diff --git a/api/config/settings/common.py b/api/config/settings/common.py index fb42e6b75..dd040d145 100644 --- a/api/config/settings/common.py +++ b/api/config/settings/common.py @@ -627,6 +627,7 @@ OAUTH2_PROVIDER_APPLICATION_MODEL = "users.Application" OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL = "users.AccessToken" OAUTH2_PROVIDER_GRANT_MODEL = "users.Grant" OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL = "users.RefreshToken" +OAUTH2_PROVIDER_ID_TOKEN_MODEL = "users.IdToken" SCOPED_TOKENS_MAX_AGE = 60 * 60 * 24 * 3 diff --git a/api/funkwhale_api/contrib/sites/migrations/0004_alter_site_options.py b/api/funkwhale_api/contrib/sites/migrations/0004_alter_site_options.py new file mode 100644 index 000000000..696f8b52a --- /dev/null +++ b/api/funkwhale_api/contrib/sites/migrations/0004_alter_site_options.py @@ -0,0 +1,17 @@ +# Generated by Django 3.2.4 on 2021-07-03 18:10 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('sites', '0003_auto_20171214_2205'), + ] + + operations = [ + migrations.AlterModelOptions( + name='site', + options={'ordering': ['domain'], 'verbose_name': 'site', 'verbose_name_plural': 'sites'}, + ), + ] diff --git a/api/funkwhale_api/music/migrations/0054_alter_uploadversion_mimetype.py b/api/funkwhale_api/music/migrations/0054_alter_uploadversion_mimetype.py new file mode 100644 index 000000000..f91f3d67b --- /dev/null +++ b/api/funkwhale_api/music/migrations/0054_alter_uploadversion_mimetype.py @@ -0,0 +1,18 @@ +# Generated by Django 3.2.4 on 2021-07-03 18:10 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('music', '0053_denormalize_audio_permissions'), + ] + + operations = [ + migrations.AlterField( + model_name='uploadversion', + name='mimetype', + field=models.CharField(choices=[('audio/mp3', 'mp3'), ('audio/mpeg3', 'mp3'), ('audio/x-mp3', 'mp3'), ('audio/mpeg', 'mp3'), ('video/ogg', 'ogg'), ('audio/ogg', 'ogg'), ('audio/opus', 'opus'), ('audio/x-m4a', 'aac'), ('audio/x-m4a', 'm4a'), ('audio/x-flac', 'flac'), ('audio/flac', 'flac'), ('audio/aiff', 'aif'), ('audio/x-aiff', 'aif'), ('audio/aiff', 'aiff'), ('audio/x-aiff', 'aiff')], max_length=50), + ), + ] diff --git a/api/funkwhale_api/users/migrations/0021_auto_20210703_1810.py b/api/funkwhale_api/users/migrations/0021_auto_20210703_1810.py new file mode 100644 index 000000000..247fc34bf --- /dev/null +++ b/api/funkwhale_api/users/migrations/0021_auto_20210703_1810.py @@ -0,0 +1,67 @@ +# Generated by Django 3.2.4 on 2021-07-03 18:10 + +from django.conf import settings +from django.db import migrations, models +import django.db.models.deletion +import uuid + + +class Migration(migrations.Migration): + + dependencies = [ + ('users', '0020_application_token'), + ] + + operations = [ + migrations.AddField( + model_name='application', + name='algorithm', + field=models.CharField(blank=True, choices=[('', 'No OIDC support'), ('RS256', 'RSA with SHA-2 256'), ('HS256', 'HMAC with SHA-2 256')], default='', max_length=5), + ), + migrations.AddField( + model_name='grant', + name='claims', + field=models.TextField(blank=True), + ), + migrations.AddField( + model_name='grant', + name='nonce', + field=models.CharField(blank=True, default='', max_length=255), + ), + migrations.AlterField( + model_name='application', + name='authorization_grant_type', + field=models.CharField(choices=[('authorization-code', 'Authorization code'), ('implicit', 'Implicit'), ('password', 'Resource owner password-based'), ('client-credentials', 'Client credentials'), ('openid-hybrid', 'OpenID connect hybrid')], max_length=32), + ), + migrations.AlterField( + model_name='grant', + name='redirect_uri', + field=models.TextField(), + ), + migrations.AlterField( + model_name='user', + name='first_name', + field=models.CharField(blank=True, max_length=150, verbose_name='first name'), + ), + migrations.CreateModel( + name='IdToken', + fields=[ + ('id', models.BigAutoField(primary_key=True, serialize=False)), + ('jti', models.UUIDField(default=uuid.uuid4, editable=False, unique=True, verbose_name='JWT Token ID')), + ('expires', models.DateTimeField()), + ('scope', models.TextField(blank=True)), + ('created', models.DateTimeField(auto_now_add=True)), + ('updated', models.DateTimeField(auto_now=True)), + ('application', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to=settings.OAUTH2_PROVIDER_APPLICATION_MODEL)), + ('user', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='users_idtoken', to=settings.AUTH_USER_MODEL)), + ], + options={ + 'abstract': False, + }, + ), + migrations.AddField( + model_name='accesstoken', + name='id_token', + field=models.OneToOneField(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='access_token', to=settings.OAUTH2_PROVIDER_ID_TOKEN_MODEL), + ), + ] diff --git a/api/funkwhale_api/users/models.py b/api/funkwhale_api/users/models.py index 450404a63..a07b92efa 100644 --- a/api/funkwhale_api/users/models.py +++ b/api/funkwhale_api/users/models.py @@ -393,6 +393,10 @@ class RefreshToken(oauth2_models.AbstractRefreshToken): pass +class IdToken(oauth2_models.AbstractIDToken): + pass + + def get_actor_data(username, **kwargs): slugified_username = federation_utils.slugify_username(username) domain = kwargs.get("domain") diff --git a/api/requirements/base.txt b/api/requirements/base.txt index a084fa84d..677716b5c 100644 --- a/api/requirements/base.txt +++ b/api/requirements/base.txt @@ -57,7 +57,7 @@ pydub~=0.25.1 pyld~=2.0.3 aiohttp~=3.7.4 -django-oauth-toolkit~=1.3.0 +django-oauth-toolkit~=1.5.0 django-storages~=1.11.1 boto3~=1.17.59 unicode-slugify~=0.1.0