From b12a0f76b1954af3c24fa1d7e300e388fa8b77a6 Mon Sep 17 00:00:00 2001
From: Shaheed Haque <shaheedhaque@gmail.com>
Date: Mon, 22 Mar 2021 13:04:40 +0000
Subject: [PATCH 1/4] Provide django.contrib.auth.authenticate() with a request
 for compatibiity with more backends. Resolves #712. Resolves #636. Resolves
 #808.

---
 oauth2_provider/oauth2_validators.py | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/oauth2_provider/oauth2_validators.py b/oauth2_provider/oauth2_validators.py
index 25266d04d..92e59f626 100644
--- a/oauth2_provider/oauth2_validators.py
+++ b/oauth2_provider/oauth2_validators.py
@@ -14,6 +14,7 @@
 from django.core.exceptions import ObjectDoesNotExist
 from django.db import transaction
 from django.db.models import Q
+from django.http import HttpRequest
 from django.utils import dateformat, timezone
 from django.utils.timezone import make_aware
 from django.utils.translation import gettext_lazy as _
@@ -664,7 +665,18 @@ def validate_user(self, username, password, client, request, *args, **kwargs):
         """
         Check username and password correspond to a valid and active User
         """
-        u = authenticate(username=username, password=password)
+        # Passing the optional HttpRequest adds compatibility for backends
+        # which depend on its presence. Create one with attributes likely
+        # to be used.
+        http_request = HttpRequest()
+        http_request.path = request.uri
+        http_request.method = request.http_method
+        if request.http_method == "GET":
+            http_request.GET.update(dict(request.decoded_body))
+        elif request.http_method == "POST":
+            http_request.POST.update(dict(request.decoded_body))
+        http_request.META = request.headers
+        u = authenticate(http_request, username=username, password=password)
         if u is not None and u.is_active:
             request.user = u
             return True

From eccad4698a75b5939396a30b1b20891663c0b613 Mon Sep 17 00:00:00 2001
From: Shaheed Haque <shaheedhaque@gmail.com>
Date: Mon, 22 Mar 2021 13:26:06 +0000
Subject: [PATCH 2/4] Update CHANGELOG.md and AUTHORS.

---
 AUTHORS      | 1 +
 CHANGELOG.md | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/AUTHORS b/AUTHORS
index a81fed695..aba1e22f4 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -50,3 +50,4 @@ Rustem Saiargaliev
 Jadiel Teófilo
 pySilver
 Łukasz Skarżyński
+Shaheed Haque
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 660ebefb7..3d2f9449a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Security
   -->
 
+## [unreleased]
+* #712, #636, #808. Calls to `django.contrib.auth.authenticate()` now pass a `request`
+  to provide compatibility with backends that need one.
+
 ## [1.5.0] 2021-03-18
 
 ### Added

From 2989685f928c5d51b98796dd4fd1979623fd256b Mon Sep 17 00:00:00 2001
From: Shaheed Haque <shaheedhaque@gmail.com>
Date: Mon, 22 Mar 2021 13:57:25 +0000
Subject: [PATCH 3/4] Avoid reduction in code coverage using inline code.

---
 oauth2_provider/oauth2_validators.py | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/oauth2_provider/oauth2_validators.py b/oauth2_provider/oauth2_validators.py
index 92e59f626..f3a24e258 100644
--- a/oauth2_provider/oauth2_validators.py
+++ b/oauth2_provider/oauth2_validators.py
@@ -671,10 +671,7 @@ def validate_user(self, username, password, client, request, *args, **kwargs):
         http_request = HttpRequest()
         http_request.path = request.uri
         http_request.method = request.http_method
-        if request.http_method == "GET":
-            http_request.GET.update(dict(request.decoded_body))
-        elif request.http_method == "POST":
-            http_request.POST.update(dict(request.decoded_body))
+        getattr(http_request, request.http_method).update(dict(request.decoded_body))
         http_request.META = request.headers
         u = authenticate(http_request, username=username, password=password)
         if u is not None and u.is_active:

From c2580d30944a03a4062f99cd5a167c0a8f69857e Mon Sep 17 00:00:00 2001
From: Alan Crosswell <alan@crosswell.us>
Date: Mon, 22 Mar 2021 10:54:25 -0400
Subject: [PATCH 4/4] Update CHANGELOG.md

Clean up some mis-merged updates.
---
 CHANGELOG.md | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3d2f9449a..e7b0e35cb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,15 +15,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   -->
 
 ## [unreleased]
+
+### Added
 * #712, #636, #808. Calls to `django.contrib.auth.authenticate()` now pass a `request`
   to provide compatibility with backends that need one.
+  
+### Fixed
+* #524 Restrict usage of timezone aware expire dates to Django projects with USE_TZ set to True.
 
 ## [1.5.0] 2021-03-18
 
 ### Added
 * #915 Add optional OpenID Connect support.
-### Fixed
-* #524 Restrict usage of timezone aware expire dates to Django projects with USE_TZ set to True.
 
 ### Changed
 * #942 Help via defunct Google group replaced with using GitHub issues