From c6e21d18dee88375aa442bdf94cfb4f4160a27c5 Mon Sep 17 00:00:00 2001 From: Mackenzie Salloum Date: Mon, 10 Apr 2023 11:30:23 -0700 Subject: [PATCH 1/4] Remove double write --- oauth2_provider/models.py | 2 +- oauth2_provider/oauth2_validators.py | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/oauth2_provider/models.py b/oauth2_provider/models.py index ee1463569..cea2bfc59 100644 --- a/oauth2_provider/models.py +++ b/oauth2_provider/models.py @@ -506,7 +506,7 @@ class AbstractIDToken(models.Model): null=True, related_name="%(app_label)s_%(class)s", ) - token = models.TextField(unique=True) + token = models.TextField(unique=True, null=True) jti = models.UUIDField(unique=True, default=uuid.uuid4, editable=False, verbose_name="JWT Token ID") application = models.ForeignKey( oauth2_settings.APPLICATION_MODEL, diff --git a/oauth2_provider/oauth2_validators.py b/oauth2_provider/oauth2_validators.py index 13d6dbba3..cce9f9616 100644 --- a/oauth2_provider/oauth2_validators.py +++ b/oauth2_provider/oauth2_validators.py @@ -704,12 +704,10 @@ def validate_refresh_token(self, refresh_token, client, request, *args, **kwargs return rt.application == client @transaction.atomic - def _save_id_token(self, id_token, jwt_token, request, expires, *args, **kwargs): + def _save_id_token(self, id_token, request, expires, *args, **kwargs): scopes = request.scope or " ".join(request.scopes) id_token = IDToken.objects.create( - # TODO sc-77179: Once reading from jti is live, we can stop writing to token. - token=jwt_token.serialize(), user=request.user, scope=scopes, expires=expires, @@ -781,7 +779,7 @@ def finalize_id_token(self, id_token, token, token_handler, request): claims=json.dumps(id_token, default=str), ) jwt_token.make_signed_token(request.client.jwk_key) - id_token = self._save_id_token(id_token, jwt_token, request, expiration_time) + id_token = self._save_id_token(id_token, request, expiration_time) # this is needed by django rest framework request.access_token = id_token request.id_token = id_token From 133a2dcd31a87b202733be487b703a22d3fc428e Mon Sep 17 00:00:00 2001 From: Mackenzie Salloum Date: Mon, 10 Apr 2023 11:34:30 -0700 Subject: [PATCH 2/4] Add migration --- .../migrations/0008_alter_idtoken_token.py | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 oauth2_provider/migrations/0008_alter_idtoken_token.py diff --git a/oauth2_provider/migrations/0008_alter_idtoken_token.py b/oauth2_provider/migrations/0008_alter_idtoken_token.py new file mode 100644 index 000000000..a55f267ab --- /dev/null +++ b/oauth2_provider/migrations/0008_alter_idtoken_token.py @@ -0,0 +1,18 @@ +# Generated by Django 3.2.15 on 2023-04-10 18:32 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('oauth2_provider', '0007_alter_idtoken_jti'), + ] + + operations = [ + migrations.AlterField( + model_name='idtoken', + name='token', + field=models.TextField(null=True, unique=True), + ), + ] From 30aa0a7b42f0262f4a1b7f939ceae0ab5c2a5b29 Mon Sep 17 00:00:00 2001 From: Mackenzie Salloum Date: Mon, 10 Apr 2023 11:35:42 -0700 Subject: [PATCH 3/4] Increment version --- setup.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.cfg b/setup.cfg index 0ceb0b0e9..d7599ab20 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,6 +1,6 @@ [metadata] name = django-oauth-toolkit -version = 1.5.2 +version = 1.5.3 description = OAuth2 Provider for Django long_description = file: README.rst long_description_content_type = text/x-rst From 782580b435a9caa2d07942d5b97b738d8f706bee Mon Sep 17 00:00:00 2001 From: Mackenzie Salloum Date: Mon, 10 Apr 2023 13:08:10 -0700 Subject: [PATCH 4/4] Adjust migration --- oauth2_provider/migrations/0008_alter_idtoken_token.py | 2 +- oauth2_provider/models.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/oauth2_provider/migrations/0008_alter_idtoken_token.py b/oauth2_provider/migrations/0008_alter_idtoken_token.py index a55f267ab..7792b68bd 100644 --- a/oauth2_provider/migrations/0008_alter_idtoken_token.py +++ b/oauth2_provider/migrations/0008_alter_idtoken_token.py @@ -13,6 +13,6 @@ class Migration(migrations.Migration): migrations.AlterField( model_name='idtoken', name='token', - field=models.TextField(null=True, unique=True), + field=models.TextField(null=True, unique=False, blank=True), ), ] diff --git a/oauth2_provider/models.py b/oauth2_provider/models.py index cea2bfc59..dd0a1eb75 100644 --- a/oauth2_provider/models.py +++ b/oauth2_provider/models.py @@ -506,7 +506,7 @@ class AbstractIDToken(models.Model): null=True, related_name="%(app_label)s_%(class)s", ) - token = models.TextField(unique=True, null=True) + token = models.TextField(null=True, unique=False, blank=True) jti = models.UUIDField(unique=True, default=uuid.uuid4, editable=False, verbose_name="JWT Token ID") application = models.ForeignKey( oauth2_settings.APPLICATION_MODEL,