makinacorpus · gbip · Jun 13, 2024 · Jan 9, 2025 · Jan 13, 2025 · Jan 13, 2025
diff --git a/.gitattributes b/.gitattributes
@@ -0,0 +1 @@
+pyproject.toml export-subst
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -0,0 +1,85 @@
+name: Lint source code
+
+on:
+  push:
+    branches: [ $default-branch ]
+  pull_request:
+
+jobs:
+
+  black:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+      - uses: psf/black@stable
+        with:
+          version: "~= 24.0"
+
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"]
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Needed for versioningit to find the repo version
+      - uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: Install dependencies
+        run: python -m pip install --upgrade pip build
+      - name: Build python package
+        run: python -m build
+
+  mypy:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: [ "3.8", "3.9", "3.10", "3.11", "3.12" ]
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Needed for versioningit to find the repo version
+      - uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: python -m pip install .[drf]
+
+      - name: Install dependencies
+        run: python -m pip install --upgrade pip
+          -r requirements/requirements-dev.in
+          -r requirements/requirements-test.in
+
+      - name: Run mypy
+        run: mypy --version && ./run_mypy.sh
+
+
+  linting:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0 # Needed for versioningit to find the repo version
+    - uses: actions/setup-python@v5
+      with:
+        python-version: "3.12"
+
+    - name: Install dependencies
+      run: python -m pip download .[drf]
+
+    - name: Install dependencies
+      run: python -m pip install --upgrade pip
+        -r requirements/requirements-dev.in
+        -r requirements/requirements-test.in
+
+    - name: Run flake8
+      run : flake8 --version && flake8 --extend-ignore=E501,E503,E203 --max-line-len=88 .
+
+    - name: Run isort
+      run : isort --profile black .
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/ambv/black
-    rev: 22.3.0
+    rev: 24.10.0
     hooks:
       - id: black
   - repo: https://github.com/pre-commit/pre-commit-hooks
@@ -15,4 +15,10 @@ repos:
       - id: isort
         args: ["--profile", "black"]
         name: isort (python)
-
+  - repo: local
+    hooks:
+      - id: mypy
+        name: Mypy
+        entry: ./run_mypy.sh
+        language: script
+        pass_filenames: false
diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md
@@ -1,9 +1,52 @@
 # Dev setup
 
+## Publishing (test pypy)
+
+First create an account on [test pypi]() and generate a token.
+
+Clean your worktree and tag your release to generate a valid version number (otherwise pypi will reject your release) :
+
+```
+git stash # clean your worktree
+git tag 0.0.18rc1
+git stash pop # restore your worktree
+```
+
+Then, publish using the Makefile to build and push the library : 
+
+```
+make clean && make build && make publish-test
+```
+
+## Publishing (production)
+
+Make sure that you are on the maintainer list of the [pypi project](https://pypi.org/project/django-pyoidc/) and generate an API token for this project.
+
+Clean your worktree and tag your release :
+
+```
+git stash # clean your worktree
+git tag 0.0.1 # tag the release
+git stash pop # tag your release
+```
+
+Build the python package :
+
+```
+make clean && make build
+```
+
+Publish it :
+
+```
+make publish
+```
+
+
 ## Installation
 
 ```bash
-pip install -r requirements.txt -r requirements-test.txt
+pip install -r requirements/requirements.txt -r requirements/requirements-test.txt
 ```
 
 ## Enable pre-commit
@@ -20,27 +63,45 @@ Run a live documentation server :
 sphinx-autobuild docs docs/_build/html
 ```
 
+## Running static type checking (mypy)
+
+First install the dev dependencies :
+
+```
+pip install -r requirements/requirements.txt -r requirements/requirements-dev.txt
+```
+
+Then run mypy :
+
+```
+mypy django_pyoidc
+```
+
 ## Running Tests
 
-Check database settings in tests/test_settings.py, target a real PostgreSQL Host (You need a PostgreSQL version 12 or greater).
+Check database settings in `tests/test_settings.py`, target a real PostgreSQL Host (You need a PostgreSQL version 12 or greater), for e2e tests check the `tests/e2e/settings.py` file.
 
 ```
-python3 runtests.py
+python3 run_tests.py  # for unit tests
+python3 run_e2e_tests.py  # for end to end tests
 ```
 
 ## Adding a dependency
 
-Add the dependency to either `requirements.in` or `requirements-test.in`.
+Add the dependency to either `requirements/requirements.in`, `requirements/requirements-test.in` or `requirements/requirements-dev.in` 
+depending on the usage of the dependency.
 
 Then run :
 
 ```
 pip install pip-tools
-pip-compile --output-file=requirements.txt pyproject.toml # freeze package versions
-pip-compile --output-file=requirements-test.txt requirements-test.in
+make update_all_deps
 ```
 
-FIXME: possible alternative for tests requirements would be:
+## Building local packages
+
+You can build the package locally by running :
+
 ```
-python -m piptools compile --extra test -o requirements-test.txt pyproject.toml
+python -m build
 ```
diff --git a/MANIFEST.in b/MANIFEST.in
diff --git a/Makefile b/Makefile
@@ -0,0 +1,25 @@
+.PHONY: update_all_deps build clean publish-test
+
+update_all_deps : requirements/requirements.txt requirements/requirements-dev.txt requirements/requirements-test.txt
+
+
+requirements/requirements.txt : pyproject.toml
+	pip-compile -o $@ $< --extra drf
+
+requirements/requirements-dev.txt : requirements/requirements-dev.in requirements/requirements/requirements.txt
+	pip-compile -o $@ $<
+
+requirements/requirements-test.txt : requirements/requirements-test.in requirements/requirements-dev.in requirements/requirements.txt
+	pip-compile $<
+
+publish-test: 
+	hatch publish -r test -u __token__
+
+publish: 
+	hatch publish -r main -u __token__
+
+build:
+	hatch build
+
+clean:
+	@rm -rf dist/
diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-# Makina Django OIDC
+# django-pyoidc
 
 
 <p align="center">
@@ -90,19 +90,22 @@ Now you can pick an identity provider from the [available providers](https://dja
 
 Create a file named `oidc.py` next to your settings file and initialize your provider there :
 
+FIXME: Here config as settings only OR using custom provider
+
 ```python
 from django_pyoidc.providers.keycloak import KeycloakProvider
 
 my_oidc_provider = KeycloakProvider(
     op_name="keycloak",
-    client_secret="s3cret",
-    client_id="my_client_id",
     keycloak_base_uri="http://keycloak.local:8080/auth/", # we use the auth/ path prefix option on Keycloak
     keycloak_realm="Demo",
+    client_secret="s3cret",
+    client_id="my_client_id",
     logout_redirect="http://app.local:8082/",
     failure_redirect="http://app.local:8082/",
     success_redirect="http://app.local:8082/",
     redirect_requires_https=False,
+    login_uris_redirect_allowed_hosts=["app.local:8082"],
 )
 ```
 
@@ -112,7 +115,7 @@ You can then add to your django configuration the following line :
 from .oidc_providers import my_oidc_provider
 
 DJANGO_PYOIDC = {
-    **my_oidc_provider.get_config(allowed_hosts=["app.local:8082"]),
+    **my_oidc_provider.get_config(),
 }
 ```
 
@@ -153,4 +156,3 @@ This project is sponsored by Makina Corpus. If you require assistance on your pr
 
 - [@gbip](https://www.github.com/gbip)
 - [@regilero](https://github.com/regilero)
-
diff --git a/django_pyoidc/VERSION b/django_pyoidc/VERSION
@@ -1 +1 @@
-0.0.13
+0.0.14
diff --git a/django_pyoidc/__init__.py b/django_pyoidc/__init__.py
@@ -1,4 +1,4 @@
-from typing import Dict
+from typing import Any, Dict
 
 from django.contrib.auth import get_user_model
 from django.core.exceptions import SuspiciousOperation
@@ -7,7 +7,7 @@
 from django_pyoidc.utils import extract_claim_from_tokens
 
 
-def get_user_by_email(tokens: Dict):
+def get_user_by_email(tokens: Dict[str, Any]) -> Any:
     User = get_user_model()
 
     username = None
@@ -71,5 +71,6 @@ def get_user_by_email(tokens: Dict):
         email=email,
         username=django_username,
     )
-    user.backend = "django.contrib.auth.backends.ModelBackend"
+    if hasattr(user, "backend"):
+        user.backend = "django.contrib.auth.backends.ModelBackend"
     return user
diff --git a/django_pyoidc/admin.py b/django_pyoidc/admin.py
@@ -3,10 +3,12 @@
 from django.conf import settings
 from django.contrib import admin
 
+from django_pyoidc.models import OIDCSession
+
 SessionStore = import_module(settings.SESSION_ENGINE).SessionStore
 
 
-class OIDCSessionAdmin(admin.ModelAdmin):
+class OIDCSessionAdmin(admin.ModelAdmin):  # type: ignore[type-arg] # https://github.com/typeddjango/django-stubs/issues/507
     readonly_fields = (
         "state",
         "session_state",
@@ -24,12 +26,11 @@ class OIDCSessionAdmin(admin.ModelAdmin):
         "created_at",
     ]
 
-    def has_session_management(self, obj) -> bool:
+    @admin.display(boolean=True)
+    def has_session_management(self, obj: OIDCSession) -> bool:
         return obj.session_state is not None
 
-    def session_is_active(self, obj) -> bool:
+    @admin.display(boolean=True)
+    def session_is_active(self, obj: OIDCSession) -> bool:
         s = SessionStore()
         return obj.cache_session_key is not None and s.exists(obj.cache_session_key)
-
-    has_session_management.boolean = True
-    session_is_active.boolean = True