build: upgrading django-auth-toolkit and oauthlib.

** method names changed from `construct_base_string` to `signature_base_string` and from `normalize_base_string_uri` to `base_string_uri`. ** explicitly trigger the `save_token` call. for more details check * oauthlib/oauthlib#755 * https://github.com/oauthlib/oauthlib/pull/651/files
openedx · Jun 24, 2022 · a478cce · a478cce
1 parent 20de3c7
commit a478cce
Show file tree

Hide file tree

Showing 7 changed files with 49 additions and 43 deletions.
diff --git a/common/djangoapps/third_party_auth/lti.py b/common/djangoapps/third_party_auth/lti.py
@@ -11,8 +11,8 @@
 from oauthlib.common import Request
 from oauthlib.oauth1.rfc5849.signature import (
     collect_parameters,
-    construct_base_string,
-    normalize_base_string_uri,
+    signature_base_string,
+    base_string_uri,
     normalize_parameters,
     sign_hmac_sha1
 )
@@ -154,10 +154,10 @@ def _get_validated_lti_params_from_values(cls, request, current_time,
         # we proceed through the entire validation before rejecting any request for any reason.
         # However, as noted there, the value of doing this is dubious.
         try:
-            base_uri = normalize_base_string_uri(request.uri)
+            base_uri = base_string_uri(request.uri)
             parameters = collect_parameters(uri_query=request.uri_query, body=request.body)
             parameters_string = normalize_parameters(parameters)
-            base_string = construct_base_string(request.http_method, base_uri, parameters_string)
+            base_string = signature_base_string(request.http_method, base_uri, parameters_string)
 
             computed_signature = sign_hmac_sha1(base_string, str(lti_consumer_secret), '')
             submitted_signature = request.oauth_signature

diff --git a/openedx/core/djangoapps/oauth_dispatch/api.py b/openedx/core/djangoapps/oauth_dispatch/api.py
@@ -33,7 +33,15 @@ def create_dot_access_token(request, user, client, expires_in=None, scopes=None)
         request_validator=dot_settings.OAUTH2_VALIDATOR_CLASS(),
     )
     _populate_create_access_token_request(request, user, client, scopes)
-    return token_generator.create_token(request, refresh_token=True)
+
+    # save_token` has been deprecated, it was not called internally
+    # If you do, call `request_validator.save_token()`.
+    # for details https://github.com/oauthlib/oauthlib/blob/v3.2.0/oauthlib/oauth2/rfc6749/tokens.py#L303
+
+    token = token_generator.create_token(request, refresh_token=True)
+    token_generator.request_validator.save_token(token, request)
+
+    return token
 
 
 def _get_expires_in_value(expires_in):

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
@@ -27,12 +27,6 @@ django-storages<1.9
 # for them.
 edx-enterprise==3.51.1
 
-# oauthlib>3.0.1 causes test failures ( also remove the django-oauth-toolkit constraint when this is fixed )
-oauthlib==3.0.1
-
-# django-auth-toolkit==1.3.3 requires oauthlib>=3.1.0 which is pinned because of test failures
-django-oauth-toolkit<=1.3.2
-
 # Will be updated once we update python-dateutil package
 matplotlib<3.4.0
 
@@ -78,3 +72,8 @@ mistune<2.0.0
 # This is to allow them to better control its deployment and to do it in a process that works better
 # for them.
 learner-pathway-progress==1.0.1
+
+
+# greater version has breaking changes.
+# https://github.com/jazzband/django-oauth-toolkit/blob/master/CHANGELOG.md#200-2022-04-24
+django-oauth-toolkit<2.0.0
diff --git a/requirements/edx/base.txt b/requirements/edx/base.txt
@@ -329,7 +329,7 @@ django-multi-email-field==0.6.2
     # via edx-enterprise
 django-mysql==4.7.0
     # via -r requirements/edx/base.in
-django-oauth-toolkit==1.3.2
+django-oauth-toolkit==1.7.1
     # via
     #   -c requirements/edx/../constraints.txt
     #   -r requirements/edx/base.in
@@ -578,7 +578,7 @@ future==0.18.2
     # via
     #   edx-celeryutils
     #   pyjwkest
-geoip2==4.5.0
+geoip2==4.6.0
     # via -r requirements/edx/base.in
 glob2==0.7
     # via -r requirements/edx/base.in
@@ -632,7 +632,9 @@ jsonfield==3.1.0
     #   lti-consumer-xblock
     #   ora2
 jwcrypto==1.3.1
-    # via pylti1p3
+    # via
+    #   django-oauth-toolkit
+    #   pylti1p3
 kombu==5.2.4
     # via celery
 laboratory==1.0.2
@@ -712,7 +714,7 @@ multidict==6.0.2
     # via
     #   aiohttp
     #   yarl
-mysqlclient==2.1.0
+mysqlclient==2.1.1
     # via
     #   -r requirements/edx/base.in
     #   blockstore
@@ -731,9 +733,8 @@ numpy==1.22.4
     #   chem
     #   openedx-calc
     #   scipy
-oauthlib==3.0.1
+oauthlib==3.2.0
     # via
-    #   -c requirements/edx/../constraints.txt
     #   -r requirements/edx/base.in
     #   django-oauth-toolkit
     #   lti-consumer-xblock
@@ -747,7 +748,7 @@ openedx-filters==0.7.0
     # via
     #   -r requirements/edx/base.in
     #   lti-consumer-xblock
-ora2==4.4.0
+ora2==4.4.1
     # via -r requirements/edx/base.in
 oscrypto==1.3.0
     # via snowflake-connector-python
@@ -800,7 +801,7 @@ pycountry==22.3.5
     # via -r requirements/edx/base.in
 pycparser==2.21
     # via cffi
-pycryptodomex==3.14.1
+pycryptodomex==3.15.0
     # via
     #   -r requirements/edx/base.in
     #   edx-proctoring

diff --git a/requirements/edx/coverage.txt b/requirements/edx/coverage.txt
@@ -8,7 +8,7 @@ chardet==4.0.0
     # via diff-cover
 coverage==6.4.1
     # via -r requirements/edx/coverage.in
-diff-cover==6.5.0
+diff-cover==6.5.1
     # via -r requirements/edx/coverage.in
 jinja2==3.1.2
     # via diff-cover

diff --git a/requirements/edx/development.txt b/requirements/edx/development.txt
@@ -58,7 +58,6 @@ asgiref==3.5.2
     # via
     #   -r requirements/edx/testing.txt
     #   django
-    #   uvicorn
 asn1crypto==1.5.1
     # via
     #   -r requirements/edx/testing.txt
@@ -261,7 +260,7 @@ deprecated==1.2.13
     #   -r requirements/edx/testing.txt
     #   jwcrypto
     #   redis
-diff-cover==6.5.0
+diff-cover==6.5.1
     # via -r requirements/edx/testing.txt
 dill==0.3.5.1
     # via
@@ -371,7 +370,7 @@ django-crum==0.7.9
     #   edx-rbac
     #   edx-toggles
     #   super-csv
-django-debug-toolbar==3.4.0
+django-debug-toolbar==3.5.0
     # via -r requirements/edx/development.in
 django-environ==0.9.0
     # via
@@ -428,7 +427,7 @@ django-multi-email-field==0.6.2
     #   edx-enterprise
 django-mysql==4.7.0
     # via -r requirements/edx/testing.txt
-django-oauth-toolkit==1.3.2
+django-oauth-toolkit==1.7.1
     # via
     #   -c requirements/edx/../constraints.txt
     #   -r requirements/edx/testing.txt
@@ -688,7 +687,7 @@ execnet==1.9.0
     #   pytest-xdist
 factory-boy==3.2.1
     # via -r requirements/edx/testing.txt
-faker==13.13.0
+faker==13.14.0
     # via
     #   -r requirements/edx/testing.txt
     #   factory-boy
@@ -727,7 +726,7 @@ future==0.18.2
     #   -r requirements/edx/testing.txt
     #   edx-celeryutils
     #   pyjwkest
-geoip2==4.5.0
+geoip2==4.6.0
     # via -r requirements/edx/testing.txt
 glob2==0.7
     # via -r requirements/edx/testing.txt
@@ -824,6 +823,7 @@ jsonschema==4.6.0
 jwcrypto==1.3.1
     # via
     #   -r requirements/edx/testing.txt
+    #   django-oauth-toolkit
     #   pylti1p3
 kombu==5.2.4
     # via
@@ -936,7 +936,7 @@ mypy==0.961
     # via -r requirements/edx/development.in
 mypy-extensions==0.4.3
     # via mypy
-mysqlclient==2.1.0
+mysqlclient==2.1.1
     # via
     #   -r requirements/edx/testing.txt
     #   blockstore
@@ -956,9 +956,8 @@ numpy==1.22.4
     #   chem
     #   openedx-calc
     #   scipy
-oauthlib==3.0.1
+oauthlib==3.2.0
     # via
-    #   -c requirements/edx/../constraints.txt
     #   -r requirements/edx/testing.txt
     #   django-oauth-toolkit
     #   lti-consumer-xblock
@@ -972,7 +971,7 @@ openedx-filters==0.7.0
     # via
     #   -r requirements/edx/testing.txt
     #   lti-consumer-xblock
-ora2==4.4.0
+ora2==4.4.1
     # via -r requirements/edx/testing.txt
 oscrypto==1.3.0
     # via
@@ -1070,7 +1069,7 @@ pycparser==2.21
     # via
     #   -r requirements/edx/testing.txt
     #   cffi
-pycryptodomex==3.14.1
+pycryptodomex==3.15.0
     # via
     #   -r requirements/edx/testing.txt
     #   edx-proctoring
@@ -1541,7 +1540,7 @@ urllib3==1.26.9
     #   selenium
 user-util==1.0.0
     # via -r requirements/edx/testing.txt
-uvicorn==0.17.6
+uvicorn==0.18.1
     # via
     #   -r requirements/edx/testing.txt
     #   pact-python

diff --git a/requirements/edx/testing.txt b/requirements/edx/testing.txt
@@ -54,7 +54,6 @@ asgiref==3.5.2
     # via
     #   -r requirements/edx/base.txt
     #   django
-    #   uvicorn
 asn1crypto==1.5.1
     # via
     #   -r requirements/edx/base.txt
@@ -254,7 +253,7 @@ deprecated==1.2.13
     #   -r requirements/edx/base.txt
     #   jwcrypto
     #   redis
-diff-cover==6.5.0
+diff-cover==6.5.1
     # via -r requirements/edx/coverage.txt
 dill==0.3.5.1
     # via pylint
@@ -413,7 +412,7 @@ django-multi-email-field==0.6.2
     #   edx-enterprise
 django-mysql==4.7.0
     # via -r requirements/edx/base.txt
-django-oauth-toolkit==1.3.2
+django-oauth-toolkit==1.7.1
     # via
     #   -c requirements/edx/../constraints.txt
     #   -r requirements/edx/base.txt
@@ -668,7 +667,7 @@ execnet==1.9.0
     # via pytest-xdist
 factory-boy==3.2.1
     # via -r requirements/edx/testing.in
-faker==13.13.0
+faker==13.14.0
     # via factory-boy
 fastapi==0.78.0
     # via pact-python
@@ -702,7 +701,7 @@ future==0.18.2
     #   -r requirements/edx/base.txt
     #   edx-celeryutils
     #   pyjwkest
-geoip2==4.5.0
+geoip2==4.6.0
     # via -r requirements/edx/base.txt
 glob2==0.7
     # via -r requirements/edx/base.txt
@@ -788,6 +787,7 @@ jsonfield==3.1.0
 jwcrypto==1.3.1
     # via
     #   -r requirements/edx/base.txt
+    #   django-oauth-toolkit
     #   pylti1p3
 kombu==5.2.4
     # via
@@ -887,7 +887,7 @@ multidict==6.0.2
     #   -r requirements/edx/base.txt
     #   aiohttp
     #   yarl
-mysqlclient==2.1.0
+mysqlclient==2.1.1
     # via
     #   -r requirements/edx/base.txt
     #   blockstore
@@ -907,9 +907,8 @@ numpy==1.22.4
     #   chem
     #   openedx-calc
     #   scipy
-oauthlib==3.0.1
+oauthlib==3.2.0
     # via
-    #   -c requirements/edx/../constraints.txt
     #   -r requirements/edx/base.txt
     #   django-oauth-toolkit
     #   lti-consumer-xblock
@@ -923,7 +922,7 @@ openedx-filters==0.7.0
     # via
     #   -r requirements/edx/base.txt
     #   lti-consumer-xblock
-ora2==4.4.0
+ora2==4.4.1
     # via -r requirements/edx/base.txt
 oscrypto==1.3.0
     # via
@@ -1013,7 +1012,7 @@ pycparser==2.21
     # via
     #   -r requirements/edx/base.txt
     #   cffi
-pycryptodomex==3.14.1
+pycryptodomex==3.15.0
     # via
     #   -r requirements/edx/base.txt
     #   edx-proctoring
@@ -1432,7 +1431,7 @@ urllib3==1.26.9
     #   selenium
 user-util==1.0.0
     # via -r requirements/edx/base.txt
-uvicorn==0.17.6
+uvicorn==0.18.1
     # via pact-python
 vine==5.0.0
     # via