PyPI - dj-jwt-auth - Versions diffs - 1.9.5__tar.gz → 1.10.0__tar.gz - Mend

dj-jwt-auth 1.9.5tar.gz → 1.10.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

{dj_jwt_auth-1.9.5 → dj_jwt_auth-1.10.0}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.4
 Name: dj-jwt-auth
-Version: 1.9.5
+Version: 1.10.0
 Summary: A Django package for JSON Web Token validation and verification. Using PyJWT.
 Home-page: https://www.example.com/
 Author: Konstantin Seleznev
@@ -26,6 +26,7 @@ Requires-Dist: Django>=3.0
 Requires-Dist: pyjwt>=2.5.0
 Requires-Dist: requests>=2.28.1
 Requires-Dist: cryptography>=36.0.2
+Dynamic: description-content-type
 # Django-JWT

{dj_jwt_auth-1.9.5 → dj_jwt_auth-1.10.0}/dj_jwt_auth.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.4
 Name: dj-jwt-auth
-Version: 1.9.5
+Version: 1.10.0
 Summary: A Django package for JSON Web Token validation and verification. Using PyJWT.
 Home-page: https://www.example.com/
 Author: Konstantin Seleznev
@@ -26,6 +26,7 @@ Requires-Dist: Django>=3.0
 Requires-Dist: pyjwt>=2.5.0
 Requires-Dist: requests>=2.28.1
 Requires-Dist: cryptography>=36.0.2
+Dynamic: description-content-type
 # Django-JWT

{dj_jwt_auth-1.9.5 → dj_jwt_auth-1.10.0}/django_jwt/middleware.py RENAMED Viewed

@@ -29,7 +29,8 @@ class JWTAuthMiddleware(MiddlewareMixin):
             info = oidc_handler.decode_token(raw_token)
             request.user = request._cached_user = UserHandler(info, request, raw_token).get_user()
         except AlgorithmNotSupportedException as exc:
-            return JsonResponse(status=HTTPStatus.UNAUTHORIZED.value, data={"detail": str(exc)})
+            log.warning(f"AlgorithmNotSupportedException: {exc}")
+            return JsonResponse(status=HTTPStatus.UNAUTHORIZED.value, data={"detail": "algorithm not supported"})
         except ExpiredSignatureError:
             return JsonResponse(status=HTTPStatus.UNAUTHORIZED.value, data={"detail": "expired token"})
         except UnicodeDecodeError as exc:

dj_jwt_auth-1.10.0/django_jwt/templates/admin/login.html ADDED Viewed

@@ -0,0 +1,11 @@
+{% extends "admin/login.html" %}
+{% block content %}
+    {% if neoid_only is True %}
+        <div style="text-align: center;">
+            <a class="button" style="display: inline-block; margin-top: 20px" href="{% url 'start_oidc_auth' %}">NeoID Login</a>
+        </div>
+    {% else %}
+        {{ block.super }}
+    {% endif %}
+{% endblock %}

{dj_jwt_auth-1.9.5 → dj_jwt_auth-1.10.0}/django_jwt/utils.py RENAMED Viewed

@@ -7,11 +7,11 @@ import jwt
 import requests
 from django_jwt import settings
-from django_jwt.config import config
+from django_jwt.config import SupportedAlgorithms, config
 def get_random_string(k: int = 32) -> str:
-    return "".join(random.choices(string.ascii_letters + string.digits + "-._~", k=k))
+    return "".join(random.choices(string.ascii_letters + string.digits + "-._~", k=k))  # NOSONAR
 def get_alg(token: str) -> str:
@@ -20,7 +20,7 @@ def get_alg(token: str) -> str:
 def get_access_token(code: str, redirect_uri: str, pkce_secret: str, client_id: str) -> str:
-    token_endpoint = config.admin().get("token_endpoint")
+    token_endpoint = config.cfg(SupportedAlgorithms.ES256).get("token_endpoint")
     data = {
         "grant_type": "authorization_code",
         "client_id": client_id,

{dj_jwt_auth-1.9.5 → dj_jwt_auth-1.10.0}/django_jwt/views.py RENAMED Viewed

@@ -25,7 +25,7 @@ def silent_sso_check(request):
 def index_response(request, msg, status=400):
-    logout_url = config.admin().get("end_session_endpoint")
+    logout_url = config.cfg(SupportedAlgorithms.ES256).get("end_session_endpoint")
     return render(
         request,
         "django-jwt-index.html",
@@ -33,7 +33,6 @@ def index_response(request, msg, status=400):
             "error_message": msg,
             "login_url": reverse("start_oidc_auth"),
             "logout_url": logout_url,
-            "redirect_uri": request.build_absolute_uri(reverse("start_oidc_auth")),
         },
         status=status,
     )
@@ -107,7 +106,8 @@ class ReceiveRedirectView(CallbackView):
             log.warning(f"OIDC Admin HTTPError: {exc}")
             return index_response(request=request, msg=exc.response.text, status=exc.response.status_code)
         except ConfigException as exc:
-            return HttpResponse(content=str(exc), status=500)
+            log.error(f"OIDC Config error: {exc}")
+            return HttpResponse(content="OIDC Config error", status=500)
         except BadRequestException as exc:
             return index_response(request=request, msg=str(exc))
         except Exception as exc:

{dj_jwt_auth-1.9.5 → dj_jwt_auth-1.10.0}/setup.cfg RENAMED Viewed

@@ -1,6 +1,6 @@
 [metadata]
 name = dj-jwt-auth
-version = 1.9.5
+version = 1.10.0
 description = A Django package for JSON Web Token validation and verification. Using PyJWT.
 long_description = file: README.md
 url = https://www.example.com/

{dj_jwt_auth-1.9.5 → dj_jwt_auth-1.10.0}/tests/test.py RENAMED Viewed

@@ -1,10 +1,12 @@
 from datetime import datetime, timezone
 from http import HTTPStatus
 from unittest.mock import Mock, patch
+from urllib.parse import parse_qs, urlparse
 from django.contrib.auth import get_user_model
 from django.contrib.auth.models import Group, Permission
-from django.test import TestCase
+from django.http import HttpResponse
+from django.test import RequestFactory, TestCase
 from django.urls import reverse
 from jwt.api_jwt import ExpiredSignatureError
@@ -14,6 +16,13 @@ from django_jwt.exceptions import ConfigException
 from django_jwt.middleware import JWTAuthMiddleware
 from django_jwt.roles import ROLE
 from django_jwt.user import role_handler
+from django_jwt.views import (
+    LogoutView,
+    ReceiveRedirectView,
+    StartOIDCAuthView,
+    index_response,
+    silent_sso_check,
+)
 utc = timezone.utc
 access_token_payload = {
@@ -240,7 +249,7 @@ class ConfigTest(TestCase):
     def test_not_supported_alg(self, *_):
         response = self.middleware.process_request(self.request)
         self.assertEqual(HTTPStatus.UNAUTHORIZED.value, response.status_code)
-        self.assertEqual(b'{"detail": "Algorithm HS256 is not supported"}', response.content)
+        self.assertEqual(b'{"detail": "algorithm not supported"}', response.content)
 class RolesTest(TestCase):
@@ -289,3 +298,121 @@ class RolesTest(TestCase):
         self.assertTrue(self.user.is_staff)
         self.assertTrue(self.user.groups.filter(name="staff group").exists())
         self.assertTrue(self.user.user_permissions.filter(codename="add_user").exists())
+class ViewsTestCase(TestCase):
+    def setUp(self):
+        self.factory = RequestFactory()
+        self.user = User.objects.create(username="user2", kc_id="12345")
+    def test_silent_sso_check(self):
+        request = self.factory.get("/silent-sso/")
+        response = silent_sso_check(request)
+        self.assertIsInstance(response, HttpResponse)
+        self.assertIn("parent.postMessage", response.content.decode())
+    @patch("django_jwt.views.config.cfg", return_value={"end_session_endpoint": "/logout"})
+    def test_index_response(self, mock_config):
+        request = self.factory.get("/index/")
+        response = index_response(request, "Test error message", status=403)
+        self.assertEqual(response.status_code, 403)
+        self.assertIn("Test error message", response.content.decode())
+        self.assertIn('<button><a href="/admin/oidc/">Login</a></button>', response.content.decode())
+        self.assertIn('<button><a href="/logout">Logout</a></button', response.content.decode())
+    @patch("django_jwt.views.PKCESecret")
+    @patch("django_jwt.views.config")
+    def test_start_oidc_auth_view_get(self, mock_config, mock_pkce):
+        mock_pkce.return_value.challenge = "challenge"
+        mock_pkce.return_value.challenge_method = "S256"
+        mock_config.cfg.return_value.get.return_value = "/auth"
+        view = StartOIDCAuthView.as_view()
+        request = self.factory.get("/start-oidc/")
+        response = view(request)
+        self.assertEqual(response.status_code, 302)
+        self.assertIn("/auth?", response.url)
+        parsed_url = urlparse(response.url)
+        query_params = parse_qs(parsed_url.query)
+        self.assertEqual(query_params["client_id"][0], settings.OIDC_ADMIN_CLIENT_ID)
+        self.assertEqual(query_params["redirect_uri"][0], "http://testserver/admin/oidc/callback/")
+        self.assertEqual(query_params["response_type"][0], "code")
+        self.assertEqual(query_params["scope"][0], "openid")
+        self.assertEqual(query_params["code_challenge"][0], "challenge")
+        self.assertEqual(query_params["code_challenge_method"][0], "S256")
+    @patch("django_jwt.views.cache")
+    @patch("django_jwt.views.config")
+    @patch("django_jwt.views.get_access_token")
+    @patch("django_jwt.views.oidc_handler")
+    @patch("django_jwt.views.UserHandler.get_user")
+    def test_receive_redirect_view_success(
+        self, mock_get_user, mock_oidc_handler, mock_get_access_token, mock_cache, mock_config
+    ):
+        mock_cache.get.return_value = "pkce_secret"
+        mock_config.cfg.return_value.get.return_value = "/logout"
+        mock_get_access_token.return_value = "token"
+        mock_oidc_handler.decode_token.return_value = access_token_payload | {
+            "sub": self.user.kc_id,
+            "resource_access": {settings.OIDC_ADMIN_CLIENT_ID: {"roles": ["admin"]}},
+        }
+        mock_get_user.return_value = self.user
+        view = ReceiveRedirectView.as_view()
+        request = self.factory.get("/callback/", {"code": "abc", "state": "xyz"})
+        with patch("django_jwt.views.login"):
+            response = view(request)
+        self.assertEqual(response.status_code, 302)
+        self.assertIn(reverse("admin:index"), response.url)
+        self.user.refresh_from_db()
+        self.assertTrue(self.user.is_superuser)
+        self.assertTrue(self.user.is_staff)
+    @patch("django_jwt.views.config.cfg", return_value={"end_session_endpoint": "/logout"})
+    def test_receive_redirect_view_no_code_or_state(self, mock_config):
+        view = ReceiveRedirectView.as_view()
+        request = self.factory.get("/callback/")
+        response = view(request)
+        self.assertEqual(response.status_code, 400)
+        self.assertIn("No code or state", response.content.decode())
+        self.assertIn('<button><a href="/admin/oidc/">Login</a></button>', response.content.decode())
+        self.assertIn('<button><a href="/logout">Logout</a></button', response.content.decode())
+    @patch("django_jwt.views.cache.get", return_value=None)
+    @patch("django_jwt.views.config.cfg", return_value={"end_session_endpoint": "/logout"})
+    def test_receive_redirect_view_no_pkce(self, mock_cache, mock_config):
+        view = ReceiveRedirectView.as_view()
+        request = self.factory.get("/callback/", {"code": "abc", "state": "xyz"})
+        response = view(request)
+        self.assertEqual(response.status_code, 400)
+        self.assertIn("No PKCE secret found in cache", response.content.decode())
+    @patch("django_jwt.views.index_response")
+    @patch("django_jwt.views.cache")
+    @patch("django_jwt.views.get_access_token")
+    @patch("django_jwt.views.oidc_handler")
+    @patch("django_jwt.views.UserHandler")
+    def test_receive_redirect_view_http_error(
+        self, mock_user_handler, mock_oidc_handler, mock_get_access_token, mock_cache, mock_index_response
+    ):
+        mock_cache.get.return_value = "pkce_secret"
+        mock_get_access_token.side_effect = Exception("fail")
+        mock_index_response.return_value = HttpResponse("error", status=500)
+        view = ReceiveRedirectView.as_view()
+        request = self.factory.get("/callback/", {"code": "abc", "state": "xyz"})
+        response = view(request)
+        self.assertEqual(response.status_code, 500)
+    @patch("django_jwt.views.config.cfg", return_value={"end_session_endpoint": "/logout"})
+    def test_logout_view(self, mock_config):
+        view = LogoutView.as_view()
+        request = self.factory.get("/logout/")
+        response = view(request)
+        self.assertEqual(response.status_code, 401)
+        self.assertIn("Logged out", response.content.decode())
+        self.assertIn('<button><a href="/admin/oidc/">Login</a></button>', response.content.decode())
+        self.assertIn('<button><a href="/logout">Logout</a></button', response.content.decode())

{dj_jwt_auth-1.9.5 → dj_jwt_auth-1.10.0}/tests/urls.py RENAMED Viewed

@@ -1,5 +1,6 @@
+from django.contrib import admin
 from django.http import JsonResponse
-from django.urls import path
+from django.urls import include, path
 def profile(request):
@@ -7,5 +8,7 @@ def profile(request):
 urlpatterns = [
+    path("admin/", include("django_jwt.urls")),
+    path("admin/", admin.site.urls),
     path("profile/", profile, name="profile"),
 ]

dj_jwt_auth-1.9.5/django_jwt/templates/admin/login.html DELETED Viewed

@@ -1,9 +0,0 @@
-{% extends "admin/login.html" %}
-{% block content %}
-    {{  block.super }}
-    <br>
-    <div style="text-align: center;">
-        <a class="button" style="display: inline-block; margin-top: 20px" href="{% url 'start_oidc_auth' %}">NeoID Login</a>
-    </div>
-{% endblock %}