CHANGELOG.rst

@@ -9,6 +9,14 @@ and this project adheres to `Semantic Versioning`_.
 Unreleased
 ----------
 
+Added
+~~~~~
+
+* [OAuth] Allow apps to fill in their own claim data matching their scopes
+
+`2.2.1_ – 2021-12-02
+--------------------
+
 Fixed
 ~~~~~
 
@@ -17,6 +25,7 @@ Fixed
 * [OAuth] Fix OAuth claims for follow-up requests (e.g. UserInfo)
 * [OAuth] Fix grant types checking failing on wrong types under some circumstances
 * [OAuth] Re-introduce missing algorithm field in application form
+* Remove errornous backup folder check for S3
 
 `2.2`_ - 2021-11-29
 -------------------
@@ -499,3 +508,4 @@ Fixed
 .. _2.1: https://edugit.org/AlekSIS/Official/AlekSIS/-/tags/2.1
 .. _2.1.1: https://edugit.org/AlekSIS/Official/AlekSIS/-/tags/2.1.1
 .. _2.2: https://edugit.org/AlekSIS/Official/AlekSIS/-/tags/2.2
+.. _2.2.1: https://edugit.org/AlekSIS/Official/AlekSIS/-/tags/2.2.1

aleksis/core/apps.py

@@ -9,6 +9,7 @@ from django.utils.translation import gettext as _
 
 from dynamic_preferences.registries import preference_models
 from health_check.plugins import plugin_dir
+from oauthlib.common import Request as OauthlibRequest
 
 from .registries import (
     group_preferences_registry,
@@ -156,3 +157,49 @@ class CoreConfig(AppConfig):
                 "groups": _("Groups"),
             }
         return scopes
+
+    @classmethod
+    def get_additional_claims(cls, scopes: list[str], request: OauthlibRequest) -> dict[str, Any]:
+        django_request = HttpRequest()
+        django_request.META = request.headers
+
+        claims = {
+            "preferred_username": request.user.username,
+        }
+
+        if "profile" in scopes:
+            if has_person(request.user):
+                claims["given_name"] = request.user.person.first_name
+                claims["family_name"] = request.user.person.last_name
+                claims["profile"] = django_request.build_absolute_uri(
+                    request.user.person.get_absolute_url()
+                )
+                if request.user.person.photo:
+                    claims["picture"] = django_request.build_absolute_uri(
+                        request.user.person.photo.url
+                    )
+            else:
+                claims["given_name"] = request.user.first_name
+                claims["family_name"] = request.user.last_name
+
+        if "email" in scopes:
+            if has_person(request.user):
+                claims["email"] = request.user.person.email
+            else:
+                claims["email"] = request.user.email
+
+        if "address" in scopes and has_person(request.user):
+            claims["address"] = {
+                "street_address": request.user.person.street
+                + " "
+                + request.user.person.housenumber,
+                "locality": request.user.person.place,
+                "postal_code": request.user.person.postal_code,
+            }
+
+        if "groups" in scopes and has_person(request.user):
+            claims["groups"] = list(
+                request.user.person.member_of.values_list("name", flat=True).all()
+            )
+
+        return claims

aleksis/core/health_checks.py

@@ -34,9 +34,6 @@ class BaseBackupHealthCheck(BaseHealthCheckBackend):
     def check_status(self):
         storage = get_storage()
         backups = storage.list_backups(content_type=self.content_type)
-        if not storage.storage.exists(""):
-            self.add_error(_("The backup folder doesn't exist."))
-            return
         if backups:
             last_backup = backups[:1]
             last_backup_time = dbbackup_utils.filename_to_date(last_backup[0])

aleksis/core/util/apps.py

@@ -8,6 +8,7 @@ from django.http import HttpRequest
 
 from dynamic_preferences.signals import preference_updated
 from license_expression import Licensing
+from oauthlib.common import Request as OauthlibRequest
 from spdx_license_list import LICENSES
 
 from .core_helpers import copyright_years
@@ -244,6 +245,11 @@ class AppConfig(django.apps.AppConfig):
         """Return a list of all OAuth scopes to always include for this request and application."""
         return []
 
+    @classmethod
+    def get_additional_claims(cls, scopes: list[str], request: OauthlibRequest) -> dict[str, Any]:
+        """Get claim data for requested scopes."""
+        return {}
+
     def _maintain_default_data(self):
         from django.contrib.auth.models import Permission
         from django.contrib.contenttypes.models import ContentType

aleksis/core/util/auth_helpers.py

 """Helpers/overrides for django-allauth."""
 
-from typing import Optional
+from typing import Any, Optional
 
 from django.conf import settings
 from django.http import HttpRequest
@@ -16,7 +16,6 @@ from oauth2_provider.views.mixins import (
 from oauthlib.common import Request as OauthlibRequest
 
 from .apps import AppConfig
-from .core_helpers import get_site_preferences, has_person
 
 
 class OurSocialAccountAdapter(DefaultSocialAccountAdapter):
@@ -43,52 +42,16 @@ class OurAccountAdapter(DefaultAccountAdapter):
 
 
 class CustomOAuth2Validator(OAuth2Validator):
-    def get_additional_claims(self, request):
-        django_request = HttpRequest()
-        django_request.META = request.headers
-
+    def get_additional_claims(self, request: OauthlibRequest) -> dict[str, Any]:
+        # Pull together scopes from request and from access token
         scopes = request.scopes.copy()
         if request.access_token:
             scopes += request.access_token.scope.split(" ")
 
-        claims = {
-            "preferred_username": request.user.username,
-        }
-
-        if "profile" in scopes:
-            if has_person(request.user):
-                claims["given_name"] = request.user.person.first_name
-                claims["family_name"] = request.user.person.last_name
-                claims["profile"] = django_request.build_absolute_uri(
-                    request.user.person.get_absolute_url()
-                )
-                if request.user.person.photo:
-                    claims["picture"] = django_request.build_absolute_uri(
-                        request.user.person.photo.url
-                    )
-            else:
-                claims["given_name"] = request.user.first_name
-                claims["family_name"] = request.user.last_name
-
-        if "email" in scopes:
-            if has_person(request.user):
-                claims["email"] = request.user.person.email
-            else:
-                claims["email"] = request.user.email
-
-        if "address" in scopes and has_person(request.user):
-            claims["address"] = {
-                "street_address": request.user.person.street
-                + " "
-                + request.user.person.housenumber,
-                "locality": request.user.person.place,
-                "postal_code": request.user.person.postal_code,
-            }
-
-        if "groups" in scopes and has_person(request.user):
-            claims["groups"] = list(
-                request.user.person.member_of.values_list("name", flat=True).all()
-            )
+        claims = {}
+        # Pull together claim data from all apps
+        for app in AppConfig.__subclasses__():
+            claims.update(app.get_additional_claims(scopes, request))
 
         return claims
 

pyproject.toml

@@ -83,7 +83,7 @@ django-polymorphic = "^3.0.0"
 django-colorfield = "^0.4.0"
 django-bleach = "^0.9.0"
 django-guardian = "^2.2.0"
-rules = "^2.2"
+rules = "^3.0"
 django-cache-memoize = "^0.1.6"
 django-haystack = "^3.1"
 celery-haystack-ng = "^0.20"