diff --git a/common/djangoapps/third_party_auth/lti.py b/common/djangoapps/third_party_auth/lti.py index 2d3478788635..3895c888661c 100644 --- a/common/djangoapps/third_party_auth/lti.py +++ b/common/djangoapps/third_party_auth/lti.py @@ -11,8 +11,8 @@ from oauthlib.common import Request from oauthlib.oauth1.rfc5849.signature import ( collect_parameters, - construct_base_string, - normalize_base_string_uri, + signature_base_string, + base_string_uri, normalize_parameters, sign_hmac_sha1 ) @@ -154,10 +154,10 @@ def _get_validated_lti_params_from_values(cls, request, current_time, # we proceed through the entire validation before rejecting any request for any reason. # However, as noted there, the value of doing this is dubious. try: - base_uri = normalize_base_string_uri(request.uri) + base_uri = base_string_uri(request.uri) parameters = collect_parameters(uri_query=request.uri_query, body=request.body) parameters_string = normalize_parameters(parameters) - base_string = construct_base_string(request.http_method, base_uri, parameters_string) + base_string = signature_base_string(request.http_method, base_uri, parameters_string) computed_signature = sign_hmac_sha1(base_string, str(lti_consumer_secret), '') submitted_signature = request.oauth_signature diff --git a/openedx/core/djangoapps/oauth_dispatch/api.py b/openedx/core/djangoapps/oauth_dispatch/api.py index 6816e06218b7..fe1de6225658 100644 --- a/openedx/core/djangoapps/oauth_dispatch/api.py +++ b/openedx/core/djangoapps/oauth_dispatch/api.py @@ -33,7 +33,15 @@ def create_dot_access_token(request, user, client, expires_in=None, scopes=None) request_validator=dot_settings.OAUTH2_VALIDATOR_CLASS(), ) _populate_create_access_token_request(request, user, client, scopes) - return token_generator.create_token(request, refresh_token=True) + + # save_token` has been deprecated, it was not called internally + # If you do, call `request_validator.save_token()`. + # for details https://github.com/oauthlib/oauthlib/blob/v3.2.0/oauthlib/oauth2/rfc6749/tokens.py#L303 + + token = token_generator.create_token(request, refresh_token=True) + token_generator.request_validator.save_token(token, request) + + return token def _get_expires_in_value(expires_in): diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 02773191e21e..29ad35a599d9 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -27,12 +27,6 @@ django-storages<1.9 # for them. edx-enterprise==3.51.1 -# oauthlib>3.0.1 causes test failures ( also remove the django-oauth-toolkit constraint when this is fixed ) -oauthlib==3.0.1 - -# django-auth-toolkit==1.3.3 requires oauthlib>=3.1.0 which is pinned because of test failures -django-oauth-toolkit<=1.3.2 - # Will be updated once we update python-dateutil package matplotlib<3.4.0 @@ -78,3 +72,8 @@ mistune<2.0.0 # This is to allow them to better control its deployment and to do it in a process that works better # for them. learner-pathway-progress==1.0.1 + + +# greater version has breaking changes. +# https://github.com/jazzband/django-oauth-toolkit/blob/master/CHANGELOG.md#200-2022-04-24 +django-oauth-toolkit<2.0.0 diff --git a/requirements/edx/base.txt b/requirements/edx/base.txt index f0d3b10e7ad7..4a53a6bcefb3 100644 --- a/requirements/edx/base.txt +++ b/requirements/edx/base.txt @@ -329,7 +329,7 @@ django-multi-email-field==0.6.2 # via edx-enterprise django-mysql==4.7.0 # via -r requirements/edx/base.in -django-oauth-toolkit==1.3.2 +django-oauth-toolkit==1.7.1 # via # -c requirements/edx/../constraints.txt # -r requirements/edx/base.in @@ -578,7 +578,7 @@ future==0.18.2 # via # edx-celeryutils # pyjwkest -geoip2==4.5.0 +geoip2==4.6.0 # via -r requirements/edx/base.in glob2==0.7 # via -r requirements/edx/base.in @@ -632,7 +632,9 @@ jsonfield==3.1.0 # lti-consumer-xblock # ora2 jwcrypto==1.3.1 - # via pylti1p3 + # via + # django-oauth-toolkit + # pylti1p3 kombu==5.2.4 # via celery laboratory==1.0.2 @@ -712,7 +714,7 @@ multidict==6.0.2 # via # aiohttp # yarl -mysqlclient==2.1.0 +mysqlclient==2.1.1 # via # -r requirements/edx/base.in # blockstore @@ -731,9 +733,8 @@ numpy==1.22.4 # chem # openedx-calc # scipy -oauthlib==3.0.1 +oauthlib==3.2.0 # via - # -c requirements/edx/../constraints.txt # -r requirements/edx/base.in # django-oauth-toolkit # lti-consumer-xblock @@ -747,7 +748,7 @@ openedx-filters==0.7.0 # via # -r requirements/edx/base.in # lti-consumer-xblock -ora2==4.4.0 +ora2==4.4.1 # via -r requirements/edx/base.in oscrypto==1.3.0 # via snowflake-connector-python @@ -800,7 +801,7 @@ pycountry==22.3.5 # via -r requirements/edx/base.in pycparser==2.21 # via cffi -pycryptodomex==3.14.1 +pycryptodomex==3.15.0 # via # -r requirements/edx/base.in # edx-proctoring diff --git a/requirements/edx/coverage.txt b/requirements/edx/coverage.txt index 4385055d3f66..91abb460ae3b 100644 --- a/requirements/edx/coverage.txt +++ b/requirements/edx/coverage.txt @@ -8,7 +8,7 @@ chardet==4.0.0 # via diff-cover coverage==6.4.1 # via -r requirements/edx/coverage.in -diff-cover==6.5.0 +diff-cover==6.5.1 # via -r requirements/edx/coverage.in jinja2==3.1.2 # via diff-cover diff --git a/requirements/edx/development.txt b/requirements/edx/development.txt index f2c3e61dc609..a2120de12564 100644 --- a/requirements/edx/development.txt +++ b/requirements/edx/development.txt @@ -58,7 +58,6 @@ asgiref==3.5.2 # via # -r requirements/edx/testing.txt # django - # uvicorn asn1crypto==1.5.1 # via # -r requirements/edx/testing.txt @@ -261,7 +260,7 @@ deprecated==1.2.13 # -r requirements/edx/testing.txt # jwcrypto # redis -diff-cover==6.5.0 +diff-cover==6.5.1 # via -r requirements/edx/testing.txt dill==0.3.5.1 # via @@ -371,7 +370,7 @@ django-crum==0.7.9 # edx-rbac # edx-toggles # super-csv -django-debug-toolbar==3.4.0 +django-debug-toolbar==3.5.0 # via -r requirements/edx/development.in django-environ==0.9.0 # via @@ -428,7 +427,7 @@ django-multi-email-field==0.6.2 # edx-enterprise django-mysql==4.7.0 # via -r requirements/edx/testing.txt -django-oauth-toolkit==1.3.2 +django-oauth-toolkit==1.7.1 # via # -c requirements/edx/../constraints.txt # -r requirements/edx/testing.txt @@ -688,7 +687,7 @@ execnet==1.9.0 # pytest-xdist factory-boy==3.2.1 # via -r requirements/edx/testing.txt -faker==13.13.0 +faker==13.14.0 # via # -r requirements/edx/testing.txt # factory-boy @@ -727,7 +726,7 @@ future==0.18.2 # -r requirements/edx/testing.txt # edx-celeryutils # pyjwkest -geoip2==4.5.0 +geoip2==4.6.0 # via -r requirements/edx/testing.txt glob2==0.7 # via -r requirements/edx/testing.txt @@ -824,6 +823,7 @@ jsonschema==4.6.0 jwcrypto==1.3.1 # via # -r requirements/edx/testing.txt + # django-oauth-toolkit # pylti1p3 kombu==5.2.4 # via @@ -936,7 +936,7 @@ mypy==0.961 # via -r requirements/edx/development.in mypy-extensions==0.4.3 # via mypy -mysqlclient==2.1.0 +mysqlclient==2.1.1 # via # -r requirements/edx/testing.txt # blockstore @@ -956,9 +956,8 @@ numpy==1.22.4 # chem # openedx-calc # scipy -oauthlib==3.0.1 +oauthlib==3.2.0 # via - # -c requirements/edx/../constraints.txt # -r requirements/edx/testing.txt # django-oauth-toolkit # lti-consumer-xblock @@ -972,7 +971,7 @@ openedx-filters==0.7.0 # via # -r requirements/edx/testing.txt # lti-consumer-xblock -ora2==4.4.0 +ora2==4.4.1 # via -r requirements/edx/testing.txt oscrypto==1.3.0 # via @@ -1070,7 +1069,7 @@ pycparser==2.21 # via # -r requirements/edx/testing.txt # cffi -pycryptodomex==3.14.1 +pycryptodomex==3.15.0 # via # -r requirements/edx/testing.txt # edx-proctoring @@ -1541,7 +1540,7 @@ urllib3==1.26.9 # selenium user-util==1.0.0 # via -r requirements/edx/testing.txt -uvicorn==0.17.6 +uvicorn==0.18.1 # via # -r requirements/edx/testing.txt # pact-python diff --git a/requirements/edx/testing.txt b/requirements/edx/testing.txt index d67aba5c317a..e865c223f20e 100644 --- a/requirements/edx/testing.txt +++ b/requirements/edx/testing.txt @@ -54,7 +54,6 @@ asgiref==3.5.2 # via # -r requirements/edx/base.txt # django - # uvicorn asn1crypto==1.5.1 # via # -r requirements/edx/base.txt @@ -254,7 +253,7 @@ deprecated==1.2.13 # -r requirements/edx/base.txt # jwcrypto # redis -diff-cover==6.5.0 +diff-cover==6.5.1 # via -r requirements/edx/coverage.txt dill==0.3.5.1 # via pylint @@ -413,7 +412,7 @@ django-multi-email-field==0.6.2 # edx-enterprise django-mysql==4.7.0 # via -r requirements/edx/base.txt -django-oauth-toolkit==1.3.2 +django-oauth-toolkit==1.7.1 # via # -c requirements/edx/../constraints.txt # -r requirements/edx/base.txt @@ -668,7 +667,7 @@ execnet==1.9.0 # via pytest-xdist factory-boy==3.2.1 # via -r requirements/edx/testing.in -faker==13.13.0 +faker==13.14.0 # via factory-boy fastapi==0.78.0 # via pact-python @@ -702,7 +701,7 @@ future==0.18.2 # -r requirements/edx/base.txt # edx-celeryutils # pyjwkest -geoip2==4.5.0 +geoip2==4.6.0 # via -r requirements/edx/base.txt glob2==0.7 # via -r requirements/edx/base.txt @@ -788,6 +787,7 @@ jsonfield==3.1.0 jwcrypto==1.3.1 # via # -r requirements/edx/base.txt + # django-oauth-toolkit # pylti1p3 kombu==5.2.4 # via @@ -887,7 +887,7 @@ multidict==6.0.2 # -r requirements/edx/base.txt # aiohttp # yarl -mysqlclient==2.1.0 +mysqlclient==2.1.1 # via # -r requirements/edx/base.txt # blockstore @@ -907,9 +907,8 @@ numpy==1.22.4 # chem # openedx-calc # scipy -oauthlib==3.0.1 +oauthlib==3.2.0 # via - # -c requirements/edx/../constraints.txt # -r requirements/edx/base.txt # django-oauth-toolkit # lti-consumer-xblock @@ -923,7 +922,7 @@ openedx-filters==0.7.0 # via # -r requirements/edx/base.txt # lti-consumer-xblock -ora2==4.4.0 +ora2==4.4.1 # via -r requirements/edx/base.txt oscrypto==1.3.0 # via @@ -1013,7 +1012,7 @@ pycparser==2.21 # via # -r requirements/edx/base.txt # cffi -pycryptodomex==3.14.1 +pycryptodomex==3.15.0 # via # -r requirements/edx/base.txt # edx-proctoring @@ -1432,7 +1431,7 @@ urllib3==1.26.9 # selenium user-util==1.0.0 # via -r requirements/edx/base.txt -uvicorn==0.17.6 +uvicorn==0.18.1 # via pact-python vine==5.0.0 # via