py 2020-02-09 06:08:46.000000000 +0100 +++ new/social-auth-core-3.3.3/social_core/backends/keycloak.py 2020-03-21 12:12:24.000000000 +0100 @@ -7,19 +7,21 @@ """Keycloak OAuth2 authentication backend This backend has been tested working with a standard Keycloak installation, - but you might have to specialize it and tune the parameters per your configuration. + but you might have to specialize it and tune the parameters per your + configuration. - This setup specializes the OAuth2 backend which, strictly speaking, - offers authorization without authentication capabilities. + This setup specializes the OAuth2 backend which, strictly speaking, offers + authorization without authentication capabilities. - Keycloak does offer a full OpenID Connect implementation, - but the implementation is rather labor intensive to implement. + Keycloak does offer a full OpenID Connect implementation, but the + implementation is rather labor intensive to implement. - This backend is configured to get an access token instead, and assume that the - access token contains the necessary user details for authentication. + This backend is configured to get an access token instead, and assume that + the access token contains the necessary user details for authentication. - The integrity of the authentication process is followed by public key verification - for the `access_token` along with OpenID Connect specification `aud` field checking. + The integrity of the authentication process is followed by public key + verification for the `access_token` along with OpenID Connect specification + `aud` field checking. To set up, please take the following steps: @@ -27,26 +29,42 @@ 2. Configure the following parameters in the Client setup: - Settings > Client ID (copy to settings as `KEY` value) - Credentials > Client Authenticator > Secret (copy to settings as `SECRET` value) + Settings > + Client ID (copy to settings as `KEY` value) + Credentials > + Client Authenticator > + Secret (copy to settings as `SECRET` value) + + 3. For the tokens to work with the JWT setup the following configuration has + to be made in Keycloak: + + Settings > + Access Type > + confidential + Settings > + Fine Grain OpenID Connect Configuration > + User Info Signed + Response Algorithm > + RS256 + Settings > + Fine Grain OpenID Connect Configuration > + Request Object Signature Algorithm > RS256 - 3. For the tokens to work with the JWT setup the following configuration has to be made in Keycloak: - - Settings > Access Type > confidential - Settings > Fine Grain OpenID Connect Configuration > User Info Signed Response Algorithm > RS256 - Settings > Fine Grain OpenID Connect Configuration > Request Object Signature Algorithm > RS256 - - 4. Get the public key (copy to settings as `PUBLIC_KEY` value) to be used with the backend: + 4. Get the public key (copy to settings as `PUBLIC_KEY` value) to be used + with the backend: Realm Settings > Keys > Public key - 5. Configure access token fields are configured via the Keycloak Client mappers: + 5. Configure access token fields are configured via the Keycloak Client + mappers: Clients > Client ID > Mappers - They have to include at least the `ID_KEY` value and the dictionary keys defined in the `get_user_details` method. + They have to include at least the `ID_KEY` value and the dictionary keys + defined in the `get_user_details` method. - 6. Configure your web backend. Example setting values for Django settings could be: + 6. Configure your web backend. Example setting values for Django settings + could be: SOCIAL_AUTH_KEYCLOAK_KEY = 'example' SOCIAL_AUTH_KEYCLOAK_SECRET = '1234abcd-1234-abcd-1234-abcd1234adcd' @@ -54,12 +72,14 @@ SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = 'https://sso.example.com/auth/realms/example/protocol/openid-connect/auth' SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = 'https://sso.example.com/auth/realms/example/protocol/openid-connect/token' - 7. The default behaviour is to associate users via username field, but you can change the key with e.g. + 7. The default behaviour is to associate users via username field, but you + can change the key with e.g. SOCIAL_AUTH_KEYCLOAK_ID_KEY = 'email' - Please make sure your Keycloak user database and Django user database do not conflict - and that there is no risk of user account hijacking by false account association. + Please make sure your Keycloak user database and Django user database do not + conflict and that there is no risk of user account hijacking by false + account association. """ name = 'keycloak' @@ -101,9 +121,7 @@ ) def get_user_details(self, response): - """Map fields in user_data into Django User fields - """ - + """Map fields in user_data into Django User fields""" return { 'username': response.get('preferred_username'), 'email': response.get('email'), @@ -113,7 +131,5 @@ } def get_user_id(self, details, response): - """Get and associate Django User by the field indicated by ID_KEY - """ - + """Get and associate Django User by the field indicated by ID_KEY""" return details.get(self.ID_KEY) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/social-auth-core-3.3.0/social_core/pipeline/user.py new/social-auth-core-3.3.3/social_core/pipeline/user.py --- old/social-auth-core-3.3.0/social_core/pipeline/user.py 2020-03-16 14:05:33.000000000 +0100 +++ new/social-auth-core-3.3.3/social_core/pipeline/user.py 2020-04-02 21:46:24.000000000 +0200 @@ -88,7 +88,8 @@ if strategy.setting('NO_DEFAULT_PROTECTED_USER_FIELDS') is True: protected = () else: - protected = ('username', 'id', 'pk', 'email') + protected = ('username', 'id', 'pk', 'email', 'password', + 'is_active', 'is_staff', 'is_superuser',) protected = protected + tuple(strategy.setting('PROTECTED_USER_FIELDS', [])) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/social-auth-core-3.3.0/social_core/storage.py new/social-auth-core-3.3.3/social_core/storage.py --- old/social-auth-core-3.3.0/social_core/storage.py 2020-02-09 06:08:46.000000000 +0100 +++ new/social-auth-core-3.3.3/social_core/storage.py 2020-03-25 16:01:59.000000000 +0100 @@ -10,12 +10,12 @@ import six from openid.association import Association as OpenIdAssociation -from unidecode import unidecode from .exceptions import MissingBackend from .backends.utils import get_backend +NO_ASCII_REGEX = re.compile(r'[^\x00-\x7F]+') NO_SPECIAL_REGEX = re.compile(r'[^\w.@+_-]+', re.UNICODE) @@ -122,7 +122,7 @@ @classmethod def clean_username(cls, value): """Clean username removing any unsupported character""" - value = unidecode(value) + value = NO_ASCII_REGEX.sub('', value) value = NO_SPECIAL_REGEX.sub('', value) return value