django-esi 8.1.0__py3-none-any.whl

esi/management/commands/migrate_to_ssov2.py

@@ -0,0 +1,188 @@
+from datetime import datetime
+from django.core.management.base import BaseCommand, CommandError
+
+from django.db.migrations.recorder import MigrationRecorder
+from django.utils import timezone
+
+from esi.models import Token
+from esi.errors import (
+    TokenInvalidError,
+    IncompleteResponseError,
+    NotRefreshableTokenError,
+)
+from esi import app_settings
+from oauthlib.oauth2.rfc6749.errors import (
+    InvalidClientIdError,
+    InvalidGrantError,
+    InvalidTokenError,
+)
+from requests.auth import HTTPBasicAuth
+
+from tqdm import tqdm
+
+from requests_oauthlib import OAuth2Session
+
+import pytz
+
+EVE_SSOV1_END_DATE = pytz.UTC.localize(
+    datetime(year=2021, month=11, day=1, hour=0, minute=0)
+)
+
+
+def _sso_v1_refresh(
+    session: OAuth2Session, auth: HTTPBasicAuth, token: Token, message: str
+):
+    """
+    SSOv1 Refresh.
+    """
+    try:
+        _data = session.refresh_token(
+            "https://login.eveonline.com/oauth/token",
+            refresh_token=token.refresh_token,
+            auth=auth,
+        )
+        token.access_token = _data["access_token"]
+        token.refresh_token = _data["refresh_token"]
+        token.sso_version = 1
+        token.created = timezone.now()
+        token.save()
+        return (True, None)
+    except (InvalidGrantError):
+        return (
+            False,
+            (
+                "ID:%s '%s' %s SSOv1 Refresh failed"
+                " (InvalidGrant)" % (token.id, token.character_name, message)
+            ),
+        )
+    except (InvalidTokenError, InvalidClientIdError):
+        return (
+            False,
+            (
+                "ID:%s '%s' %s SSOv1 Refresh Failed "
+                "(InvalidToken, InvalidClientId)"
+                % (token.id, token.character_name, message)
+            ),
+        )
+    except Exception as e:
+        return (
+            False,
+            (
+                "ID:%s '%s' %s SSOv1 "
+                "Refresh Failed (%s)" % (token.id, token.character_name, message, e)
+            ),
+        )
+
+
+class Command(BaseCommand):
+    help = "Attempt to Migrate all SSOv1 Tokens to SSOv2, and report failures."
+    requires_migrations_checks = True
+    requires_system_checks = '__all__'
+
+    def add_arguments(self, parser):
+        parser.add_argument(
+            "--skip-v1-checks",
+            action="store_true",
+            help="Do not test on SSOv1 Endpoints, both before"
+            " updating to SSOv2 and after a failure.",
+        )
+        parser.add_argument(
+            "--purge",
+            action="store_true",
+            help="Purge Tokens that fail the SSOv2 Update",
+        )
+        parser.add_argument("-n", help="Number of Tokens to update", type=int)
+
+    def handle(self, *args, **options):
+        if timezone.now() > EVE_SSOV1_END_DATE:
+            self.stdout.write(
+                self.style.WARNING(
+                    "WARNING: Conversion of SSO v1 tokens is not garenteered to work "
+                    f"past {EVE_SSOV1_END_DATE.strftime('%x')}."
+                )
+            )
+        use_v1 = not options.get("skip_v1_checks", False)
+        purge = options.get("purge", False)
+        batch = options.get("n", False)
+
+        migration_10 = MigrationRecorder.Migration.objects.filter(
+            app="esi", name="0010_set_new_tokens_to_sso_v2"
+        ).exists()
+
+        if not migration_10:
+            raise CommandError("Run migrations first and try again!")
+        else:
+            self.stdout.write("\n\nMigrations up to date. Proceeding to updates!")
+
+        if not use_v1:
+            self.stdout.write("\n\nSkipping SSOv1 pre/post error Verification!")
+
+        # lets reuse our own session and auth
+        session = OAuth2Session(app_settings.ESI_SSO_CLIENT_ID)
+        auth = HTTPBasicAuth(
+            app_settings.ESI_SSO_CLIENT_ID, app_settings.ESI_SSO_CLIENT_SECRET
+        )
+
+        # only do tokens that are SSOv1
+        tokens = Token.objects.filter(sso_version=1)
+        if batch:
+            tokens = tokens[:batch]
+        total = tokens.count()
+
+        if total > 0:
+            self.stdout.write("There are %s Tokens to update." % (total))
+        else:
+            return self.stdout.write("There are no Tokens to update.")
+
+        failures = []
+        # Nice Progress bar as this may take a while.
+        with tqdm(total=total) as t:
+            for token in tokens:
+                if use_v1:
+                    result, message = _sso_v1_refresh(session, auth, token, "Initial")
+                    if not result:
+                        failures.append(message)
+                        if purge:
+                            token.delete()
+                        t.update(1)
+                        continue
+                try:
+                    token.refresh(session=session, auth=auth)
+                except (TokenInvalidError, IncompleteResponseError):
+                    if use_v1:
+                        result, messaage = _sso_v1_refresh(
+                            session, auth, token, "Post v2 Failure"
+                        )
+                        if not result:
+                            failures.append(messaage)
+                            if purge:
+                                token.delete()
+                        else:
+                            failures.append(
+                                "ID:%s '%s' SSOv2 Migration failed"
+                                " (SSOv1 Re-Verification Ok)"
+                                % (token.id, token.character_name)
+                            )
+
+                    else:
+                        failures.append(
+                            "ID:%s '%s' SSOv2 Migration failed"
+                            " (TokenInvalidError, "
+                            "IncompleteResponseError)"
+                            % (token.id, token.character_name)
+                        )
+                        if purge:
+                            token.delete()
+                except NotRefreshableTokenError:
+                    failures.append(
+                        "ID:%s '%s' SSOv2 Migration failed"
+                        " (NotRefreshableTokenError)" % (token.id, token.character_name)
+                    )
+                    if purge:
+                        token.delete()
+
+                t.update(1)
+
+        self.stdout.write("Completed Updates!")
+        self.stdout.write("%s Failures!" % (len(failures)))
+        self.stdout.write("\n".join(failures))

esi/managers.py

@@ -0,0 +1,303 @@
+import logging
+from datetime import timedelta
+from typing import Any
+
+import requests
+from jose import jwt
+from jose.exceptions import ExpiredSignatureError, JWTError
+from requests_oauthlib import OAuth2Session
+
+from django.db import models
+from django.utils import timezone
+
+from . import app_settings
+from .errors import IncompleteResponseError, TokenError
+
+logger = logging.getLogger(__name__)
+
+
+def _process_scopes(scopes) -> set[str]:
+    if scopes is None:
+        # support filtering by no scopes with None passed
+        scopes = []
+    if not isinstance(scopes, models.QuerySet) and len(scopes) == 1:
+        # support a single space-delimited string inside a list because :users:
+        scopes = scopes[0]
+    # support space-delimited string scopes or lists
+    if isinstance(scopes, str):
+        scopes = set(scopes.split())
+    return {str(s) for s in scopes}
+
+
+class TokenQueryset(models.QuerySet["Token"]):
+    def get_expired(self) -> "TokenQueryset":
+        """Get all tokens which have expired.
+
+        Returns:
+            All expired tokens.
+        """
+        max_age = \
+            timezone.now() - timedelta(seconds=app_settings.ESI_TOKEN_VALID_DURATION)
+        return self.filter(created__lte=max_age)
+
+    def bulk_refresh(self) -> "TokenQueryset":
+        """Refresh all refreshable tokens in the queryset and delete any expired token
+        that fails to refresh or can not be refreshed.
+
+        Excludes tokens for which the refresh was incomplete for other reasons.
+
+        Returns:
+            All refreshed tokens
+        """
+        session = OAuth2Session(app_settings.ESI_SSO_CLIENT_ID)
+        auth = requests.auth.HTTPBasicAuth(
+            app_settings.ESI_SSO_CLIENT_ID, app_settings.ESI_SSO_CLIENT_SECRET
+        )
+        incomplete = []
+        for model in self.filter(refresh_token__isnull=False):
+            try:
+                model.refresh(session=session, auth=auth)
+                logging.debug("Successfully refreshed %r", model)
+            except TokenError:
+                logger.info("Refresh failed for %r. Deleting.", model)
+                model.delete()
+            except IncompleteResponseError:
+                incomplete.append(model.pk)
+        self.filter(refresh_token__isnull=True).get_expired().delete()
+        return self.exclude(pk__in=incomplete)
+
+    def require_valid(self) -> "TokenQueryset":
+        """Ensure all tokens are still valid and attempt to refresh any which are expired
+
+        Deletes those which fail to refresh or cannot be refreshed.
+
+        Returns:
+            All tokens which are still valid.
+        """
+        expired_pks = set(self.get_expired().values_list("pk", flat=True))
+        fresh_pks = set(self.exclude(pk__in=expired_pks).values_list("pk", flat=True))
+        refreshed = self.filter(pk__in=expired_pks).bulk_refresh()
+        refreshed_pks = set(refreshed.values_list("pk", flat=True))
+        qs = self.filter(pk__in=fresh_pks | refreshed_pks)
+        return qs
+
+    def require_scopes(self, scope_string: str | list) -> "TokenQueryset":
+        """Filter tokens which have at least a subset of given scopes.
+
+        Args:
+            scope_string: The required scopes.
+
+        Returns:
+            Tokens which have all requested scopes.
+        """
+        scopes = _process_scopes(scope_string)
+        if not scopes:
+            # asking for tokens with no scopes
+            return self.filter(scopes__isnull=True)
+        from .models import Scope
+        scope_pks = Scope.objects.filter(name__in=scopes).values_list('pk', flat=True)
+        if not len(scopes) == len(scope_pks):
+            # there's a scope we don't recognize, so we can't have any tokens for it
+            return self.none()
+        tokens = self.all()
+        for pk in scope_pks:
+            tokens = tokens.filter(scopes__pk=pk)
+        return tokens
+
+    def require_scopes_exact(self, scope_string: str | list) -> "TokenQueryset":
+        """Filter tokens which exactly have the given scopes.
+
+        Args:
+            scope_string: The required scopes.
+
+        Returns:
+            Tokens which have all requested scopes.
+        """
+        num_scopes = len(_process_scopes(scope_string))
+        scopes_qs = self\
+            .annotate(models.Count('scopes'))\
+            .require_scopes(scope_string)\
+            .filter(scopes__count=num_scopes)\
+            .values('pk', 'scopes__id')
+        pks = [v['pk'] for v in scopes_qs]
+        return self.filter(pk__in=pks)
+
+    def equivalent_to(self, token) -> "TokenQueryset":
+        """Fetch all tokens which match the character and scopes of given reference token
+
+        Args:
+            token: :class:`esi.models.Token` reference token
+        """
+        return self\
+            .filter(character_id=token.character_id)\
+            .require_scopes_exact(token.scopes.all())\
+            .filter(models.Q(user=token.user) | models.Q(user__isnull=True))\
+            .exclude(pk=token.pk)
+
+
+class TokenManager(models.Manager["Token"]):
+    def get_queryset(self) -> TokenQueryset:
+        """
+        Replace base queryset model with custom TokenQueryset
+        :rtype: :class:`esi.managers.TokenQueryset`
+        """
+        return TokenQueryset(self.model, using=self._db)
+
+    @staticmethod
+    def _decode_jwt(jwt_token: str, jwk_set: dict, issuer: Any) -> dict[str, Any]:
+        """
+        Helper function to decide the JWT access token supplied by EVE SSO
+        """
+        logger.debug("Start Decode")
+        token_data = jwt.decode(
+            jwt_token,
+            jwk_set,
+            algorithms=jwk_set["alg"],
+            audience=app_settings.ESI_TOKEN_JWT_AUDIENCE,
+            issuer=issuer
+        )
+        token_detail = token_data.get("sub", None).split(":")
+        token_data['character_id'] = int(token_detail[2])
+        token_data['token_type'] = token_detail[0].lower()
+        logger.debug(token_data)
+        return token_data
+
+    @staticmethod
+    def validate_access_token(token: str) -> dict[str, Any] | None:
+        """
+        Validate a JWT token retrieved from the EVE SSO.
+        :param token: A JWT token originating from the EVE SSO v2
+        :return: :class:`dict` The contents of the validated JWT token if
+            there are no validation errors
+        """
+
+        res = requests.get(app_settings.ESI_TOKEN_JWK_SET_URL)
+        res.raise_for_status()
+        data = res.json()
+
+        try:
+            jwk_sets = data["keys"]
+        except KeyError as e:
+            logger.warning(
+                "Something went wrong when retrieving the JWK set. "
+                "The returned payload did not have the expected key %s.\n"
+                "Payload returned from the SSO looks like: %s",
+                e,
+                data
+            )
+            return None
+
+        jwk_set = [item for item in jwk_sets if item["alg"] == "RS256"].pop()
+        try:
+            return TokenManager._decode_jwt(
+                token,
+                jwk_set,
+                ("login.eveonline.com", "https://login.eveonline.com")
+            )
+        except ExpiredSignatureError:
+            logger.warning("The JWT token has expired")
+            return None
+        except JWTError as e:
+            logger.warning("The JWT signature was invalid: %s", e)
+            return None
+
+    def create_from_code(self, code, user=None) -> "Token":
+        """
+        Perform OAuth code exchange to retrieve a token.
+        :param code: OAuth grant code.
+        :param user: User who will own token.
+        :return: :class:`esi.models.Token`
+        """
+
+        # perform code exchange
+        logger.debug("Creating new token from code %s", code[:-5])
+        oauth = OAuth2Session(
+            app_settings.ESI_SSO_CLIENT_ID,
+            redirect_uri=app_settings.ESI_SSO_CALLBACK_URL
+        )
+        token = oauth.fetch_token(
+            app_settings.ESI_TOKEN_URL,
+            client_secret=app_settings.ESI_SSO_CLIENT_SECRET,
+            code=code
+        )
+
+        token_data = TokenManager.validate_access_token(token.get('access_token', None))
+
+        # translate returned data to a model
+        model = self.create(
+            character_id=token_data['character_id'],
+            character_name=token_data['name'],
+            character_owner_hash=token_data['owner'],
+            access_token=token['access_token'],
+            refresh_token=token['refresh_token'],
+            token_type=token_data['token_type'],
+            user=user,
+        )
+
+        # parse scopes
+        if 'scp' in token_data:
+            from esi.models import Scope
+
+            # if a single scope is supplied its a string... recast to list
+            if isinstance(token_data['scp'], str):
+                token_data['scp'] = [token_data['scp']]
+
+            for s in token_data['scp']:
+                try:
+                    scope = Scope.objects.get(name=s)
+                    model.scopes.add(scope)
+                except Scope.DoesNotExist:
+                    # This scope isn't included in a data migration.
+                    # Create a placeholder until it updates.
+                    try:
+                        help_text = s.split('.')[1].replace('_', ' ').capitalize()
+                    except IndexError:
+                        # Unusual scope name, missing periods.
+                        help_text = s.replace('_', ' ').capitalize()
+                    scope = Scope.objects.create(name=s, help_text=help_text)
+                    model.scopes.add(scope)
+            logger.debug("Added %d scopes to new token.", model.scopes.all().count())
+
+        if not app_settings.ESI_ALWAYS_CREATE_TOKEN:
+            # see if we already have a token for this character and scope combination
+            # if so, we don't need a new one
+            queryset = self.get_queryset().equivalent_to(model)
+            if queryset.exists():
+                logger.debug(
+                    "Identified %d tokens equivalent to new token. "
+                    "Updating access and refresh tokens.",
+                    queryset.count()
+                )
+                queryset.update(
+                    access_token=model.access_token,
+                    refresh_token=model.refresh_token,
+                    created=model.created,
+                )
+                if queryset.filter(user=model.user).exists():
+                    logger.debug(
+                        "Equivalent token with same user exists. Deleting new token."
+                    )
+                    model.delete()
+                    model = queryset.filter(user=model.user)[0]  # pick one at random
+
+        logger.debug("Successfully created %r for user %s", model, user)
+        return model
+
+    def create_from_request(self, request) -> "Token":
+        """
+        Generate a token from the OAuth callback request. Must contain 'code' in GET.
+        :param request: OAuth callback request.
+        :return: :class:`esi.models.Token`
+        """
+        logger.debug(
+            "Creating new token for %s session %s",
+            request.user,
+            request.session.session_key[:5]
+        )
+        code = request.GET.get('code')
+        # attach a user during creation for some functionality in a post_save created
+        # receiver I'm working on elsewhere
+        model = self.create_from_code(
+            code, user=request.user if request.user.is_authenticated else None
+        )
+        return model

esi/managers.pyi

@@ -0,0 +1,85 @@
+from typing import Any
+from django.db.models import QuerySet, Manager
+from .models import Token
+
+
+class TokenQueryset(QuerySet[Token]):
+    def get_expired(self) -> "TokenQueryset":
+        ...
+
+    def bulk_refresh(self) -> "TokenQueryset":
+        ...
+
+    def require_scopes(self, scope_string: str | list) -> "TokenQueryset":
+        ...
+
+    def require_scopes_exact(self, scope_string: str | list) -> "TokenQueryset":
+        ...
+
+    def require_valid(self) -> "TokenQueryset":
+        ...
+
+    def equivalent_to(self, token: Token) -> "TokenQueryset":
+        ...
+
+    def filter(self, *args: Any, **kwargs: Any) -> "TokenQueryset":
+        ...
+
+    def exclude(self, *args: Any, **kwargs: Any) -> "TokenQueryset":
+        ...
+
+    def order_by(self, *field_names: str) -> "TokenQueryset":
+        ...
+
+    def annotate(self, *args: Any, **kwargs: Any) -> "TokenQueryset":
+        ...
+
+    def select_related(self, *fields: str) -> "TokenQueryset":
+        ...
+
+    def prefetch_related(self, *lookups: str) -> "TokenQueryset":
+        ...
+
+    def distinct(self, *field_names: str) -> "TokenQueryset":
+        ...
+
+    def none(self) -> "TokenQueryset":
+        ...
+
+    def all(self) -> "TokenQueryset":
+        ...
+
+
+class TokenManager(Manager[Token]):
+    def get_queryset(self) -> "TokenQueryset":
+        ...
+
+    def require_scopes(self, scope_string: str | list) -> "TokenQueryset":
+        ...
+
+    def filter(self, *args: Any, **kwargs: Any) -> "TokenQueryset":
+        ...
+
+    def exclude(self, *args: Any, **kwargs: Any) -> "TokenQueryset":
+        ...
+
+    def order_by(self, *field_names: str) -> "TokenQueryset":
+        ...
+
+    def annotate(self, *args: Any, **kwargs: Any) -> "TokenQueryset":
+        ...
+
+    def select_related(self, *fields: str) -> "TokenQueryset":
+        ...
+
+    def prefetch_related(self, *lookups: str) -> "TokenQueryset":
+        ...
+
+    def distinct(self, *field_names: str) -> "TokenQueryset":
+        ...
+
+    def none(self) -> "TokenQueryset":
+        ...
+
+    def all(self) -> "TokenQueryset":
+        ...

esi/migrations/0001_initial.py

@@ -0,0 +1,55 @@
+# Generated by Django 1.10.1 on 2016-11-10 23:27
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='CallbackRedirect',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('url', models.CharField(default='/', help_text='The internal URL to redirect this callback towards.', max_length=254)),
+                ('session_key', models.CharField(help_text='Session key identifying the session this redirect was created for.', max_length=254, unique=True)),
+                ('state', models.CharField(help_text='OAuth2 state string representing this session.', max_length=128)),
+                ('created', models.DateTimeField(auto_now_add=True)),
+            ],
+        ),
+        migrations.CreateModel(
+            name='Scope',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(help_text='The official EVE name for the scope.', max_length=100, unique=True)),
+                ('help_text', models.TextField(help_text='The official EVE description of the scope.')),
+            ],
+        ),
+        migrations.CreateModel(
+            name='Token',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('created', models.DateTimeField(auto_now_add=True)),
+                ('access_token', models.CharField(help_text='The access token granted by SSO.', max_length=254, unique=True)),
+                ('refresh_token', models.CharField(blank=True, help_text='A re-usable token to generate new access tokens upon expiry.', max_length=254, null=True)),
+                ('character_id', models.IntegerField(help_text='The ID of the EVE character who authenticated by SSO.')),
+                ('character_name', models.CharField(help_text='The name of the EVE character who authenticated by SSO.', max_length=100)),
+                ('token_type', models.CharField(choices=[('Character', 'Character'), ('Corporation', 'Corporation')], default='Character', help_text='The applicable range of the token.', max_length=100)),
+                ('character_owner_hash', models.CharField(help_text='The unique string identifying this character and its owning EVE account. Changes if the owning account changes.', max_length=254)),
+                ('scopes', models.ManyToManyField(blank=True, help_text='The access scopes granted by this token.', to='esi.Scope')),
+                ('user', models.ForeignKey(blank=True, help_text='The user to whom this token belongs.', null=True, on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
+            ],
+        ),
+        migrations.AddField(
+            model_name='callbackredirect',
+            name='token',
+            field=models.ForeignKey(blank=True, help_text='Token generated by a completed code exchange from callback processing.', null=True, on_delete=django.db.models.deletion.CASCADE, to='esi.Token'),
+        ),
+    ]

esi/migrations/0002_scopes_20161208.py

@@ -0,0 +1,56 @@
+# Generated by Django 1.10.3 on 2016-11-10 15:12
+
+from django.db import migrations
+
+SCOPES = {
+    'esi-planets.manage_planets.v1':
+        "Allows reading a list of a character's planetary colonies, and the details of those colonies.",
+    'esi-ui.open_window.v1': "Allows open window in game client remotely.",
+    'esi-assets.read_assets.v1': "Allows reading a list of assets that the character owns.",
+    'esi-calendar.read_calendar_events.v1': "Allows reading a character's calendar, including corporate events.",
+    'esi-bookmarks.read_character_bookmarks.v1': "Allows reading of a character's bookmarks and bookmark folders.",
+    'esi-wallet.read_character_wallet.v1': "Allows reading of a character's wallet, journal and transaction history.",
+    'esi-clones.read_clones.v1': "Allows reading the locations of a character's jump clones and their implants.",
+    'esi-characters.read_contacts.v1':
+        "Allows reading of a character's contacts list, and calculation of CSPA charges.",
+    'esi-corporations.read_corporation_membership.v1':
+        "Allows reading a list of the ID's and roles of a character's fellow corporation members.",
+    'esi-fleets.read_fleet.v1': "Allows reading information about fleets.",
+    'esi-killmails.read_killmails.v1': "Allows reading of a character's kills and losses.",
+    'esi-location.read_location.v1': "Allows reading of a character's active ship location.",
+    'esi-location.read_ship_type.v1': "Allows reading of a character's active ship class.",
+    'esi-skills.read_skillqueue.v1': "Allows reading of a character's currently training skill queue.",
+    'esi-skills.read_skills.v1': "Allows reading of a character's currently known skills.",
+    'esi-universe.read_structures.v1':
+        "Allows querying the location and type of structures that the character has docking access at.",
+    'esi-calendar.respond_calendar_events.v1': "Allows updating of a character's calendar event responses.",
+    'esi-search.search_structures.v1':
+        "Allows searching over all structures that a character can see in the structure browser.",
+    'esi-fleets.write_fleet.v1': "Allows manipulating fleets.",
+    'esi-ui.write_waypoint.v1': "Allows manipulating waypoints in game client remotely."
+}
+
+
+def generate_scopes(apps, schema_editor):
+    Scope = apps.get_model('esi', 'Scope')
+    for s in SCOPES:
+        Scope.objects.update_or_create(name=s, defaults={'help_text': SCOPES[s]})
+
+
+def delete_scopes(apps, schema_editor):
+    Scope = apps.get_model('esi', 'Scope')
+    for s in SCOPES:
+        try:
+            Scope.objects.get(name=s).delete()
+        except Scope.DoesNotExist:
+            pass
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ('esi', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.RunPython(generate_scopes, delete_scopes)
+    ]