From 737dab9e2d82e3f6e77bd9719c0c0cac5d088863 Mon Sep 17 00:00:00 2001
From: Awais Qureshi <awais.qureshi@arbisoft.com>
Date: Wed, 22 Jun 2022 00:14:34 +0500
Subject: [PATCH] build: upgrading django-auth-toolkit and oauthlib. ** method
 names changed from `construct_base_string` to `signature_base_string` and
 from `normalize_base_string_uri` to `base_string_uri`. ** explicitly trigger
 the `save_token` call. for more details check *
 https://github.com/oauthlib/oauthlib/issues/755 *
 https://github.com/oauthlib/oauthlib/pull/651/files

---
 common/djangoapps/third_party_auth/lti.py     |  8 ++++----
 openedx/core/djangoapps/oauth_dispatch/api.py |  5 ++++-
 requirements/constraints.txt                  | 11 +++++------
 requirements/edx/base.txt                     |  5 ++---
 requirements/edx/development.txt              | 14 ++++++--------
 requirements/edx/testing.txt                  | 14 ++++++--------
 6 files changed, 27 insertions(+), 30 deletions(-)

diff --git a/common/djangoapps/third_party_auth/lti.py b/common/djangoapps/third_party_auth/lti.py
index 2d3478788635..3895c888661c 100644
--- a/common/djangoapps/third_party_auth/lti.py
+++ b/common/djangoapps/third_party_auth/lti.py
@@ -11,8 +11,8 @@
 from oauthlib.common import Request
 from oauthlib.oauth1.rfc5849.signature import (
     collect_parameters,
-    construct_base_string,
-    normalize_base_string_uri,
+    signature_base_string,
+    base_string_uri,
     normalize_parameters,
     sign_hmac_sha1
 )
@@ -154,10 +154,10 @@ def _get_validated_lti_params_from_values(cls, request, current_time,
         # we proceed through the entire validation before rejecting any request for any reason.
         # However, as noted there, the value of doing this is dubious.
         try:
-            base_uri = normalize_base_string_uri(request.uri)
+            base_uri = base_string_uri(request.uri)
             parameters = collect_parameters(uri_query=request.uri_query, body=request.body)
             parameters_string = normalize_parameters(parameters)
-            base_string = construct_base_string(request.http_method, base_uri, parameters_string)
+            base_string = signature_base_string(request.http_method, base_uri, parameters_string)
 
             computed_signature = sign_hmac_sha1(base_string, str(lti_consumer_secret), '')
             submitted_signature = request.oauth_signature
diff --git a/openedx/core/djangoapps/oauth_dispatch/api.py b/openedx/core/djangoapps/oauth_dispatch/api.py
index 6816e06218b7..bac1d25913d7 100644
--- a/openedx/core/djangoapps/oauth_dispatch/api.py
+++ b/openedx/core/djangoapps/oauth_dispatch/api.py
@@ -33,7 +33,10 @@ def create_dot_access_token(request, user, client, expires_in=None, scopes=None)
         request_validator=dot_settings.OAUTH2_VALIDATOR_CLASS(),
     )
     _populate_create_access_token_request(request, user, client, scopes)
-    return token_generator.create_token(request, refresh_token=True)
+    token = token_generator.create_token(request, refresh_token=True)
+    token_generator.request_validator.save_token(token, request)
+
+    return token
 
 
 def _get_expires_in_value(expires_in):
diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 3017d343ad31..b5b359469120 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -19,6 +19,11 @@ celery>=5.2.2,<6.0.0
 # required for celery>=5.2.0;<5.3.0
 click>=8.0,<9.0
 
+# greater version has breaking changes.
+# https://github.com/jazzband/django-oauth-toolkit/blob/master/CHANGELOG.md#200-2022-04-24
+django-oauth-toolkit<2.0.0
+
+
 # django-storages version 1.9 drops support for boto storage backend.
 django-storages<1.9
 
@@ -27,12 +32,6 @@ django-storages<1.9
 # for them.
 edx-enterprise==3.57.1
 
-# oauthlib>3.0.1 causes test failures ( also remove the django-oauth-toolkit constraint when this is fixed )
-oauthlib==3.0.1
-
-# django-auth-toolkit==1.3.3 requires oauthlib>=3.1.0 which is pinned because of test failures
-django-oauth-toolkit<=1.3.2
-
 # Will be updated once we update python-dateutil package
 matplotlib<3.4.0
 
diff --git a/requirements/edx/base.txt b/requirements/edx/base.txt
index 5d9cc95d7821..cd222268569b 100644
--- a/requirements/edx/base.txt
+++ b/requirements/edx/base.txt
@@ -328,7 +328,7 @@ django-multi-email-field==0.6.2
     # via edx-enterprise
 django-mysql==4.7.1
     # via -r requirements/edx/base.in
-django-oauth-toolkit==1.3.2
+django-oauth-toolkit==1.7.1
     # via
     #   -c requirements/edx/../constraints.txt
     #   -r requirements/edx/base.in
@@ -751,9 +751,8 @@ numpy==1.22.4
     #   chem
     #   openedx-calc
     #   scipy
-oauthlib==3.0.1
+oauthlib==3.2.0
     # via
-    #   -c requirements/edx/../constraints.txt
     #   -r requirements/edx/base.in
     #   django-oauth-toolkit
     #   lti-consumer-xblock
diff --git a/requirements/edx/development.txt b/requirements/edx/development.txt
index 7bb9e20b92b5..8a3bb70e906b 100644
--- a/requirements/edx/development.txt
+++ b/requirements/edx/development.txt
@@ -429,7 +429,7 @@ django-multi-email-field==0.6.2
     #   edx-enterprise
 django-mysql==4.7.1
     # via -r requirements/edx/testing.txt
-django-oauth-toolkit==1.3.2
+django-oauth-toolkit==1.7.1
     # via
     #   -c requirements/edx/../constraints.txt
     #   -r requirements/edx/testing.txt
@@ -701,7 +701,7 @@ execnet==1.9.0
     #   pytest-xdist
 factory-boy==3.2.1
     # via -r requirements/edx/testing.txt
-faker==15.0.0
+
     # via
     #   -r requirements/edx/testing.txt
     #   factory-boy
@@ -846,6 +846,7 @@ jsonschema==4.16.0
 jwcrypto==1.4.2
     # via
     #   -r requirements/edx/testing.txt
+    #   django-oauth-toolkit
     #   pylti1p3
 kombu==5.2.4
     # via
@@ -980,9 +981,8 @@ numpy==1.22.4
     #   chem
     #   openedx-calc
     #   scipy
-oauthlib==3.0.1
+oauthlib==3.2.0
     # via
-    #   -c requirements/edx/../constraints.txt
     #   -r requirements/edx/testing.txt
     #   django-oauth-toolkit
     #   lti-consumer-xblock
@@ -999,9 +999,7 @@ openedx-filters==0.8.0
     # via
     #   -r requirements/edx/testing.txt
     #   lti-consumer-xblock
-optimizely-sdk==4.1.0
-    # via -r requirements/edx/testing.txt
-ora2==4.5.1
+
     # via -r requirements/edx/testing.txt
 oscrypto==1.3.0
     # via
@@ -1601,7 +1599,7 @@ urllib3==1.26.12
     #   tableauserverclient
 user-util==1.0.0
     # via -r requirements/edx/testing.txt
-uvicorn==0.18.3
+
     # via
     #   -r requirements/edx/testing.txt
     #   pact-python
diff --git a/requirements/edx/testing.txt b/requirements/edx/testing.txt
index f28f0c53b697..c8ac395cddca 100644
--- a/requirements/edx/testing.txt
+++ b/requirements/edx/testing.txt
@@ -411,7 +411,7 @@ django-multi-email-field==0.6.2
     #   edx-enterprise
 django-mysql==4.7.1
     # via -r requirements/edx/base.txt
-django-oauth-toolkit==1.3.2
+django-oauth-toolkit==1.7.1
     # via
     #   -c requirements/edx/../constraints.txt
     #   -r requirements/edx/base.txt
@@ -678,7 +678,7 @@ execnet==1.9.0
     # via pytest-xdist
 factory-boy==3.2.1
     # via -r requirements/edx/testing.in
-faker==15.0.0
+
     # via factory-boy
 fastapi==0.85.0
     # via pact-python
@@ -811,6 +811,7 @@ jsonschema==4.16.0
 jwcrypto==1.4.2
     # via
     #   -r requirements/edx/base.txt
+    #   django-oauth-toolkit
     #   pylti1p3
 kombu==5.2.4
     # via
@@ -932,9 +933,8 @@ numpy==1.22.4
     #   chem
     #   openedx-calc
     #   scipy
-oauthlib==3.0.1
+oauthlib==3.2.0
     # via
-    #   -c requirements/edx/../constraints.txt
     #   -r requirements/edx/base.txt
     #   django-oauth-toolkit
     #   lti-consumer-xblock
@@ -951,9 +951,7 @@ openedx-filters==0.8.0
     # via
     #   -r requirements/edx/base.txt
     #   lti-consumer-xblock
-optimizely-sdk==4.1.0
-    # via -r requirements/edx/base.txt
-ora2==4.5.1
+
     # via -r requirements/edx/base.txt
 oscrypto==1.3.0
     # via
@@ -1491,7 +1489,7 @@ urllib3==1.26.12
     #   tableauserverclient
 user-util==1.0.0
     # via -r requirements/edx/base.txt
-uvicorn==0.18.3
+
     # via pact-python
 vine==5.0.0
     # via