commit 23c59d0c2fd01e330a5eb79a0fe27144e5334c23e6602262a5ab9bde2d101896 Author: Daniel Garcia Date: Thu Nov 27 07:22:11 2025 +0000 - Update to 2.25.2: * Security + CVE-2025-66040 – HTML for OAuth flow now sanitized: prevents potential XSS attacks (by @yueyueL) Upgrade if you run spotipy with the default OAuth flow (uses a local HTTP server as a callback method) (bsc#1254285) * Added + Adds additional_types parameter to retrieve currently playing episode + Add deprecation warnings to documentation * Fixed + Fixed dead link in README.md + Corrected Spotify/Spotipy typo in documentation OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-spotipy?expand=0&rev=34 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/2.25.1.tar.gz b/2.25.1.tar.gz new file mode 100644 index 0000000..0856ed3 --- /dev/null +++ b/2.25.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1d525c070567a3aa36efda82dbde59e0a2ac7f395e5a88ea4f31da47fda07ff9 +size 107750 diff --git a/2.25.2.tar.gz b/2.25.2.tar.gz new file mode 100644 index 0000000..d79fe52 --- /dev/null +++ b/2.25.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0878ae8a71a13f8956bb1d42ea845e092822de205de11be685b371895e430fdc +size 108288 diff --git a/python-spotipy.changes b/python-spotipy.changes new file mode 100644 index 0000000..12a6365 --- /dev/null +++ b/python-spotipy.changes @@ -0,0 +1,381 @@ +------------------------------------------------------------------- +Thu Nov 27 07:15:05 UTC 2025 - Daniel Garcia + +- Update to 2.25.2: + * Security + + CVE-2025-66040 – HTML for OAuth flow now sanitized: prevents + potential XSS attacks (by @yueyueL) Upgrade if you run spotipy + with the default OAuth flow (uses a local HTTP server as a + callback method) (bsc#1254285) + * Added + + Adds additional_types parameter to retrieve currently playing episode + + Add deprecation warnings to documentation + * Fixed + + Fixed dead link in README.md + + Corrected Spotify/Spotipy typo in documentation + +------------------------------------------------------------------- +Fri Feb 28 05:07:51 UTC 2025 - Steve Kowalik + +- Update to 2.25.1: + * Security + + CVE-2025-27154 – Cache file permissions tightened: now 600 (user + read/write only) instead of 644, preventing unauthorized local access + to auth tokens (bsc#1238059) + * Added + + Added examples for audiobooks, shows and episodes methods to examples + directory + * Fixed + + Fixed scripts in examples directory that didn't run correctly + + Updated documentation for Client.current_user_top_artists to indicate + maximum number of artists limit + * Changed + + Updated get_cached_token and save_token_to_cache methods to utilize + Python's Context Management Protocol + + Added except clause to get_cached_token method to handle json decode + errors + + Added warnings and updated docs due to Spotify's deprecation of HTTP + and "localhost" redirect URIs + + Use newer string formatters (https://pyformat.info) + + Marked recommendation_genre_seeds as deprecated + +------------------------------------------------------------------- +Tue Jan 7 14:28:06 UTC 2025 - John Paul Adrian Glaubitz + +- Update to 2.25.0 + * Added unit tests for queue functions + * Added detailed function docstrings to 'util.py', including descriptions and special sections + that lists arguments, returns, and raises. + * Updated order of instructions for Python and pip package manager installation in TUTORIAL.md + * Updated TUTORIAL.md instructions to match current layout of Spotify Developer Dashboard + * Added test_artist_id, test_artist_url, and test_artists_mixed_ids to non_user_endpoints test.py + * Added rate/request limit to FAQ + * Added custom `urllib3.Retry` class for printing a warning when a rate/request limit is reached. + * Added `personalized_playlist.py`, `track_recommendations.py`, and `audio_features_analysis.py` + to `/examples`. + * Discord badge in README + * Added `SpotifyBaseException` and moved all exceptions to `exceptions.py` + * Marked the following methods as deprecated: + - artist_related_artists + - recommendations + - audio_features + - audio_analysis + - featured_playlists + - category_playlists + * Added FAQ entry for inaccessible playlists + * Audiobook integration tests + * Edited docstrings for certain functions in client.py for functions that are no longer in use + and have been replaced. + * `current_user_unfollow_playlist()` now supports playlist IDs, URLs, and URIs rather than + previously where it only supported playlist IDs. + * `mock` no longer listed as a test dependency. Only built-in `unittest.mock` is actually used. +- Use Python 3.11 on SLE-15 by default +- Switch build system from setuptools to pyproject.toml + * Add python-pip and python-wheel to BuildRequires + * Replace %python_build with %pyproject_wheel + * Replace %python_install with %pyproject_install + +------------------------------------------------------------------- +Tue Sep 3 10:00:31 UTC 2024 - pgajdos@suse.com + +- python-six is not required + +------------------------------------------------------------------- +Mon Jun 10 09:22:32 UTC 2024 - Dirk Müller + +- update to 2.24.0: + * Added `MemcacheCacheHandler`, a cache handler that stores the + token info using pymemcache. + * Added support for audiobook endpoints: `get_audiobook`, + `get_audiobooks`, and `get_audiobook_chapters`. + * Added integration tests for audiobook endpoints. + * Added `update` field to `current_user_follow_playlist`. + * Fixed error obfuscation when Spotify class is being inherited + and an error is raised in the Child's `__init__` + * Replaced `artist_albums(album_type=...)` with + `artist_albums(include_groups=...)` due to an API change. + * Updated `_regex_spotify_url` to ignore `/intl-` + in Spotify links + +------------------------------------------------------------------- +Fri Dec 8 13:45:17 UTC 2023 - Dirk Müller + +- update to 2.23.0: + * Added optional `encoder_cls` argument to `CacheFileHandler`, + which overwrite default encoder for token before writing to + disk + * Integration tests for searching multiple types in multiple + markets (non-user endpoints) + * Publish to PyPI action + * Fixed the regex for matching playlist URIs with the format + spotify:user:USERNAME:playlist:PLAYLISTID. + * `search_markets` now factors the counts of all types in the + `total` rather than just the first type (#534) + * Add alternative module installation instruction to README + * Added Comment to README - Getting Started for user to add URI + to app in Spotify Developer Dashboard. + * Added playlist_add_tracks.py to example folder + * Modified docstring for playlist_add_items() to accept "only + URIs or URLs", + * with intended deprecation for IDs in v3 + * Path traversal vulnerability that may lead to type confusion + in URI handling code + * Update contributing.md + +------------------------------------------------------------------- +Tue Dec 13 17:06:22 UTC 2022 - Yogalakshmi Arunachalam + +- Update to version 2.22.0 + * Added + Integration tests via GHA (non-user endpoints) + Unit tests for new releases, passing limit parameter with minimum and maximum values of 1 and 50 + Unit tests for categories, omitting country code to test global releases + Added CODE_OF_CONDUCT.md + * Fixed + Incorrect category_id input for test_category + Assertion value for test_categories_limit_low and test_categories_limit_high + Pin Github Actions Runner to Ubuntu 20 for Py27 + Fixed potential error where found variable in test_artist_related_artists is undefined if for loop never evaluates to true + Fixed false positive test test_new_releases which looks up the wrong property of the JSON response object and always evaluates to true + +------------------------------------------------------------------- +Wed Nov 9 19:13:31 UTC 2022 - Yogalakshmi Arunachalam + +- Update to version 2.21.0 + Added + * Added market parameter to album and albums to address #753 + * Added 'show_featured_artists.py' to 'examples'. + * Expanded contribution and license sections of the documentation. + * Added FlaskSessionCacheHandler, a cache handler that stores the token info in a flask session. + * Added Python 3.10 in GitHub Actions + Fixed + * Updated the documentation to specify ISO-639-1 language codes. + * Fix AttributeError for text attribute of the Response object + * Require redis v3 if python2.7 (fixes readthedocs) + +------------------------------------------------------------------- +Thu Sep 29 13:02:28 UTC 2022 - Adrian Schröter + +- update to version 2.20.0 + ### Added + * Added `RedisCacheHandler`, a cache handler that stores the token info in Redis. + * Changed URI handling in `client.Spotify._get_id()` to remove qureies if provided by error. + * Added a new parameter to `RedisCacheHandler` to allow custom keys (instead of the default `token_info` key) + * Simplify check for existing token in `RedisCacheHandler` + +------------------------------------------------------------------- +Tue Apr 19 10:06:31 UTC 2022 - pgajdos@suse.com + +- version update to 2.19.0 + ## [2.19.0] - 2021-08-12 + ### Added + * Added `MemoryCacheHandler`, a cache handler that simply stores the token info in memory as an instance attribute of this class. + * If a network request returns an error status code but the response body cannot be decoded into JSON, then fall back on decoding the body into a string. + * Added `DjangoSessionCacheHandler`, a cache handler that stores the token in the session framework provided by Django. Web apps using spotipy with Django can directly use this for cache handling. + ### Fixed + * Fixed a bug in `CacheFileHandler.__init__`: The documentation says that the username will be retrieved from the environment, but it wasn't. + * Fixed a bug in the initializers for the auth managers that produced a spurious warning message if you provide a cache handler and you set a value for the "SPOTIPY_CLIENT_USERNAME" environment variable. + * Use generated MIT license and fix license type in `pip show` + ## [2.18.0] - 2021-04-13 + ### Added + - Enabled using both short and long IDs for playlist_change_details + - Added a cache handler to `SpotifyClientCredentials` + - Added the following endpoints + * `Spotify.current_user_saved_episodes` + * `Spotify.current_user_saved_episodes_add` + * `Spotify.current_user_saved_episodes_delete` + * `Spotify.current_user_saved_episodes_contains` + * `Spotify.available_markets` + ### Changed + - Add support for a list of scopes rather than just a comma separated string of scopes + ### Fixed + * Fixed the bugs in `SpotifyOAuth.refresh_access_token` and `SpotifyPKCE.refresh_access_token` which raised the incorrect exception upon receiving an error response from the server. This addresses #645. + * Fixed a bug in `RequestHandler.do_GET` in which the non-existent `state` attribute of `SpotifyOauthError` is accessed. This bug occurs when the user clicks "cancel" in the permissions dialog that opens in the browser. + * Cleaned up the documentation for `SpotifyClientCredentials.__init__`, `SpotifyOAuth.__init__`, and `SpotifyPKCE.__init__`. + ## [2.17.0] - 2021-02-28 + ### Changed + - moved os.remove(session_cache_path()) inside try block to avoid TypeError on app.py example file + - A warning will no longer be emitted when the cache file does not exist at the specified path + - The docs for the `auth` parameter of `Spotify.init` use the term "access token" instead of "authorization token" + - Changed docs for `search` to mention that you can provide multiple types to search for + - The query parameters of requests are now logged + - Deprecate specifing `cache_path` or `username` directly to `SpotifyOAuth`, `SpotifyPKCE`, and `SpotifyImplicitGrant` constructors, instead directing users to use the `CacheFileHandler` cache handler + - Removed requirement for examples/app.py to specify port multiple times (only SPOTIPY_REDIRECT_URI needs to contain the port) + ### Added + - Added log messages for when the access and refresh tokens are retrieved and when they are refreshed + - Support `market` optional parameter in `track` + - Added CacheHandler abstraction to allow users to cache tokens in any way they see fit + ### Fixed + - Fixed Spotify.user_playlist_reorder_tracks calling Spotify.playlist_reorder_tracks with an incorrect parameter order + - Fixed deprecated Urllib3 `Retry(method_whitelist=...)` in favor of `Retry(allowed_methods=...)` +- python-mock is not required for build + +------------------------------------------------------------------- +Thu Oct 29 09:29:48 UTC 2020 - Antonio Larrosa + +- Update to 2.16.1: + * Fixed + + playlist_tracks example code no longer prints extra + characters on final loop iteration + + SpotifyException now thrown when a request fails & has no + response (#571, #581) + + Added scope, playlist-read-private, to examples that access + user playlists using the spotipy api: + current_user_playlists() + + Enable retries for POST, DELETE, PUT (#577) + * Changed + + both inline and starting import lists are sorted using isort + module + + changed Max Retries exception code from 599 to 429 +- Update to 2.16.0: + * Added + + open_browser can be passed to the constructors of + SpotifyOAuth and SpotifyPKCE to make it easier to authorize + in browserless environments +- Update to 2.15.0: + * Added + + SpotifyPKCE.parse_auth_response_url, mirroring that method in + SpotifyOAuth + * Changed + + Specifying a cache_path or username is now optional + * Fixed + + Using SpotifyPKCE.get_authorization_url will now generate a + code challenge if needed +- Update to 2.14.0: + * Added + + (experimental) Support to search multiple/all markets at + once. + + Support to test whether the current user is following certain + users or artists + + Proper replacements for all deprecated playlist endpoints (See + https://developer.spotify.com/community/news/2018/06/12/changes-to-playlist-uris/ + and below) + + Allow for OAuth 2.0 authorization by instructing the user to + open the URL in a browser instead of opening the browser. + + Reason for 403 error in SpotifyException + + Support for the PKCE Auth Flow + + Support to advertise different language to Spotify + + Added 'collaborative' parameter to user_playlist_create + method. + + Enforce CHANGELOG update on PR + + Adds additional_types parameter to retrieve currently playing + podcast episode + + Support to get info about a single category + * Deprecated + + user_playlist_change_details in favor of + playlist_change_details + + user_playlist_unfollow in favor of + current_user_unfollow_playlist + + user_playlist_add_tracks in favor of playlist_add_items + + user_playlist_replace_tracks in favor of + playlist_replace_items + + user_playlist_reorder_tracks in favor of + playlist_reorder_items + + user_playlist_remove_all_occurrences_of_tracks in favor of + playlist_remove_all_occurrences_of_items + + user_playlist_remove_specific_occurrences_of_tracks in favor + of playlist_remove_specific_occurrences_of_items + + user_playlist_follow_playlist in favor of + current_user_follow_playlist + + user_playlist_is_following in favor of playlist_is_following + + playlist_tracks in favor of playlist_items + * Fixed + + fixed issue where episode URIs were being converted to track + URIs in playlist calls + +------------------------------------------------------------------- +Tue Jul 7 06:56:38 UTC 2020 - Steve Kowalik + +- Update to 2.13.0: + * Added + + Added `SpotifyImplicitGrant` as an auth manager option. It provides + user authentication without a client secret but sacrifices the ability + to refresh the token without user input. (However, read the class + docstring for security advisory.) + + Added built-in verification of the `state` query parameter + + Added two new attributes: error and error_description to `SpotifyOauthError` exception class to show + + authorization/authentication web api errors details. + + Added `SpotifyStateError` subclass of `SpotifyOauthError` + + Allow extending `SpotifyClientCredentials` and `SpotifyOAuth` + + Added the market paramter to `album_tracks` + + Added a method to update the auth token. + + Support for shows/podcasts and episodes + + Added CONTRIBUTING.md + * Deprecated + + Deprecated `util.prompt_for_user_token` in favor of `spotipy.Spotify(auth_manager=SpotifyOAuth())` + * Fixed + + Logging regression due to the addition of `logging.basicConfig()` which was unneeded. + + Issue where using `http://localhost` as redirect_uri would cause the authorization process to hang. + + Fixed miscellaneous issues with parsing of callback URL + + Close session when Spotipy object is unloaded + + Propagate refresh token error + * Changed + + Updated the documentation to give more details on the authorization + + process and reflect 2020 Spotify Application jargon and practices. + + The local webserver is only started for localhost redirect_uri which specify a port, + + i.e. it is started for `http://localhost:8080` or `http://127.0.0.1:8080`, not for `http://localhost`. + + Client retry logic has changed as it now uses urllib3's `Retry` in conjunction with requests `Session` + + The session is customizable as it allows for: + - status_forcelist + - retries + - status_retries + - backoff_factor + + Spin up a local webserver to auto-fill authentication URL + + Use session in SpotifyAuthBase + + Logging used instead of print statements +- Skip one test that requires external internet access + +------------------------------------------------------------------- +Thu Mar 26 14:45:02 UTC 2020 - Marketa Calabkova + +- update to 2.10.0 + * Support for add_to_queue + * Add CHANGELOG and LICENSE to released package + +------------------------------------------------------------------- +Tue Mar 17 13:57:10 UTC 2020 - pgajdos@suse.com + +- version update to 2.9.0 + * Support `position_ms` optional parameter in `start_playback` + * Add `requests_timeout` parameter to authentication methods + * Make cache optional in `get_access_token` + * Support for `playlist_cover_image` + * Support `after` and `before` parameter in `current_user_recently_played` + * CI for unit tests + * Automatic `token` refresh + * `auth_manager` and `oauth_manager` optional parameters added to `Spotify`'s init. + * Optional `username` parameter to be passed to `SpotifyOAuth`, to infer a `cache_path` automatically + * Optional `as_dict` parameter to control `SpotifyOAuth`'s `get_access_token` output type. However, this is going to be deprecated in the future, and the method will always return a token string + * Optional `show_dialog` parameter to be passed to `SpotifyOAuth` + * Both `SpotifyClientCredentials` and `SpotifyOAuth` inherit from a common `SpotifyAuthBase` which handles common parameters and logics. + * Support for `playlist_tracks` + * Support for `playlist_upload_cover_image` + * `user_playlist_tracks` doesn't require a user anymore (accepts `None`) + * Deprecated `user_playlist` and `user_playlist_tracks` + * Fixed broken examples in README, examples and doc + * Allow session keepalive + * Bump requests to 2.20.0 + * Fixed inconsistent behaviour with some API methods when + a full HTTP URL is passed. + * Fixed invalid calls to logging warn method + * Support for `playlist` to get a playlist without specifying a user + * Support for `current_user_saved_albums_delete` + * Support for `current_user_saved_albums_contains` + * Support for `user_unfollow_artists` + * Support for `user_unfollow_users` + * Added follow and player endpoints + +------------------------------------------------------------------- +Wed Dec 19 16:22:44 UTC 2018 - Jan Engelhardt + +- Trim filler wording from descriptions. + +------------------------------------------------------------------- +Wed Dec 19 13:08:00 UTC 2018 - Matej Cepl + +- Fix description and summary + +------------------------------------------------------------------- +Wed Oct 17 05:28:28 UTC 2018 - Thomas Bechtold + +- Initial packaging (version 2.4.4) diff --git a/python-spotipy.spec b/python-spotipy.spec new file mode 100644 index 0000000..88fd471 --- /dev/null +++ b/python-spotipy.spec @@ -0,0 +1,72 @@ +# +# spec file for package python-spotipy +# +# Copyright (c) 2025 SUSE LLC and contributors +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%{?sle15_python_module_pythons} +Name: python-spotipy +Version: 2.25.2 +Release: 0 +Summary: Client for the Spotify Web API +License: MIT +URL: https://spotipy.readthedocs.org/ +# https://github.com/plamere/spotipy/issues/454 +Source: https://github.com/plamere/spotipy/archive/%{version}.tar.gz +BuildRequires: %{python_module devel >= 3.8} +BuildRequires: %{python_module pip} +BuildRequires: %{python_module redis} +BuildRequires: %{python_module setuptools} +BuildRequires: %{python_module wheel} +BuildRequires: fdupes +BuildRequires: python-rpm-macros +Requires: python-redis >= 3.5.3 +Requires: python-requests >= 2.25.0 +Requires: python-urllib3 >= 1.26.0 +BuildArch: noarch +# SECTION test requirements +BuildRequires: %{python_module pytest} +BuildRequires: %{python_module requests >= 2.20.0} +# /SECTION +%python_subpackages + +%description +Spotipy is a Python library for the Spotify Web API. +With Spotipy, the user gets access to the music data +provided by the Spotify platform. + +Documentation is available at +https://spotipy.readthedocs.io/ + +%prep +%setup -q -n spotipy-%{version} + +%build +%pyproject_wheel + +%install +%pyproject_install +%python_expand %fdupes %{buildroot}%{$python_sitelib} + +%check +%pytest tests/unit/ -k 'not credentials_get_access_token' + +%files %{python_files} +%license LICENSE.md +%doc CHANGELOG.md +%{python_sitelib}/spotipy +%{python_sitelib}/spotipy-%{version}.dist-info + +%changelog