commit 75a20f7b315ea0b60998c9887588fb27eabc916beae84eb3066bfa662d9212dc Author: Matej Cepl Date: Fri May 2 21:30:36 2025 +0000 - Add 767-skip-xc20p-tests.patch to skip unavailable tests (gh#authlib/authlib#456). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Authlib?expand=0&rev=47 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/767-skip-xc20p-tests.patch b/767-skip-xc20p-tests.patch new file mode 100644 index 0000000..f264300 --- /dev/null +++ b/767-skip-xc20p-tests.patch @@ -0,0 +1,39 @@ +From 8f823db3fe552b8337cce1eb4ec4207411c63d0b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=C3=89loi=20Rivard?= +Date: Thu, 1 May 2025 10:04:21 +0200 +Subject: [PATCH] fix: skip xc20p unit tests when unavailable in cryptodome + +--- + tests/jose/test_chacha20.py | 6 ++++++ + 1 file changed, 6 insertions(+) + +Index: authlib-1.5.2/tests/jose/test_chacha20.py +=================================================================== +--- authlib-1.5.2.orig/tests/jose/test_chacha20.py 2025-04-02 12:30:25.000000000 +0200 ++++ authlib-1.5.2/tests/jose/test_chacha20.py 2025-05-02 18:21:41.958090585 +0200 +@@ -1,5 +1,7 @@ + import unittest + ++import pytest ++ + from authlib.jose import JsonWebEncryption + from authlib.jose import OctKey + from authlib.jose.drafts import register_jwe_draft +@@ -22,6 +24,8 @@ + self.assertRaises(ValueError, jwe.serialize_compact, protected, b"hello", key2) + + def test_dir_alg_xc20p(self): ++ pytest.importorskip("Cryptodome.Cipher.ChaCha20_Poly1305") ++ + jwe = JsonWebEncryption() + key = OctKey.generate_key(256, is_private=True) + protected = {"alg": "dir", "enc": "XC20P"} +@@ -35,6 +39,8 @@ + self.assertRaises(ValueError, jwe.serialize_compact, protected, b"hello", key2) + + def test_xc20p_content_encryption_decryption(self): ++ pytest.importorskip("Cryptodome.Cipher.ChaCha20_Poly1305") ++ + # https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha-03#appendix-A.3.1 + enc = JsonWebEncryption.ENC_REGISTRY["XC20P"] + diff --git a/authlib-1.3.1.tar.gz b/authlib-1.3.1.tar.gz new file mode 100644 index 0000000..010c49b --- /dev/null +++ b/authlib-1.3.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a8a74e0f1179318bbf898082ad0565f30b1d63bbed7b370529a395d5912380e3 +size 319831 diff --git a/authlib-1.4.0.tar.gz b/authlib-1.4.0.tar.gz new file mode 100644 index 0000000..8ae8f96 --- /dev/null +++ b/authlib-1.4.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3d0bcb3697a300844416290634ec689933de6c6f9ac5642c267aa8164b238f89 +size 322334 diff --git a/authlib-1.4.1.tar.gz b/authlib-1.4.1.tar.gz new file mode 100644 index 0000000..85322eb --- /dev/null +++ b/authlib-1.4.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1edf089aae7a043b526f6f07b32077e482be12fc36eff27448ced2a44fcd976b +size 322395 diff --git a/authlib-1.5.2.tar.gz b/authlib-1.5.2.tar.gz new file mode 100644 index 0000000..c20f104 --- /dev/null +++ b/authlib-1.5.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6f94a1259f69645d6d6c4ecf9a8f32a9c3e2b2d2e6b8163cc90bc0e4a7245939 +size 331162 diff --git a/python-Authlib.changes b/python-Authlib.changes new file mode 100644 index 0000000..11231a1 --- /dev/null +++ b/python-Authlib.changes @@ -0,0 +1,204 @@ +------------------------------------------------------------------- +Fri May 2 21:29:54 UTC 2025 - Matej Cepl + +- Add 767-skip-xc20p-tests.patch to skip unavailable tests + (gh#authlib/authlib#456). + +------------------------------------------------------------------- +Wed Apr 23 10:49:33 UTC 2025 - John Paul Adrian Glaubitz + +- Update to 1.5.2 + * Forbid fragments in ``redirect_uris``. :issue:`714` + * Fix invalid characters in ``error_description``. :issue:`720` + * Add ``claims_cls``` parameter for client's ``parse_id_token`` + method. :issue:`725` + +------------------------------------------------------------------- +Mon Apr 14 05:42:44 UTC 2025 - Steve Kowalik + +- Support both lowercased and unnormalized metadata directory names. + +------------------------------------------------------------------- +Wed Mar 26 00:26:31 UTC 2025 - Steve Kowalik + +- Lowercase metadata directory name. + +------------------------------------------------------------------- +Sun Mar 23 21:41:44 UTC 2025 - Dirk Müller + +- update to 1.5.1: + * Fix RFC9207 iss parameter. + * Fix token introspection auth method for clients. + * Optional typ claim in JWT tokens. + * JWT validation leeway. + * Implement server-side :rfc:`RFC9207 <9207>`. + * generate_id_token can take a kid parameter. + * More detailed InvalidClientError. + * OpenID Connect Dynamic Client Registration implementation. + +------------------------------------------------------------------- +Thu Feb 6 11:41:00 UTC 2025 - John Paul Adrian Glaubitz + +- Update to 1.4.1 + * Improve garbage collection on OAuth clients. (#698) + * Fix client parameters for httpx. (#694) + +------------------------------------------------------------------- +Fri Jan 24 18:21:06 UTC 2025 - ecsos + +- Update to 1.4.0 + * Fix id_token decoding when kid is null. :pr:`659` + * Support for Python 3.13. :pr:`682` + * Force login if the prompt parameter value is login. :pr:`637` + * Support for httpx 0.28, :pr:`695` + * Breaking changes: + - Stop support for Python 3.8. :pr:`682` +- Drop py313-tests.patch, because now in upstream. +- Drop httpx028.patch, because now in upstream. + +------------------------------------------------------------------- +Thu Dec 19 13:57:51 UTC 2024 - Markéta Machová + +- Add httpx028.patch to add compatibility with new httpx + +------------------------------------------------------------------- +Thu Oct 31 09:13:27 UTC 2024 - Dirk Müller + +- add py313-tests.patch +- modernize spec file + +------------------------------------------------------------------- +Sat Sep 28 20:03:15 UTC 2024 - Dirk Müller + +- update to 1.3.2: + * Prevent ever-growing session size for OAuth clients. + * Revert quote client id and secret. + * unquote basic auth header for authorization server. + +------------------------------------------------------------------- +Mon Jun 10 11:05:10 UTC 2024 - Daniel Garcia + +- Update to 1.3.1 (CVE-2024-37568, bsc#1226138): + * Prevent OctKey to import ssh and PEM strings. + +------------------------------------------------------------------- +Tue Jan 23 17:10:58 UTC 2024 - Antonio Larrosa + +- Remove the file containing a Commercial license otherwise + licensedigger rejects the dual-licensed package. + See https://docs.authlib.org/en/latest/community/licenses.html . + +------------------------------------------------------------------- +Mon Jan 8 20:58:02 UTC 2024 - Dirk Müller + +- update to 1.3.0: + * Restore AuthorizationServer.create_authorization_response + behavior, via :PR:`558` + * Include leeway in validate_iat() for JWT, via :PR:`565` + * Fix encode_client_secret_basic, via :PR:`594` + * Use single key in JWK if JWS does not specify kid, via + :PR:`596` + * Fix error when RFC9068 JWS has no scope field, via :PR:`598` + * Get werkzeug version using importlib, via :PR:`591` + * New features: + * RFC9068 implementation, via :PR:`586`, by @azmeuk. + * Breaking changes: + * End support for python 3.7 + +------------------------------------------------------------------- +Sun Jun 25 18:48:52 UTC 2023 - Dirk Müller + +- update to 1.2.1: + * Apply headers in ``ClientSecretJWT.sign`` method + * Allow falsy but non-None grant uri params + * Fixed ``authorize_redirect`` for Starlette v0.26.0 + * Removed ``has_client_secret`` method and documentation + * Removed ``request_invalid`` and ``token_revoked`` remaining + occurences and documentation. + * Fixed RFC7591 ``grant_types`` and ``response_types`` default + values + +------------------------------------------------------------------- +Sun Jun 11 14:11:54 UTC 2023 - ecsos + +- Add %{?sle15_python_module_pythons} + +------------------------------------------------------------------- +Tue Dec 13 03:19:54 UTC 2022 - Yogalakshmi Arunachalam + +- Update to version 1.2.0 + * Not passing request.body to ResourceProtector, #485. + * Use flask.g instead of _app_ctx_stack, #482. + * Add headers parameter back to ClientSecretJWT, #457. + * Always passing realm parameter in OAuth 1 clients, #339. + * Implemented RFC7592 Dynamic Client Registration Management Protocol, #505` + * Add default_timeout for requests OAuth2Session and AssertionSession. + * Deprecate jwk.loads and jwk.dumps + +------------------------------------------------------------------- +Tue Oct 11 23:14:36 UTC 2022 - Yogalakshmi Arunachalam + +- Update to Version 1.1.0 + * This release contains breaking changes and security fixes. + * Allow to pass claims_options to Framework OpenID Connect clients, via PR#446. + * Fix .stream with context for HTTPX OAuth clients, via PR#465. + * Fix Starlette OAuth client for cache store, via PR#478. + +------------------------------------------------------------------- +Thu Aug 4 06:30:52 UTC 2022 - Steve Kowalik + +- Remove unneeded BuildRequires on mock. +- Remove duplicated BuildRequires on pytest. + +------------------------------------------------------------------- +Mon May 9 22:06:00 UTC 2022 - Matej Cepl + +- Fix tests. + +------------------------------------------------------------------- +Thu Apr 21 11:29:21 UTC 2022 - Michael Ströder + +- Update to 1.0.1 + * Fix authenticate_none method, via #438. + * Allow to pass in alternative signing algorithm to RFC7523 authentication methods via #447. + * Fix missing_token for Flask OAuth client, via #448. + * Allow openid in any place of the scope, via #449. + * Security fix for validating essential value on blank value in JWT, via #445. +- Update to 1.0.0 + * Dropped support for Python 2 + * Removed built-in SQLAlchemy integration. + * The whole framework client integrations have been restructured + +------------------------------------------------------------------- +Tue Nov 16 13:42:27 UTC 2021 - Michael Ströder + +- Update to 0.15.5 + * Make Authlib compatible with latest httpx + * Make Authlib compatible with latest werkzeug + * Allow customize RFC7523 alg value + +------------------------------------------------------------------- +Fri Aug 13 11:16:21 UTC 2021 - John Paul Adrian Glaubitz + +- Update to 0.15.4 + * Security fix when JWT claims is None. + +------------------------------------------------------------------- +Mon Aug 9 22:19:38 UTC 2021 - Jan Engelhardt + +- Drop filler wording from description again. + +------------------------------------------------------------------- +Tue Mar 23 11:52:52 UTC 2021 - Marcus Rueckert + +- Update to 0.15.3 + https://docs.authlib.org/en/latest/changelog.html#version-0-15-3 + https://docs.authlib.org/en/latest/changelog.html#version-0-15-2 + https://docs.authlib.org/en/latest/changelog.html#version-0-15-1 + https://docs.authlib.org/en/latest/changelog.html#version-0-15 + +------------------------------------------------------------------- +Wed Aug 5 14:44:15 UTC 2020 - Stasiek Michalski + +- Initial package + diff --git a/python-Authlib.spec b/python-Authlib.spec new file mode 100644 index 0000000..3d58a88 --- /dev/null +++ b/python-Authlib.spec @@ -0,0 +1,93 @@ +# +# spec file for package python-Authlib +# +# Copyright (c) 2025 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define modname authlib +%{?sle15_python_module_pythons} +Name: python-Authlib +Version: 1.5.2 +Release: 0 +Summary: Python library for building OAuth and OpenID Connect servers +License: BSD-3-Clause +URL: https://authlib.org/ +Source: https://github.com/lepture/%{modname}/archive/refs/tags/v%{version}.tar.gz#/%{modname}-%{version}.tar.gz +# PATCH-FIX-UPSTREAM 767-skip-xc20p-tests.patch bsc#[0-9]+ mcepl@suse.com +# skip unavailable tests +Patch0: 767-skip-xc20p-tests.patch +BuildRequires: %{python_module base >= 3.9} +BuildRequires: %{python_module pip} +BuildRequires: %{python_module setuptools} +BuildRequires: %{python_module wheel} +BuildRequires: python-rpm-macros +# SECTION test requirements +BuildRequires: %{python_module anyio} +BuildRequires: %{python_module Django} +BuildRequires: %{python_module Flask-SQLAlchemy} +BuildRequires: %{python_module Flask} +BuildRequires: %{python_module SQLAlchemy} +BuildRequires: %{python_module Werkzeug} +BuildRequires: %{python_module cachelib} +BuildRequires: %{python_module cryptography} +BuildRequires: %{python_module httpx} +BuildRequires: %{python_module pytest-asyncio} +BuildRequires: %{python_module pytest} +BuildRequires: %{python_module requests} +BuildRequires: %{python_module starlette} +BuildRequires: %{python_module typing_extensions} +# /SECTION +BuildRequires: fdupes +Requires: python-cryptography +Suggests: python-requests +BuildArch: noarch +%python_subpackages + +%description +A Python library for building OAuth and OpenID Connect servers. + +%prep +%autosetup -p1 -n %{modname}-%{version} +# Remove the file containing the commercial license so licensedigger +# doesn't complain about the dual license +rm COMMERCIAL-LICENSE + +%build +%pyproject_wheel + +%install +%pyproject_install +%python_expand %fdupes %{buildroot}%{$python_sitelib} + +%check +%{python_expand export PYTHONPATH=%{buildroot}%{$python_sitelib} PYTHONDONTWRITEBYTECODE=1 +$python -mpytest tests/core +$python -mpytest tests/flask +# gh#lepture/authlib#456 +$python -mpytest tests/jose -k 'not (test_dir_alg_xc20p or test_xc20p_content_encryption_decryption)' +# $python -mpytest tests/jose +export DJANGO_SETTINGS_MODULE=tests.clients.test_django.settings +$python -mpytest tests/clients +# export DJANGO_SETTINGS_MODULE=tests.django.settings +# $python -mpytest tests/django +} + +%files %{python_files} +%doc README.rst +%license LICENSE +%{python_sitelib}/%{modname} +%{python_sitelib}/[Aa]uthlib-%{version}.dist-info + +%changelog