Oauth2 provider #133
Oauth2 provider #133
Commits on May 5, 2024
-
-
-
Regen migrations for common changes
Signed-off-by: Rick Elrod <[email protected]>
-
Tighten up is_external_account() and fix tests
Signed-off-by: Rick Elrod <[email protected]>
-
Revert "Regen migrations for common changes" This reverts commit 53b7fb6.
-
Try fixing up migrations while not squashing them
Signed-off-by: Rick Elrod <[email protected]>
-
Signed-off-by: Rick Elrod <[email protected]>
-
Signed-off-by: Rick Elrod <[email protected]>
-
... And this is why we test :)
Signed-off-by: Rick Elrod <[email protected]>
-
Rework application serializer a bit, client_secret
Signed-off-by: Rick Elrod <[email protected]>
-
Get "related" working for application tokens
Signed-off-by: Rick Elrod <[email protected]>
-
Create an OAuth2Application in demo data
Signed-off-by: Rick Elrod <[email protected]>
-
Add simple tests showing token auth works
Signed-off-by: Rick Elrod <[email protected]>
-
Don't treat Application.client_secret as encrypted
In newer DOT than what AWX uses, Application.client_secret is hashed automatically with no way to disable that functionality. There's a PR that allows for disabling that functionality ([0]), but that hasn't made it into a release. The DOT hashing is incompatible with our standard encryption - when DOT gets the value it ends up getting our encrypted string and trying to act on that. Ideally we'd like to disable their hashing entirely and use our standard encryption tooling. AWX avoids this problem by pinning to an older DOT. For now in DAB we'll just use the upstream hashing, and not treat the field as an encrypted_fields field to avoid the "double encryption" issue. [0]: jazzband/django-oauth-toolkit#1311 Signed-off-by: Rick Elrod <[email protected]>
-
Make is_external_account return the authenticator
Signed-off-by: Rick Elrod <[email protected]>
-
Show the proper authenticator type in error
Signed-off-by: Rick Elrod <[email protected]>
-
Signed-off-by: Rick Elrod <[email protected]>
-
Update fixture tuple application fixtures return
Signed-off-by: Rick Elrod <[email protected]>
-
Track oauth models in activity stream and sanitize
Signed-off-by: Rick Elrod <[email protected]>
-
Provide view-level hook for extra related fields
Signed-off-by: Rick Elrod <[email protected]>
-
Start on /users/PK/<oauth stuff>/ endpoints
Particularly, start on /users/PK/personal_tokens/ No tests, yet. Signed-off-by: Rick Elrod <[email protected]>
-
Some coverage for the PAT mixin hack
Signed-off-by: Rick Elrod <[email protected]>
-
Nix updated/created from token model
Signed-off-by: Rick Elrod <[email protected]>
-
Nix DOT updated/created fields from some models
Signed-off-by: Rick Elrod <[email protected]>
-
Use the API for the token fixture
Signed-off-by: Rick Elrod <[email protected]>
-
Start a doc for differences from AWX
Signed-off-by: Rick Elrod <[email protected]>
-
Make summary fields useful for Application
Signed-off-by: Rick Elrod <[email protected]>
-
Get /users/N/authorized_tokens/ working
Signed-off-by: Rick Elrod <[email protected]>
-
Just hardcode the user model basename in the mixin
Signed-off-by: Rick Elrod <[email protected]>
-
We can't check user actions when we add more
Signed-off-by: Rick Elrod <[email protected]>
-
Signed-off-by: Rick Elrod <[email protected]>
Commits on May 7, 2024
-
Use CommonModel fields for created and modified
We have to use the right order of inheritance for this to work, and not null out fields that we actually want :) Signed-off-by: Rick Elrod <[email protected]>
Commits on May 8, 2024
-
DRY
ALLOWED_SCOPESin token serializerSigned-off-by: Rick Elrod <[email protected]>
-
Signed-off-by: Rick Elrod <[email protected]>
-
Be specific because people aren't mind-readers
Signed-off-by: Rick Elrod <[email protected]>
-
Use authenticator name instead of its type
Signed-off-by: Rick Elrod <[email protected]>
-
Just show the None if it's None
Signed-off-by: Rick Elrod <[email protected]>