From 534ccf1ae935823cf5f69e5fa109999c2cc5e5b6a9b31dbc1289328505f3135e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 3 May 2024 21:41:42 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main python-oauthlib revision d9d00dc9c065421c96fdffa25e3a12a3 --- .gitattributes | 23 +++ oauthlib-3.2.2.tar.gz | 3 + python-oauthlib.changes | 438 ++++++++++++++++++++++++++++++++++++++++ python-oauthlib.spec | 80 ++++++++ 4 files changed, 544 insertions(+) create mode 100644 .gitattributes create mode 100644 oauthlib-3.2.2.tar.gz create mode 100644 python-oauthlib.changes create mode 100644 python-oauthlib.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/oauthlib-3.2.2.tar.gz b/oauthlib-3.2.2.tar.gz new file mode 100644 index 0000000..d1f3823 --- /dev/null +++ b/oauthlib-3.2.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9859c40929662bec5d64f34d01c99e093149682a3f38915dc0655d5a633dd918 +size 177352 diff --git a/python-oauthlib.changes b/python-oauthlib.changes new file mode 100644 index 0000000..3bb9682 --- /dev/null +++ b/python-oauthlib.changes @@ -0,0 +1,438 @@ +------------------------------------------------------------------- +Fri Apr 21 12:28:37 UTC 2023 - Dirk Müller + +- add sle15_python_module_pythons (jsc#PED-68) + +------------------------------------------------------------------- +Thu Apr 13 22:42:44 UTC 2023 - Matej Cepl + +- Make calling of %{sle15modernpython} optional. + +------------------------------------------------------------------- +Sat Oct 22 16:22:08 UTC 2022 - Arun Persaud + +- update to version 3.2.2: + * OAuth2.0 Provider: * CVE-2022-36087 +- Also remove the conditional definition of python_module. + +------------------------------------------------------------------- +Mon Sep 12 14:39:20 UTC 2022 - Arun Persaud + +- specfile: + * update requirements + +- update to version 3.2.1: + * OAuth2.0 Provider: * #803: Metadata endpoint support of non-HTTPS + * CVE-2022-36087, bugzilla # 1203333 + * OAuth1.0: * #818: Allow IPv6 being parsed by signature + * General: * Improved and fixed documentation warnings. * Cosmetic + changes based on isort + +------------------------------------------------------------------- +Thu Feb 3 20:02:09 UTC 2022 - Arun Persaud + +- specfile: + * update copyright year + +- update to version 3.2.0: + * OAuth2.0 Client: * #795: Add Device Authorization Flow for Web + Application * #786: Add PKCE support for Client * #783: Fallback + to none in case of wrong expires_at format. + * OAuth2.0 Provider: * #790: Add support for CORS to metadata + endpoint. * #791: Add support for CORS to token endpoint. * #787: + Remove comma after Bearer in WWW-Authenticate + * OAuth2.0 Provider - OIDC: + + #755: Call save_token in Hybrid code flow + + #751: OIDC add support of refreshing ID Tokens with + refresh_id_token + + #751: The RefreshTokenGrant modifiers now take the same + arguments as the AuthorizationCodeGrant modifiers (token, + token_handler, request). + * General: + + Added Python 3.9, 3.10, 3.11 + + Improve Travis & Coverage + +------------------------------------------------------------------- +Sun Jun 6 12:48:39 UTC 2021 - Dirk Müller + +- update to 3.1.1: + * #753: Fix acceptance of valid IPv6 addresses in URI validation + * #730: Base OAuth2 Client now has a consistent way of managing the `scope`: it consistently + relies on the `scope` provided in the constructor if any, except if overridden temporarily + in a method call. Note that in particular providing a non-None `scope` in + `prepare_authorization_request` or `prepare_refresh_token` does not override anymore + `self.scope` forever, it is just used temporarily. + * #726: MobileApplicationClient.prepare_request_uri and MobileApplicationClient.parse_request_uri_response, + ServiceApplicationClient.prepare_request_body, + and WebApplicationClient.prepare_request_uri now correctly use the default `scope` provided in + constructor. + * #725: LegacyApplicationClient.prepare_request_body now correctly uses the default `scope` provided in constructor + * #711: client_credentials grant: fix log message + * #746: OpenID Connect Hybrid - fix nonce not passed to add_id_token + * #756: Different prompt values are now handled according to spec (e.g. prompt=none) + * #759: OpenID Connect - fix Authorization: Basic parsing + * #716: improved skeleton validator for public vs private client + * #720: replace mock library with standard unittest.mock + * #727: build isort integration + * #734: python2 code removal + * #735, #750: add python3.8 support + * #749: bump minimum versions of pyjwt and cryptography +- drop o_switch_to_unitest_mock.patch (upstream) + +------------------------------------------------------------------- +Tue May 25 11:02:47 UTC 2021 - pgajdos@suse.com + +- %check: use %pyunittest rpm macro + +------------------------------------------------------------------- +Thu Sep 24 11:18:07 UTC 2020 - Hans-Peter Jansen + +- Fix patch numbering + +------------------------------------------------------------------- +Wed Apr 29 12:15:23 UTC 2020 - John Paul Adrian Glaubitz + +- Add patch to switch from external mock to unittest.mock + + o_switch_to_unitest_mock.patch + +------------------------------------------------------------------- +Wed Sep 11 11:02:36 UTC 2019 - Tomáš Chvátal + +- Update to 3.1.0: + * OAuth2.0 Provider - Features * #660: OIDC add support of nonce, c_hash, at_hash fields + * #677: OIDC add UserInfo endpoint - New RequestValidator.get_userinfo_claims method + * #666: Disabling query parameters for POST requests + +------------------------------------------------------------------- +Sun Jul 21 16:58:02 UTC 2019 - Arun Persaud + +- specfile: + * be more specific in %files section + +- update to version 3.0.2: + * #650: Fixed space encoding in base string URI used in the + signature base string. + * #652: Fixed OIDC /token response which wrongly returned + "&state=None" + * #654: Doc: The value state must not be stored by the AS, only + returned in /authorize response. + * #656: Fixed OIDC "nonce" checks: raise errors when it's mandatory + +------------------------------------------------------------------- +Sun Feb 17 00:40:20 UTC 2019 - John Vandenberg + +- Update to version 3.0.1 + * Fixed regression introduced in 3.0.0 + + Fixed Revocation & Introspection Endpoints when using Client + Authentication with HTTP Basic Auth. +- from 3.0.0 + * General fixes: + + Add support of python3.7 + + $ and ' are allowed to be unencoded in query strings + + Request attributes are no longer overriden by HTTP Headers + + Removed unnecessary code for handling python2.6 + + Several minors updates to setup.py and tox + + Set pytest as the default unittest framework + * OAuth2.0 Provider - outstanding Features + + OpenID Connect Core support + + RFC7662 Introspect support + + RFC8414 OAuth2.0 Authorization Server Metadata support + + RFC7636 PKCE support + * OAuth2.0 Provider - API/Breaking Changes + + Add "request" to confirm_redirect_uri + + confirm_redirect_uri/get_default_redirect_uri has a bit changed + + invalid_client is now a FatalError + + Changed errors status code from 401 to 400: + - invalid_grant: + - invalid_scope: + - access_denied/unauthorized_client/consent_required/login_required + - 401 must have WWW-Authenticate HTTP Header set. + * OAuth2.0 Provider - Bugfixes + + empty scopes no longer raise exceptions for implicit and authorization_code + * OAuth2.0 Client - Bugfixes / Changes: + + expires_in in Implicit flow is now an integer + + expires is no longer overriding expires_in + + parse_request_uri_response is now required + + Unknown error=xxx raised by OAuth2 providers was not understood + + OAuth2's `prepare_token_request` supports sending an empty string for `client_id` + + OAuth2's `WebApplicationClient.prepare_request_body` was refactored to better + support sending or omitting the `client_id` via a new `include_client_id` kwarg. + By default this is included. The method will also emit a DeprecationWarning if + a `client_id` parameter is submitted; the already configured `self.client_id` + is the preferred option. + * OAuth1.0 Client: + + Support for HMAC-SHA256 +- Removed remove_unittest2.patch made redundant by v3.0.1 +- Set minumum version of python-PyJWT >= 1.0.0 + +------------------------------------------------------------------- +Tue Dec 4 12:50:57 UTC 2018 - Matej Cepl + +- Remove superfluous devel dependency for noarch package + +------------------------------------------------------------------- +Mon Aug 13 13:01:36 UTC 2018 - mcepl@suse.com + +Remove dependency on unittest2 + Add remove_unittest2.patch to facilitate that + +------------------------------------------------------------------- +Wed May 23 02:49:49 UTC 2018 - arun@gmx.de + +- specfile: + * fix fdupes call for single-spec + +- update to version 2.1.0: + * Fixed some copy and paste typos (#535) + * Use secrets module in Python 3.6 and later (#533) + * Add request argument to confirm_redirect_uri (#504) + * Avoid populating spurious token credentials (#542) + * Make populate attributes API public (#546) + +------------------------------------------------------------------- +Mon Mar 26 16:17:21 UTC 2018 - arun@gmx.de + +- specfile: + * ran spec-cleaner + +------------------------------------------------------------------- +Sat Mar 24 18:50:04 UTC 2018 - arun@gmx.de + +- specfile: + * update copyright year + * updated url + +- update to version 2.0.7: + * Moved oauthlib into new organization on GitHub. + * Include license file in the generated wheel package. (#494) + * When deploying a release to PyPI, include the wheel + distribution. (#496) + * Check access token in self.token dict. (#500) + * Added bottle-oauthlib to docs. (#509) + * Update repository location in Travis. (#514) + * Updated docs for organization change. (#515) + * Replace G+ with Gitter. (#517) + * Update requirements. (#518) + * Add shields for Python versions, license and RTD. (#520) + * Fix ReadTheDocs build (#521). + * Fixed "make" command to test upstream with local oauthlib. (#522) + * Replace IRC notification with Gitter Hook. (#523) + * Added Github Releases deploy provider. (#523) + +------------------------------------------------------------------- +Sat Oct 21 03:14:43 UTC 2017 - arun@gmx.de + +- update to version 2.0.6: + * 2.0.5 contains breaking changes. + +------------------------------------------------------------------- +Fri Oct 20 01:43:25 UTC 2017 - arun@gmx.de + +- update to version 2.0.5: + * Fix OAuth2Error.response_mode for #463. + * Documentation improvement. + +------------------------------------------------------------------- +Mon Sep 25 16:14:07 UTC 2017 - arun@gmx.de + +- update to version 2.0.4: + * Fixed typo that caused OAuthlib to crash because of the fix in + "Address missing OIDC errors and fix a typo in the + AccountSelectionRequired exception". + +- changes from version 2.0.3: + * Address missing OIDC errors and fix a typo in the + AccountSelectionRequired exception. + * Update proxy keys on CaseInsensitiveDict.update(). + * Redirect errors according to OIDC's response_mode. + * Added universal wheel support. + * Added log statements to except clauses. + * According to RC7009 Section 2.1, a client should include + authentication credentials when revoking its tokens. As discussed + in #339, this is not make sense for public clients. However, in + that case, the public client should still be checked that is + infact a public client (authenticate_client_id). + * Improved prompt parameter validation. + * Added two error codes from RFC 6750. + * Hybrid response types are now be fragment-encoded. + * Added Python 3.6 to Travis CI testing and trove classifiers. + * Fixed BytesWarning issued when using a string placeholder for + bytes object. + * Documented PyJWT dependency and improved logging and exception + messages. + * Documentation improvements and fixes. + +------------------------------------------------------------------- +Mon Aug 21 14:03:34 UTC 2017 - tbechtold@suse.com + +- update to 2.0.2: + * Dropped support for Python 2.6, 3.2 & 3.3. + * (FIX) `OpenIDConnector` will no longer raise an AttributeError when calling + `openid_authorization_validator()` twice. + +------------------------------------------------------------------- +Sun May 7 15:22:56 UTC 2017 - pousaduarte@gmail.com + +- Convert to singlespec + +------------------------------------------------------------------- +Mon Jan 2 08:13:27 UTC 2017 - tbechtold@suse.com + +- Use pypi.io and htttps as Source + +------------------------------------------------------------------- +Sun Jan 1 16:43:13 UTC 2017 - michael@stroeder.com + +- update to 2.0.1: + too many changes to be listed herein + (see /usr/share/doc/packages/python-oauthlib/CHANGELOG.rst) +- removed obsolete pycrypto.patch because changes were made upstream + +------------------------------------------------------------------- +Thu Sep 15 13:53:29 UTC 2016 - rjschwei@suse.com + +- Include in SLES 12 (FATE#321371, bsc#998103) + +------------------------------------------------------------------- +Wed Apr 22 09:38:29 UTC 2015 - mcihar@suse.cz + +- Update to 0.7.2: + * (Quick fix) Unpushed locally modified files got included in the PyPI 0.7.1 + release. Doing a new clean release to address this. Please upgrade quickly + and report any issues you are running into. + * (Quick fix) Add oauthlib.common.log object back in for libraries using it. + * (Change) OAuth2 clients will not raise a Warning on scope change if + the environment variable ``OAUTHLIB_RELAX_TOKEN_SCOPE`` is set. The token + will now be available as an attribute on the error, ``error.token``. + Token changes will now also be announced using blinker. + * (Fix/Feature) Automatic fixes of non-compliant OAuth2 provider responses (e.g. Facebook). + * (Fix) Logging is now tiered (per file) as opposed to logging all under ``oauthlib``. + * (Fix) Error messages should now include a description in their message. + * (Fix/Feature) Optional support for jsonp callbacks after token revocation. + * (Feature) Client side preparation of OAuth 2 token revocation requests. + * (Feature) New OAuth2 client API methods for preparing full requests. + * (Feature) OAuth1 SignatureOnlyEndpoint that only verifies signatures and client IDs. + * (Fix/Feature) Refresh token grant now allow optional refresh tokens. + * (Fix) add missing state param to OAuth2 errors. + * (Fix) add_params_to_uri now properly parse fragment. + * (Fix/Feature) All OAuth1 errors can now be imported from oauthlib.oauth1. + * (Fix/Security) OAuth2 logs will now strip client provided password, if present. + * Allow unescaped @ in urlencoded parameters. +- New dependency on python-blinker +- Add pycrypto.patch to be compatible with latest PyJWT + +------------------------------------------------------------------- +Wed Jul 23 13:29:30 UTC 2014 - mcihar@suse.cz + +- Update to version 0.6.3: + + 0.6.3: + * Quick fix. OAuth 1 client repr in 0.6.2 overwrote secrets when + scrubbing for print. + + 0.6.2: + * Numerous OAuth2 provider errors now suggest a status code of 401 instead + of 400 (#247. + * Added support for JSON web tokens with oauthlib.common.generate_signed_token. + Install extra dependency with oauthlib[signedtoken] (#237). + * OAuth2 scopes can be arbitrary objects with __str__ defined (#240). + * OAuth 1 Clients can now register custom signature methods (#239). + * Exposed new method oauthlib.oauth2.is_secure_transport that checks whether + the given URL is HTTPS. Checks using this method can be disabled by setting + the environment variable OAUTHLIB_INSECURE_TRANSPORT (#249). + * OAuth1 clients now has __repr__ and will be printed with secrets scrubbed. + * OAuth1 Client.get_oauth_params now takes an oauthlib.Request as an argument. + * urldecode will now raise a much more informative error message on + incorrectly encoded strings. + * Plenty of typo and other doc fixes. +- new dependency on PyJWT + +------------------------------------------------------------------- +Sun Apr 13 17:25:38 UTC 2014 - p.drouand@gmail.com + +- Update to version 0.6.1 + + (OAuth 2 Provider) is_within_original_scope to check whether a + refresh token is trying to aquire a new set of scopes that are + a subset of the original scope. + + (OAuth 2 Provider) expires_in token lifetime can be set per request. + + (OAuth 2 Provider) client_authentication_required method added to + differentiate between public and confidential clients. + + (OAuth 2 Provider) rotate_refresh_token now indicates whether a + new refresh token should be generated during token refresh or + if old should be kept. + + (OAuth 2 Provider) returned JSON headers no longer include charset. + + (OAuth 2 Provider) validate_authorizatoin_request now also includes + the internal request object in the returned dictionary. Note that + this is not meant to be relied upon heavily and its interface might + change. + + many style and typo fixes. + +------------------------------------------------------------------- +Tue Jan 21 08:47:36 UTC 2014 - dmueller@suse.com + +- use pycrypto, not python-rsa + +------------------------------------------------------------------- +Mon Jan 20 10:22:53 UTC 2014 - speilicke@suse.com + +- Add pycrypto requirement for "rsa" submodule + +------------------------------------------------------------------- +Fri Nov 1 11:22:43 UTC 2013 - p.drouand@gmail.com + +- Update to version 0.6.0 + + All endpoint methods change contract to return 3 values instead + of 4. The new signature is `headers`, `body`, `status code` where + the initial `redirect_uri` has been relocated to its rightful place + inside headers as `Location`. + + OAuth 1 Access Token Endpoint has a new required validator method + `invalidate_request_token`. + + OAuth 1 Authorization Endpoint now returns a 200 response instead + of 302 on `oob` callbacks. +- Changes from version 0.5.1 + + OAuth 1 provider fix for incorrect token param in nonce validation. +- Changes from version 0.5.0 + + OAuth 1 provider refactor. OAuth 2 refresh token validation fix. +- Changes from version 0.4.2 + + OAuth 2 draft to RFC. Removed OAuth 2 framework decorators. +- Changes from version 0.4.1 + + Documentation corrections and various small code fixes. +- Changes from version 0.4.0 + + OAuth 2 Provider support (experimental). +- Changes from version 0.3.8 + + OAuth 2 Client now uses custom errors and raise on expire +- Changes from version 0.3.7 + + OAuth 1 optional encoding of Client.sign return values +- Changes from version 0.3.6 + + Revert default urlencoding. +- Changes from version 0.3.5 + + Default unicode conversion (utf-8) and urlencoding of input. + +------------------------------------------------------------------- +Thu Oct 24 11:09:35 UTC 2013 - speilicke@suse.com + +- Require python-setuptools instead of distribute (upstreams merged) + +------------------------------------------------------------------- +Fri Nov 23 11:19:03 UTC 2012 - saschpe@suse.de + +- Update to version 0.3.4: + + A number of small features and bug fixes. +- Changes from version 0.3.3: + + OAuth 1 Provider verify now return useful params +- Changes from version 0.3.2: + + Fixed #62, all Python 3 tests pass. +- Changes from version 0.3.1: + + Python 3.1, 3.2, 3.3 support (experimental) +- Changes from version 0.3.0: + + Initial OAuth 2 client support +- Changes from version 0.2.1: + + Exclude non urlencoded bodies during request verification +- Changes from version 0.2.0: + + OAuth provider support +- Changes from version 0.1.4: + + soft dependency on PyCrypto + +------------------------------------------------------------------- +Fri May 18 00:49:08 UTC 2012 - jfunk@funktronics.ca + +- Initial release + diff --git a/python-oauthlib.spec b/python-oauthlib.spec new file mode 100644 index 0000000..1d68852 --- /dev/null +++ b/python-oauthlib.spec @@ -0,0 +1,80 @@ +# +# spec file for package python-oauthlib +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define skip_python2 1 +%{?sle15_python_module_pythons} +Name: python-oauthlib +Version: 3.2.2 +Release: 0 +Summary: A Generic Implementation of the OAuth Request-Signing Logic +License: BSD-3-Clause +Group: Development/Languages/Python +URL: https://github.com/oauthlib/oauthlib +Source: https://files.pythonhosted.org/packages/source/o/oauthlib/oauthlib-%{version}.tar.gz +BuildRequires: %{python_module PyJWT >= 2.0.0} +BuildRequires: %{python_module blinker >= 1.4} +BuildRequires: %{python_module cryptography >= 3.0.0 } +BuildRequires: %{python_module pyasn1} +BuildRequires: %{python_module setuptools} +BuildRequires: fdupes +BuildRequires: python-rpm-macros +Requires: python-PyJWT >= 2.0.0 +Requires: python-blinker >= 1.4 +Requires: python-cryptography >= 3.0.0 +BuildArch: noarch +%python_subpackages + +%description +A generic, spec-compliant, thorough implementation of the OAuth request-signing +logic. + +OAuth often seems complicated and difficult-to-implement. There are several +prominent libraries for signing OAuth requests, but they all suffer from one or +both of the following: + +1. They predate the OAuth 1.0 spec, AKA RFC 5849. +2. They predate the OAuth 2.0 spec, AKA RFC 6749. +3. They assume the usage of a specific HTTP request library. + +OAuthLib is a generic utility which implements the logic of OAuth without +assuming a specific HTTP request object. Use it to graft OAuth support onto your +favorite HTTP library. If you're a maintainer of such a library, write a thin +veneer on top of OAuthLib and get OAuth support for very little effort. + +%prep +%setup -q -n oauthlib-%{version} + +%build +%python_build + +%install +%python_install +%python_expand %fdupes %{buildroot}%{$python_sitelib} + +%check +%pyunittest discover -v + +%files %{python_files} +%license LICENSE +%doc README.rst CHANGELOG.rst +%dir %{python_sitelib}/oauthlib +%{python_sitelib}/oauthlib/* +%dir %{python_sitelib}/oauthlib-%{version}-py*.egg-info +%{python_sitelib}/oauthlib-%{version}-py*.egg-info/* + +%changelog