deps: bump to django 4.2

There were significant changes in logout actions so those were the tricky parts to handle. Bumps also deps where applicable. Adds migrations and fixes migration in users where in fresh env setup the migration run would've crashed. The newest 0034 migration have to be applied before users.0020. Refs HP-2441
City-of-Helsinki · Jul 12, 2024 · aa24e63 · aa24e63
1 parent 1edf3ae
commit aa24e63
Show file tree

Hide file tree

Showing 30 changed files with 209 additions and 118 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -15,7 +15,7 @@ jobs:
 
     services:
       postgres:
-        image: postgres:9.6
+        image: postgres:13.4
         ports:
           - 5432:5432
         options: >-

diff --git a/auth_backends/suomifi.py b/auth_backends/suomifi.py
@@ -317,12 +317,13 @@ def create_logout_redirect(self, social_user, token=''):
         Token is used for tracking state."""
         idp = self.get_idp('suomifi')
         auth = self._create_saml_auth(idp=idp)
+        extra_data = json.loads(social_user.extra_data)
         redirect = auth.logout(return_to=token,
                                nq=idp.entity_id,
-                               name_id=social_user.extra_data['name_id'],
+                               name_id=extra_data['name_id'],
                                name_id_format='urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
                                spnq=self.setting('SP_ENTITY_ID'),
-                               session_index=social_user.extra_data['session_index'])
+                               session_index=extra_data['session_index'])
         social_user.extra_data = {}
         social_user.save()
         return self.strategy.redirect(redirect)

diff --git a/auth_backends/tests/conftest.py b/auth_backends/tests/conftest.py
@@ -33,10 +33,10 @@ class DummyOidcBackchannelLogoutBackend(
 
 def create_backend_logout_token(backend, **kwargs):
     kwargs.setdefault('iss', backend.oidc_config().get('issuer'))
-    kwargs.setdefault('sub', get_random_string())
+    kwargs.setdefault('sub', get_random_string(15))
     kwargs.setdefault('aud', backend.setting('KEY'))
     kwargs.setdefault('iat', int(time.time()) - 10)
-    kwargs.setdefault('jti', get_random_string())
+    kwargs.setdefault('jti', get_random_string(15))
     kwargs.setdefault('events', {
         'http://schemas.openid.net/event/backchannel-logout': {},
     })

diff --git a/auth_backends/tests/test_oidc_backchannel_logout.py b/auth_backends/tests/test_oidc_backchannel_logout.py
@@ -227,7 +227,7 @@ def test_logout_token_extra_nonce(
 ):
     logout_token = logout_token_factory(
         backend,
-        nonce=get_random_string(),
+        nonce=get_random_string(15),
     )
     backend.strategy.logout_token = logout_token
 
@@ -245,7 +245,7 @@ def test_logout_token_no_social_auth(
 ):
     logout_token = logout_token_factory(
         backend,
-        sub=get_random_string(),
+        sub=get_random_string(15),
     )
     backend.strategy.logout_token = logout_token
 
@@ -269,7 +269,7 @@ def test_backchannel_logout_not_implemented_in_backend(
 
     reload_social_django_utils()
 
-    password = get_random_string()
+    password = get_random_string(15)
     user = user_factory(password=password)
     usersocialauth_factory(provider='dummyoidcbackend', user=user)
 
@@ -310,7 +310,7 @@ def test_backchannel_successful_logout(
 
     reload_social_django_utils()
 
-    password = get_random_string()
+    password = get_random_string(15)
     user = user_factory(password=password)
 
     backend = DummyOidcBackchannelLogoutBackend()
@@ -367,7 +367,7 @@ def test_backchannel_logout_no_social_auth(
 
     reload_social_django_utils()
 
-    password = get_random_string()
+    password = get_random_string(15)
     user = user_factory(password=password)
 
     backend = DummyOidcBackchannelLogoutBackend()
@@ -416,9 +416,9 @@ def test_backchannel_successful_logout_other_session_unaffected(
 
     reload_social_django_utils()
 
-    password = get_random_string()
+    password = get_random_string(15)
     user = user_factory(password=password)
-    password2 = get_random_string()
+    password2 = get_random_string(15)
     user2 = user_factory(password=password2)
 
     backend = DummyOidcBackchannelLogoutBackend()

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,7 +1,7 @@
 version: '3.7'
 services:
     postgres:
-        image: postgres:9.6-alpine
+        image: postgres:13.4-alpine
         environment:
             POSTGRES_USER: tunnistamo
             POSTGRES_PASSWORD: tunnistamo

diff --git a/oidc_apis/scopes.py b/oidc_apis/scopes.py
@@ -1,3 +1,4 @@
+import json
 import re
 
 from django.utils.translation import gettext_lazy as _
@@ -142,6 +143,10 @@ def create_response_dic(self):
             social_user = UserSocialAuth.objects.get(user=self.user, provider='suomifi')
         except UserSocialAuth.DoesNotExist:
             return dic
+
+        if isinstance(social_user.extra_data, str):
+            social_user.extra_data = json.loads(social_user.extra_data)
+
         for level in SuomiFiAccessLevel.objects.all():
             scope = 'suomifi_' + level.shorthand
             if scope in self.scopes:

diff --git a/requirements-dev.txt b/requirements-dev.txt
@@ -8,8 +8,6 @@
 
 argparse==1.4.0
     # via unittest2
-attrs==21.2.0
-    # via pytest
 build==1.0.3
     # via pip-tools
 click==8.1.7
@@ -38,8 +36,9 @@ linecache2==1.0.0
     # via traceback2
 mccabe==0.6.1
     # via flake8
-packaging==21.0
+packaging==24.1
     # via
+    #   -c requirements.txt
     #   build
     #   pytest
 pip-tools==7.4.0
@@ -50,20 +49,18 @@ pycodestyle==2.8.0
     # via flake8
 pyflakes==2.4.0
     # via flake8
-pyparsing==2.4.7
-    # via packaging
 pyproject-hooks==1.0.0
     # via
     #   build
     #   pip-tools
-pytest==7.2.0
+pytest==7.4.4
     # via
     #   -r requirements-dev.in
     #   pytest-cov
     #   pytest-django
 pytest-cov==3.0.0
     # via -r requirements-dev.in
-pytest-django==4.4.0
+pytest-django==4.8.0
     # via -r requirements-dev.in
 python-dateutil==2.8.2
     # via
@@ -87,7 +84,7 @@ unittest2==1.1.0
     # via -r requirements-dev.in
 wheel==0.42.0
     # via pip-tools
-zipp==3.17.0
+zipp==3.19.2
     # via importlib-metadata
 
 # The following packages are considered to be unsafe in a requirements file:

diff --git a/requirements.in b/requirements.in
@@ -1,15 +1,15 @@
-django<4.0
+django<5.0
 django-multiselectfield
-django-oauth-toolkit
+django-oauth-toolkit<=1.6.0
 django-parler>2.1
 django-cors-headers
 # Use our own fork of django-oidc-provider as long as the token extraction PR is not merged
 # https://github.com/juanifioren/django-oidc-provider/pull/389
-git+https://github.com/City-of-Helsinki/django-oidc-provider.git@745b7ebfabd568acc282ec0e8ac098f54ee933f9
+git+https://github.com/City-of-Helsinki/django-oidc-provider.git@f25cf7665eef59d15f14a8b2a8276ec955b5b73b
 djangorestframework>=3.10
 django-helusers
 django-bootstrap3
-psycopg2
+psycopg2>2.8.3
 --no-binary psycopg2
 raven
 PyJWT[crypto]