mirror of
https://github.com/zulip/zulip.git
synced 2025-10-23 16:14:02 +00:00
requirements: Bump python-social-auth version.
We had a bunch of ugly hacks to monkey patch things due to upstream being temporarily unmaintained and not merging PRs. Now the project is active again and the fixes have been merged and included in the latest version - so we clean up all that code.
This commit is contained in:
Mateusz Mandera
committed by
Tim Abbott
Tim Abbott
parent
1a994821fc
commit
f5e95c4fc1
@@ -761,10 +761,10 @@ social-auth-app-django==3.1.0 \
|
||||
--hash=sha256:6d0dd18c2d9e71ca545097d57b44d26f59e624a12833078e8e52f91baf849778 \
|
||||
--hash=sha256:9237e3d7b6f6f59494c3b02e0cce6efc69c9d33ad9d1a064e3b2318bcbe89ae3 \
|
||||
--hash=sha256:f151396e5b16e2eee12cd2e211004257826ece24fc4ae97a147df386c1cd7082
|
||||
social-auth-core[azuread,saml]==3.2.0 \
|
||||
--hash=sha256:47cd2458c8fefd02466b0c514643e02ad8b61d8b4b69f7573e80882e3a97b0f0 \
|
||||
--hash=sha256:8320666548a532eb158968eda542bbe1863682357c432d8c4e28034a7f1e3b58 \
|
||||
--hash=sha256:d81ed681e3c0722300b61a0792c5db5d21206793f95ca810f010c1cc931c8d89
|
||||
social-auth-core[azuread,saml]==3.3.0 \
|
||||
--hash=sha256:24d8cf5b37daf9ebd3b3687546f80639db6dcd7f1279daa99bb26b0637a6aec0 \
|
||||
--hash=sha256:5e1ef182370bb2dab4c15a89be725737fb5b2242a12dc40cf22a23d9c00ebc5f \
|
||||
--hash=sha256:64688f99158debbf38f67a2735a8ad750a86cc8c849bfd23263a203337f7bcc6
|
||||
soupsieve==1.9.5 \
|
||||
--hash=sha256:bdb0d917b03a1369ce964056fc195cfdff8819c40de04695a80bc813c3cfa1f5 \
|
||||
--hash=sha256:e2c1c5dee4a1c36bcb790e0fabd5492d874b8ebd4617622c4f6a731701060dda \
|
||||
@@ -891,6 +891,10 @@ typing-extensions==3.7.4.1 \
|
||||
--hash=sha256:cf8b63fedea4d89bab840ecbb93e75578af28f76f66c35889bd7065f5af88575
|
||||
https://github.com/zulip/ultrajson/archive/70ac02becc3e11174cd5072650f885b30daab8a8.zip#egg=ujson==1.35+git \
|
||||
--hash=sha256:e95c20f47093dc7376ddf70b95489979375fb6e88b8d7e4b5576d917dda8ef5a
|
||||
unidecode==1.1.1 \
|
||||
--hash=sha256:1d7a042116536098d05d599ef2b8616759f02985c85b4fef50c78a5aaf10822a \
|
||||
--hash=sha256:2b6aab710c2a1647e928e36d69c21e76b453cd455f4e2621000e54b2a9b8cce8 \
|
||||
# via social-auth-core
|
||||
urllib3==1.25.8 \
|
||||
--hash=sha256:2f3db8b19923a873b3e5256dc9c2dedfa883e33d87c690d9c7913e1f40673cdc \
|
||||
--hash=sha256:87716c2d2a7121198ebcb7ce7cccf6ce5e9ba539041cfbaeecfb641dc0bf6acc \
|
||||
|
||||
@@ -516,10 +516,10 @@ social-auth-app-django==3.1.0 \
|
||||
--hash=sha256:6d0dd18c2d9e71ca545097d57b44d26f59e624a12833078e8e52f91baf849778 \
|
||||
--hash=sha256:9237e3d7b6f6f59494c3b02e0cce6efc69c9d33ad9d1a064e3b2318bcbe89ae3 \
|
||||
--hash=sha256:f151396e5b16e2eee12cd2e211004257826ece24fc4ae97a147df386c1cd7082
|
||||
social-auth-core[azuread,saml]==3.2.0 \
|
||||
--hash=sha256:47cd2458c8fefd02466b0c514643e02ad8b61d8b4b69f7573e80882e3a97b0f0 \
|
||||
--hash=sha256:8320666548a532eb158968eda542bbe1863682357c432d8c4e28034a7f1e3b58 \
|
||||
--hash=sha256:d81ed681e3c0722300b61a0792c5db5d21206793f95ca810f010c1cc931c8d89
|
||||
social-auth-core[azuread,saml]==3.3.0 \
|
||||
--hash=sha256:24d8cf5b37daf9ebd3b3687546f80639db6dcd7f1279daa99bb26b0637a6aec0 \
|
||||
--hash=sha256:5e1ef182370bb2dab4c15a89be725737fb5b2242a12dc40cf22a23d9c00ebc5f \
|
||||
--hash=sha256:64688f99158debbf38f67a2735a8ad750a86cc8c849bfd23263a203337f7bcc6
|
||||
soupsieve==1.9.5 \
|
||||
--hash=sha256:bdb0d917b03a1369ce964056fc195cfdff8819c40de04695a80bc813c3cfa1f5 \
|
||||
--hash=sha256:e2c1c5dee4a1c36bcb790e0fabd5492d874b8ebd4617622c4f6a731701060dda \
|
||||
@@ -560,6 +560,10 @@ typing-extensions==3.7.4.1 \
|
||||
--hash=sha256:cf8b63fedea4d89bab840ecbb93e75578af28f76f66c35889bd7065f5af88575
|
||||
https://github.com/zulip/ultrajson/archive/70ac02becc3e11174cd5072650f885b30daab8a8.zip#egg=ujson==1.35+git \
|
||||
--hash=sha256:e95c20f47093dc7376ddf70b95489979375fb6e88b8d7e4b5576d917dda8ef5a
|
||||
unidecode==1.1.1 \
|
||||
--hash=sha256:1d7a042116536098d05d599ef2b8616759f02985c85b4fef50c78a5aaf10822a \
|
||||
--hash=sha256:2b6aab710c2a1647e928e36d69c21e76b453cd455f4e2621000e54b2a9b8cce8 \
|
||||
# via social-auth-core
|
||||
urllib3==1.25.8 \
|
||||
--hash=sha256:2f3db8b19923a873b3e5256dc9c2dedfa883e33d87c690d9c7913e1f40673cdc \
|
||||
--hash=sha256:87716c2d2a7121198ebcb7ce7cccf6ce5e9ba539041cfbaeecfb641dc0bf6acc \
|
||||
|
||||
@@ -26,4 +26,4 @@ LATEST_RELEASE_ANNOUNCEMENT = "https://blog.zulip.org/2019/12/13/zulip-2-1-relea
|
||||
# historical commits sharing the same major version, in which case a
|
||||
# minor version bump suffices.
|
||||
|
||||
PROVISION_VERSION = '74.0'
|
||||
PROVISION_VERSION = '74.1'
|
||||
|
||||
@@ -986,7 +986,7 @@ class SocialAuthBase(DesktopFlowTestingLib, ZulipTestCase):
|
||||
# Make a request without mobile_flow_otp param and verify the field doesn't persist
|
||||
# in the session from the previous request.
|
||||
initiate_auth()
|
||||
self.assertNotIn('mobile_flow_otp', self.client.session)
|
||||
self.assertEqual(self.client.session.get('mobile_flow_otp'), None)
|
||||
|
||||
def test_social_auth_mobile_and_desktop_flow_in_one_request_error(self) -> None:
|
||||
otp = '1234abcd' * 8
|
||||
@@ -1668,7 +1668,7 @@ class GitHubAuthBackendTest(SocialAuthBase):
|
||||
@override_settings(SOCIAL_AUTH_GITHUB_TEAM_ID='zulip-webapp')
|
||||
def test_social_auth_github_team_not_member_failed(self) -> None:
|
||||
account_data_dict = self.get_account_data_dict(email=self.email, name=self.name)
|
||||
with mock.patch('zproject.backends.GithubTeamBackend.user_data',
|
||||
with mock.patch('social_core.backends.github.GithubTeamOAuth2.user_data',
|
||||
side_effect=AuthFailed('Not found')), \
|
||||
mock.patch('logging.info') as mock_info:
|
||||
result = self.social_auth_test(account_data_dict,
|
||||
@@ -1680,7 +1680,7 @@ class GitHubAuthBackendTest(SocialAuthBase):
|
||||
@override_settings(SOCIAL_AUTH_GITHUB_TEAM_ID='zulip-webapp')
|
||||
def test_social_auth_github_team_member_success(self) -> None:
|
||||
account_data_dict = self.get_account_data_dict(email=self.email, name=self.name)
|
||||
with mock.patch('zproject.backends.GithubTeamBackend.user_data',
|
||||
with mock.patch('social_core.backends.github.GithubTeamOAuth2.user_data',
|
||||
return_value=account_data_dict):
|
||||
result = self.social_auth_test(account_data_dict,
|
||||
expect_choose_email_screen=True,
|
||||
@@ -1693,7 +1693,7 @@ class GitHubAuthBackendTest(SocialAuthBase):
|
||||
@override_settings(SOCIAL_AUTH_GITHUB_ORG_NAME='Zulip')
|
||||
def test_social_auth_github_organization_not_member_failed(self) -> None:
|
||||
account_data_dict = self.get_account_data_dict(email=self.email, name=self.name)
|
||||
with mock.patch('zproject.backends.GithubOrganizationBackend.user_data',
|
||||
with mock.patch('social_core.backends.github.GithubOrganizationOAuth2.user_data',
|
||||
side_effect=AuthFailed('Not found')), \
|
||||
mock.patch('logging.info') as mock_info:
|
||||
result = self.social_auth_test(account_data_dict,
|
||||
@@ -1705,7 +1705,7 @@ class GitHubAuthBackendTest(SocialAuthBase):
|
||||
@override_settings(SOCIAL_AUTH_GITHUB_ORG_NAME='Zulip')
|
||||
def test_social_auth_github_organization_member_success(self) -> None:
|
||||
account_data_dict = self.get_account_data_dict(email=self.email, name=self.name)
|
||||
with mock.patch('zproject.backends.GithubOrganizationBackend.user_data',
|
||||
with mock.patch('social_core.backends.github.GithubOrganizationOAuth2.user_data',
|
||||
return_value=account_data_dict):
|
||||
result = self.social_auth_test(account_data_dict,
|
||||
expect_choose_email_screen=True,
|
||||
|
||||
@@ -49,7 +49,6 @@ import jwt
|
||||
import logging
|
||||
|
||||
from social_django.utils import load_backend, load_strategy
|
||||
from social_django.views import auth as social_django_auth
|
||||
|
||||
from two_factor.forms import BackupTokenForm
|
||||
from two_factor.views import LoginView as BaseTwoFactorLoginView
|
||||
@@ -482,24 +481,6 @@ def start_social_signup(request: HttpRequest, backend: str, extra_arg: Optional[
|
||||
return oauth_redirect_to_root(request, backend_url, 'social', is_signup=True,
|
||||
extra_url_params=extra_url_params)
|
||||
|
||||
def social_auth(request: HttpRequest, backend: str) -> HttpResponse:
|
||||
"""
|
||||
python-social-auth sets certain fields from the request into the session
|
||||
and doesn't clear them if another request is made with a field that was present
|
||||
in the previous request now missing. We use this function to hook into the beginning
|
||||
of the social auth flow to ensure the session is properly cleared out.
|
||||
This function and the corresponding url entry in urls.py should be removed if this issue
|
||||
gets fixed upstream - https://github.com/python-social-auth/social-core/issues/425
|
||||
"""
|
||||
|
||||
for field_name in settings.SOCIAL_AUTH_FIELDS_STORED_IN_SESSION:
|
||||
try:
|
||||
del request.session[field_name]
|
||||
except KeyError:
|
||||
pass
|
||||
|
||||
return social_django_auth(request, backend)
|
||||
|
||||
def authenticate_remote_user(realm: Realm,
|
||||
email_address: Optional[str]) -> Optional[UserProfile]:
|
||||
if email_address is None:
|
||||
|
||||
@@ -16,10 +16,8 @@ import copy
|
||||
import logging
|
||||
import magic
|
||||
from abc import ABC, abstractmethod
|
||||
from typing import Any, Callable, Dict, List, Optional, Set, Tuple, Type, TypeVar, Union, \
|
||||
no_type_check
|
||||
from typing import Any, Callable, Dict, List, Optional, Set, Tuple, Type, TypeVar, Union
|
||||
from typing_extensions import TypedDict
|
||||
from urllib.parse import urljoin
|
||||
from zxcvbn import zxcvbn
|
||||
|
||||
from django_auth_ldap.backend import LDAPBackend, LDAPReverseEmailSearch, \
|
||||
@@ -39,7 +37,7 @@ from django.utils.translation import ugettext as _
|
||||
from requests import HTTPError
|
||||
from onelogin.saml2.errors import OneLogin_Saml2_Error
|
||||
from social_core.backends.github import GithubOAuth2, GithubOrganizationOAuth2, \
|
||||
GithubTeamOAuth2, GithubMemberOAuth2
|
||||
GithubTeamOAuth2
|
||||
from social_core.backends.azuread import AzureADOAuth2
|
||||
from social_core.backends.gitlab import GitLabOAuth2
|
||||
from social_core.backends.base import BaseAuth
|
||||
@@ -1320,13 +1318,13 @@ class GitHubAuthBackend(SocialAuthMixin, GithubOAuth2):
|
||||
access_token, *args, **kwargs
|
||||
)
|
||||
elif team_id is not None:
|
||||
backend = GithubTeamBackend(self.strategy, self.redirect_uri)
|
||||
backend = GithubTeamOAuth2(self.strategy, self.redirect_uri)
|
||||
try:
|
||||
return backend.user_data(access_token, *args, **kwargs)
|
||||
except AuthFailed:
|
||||
return dict(auth_failed_reason="GitHub user is not member of required team")
|
||||
elif org_name is not None:
|
||||
backend = GithubOrganizationBackend(self.strategy, self.redirect_uri)
|
||||
backend = GithubOrganizationOAuth2(self.strategy, self.redirect_uri)
|
||||
try:
|
||||
return backend.user_data(access_token, *args, **kwargs)
|
||||
except AuthFailed:
|
||||
@@ -1334,42 +1332,6 @@ class GitHubAuthBackend(SocialAuthMixin, GithubOAuth2):
|
||||
|
||||
raise AssertionError("Invalid configuration")
|
||||
|
||||
def _user_data(self, access_token: str, path: Any=None) -> Any:
|
||||
# Monkey patching. Should be removed once upstream merges a fix for
|
||||
# https://github.com/python-social-auth/social-core/issues/430
|
||||
url = urljoin(self.api_url(), 'user{0}'.format(path or ''))
|
||||
return self.get_json(url, headers={'Authorization': 'token {0}'.format(access_token)})
|
||||
|
||||
class GithubMemberUserDataMixin(GithubMemberOAuth2):
|
||||
"""
|
||||
This mixin class and the ones inheriting from it serve as a way
|
||||
to monkey-patch a fix for https://github.com/python-social-auth/social-core/issues/430
|
||||
Changes from the commit adding this should be reverted once the issue is fixed upstream.
|
||||
"""
|
||||
@no_type_check
|
||||
def user_data(self, access_token: str, *args: Any, **kwargs: Any) -> Any: # nocoverage
|
||||
# this is copy-pasted from a good PR upstream that fixes the issue.
|
||||
"""Loads user data from service"""
|
||||
user_data = super(GithubMemberOAuth2, self).user_data(
|
||||
access_token, *args, **kwargs
|
||||
)
|
||||
headers = {'Authorization': 'token {0}'.format(access_token)}
|
||||
try:
|
||||
self.request(self.member_url(user_data), headers=headers)
|
||||
except HTTPError as err:
|
||||
# if the user is a member of the organization, response code
|
||||
# will be 204, see http://bit.ly/ZS6vFl
|
||||
if err.response.status_code != 204:
|
||||
raise AuthFailed(self,
|
||||
'User doesn\'t belong to the organization')
|
||||
return user_data
|
||||
|
||||
class GithubTeamBackend(GithubMemberUserDataMixin, GithubTeamOAuth2):
|
||||
pass
|
||||
|
||||
class GithubOrganizationBackend(GithubMemberUserDataMixin, GithubOrganizationOAuth2):
|
||||
pass
|
||||
|
||||
@external_auth_method
|
||||
class AzureADAuthBackend(SocialAuthMixin, AzureADOAuth2):
|
||||
sort_order = 50
|
||||
|
||||
@@ -225,10 +225,6 @@ SILENCED_SYSTEM_CHECKS = [
|
||||
# backends support the username not being unique; and they do.
|
||||
# See: https://docs.djangoproject.com/en/2.2/topics/auth/customizing/#django.contrib.auth.models.CustomUser.USERNAME_FIELD
|
||||
"auth.W004",
|
||||
# urls.W003 warns against using colons in the name in url(..., name) because colons are used
|
||||
# for namespaces. We need to override a url entry in the social: namespace, so we use
|
||||
# the colon in this way intentionally.
|
||||
"urls.W003",
|
||||
]
|
||||
|
||||
########################################################################
|
||||
|
||||
@@ -722,11 +722,6 @@ urls += [
|
||||
|
||||
# Python Social Auth
|
||||
|
||||
# This overrides the analogical entry in social_django.urls, because we want run our own code
|
||||
# at the beginning of social auth process. If deleting this override in the future,
|
||||
# it should be possible to remove urls.W003 from SILENCED_SYSTEM_CHECKS.
|
||||
urls += [url(r'^login/(?P<backend>[^/]+)/$', zerver.views.auth.social_auth, name='social:begin')]
|
||||
|
||||
urls += [url(r'^', include('social_django.urls', namespace='social'))]
|
||||
urls += [url(r'^saml/metadata.xml$', zerver.views.auth.saml_sp_metadata)]
|
||||
|
||||
|
||||
Reference in New Issue
Block a user