Merge branch 'release/1.3.0'

Jenkinsfile

@@ -2,7 +2,7 @@
 
 //noinspection GroovyAssignabilityCheck
 pipeline {
-    agent any
+    agent { label 'build-agent-01' }
     stages {
         stage('Set Build Variables') {
             steps {

README.rst

@@ -195,6 +195,11 @@ DB Models
 Changelog
 =========
 
+v. 1.3.0
+--------
+
+* Add support for OAuth2 Backend Application FLow
+
 v. 1.2.0
 --------
 

messages.pot

@@ -6,9 +6,9 @@
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: xl_auth 1.2.0\n"
+"Project-Id-Version: xl_auth 1.3.0\n"
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
-"POT-Creation-Date: 2018-06-05 13:25+0200\n"
+"POT-Creation-Date: 2018-08-29 13:49+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <[email protected]>\n"
@@ -39,18 +39,18 @@ msgid "Code cannot be modified"
 msgstr ""
 
 #: tests/end2end/test_collection_editing.py:108 tests/end2end/test_collection_registering.py:105
-#: xl_auth/collection/forms.py:18 xl_auth/oauth/client/forms.py:14
+#: xl_auth/collection/forms.py:18 xl_auth/oauth/client/forms.py:16
 #: xl_auth/templates/oauth/clients/home.html:18 xl_auth/templates/users/home.html:27
 #: xl_auth/templates/users/home.html:91
 msgid "Name"
 msgstr ""
 
 #: tests/end2end/test_collection_editing.py:108 tests/end2end/test_collection_registering.py:82
 #: tests/end2end/test_collection_registering.py:105 tests/end2end/test_user_editing.py:169
-#: tests/forms/test_client_edit.py:46 tests/forms/test_client_edit.py:69
-#: tests/forms/test_client_edit.py:92 tests/forms/test_client_edit.py:103
-#: tests/forms/test_client_register.py:48 tests/forms/test_client_register.py:71
-#: tests/forms/test_client_register.py:94 tests/forms/test_client_register.py:105
+#: tests/forms/test_client_edit.py:74 tests/forms/test_client_edit.py:97
+#: tests/forms/test_client_edit.py:120 tests/forms/test_client_edit.py:131
+#: tests/forms/test_client_register.py:76 tests/forms/test_client_register.py:99
+#: tests/forms/test_client_register.py:122 tests/forms/test_client_register.py:133
 #: tests/forms/test_collection_edit.py:20 tests/forms/test_collection_register.py:21
 #: tests/forms/test_permission_edit.py:49 tests/forms/test_permission_edit.py:67
 #: tests/forms/test_permission_register.py:26 tests/forms/test_permission_register.py:42
@@ -119,7 +119,7 @@ msgstr ""
 msgid "You will only see all permissions for those collections that you are cataloging admin for."
 msgstr ""
 
-#: tests/end2end/test_oauth_deleting_client.py:34 xl_auth/oauth/client/views.py:66
+#: tests/end2end/test_oauth_deleting_client.py:34 xl_auth/oauth/client/views.py:70
 #, python-format
 msgid "Successfully deleted OAuth2 Client \"%(name)s\"."
 msgstr ""
@@ -147,14 +147,14 @@ msgstr ""
 msgid "Successfully deleted permissions for \"%(username)s\" on collection \"%(code)s\"."
 msgstr ""
 
-#: tests/end2end/test_permission_deleting.py:118 tests/forms/test_client_edit.py:23
-#: tests/forms/test_client_register.py:25 tests/forms/test_collection_edit.py:67
+#: tests/end2end/test_permission_deleting.py:118 tests/forms/test_client_edit.py:24
+#: tests/forms/test_client_register.py:26 tests/forms/test_collection_edit.py:67
 #: tests/forms/test_collection_register.py:79 tests/forms/test_permission_delete.py:50
 #: tests/forms/test_permission_edit.py:114 tests/forms/test_permission_register.py:82
 #: tests/forms/test_user_administer.py:53 tests/forms/test_user_change_password.py:45
 #: tests/forms/test_user_edit_details.py:34 tests/forms/test_user_register.py:44
-#: xl_auth/collection/forms.py:41 xl_auth/collection/forms.py:73 xl_auth/oauth/client/forms.py:40
-#: xl_auth/oauth/client/forms.py:67 xl_auth/permission/forms.py:74 xl_auth/permission/forms.py:128
+#: xl_auth/collection/forms.py:41 xl_auth/collection/forms.py:73 xl_auth/oauth/client/forms.py:51
+#: xl_auth/oauth/client/forms.py:86 xl_auth/permission/forms.py:74 xl_auth/permission/forms.py:128
 #: xl_auth/permission/forms.py:151 xl_auth/permission/forms.py:197 xl_auth/templates/403.html:11
 #: xl_auth/user/forms.py:77 xl_auth/user/forms.py:126 xl_auth/user/forms.py:160
 #: xl_auth/user/forms.py:179
@@ -321,9 +321,11 @@ msgstr ""
 
 #: tests/end2end/test_user_editing.py:187 tests/end2end/test_user_editing.py:191
 #: tests/end2end/test_user_inspection.py:63 tests/end2end/test_user_view.py:49
+#: tests/forms/test_client_edit.py:62 tests/forms/test_client_register.py:64
 #: tests/forms/test_permission_edit.py:90 tests/forms/test_permission_register.py:62
-#: xl_auth/permission/forms.py:53 xl_auth/user/views.py:92 xl_auth/user/views.py:111
-#: xl_auth/user/views.py:157 xl_auth/user/views.py:185 xl_auth/user/views.py:210
+#: xl_auth/oauth/client/forms.py:41 xl_auth/oauth/client/forms.py:76 xl_auth/permission/forms.py:53
+#: xl_auth/user/views.py:92 xl_auth/user/views.py:111 xl_auth/user/views.py:157
+#: xl_auth/user/views.py:185 xl_auth/user/views.py:210
 #, python-format
 msgid "User ID \"%(user_id)s\" does not exist"
 msgstr ""
@@ -358,11 +360,11 @@ msgstr ""
 msgid "You will only see permissions for those collections that you are cataloging admin for."
 msgstr ""
 
-#: tests/forms/test_client_edit.py:58 tests/forms/test_client_register.py:60
+#: tests/forms/test_client_edit.py:86 tests/forms/test_client_register.py:88
 msgid "Field must be between 3 and 64 characters long."
 msgstr ""
 
-#: tests/forms/test_client_edit.py:81 tests/forms/test_client_register.py:83
+#: tests/forms/test_client_edit.py:109 tests/forms/test_client_register.py:111
 msgid "Field must be between 3 and 350 characters long."
 msgstr ""
 
@@ -465,29 +467,39 @@ msgstr ""
 msgid "Confirm"
 msgstr ""
 
-#: xl_auth/oauth/client/forms.py:11 xl_auth/templates/oauth/clients/edit.html:38
-#: xl_auth/templates/oauth/clients/register.html:25
+#: xl_auth/oauth/client/forms.py:13 xl_auth/templates/oauth/clients/edit.html:45
+#: xl_auth/templates/oauth/clients/register.html:32
 msgid "Redirect URIs"
 msgstr ""
 
-#: xl_auth/oauth/client/forms.py:12
+#: xl_auth/oauth/client/forms.py:14
 msgid "Default scopes"
 msgstr ""
 
-#: xl_auth/oauth/client/forms.py:13
+#: xl_auth/oauth/client/forms.py:15
 msgid "Confidential"
 msgstr ""
 
-#: xl_auth/oauth/client/forms.py:15 xl_auth/templates/oauth/clients/home.html:19
+#: xl_auth/oauth/client/forms.py:17 xl_auth/templates/oauth/clients/home.html:19
 msgid "Description"
 msgstr ""
 
-#: xl_auth/oauth/client/views.py:46
+#: xl_auth/oauth/client/forms.py:18 xl_auth/permission/forms.py:19
+#: xl_auth/templates/collections/view.html:88 xl_auth/templates/oauth/grants/home.html:14
+#: xl_auth/templates/oauth/tokens/home.html:14 xl_auth/templates/permissions/home.html:17
+msgid "User"
+msgstr ""
+
+#: xl_auth/oauth/client/forms.py:35 xl_auth/oauth/client/forms.py:70 xl_auth/permission/forms.py:31
+msgid "--- Select User ---"
+msgstr ""
+
+#: xl_auth/oauth/client/views.py:50
 #, python-format
 msgid "Client \"%(name)s\" created."
 msgstr ""
 
-#: xl_auth/oauth/client/views.py:88
+#: xl_auth/oauth/client/views.py:97
 #, python-format
 msgid "Thank you for updating client details for \"%(client_id)s\"."
 msgstr ""
@@ -502,12 +514,6 @@ msgstr ""
 msgid "Successfully deleted OAuth2 Bearer token \"%(token_id)s\"."
 msgstr ""
 
-#: xl_auth/permission/forms.py:19 xl_auth/templates/collections/view.html:88
-#: xl_auth/templates/oauth/grants/home.html:14 xl_auth/templates/oauth/tokens/home.html:14
-#: xl_auth/templates/permissions/home.html:17
-msgid "User"
-msgstr ""
-
 #: xl_auth/permission/forms.py:20 xl_auth/templates/permissions/home.html:18
 #: xl_auth/templates/users/inspect.html:74 xl_auth/templates/users/inspect.html:123
 #: xl_auth/templates/users/view.html:71
@@ -535,10 +541,6 @@ msgstr ""
 msgid "Cataloging Admin"
 msgstr ""
 
-#: xl_auth/permission/forms.py:31
-msgid "--- Select User ---"
-msgstr ""
-
 #: xl_auth/permission/forms.py:34
 msgid "--- Select Collection ---"
 msgstr ""
@@ -637,7 +639,7 @@ msgstr ""
 msgid "Edit Existing Collection"
 msgstr ""
 
-#: xl_auth/templates/collections/edit.html:29 xl_auth/templates/oauth/clients/edit.html:44
+#: xl_auth/templates/collections/edit.html:29 xl_auth/templates/oauth/clients/edit.html:51
 #: xl_auth/templates/permissions/edit.html:34 xl_auth/templates/public/reset_password.html:22
 #: xl_auth/templates/users/administer.html:26 xl_auth/templates/users/change_password.html:22
 #: xl_auth/templates/users/edit_details.html:18
@@ -688,7 +690,7 @@ msgstr ""
 msgid "Register New Collection"
 msgstr ""
 
-#: xl_auth/templates/collections/register.html:26 xl_auth/templates/oauth/clients/register.html:31
+#: xl_auth/templates/collections/register.html:26 xl_auth/templates/oauth/clients/register.html:38
 #: xl_auth/templates/permissions/register.html:33 xl_auth/templates/users/register.html:22
 msgid "Register"
 msgstr ""
@@ -781,6 +783,10 @@ msgstr ""
 msgid "Client description"
 msgstr ""
 
+#: xl_auth/templates/oauth/clients/edit.html:33 xl_auth/templates/oauth/clients/register.html:20
+msgid "This should only be set for clients that will use backend application flow."
+msgstr ""
+
 #: xl_auth/templates/oauth/clients/home.html:4 xl_auth/templates/oauth/clients/home.html:8
 msgid "OAuth2 Clients"
 msgstr ""

migrations/versions/ba020591fae8_add_optional_user_to_oauth2_client.py

@@ -0,0 +1,32 @@
+"""Add optional user to OAuth2 client.
+
+Revision ID: ba020591fae8
+Revises: a6c5437cfd80
+Create Date: 2018-08-21 12:58:24.101819
+
+"""
+
+from __future__ import absolute_import, division, print_function, unicode_literals
+
+import sqlalchemy as sa
+from alembic import op
+
+# Revision identifiers, used by Alembic.
+revision = 'ba020591fae8'
+down_revision = 'a6c5437cfd80'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    """Add user column to client table."""
+    with op.batch_alter_table('clients', schema=None) as batch_op:
+        batch_op.add_column(sa.Column('user_id', sa.Integer(), nullable=True))
+        batch_op.create_foreign_key('fk_client_user_id', 'users', ['user_id'], ['id'])
+
+
+def downgrade():
+    """Remove user column from client table."""
+    with op.batch_alter_table('clients', schema=None) as batch_op:
+        batch_op.drop_constraint('fk_client_user_id', type_='foreignkey')
+        batch_op.drop_column('user_id')

package.json

@@ -1,6 +1,6 @@
 {
   "name": "xl_auth",
-  "version": "1.2.0",
+  "version": "1.3.0",
   "author": "National Library of Sweden",
   "license": "Apache-2.0",
   "description": "Authorization and OAuth2 provider for LibrisXL",

tests/forms/test_client_edit.py

@@ -14,6 +14,7 @@ def test_user_cannot_edit_client(user, client):
     """Attempt to edit a client as regular user."""
     form = EditForm(user, name=client.name,
                     description=client.description,
+                    user_id=-1,
                     is_confidential=not client.is_confidential,
                     redirect_uris='http://localhost/',
                     default_scopes='read write')
@@ -27,13 +28,40 @@ def test_validate_success(superuser, client):
     """Edit entry with success."""
     form = EditForm(superuser, name=client.name,
                     description=client.description,
+                    user_id=-1,
                     is_confidential=not client.is_confidential,
                     redirect_uris='http://localhost/',
                     default_scopes='read write')
 
     assert form.validate() is True
 
 
+def test_validate_success_with_user_id(superuser, user, client):
+    """Edit entry with user_id with success."""
+    form = EditForm(superuser, name=client.name,
+                    description=client.description,
+                    user_id=user.id,
+                    is_confidential=not client.is_confidential,
+                    redirect_uris='http://localhost/',
+                    default_scopes='read write')
+
+    assert form.validate() is True
+
+
+def test_invalid_user_id(superuser, client):
+    """Attempt to edit client with invalid user_id."""
+    bad_user_id = 42000000
+    form = EditForm(superuser, name=client.name,
+                    description=client.description,
+                    user_id=bad_user_id,
+                    is_confidential=not client.is_confidential,
+                    redirect_uris='http://localhost/',
+                    default_scopes='read write')
+
+    assert form.validate() is False
+    assert _('User ID "%(user_id)s" does not exist', user_id=bad_user_id) in form.user_id.errors
+
+
 def test_missing_name(superuser, client):
     """Attempt to register client with missing name."""
     form = EditForm(superuser,

tests/forms/test_client_register.py

@@ -16,6 +16,7 @@ def test_user_cannot_register_client(user):
     """Attempt to register a client as regular user."""
     form = RegisterForm(user, name='Client',
                         description='OAuth2 Client',
+                        user_id=-1,
                         is_confidential=choice([True, False]),
                         redirect_uris='http://localhost/',
                         default_scopes='read write')
@@ -29,13 +30,40 @@ def test_validate_success(superuser):
     """Register client."""
     form = RegisterForm(superuser, name='Client',
                         description='OAuth2 Client',
+                        user_id=-1,
                         is_confidential=choice([True, False]),
                         redirect_uris='http://localhost/',
                         default_scopes='read write')
 
     assert form.validate() is True
 
 
+def test_validate_success_with_user_id(superuser, user):
+    """Register client with user_id."""
+    form = RegisterForm(superuser, name='Client',
+                        description='OAuth2 Client',
+                        user_id=user.id,
+                        is_confidential=choice([True, False]),
+                        redirect_uris='http://localhost/',
+                        default_scopes='read write')
+
+    assert form.validate() is True
+
+
+def test_invalid_user_id(superuser):
+    """Attempt to register client with invalid user_id."""
+    bad_user_id = 42000000
+    form = RegisterForm(superuser, name='Client',
+                        description='OAuth2 Client',
+                        user_id=bad_user_id,
+                        is_confidential=choice([True, False]),
+                        redirect_uris='http://localhost/',
+                        default_scopes='read write')
+
+    assert form.validate() is False
+    assert _('User ID "%(user_id)s" does not exist', user_id=bad_user_id) in form.user_id.errors
+
+
 def test_missing_name(superuser):
     """Attempt to register client with missing name."""
     form = RegisterForm(superuser,