chore: rm oauth
parent
ee855924ad
commit
e4b17f06d6
|
@ -1,20 +0,0 @@
|
|||
# Copyright © 2022 Aravinth Manivannan <realaravinth@batsense.net>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as
|
||||
# published by the Free Software Foundation, either version 3 of the
|
||||
# License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
from django.contrib import admin
|
||||
|
||||
from .models import AuthorizationGrant
|
||||
|
||||
admin.site.register(AuthorizationGrant)
|
|
@ -1,6 +0,0 @@
|
|||
from django.apps import AppConfig
|
||||
|
||||
|
||||
class OauthConfig(AppConfig):
|
||||
default_auto_field = "django.db.models.BigAutoField"
|
||||
name = "oauth"
|
|
@ -1,19 +0,0 @@
|
|||
# Copyright © 2022 Aravinth Manivannan <realaravinth@batsense.net>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as
|
||||
# published by the Free Software Foundation, either version 3 of the
|
||||
# License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
from django.contrib import admin
|
||||
|
||||
from .models import OauthIntegration
|
||||
|
||||
admin.site.register(OauthIntegration)
|
|
@ -1,6 +0,0 @@
|
|||
from django.apps import AppConfig
|
||||
|
||||
|
||||
class IntegrationsConfig(AppConfig):
|
||||
default_auto_field = "django.db.models.BigAutoField"
|
||||
name = "oauth.integrations"
|
|
@ -1,70 +0,0 @@
|
|||
# Generated by Django 4.0.3 on 2022-06-05 19:37
|
||||
|
||||
from django.conf import settings
|
||||
from django.db import migrations, models
|
||||
import django.db.models.deletion
|
||||
import uuid
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
initial = True
|
||||
|
||||
dependencies = [
|
||||
migrations.swappable_dependency(settings.AUTH_USER_MODEL),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.CreateModel(
|
||||
name="OauthIntegration",
|
||||
fields=[
|
||||
(
|
||||
"name_text",
|
||||
models.CharField(
|
||||
max_length=100, verbose_name="name of the application"
|
||||
),
|
||||
),
|
||||
(
|
||||
"client_id_uuid",
|
||||
models.UUIDField(
|
||||
default=uuid.uuid4,
|
||||
editable=False,
|
||||
primary_key=True,
|
||||
serialize=False,
|
||||
unique=True,
|
||||
verbose_name="client UUID",
|
||||
),
|
||||
),
|
||||
(
|
||||
"client_secret_text",
|
||||
models.CharField(
|
||||
blank=True,
|
||||
default="7CM6lfbQ0j1NuWdYhd8HRLMkeWywQUtX",
|
||||
editable=False,
|
||||
max_length=32,
|
||||
unique=True,
|
||||
verbose_name="client secret",
|
||||
),
|
||||
),
|
||||
(
|
||||
"privacy_policy_uri",
|
||||
models.URLField(
|
||||
default=None, verbose_name="privacy policy of the application"
|
||||
),
|
||||
),
|
||||
(
|
||||
"redirect_uri",
|
||||
models.URLField(
|
||||
unique=True, verbose_name="uri where user is to be redirected"
|
||||
),
|
||||
),
|
||||
(
|
||||
"owned_by",
|
||||
models.ForeignKey(
|
||||
on_delete=django.db.models.deletion.CASCADE,
|
||||
to=settings.AUTH_USER_MODEL,
|
||||
),
|
||||
),
|
||||
],
|
||||
),
|
||||
]
|
|
@ -1,25 +0,0 @@
|
|||
# Generated by Django 4.0.3 on 2022-06-05 19:37
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("integrations", "0001_initial"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name="oauthintegration",
|
||||
name="client_secret_text",
|
||||
field=models.CharField(
|
||||
blank=True,
|
||||
default="9HBaBiYERc1ogWvwHGWAb9lUKKco8brN",
|
||||
editable=False,
|
||||
max_length=32,
|
||||
unique=True,
|
||||
verbose_name="client secret",
|
||||
),
|
||||
),
|
||||
]
|
|
@ -1,34 +0,0 @@
|
|||
# Generated by Django 4.0.3 on 2022-06-05 19:40
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("integrations", "0002_alter_oauthintegration_client_secret_text"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name="oauthintegration",
|
||||
name="client_secret_text",
|
||||
field=models.CharField(
|
||||
blank=True,
|
||||
default="xTHXiGYQ0yn1f3SbDOy8wh7YolrsySnu",
|
||||
editable=False,
|
||||
max_length=32,
|
||||
unique=True,
|
||||
verbose_name="client secret",
|
||||
),
|
||||
),
|
||||
migrations.AlterField(
|
||||
model_name="oauthintegration",
|
||||
name="privacy_policy_uri",
|
||||
field=models.URLField(
|
||||
blank=True,
|
||||
default=None,
|
||||
verbose_name="privacy policy of the application",
|
||||
),
|
||||
),
|
||||
]
|
|
@ -1,25 +0,0 @@
|
|||
# Generated by Django 4.0.3 on 2022-06-05 19:42
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("integrations", "0003_alter_oauthintegration_client_secret_text_and_more"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name="oauthintegration",
|
||||
name="client_secret_text",
|
||||
field=models.CharField(
|
||||
blank=True,
|
||||
default="bUqiljhkmFh845B68APhXDoV9ui9iQwS",
|
||||
editable=False,
|
||||
max_length=32,
|
||||
unique=True,
|
||||
verbose_name="client secret",
|
||||
),
|
||||
),
|
||||
]
|
|
@ -1,25 +0,0 @@
|
|||
# Generated by Django 4.0.3 on 2022-06-05 19:43
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("integrations", "0004_alter_oauthintegration_client_secret_text"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name="oauthintegration",
|
||||
name="client_secret_text",
|
||||
field=models.CharField(
|
||||
blank=True,
|
||||
default="B4siYj3YEZjyF94IfLihJPHNuYOJWds6",
|
||||
editable=False,
|
||||
max_length=32,
|
||||
unique=True,
|
||||
verbose_name="client secret",
|
||||
),
|
||||
),
|
||||
]
|
|
@ -1,25 +0,0 @@
|
|||
# Generated by Django 4.0.3 on 2022-06-05 21:32
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("integrations", "0005_alter_oauthintegration_client_secret_text"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name="oauthintegration",
|
||||
name="client_secret_text",
|
||||
field=models.CharField(
|
||||
blank=True,
|
||||
default="nfZH00oFFZw7nj9o8zCXleNBBwqiMrgs",
|
||||
editable=False,
|
||||
max_length=32,
|
||||
unique=True,
|
||||
verbose_name="client secret",
|
||||
),
|
||||
),
|
||||
]
|
|
@ -1,25 +0,0 @@
|
|||
# Generated by Django 4.0.3 on 2022-06-05 21:49
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("integrations", "0006_alter_oauthintegration_client_secret_text"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name="oauthintegration",
|
||||
name="client_secret_text",
|
||||
field=models.CharField(
|
||||
blank=True,
|
||||
default="zc5jGzAvl32522k2bK2AGBRyjjuQ7XCS",
|
||||
editable=False,
|
||||
max_length=32,
|
||||
unique=True,
|
||||
verbose_name="client secret",
|
||||
),
|
||||
),
|
||||
]
|
|
@ -1,35 +0,0 @@
|
|||
# Generated by Django 4.0.3 on 2022-06-05 22:45
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("integrations", "0007_alter_oauthintegration_client_secret_text"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name="oauthintegration",
|
||||
name="client_secret_text",
|
||||
field=models.CharField(
|
||||
blank=True,
|
||||
default="Wfr9q7bWzgnbBFzBhEhPv7mpCRvyfAnc",
|
||||
editable=False,
|
||||
max_length=32,
|
||||
unique=True,
|
||||
verbose_name="client secret",
|
||||
),
|
||||
),
|
||||
migrations.AlterField(
|
||||
model_name="oauthintegration",
|
||||
name="privacy_policy_uri",
|
||||
field=models.URLField(
|
||||
blank=True,
|
||||
default=None,
|
||||
null=True,
|
||||
verbose_name="privacy policy of the application",
|
||||
),
|
||||
),
|
||||
]
|
|
@ -1,25 +0,0 @@
|
|||
# Generated by Django 4.0.3 on 2022-06-06 03:45
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("integrations", "0008_alter_oauthintegration_client_secret_text_and_more"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name="oauthintegration",
|
||||
name="client_secret_text",
|
||||
field=models.CharField(
|
||||
blank=True,
|
||||
default="driw0y2clz6sqnNFYE62Okl6NPW51XHt",
|
||||
editable=False,
|
||||
max_length=32,
|
||||
unique=True,
|
||||
verbose_name="client secret",
|
||||
),
|
||||
),
|
||||
]
|
|
@ -1,25 +0,0 @@
|
|||
# Generated by Django 4.0.3 on 2022-06-06 04:02
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("integrations", "0009_alter_oauthintegration_client_secret_text"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name="oauthintegration",
|
||||
name="client_secret_text",
|
||||
field=models.CharField(
|
||||
blank=True,
|
||||
default="PIwNX3xbeo12bycsY9PNfNv5Lf7fKKH9",
|
||||
editable=False,
|
||||
max_length=32,
|
||||
unique=True,
|
||||
verbose_name="client secret",
|
||||
),
|
||||
),
|
||||
]
|
|
@ -1,25 +0,0 @@
|
|||
# Generated by Django 4.0.3 on 2022-06-06 04:08
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("integrations", "0010_alter_oauthintegration_client_secret_text"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name="oauthintegration",
|
||||
name="client_secret_text",
|
||||
field=models.CharField(
|
||||
blank=True,
|
||||
default="IIrQcB1pSUVn0bp4Vjfk5oFWbYrcRhyC",
|
||||
editable=False,
|
||||
max_length=32,
|
||||
unique=True,
|
||||
verbose_name="client secret",
|
||||
),
|
||||
),
|
||||
]
|
|
@ -1,26 +0,0 @@
|
|||
# Generated by Django 4.0.3 on 2022-06-06 04:37
|
||||
|
||||
from django.db import migrations, models
|
||||
import oauth.integrations.utils
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("integrations", "0011_alter_oauthintegration_client_secret_text"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name="oauthintegration",
|
||||
name="client_secret_text",
|
||||
field=models.CharField(
|
||||
blank=True,
|
||||
default=oauth.integrations.utils.gen_secret,
|
||||
editable=False,
|
||||
max_length=32,
|
||||
unique=True,
|
||||
verbose_name="client secret",
|
||||
),
|
||||
),
|
||||
]
|
|
@ -1,47 +0,0 @@
|
|||
# Copyright © 2022 Aravinth Manivannan <realaravinth@batsense.net>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as
|
||||
# published by the Free Software Foundation, either version 3 of the
|
||||
# License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
import uuid
|
||||
|
||||
from django.db import models
|
||||
from django.contrib.auth.models import User
|
||||
from django.utils.crypto import get_random_string
|
||||
|
||||
from .utils import gen_secret
|
||||
|
||||
# Create your models here.
|
||||
|
||||
|
||||
class OauthIntegration(models.Model):
|
||||
owned_by = models.ForeignKey(User, on_delete=models.CASCADE)
|
||||
name_text = models.CharField("name of the application", max_length=100)
|
||||
client_id_uuid = models.UUIDField(
|
||||
"client UUID", default=uuid.uuid4, editable=False, unique=True, primary_key=True
|
||||
)
|
||||
client_secret_text = models.CharField(
|
||||
"client secret",
|
||||
unique=True,
|
||||
max_length=32,
|
||||
default=gen_secret,
|
||||
blank=True,
|
||||
editable=False,
|
||||
)
|
||||
privacy_policy_uri = models.URLField(
|
||||
"privacy policy of the application", default=None, blank=True, null=True
|
||||
)
|
||||
redirect_uri = models.URLField("uri where user is to be redirected", unique=True)
|
||||
|
||||
def __str__(self):
|
||||
return f"{self.name_text}: {self.client_id_uuid}"
|
|
@ -1,24 +0,0 @@
|
|||
<form action="{% url 'oauth.integrations.new_app' %}" method="POST">
|
||||
{% csrf_token %}
|
||||
|
||||
<legend>
|
||||
<h1>{{ create_app.function }} </h1>
|
||||
</legend>
|
||||
|
||||
<label for="name">
|
||||
{{ create_app.name }}
|
||||
<input required type="text" name="name" id="name" />
|
||||
</label>
|
||||
|
||||
<label for="redirect_uri">
|
||||
{{ create_app.redirect_uri }}
|
||||
<input required type="text" name="redirect_uri" id="redirect_uri" />
|
||||
</label>
|
||||
|
||||
<label for="privacy_policy">
|
||||
{{ create_app.privacy_policy }}
|
||||
<input type="text" name="privacy_policy" id="privacy_policy" />
|
||||
</label>
|
||||
|
||||
<button type="submit">Create App</button>
|
||||
</form>
|
|
@ -1,212 +0,0 @@
|
|||
# Copyright © 2022 Aravinth Manivannan <realaravinth@batsense.net>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as
|
||||
# published by the Free Software Foundation, either version 3 of the
|
||||
# License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
from django.contrib.auth import get_user_model
|
||||
from django.urls import reverse
|
||||
from django.test import TestCase, Client, override_settings
|
||||
|
||||
from .views import CREATE_APP_CTX
|
||||
from .models import OauthIntegration
|
||||
|
||||
|
||||
class CreateNewAppTests(TestCase):
|
||||
"""
|
||||
Tests create new app view
|
||||
"""
|
||||
|
||||
def setUp(self):
|
||||
self.password = "password121231"
|
||||
self.user = get_user_model().objects.create_user(
|
||||
username="create_new_app_tests",
|
||||
email="create_new_app_tests@example.org",
|
||||
password=self.password,
|
||||
)
|
||||
|
||||
self.superuser = get_user_model().objects.create_superuser(
|
||||
username="create_new_app_tests_superuser",
|
||||
email="create_new_app_tests_superuser@example.org",
|
||||
password=self.password,
|
||||
)
|
||||
|
||||
def test_create_new_app_unauthenticated_user(self):
|
||||
"""
|
||||
Tests if new_app is accessible only when user is authenticated
|
||||
"""
|
||||
resp = self.client.get(reverse("oauth.integrations.new_app"))
|
||||
self.assertEqual(resp.status_code, 302)
|
||||
|
||||
def test_view_is_restricted_to_super_user(self):
|
||||
"""
|
||||
Tests if view is only accessible from superuser accounts
|
||||
"""
|
||||
c = Client()
|
||||
c.login(username=self.user.username, password=self.password)
|
||||
c.session.save()
|
||||
|
||||
resp = c.get(reverse("oauth.integrations.new_app"))
|
||||
self.assertEqual(resp.status_code, 404)
|
||||
|
||||
def test_create_new_app_renders(self):
|
||||
"""
|
||||
Tests new_app template render
|
||||
"""
|
||||
|
||||
c = Client()
|
||||
c.login(username=self.superuser.username, password=self.password)
|
||||
c.session.save()
|
||||
|
||||
resp = c.get(reverse("oauth.integrations.new_app"))
|
||||
self.assertEqual(resp.status_code, 200)
|
||||
for (_, value) in CREATE_APP_CTX.items():
|
||||
self.assertContains(resp, value)
|
||||
|
||||
def test_new_app_submission(self):
|
||||
"""
|
||||
Tests new_app template render
|
||||
"""
|
||||
payload = {
|
||||
"name": "test_new_app_submission",
|
||||
"redirect_uri": "https://test_new_app_submission.example.org",
|
||||
}
|
||||
c = Client()
|
||||
c.login(username=self.superuser.username, password=self.password)
|
||||
c.session.save()
|
||||
resp = c.post(reverse("oauth.integrations.new_app"), payload)
|
||||
self.assertEqual(resp.status_code, 200)
|
||||
|
||||
def test_method_unavailable(self):
|
||||
"""
|
||||
Test new_app using unsupported HTTP method
|
||||
"""
|
||||
c = Client()
|
||||
c.login(username=self.superuser.username, password=self.password)
|
||||
c.session.save()
|
||||
|
||||
resp = c.head(reverse("oauth.integrations.new_app"))
|
||||
self.assertEqual(resp.status_code, 404)
|
||||
|
||||
@override_settings(RESTRICT_NEW_INTEGRATION_INSTALLATION=False)
|
||||
def test_unrestricted_app_creation(self):
|
||||
"""
|
||||
Test new_app using unsupported HTTP method
|
||||
"""
|
||||
c = Client()
|
||||
c.login(username=self.user.username, password=self.password)
|
||||
c.session.save()
|
||||
|
||||
resp = c.get(reverse("oauth.integrations.new_app"))
|
||||
self.assertEqual(resp.status_code, 200)
|
||||
|
||||
|
||||
class DeleteAppTest(TestCase):
|
||||
"""
|
||||
Tests create delete app view
|
||||
"""
|
||||
|
||||
def setUp(self):
|
||||
self.password = "password121231"
|
||||
self.user = get_user_model().objects.create_user(
|
||||
username="delete_app_tests",
|
||||
email="delete_app_tests@example.org",
|
||||
password=self.password,
|
||||
)
|
||||
|
||||
self.superuser = get_user_model().objects.create_superuser(
|
||||
username="delete_app_tests_superuser",
|
||||
email="delete_app_tests_superuser@example.org",
|
||||
password=self.password,
|
||||
)
|
||||
payload = {
|
||||
"name": "test_deletebmission",
|
||||
"redirect_uri": "https://test_deletebmission.example.org",
|
||||
}
|
||||
self.integration = OauthIntegration(
|
||||
owned_by=self.superuser,
|
||||
name_text=payload["name"],
|
||||
redirect_uri=payload["redirect_uri"],
|
||||
)
|
||||
self.integration2 = OauthIntegration(
|
||||
owned_by=self.user,
|
||||
name_text=payload["name"],
|
||||
redirect_uri="http://test_deletebmission_2.example.org",
|
||||
)
|
||||
|
||||
self.integration.save()
|
||||
self.integration2.save()
|
||||
self.path = reverse(
|
||||
"oauth.integrations.del_app",
|
||||
kwargs={"client_id": self.integration.client_id_uuid},
|
||||
)
|
||||
self.path2 = reverse(
|
||||
"oauth.integrations.del_app",
|
||||
kwargs={"client_id": self.integration2.client_id_uuid},
|
||||
)
|
||||
|
||||
def test_delete_app_unauthenticated_user(self):
|
||||
"""
|
||||
Tests if delete accessible only when user is authenticated
|
||||
"""
|
||||
resp = self.client.post(self.path)
|
||||
self.assertEqual(resp.status_code, 302)
|
||||
|
||||
def test_view_is_restricted_to_super_user(self):
|
||||
"""
|
||||
Tests if view is only accessible from superuser accounts
|
||||
"""
|
||||
c = Client()
|
||||
c.login(username=self.user.username, password=self.password)
|
||||
c.session.save()
|
||||
|
||||
resp = c.post(self.path)
|
||||
self.assertEqual(resp.status_code, 404)
|
||||
|
||||
def test_delete_works(self):
|
||||
"""
|
||||
Tests delete works render
|
||||
"""
|
||||
|
||||
c = Client()
|
||||
c.login(username=self.superuser.username, password=self.password)
|
||||
c.session.save()
|
||||
resp = c.post(self.path)
|
||||
self.assertEqual(resp.status_code, 200)
|
||||
|
||||
def test_method_unavailable(self):
|
||||
"""
|
||||
Test delete app using unsupported HTTP method
|
||||
"""
|
||||
c = Client()
|
||||
c.login(username=self.superuser.username, password=self.password)
|
||||
c.session.save()
|
||||
|
||||
resp = c.head(self.path)
|
||||
self.assertEqual(resp.status_code, 405)
|
||||
|
||||
@override_settings(RESTRICT_NEW_INTEGRATION_INSTALLATION=False)
|
||||
def test_unrestricted_app_deletion(self):
|
||||
"""
|
||||
Test delete app using unsupported HTTP method
|
||||
"""
|
||||
c = Client()
|
||||
|
||||
# user != owned_by
|
||||
c.login(username=self.superuser.username, password=self.password)
|
||||
c.session.save()
|
||||
resp = c.post(self.path2)
|
||||
self.assertEqual(resp.status_code, 404)
|
||||
|
||||
c.login(username=self.user.username, password=self.password)
|
||||
c.session.save()
|
||||
resp = c.post(self.path2)
|
||||
self.assertEqual(resp.status_code, 200)
|
|
@ -1,23 +0,0 @@
|
|||
# Copyright © 2022 Aravinth Manivannan <realaravinth@batsense.net>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as
|
||||
# published by the Free Software Foundation, either version 3 of the
|
||||
# License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
from django.urls import path, include
|
||||
|
||||
from . import views
|
||||
|
||||
urlpatterns = [
|
||||
path("new/", views.new_app, name="oauth.integrations.new_app"),
|
||||
path("delete/<str:client_id>/", views.del_app, name="oauth.integrations.del_app"),
|
||||
]
|
|
@ -1,22 +0,0 @@
|
|||
# Copyright © 2022 Aravinth Manivannan <realaravinth@batsense.net>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as
|
||||
# published by the Free Software Foundation, either version 3 of the
|
||||
# License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
from django.utils.crypto import get_random_string
|
||||
|
||||
|
||||
def gen_secret() -> str:
|
||||
"""
|
||||
Generate random secret
|
||||
"""
|
||||
return get_random_string(32)
|
|
@ -1,78 +0,0 @@
|
|||
# Copyright © 2022 Aravinth Manivannan <realaravinth@batsense.net>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as
|
||||
# published by the Free Software Foundation, either version 3 of the
|
||||
# License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
from django.shortcuts import render, get_object_or_404
|
||||
from django.http import HttpResponse, HttpResponseNotFound
|
||||
from django.views.decorators.http import require_POST
|
||||
from django.contrib.auth import authenticate
|
||||
from django.contrib.auth.decorators import login_required
|
||||
from django.conf import settings
|
||||
|
||||
from django.views.decorators.csrf import csrf_protect
|
||||
|
||||
from .models import OauthIntegration
|
||||
|
||||
CREATE_APP_CTX = {
|
||||
"function": "Create new OAuth2 Application",
|
||||
"name": "Application Name",
|
||||
"redirect_uri": "Redirect URI",
|
||||
"privacy_policy": "Privacy Policy URI",
|
||||
}
|
||||
|
||||
|
||||
@login_required
|
||||
@csrf_protect
|
||||
def new_app(request):
|
||||
"""
|
||||
Create new OAuth integration APP
|
||||
"""
|
||||
if settings.RESTRICT_NEW_INTEGRATION_INSTALLATION:
|
||||
if not request.user.is_superuser:
|
||||
return HttpResponseNotFound("Page not Found")
|
||||
|
||||
if request.method == "GET":
|
||||
return render(request, "integrations/new.html", {"create_app": CREATE_APP_CTX})
|
||||
|
||||
if request.method == "POST":
|
||||
app = OauthIntegration(
|
||||
owned_by=request.user,
|
||||
name_text=request.POST["name"],
|
||||
redirect_uri=request.POST["redirect_uri"],
|
||||
)
|
||||
if "privacy_policy" in request.POST:
|
||||
app.privacy_policy_uri = request.POST["privacy_policy"]
|
||||
|
||||
app.save()
|
||||
return HttpResponse("OK")
|
||||
|
||||
return HttpResponseNotFound("Method not supported")
|
||||
|
||||
|
||||
@login_required
|
||||
@csrf_protect
|
||||
@require_POST
|
||||
def del_app(request, client_id):
|
||||
"""
|
||||
Delete OAuth App
|
||||
"""
|
||||
if settings.RESTRICT_NEW_INTEGRATION_INSTALLATION:
|
||||
if not request.user.is_superuser:
|
||||
return HttpResponseNotFound("Page not Found")
|
||||
|
||||
app = get_object_or_404(
|
||||
OauthIntegration, client_id_uuid=client_id, owned_by=request.user
|
||||
)
|
||||
app.delete()
|
||||
return HttpResponse("OK")
|
|
@ -1,54 +0,0 @@
|
|||
# Generated by Django 4.0.3 on 2022-06-05 19:37
|
||||
|
||||
from django.conf import settings
|
||||
from django.db import migrations, models
|
||||
import django.db.models.deletion
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
initial = True
|
||||
|
||||
dependencies = [
|
||||
("integrations", "0001_initial"),
|
||||
migrations.swappable_dependency(settings.AUTH_USER_MODEL),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.CreateModel(
|
||||
name="AuthorizationGrant",
|
||||
fields=[
|
||||
(
|
||||
"code_text",
|
||||
models.CharField(
|
||||
blank=True,
|
||||
default="GGw2HiQ1PaR9qXDkShgLHzx1zoi50tZD",
|
||||
editable=False,
|
||||
max_length=32,
|
||||
primary_key=True,
|
||||
serialize=False,
|
||||
unique=True,
|
||||
verbose_name="Authorization Code",
|
||||
),
|
||||
),
|
||||
(
|
||||
"issued_date",
|
||||
models.DateTimeField(auto_now_add=True, verbose_name="date issued"),
|
||||
),
|
||||
(
|
||||
"authorized_by",
|
||||
models.ForeignKey(
|
||||
on_delete=django.db.models.deletion.CASCADE,
|
||||
to=settings.AUTH_USER_MODEL,
|
||||
),
|
||||
),
|
||||
(
|
||||
"issued_to",
|
||||
models.ForeignKey(
|
||||
on_delete=django.db.models.deletion.CASCADE,
|
||||
to="integrations.oauthintegration",
|
||||
),
|
||||
),
|
||||
],
|
||||
),
|
||||
]
|
|
@ -1,27 +0,0 @@
|
|||
# Generated by Django 4.0.3 on 2022-06-05 19:37
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("oauth", "0001_initial"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name="authorizationgrant",
|
||||
name="code_text",
|
||||
field=models.CharField(
|
||||
blank=True,
|
||||
default="3lxQluG1v0yp73bNKYey0TEoDW3eXQxH",
|
||||
editable=False,
|
||||
max_length=32,
|
||||
primary_key=True,
|
||||
serialize=False,
|
||||
unique=True,
|
||||
verbose_name="Authorization Code",
|
||||
),
|
||||
),
|
||||
]
|
|
@ -1,27 +0,0 @@
|
|||
# Generated by Django 4.0.3 on 2022-06-05 19:40
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("oauth", "0002_alter_authorizationgrant_code_text"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name="authorizationgrant",
|
||||
name="code_text",
|
||||
field=models.CharField(
|
||||
blank=True,
|
||||
default="6Ciye3K1OWfDDy7BJJ50S5NE1Rev5fKA",
|
||||
editable=False,
|
||||
max_length=32,
|
||||
primary_key=True,
|
||||
serialize=False,
|
||||
unique=True,
|
||||
verbose_name="Authorization Code",
|
||||
),
|
||||
),
|
||||
]
|
|
@ -1,27 +0,0 @@
|
|||
# Generated by Django 4.0.3 on 2022-06-05 19:42
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("oauth", "0003_alter_authorizationgrant_code_text"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name="authorizationgrant",
|
||||
name="code_text",
|
||||
field=models.CharField(
|
||||
blank=True,
|
||||
default="RfvqA3tKdTDqwaSyicR3vQaUygseBanY",
|
||||
editable=False,
|
||||
max_length=32,
|
||||
primary_key=True,
|
||||
serialize=False,
|
||||
unique=True,
|
||||
verbose_name="Authorization Code",
|
||||
),
|
||||
),
|
||||
]
|
|
@ -1,27 +0,0 @@
|
|||
# Generated by Django 4.0.3 on 2022-06-05 19:43
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("oauth", "0004_alter_authorizationgrant_code_text"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name="authorizationgrant",
|
||||
name="code_text",
|
||||
field=models.CharField(
|
||||
blank=True,
|
||||
default="V1BWmLAqQfhYW9xmCWVRucWQNYE8Lnfp",
|
||||
editable=False,
|
||||
max_length=32,
|
||||
primary_key=True,
|
||||
serialize=False,
|
||||
unique=True,
|
||||
verbose_name="Authorization Code",
|
||||
),
|
||||
),
|
||||
]
|
|
@ -1,27 +0,0 @@
|
|||
# Generated by Django 4.0.3 on 2022-06-05 21:32
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("oauth", "0005_alter_authorizationgrant_code_text"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name="authorizationgrant",
|
||||
name="code_text",
|
||||
field=models.CharField(
|
||||
blank=True,
|
||||
default="zkEX8YryL1izSlXDfDQTvksgA507Fdcy",
|
||||
editable=False,
|
||||
max_length=32,
|
||||
primary_key=True,
|
||||
serialize=False,
|
||||
unique=True,
|
||||
verbose_name="Authorization Code",
|
||||
),
|
||||
),
|
||||
]
|
|
@ -1,27 +0,0 @@
|
|||
# Generated by Django 4.0.3 on 2022-06-05 21:49
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("oauth", "0006_alter_authorizationgrant_code_text"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name="authorizationgrant",
|
||||
name="code_text",
|
||||
field=models.CharField(
|
||||
blank=True,
|
||||
default="xGw93mTDmno7Q05yochvcS7lFpmU6cSG",
|
||||
editable=False,
|
||||
max_length=32,
|
||||
primary_key=True,
|
||||
serialize=False,
|
||||
unique=True,
|
||||
verbose_name="Authorization Code",
|
||||
),
|
||||
),
|
||||
]
|
|
@ -1,27 +0,0 @@
|
|||
# Generated by Django 4.0.3 on 2022-06-05 22:45
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("oauth", "0007_alter_authorizationgrant_code_text"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name="authorizationgrant",
|
||||
name="code_text",
|
||||
field=models.CharField(
|
||||
blank=True,
|
||||
default="eHkQdvX6amXh3reImCggiBENkaL37a7l",
|
||||
editable=False,
|
||||
max_length=32,
|
||||
primary_key=True,
|
||||
serialize=False,
|
||||
unique=True,
|
||||
verbose_name="Authorization Code",
|
||||
),
|
||||
),
|
||||
]
|
|
@ -1,27 +0,0 @@
|
|||
# Generated by Django 4.0.3 on 2022-06-06 03:45
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("oauth", "0008_alter_authorizationgrant_code_text"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name="authorizationgrant",
|
||||
name="code_text",
|
||||
field=models.CharField(
|
||||
blank=True,
|
||||
default="CwLC9yHqvoQh9pHWQbQyqCqTEZlugZZa",
|
||||
editable=False,
|
||||
max_length=32,
|
||||
primary_key=True,
|
||||
serialize=False,
|
||||
unique=True,
|
||||
verbose_name="Authorization Code",
|
||||
),
|
||||
),
|
||||
]
|
|
@ -1,27 +0,0 @@
|
|||
# Generated by Django 4.0.3 on 2022-06-06 04:02
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("oauth", "0009_alter_authorizationgrant_code_text"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name="authorizationgrant",
|
||||
name="code_text",
|
||||
field=models.CharField(
|
||||
blank=True,
|
||||
default="ux3IcNewIwTqAETA21WzcYjifZtEYIo2",
|
||||
editable=False,
|
||||
max_length=32,
|
||||
primary_key=True,
|
||||
serialize=False,
|
||||
unique=True,
|
||||
verbose_name="Authorization Code",
|
||||
),
|
||||
),
|
||||
]
|
|
@ -1,27 +0,0 @@
|
|||
# Generated by Django 4.0.3 on 2022-06-06 04:08
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("oauth", "0010_alter_authorizationgrant_code_text"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name="authorizationgrant",
|
||||
name="code_text",
|
||||
field=models.CharField(
|
||||
blank=True,
|
||||
default="oUNYnC8RnLlEebpt0QcEQvcgSGVctJ7U",
|
||||
editable=False,
|
||||
max_length=32,
|
||||
primary_key=True,
|
||||
serialize=False,
|
||||
unique=True,
|
||||
verbose_name="Authorization Code",
|
||||
),
|
||||
),
|
||||
]
|
|
@ -1,28 +0,0 @@
|
|||
# Generated by Django 4.0.3 on 2022-06-06 04:37
|
||||
|
||||
from django.db import migrations, models
|
||||
import oauth.integrations.utils
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("oauth", "0011_alter_authorizationgrant_code_text"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name="authorizationgrant",
|
||||
name="code_text",
|
||||
field=models.CharField(
|
||||
blank=True,
|
||||
default=oauth.integrations.utils.gen_secret,
|
||||
editable=False,
|
||||
max_length=32,
|
||||
primary_key=True,
|
||||
serialize=False,
|
||||
unique=True,
|
||||
verbose_name="Authorization Code",
|
||||
),
|
||||
),
|
||||
]
|
|
@ -1,38 +0,0 @@
|
|||
# Copyright © 2022 Aravinth Manivannan <realaravinth@batsense.net>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as
|
||||
# published by the Free Software Foundation, either version 3 of the
|
||||
# License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
from django.contrib.auth.models import User
|
||||
from django.db import models
|
||||
from django.utils.crypto import get_random_string
|
||||
|
||||
from .integrations.models import OauthIntegration
|
||||
from .integrations.utils import gen_secret
|
||||
|
||||
|
||||
class AuthorizationGrant(models.Model):
|
||||
authorized_by = models.ForeignKey(User, on_delete=models.CASCADE)
|
||||
code_text = models.CharField(
|
||||
"Authorization Code",
|
||||
primary_key=True,
|
||||
unique=True,
|
||||
max_length=32,
|
||||
default=gen_secret,
|
||||
blank=True,
|
||||
editable=False,
|
||||
)
|
||||
issued_date = models.DateTimeField("date issued", auto_now_add=True, blank=True)
|
||||
issued_to = models.ForeignKey(OauthIntegration, on_delete=models.CASCADE)
|
||||
|
||||
def __str__(self):
|
||||
return f"{self.authorized_by.username}: {self.issued_to.name_text} {self.issued_to.client_id_uuid}"
|
|
@ -1,3 +0,0 @@
|
|||
from django.test import TestCase
|
||||
|
||||
# Create your tests here.
|
|
@ -1,24 +0,0 @@
|
|||
# Copyright © 2022 Aravinth Manivannan <realaravinth@batsense.net>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as
|
||||
# published by the Free Software Foundation, either version 3 of the
|
||||
# License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
|
||||
from django.urls import path, include
|
||||
|
||||
from . import views
|
||||
|
||||
urlpatterns = [
|
||||
path("apps/", include("oauth.integrations.urls")),
|
||||
path("", views.index, name="index"),
|
||||
]
|
|
@ -1,32 +0,0 @@
|
|||
# Copyright © 2022 Aravinth Manivannan <realaravinth@batsense.net>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as
|
||||
# published by the Free Software Foundation, either version 3 of the
|
||||
# License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
|
||||
from django.shortcuts import render
|
||||
from django.http import HttpResponse
|
||||
|
||||
from django.contrib.auth import authenticate
|
||||
|
||||
# Create your views here.
|
||||
def index(request):
|
||||
return HttpResponse("Foo bar")
|
||||
|
||||
|
||||
def create_app(request):
|
||||
return HttpResponse("create app")
|
||||
|
||||
|
||||
def delete_app(request):
|
||||
return HttpResponse("delete app")
|
Loading…
Reference in New Issue