PyPI - plain.oauth - Versions diffs - 0.7.4__tar.gz → 0.8.0__tar.gz - Mend

plain.oauth 0.7.4tar.gz → 0.8.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (44) hide show

plain_oauth-0.8.0/.gitignore ADDED Viewed

@@ -0,0 +1,7 @@
+node_modules
+/dist
+/.venv
+*.pyc
+__pycache__
+db.sqlite3
+.env

plain_oauth-0.7.4/README.md → plain_oauth-0.8.0/PKG-INFO RENAMED Viewed

@@ -1,6 +1,16 @@
-<!-- This file is compiled from plain-oauth/plain/oauth/README.md. Do not edit this file directly. -->
-<!-- This file is compiled from plain-oauth/plain/oauth/README.md. Do not edit this file directly. -->
+Metadata-Version: 2.4
+Name: plain.oauth
+Version: 0.8.0
+Summary: OAuth login and API access for Plain.
+Author-email: Dave Gaeddert <dave.gaeddert@dropseed.dev>
+License-Expression: BSD-3-Clause
+License-File: LICENSE
+Requires-Python: >=3.11
+Requires-Dist: plain-auth<1.0.0
+Requires-Dist: plain-models<1.0.0
+Requires-Dist: plain<1.0.0
+Requires-Dist: requests>=2.0.0
+Description-Content-Type: text/markdown
 # plain.oauth

plain_oauth-0.8.0/README.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ ./plain/oauth/README.md

{plain_oauth-0.7.4 → plain_oauth-0.8.0}/plain/oauth/README.md RENAMED Viewed

@@ -1,5 +1,3 @@
-<!-- This file is compiled from plain-oauth/plain/oauth/README.md. Do not edit this file directly. -->
 # plain.oauth
 Let users log in with OAuth providers.

{plain_oauth-0.7.4 → plain_oauth-0.8.0}/plain/oauth/staff.py RENAMED Viewed

@@ -3,7 +3,7 @@ from plain.staff.cards import ChartCard
 from plain.staff.views import (
     StaffModelDetailView,
     StaffModelListView,
-    StaffModelViewset,
+    StaffViewset,
     register_viewset,
 )
@@ -34,7 +34,7 @@ class ProvidersChartCard(ChartCard):
 @register_viewset
-class OAuthConnectionViewset(StaffModelViewset):
+class OAuthConnectionViewset(StaffViewset):
     class ListView(StaffModelListView):
         nav_section = "OAuth"
         model = OAuthConnection

plain_oauth-0.8.0/provider_examples/__init__.py ADDED Viewed

File without changes

plain_oauth-0.8.0/provider_examples/bitbucket.py ADDED Viewed

@@ -0,0 +1,75 @@
+import datetime
+import requests
+from plain.oauth.providers import OAuthProvider, OAuthToken, OAuthUser
+from plain.utils import timezone
+class BitbucketOAuthProvider(OAuthProvider):
+    authorization_url = "https://bitbucket.org/site/oauth2/authorize"
+    def _get_token(self, request_data):
+        response = requests.post(
+            "https://bitbucket.org/site/oauth2/access_token",
+            auth=(self.get_client_id(), self.get_client_secret()),
+            headers={
+                "Accept": "application/json",
+            },
+            data=request_data,
+        )
+        response.raise_for_status()
+        data = response.json()
+        return OAuthToken(
+            access_token=data["access_token"],
+            refresh_token=data["refresh_token"],
+            access_token_expires_at=timezone.now()
+            + datetime.timedelta(seconds=data["expires_in"]),
+        )
+    def get_oauth_token(self, *, code, request):
+        return self._get_token(
+            {
+                "grant_type": "authorization_code",
+                "code": code,
+                "redirect_uri": self.get_callback_url(request=request),
+            }
+        )
+    def refresh_oauth_token(self, *, oauth_token):
+        return self._get_token(
+            {
+                "grant_type": "refresh_token",
+                "refresh_token": oauth_token.refresh_token,
+            }
+        )
+    def get_oauth_user(self, *, oauth_token):
+        response = requests.get(
+            "https://api.bitbucket.org/2.0/user",
+            headers={
+                "Authorization": f"Bearer {oauth_token.access_token}",
+            },
+        )
+        response.raise_for_status()
+        user_id = response.json()["uuid"]
+        username = response.json()["username"]
+        response = requests.get(
+            "https://api.bitbucket.org/2.0/user/emails",
+            headers={
+                "Authorization": f"Bearer {oauth_token.access_token}",
+            },
+        )
+        response.raise_for_status()
+        confirmed_primary_email = [
+            x["email"]
+            for x in response.json()["values"]
+            if x["is_primary"] and x["is_confirmed"]
+        ][0]
+        return OAuthUser(
+            id=user_id,
+            email=confirmed_primary_email,
+            username=username,
+        )

plain_oauth-0.8.0/provider_examples/github.py ADDED Viewed

@@ -0,0 +1,101 @@
+import datetime
+import requests
+from plain.oauth.exceptions import OAuthError
+from plain.oauth.providers import OAuthProvider, OAuthToken, OAuthUser
+from plain.utils import timezone
+class GitHubOAuthProvider(OAuthProvider):
+    authorization_url = "https://github.com/login/oauth/authorize"
+    github_token_url = "https://github.com/login/oauth/access_token"
+    github_user_url = "https://api.github.com/user"
+    github_emails_url = "https://api.github.com/user/emails"
+    def _get_token(self, request_data):
+        response = requests.post(
+            self.github_token_url,
+            headers={
+                "Accept": "application/json",
+            },
+            data=request_data,
+        )
+        response.raise_for_status()
+        data = response.json()
+        oauth_token = OAuthToken(
+            access_token=data["access_token"],
+        )
+        # Expiration and refresh tokens are optional in GitHub depending on the app
+        if "expires_in" in data:
+            oauth_token.access_token_expires_at = timezone.now() + datetime.timedelta(
+                seconds=data["expires_in"]
+            )
+        if "refresh_token" in data:
+            oauth_token.refresh_token = data["refresh_token"]
+        if "refresh_token_expires_in" in data:
+            oauth_token.refresh_token_expires_at = timezone.now() + datetime.timedelta(
+                seconds=data["refresh_token_expires_in"]
+            )
+        return oauth_token
+    def get_oauth_token(self, *, code, request):
+        return self._get_token(
+            {
+                "client_id": self.get_client_id(),
+                "client_secret": self.get_client_secret(),
+                "code": code,
+            }
+        )
+    def refresh_oauth_token(self, *, oauth_token):
+        return self._get_token(
+            {
+                "client_id": self.get_client_id(),
+                "client_secret": self.get_client_secret(),
+                "refresh_token": oauth_token.refresh_token,
+                "grant_type": "refresh_token",
+            }
+        )
+    def get_oauth_user(self, *, oauth_token):
+        response = requests.get(
+            self.github_user_url,
+            headers={
+                "Accept": "application/json",
+                "Authorization": f"token {oauth_token.access_token}",
+            },
+        )
+        response.raise_for_status()
+        data = response.json()
+        user_id = data["id"]
+        username = data["login"]
+        # Use the verified, primary email address (not the public profile email, which is optional anyway)
+        response = requests.get(
+            self.github_emails_url,
+            headers={
+                "Accept": "application/json",
+                "Authorization": f"token {oauth_token.access_token}",
+            },
+        )
+        response.raise_for_status()
+        try:
+            verified_primary_email = [
+                x["email"] for x in response.json() if x["primary"] and x["verified"]
+            ][0]
+        except IndexError:
+            raise OAuthError("A verified primary email address is required on GitHub")
+        return OAuthUser(
+            id=user_id,
+            email=verified_primary_email,
+            username=username,
+        )

plain_oauth-0.8.0/provider_examples/gitlab.py ADDED Viewed

@@ -0,0 +1,57 @@
+import requests
+from plain.oauth.providers import OAuthProvider, OAuthToken, OAuthUser
+class GitLabOAuthProvider(OAuthProvider):
+    authorization_url = "https://gitlab.com/oauth/authorize"
+    def _get_token(self, request_data):
+        request_data["client_id"] = self.get_client_id()
+        request_data["client_secret"] = self.get_client_secret()
+        response = requests.post(
+            "https://gitlab.com/oauth/token",
+            headers={
+                "Accept": "application/json",
+            },
+            data=request_data,
+        )
+        response.raise_for_status()
+        data = response.json()
+        return OAuthToken(
+            access_token=data["access_token"],
+            refresh_token=data["refresh_token"],
+            # expires_in is missing in response?
+        )
+    def get_oauth_token(self, *, code, request):
+        return self._get_token(
+            {
+                "grant_type": "authorization_code",
+                "code": code,
+                "redirect_uri": self.get_callback_url(request=request),
+            }
+        )
+    def refresh_oauth_token(self, *, oauth_token):
+        return self._get_token(
+            {
+                "grant_type": "refresh_token",
+                "refresh_token": oauth_token.refresh_token,
+            }
+        )
+    def get_oauth_user(self, *, oauth_token):
+        response = requests.get(
+            "https://gitlab.com/api/v4/user",
+            headers={
+                "Authorization": f"Bearer {oauth_token.access_token}",
+            },
+        )
+        response.raise_for_status()
+        data = response.json()
+        return OAuthUser(
+            id=data["id"],
+            email=data["email"],
+            username=data["username"],
+        )

plain_oauth-0.8.0/pyproject.toml ADDED Viewed

@@ -0,0 +1,34 @@
+[project]
+name = "plain.oauth"
+version = "0.8.0"
+description = "OAuth login and API access for Plain."
+authors = [{name = "Dave Gaeddert", email = "dave.gaeddert@dropseed.dev"}]
+license = "BSD-3-Clause"
+readme = "README.md"
+requires-python = ">=3.11"
+dependencies = [
+    "plain<1.0.0",
+    "plain.auth<1.0.0",
+    "plain.models<1.0.0",
+    "requests>=2.0.0",
+]
+[tool.pytest.ini_options]
+python_files = "tests.py test_*.py *_tests.py"
+PLAIN_SETTINGS_MODULE = "tests.settings"
+FAIL_INVALID_TEMPLATE_VARS = true
+[tool.uv]
+dev-dependencies = [
+    "plain.pytest<1.0.0",
+]
+[tool.uv.sources]
+"plain.pytest" = {path = "../plain-pytest", editable = true}
+[tool.hatch.build.targets.wheel]
+packages = ["plain"]
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"

plain_oauth-0.8.0/tests/app/settings.py ADDED Viewed

@@ -0,0 +1,49 @@
+from os import environ
+SECRET_KEY = "test"
+INSTALLED_PACKAGES = [
+    "plain.auth",
+    "plain.sessions",
+    "plain.models",
+    "plain.oauth",
+    "app.users",
+]
+DATABASES = {
+    "default": {
+        "ENGINE": "plain.models.backends.sqlite3",
+        "NAME": ":memory:",
+    }
+}
+MIDDLEWARE = [
+    "plain.sessions.middleware.SessionMiddleware",
+    "plain.auth.middleware.AuthenticationMiddleware",
+]
+AUTH_LOGIN_URL = "login"
+AUTH_USER_MODEL = "users.User"
+# OAuth providers to use for a real, interactive test
+# (in a real config you'd probably do environ["key"] to raise a KeyError if an env var is forgotten)
+OAUTH_LOGIN_PROVIDERS = {
+    "github": {
+        "class": "providers.github.GitHubOAuthProvider",
+        "kwargs": {
+            "client_id": environ.get("GITHUB_CLIENT_ID"),
+            "client_secret": environ.get("GITHUB_CLIENT_SECRET"),
+        },
+    },
+    "bitbucket": {
+        "class": "providers.bitbucket.BitbucketOAuthProvider",
+        "kwargs": {
+            "client_id": environ.get("BITBUCKET_KEY"),
+            "client_secret": environ.get("BITBUCKET_SECRET"),
+        },
+    },
+    "gitlab": {
+        "class": "providers.gitlab.GitLabOAuthProvider",
+        "kwargs": {
+            "client_id": environ.get("GITLAB_APPLICATION_ID"),
+            "client_secret": environ.get("GITLAB_APPLICATION_SECRET"),
+            "scope": "read_user",
+        },
+    },
+}

plain_oauth-0.8.0/tests/app/templates/base.html ADDED Viewed

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Document</title>
+</head>
+<body>
+    {% block content %}
+    {% endblock %}
+</body>
+</html>

plain_oauth-0.8.0/tests/app/templates/index.html ADDED Viewed

@@ -0,0 +1,33 @@
+{% extends "base.html" %}
+{% block content %}
+Hello {{ request.user }}!
+<h2>Existing connections</h2>
+<ul>
+    {% for connection in request.user.oauth_connections.all() %}
+    <li>
+        {{ connection.provider_key }} [ID: {{ connection.provider_user_id }}]
+        <form action="{{ url('oauth:disconnect', connection.provider_key) }}" method="post">
+            {{ csrf_input }}
+            <input type="hidden" name="provider_user_id" value="{{ connection.provider_user_id }}">
+            <button type="submit">Disconnect</button>
+        </form>
+    </li>
+    {% endfor %}
+</ul>
+<h2>Add a connection</h2>
+<ul>
+    {% for provider_key in oauth_provider_keys %}
+    <li>
+        {{ provider_key}}
+        <form action="{{ url('oauth:connect', provider_key) }}" method="post">
+            {{ csrf_input }}
+            <button type="submit">Connect</button>
+        </form>
+    </li>
+    {% endfor %}
+</ul>
+{% endblock %}

plain_oauth-0.8.0/tests/app/templates/login.html ADDED Viewed

@@ -0,0 +1,17 @@
+{% extends "base.html" %}
+{% block content %}
+<h1>Login</h1>
+<form action="{% url 'oauth:login' 'github' %}" method="post">
+    {{ csrf_input }}
+    <button type="submit">Login with GitHub</button>
+</form>
+<form action="{% url 'oauth:login' 'gitlab' %}" method="post">
+    {{ csrf_input }}
+    <button type="submit">Login with GitLab</button>
+</form>
+<form action="{% url 'oauth:login' 'bitbucket' %}" method="post">
+    {{ csrf_input }}
+    <button type="submit">Login with Bitbucket</button>
+</form>
+{% endblock %}

plain_oauth-0.8.0/tests/app/urls.py ADDED Viewed

@@ -0,0 +1,26 @@
+import plain.oauth.urls
+from plain.auth.views import AuthViewMixin, LogoutView
+from plain.oauth.providers import get_provider_keys
+from plain.urls import include, path
+from plain.views import TemplateView
+class LoggedInView(AuthViewMixin, TemplateView):
+    template_name = "index.html"
+    def get_template_context(self):
+        context = super().get_template_context()
+        context["oauth_provider_keys"] = get_provider_keys()
+        return context
+class LoginView(TemplateView):
+    template_name = "login.html"
+urlpatterns = [
+    path("oauth/", include(plain.oauth.urls)),
+    path("login/", LoginView, name="login"),
+    path("logout/", LogoutView, name="logout"),
+    path("", LoggedInView),
+]

plain_oauth-0.8.0/tests/app/users/models.py ADDED Viewed

@@ -0,0 +1,9 @@
+from plain import models
+class User(models.Model):
+    email = models.EmailField(unique=True)
+    username = models.CharField(max_length=100, unique=True)
+    def __str__(self):
+        return self.username

plain_oauth-0.8.0/tests/provider_tests/__init__.py ADDED Viewed

File without changes

plain_oauth-0.8.0/tests/provider_tests/test_github.py ADDED Viewed

@@ -0,0 +1,66 @@
+from tests.providers.github import GitHubOAuthProvider
+from plain.oauth.providers import OAuthToken, OAuthUser
+class DummyGitHubOAuthProvider(GitHubOAuthProvider):
+    def generate_state(self) -> str:
+        return "dummy_state"
+    def get_oauth_token(self, code, request):
+        return OAuthToken(access_token="gho_key")
+    def get_oauth_user(self, oauth_token):
+        return OAuthUser(
+            id="99",
+            username="userone",
+            email="user@example.com",
+        )
+def test_github_provider(db, client, settings):
+    settings.OAUTH_LOGIN_PROVIDERS = {
+        "github": {
+            "class": "provider_tests.test_github.DummyGitHubOAuthProvider",
+            "kwargs": {
+                "client_id": "test_id",
+                "client_secret": "test_secret",
+                "scope": "user",
+            },
+        }
+    }
+    # Login required for this view
+    response = client.get("/")
+    assert response.status_code == 302
+    assert response.url == "/login/?next=/"
+    # User clicks the login link (form submit)
+    response = client.post("/oauth/github/login/")
+    assert response.status_code == 302
+    assert (
+        response.url
+        == "https://github.com/login/oauth/authorize?client_id=test_id&redirect_uri=https%3A%2F%2Ftestserver%2Foauth%2Fgithub%2Fcallback%2F&response_type=code&scope=user&state=dummy_state"
+    )
+    # GitHub redirects to the callback url
+    response = client.get("/oauth/github/callback/?code=test_code&state=dummy_state")
+    assert response.status_code == 302
+    assert response.url == "/"
+    # Now logged in
+    response = client.get("/")
+    assert response.status_code == 200
+    assert b"Hello userone!\n" in response.content
+    # Check the user and connection that was created
+    user = response.user
+    assert user.username == "userone"
+    assert user.email == "user@example.com"
+    connections = user.oauth_connections.all()
+    assert len(connections) == 1
+    assert connections[0].provider_key == "github"
+    assert connections[0].provider_user_id == "99"
+    assert connections[0].access_token == "gho_key"
+    assert connections[0].refresh_token == ""
+    assert connections[0].access_token_expires_at is None

plain_oauth-0.8.0/tests/providers/__init__.py ADDED Viewed

File without changes

plain_oauth-0.8.0/tests/providers/bitbucket.py ADDED Viewed

@@ -0,0 +1,75 @@
+import datetime
+import requests
+from plain.oauth.providers import OAuthProvider, OAuthToken, OAuthUser
+from plain.utils import timezone
+class BitbucketOAuthProvider(OAuthProvider):
+    authorization_url = "https://bitbucket.org/site/oauth2/authorize"
+    def _get_token(self, request_data):
+        response = requests.post(
+            "https://bitbucket.org/site/oauth2/access_token",
+            auth=(self.get_client_id(), self.get_client_secret()),
+            headers={
+                "Accept": "application/json",
+            },
+            data=request_data,
+        )
+        response.raise_for_status()
+        data = response.json()
+        return OAuthToken(
+            access_token=data["access_token"],
+            refresh_token=data["refresh_token"],
+            access_token_expires_at=timezone.now()
+            + datetime.timedelta(seconds=data["expires_in"]),
+        )
+    def get_oauth_token(self, *, code, request):
+        return self._get_token(
+            {
+                "grant_type": "authorization_code",
+                "code": code,
+                "redirect_uri": self.get_callback_url(request=request),
+            }
+        )
+    def refresh_oauth_token(self, *, oauth_token):
+        return self._get_token(
+            {
+                "grant_type": "refresh_token",
+                "refresh_token": oauth_token.refresh_token,
+            }
+        )
+    def get_oauth_user(self, *, oauth_token):
+        response = requests.get(
+            "https://api.bitbucket.org/2.0/user",
+            headers={
+                "Authorization": f"Bearer {oauth_token.access_token}",
+            },
+        )
+        response.raise_for_status()
+        user_id = response.json()["uuid"]
+        username = response.json()["username"]
+        response = requests.get(
+            "https://api.bitbucket.org/2.0/user/emails",
+            headers={
+                "Authorization": f"Bearer {oauth_token.access_token}",
+            },
+        )
+        response.raise_for_status()
+        confirmed_primary_email = [
+            x["email"]
+            for x in response.json()["values"]
+            if x["is_primary"] and x["is_confirmed"]
+        ][0]
+        return OAuthUser(
+            id=user_id,
+            email=confirmed_primary_email,
+            username=username,
+        )

plain.oauth 0.7.4__tar.gz → 0.8.0__tar.gz

plain.oauth 0.7.4tar.gz → 0.8.0tar.gz