From b5b2619693c6ce1a0ba112279e079848124d14cd74f3d204b5aede6301599d83 Mon Sep 17 00:00:00 2001 From: Nico Krapp Date: Thu, 19 Dec 2024 15:37:31 +0000 Subject: [PATCH] - Add httpx028.patch to add compatibility with new httpx OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Authlib?expand=0&rev=34 --- .gitattributes | 23 +++++++ .gitignore | 1 + authlib-1.3.1.tar.gz | 3 + authlib-1.3.2.tar.gz | 3 + httpx028.patch | 106 ++++++++++++++++++++++++++++++ py313-tests.patch | 70 ++++++++++++++++++++ python-Authlib.changes | 146 +++++++++++++++++++++++++++++++++++++++++ python-Authlib.spec | 91 +++++++++++++++++++++++++ 8 files changed, 443 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 authlib-1.3.1.tar.gz create mode 100644 authlib-1.3.2.tar.gz create mode 100644 httpx028.patch create mode 100644 py313-tests.patch create mode 100644 python-Authlib.changes create mode 100644 python-Authlib.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/authlib-1.3.1.tar.gz b/authlib-1.3.1.tar.gz new file mode 100644 index 0000000..010c49b --- /dev/null +++ b/authlib-1.3.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a8a74e0f1179318bbf898082ad0565f30b1d63bbed7b370529a395d5912380e3 +size 319831 diff --git a/authlib-1.3.2.tar.gz b/authlib-1.3.2.tar.gz new file mode 100644 index 0000000..6992032 --- /dev/null +++ b/authlib-1.3.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8a6a7e4bc869491cafac524ec32e9f22ecb5de97801033b7b1e75a0824d5bf6f +size 321266 diff --git a/httpx028.patch b/httpx028.patch new file mode 100644 index 0000000..ead59d3 --- /dev/null +++ b/httpx028.patch @@ -0,0 +1,106 @@ +Index: authlib-1.3.2/authlib/integrations/httpx_client/oauth2_client.py +=================================================================== +--- authlib-1.3.2.orig/authlib/integrations/httpx_client/oauth2_client.py ++++ authlib-1.3.2/authlib/integrations/httpx_client/oauth2_client.py +@@ -62,6 +62,11 @@ class AsyncOAuth2Client(_OAuth2Client, h + + # extract httpx.Client kwargs + client_kwargs = self._extract_session_request_params(kwargs) ++ # app keyword was dropped! ++ app_value = client_kwargs.pop('app', None) ++ if app_value is not None: ++ client_kwargs['transport'] = httpx.ASGITransport(app=app_value) ++ + httpx.AsyncClient.__init__(self, **client_kwargs) + + # We use a Lock to synchronize coroutines to prevent +@@ -177,6 +182,11 @@ class OAuth2Client(_OAuth2Client, httpx. + + # extract httpx.Client kwargs + client_kwargs = self._extract_session_request_params(kwargs) ++ # app keyword was dropped! ++ app_value = client_kwargs.pop('app', None) ++ if app_value is not None: ++ client_kwargs['transport'] = httpx.WSGITransport(app=app_value) ++ + httpx.Client.__init__(self, **client_kwargs) + + _OAuth2Client.__init__( +Index: authlib-1.3.2/tests/clients/test_httpx/test_async_oauth2_client.py +=================================================================== +--- authlib-1.3.2.orig/tests/clients/test_httpx/test_async_oauth2_client.py ++++ authlib-1.3.2/tests/clients/test_httpx/test_async_oauth2_client.py +@@ -4,7 +4,7 @@ import pytest + from unittest import mock + from copy import deepcopy + +-from httpx import AsyncClient ++from httpx import AsyncClient, ASGITransport + + from authlib.common.security import generate_token + from authlib.common.urls import url_encode +@@ -96,7 +96,7 @@ async def test_add_token_to_streaming_re + token_placement="header", + app=AsyncMockDispatch({'a': 'a'}, assert_func=assert_token_in_header) + ), +- AsyncClient(app=AsyncMockDispatch({'a': 'a'})) ++ AsyncClient(transport=ASGITransport(app=AsyncMockDispatch({'a': 'a'}))) + ]) + async def test_httpx_client_stream_match(client): + async with client as client_entered: +Index: authlib-1.3.2/authlib/integrations/httpx_client/oauth1_client.py +=================================================================== +--- authlib-1.3.2.orig/authlib/integrations/httpx_client/oauth1_client.py ++++ authlib-1.3.2/authlib/integrations/httpx_client/oauth1_client.py +@@ -34,6 +34,11 @@ class AsyncOAuth1Client(_OAuth1Client, h + force_include_body=False, **kwargs): + + _client_kwargs = extract_client_kwargs(kwargs) ++ # app keyword was dropped! ++ app_value = _client_kwargs.pop('app', None) ++ if app_value is not None: ++ _client_kwargs['transport'] = httpx.ASGITransport(app=app_value) ++ + httpx.AsyncClient.__init__(self, **_client_kwargs) + + _OAuth1Client.__init__( +@@ -87,6 +92,11 @@ class OAuth1Client(_OAuth1Client, httpx. + force_include_body=False, **kwargs): + + _client_kwargs = extract_client_kwargs(kwargs) ++ # app keyword was dropped! ++ app_value = _client_kwargs.pop('app', None) ++ if app_value is not None: ++ _client_kwargs['transport'] = httpx.WSGITransport(app=app_value) ++ + httpx.Client.__init__(self, **_client_kwargs) + + _OAuth1Client.__init__( +Index: authlib-1.3.2/authlib/integrations/httpx_client/assertion_client.py +=================================================================== +--- authlib-1.3.2.orig/authlib/integrations/httpx_client/assertion_client.py ++++ authlib-1.3.2/authlib/integrations/httpx_client/assertion_client.py +@@ -22,6 +22,11 @@ class AsyncAssertionClient(_AssertionCli + claims=None, token_placement='header', scope=None, **kwargs): + + client_kwargs = extract_client_kwargs(kwargs) ++ # app keyword was dropped! ++ app_value = client_kwargs.pop('app', None) ++ if app_value is not None: ++ client_kwargs['transport'] = httpx.ASGITransport(app=app_value) ++ + httpx.AsyncClient.__init__(self, **client_kwargs) + + _AssertionClient.__init__( +@@ -61,6 +66,11 @@ class AssertionClient(_AssertionClient, + claims=None, token_placement='header', scope=None, **kwargs): + + client_kwargs = extract_client_kwargs(kwargs) ++ # app keyword was dropped! ++ app_value = client_kwargs.pop('app', None) ++ if app_value is not None: ++ client_kwargs['transport'] = httpx.WSGITransport(app=app_value) ++ + httpx.Client.__init__(self, **client_kwargs) + + _AssertionClient.__init__( diff --git a/py313-tests.patch b/py313-tests.patch new file mode 100644 index 0000000..ed73bab --- /dev/null +++ b/py313-tests.patch @@ -0,0 +1,70 @@ +From d282c1afad676cf8ed3670e60fd43516fc9615de Mon Sep 17 00:00:00 2001 +From: "Kai A. Hiller" +Date: Sun, 20 Oct 2024 16:56:25 +0200 +Subject: [PATCH] tests: Dereference LocalProxy before serialization + +--- + .../test_oauth2/test_jwt_access_token.py | 30 +++++++++++++++---- + 1 file changed, 25 insertions(+), 5 deletions(-) + +diff --git a/tests/flask/test_oauth2/test_jwt_access_token.py b/tests/flask/test_oauth2/test_jwt_access_token.py +index f4b8cf99..20feb1bb 100644 +--- a/tests/flask/test_oauth2/test_jwt_access_token.py ++++ b/tests/flask/test_oauth2/test_jwt_access_token.py +@@ -49,31 +49,51 @@ def create_resource_protector(app, validator): + @require_oauth() + def protected(): + user = db.session.get(User, current_token['sub']) +- return jsonify(id=user.id, username=user.username, token=current_token) ++ return jsonify( ++ id=user.id, ++ username=user.username, ++ token=current_token._get_current_object(), ++ ) + + @app.route('/protected-by-scope') + @require_oauth('profile') + def protected_by_scope(): + user = db.session.get(User, current_token['sub']) +- return jsonify(id=user.id, username=user.username, token=current_token) ++ return jsonify( ++ id=user.id, ++ username=user.username, ++ token=current_token._get_current_object(), ++ ) + + @app.route('/protected-by-groups') + @require_oauth(groups=['admins']) + def protected_by_groups(): + user = db.session.get(User, current_token['sub']) +- return jsonify(id=user.id, username=user.username, token=current_token) ++ return jsonify( ++ id=user.id, ++ username=user.username, ++ token=current_token._get_current_object(), ++ ) + + @app.route('/protected-by-roles') + @require_oauth(roles=['student']) + def protected_by_roles(): + user = db.session.get(User, current_token['sub']) +- return jsonify(id=user.id, username=user.username, token=current_token) ++ return jsonify( ++ id=user.id, ++ username=user.username, ++ token=current_token._get_current_object(), ++ ) + + @app.route('/protected-by-entitlements') + @require_oauth(entitlements=['captain']) + def protected_by_entitlements(): + user = db.session.get(User, current_token['sub']) +- return jsonify(id=user.id, username=user.username, token=current_token) ++ return jsonify( ++ id=user.id, ++ username=user.username, ++ token=current_token._get_current_object(), ++ ) + + return require_oauth + diff --git a/python-Authlib.changes b/python-Authlib.changes new file mode 100644 index 0000000..38166ea --- /dev/null +++ b/python-Authlib.changes @@ -0,0 +1,146 @@ +------------------------------------------------------------------- +Thu Dec 19 13:57:51 UTC 2024 - Markéta Machová + +- Add httpx028.patch to add compatibility with new httpx + +------------------------------------------------------------------- +Thu Oct 31 09:13:27 UTC 2024 - Dirk Müller + +- add py313-tests.patch +- modernize spec file + +------------------------------------------------------------------- +Sat Sep 28 20:03:15 UTC 2024 - Dirk Müller + +- update to 1.3.2: + * Prevent ever-growing session size for OAuth clients. + * Revert quote client id and secret. + * unquote basic auth header for authorization server. + +------------------------------------------------------------------- +Mon Jun 10 11:05:10 UTC 2024 - Daniel Garcia + +- Update to 1.3.1 (CVE-2024-37568, bsc#1226138): + * Prevent OctKey to import ssh and PEM strings. + +------------------------------------------------------------------- +Tue Jan 23 17:10:58 UTC 2024 - Antonio Larrosa + +- Remove the file containing a Commercial license otherwise + licensedigger rejects the dual-licensed package. + See https://docs.authlib.org/en/latest/community/licenses.html . + +------------------------------------------------------------------- +Mon Jan 8 20:58:02 UTC 2024 - Dirk Müller + +- update to 1.3.0: + * Restore AuthorizationServer.create_authorization_response + behavior, via :PR:`558` + * Include leeway in validate_iat() for JWT, via :PR:`565` + * Fix encode_client_secret_basic, via :PR:`594` + * Use single key in JWK if JWS does not specify kid, via + :PR:`596` + * Fix error when RFC9068 JWS has no scope field, via :PR:`598` + * Get werkzeug version using importlib, via :PR:`591` + * New features: + * RFC9068 implementation, via :PR:`586`, by @azmeuk. + * Breaking changes: + * End support for python 3.7 + +------------------------------------------------------------------- +Sun Jun 25 18:48:52 UTC 2023 - Dirk Müller + +- update to 1.2.1: + * Apply headers in ``ClientSecretJWT.sign`` method + * Allow falsy but non-None grant uri params + * Fixed ``authorize_redirect`` for Starlette v0.26.0 + * Removed ``has_client_secret`` method and documentation + * Removed ``request_invalid`` and ``token_revoked`` remaining + occurences and documentation. + * Fixed RFC7591 ``grant_types`` and ``response_types`` default + values + +------------------------------------------------------------------- +Sun Jun 11 14:11:54 UTC 2023 - ecsos + +- Add %{?sle15_python_module_pythons} + +------------------------------------------------------------------- +Tue Dec 13 03:19:54 UTC 2022 - Yogalakshmi Arunachalam + +- Update to version 1.2.0 + * Not passing request.body to ResourceProtector, #485. + * Use flask.g instead of _app_ctx_stack, #482. + * Add headers parameter back to ClientSecretJWT, #457. + * Always passing realm parameter in OAuth 1 clients, #339. + * Implemented RFC7592 Dynamic Client Registration Management Protocol, #505` + * Add default_timeout for requests OAuth2Session and AssertionSession. + * Deprecate jwk.loads and jwk.dumps + +------------------------------------------------------------------- +Tue Oct 11 23:14:36 UTC 2022 - Yogalakshmi Arunachalam + +- Update to Version 1.1.0 + * This release contains breaking changes and security fixes. + * Allow to pass claims_options to Framework OpenID Connect clients, via PR#446. + * Fix .stream with context for HTTPX OAuth clients, via PR#465. + * Fix Starlette OAuth client for cache store, via PR#478. + +------------------------------------------------------------------- +Thu Aug 4 06:30:52 UTC 2022 - Steve Kowalik + +- Remove unneeded BuildRequires on mock. +- Remove duplicated BuildRequires on pytest. + +------------------------------------------------------------------- +Mon May 9 22:06:00 UTC 2022 - Matej Cepl + +- Fix tests. + +------------------------------------------------------------------- +Thu Apr 21 11:29:21 UTC 2022 - Michael Ströder + +- Update to 1.0.1 + * Fix authenticate_none method, via #438. + * Allow to pass in alternative signing algorithm to RFC7523 authentication methods via #447. + * Fix missing_token for Flask OAuth client, via #448. + * Allow openid in any place of the scope, via #449. + * Security fix for validating essential value on blank value in JWT, via #445. +- Update to 1.0.0 + * Dropped support for Python 2 + * Removed built-in SQLAlchemy integration. + * The whole framework client integrations have been restructured + +------------------------------------------------------------------- +Tue Nov 16 13:42:27 UTC 2021 - Michael Ströder + +- Update to 0.15.5 + * Make Authlib compatible with latest httpx + * Make Authlib compatible with latest werkzeug + * Allow customize RFC7523 alg value + +------------------------------------------------------------------- +Fri Aug 13 11:16:21 UTC 2021 - John Paul Adrian Glaubitz + +- Update to 0.15.4 + * Security fix when JWT claims is None. + +------------------------------------------------------------------- +Mon Aug 9 22:19:38 UTC 2021 - Jan Engelhardt + +- Drop filler wording from description again. + +------------------------------------------------------------------- +Tue Mar 23 11:52:52 UTC 2021 - Marcus Rueckert + +- Update to 0.15.3 + https://docs.authlib.org/en/latest/changelog.html#version-0-15-3 + https://docs.authlib.org/en/latest/changelog.html#version-0-15-2 + https://docs.authlib.org/en/latest/changelog.html#version-0-15-1 + https://docs.authlib.org/en/latest/changelog.html#version-0-15 + +------------------------------------------------------------------- +Wed Aug 5 14:44:15 UTC 2020 - Stasiek Michalski + +- Initial package + diff --git a/python-Authlib.spec b/python-Authlib.spec new file mode 100644 index 0000000..c58a2b8 --- /dev/null +++ b/python-Authlib.spec @@ -0,0 +1,91 @@ +# +# spec file for package python-Authlib +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define modname authlib +%{?sle15_python_module_pythons} +Name: python-Authlib +Version: 1.3.2 +Release: 0 +Summary: Python library for building OAuth and OpenID Connect servers +License: BSD-3-Clause +URL: https://authlib.org/ +Source: https://github.com/lepture/%{modname}/archive/refs/tags/v%{version}.tar.gz#/%{modname}-%{version}.tar.gz +Patch1: https://github.com/lepture/authlib/commit/d282c1afad676cf8ed3670e60fd43516fc9615de.patch#/py313-tests.patch +# PATCH-FIX-UPSTREAM https://github.com/lepture/authlib/pull/695 Support httpx 0.28 +Patch2: httpx028.patch +BuildRequires: %{python_module pip} +BuildRequires: %{python_module setuptools} +BuildRequires: %{python_module wheel} +BuildRequires: python-rpm-macros +# SECTION test requirements +BuildRequires: %{python_module anyio} +BuildRequires: %{python_module Django} +BuildRequires: %{python_module Flask-SQLAlchemy} +BuildRequires: %{python_module Flask} +BuildRequires: %{python_module SQLAlchemy} +BuildRequires: %{python_module Werkzeug} +BuildRequires: %{python_module cachelib} +BuildRequires: %{python_module cryptography} +BuildRequires: %{python_module httpx} +BuildRequires: %{python_module pytest-asyncio} +BuildRequires: %{python_module pytest} +BuildRequires: %{python_module requests} +BuildRequires: %{python_module starlette} +BuildRequires: %{python_module typing_extensions} +# /SECTION +BuildRequires: fdupes +Requires: python-cryptography +Suggests: python-requests +BuildArch: noarch +%python_subpackages + +%description +A Python library for building OAuth and OpenID Connect servers. + +%prep +%autosetup -p1 -n %{modname}-%{version} +# Remove the file containing the commercial license so licensedigger +# doesn't complain about the dual license +rm COMMERCIAL-LICENSE + +%build +%pyproject_wheel + +%install +%pyproject_install +%python_expand %fdupes %{buildroot}%{$python_sitelib} + +%check +%{python_expand export PYTHONPATH=%{buildroot}%{$python_sitelib} PYTHONDONTWRITEBYTECODE=1 +$python -mpytest tests/core +$python -mpytest tests/flask +# gh#lepture/authlib#456 +$python -mpytest tests/jose -k 'not (test_dir_alg_xc20p or test_xc20p_content_encryption_decryption)' +export DJANGO_SETTINGS_MODULE=tests.clients.test_django.settings +$python -mpytest tests/clients +# export DJANGO_SETTINGS_MODULE=tests.django.settings +# $python -mpytest tests/django +} + +%files %{python_files} +%doc README.rst +%license LICENSE +%{python_sitelib}/%{modname} +%{python_sitelib}/Authlib-%{version}.dist-info + +%changelog