Add support to 3.13 (#47)

* Allow "*" in GOOGLE_SSO_ALLOWABLE_DOMAINS

* feat!: Add support to Python to 3.13 and remove 3.10

This is a BREAKING CHANGE commit

* chore: fix unit tests

* chore: fix line breaks

* chore: fix github actions

---------

Co-authored-by: Pavel Mises <id@dqd.cz>

.gitattributes

@@ -0,0 +1 @@
+* text=auto eol=lf

.github/workflows/publish.yml

@@ -5,25 +5,59 @@ on:
     branches: [ main ]
 permissions:
   contents: write
+  id-token: write
 jobs:
-  publish:
+  release:
     if: github.event_name == 'push' && github.ref == 'refs/heads/main' && !contains(github.event.head_commit.message, 'chore(release):')
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - name: Setup | Checkout Project
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - name: Set up Python
-        uses: actions/setup-python@v4
+          ref: ${{ github.sha }}
+
+      - name: Setup | Force Branch
+        run: |
+          git checkout -B ${{ github.ref_name }} ${{ github.sha }}
+
+      - name: Setup | Install Python 3.12
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Release | Python Semantic Release
+        id: release
+        uses: python-semantic-release/python-semantic-release@v9.10.0
         with:
-          python-version: "3.11"
-      - name: Setup Poetry
-        uses: abatilo/actions-poetry@v2
-      - name: Python Semantic Release
-        uses: python-semantic-release/python-semantic-release@v7.34.6
+          build: true
+          commit: true
+          push: true
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Publish | Build and Publish to PyPI using Poetry
+        if: steps.release.outputs.released == 'true'
+        uses: JRubics/poetry-publish@v2.0
+        with:
+          pypi_token: ${{ secrets.POETRY_PYPI_TOKEN_PYPI }}
+
+      - name: Release | Upload to GitHub Release Assets
+        uses: python-semantic-release/publish-action@v9.10.0
+        if: steps.release.outputs.released == 'true'
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
-          repository_username: __token__
-          repository_password: ${{ secrets.POETRY_PYPI_TOKEN_PYPI }}
-      - run: pip install mkdocs-material
-      - run: mkdocs gh-deploy --force
+          tag: ${{ steps.release.outputs.tag }}
+
+  docs:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Setup | Checkout Project
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Docs | Install MKDocs
+        run: pip install mkdocs-material
+
+      - name: Docs | Publish Docs
+        run: mkdocs gh-deploy --force

.github/workflows/stale.yml

@@ -12,9 +12,9 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v4
+      - uses: actions/stale@v9
         with:
-          days-before-stale: 30 # Mark as stale after 60 days
+          days-before-stale: 30 # Mark as stale after 30 days
           days-before-close: 7 # Close 7 days after being marked as stale
           stale-issue-message: 'This issue has been marked as stale due to lack of activity. It will be closed in 7 days if no further activity occurs.'
           stale-pr-message: 'This pull request has been marked as stale due to lack of activity. It will be closed in 7 days if no further activity occurs.'

.github/workflows/tests.yml

@@ -9,35 +9,35 @@ jobs:
 
     steps:
       - name: Checkout Branch
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Setups Python
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v5
         with:
-          python-version: "3.11"
+          python-version: "3.12"
       - name: Setup Poetry
-        uses: abatilo/actions-poetry@v2
+        uses: abatilo/actions-poetry@v3
       - name: Run Pre-Commit
-        uses: pre-commit/action@v3.0.0
+        uses: pre-commit/action@v3.0.1
   test:
     runs-on: ubuntu-latest
     needs: [lint]
     strategy:
       matrix:
         os: [ubuntu-latest, macos-latest, windows-latest]
-        python-version: ["3.10", "3.11", "3.12"]
+        python-version: ["3.11", "3.12", "3.13"]
         django-version: ["4.2", "5.0", "5.1"]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
       - name: Update tools
         run: python -m pip install --upgrade pip setuptools wheel
       - name: Setup Poetry
-        uses: abatilo/actions-poetry@v2
+        uses: abatilo/actions-poetry@v3
       - name: Install Project
         run: |
           poetry install

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.5.0
+    rev: v5.0.0
     hooks:
       - id: check-yaml
       - id: end-of-file-fixer
@@ -12,18 +12,18 @@ repos:
       - id: python-bandit-vulnerability-check
         args: [ "-s", "B101,B105", "-r", "--exclude", "*/.venv/*", "." ]
   - repo: https://github.com/pycqa/isort
-    rev: 5.12.0
+    rev: 5.13.2
     hooks:
       - id: isort
         name: isort (python)
         args: [ "--profile", "black", "--filter-files" ]
   - repo: https://github.com/psf/black
-    rev: 23.11.0
+    rev: 24.10.0
     hooks:
       - id: black
         exclude: ^.*\b(migrations)\b.*$
   - repo: https://github.com/Lucas-C/pre-commit-hooks-safety
-    rev: v1.3.2
+    rev: v1.3.3
     hooks:
       - id: python-safety-dependencies-check
         # Ignoring vulnerabilities for local dev packages: localstack
@@ -33,12 +33,12 @@ repos:
     hooks:
       - id: yesqa
   - repo: https://github.com/PyCQA/flake8
-    rev: 6.1.0
+    rev: 7.1.1
     hooks:
       - id: flake8
         args: ["--count", "--exclude", "*/migrations/*,.git,*/site-packages/*", "." ]
   - repo: https://github.com/myint/autoflake
-    rev: v2.2.1
+    rev: v2.3.1
     hooks:
       - id: autoflake
         args: [ "--in-place", "--remove-all-unused-imports", "--remove-duplicate-keys" ]

django_google_sso/main.py

@@ -101,9 +101,11 @@ def username_field(self) -> Field:
     @property
     def email_is_valid(self) -> bool:
         user_email_domain = self.user_email.split("@")[-1]
-        for email_domain in conf.GOOGLE_SSO_ALLOWABLE_DOMAINS:
-            if user_email_domain in email_domain:
-                return True
+        if (
+            "*" in conf.GOOGLE_SSO_ALLOWABLE_DOMAINS
+            or user_email_domain in conf.GOOGLE_SSO_ALLOWABLE_DOMAINS
+        ):
+            return True
         email_verified = self.user_info.get("email_verified", None)
         if email_verified is not None and not email_verified:
             logger.debug(f"Email {self.user_email} is not verified.")

docs/index.md

@@ -32,8 +32,9 @@ pip install django-google-sso
 ```
 
 !!! info "Currently this project supports:"
-    * Python 3.10, 3.11 and 3.12
+    * Python 3.11, 3.12 and 3.13
     * Django 4.2, 5.0 and 5.1
 
     For python 3.8 please use version 2.x
     For python 3.9 please use version 3.x
+    For python 3.10 please use version 4.x

docs/users.md

@@ -9,6 +9,13 @@ For example, if any user with a gmail account can sign in, you can set:
 GOOGLE_SSO_ALLOWABLE_DOMAINS = ["gmail.com"]
 ```
 
+To allow everyone to register, you can use "*" as the value (but beware the security implications):
+
+```python
+# Use "*" to add all users
+GOOGLE_SSO_ALLOWABLE_DOMAINS = ["*"]
+```
+
 ## Disabling the auto-create users
 
 You can disable the auto-create users feature by setting the `GOOGLE_SSO_AUTO_CREATE_USERS` setting to `False`:

example_google_app/backend.py

@@ -34,13 +34,13 @@ def pre_login_callback(user, request):
         # Use response to update user info
         # Please add the custom scope in settings.GOOGLE_SSO_SCOPES
         # to access this info
-        response = httpx.get(url, headers=headers)
+        response = httpx.get(url, headers=headers, timeout=10)
         if response.status_code == 200:
             user_data = response.json()
             logger.debug(f"Updating User Data with Google Info: {user_data}")
 
             url = "https://people.googleapis.com/v1/people/me?personFields=birthdays"
-            response = httpx.get(url, headers=headers)
+            response = httpx.get(url, headers=headers, timeout=10)
             people_data = response.json()
             logger.debug(f"Updating User Data with Google People Info: {people_data}")
 
@@ -55,7 +55,7 @@ def is_user_valid(token):
         "Authorization": f"Bearer {token}",
     }
     url = "https://www.googleapis.com/oauth2/v3/userinfo"
-    response = httpx.get(url, headers=headers)
+    response = httpx.get(url, headers=headers, timeout=10)
 
     # Add any check here
 

example_google_app/settings.py

@@ -9,6 +9,7 @@
 For the full list of settings and their values, see
 https://docs.djangoproject.com/en/3.2/ref/settings/
 """
+
 from pathlib import Path
 
 from stela import env

example_google_app/urls.py

@@ -13,6 +13,7 @@
     1. Import the include() function: from django.urls import include, path
     2. Add a URL to urlpatterns:  path('blog/', include('blog.urls'))
 """
+
 from django.conf import settings
 from django.conf.urls.static import static
 from django.contrib import admin

example_google_app/views.py

@@ -18,7 +18,9 @@ def single_logout_view(request):
 
     # You can revoke the Access Token here
     if token:
-        httpx.post("https://oauth2.googleapis.com/revoke", params={"token": token})
+        httpx.post(
+            "https://oauth2.googleapis.com/revoke", params={"token": token}, timeout=10
+        )
 
     # And redirect user to Google logout page if you want
     redirect_url = reverse("admin:index")  # Or 'https://accounts.google.com/logout'

pyproject.toml

@@ -1,5 +1,5 @@
 [tool.black]
-target-version = ['py39']
+target-version = ['py312']
 include = '\.pyi?$'
 exclude = '''
 (
@@ -30,7 +30,7 @@ use_parentheses = true
 ensure_newline_before_comments = true
 
 [tool.semantic_release]
-version_variable = [
+version_variables = [
     "django_google_sso/__init__.py:__version__",
     "pyproject.toml:version"
 ]
@@ -59,7 +59,7 @@ classifiers = [
 ]
 
 [tool.poetry.dependencies]
-python = ">=3.10, <4.0"
+python = ">=3.11, <4.0"
 django = ">=4.2"
 loguru = "*"
 google-auth = "*"