intranet.apps.oauth package

Submodules

intranet.apps.oauth.admin module

class intranet.apps.oauth.admin.CSLApplicationAdmin(model, admin_site)

Bases: ModelAdmin

Custom admin interface for the CSLApplication model. Adds display and filtering by relevant fields. Adds actions to sanction and unsanction applications. Registered by oauth2_provider.admin Communicated to oauth2_provider by settings.OAUTH2_PROVIDER.APPLICATION_ADMIN_CLASS

actions = ['sanction_applications', 'unsanction_applications', 'skip_authorization_for_applications', 'do_not_skip_authorization_for_applications']

do_not_skip_authorization_for_applications(request, queryset)

list_display = ('id', 'name', 'user', 'client_type', 'authorization_grant_type', 'sanctioned', 'skip_authorization', 'user_has_oauth_and_api_access')

list_filter = ('sanctioned', 'skip_authorization', 'sanctioned_but_do_not_skip_authorization', 'user__oauth_and_api_access', 'client_type', 'authorization_grant_type')

radio_fields = {'authorization_grant_type': 2, 'client_type': 1}

raw_id_fields = ('user',)

sanction_applications(request, queryset)

search_fields = ('name', 'user__username')

skip_authorization_for_applications(request, queryset)

unsanction_applications(request, queryset)

user_has_oauth_and_api_access(obj)

intranet.apps.oauth.apps module

class intranet.apps.oauth.apps.OauthConfig(app_name, app_module)

Bases: AppConfig

name = 'intranet.apps.oauth'

intranet.apps.oauth.models module

class intranet.apps.oauth.models.BlankModel

Bases: object

A blank model to use for modelform_factory for unauthorized users.

class intranet.apps.oauth.models.BlankModel2

Bases: object

concrete_fields = ()

many_to_many = ()

private_fields = ()

class intranet.apps.oauth.models.CSLApplication(*args, **kwargs)

Bases: AbstractApplication

Extends the default OAuth Application model to add CSL-specific information about an OAuth application. Disables the implicit, password, and OpenID connect hybrid grant types. Disables use of an OIDC algorithm.

sanctioned

Whether the application is sanctioned by the tjCSL.

Type:

bool

sanctioned_but_do_not_skip_authorization

Whether to not skip the authorization page for this application even if it is sanctioned.

Type:

bool

user_has_oauth_and_api_access

Whether the user associated with the CSLApplication has OAuth and API access.

Type:

bool

ALGORITHM_TYPES = (('', 'No OIDC support'),)

CLIENT_CONFIDENTIAL = 'confidential'

CLIENT_PUBLIC = 'public'

CLIENT_TYPES = (('confidential', 'Confidential'), ('public', 'Public'))

exception DoesNotExist

Bases: ObjectDoesNotExist

GRANT_AUTHORIZATION_CODE = 'authorization-code'

GRANT_CLIENT_CREDENTIALS = 'client-credentials'

GRANT_IMPLICIT = 'implicit'

GRANT_OPENID_HYBRID = 'openid-hybrid'

GRANT_PASSWORD = 'password'

GRANT_TYPES = (('authorization-code', 'Authorization code'), ('client-credentials', 'Client credentials'))

HS256_ALGORITHM = 'HS256'

exception MultipleObjectsReturned

Bases: MultipleObjectsReturned

NO_ALGORITHM = ''

RS256_ALGORITHM = 'RS256'

accesstoken_set

Accessor to the related objects manager on the reverse side of a many-to-one relation.

In the example:

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Parent.children is a ReverseManyToOneDescriptor instance.

Most of the implementation is delegated to a dynamically defined manager class built by create_forward_many_to_many_manager() defined below.

app_set

Accessor to the related objects manager on the reverse side of a many-to-one relation.

In the example:

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Parent.children is a ReverseManyToOneDescriptor instance.

Most of the implementation is delegated to a dynamically defined manager class built by create_forward_many_to_many_manager() defined below.

get_algorithm_display(*, field=<django.db.models.fields.CharField: algorithm>)

get_authorization_grant_type_display(*, field=<django.db.models.fields.CharField: authorization_grant_type>)

get_client_type_display(*, field=<django.db.models.fields.CharField: client_type>)

get_next_by_created(*, field=<django.db.models.fields.DateTimeField: created>, is_next=True, **kwargs)

get_next_by_updated(*, field=<django.db.models.fields.DateTimeField: updated>, is_next=True, **kwargs)

get_previous_by_created(*, field=<django.db.models.fields.DateTimeField: created>, is_next=False, **kwargs)

get_previous_by_updated(*, field=<django.db.models.fields.DateTimeField: updated>, is_next=False, **kwargs)

grant_set

Accessor to the related objects manager on the reverse side of a many-to-one relation.

In the example:

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Parent.children is a ReverseManyToOneDescriptor instance.

Most of the implementation is delegated to a dynamically defined manager class built by create_forward_many_to_many_manager() defined below.

idtoken_set

Accessor to the related objects manager on the reverse side of a many-to-one relation.

In the example:

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Parent.children is a ReverseManyToOneDescriptor instance.

Most of the implementation is delegated to a dynamically defined manager class built by create_forward_many_to_many_manager() defined below.

objects = <django.db.models.manager.Manager object>

refreshtoken_set

Accessor to the related objects manager on the reverse side of a many-to-one relation.

In the example:

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Parent.children is a ReverseManyToOneDescriptor instance.

Most of the implementation is delegated to a dynamically defined manager class built by create_forward_many_to_many_manager() defined below.

sanctioned

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

sanctioned_but_do_not_skip_authorization

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

save(*args, **kwargs)

user

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example:

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

property user_has_oauth_and_api_access

intranet.apps.oauth.tests module

intranet.apps.oauth.views module

class intranet.apps.oauth.views.ApplicationDeleteView(**kwargs)

Bases: ApplicationDelete

Custom delete view to check if the user can delete applications.

dispatch(request, *args, **kwargs)

class intranet.apps.oauth.views.ApplicationRegistrationView(**kwargs)

Bases: ApplicationRegistration

Custom registration view. Check that the user has OAuth and API access before allowing them to register an application. Disable showing algorithm field. Disable editing client_id and client_secret fields. Note that there are three layers of permission checking: at the template level, form level, and response level. This view handles the form and response levels.

dispatch(request, *args, **kwargs)

get_form_class()

Returns the form class for the application model

class intranet.apps.oauth.views.ApplicationUpdateView(**kwargs)

Bases: ApplicationUpdate

Custom update view to disable showing the algorithm, client_id and client_secret fields and check if the user can update applications.

dispatch(request, *args, **kwargs)

get_form_class()

Returns the form class for the application model

Module contents