PyPI - django-auth-adfs - Versions diffs - 1.14.0__tar.gz → 1.15.0__tar.gz - Mend

django-auth-adfs 1.14.0tar.gz → 1.15.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

{django_auth_adfs-1.14.0 → django_auth_adfs-1.15.0}/PKG-INFO RENAMED Viewed

@@ -1,19 +1,19 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.3
 Name: django-auth-adfs
-Version: 1.14.0
+Version: 1.15.0
 Summary: A Django authentication backend for Microsoft ADFS and AzureAD
-Home-page: https://github.com/snok/django-auth-adfs
 License: BSD-1-Clause
 Keywords: django,authentication,adfs,azure,ad,oauth2
 Author: Joris Beckers
 Author-email: joris.beckers@gmail.com
 Maintainer: Jonas Krüger Svensson
 Maintainer-email: jonas-ks@hotmail.com
-Requires-Python: >=3.8,<4.0
+Requires-Python: >=3.9,<4.0
 Classifier: Development Status :: 5 - Production/Stable
 Classifier: Environment :: Web Environment
 Classifier: Framework :: Django :: 4.2
 Classifier: Framework :: Django :: 5.0
+Classifier: Framework :: Django :: 5.1
 Classifier: Intended Audience :: Developers
 Classifier: Intended Audience :: End Users/Desktop
 Classifier: License :: OSI Approved
@@ -21,11 +21,11 @@ Classifier: License :: OSI Approved :: BSD License
 Classifier: Operating System :: OS Independent
 Classifier: Programming Language :: Python
 Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
 Classifier: Topic :: Internet :: WWW/HTTP
 Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
 Classifier: Topic :: Internet :: WWW/HTTP :: WSGI
@@ -33,11 +33,12 @@ Classifier: Topic :: Software Development :: Libraries :: Application Frameworks
 Classifier: Topic :: Software Development :: Libraries :: Python Modules
 Requires-Dist: PyJWT
 Requires-Dist: cryptography
-Requires-Dist: django (>=4.2,<5.0) ; python_version >= "3.8" and python_version < "3.10"
+Requires-Dist: django (>=4.2,<5.0) ; python_version >= "3.9" and python_version < "3.10"
 Requires-Dist: django (>=4.2,<6) ; python_version >= "3.10"
 Requires-Dist: requests
 Requires-Dist: urllib3
 Project-URL: Documentation, https://django-auth-adfs.readthedocs.io/en/latest
+Project-URL: Homepage, https://github.com/snok/django-auth-adfs
 Project-URL: Repository, https://github.com/snok/django-auth-adfs
 Description-Content-Type: text/x-rst
@@ -141,13 +142,36 @@ This will add these paths to Django:
 * ``/oauth2/callback`` where ADFS redirects back to after login. So make sure you set the redirect URI on ADFS to this.
 * ``/oauth2/logout`` which logs out the user from both Django and ADFS.
-You can use them like this in your django templates:
+Below is sample Django template code to use these paths depending if
+you'd like to use GET or POST requests. Logging out was deprecated in
+`Django 4.1 <https://docs.djangoproject.com/en/5.1/releases/4.1/#features-deprecated-in-4-1>`_.
-.. code-block:: html
+- Using GET requests:
-    <a href="{% url 'django_auth_adfs:logout' %}">Logout</a>
-    <a href="{% url 'django_auth_adfs:login' %}">Login</a>
-    <a href="{% url 'django_auth_adfs:login-no-sso' %}">Login (no SSO)</a>
+    .. code-block:: html
+        <a href="{% url 'django_auth_adfs:logout' %}">Logout</a>
+        <a href="{% url 'django_auth_adfs:login' %}">Login</a>
+        <a href="{% url 'django_auth_adfs:login-no-sso' %}">Login (no SSO)</a>
+- Using POST requests:
+    .. code-block:: html+django
+        <form method="post" action="{% url 'django_auth_adfs:logout' %}">
+            {% csrf_token %}
+            <button type="submit">Logout</button>
+        </form>
+        <form method="post" action="{% url 'django_auth_adfs:login' %}">
+            {% csrf_token %}
+            <input type="hidden" name="next" value="{{ next }}">
+            <button type="submit">Login</button>
+        </form>
+        <form method="post" action="{% url 'django_auth_adfs:login-no-sso' %}">
+            {% csrf_token %}
+            <input type="hidden" name="next" value="{{ next }}">
+            <button type="submit">Login (no SSO)</button>
+        </form>
 Contributing
 ------------

{django_auth_adfs-1.14.0 → django_auth_adfs-1.15.0}/README.rst RENAMED Viewed

@@ -98,13 +98,36 @@ This will add these paths to Django:
 * ``/oauth2/callback`` where ADFS redirects back to after login. So make sure you set the redirect URI on ADFS to this.
 * ``/oauth2/logout`` which logs out the user from both Django and ADFS.
-You can use them like this in your django templates:
-.. code-block:: html
-    <a href="{% url 'django_auth_adfs:logout' %}">Logout</a>
-    <a href="{% url 'django_auth_adfs:login' %}">Login</a>
-    <a href="{% url 'django_auth_adfs:login-no-sso' %}">Login (no SSO)</a>
+Below is sample Django template code to use these paths depending if
+you'd like to use GET or POST requests. Logging out was deprecated in
+`Django 4.1 <https://docs.djangoproject.com/en/5.1/releases/4.1/#features-deprecated-in-4-1>`_.
+- Using GET requests:
+    .. code-block:: html
+        <a href="{% url 'django_auth_adfs:logout' %}">Logout</a>
+        <a href="{% url 'django_auth_adfs:login' %}">Login</a>
+        <a href="{% url 'django_auth_adfs:login-no-sso' %}">Login (no SSO)</a>
+- Using POST requests:
+    .. code-block:: html+django
+        <form method="post" action="{% url 'django_auth_adfs:logout' %}">
+            {% csrf_token %}
+            <button type="submit">Logout</button>
+        </form>
+        <form method="post" action="{% url 'django_auth_adfs:login' %}">
+            {% csrf_token %}
+            <input type="hidden" name="next" value="{{ next }}">
+            <button type="submit">Login</button>
+        </form>
+        <form method="post" action="{% url 'django_auth_adfs:login-no-sso' %}">
+            {% csrf_token %}
+            <input type="hidden" name="next" value="{{ next }}">
+            <button type="submit">Login (no SSO)</button>
+        </form>
 Contributing
 ------------

{django_auth_adfs-1.14.0 → django_auth_adfs-1.15.0}/django_auth_adfs/__init__.py RENAMED Viewed

@@ -4,4 +4,4 @@ This file is imported by setup.py
 Adding imports here will break setup.py
 """
-__version__ = '1.14.0'
+__version__ = '1.15.0'

{django_auth_adfs-1.14.0 → django_auth_adfs-1.15.0}/django_auth_adfs/backend.py RENAMED Viewed

@@ -15,19 +15,22 @@ logger = logging.getLogger("django_auth_adfs")
 class AdfsBaseBackend(ModelBackend):
-    def exchange_auth_code(self, authorization_code, request):
-        logger.debug("Received authorization code: %s", authorization_code)
-        data = {
-            'grant_type': 'authorization_code',
-            'client_id': settings.CLIENT_ID,
-            'redirect_uri': provider_config.redirect_uri(request),
-            'code': authorization_code,
-        }
-        if settings.CLIENT_SECRET:
-            data['client_secret'] = settings.CLIENT_SECRET
-        logger.debug("Getting access token at: %s", provider_config.token_endpoint)
-        response = provider_config.session.post(provider_config.token_endpoint, data, timeout=settings.TIMEOUT)
+    def _ms_request(self, action, url, data=None, **kwargs):
+        """
+        Make a Microsoft Entra/GraphQL request
+        Args:
+            action (callable): The callable for making a request.
+            url (str): The URL the request should be sent to.
+            data (dict): Optional dictionary of data to be sent in the request.
+        Returns:
+            response: The response from the server. If it's not a 200, a
+                      PermissionDenied is raised.
+        """
+        response = action(url, data=data, timeout=settings.TIMEOUT, **kwargs)
         # 200 = valid token received
         # 400 = 'something' is wrong in our request
         if response.status_code == 400:
@@ -39,7 +42,21 @@ class AdfsBaseBackend(ModelBackend):
         if response.status_code != 200:
             logger.error("Unexpected ADFS response: %s", response.content.decode())
             raise PermissionDenied
+        return response
+    def exchange_auth_code(self, authorization_code, request):
+        logger.debug("Received authorization code: %s", authorization_code)
+        data = {
+            'grant_type': 'authorization_code',
+            'client_id': settings.CLIENT_ID,
+            'redirect_uri': provider_config.redirect_uri(request),
+            'code': authorization_code,
+        }
+        if settings.CLIENT_SECRET:
+            data['client_secret'] = settings.CLIENT_SECRET
+        logger.debug("Getting access token at: %s", provider_config.token_endpoint)
+        response = self._ms_request(provider_config.session.post, provider_config.token_endpoint, data)
         adfs_response = response.json()
         return adfs_response
@@ -66,21 +83,30 @@ class AdfsBaseBackend(ModelBackend):
         else:
             data["resource"] = 'https://graph.microsoft.com'
-        response = provider_config.session.get(provider_config.token_endpoint, data=data, timeout=settings.TIMEOUT)
-        # 200 = valid token received
-        # 400 = 'something' is wrong in our request
-        if response.status_code == 400:
-            logger.error("ADFS server returned an error: %s", response.json()["error_description"])
-            raise PermissionDenied
-        if response.status_code != 200:
-            logger.error("Unexpected ADFS response: %s", response.content.decode())
-            raise PermissionDenied
+        response = self._ms_request(provider_config.session.get, provider_config.token_endpoint, data)
         obo_access_token = response.json()["access_token"]
         logger.debug("Received OBO access token: %s", obo_access_token)
         return obo_access_token
+    def get_group_memberships_from_ms_graph_params(self):
+        """
+        Return the parameters to be used in the querystring
+        when fetching the user's group memberships.
+        Possible keys to be used:
+            - $count
+            - $expand
+            - $filter
+            - $orderby
+            - $search
+            - $select
+            - $top
+        Docs:
+            https://learn.microsoft.com/en-us/graph/api/group-list-transitivememberof?view=graph-rest-1.0&tabs=python#http-request
+        """
+        return {}
     def get_group_memberships_from_ms_graph(self, obo_access_token):
         """
         Looks up a users group membership from the MS Graph API
@@ -95,17 +121,12 @@ class AdfsBaseBackend(ModelBackend):
             provider_config.msgraph_endpoint
         )
         headers = {"Authorization": "Bearer {}".format(obo_access_token)}
-        response = provider_config.session.get(graph_url, headers=headers, timeout=settings.TIMEOUT)
-        # 200 = valid token received
-        # 400 = 'something' is wrong in our request
-        if response.status_code in [400, 401]:
-            logger.error("MS Graph server returned an error: %s", response.json()["message"])
-            raise PermissionDenied
-        if response.status_code != 200:
-            logger.error("Unexpected MS Graph response: %s", response.content.decode())
-            raise PermissionDenied
+        response = self._ms_request(
+            action=provider_config.session.get,
+            url=graph_url,
+            data=self.get_group_memberships_from_ms_graph_params(),
+            headers=headers,
+        )
         claim_groups = []
         for group_data in response.json()["value"]:
             if group_data["displayName"] is None:

{django_auth_adfs-1.14.0 → django_auth_adfs-1.15.0}/django_auth_adfs/config.py RENAMED Viewed

@@ -337,7 +337,10 @@ class ProviderConfig(object):
         """
         self.load_config()
-        redirect_to = request.GET.get(REDIRECT_FIELD_NAME, None)
+        if request.method == 'POST':
+            redirect_to = request.POST.get(REDIRECT_FIELD_NAME, None)
+        else:
+            redirect_to = request.GET.get(REDIRECT_FIELD_NAME, None)
         if not redirect_to:
             redirect_to = django_settings.LOGIN_REDIRECT_URL
         redirect_to = base64.urlsafe_b64encode(redirect_to.encode()).decode()

{django_auth_adfs-1.14.0 → django_auth_adfs-1.15.0}/django_auth_adfs/rest_framework.py RENAMED Viewed

@@ -6,6 +6,8 @@ from rest_framework.authentication import (
     BaseAuthentication, get_authorization_header
 )
+from django_auth_adfs.exceptions import MFARequired
 class AdfsAccessTokenAuthentication(BaseAuthentication):
     """
@@ -33,7 +35,10 @@ class AdfsAccessTokenAuthentication(BaseAuthentication):
         # Authenticate the user
         # The AdfsAuthCodeBackend authentication backend will notice the "access_token" parameter
         # and skip the request for an access token using the authorization code
-        user = authenticate(access_token=auth[1])
+        try:
+            user = authenticate(access_token=auth[1])
+        except MFARequired as e:
+            raise exceptions.AuthenticationFailed('MFA auth is required.') from e
         if user is None:
             raise exceptions.AuthenticationFailed('Invalid access token.')

{django_auth_adfs-1.14.0 → django_auth_adfs-1.15.0}/django_auth_adfs/views.py RENAMED Viewed

@@ -84,6 +84,15 @@ class OAuth2LoginView(View):
         """
         return redirect(provider_config.build_authorization_endpoint(request))
+    def post(self, request):
+        """
+        Initiates the OAuth2 flow and redirect the user agent to ADFS
+        Args:
+            request (django.http.request.HttpRequest): A Django Request object
+        """
+        return redirect(provider_config.build_authorization_endpoint(request))
 class OAuth2LoginNoSSOView(View):
     def get(self, request):
@@ -95,6 +104,15 @@ class OAuth2LoginNoSSOView(View):
         """
         return redirect(provider_config.build_authorization_endpoint(request, disable_sso=True))
+    def post(self, request):
+        """
+        Initiates the OAuth2 flow and redirect the user agent to ADFS
+        Args:
+            request (django.http.request.HttpRequest): A Django Request object
+        """
+        return redirect(provider_config.build_authorization_endpoint(request, disable_sso=True))
 class OAuth2LoginForceMFA(View):
     def get(self, request):
@@ -106,6 +124,15 @@ class OAuth2LoginForceMFA(View):
         """
         return redirect(provider_config.build_authorization_endpoint(request, force_mfa=True))
+    def post(self, request):
+        """
+        Initiates the OAuth2 flow and redirect the user agent to ADFS
+        Args:
+            request (django.http.request.HttpRequest): A Django Request object
+        """
+        return redirect(provider_config.build_authorization_endpoint(request, force_mfa=True))
 class OAuth2LogoutView(View):
     def get(self, request):
@@ -117,3 +144,13 @@ class OAuth2LogoutView(View):
         """
         logout(request)
         return redirect(provider_config.build_end_session_endpoint())
+    def post(self, request):
+        """
+        Logs out the user from both Django and ADFS
+        Args:
+            request (django.http.request.HttpRequest): A Django Request object
+        """
+        logout(request)
+        return redirect(provider_config.build_end_session_endpoint())

{django_auth_adfs-1.14.0 → django_auth_adfs-1.15.0}/pyproject.toml RENAMED Viewed

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = 'django-auth-adfs'
-version = "1.14.0"  # Remember to also change __init__.py version
+version = "1.15.0"  # Remember to also change __init__.py version
 description = 'A Django authentication backend for Microsoft ADFS and AzureAD'
 authors = ['Joris Beckers <joris.beckers@gmail.com>']
 maintainers = ['Jonas Krüger Svensson <jonas-ks@hotmail.com>', 'Sondre Lillebø Gundersen <sondrelg@live.no>']
@@ -14,17 +14,18 @@ classifiers = [
     'Environment :: Web Environment',
     'Framework :: Django :: 4.2',
     'Framework :: Django :: 5.0',
+    'Framework :: Django :: 5.1',
     'Intended Audience :: Developers',
     'Intended Audience :: End Users/Desktop',
     'Operating System :: OS Independent',
     'License :: OSI Approved :: BSD License',
     'Programming Language :: Python',
     'Programming Language :: Python :: 3',
-    'Programming Language :: Python :: 3.8',
     'Programming Language :: Python :: 3.9',
     'Programming Language :: Python :: 3.10',
     'Programming Language :: Python :: 3.11',
     'Programming Language :: Python :: 3.12',
+    'Programming Language :: Python :: 3.13',
     'Topic :: Internet :: WWW/HTTP',
     'Topic :: Internet :: WWW/HTTP :: Dynamic Content',
     'Topic :: Internet :: WWW/HTTP :: WSGI',
@@ -34,9 +35,9 @@ classifiers = [
 ]
 [tool.poetry.dependencies]
-python = '^3.8'
+python = '^3.9'
 django = [
-    { version = '^4.2', python = '>=3.8 <3.10' },
+    { version = '^4.2', python = '>=3.9 <3.10' },
     { version = '^4.2 || ^5', python = '>=3.10' },
 ]
 requests = '*'