Merge branch '514-oauth-provider-allow-several-all-grant-flows' into...

Merge branch '514-oauth-provider-allow-several-all-grant-flows' into 532-oauth-allow-limiting-scopes-per-application

aleksis/core/forms.py

@@ -22,6 +22,7 @@ from .models import (
     DashboardWidget,
     Group,
     GroupType,
+    OAuthApplication,
     Person,
     SchoolTerm,
 )
@@ -590,3 +591,16 @@ class ListActionForm(ActionForm):
         self.items = items
         super().__init__(request, *args, **kwargs)
         self.fields["selected_objects"].choices = self._get_choices()
+
+
+class OAuthApplicationForm(forms.ModelForm):
+    class Meta:
+        model = OAuthApplication
+        fields = (
+            "name",
+            "client_id",
+            "client_secret",
+            "client_type",
+            "allowed_scopes",
+            "redirect_uris",
+        )

aleksis/core/settings.py

@@ -326,9 +326,9 @@ ACCOUNT_UNIQUE_EMAIL = _settings.get("auth.login.registration.unique_email", Tru
 OAUTH2_PROVIDER = {"SCOPES_BACKEND_CLASS": "aleksis.core.util.auth_helpers.AppScopes"}
 OAUTH2_PROVIDER_APPLICATION_MODEL = "core.OAuthApplication"
 OAUTH2_PROVIDER_GRANT_MODEL = "core.OAuthGrant"
-OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL = "core.OAuthAccessToken"
-OAUTH2_PROVIDER_ID_TOKEN_MODEL = "core.OAuthIDToken"
-OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL = "core.OAuthRefreshToken"
+OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL = "core.OAuthAccessToken"  # noqa: S105
+OAUTH2_PROVIDER_ID_TOKEN_MODEL = "core.OAuthIDToken"  # noqa: S105
+OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL = "core.OAuthRefreshToken"  # noqa: S105
 
 if _settings.get("oauth2.oidc.enabled", False):
     with open(_settings.get("oauth2.oidc.rsa_key", "/etc/aleksis/oidc.pem"), "r") as f:

aleksis/core/templates/oauth2_provider/application_form.html → aleksis/core/templates/oauth2_provider/application/create.html

@@ -2,20 +2,16 @@
 
 {% load i18n material_form %}
 
-{% block browser_title %}{% blocktrans %}Create OAuth2 Application{% endblocktrans %}{% endblock %}
+{% block browser_title %}{% blocktrans %}Register OAuth2 Application{% endblocktrans %}{% endblock %}
+{% block page_title %}{% blocktrans %}Register OAuth2 Application{% endblocktrans %}{% endblock %}
 
 {% block content %}
-  <h4 class="block-center-heading">
-    {% block app-form-title %}
-      {% blocktrans with application_name=application.name %}Edit application{% endblocktrans %}
-    {% endblock app-form-title %}
-  </h4>
   <form method="post">
     {% csrf_token %}
     {% form form=form %}{% endform %}
     {% include "core/partials/save_button.html" %}
-    <a class="btn waves-effect red waves-light" href="{% block app-form-back-url %}{% url "oauth_detail" application.id %}{% endblock app-form-back-url %}">
-      <i class="material-icons left">clear</i> {% trans "Cancel"%}
+    <a class="btn waves-effect red waves-light" href="{% url "oauth_list" %}">
+      <i class="material-icons left">clear</i> {% trans "Cancel" %}
     </a>
   </form>
 {% endblock %}

aleksis/core/templates/oauth2_provider/application/edit.html

+{% extends "core/base.html" %}
+
+{% load i18n material_form %}
+
+{% block browser_title %}{% blocktrans %}Edit OAuth2 Application{% endblocktrans %}{% endblock %}
+{% block page_title %}{% blocktrans %}Edit OAuth2 Application{% endblocktrans %}{% endblock %}
+
+{% block content %}
+  <form method="post">
+    {% csrf_token %}
+    {% form form=form %}{% endform %}
+    {% include "core/partials/save_button.html" %}
+    <a class="btn waves-effect red waves-light" href="{% url "oauth_detail" application.id %}">
+      <i class="material-icons left">clear</i> {% trans "Cancel" %}
+    </a>
+  </form>
+{% endblock %}

aleksis/core/templates/oauth2_provider/application_detail.html

@@ -12,7 +12,7 @@
 {% endblock %}
 
 {% block content %}
-  <a class="btn waves-effect waves-light btn-margin" href="{% url "oauth_update" application.id %}">
+  <a class="btn waves-effect waves-light btn-margin" href="{% url "edit_oauth_application" application.id %}">
     <i class="material-icons left">edit</i>
     {% trans "Edit" %}
   </a>
@@ -46,14 +46,6 @@
           {{ application.client_type }}
         </td>
       </tr>
-      <tr>
-        <th>
-          {% trans "Authorization Grant Type"%}
-        </td>
-        <td>
-          {{ application.authorization_grant_type }}
-        </td>
-      </tr>
       <tr>
         <th>
           {% trans "Redirect URIs"%}

aleksis/core/templates/oauth2_provider/application_list.html

@@ -6,10 +6,9 @@
 
 {% block content %}
   <h1>{% blocktrans %}OAuth2 applications{% endblocktrans %}</h1>
-  <a href="{% url "oauth2_provider:register" %}" class="btn green waves-effect
-  waves-light">
+  <a href="{% url "register_oauth_application" %}" class="btn green waves-effect waves-light">
     <i class="material-icons left">add</i>
-    {% blocktrans %}Register new applications{% endblocktrans %}
+    {% blocktrans %}Register new application{% endblocktrans %}
   </a>
   <ul class="collection">
   {% for application in applications %}

aleksis/core/urls.py

@@ -103,9 +103,18 @@ urlpatterns = [
         name="oidc_configuration",
     ),
     path("oauth/applications/", views.OAuth2List.as_view(), name="oauth_list"),
+    path(
+        "oauth/applications/register/",
+        views.OAuth2RegisterView.as_view(),
+        name="register_oauth_application",
+    ),
     path("oauth/applications/<int:pk>/detail", views.OAuth2Detail.as_view(), name="oauth_detail"),
     path("oauth/applications/<int:pk>/delete", views.OAuth2Delete.as_view(), name="oauth_delete"),
-    path("oauth/applications/<int:pk>/update", views.OAuth2Update.as_view(), name="oauth_update"),
+    path(
+        "oauth/applications/<int:pk>/edit/",
+        views.OAuth2EditView.as_view(),
+        name="edit_oauth_application",
+    ),
     path("oauth/", include("oauth2_provider.urls", namespace="oauth2_provider")),
     path("__i18n__/", include("django.conf.urls.i18n")),
     path(

aleksis/core/views.py

@@ -26,7 +26,7 @@ from django.views.decorators.cache import never_cache
 from django.views.defaults import ERROR_500_TEMPLATE_NAME
 from django.views.generic.base import TemplateView, View
 from django.views.generic.detail import DetailView, SingleObjectMixin
-from django.views.generic.edit import DeleteView, UpdateView
+from django.views.generic.edit import DeleteView
 from django.views.generic.list import ListView
 
 import reversion
@@ -59,6 +59,7 @@ from .forms import (
     EditGroupForm,
     EditGroupTypeForm,
     GroupPreferenceForm,
+    OAuthApplicationForm,
     PersonForm,
     PersonPreferenceForm,
     SchoolTermForm,
@@ -1066,28 +1067,25 @@ class OAuth2Delete(PermissionRequiredMixin, DeleteView):
         return OAuthApplication.objects.all()
 
 
-class OAuth2Update(PermissionRequiredMixin, UpdateView):
+class OAuth2EditView(PermissionRequiredMixin, AdvancedEditView):
     """View used to update an application."""
 
     permission_required = "core.update_oauth_applications_rule"
     context_object_name = "application"
-    template_name = "oauth2_provider/application_form.html"
+    template_name = "oauth2_provider/application/edit.html"
+    form_class = OAuthApplicationForm
 
     def get_queryset(self):
         return OAuthApplication.objects.all()
 
-    def get_form_class(self):
-        """Return the form class for the application model."""
-        return modelform_factory(
-            OAuthApplication,
-            fields=(
-                "name",
-                "client_id",
-                "client_secret",
-                "client_type",
-                "allowed_scopes",
-                "redirect_uris",),
-        )
+
+class OAuth2RegisterView(PermissionRequiredMixin, AdvancedCreateView):
+    """View used to register an application."""
+
+    permission_required = "core.add_oauth_applications_rule"
+    context_object_name = "application"
+    template_name = "oauth2_provider/application/create.html"
+    form_class = OAuthApplicationForm
 
 
 class RedirectToPDFFile(SingleObjectMixin, View):