-
-
Notifications
You must be signed in to change notification settings - Fork 167
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade django-allauth to 0.57.0 #4715
Merged
Merged
Changes from 20 commits
Commits
Show all changes
22 commits
Select commit
Hold shift + click to select a range
a02f953
bump django-allauth version
LMNTL 9a90aa7
bump allauth from 0.56.0 to 0.56.1 due to yank
LMNTL 87fbbb6
use allauth.account.middleware.AccountMiddleware
LMNTL 1ccd66f
add provider_id to /environment endpoint
LMNTL 909ff13
fix link to SSO registration
LMNTL 3155a2b
remove deprecated provider.get_app()
LMNTL 2844ce3
use provider id in login template
LMNTL d5fc924
change SERVERS to APPS for OIDC provider env vars
LMNTL a6b323a
Merge branch 'release/2.023.37' into django-allauth-0-56-1
LMNTL a2498b0
Merge remote-tracking branch 'origin/release-2.023.37-with-usage-fron…
LMNTL 39141fa
Merge remote-tracking branch 'origin/release/2.023.37' into django-al…
LMNTL 29ca302
bump django-allauth to 0.57.0
LMNTL 36058cc
don't parse env vars for sso providers, to avoid clashing with provid…
LMNTL 3b51aec
use provider id instead of provider in provider_login_url
LMNTL 60404be
make provider_id required in django-allauth admin
LMNTL 8487141
don't check settings for socialaccounts before making queries, since …
LMNTL 28347f2
Merge branch 'beta' into django-allauth-0-57-0
LMNTL db3b44a
don't error if SOCIALACCOUNT_PROVIDERS is missing, check ID for non-O…
LMNTL 39c103f
don't allow 'kobo' as a provider_id
LMNTL 373bdfa
require provider_id and provider be unique at the admin level
LMNTL 6bdc04e
use provider_id instead of provider in provider_login_url
LMNTL b964fa5
remove check for 'kobo' id set through env vars
LMNTL File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
from allauth.socialaccount.admin import SocialAppForm, SocialAppAdmin | ||
from allauth.socialaccount.models import SocialApp | ||
from django.contrib import admin | ||
from django.core.exceptions import ValidationError | ||
from django.db.models import Q | ||
|
||
|
||
class RequireProviderIdSocialAppForm(SocialAppForm): | ||
def __init__(self, *args, **kwargs): | ||
super(SocialAppForm, self).__init__(*args, **kwargs) | ||
# require the provider_id in the admin, since we can't make it required on allauth's model | ||
self.fields['provider_id'].required = True | ||
|
||
def clean_provider_id(self): | ||
reserved_keywords = ['kobo'] | ||
provider_id = self.cleaned_data.get('provider_id') | ||
# we check this already for the ID in kobo/apps/accounts/apps.py | ||
if provider_id in reserved_keywords: | ||
raise ValidationError( | ||
f'`{provider_id}` is not a valid value for the `provider_id` setting.' | ||
) | ||
|
||
""" | ||
By default, django-allauth only supports showing one provider on the login screen. | ||
But OIDC providers allow multiple subproviders, so kpi has some additional code to display multiple providers. | ||
Because of that, we need to make sure that the `provider` and `provider_id` fields are unique. | ||
django-allauth (as of 0.57.0) technically enforces this on the model level, but in practice it's flawed. | ||
""" | ||
if SocialApp.objects.filter( | ||
Q(provider_id=provider_id) | | ||
Q(provider=provider_id) | ||
).exists(): | ||
raise ValidationError( | ||
"""The Provider ID value must be unique and cannot match an existing Provider name. | ||
Please use a different value.""" | ||
) | ||
return provider_id | ||
|
||
|
||
class RequireProviderIdSocialAppAdmin(SocialAppAdmin): | ||
form = RequireProviderIdSocialAppForm | ||
|
||
class Meta: | ||
proxy = True | ||
|
||
|
||
admin.site.unregister(SocialApp) | ||
admin.site.register(SocialApp, RequireProviderIdSocialAppAdmin) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMO if we are blocking in django admin, it would be fine to remove the "Please do not use
kobo
as theid
value" check. But I'll defer to you.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point, especially since the code to parse OIDC sub-providers has been removed - it's now guarding against an impossible-to-achieve state (at least for someone not trying to break it.)