From 75b9f4f7e4387e670a3fae925d5522ff3a01a746 Mon Sep 17 00:00:00 2001 From: Jonathan Huot Date: Tue, 29 Oct 2019 14:55:36 +0100 Subject: Add sponsoring section/fix FUNDING.yml --- .github/FUNDING.yml | 2 +- docs/contributing.rst | 17 +++++++++++++++-- tox.ini | 4 ++-- 3 files changed, 18 insertions(+), 5 deletions(-) diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index 9d4faec..a77947b 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -1,6 +1,6 @@ # These are supported funding model platforms -github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] +github: [JonathanHuot] patreon: # Replace with a single Patreon username open_collective: # Replace with a single Open Collective username ko_fi: # Replace with a single Ko-fi username diff --git a/docs/contributing.rst b/docs/contributing.rst index 4a46e3b..eed3866 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -188,7 +188,7 @@ submit a breaking change, confirm that other projects builds are not affected. $ make -If you add code you need to add tests! +If you add code, add tests! -------------------------------------- We've learned the hard way that code without tests is undependable. If your pull @@ -303,7 +303,7 @@ First we pull the code into a local branch:: Then we run the tests:: - pytest + tox We finish with a non-fastforward merge (to preserve the branch history) and push to GitHub:: @@ -312,6 +312,19 @@ to GitHub:: git merge --no-ff git push upstream master +Sponsoring +========== + +The OAuthlib project is open to sponsoring. + +As a sponsor, you can participate by clicking on the "Sponsor" button in +the https://github.com/oauthlib/oauthlib homepage. + +As a contributor, you can adhere to the sponsoring program. Feel free +to open a PR by adding your name into the ``.github/FUNDING.yml`` +file. + + .. _installation: install.html .. _GitHub project: https://github.com/oauthlib/oauthlib .. _issue tracker: https://github.com/oauthlib/oauthlib/issues diff --git a/tox.ini b/tox.ini index 22f6f33..32cd5bf 100644 --- a/tox.ini +++ b/tox.ini @@ -9,9 +9,9 @@ commands= # tox -e docs to mimick readthedocs build. -# as of today, RTD is using python2.7 and doesn't run "setup.py install" +# as of today, RTD is using python3.6 and doesn't run "setup.py install" [testenv:docs] -basepython=python2.7 +basepython=python3.6 skipsdist=True deps= sphinx -- cgit v1.2.1 From 89cf685d0299744fe3be6d7c0fa8429b945a4d67 Mon Sep 17 00:00:00 2001 From: Braedon Vickers Date: Tue, 21 Jan 2020 19:45:29 +0800 Subject: Rework client authentication in SkeletonValidator for clarity SkeletonValidator was seemingly written to not support public clients at all. Its authenticate_client_id() explicitly returned `False`, rather than `pass`-ing like the other methods, and client_authentication_required() was missing entirely (the default implementation always returns `True`). This opinionated approach is confusing, especially when writing an implementation that allows public clients. The comment on the authenticate_client_id() method is particularly confusing. Unlike the comments on other methods, which explain the method, it explains the implementation (returning `False`). As a result, it appears to say the method should return `False` for public clients, when it should actually return `False` for confidential clients (and `True` for valid public clients). To reduce this confusion, include a client_authentication_required() stub, `pass` rather than returning `False` in authenticate_client_id(), and update its comment to describe the method. --- examples/skeleton_oauth2_web_application_server.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/examples/skeleton_oauth2_web_application_server.py b/examples/skeleton_oauth2_web_application_server.py index 9a30373..91859fc 100644 --- a/examples/skeleton_oauth2_web_application_server.py +++ b/examples/skeleton_oauth2_web_application_server.py @@ -54,13 +54,18 @@ class SkeletonValidator(RequestValidator): # Token request + def client_authentication_required(self, request, *args, **kwargs): + # Check if the client provided authentication information that needs to + # be validated, e.g. HTTP Basic auth + pass + def authenticate_client(self, request, *args, **kwargs): # Whichever authentication method suits you, HTTP Basic might work pass def authenticate_client_id(self, client_id, request, *args, **kwargs): - # Don't allow public (non-authenticated) clients - return False + # The client_id must match an existing public (non-confidential) client + pass def validate_code(self, client_id, code, client, request, *args, **kwargs): # Validate the code belongs to the client. Add associated scopes -- cgit v1.2.1