[Python-modules-commits] [django-oauth-toolkit] 01/01: Import django-oauth-toolkit_0.12.0.orig.tar.gz
Michael Fladischer
fladi at moszumanska.debian.org
Fri Mar 10 08:01:56 UTC 2017
This is an automated email from the git hooks/post-receive script.
fladi pushed a commit to branch upstream
in repository django-oauth-toolkit.
commit 2f651194be97407ced934030b442812e1d5e5f3f
Author: Michael Fladischer <FladischerMichael at fladi.at>
Date: Tue Mar 7 10:13:34 2017 +0100
Import django-oauth-toolkit_0.12.0.orig.tar.gz
---
.travis.yml | 26 ++-
README.rst => CHANGELOG.md | 198 +++++------------
README.rst | 226 +------------------
docs/advanced_topics.rst | 14 ++
docs/changelog.rst | 21 +-
docs/conf.py | 7 +
docs/index.rst | 5 +-
docs/rest-framework/getting_started.rst | 2 +-
docs/rest-framework/permissions.rst | 2 +-
docs/settings.rst | 53 +++--
docs/templates.rst | 245 +++++++++++++++++++++
docs/tutorial/tutorial_01.rst | 9 +-
docs/tutorial/tutorial_02.rst | 4 +-
docs/tutorial/tutorial_03.rst | 10 +-
docs/tutorial/tutorial_04.rst | 6 +-
oauth2_provider/__init__.py | 2 +-
oauth2_provider/admin.py | 33 ++-
oauth2_provider/compat.py | 15 ++
oauth2_provider/compat_handlers.py | 6 -
oauth2_provider/decorators.py | 11 +-
oauth2_provider/ext/rest_framework/permissions.py | 4 +-
oauth2_provider/forms.py | 7 -
oauth2_provider/generators.py | 9 +-
oauth2_provider/middleware.py | 13 +-
oauth2_provider/migrations/0001_initial.py | 16 +-
oauth2_provider/migrations/0002_08_updates.py | 4 +-
.../migrations/0003_auto_20160316_1503.py | 2 +-
oauth2_provider/models.py | 40 +++-
oauth2_provider/oauth2_backends.py | 11 +-
oauth2_provider/oauth2_validators.py | 58 ++---
oauth2_provider/scopes.py | 53 +++++
oauth2_provider/settings.py | 9 +-
.../templates/oauth2_provider/base.html | 3 -
oauth2_provider/tests/settings.py | 10 +-
oauth2_provider/tests/test_application_views.py | 2 +-
oauth2_provider/tests/test_auth_backends.py | 11 +-
oauth2_provider/tests/test_authorization_code.py | 4 +-
oauth2_provider/tests/test_client_credential.py | 2 +-
oauth2_provider/tests/test_implicit.py | 3 +-
oauth2_provider/tests/test_oauth2_backends.py | 2 +-
oauth2_provider/tests/test_password.py | 2 +-
oauth2_provider/tests/test_rest_framework.py | 3 +
oauth2_provider/tests/test_scopes.py | 67 +-----
oauth2_provider/tests/test_scopes_backend.py | 14 ++
oauth2_provider/tests/test_token_revocation.py | 3 +-
oauth2_provider/tests/test_token_view.py | 2 +-
oauth2_provider/tests/urls.py | 8 +-
oauth2_provider/urls.py | 26 ++-
oauth2_provider/views/application.py | 12 +-
oauth2_provider/views/base.py | 10 +-
oauth2_provider/views/mixins.py | 3 +-
oauth2_provider/views/token.py | 3 +-
requirements/base.txt | 6 +-
requirements/project.txt | 2 +-
requirements/testing.txt | 10 +-
setup.py | 11 +-
tox.ini | 27 +--
57 files changed, 730 insertions(+), 637 deletions(-)
diff --git a/.travis.yml b/.travis.yml
index fa77f4a..c9f1a6a 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -8,25 +8,39 @@ env:
- TOXENV=py27-django18
- TOXENV=py27-django19
- TOXENV=py27-django110
- - TOXENV=py27-djangomaster
- - TOXENV=py32-django18
- - TOXENV=py33-django18
+ - TOXENV=py27-django111
- TOXENV=py34-django18
- TOXENV=py34-django19
- TOXENV=py34-django110
- - TOXENV=py34-djangomaster
+ - TOXENV=py34-django111
- TOXENV=py35-django18
- TOXENV=py35-django19
- TOXENV=py35-django110
+ - TOXENV=py35-django111
- TOXENV=py35-djangomaster
+ - TOXENV=py36-django111
+ - TOXENV=py36-djangomaster
- TOXENV=docs
matrix:
fast_finish: true
+ include:
+ - python: "3.6"
+ env: TOXENV=py36-django111
+ - python: "3.6"
+ env: TOXENV=py36-djangomaster
+ exclude:
+ - python: "3.5"
+ env: TOXENV=py36-django111
+ - python: "3.5"
+ env: TOXENV=py36-djangomaster
+
+ allow_failures:
+ - env: TOXENV=py35-djangomaster
+ - env: TOXENV=py36-djangomaster
install:
- - pip install tox "virtualenv<14"
- - pip install coveralls
+ - pip install coveralls tox "virtualenv<14"
script:
- tox
diff --git a/README.rst b/CHANGELOG.md
similarity index 53%
copy from README.rst
copy to CHANGELOG.md
index 2f50522..46d3746 100644
--- a/README.rst
+++ b/CHANGELOG.md
@@ -1,104 +1,18 @@
-Django OAuth Toolkit
-====================
+### 0.12.0 [2017-02-24]
-*OAuth2 goodies for the Djangonauts!*
+* **New feature**: Class-based scopes backends. Listing scopes, available scopes and default scopes
+ is now done through the class that the `SCOPES_BACKEND_CLASS` setting points to.
+ By default, this is set to `oauth2_provider.scopes.SettingsScopes` which implements the
+ legacy settings-based scope behaviour. No changes are necessary.
+* **Dropped support for Python 3.2 and Python 3.3**, added support for Python 3.6
+* Support for the `scopes` query parameter, deprecated in 0.6.1, has been dropped
+* #448: Added support for customizing applications' allowed grant types
+* #141: The `is_usable(request)` method on the Application model can be overridden to dynamically
+ enable or disable applications.
+* #434: Relax URL patterns to allow for UUID primary keys
-.. image:: https://badge.fury.io/py/django-oauth-toolkit.png
- :target: http://badge.fury.io/py/django-oauth-toolkit
-.. image:: https://travis-ci.org/evonove/django-oauth-toolkit.png
- :alt: Build Status
- :target: https://travis-ci.org/evonove/django-oauth-toolkit
-
-.. image:: https://coveralls.io/repos/evonove/django-oauth-toolkit/badge.png
- :alt: Coverage Status
- :target: https://coveralls.io/r/evonove/django-oauth-toolkit
-
-If you are facing one or more of the following:
- * Your Django app exposes a web API you want to protect with OAuth2 authentication,
- * You need to implement an OAuth2 authorization server to provide tokens management for your infrastructure,
-
-Django OAuth Toolkit can help you providing out of the box all the endpoints, data and logic needed to add OAuth2
-capabilities to your Django projects. Django OAuth Toolkit makes extensive use of the excellent
-`OAuthLib <https://github.com/idan/oauthlib>`_, so that everything is
-`rfc-compliant <http://tools.ietf.org/html/rfc6749>`_.
-
-Support
--------
-
-If you need support please send a message to the `Django OAuth Toolkit Google Group <http://groups.google.com/group/django-oauth-toolkit>`_
-
-Contributing
-------------
-
-We love contributions, so please feel free to fix bugs, improve things, provide documentation. Just `follow the
-guidelines <https://django-oauth-toolkit.readthedocs.io/en/latest/contributing.html>`_ and submit a PR.
-
-Reporting security issues
--------------------------
-
-If you believe you've found an issue with security implications, please send a detailed description via email to **security at evonove.it**.
-Mail sent to that address reaches the Django OAuth Toolkit core team, who can solve (or forward) the security issue as soon as possible. After
-our acknowledge, we may decide to open a public discussion in our mailing list or issues tracker.
-
-Once you’ve submitted an issue via email, you should receive a response from the core team within 48 hours, and depending on the action to be
-taken, you may receive further followup emails.
-
-Requirements
-------------
-
-* Python 2.7, 3.2, 3.3, 3.4, 3.5
-* Django 1.7, 1.8, 1.9
-
-Installation
-------------
-
-Install with pip::
-
- pip install django-oauth-toolkit
-
-Add `oauth2_provider` to your `INSTALLED_APPS`
-
-.. code-block:: python
-
- INSTALLED_APPS = (
- ...
- 'oauth2_provider',
- )
-
-
-If you need an OAuth2 provider you'll want to add the following to your urls.py.
-Notice that `oauth2_provider` namespace is mandatory.
-
-.. code-block:: python
-
- urlpatterns = [
- ...
- url(r'^o/', include('oauth2_provider.urls', namespace='oauth2_provider')),
- ]
-
-Documentation
---------------
-
-The `full documentation <https://django-oauth-toolkit.readthedocs.io/>`_ is on *Read the Docs*.
-
-License
--------
-
-django-oauth-toolkit is released under the terms of the **BSD license**. Full details in ``LICENSE`` file.
-
-Roadmap / Todo list (help wanted)
----------------------------------
-
-* OAuth1 support
-* OpenID connector
-* Nonrel storages support
-
-Changelog
----------
-
-0.11.0 [2016-12-1]
-~~~~~~~~~~~
+### 0.11.0 [2016-12-1]
* #315: AuthorizationView does not overwrite requests on get
* #425: Added support for Django 1.10
@@ -106,8 +20,8 @@ Changelog
* #357: Support multiple-user clients by allowing User to be NULL for Applications
* #389: Reuse refresh tokens if enabled.
-0.10.0 [2015-12-14]
-~~~~~~~~~~~~~~~~~~~
+
+### 0.10.0 [2015-12-14]
* **#322: dropping support for python 2.6 and django 1.4, 1.5, 1.6**
* #310: Fixed error that could occur sometimes when checking validity of incomplete AccessToken/Grant
@@ -115,7 +29,7 @@ Changelog
* #325: Added management views of issued tokens
* #249: Added a command to clean expired tokens
* #323: Application registration view uses custom application model in form class
-* #299: 'server_class' is now pluggable through Django settings
+* #299: `server_class` is now pluggable through Django settings
* #309: Add the py35-django19 env to travis
* #308: Use compact syntax for tox envs
* #306: Django 1.9 compatibility
@@ -123,8 +37,8 @@ Changelog
* #297: Fixed doc about SessionAuthenticationMiddleware
* #273: Generic read write scope by resource
-0.9.0 [2015-07-28]
-~~~~~~~~~~~~~~~~~~
+
+### 0.9.0 [2015-07-28]
* ``oauthlib_backend_class`` is now pluggable through Django settings
* #127: ``application/json`` Content-Type is now supported using ``JSONOAuthLibCore``
@@ -132,23 +46,21 @@ Changelog
* #229: Invalidate access tokens when getting a new refresh token
* added support for oauthlib 1.0
-0.8.2 [2015-06-25]
-~~~~~~~~~~~~~~~~~~
+
+### 0.8.2 [2015-06-25]
* Fix the migrations to be two-step and allow upgrade from 0.7.2
-0.8.1 [2015-04-27]
-~~~~~~~~~~~~~~~~~~
+### 0.8.1 [2015-04-27]
* South migrations fixed. Added new django migrations.
-0.8.0 [2015-03-27]
-~~~~~~~~~~~~~~~~~~
+### 0.8.0 [2015-03-27]
* Several docs improvements and minor fixes
* #185: fixed vulnerabilities on Basic authentication
* #173: ProtectResourceMixin now allows OPTIONS requests
-* Fixed client_id and client_secret characters set
+* Fixed `client_id` and `client_secret` characters set
* #169: hide sensitive informations in error emails
* #161: extend search to all token types when revoking a token
* #160: return empty response on successful token revocation
@@ -160,20 +72,18 @@ Changelog
* customized ``client_secret`` length
* #38: create access tokens not bound to a user instance for *client credentials* flow
-0.7.2 [2014-07-02]
-~~~~~~~~~~~~~~~~~~
+
+### 0.7.2 [2014-07-02]
* Don't pin oauthlib
-0.7.1 [2014-04-27]
-~~~~~~~~~~~~~~~~~~
+### 0.7.1 [2014-04-27]
* Added database indexes to the OAuth2 related models to improve performances.
**Warning: schema migration does not work for sqlite3 database, migration should be performed manually**
-0.7.0 [2014-03-01]
-~~~~~~~~~~~~~~~~~~
+### 0.7.0 [2014-03-01]
* Created a setting for the default value for approval prompt.
* Improved docs
@@ -181,16 +91,15 @@ Changelog
**Backwards incompatible changes in 0.7.0**
-* Make Application model truly "swappable" (introduces a new non-namespaced setting OAUTH2_PROVIDER_APPLICATION_MODEL)
+* Make Application model truly "swappable" (introduces a new non-namespaced setting `OAUTH2_PROVIDER_APPLICATION_MODEL`)
+
-0.6.1 [2014-02-05]
-~~~~~~~~~~~~~~~~~~
+### 0.6.1 [2014-02-05]
* added support for `scope` query parameter keeping backwards compatibility for the original `scopes` parameter.
* __str__ method in Application model returns content of `name` field when available
-0.6.0 [2014-01-26]
-~~~~~~~~~~~~~~~~~~
+### 0.6.0 [2014-01-26]
* oauthlib 0.6.1 support
* Django dev branch support
@@ -205,8 +114,8 @@ Changelog
* Issue #84: Add information about login template to tutorial.
* Issue #64: Fix urlencode clientid secret
-0.5.0 [2013-09-17]
-~~~~~~~~~~~~~~~~~~
+
+### 0.5.0 [2013-09-17]
* oauthlib 0.6.0 support
@@ -222,13 +131,12 @@ Changelog
* Issue #55: Add support for authenticating confidential client with request body params
* Issue #53: Quote characters in the url query that are safe for Django but not for oauthlib
-0.4.1 [2013-09-06]
-~~~~~~~~~~~~~~~~~~
+
+### 0.4.1 [2013-09-06]
* Optimize queries on access token validation
-0.4.0 [2013-08-09]
-~~~~~~~~~~~~~~~~~~
+### 0.4.0 [2013-08-09]
**New Features**
@@ -239,66 +147,62 @@ Changelog
**Backwards incompatible changes in 0.4.0**
* `SCOPE` attribute in settings is now a dictionary to store `{'scope_name': 'scope_description'}`
-* Namespace 'oauth2_provider' is mandatory in urls. See issue #36
+* Namespace `oauth2_provider` is mandatory in urls. See issue #36
**Bugfixes**
* Issue #25: Bug in the Basic Auth parsing in Oauth2RequestValidator
-* Issue #24: Avoid generation of client_id with ":" colon char when using HTTP Basic Auth
+* Issue #24: Avoid generation of `client_id` with ":" colon char when using HTTP Basic Auth
* Issue #21: IndexError when trying to authorize an application
-* Issue #9: Default_redirect_uri is mandatory when grant_type is implicit, authorization_code or all-in-one
+* Issue #9: `default_redirect_uri` is mandatory when `grant_type` is implicit, `authorization_code` or all-in-one
* Issue #22: Scopes need a verbose description
* Issue #33: Add django-oauth-toolkit version on example main page
* Issue #36: Add mandatory namespace to urls
* Issue #31: Add docstring to OAuthToolkitError and FatalClientError
-* Issue #32: Add docstring to validate_uris
+* Issue #32: Add docstring to `validate_uris`
* Issue #34: Documentation tutorial part1 needs corsheaders explanation
* Issue #36: Add mandatory namespace to urls
* Issue #45: Add docs for AbstractApplication
* Issue #47: Add docs for views decorators
-0.3.2 [2013-07-10]
-~~~~~~~~~~~~~~~~~~
+### 0.3.2 [2013-07-10]
* Bugfix #37: Error in migrations with custom user on Django 1.5
-0.3.1 [2013-07-10]
-~~~~~~~~~~~~~~~~~~
+### 0.3.1 [2013-07-10]
* Bugfix #27: OAuthlib refresh token refactoring
-0.3.0 [2013-06-14]
-~~~~~~~~~~~~~~~~~~
+### 0.3.0 [2013-06-14]
-* `Django REST Framework <http://django-rest-framework.org/>`_ integration layer
-* Bugfix #13: Populate request with client and user in validate_bearer_token
+* [Django REST Framework](http://django-rest-framework.org/) integration layer
+* Bugfix #13: Populate request with client and user in `validate_bearer_token`
* Bugfix #12: Fix paths in documentation
**Backwards incompatible changes in 0.3.0**
* `requested_scopes` parameter in ScopedResourceMixin changed to `required_scopes`
-0.2.1 [2013-06-06]
-~~~~~~~~~~~~~~~~~~
+
+### 0.2.1 [2013-06-06]
* Core optimizations
-0.2.0 [2013-06-05]
-~~~~~~~~~~~~~~~~~~
+### 0.2.0 [2013-06-05]
* Add support for Django1.4 and Django1.6
* Add support for Python 3.3
* Add a default ReadWriteScoped view
* Add tutorial to docs
-0.1.0 [2013-05-31]
-~~~~~~~~~~~~~~~~~~
+
+### 0.1.0 [2013-05-31]
* Support OAuth2 Authorization Flows
-0.0.0 [2013-05-17]
-~~~~~~~~~~~~~~~~~~
+
+### 0.0.0 [2013-05-17]
* Discussion with Daniel Greenfeld at Django Circus
* Ignition
diff --git a/README.rst b/README.rst
index 2f50522..a2eb108 100644
--- a/README.rst
+++ b/README.rst
@@ -47,8 +47,8 @@ taken, you may receive further followup emails.
Requirements
------------
-* Python 2.7, 3.2, 3.3, 3.4, 3.5
-* Django 1.7, 1.8, 1.9
+* Python 2.7, 3.4, 3.5, 3.6
+* Django 1.8, 1.9, 1.10, 1.11
Installation
------------
@@ -77,6 +77,12 @@ Notice that `oauth2_provider` namespace is mandatory.
url(r'^o/', include('oauth2_provider.urls', namespace='oauth2_provider')),
]
+Changelog
+---------
+
+See `CHANGELOG.md <https://github.com/evonove/django-oauth-toolkit/blob/master/CHANGELOG.md>`_.
+
+
Documentation
--------------
@@ -86,219 +92,3 @@ License
-------
django-oauth-toolkit is released under the terms of the **BSD license**. Full details in ``LICENSE`` file.
-
-Roadmap / Todo list (help wanted)
----------------------------------
-
-* OAuth1 support
-* OpenID connector
-* Nonrel storages support
-
-Changelog
----------
-
-0.11.0 [2016-12-1]
-~~~~~~~~~~~
-
-* #315: AuthorizationView does not overwrite requests on get
-* #425: Added support for Django 1.10
-* #396: added an IsAuthenticatedOrTokenHasScope Permission
-* #357: Support multiple-user clients by allowing User to be NULL for Applications
-* #389: Reuse refresh tokens if enabled.
-
-0.10.0 [2015-12-14]
-~~~~~~~~~~~~~~~~~~~
-
-* **#322: dropping support for python 2.6 and django 1.4, 1.5, 1.6**
-* #310: Fixed error that could occur sometimes when checking validity of incomplete AccessToken/Grant
-* #333: Added possibility to specify the default list of scopes returned when scope parameter is missing
-* #325: Added management views of issued tokens
-* #249: Added a command to clean expired tokens
-* #323: Application registration view uses custom application model in form class
-* #299: 'server_class' is now pluggable through Django settings
-* #309: Add the py35-django19 env to travis
-* #308: Use compact syntax for tox envs
-* #306: Django 1.9 compatibility
-* #288: Put additional information when generating token responses
-* #297: Fixed doc about SessionAuthenticationMiddleware
-* #273: Generic read write scope by resource
-
-0.9.0 [2015-07-28]
-~~~~~~~~~~~~~~~~~~
-
-* ``oauthlib_backend_class`` is now pluggable through Django settings
-* #127: ``application/json`` Content-Type is now supported using ``JSONOAuthLibCore``
-* #238: Fixed redirect uri handling in case of error
-* #229: Invalidate access tokens when getting a new refresh token
-* added support for oauthlib 1.0
-
-0.8.2 [2015-06-25]
-~~~~~~~~~~~~~~~~~~
-
-* Fix the migrations to be two-step and allow upgrade from 0.7.2
-
-0.8.1 [2015-04-27]
-~~~~~~~~~~~~~~~~~~
-
-* South migrations fixed. Added new django migrations.
-
-0.8.0 [2015-03-27]
-~~~~~~~~~~~~~~~~~~
-
-* Several docs improvements and minor fixes
-* #185: fixed vulnerabilities on Basic authentication
-* #173: ProtectResourceMixin now allows OPTIONS requests
-* Fixed client_id and client_secret characters set
-* #169: hide sensitive informations in error emails
-* #161: extend search to all token types when revoking a token
-* #160: return empty response on successful token revocation
-* #157: skip authorization form with ``skip_authorization_completely`` class field
-* #155: allow custom uri schemes
-* fixed ``get_application_model`` on Django 1.7
-* fixed non rotating refresh tokens
-* #137: fixed base template
-* customized ``client_secret`` length
-* #38: create access tokens not bound to a user instance for *client credentials* flow
-
-0.7.2 [2014-07-02]
-~~~~~~~~~~~~~~~~~~
-
-* Don't pin oauthlib
-
-0.7.1 [2014-04-27]
-~~~~~~~~~~~~~~~~~~
-
-* Added database indexes to the OAuth2 related models to improve performances.
-
-**Warning: schema migration does not work for sqlite3 database, migration should be performed manually**
-
-0.7.0 [2014-03-01]
-~~~~~~~~~~~~~~~~~~
-
-* Created a setting for the default value for approval prompt.
-* Improved docs
-* Don't pin django-braces and six versions
-
-**Backwards incompatible changes in 0.7.0**
-
-* Make Application model truly "swappable" (introduces a new non-namespaced setting OAUTH2_PROVIDER_APPLICATION_MODEL)
-
-0.6.1 [2014-02-05]
-~~~~~~~~~~~~~~~~~~
-
-* added support for `scope` query parameter keeping backwards compatibility for the original `scopes` parameter.
-* __str__ method in Application model returns content of `name` field when available
-
-0.6.0 [2014-01-26]
-~~~~~~~~~~~~~~~~~~
-
-* oauthlib 0.6.1 support
-* Django dev branch support
-* Python 2.6 support
-* Skip authorization form via `approval_prompt` parameter
-
-**Bugfixes**
-
-* Several fixes to the docs
-* Issue #71: Fix migrations
-* Issue #65: Use OAuth2 password grant with multiple devices
-* Issue #84: Add information about login template to tutorial.
-* Issue #64: Fix urlencode clientid secret
-
-0.5.0 [2013-09-17]
-~~~~~~~~~~~~~~~~~~
-
-* oauthlib 0.6.0 support
-
-**Backwards incompatible changes in 0.5.0**
-
-* `backends.py` module has been renamed to `oauth2_backends.py` so you should change your imports whether
- you're extending this module
-
-**Bugfixes**
-
-* Issue #54: Auth backend proposal to address #50
-* Issue #61: Fix contributing page
-* Issue #55: Add support for authenticating confidential client with request body params
-* Issue #53: Quote characters in the url query that are safe for Django but not for oauthlib
-
-0.4.1 [2013-09-06]
-~~~~~~~~~~~~~~~~~~
-
-* Optimize queries on access token validation
-
-0.4.0 [2013-08-09]
-~~~~~~~~~~~~~~~~~~
-
-**New Features**
-
-* Add Application management views, you no more need the admin to register, update and delete your application.
-* Add support to configurable application model
-* Add support for function based views
-
-**Backwards incompatible changes in 0.4.0**
-
-* `SCOPE` attribute in settings is now a dictionary to store `{'scope_name': 'scope_description'}`
-* Namespace 'oauth2_provider' is mandatory in urls. See issue #36
-
-**Bugfixes**
-
-* Issue #25: Bug in the Basic Auth parsing in Oauth2RequestValidator
-* Issue #24: Avoid generation of client_id with ":" colon char when using HTTP Basic Auth
-* Issue #21: IndexError when trying to authorize an application
-* Issue #9: Default_redirect_uri is mandatory when grant_type is implicit, authorization_code or all-in-one
-* Issue #22: Scopes need a verbose description
-* Issue #33: Add django-oauth-toolkit version on example main page
-* Issue #36: Add mandatory namespace to urls
-* Issue #31: Add docstring to OAuthToolkitError and FatalClientError
-* Issue #32: Add docstring to validate_uris
-* Issue #34: Documentation tutorial part1 needs corsheaders explanation
-* Issue #36: Add mandatory namespace to urls
-* Issue #45: Add docs for AbstractApplication
-* Issue #47: Add docs for views decorators
-
-
-0.3.2 [2013-07-10]
-~~~~~~~~~~~~~~~~~~
-
-* Bugfix #37: Error in migrations with custom user on Django 1.5
-
-0.3.1 [2013-07-10]
-~~~~~~~~~~~~~~~~~~
-
-* Bugfix #27: OAuthlib refresh token refactoring
-
-0.3.0 [2013-06-14]
-~~~~~~~~~~~~~~~~~~
-
-* `Django REST Framework <http://django-rest-framework.org/>`_ integration layer
-* Bugfix #13: Populate request with client and user in validate_bearer_token
-* Bugfix #12: Fix paths in documentation
-
-**Backwards incompatible changes in 0.3.0**
-
-* `requested_scopes` parameter in ScopedResourceMixin changed to `required_scopes`
-
-0.2.1 [2013-06-06]
-~~~~~~~~~~~~~~~~~~
-
-* Core optimizations
-
-0.2.0 [2013-06-05]
-~~~~~~~~~~~~~~~~~~
-
-* Add support for Django1.4 and Django1.6
-* Add support for Python 3.3
-* Add a default ReadWriteScoped view
-* Add tutorial to docs
-
-0.1.0 [2013-05-31]
-~~~~~~~~~~~~~~~~~~
-
-* Support OAuth2 Authorization Flows
-
-0.0.0 [2013-05-17]
-~~~~~~~~~~~~~~~~~~
-
-* Discussion with Daniel Greenfeld at Django Circus
-* Ignition
diff --git a/docs/advanced_topics.rst b/docs/advanced_topics.rst
index 6e1d5ac..0595e31 100644
--- a/docs/advanced_topics.rst
+++ b/docs/advanced_topics.rst
@@ -1,6 +1,7 @@
Advanced topics
+++++++++++++++
+.. _extend_app_model:
Extending the Application model
===============================
@@ -53,6 +54,19 @@ That's all, now Django OAuth Toolkit will use your model wherever an Application
is because of the way Django currently implements swappable models.
See issue #90 (https://github.com/evonove/django-oauth-toolkit/issues/90) for details
+Multiple Grants
+~~~~~~~~~~~~~~~
+
+The default application model supports a single OAuth grant (e.g. authorization code, client credentials). If you need
+applications to support multiple grants, override the `allows_grant_type` method. For example, if you want applications
+to support the authorization code *and* client credentials grants, you might do the following::
+
+ from oauth2_provider.models import AbstractApplication
+
+ class MyApplication(AbstractApplication):
+ def allows_grant_type(self, *grant_types):
+ # Assume, for this example, that self.authorization_grant_type is set to self.GRANT_AUTHORIZATION_CODE
+ return bool( set(self.authorization_grant_type, self.GRANT_CLIENT_CREDENTIALS) & grant_types )
.. _skip-auth-form:
diff --git a/docs/changelog.rst b/docs/changelog.rst
index 2c7cd82..96e37ab 100644
--- a/docs/changelog.rst
+++ b/docs/changelog.rst
@@ -1,8 +1,23 @@
Changelog
=========
+0.12.0 [2017-02-24]
+-------------------
+
+* **New feature**: Class-based scopes backends. Listing scopes, available scopes and default scopes
+ is now done through the class that the `SCOPES_BACKEND_CLASS` setting points to.
+ By default, this is set to `oauth2_provider.scopes.SettingsScopes` which implements the
+ legacy settings-based scope behaviour. No changes are necessary.
+* **Dropped support for Python 3.2 and Python 3.3**, added support for Python 3.6
+* Support for the `scopes` query parameter, deprecated in 0.6.1, has been dropped
+* #448: Added support for customizing applications' allowed grant types
+* #141: The `is_usable(request)` method on the Application model can be overridden to dynamically
+ enable or disable applications.
+* #434: Relax URL patterns to allow for UUID primary keys
+
+
0.11.0 [2016-12-1]
-~~~~~~~~~~~
+------------------
* #424: Added a ROTATE_REFRESH_TOKEN setting to control whether refresh tokens are reused or not
* #315: AuthorizationView does not overwrite requests on get
@@ -13,7 +28,7 @@ Changelog
0.10.0 [2015-12-14]
-------------------
+-------------------
* **#322: dropping support for python 2.6 and django 1.4, 1.5, 1.6**
* #310: Fixed error that could occur sometimes when checking validity of incomplete AccessToken/Grant
@@ -175,7 +190,7 @@ Changelog
* Bugfix #27: OAuthlib refresh token refactoring
0.3.0 [2013-06-14]
-----------------------
+------------------
* `Django REST Framework <http://django-rest-framework.org/>`_ integration layer
* Bugfix #13: Populate request with client and user in validate_bearer_token
diff --git a/docs/conf.py b/docs/conf.py
index d9529ec..2fdfe97 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -108,6 +108,13 @@ pygments_style = 'sphinx'
#keep_warnings = False
+# http://www.sphinx-doc.org/en/1.5.1/ext/intersphinx.html
+extensions.append('sphinx.ext.intersphinx')
+intersphinx_mapping = {'python3': ('https://docs.python.org/3.6', None),
+ 'django': ('http://django.readthedocs.org/en/latest/', None)}
+
+
+
# -- Options for HTML output ---------------------------------------------------
# The theme to use for HTML and HTML Help pages. See the documentation for
diff --git a/docs/index.rst b/docs/index.rst
index de2c0f8..9a79b6d 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -21,8 +21,8 @@ If you need support please send a message to the `Django OAuth Toolkit Google Gr
Requirements
------------
-* Python 2.7, 3.2, 3.3, 3.4, 3.5
-* Django 1.7, 1.8, 1.9
+* Python 2.7, 3.4, 3.5, 3.6
+* Django 1.8, 1.9, 1.10, 1.11
Index
=====
@@ -34,6 +34,7 @@ Index
tutorial/tutorial
rest-framework/rest-framework
views/views
+ templates
views/details
models
advanced_topics
diff --git a/docs/rest-framework/getting_started.rst b/docs/rest-framework/getting_started.rst
index 9fa8f87..3d5388f 100644
--- a/docs/rest-framework/getting_started.rst
+++ b/docs/rest-framework/getting_started.rst
@@ -94,7 +94,7 @@ Here's our project's root `urls.py` module:
urlpatterns = [
url(r'^', include(router.urls)),
url(r'^o/', include('oauth2_provider.urls', namespace='oauth2_provider')),
- url(r'^admin/', include(admin.site.urls)),
+ # ...
]
Also add the following to your `settings.py` module:
diff --git a/docs/rest-framework/permissions.rst b/docs/rest-framework/permissions.rst
index 629bf50..d10c4a9 100644
--- a/docs/rest-framework/permissions.rst
+++ b/docs/rest-framework/permissions.rst
@@ -70,7 +70,7 @@ IsAuthenticatedOrTokenHasScope
The `TokenHasResourceScope` permission class allows the access only when the current access token has been authorized for **all** the scopes listed in the `required_scopes` field of the view but according of request's method.
And also allows access to Authenticated users who are authenticated in django, but were not authenticated trought the OAuth2Authentication class.
This allows for protection of the api using scopes, but still let's users browse the full browseable API.
-To restrict users to only browse the parts of the browseable API they should be allowed to see, you can combine this wwith the DjangoModelPermission or the DjangoObjectPermission.
+To restrict users to only browse the parts of the browseable API they should be allowed to see, you can combine this with the DjangoModelPermission or the DjangoObjectPermission.
For example:
diff --git a/docs/settings.rst b/docs/settings.rst
index ac8cfce..c93f1dd 100644
--- a/docs/settings.rst
+++ b/docs/settings.rst
@@ -32,6 +32,14 @@ The number of seconds an access token remains valid. Requesting a protected
resource after this duration will fail. Keep this value high enough so clients
can cache the token for a reasonable amount of time.
+ALLOWED_REDIRECT_URI_SCHEMES
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Default: ``["http", "https"]``
+
+A list of schemes that the ``redirect_uri`` field will be validated against.
+Setting this to ``["https"]`` only in production is strongly recommended.
+
APPLICATION_MODEL
~~~~~~~~~~~~~~~~~
The import string of the class (model) representing your applications. Overwrite
@@ -60,7 +68,7 @@ The length of the generated secrets, in characters. If this value is too low,
secrets may become subject to bruteforce guessing.
OAUTH2_SERVER_CLASS
-~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~
The import string for the ``server_class`` (or ``oauthlib.oauth2.Server`` subclass)
used in the ``OAuthLibMixin`` that implements OAuth2 grant types.
@@ -74,12 +82,37 @@ OAUTH2_BACKEND_CLASS
The import string for the ``oauthlib_backend_class`` used in the ``OAuthLibMixin``,
to get a ``Server`` instance.
+REFRESH_TOKEN_EXPIRE_SECONDS
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+The number of seconds before a refresh token gets removed from the database by
+the ``cleartokens`` management command. Check :ref:`cleartokens` management command for further info.
+
+ROTATE_REFRESH_TOKEN
+~~~~~~~~~~~~~~~~~~~~
+When is set to `True` (default) a new refresh token is issued to the client when the client refreshes an access token.
+
+REQUEST_APPROVAL_PROMPT
+~~~~~~~~~~~~~~~~~~~~~~~
+Can be ``'force'`` or ``'auto'``.
+The strategy used to display the authorization form. Refer to :ref:`skip-auth-form`.
+
+SCOPES_BACKEND_CLASS
+~~~~~~~~~~~~~~~~~~~~
+**New in 0.12.0**. The import string for the scopes backend class.
+Defaults to , which reads scopes through the settings defined below.
+
SCOPES
~~~~~~
+.. note:: (0.12.0+) Only used if `SCOPES_BACKEND_CLASS` is set to the SettingsScopes default.
+
A dictionary mapping each scope name to its human description.
+.. _settings_default_scopes:
+
DEFAULT_SCOPES
~~~~~~~~~~~~~~
+.. note:: (0.12.0+) Only used if `SCOPES_BACKEND_CLASS` is set to the SettingsScopes default.
+
A list of scopes that should be returned by default.
This is a subset of the keys of the SCOPES setting.
By default this is set to '__all__' meaning that the whole set of SCOPES will be returned.
@@ -90,22 +123,12 @@ By default this is set to '__all__' meaning that the whole set of SCOPES will be
READ_SCOPE
~~~~~~~~~~
+.. note:: (0.12.0+) Only used if `SCOPES_BACKEND_CLASS` is set to the SettingsScopes default.
+
The name of the *read* scope.
WRITE_SCOPE
~~~~~~~~~~~
-The name of the *write* scope.
-
-REFRESH_TOKEN_EXPIRE_SECONDS
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-The number of seconds before a refresh token gets removed from the database by
-the ``cleartokens`` management command. Check :ref:`cleartokens` management command for further info.
-
-ROTATE_REFRESH_TOKEN
-~~~~~~~~~~~~~~~~~~~~
-When is set to `True` (default) a new refresh token is issued to the client when the client refreshes an access token.
+.. note:: (0.12.0+) Only used if `SCOPES_BACKEND_CLASS` is set to the SettingsScopes default.
-REQUEST_APPROVAL_PROMPT
-~~~~~~~~~~~~~~~~~~~~~~~
-Can be ``'force'`` or ``'auto'``.
-The strategy used to display the authorization form. Refer to :ref:`skip-auth-form`.
+The name of the *write* scope.
diff --git a/docs/templates.rst b/docs/templates.rst
new file mode 100644
index 0000000..4b7e103
--- /dev/null
+++ b/docs/templates.rst
@@ -0,0 +1,245 @@
+Templates
+=========
+
+A set of templates is provided. These templates range from Django Admin Site alternatives to manage the Apps that use your App as a provider, to Error and Authorization Templates.
+
+You can override default templates located in ``templates/oauth2_provider`` folder and provide a custom layout.
+To override these templates you just need to create a folder named ``oauth2_provider`` inside your templates folder and, inside this folder, add a file that matches the name of the template you're trying to override.
+
+.. important:
+
+ In ``INSTALLED_APPS`` on ``settings.py``, ``'django.contrib.staticfiles'``, must be before ``'oauth2_provider'``.
+
+.. note:
+
+ Every view provides access only to data belonging to the logged in user who performs the request.
+
+The templates available are:
+
+- `base.html`_
+- `authorize.html`_
+- `Management`_:
+ - `Application`_:
+ - `application_list.html`_
+ - `application_form.html`_
+ - `application_registration_form.html`_
+ - `application_detail.html`_
+ - `application_confirm_delete.html`_
+ - `Token`_:
+ - `authorized-tokens.html`_
+ - `authorized-token-delete.html`_
+
+
+
+base.html
+---------
+
+If you just want a different look and feel you may only override this template.
+To inherit this template just add ``{% extends "oauth2_provider/base.html" %}`` in the first line of the other templates. This is what is done with the default templates.
+
+The blocks defined in it are:
+
+- ``title`` inside the HTML title tag;
+- ``css`` inside the head;
+- ``content`` in the body.
+
+.. note:
+
+ See ` Django docs on template inheritance <https://docs.djangoproject.com/en/dev/ref/templates/language/#template-inheritance>`_ for more information on the use of blocks.
+
+authorize.html
+--------------
... 1660 lines suppressed ...
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/django-oauth-toolkit.git
More information about the Python-modules-commits
mailing list