Added patches for some issues with the oic and oidc-provider modules, and updated a patch for request-profiler.

levkowetz · levkowetz · commit 0e24e996285d · 2020-06-06T21:02:30.000Z
- Legacy-Id: 17920
diff --git a/patch/change-oidc-provider-field-sizes-228.patch b/patch/change-oidc-provider-field-sizes-228.patch
@@ -0,0 +1,289 @@
+diff -ur oidc_provider.orig/migrations/0001_initial.py oidc_provider/migrations/0001_initial.py
+--- oidc_provider.orig/migrations/0001_initial.py	2020-05-22 15:09:21.005044205 +0200
++++ oidc_provider/migrations/0001_initial.py	2020-05-22 15:09:40.305603247 +0200
+@@ -18,8 +18,8 @@
+             fields=[
+                 ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
+                 ('name', models.CharField(default=b'', max_length=100)),
+-                ('client_id', models.CharField(unique=True, max_length=255)),
+-                ('client_secret', models.CharField(unique=True, max_length=255)),
++                ('client_id', models.CharField(unique=True, max_length=228)),
++                ('client_secret', models.CharField(unique=True, max_length=228)),
+                 ('response_type', models.CharField(max_length=30, choices=[
+                     (b'code', b'code (Authorization Code Flow)'), (b'id_token', b'id_token (Implicit Flow)'),
+                     (b'id_token token', b'id_token token (Implicit Flow)')])),
+@@ -35,7 +35,7 @@
+                 ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
+                 ('expires_at', models.DateTimeField()),
+                 ('_scope', models.TextField(default=b'')),
+-                ('code', models.CharField(unique=True, max_length=255)),
++                ('code', models.CharField(unique=True, max_length=228)),
+                 ('client', models.ForeignKey(to='oidc_provider.Client', on_delete=models.CASCADE)),
+             ],
+             options={
+@@ -49,7 +49,7 @@
+                 ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
+                 ('expires_at', models.DateTimeField()),
+                 ('_scope', models.TextField(default=b'')),
+-                ('access_token', models.CharField(unique=True, max_length=255)),
++                ('access_token', models.CharField(unique=True, max_length=228)),
+                 ('_id_token', models.TextField()),
+                 ('client', models.ForeignKey(to='oidc_provider.Client', on_delete=models.CASCADE)),
+             ],
+@@ -62,26 +62,26 @@
+             name='UserInfo',
+             fields=[
+                 ('user', models.OneToOneField(primary_key=True, serialize=False, to=settings.AUTH_USER_MODEL, on_delete=models.CASCADE)),
+-                ('given_name', models.CharField(max_length=255, null=True, blank=True)),
+-                ('family_name', models.CharField(max_length=255, null=True, blank=True)),
+-                ('middle_name', models.CharField(max_length=255, null=True, blank=True)),
+-                ('nickname', models.CharField(max_length=255, null=True, blank=True)),
++                ('given_name', models.CharField(max_length=228, null=True, blank=True)),
++                ('family_name', models.CharField(max_length=228, null=True, blank=True)),
++                ('middle_name', models.CharField(max_length=228, null=True, blank=True)),
++                ('nickname', models.CharField(max_length=228, null=True, blank=True)),
+                 ('gender', models.CharField(max_length=100, null=True, choices=[(b'F', b'Female'), (b'M', b'Male')])),
+                 ('birthdate', models.DateField(null=True)),
+                 ('zoneinfo', models.CharField(default=b'', max_length=100, null=True, blank=True)),
+-                ('preferred_username', models.CharField(max_length=255, null=True, blank=True)),
++                ('preferred_username', models.CharField(max_length=228, null=True, blank=True)),
+                 ('profile', models.URLField(default=b'', null=True, blank=True)),
+                 ('picture', models.URLField(default=b'', null=True, blank=True)),
+                 ('website', models.URLField(default=b'', null=True, blank=True)),
+                 ('email_verified', models.NullBooleanField(default=False)),
+                 ('locale', models.CharField(max_length=100, null=True, blank=True)),
+-                ('phone_number', models.CharField(max_length=255, null=True, blank=True)),
++                ('phone_number', models.CharField(max_length=228, null=True, blank=True)),
+                 ('phone_number_verified', models.NullBooleanField(default=False)),
+-                ('address_street_address', models.CharField(max_length=255, null=True, blank=True)),
+-                ('address_locality', models.CharField(max_length=255, null=True, blank=True)),
+-                ('address_region', models.CharField(max_length=255, null=True, blank=True)),
+-                ('address_postal_code', models.CharField(max_length=255, null=True, blank=True)),
+-                ('address_country', models.CharField(max_length=255, null=True, blank=True)),
++                ('address_street_address', models.CharField(max_length=228, null=True, blank=True)),
++                ('address_locality', models.CharField(max_length=228, null=True, blank=True)),
++                ('address_region', models.CharField(max_length=228, null=True, blank=True)),
++                ('address_postal_code', models.CharField(max_length=228, null=True, blank=True)),
++                ('address_country', models.CharField(max_length=228, null=True, blank=True)),
+                 ('updated_at', models.DateTimeField(auto_now=True, null=True)),
+             ],
+             options={
+diff -ur oidc_provider.orig/migrations/0003_code_nonce.py oidc_provider/migrations/0003_code_nonce.py
+--- oidc_provider.orig/migrations/0003_code_nonce.py	2020-05-22 15:09:21.005044205 +0200
++++ oidc_provider/migrations/0003_code_nonce.py	2020-05-22 15:09:40.297603016 +0200
+@@ -14,6 +14,6 @@
+         migrations.AddField(
+             model_name='code',
+             name='nonce',
+-            field=models.CharField(default=b'', max_length=255, blank=True),
++            field=models.CharField(default=b'', max_length=228, blank=True),
+         ),
+     ]
+diff -ur oidc_provider.orig/migrations/0005_token_refresh_token.py oidc_provider/migrations/0005_token_refresh_token.py
+--- oidc_provider.orig/migrations/0005_token_refresh_token.py	2020-05-22 15:09:21.005044205 +0200
++++ oidc_provider/migrations/0005_token_refresh_token.py	2020-05-22 15:09:40.269602205 +0200
+@@ -14,7 +14,7 @@
+         migrations.AddField(
+             model_name='token',
+             name='refresh_token',
+-            field=models.CharField(max_length=255, unique=True, null=True),
++            field=models.CharField(max_length=228, unique=True, null=True),
+             preserve_default=True,
+         ),
+     ]
+diff -ur oidc_provider.orig/migrations/0012_auto_20160405_2041.py oidc_provider/migrations/0012_auto_20160405_2041.py
+--- oidc_provider.orig/migrations/0012_auto_20160405_2041.py	2020-05-22 15:09:21.005044205 +0200
++++ oidc_provider/migrations/0012_auto_20160405_2041.py	2020-05-22 15:09:40.289602784 +0200
+@@ -15,6 +15,6 @@
+         migrations.AlterField(
+             model_name='client',
+             name='client_secret',
+-            field=models.CharField(blank=True, default=b'', max_length=255),
++            field=models.CharField(blank=True, default=b'', max_length=228),
+         ),
+     ]
+diff -ur oidc_provider.orig/migrations/0013_auto_20160407_1912.py oidc_provider/migrations/0013_auto_20160407_1912.py
+--- oidc_provider.orig/migrations/0013_auto_20160407_1912.py	2020-05-22 15:09:21.005044205 +0200
++++ oidc_provider/migrations/0013_auto_20160407_1912.py	2020-05-22 15:09:40.277602437 +0200
+@@ -15,11 +15,11 @@
+         migrations.AddField(
+             model_name='code',
+             name='code_challenge',
+-            field=models.CharField(max_length=255, null=True),
++            field=models.CharField(max_length=228, null=True),
+         ),
+         migrations.AddField(
+             model_name='code',
+             name='code_challenge_method',
+-            field=models.CharField(max_length=255, null=True),
++            field=models.CharField(max_length=228, null=True),
+         ),
+     ]
+diff -ur oidc_provider.orig/migrations/0015_change_client_code.py oidc_provider/migrations/0015_change_client_code.py
+--- oidc_provider.orig/migrations/0015_change_client_code.py	2020-05-22 15:09:21.005044205 +0200
++++ oidc_provider/migrations/0015_change_client_code.py	2020-05-22 15:09:40.281602552 +0200
+@@ -20,7 +20,7 @@
+         migrations.AlterField(
+             model_name='client',
+             name='client_secret',
+-            field=models.CharField(blank=True, default='', max_length=255),
++            field=models.CharField(blank=True, default='', max_length=228),
+         ),
+         migrations.AlterField(
+             model_name='client',
+@@ -63,7 +63,7 @@
+         migrations.AlterField(
+             model_name='code',
+             name='nonce',
+-            field=models.CharField(blank=True, default='', max_length=255),
++            field=models.CharField(blank=True, default='', max_length=228),
+         ),
+         migrations.AlterField(
+             model_name='token',
+diff -ur oidc_provider.orig/migrations/0016_userconsent_and_verbosenames.py oidc_provider/migrations/0016_userconsent_and_verbosenames.py
+--- oidc_provider.orig/migrations/0016_userconsent_and_verbosenames.py	2020-05-22 15:09:21.005044205 +0200
++++ oidc_provider/migrations/0016_userconsent_and_verbosenames.py	2020-05-22 15:14:37.858221152 +0200
+@@ -20,7 +20,7 @@
+             model_name='userconsent',
+             name='date_given',
+             field=models.DateTimeField(
+-                default=datetime.datetime(2016, 6, 10, 17, 53, 48, 889808, tzinfo=utc), verbose_name='Date Given'),
++                default=datetime.datetime(2016, 6, 10, 17, 53, 48, 889808), verbose_name='Date Given'),
+             preserve_default=False,
+         ),
+         migrations.AlterField(
+@@ -32,12 +32,12 @@
+         migrations.AlterField(
+             model_name='client',
+             name='client_id',
+-            field=models.CharField(max_length=255, unique=True, verbose_name='Client ID'),
++            field=models.CharField(max_length=228, unique=True, verbose_name='Client ID'),
+         ),
+         migrations.AlterField(
+             model_name='client',
+             name='client_secret',
+-            field=models.CharField(blank=True, default=b'', max_length=255, verbose_name='Client SECRET'),
++            field=models.CharField(blank=True, default=b'', max_length=228, verbose_name='Client SECRET'),
+         ),
+         migrations.AlterField(
+             model_name='client',
+@@ -84,17 +84,17 @@
+         migrations.AlterField(
+             model_name='code',
+             name='code',
+-            field=models.CharField(max_length=255, unique=True, verbose_name='Code'),
++            field=models.CharField(max_length=228, unique=True, verbose_name='Code'),
+         ),
+         migrations.AlterField(
+             model_name='code',
+             name='code_challenge',
+-            field=models.CharField(max_length=255, null=True, verbose_name='Code Challenge'),
++            field=models.CharField(max_length=228, null=True, verbose_name='Code Challenge'),
+         ),
+         migrations.AlterField(
+             model_name='code',
+             name='code_challenge_method',
+-            field=models.CharField(max_length=255, null=True, verbose_name='Code Challenge Method'),
++            field=models.CharField(max_length=228, null=True, verbose_name='Code Challenge Method'),
+         ),
+         migrations.AlterField(
+             model_name='code',
+@@ -109,7 +109,7 @@
+         migrations.AlterField(
+             model_name='code',
+             name='nonce',
+-            field=models.CharField(blank=True, default=b'', max_length=255, verbose_name='Nonce'),
++            field=models.CharField(blank=True, default=b'', max_length=228, verbose_name='Nonce'),
+         ),
+         migrations.AlterField(
+             model_name='code',
+@@ -135,7 +135,7 @@
+         migrations.AlterField(
+             model_name='token',
+             name='access_token',
+-            field=models.CharField(max_length=255, unique=True, verbose_name='Access Token'),
++            field=models.CharField(max_length=228, unique=True, verbose_name='Access Token'),
+         ),
+         migrations.AlterField(
+             model_name='token',
+@@ -151,7 +151,7 @@
+         migrations.AlterField(
+             model_name='token',
+             name='refresh_token',
+-            field=models.CharField(max_length=255, null=True, unique=True, verbose_name='Refresh Token'),
++            field=models.CharField(max_length=228, null=True, unique=True, verbose_name='Refresh Token'),
+         ),
+         migrations.AlterField(
+             model_name='token',
+diff -ur oidc_provider.orig/migrations/0017_auto_20160811_1954.py oidc_provider/migrations/0017_auto_20160811_1954.py
+--- oidc_provider.orig/migrations/0017_auto_20160811_1954.py	2020-05-22 15:09:21.005044205 +0200
++++ oidc_provider/migrations/0017_auto_20160811_1954.py	2020-05-22 15:09:40.329603942 +0200
+@@ -20,7 +20,7 @@
+         migrations.AlterField(
+             model_name='client',
+             name='client_secret',
+-            field=models.CharField(blank=True, default='', max_length=255, verbose_name='Client SECRET'),
++            field=models.CharField(blank=True, default='', max_length=228, verbose_name='Client SECRET'),
+         ),
+         migrations.AlterField(
+             model_name='client',
+@@ -56,7 +56,7 @@
+         migrations.AlterField(
+             model_name='code',
+             name='nonce',
+-            field=models.CharField(blank=True, default='', max_length=255, verbose_name='Nonce'),
++            field=models.CharField(blank=True, default='', max_length=228, verbose_name='Nonce'),
+         ),
+         migrations.AlterField(
+             model_name='token',
+diff -ur oidc_provider.orig/migrations/0018_hybridflow_and_clientattrs.py oidc_provider/migrations/0018_hybridflow_and_clientattrs.py
+--- oidc_provider.orig/migrations/0018_hybridflow_and_clientattrs.py	2020-05-22 15:09:21.005044205 +0200
++++ oidc_provider/migrations/0018_hybridflow_and_clientattrs.py	2020-05-22 15:09:40.317603595 +0200
+@@ -15,7 +15,7 @@
+         migrations.AddField(
+             model_name='client',
+             name='contact_email',
+-            field=models.CharField(blank=True, default='', max_length=255, verbose_name='Contact Email'),
++            field=models.CharField(blank=True, default='', max_length=228, verbose_name='Contact Email'),
+         ),
+         migrations.AddField(
+             model_name='client',
+@@ -30,13 +30,13 @@
+                 blank=True,
+                 default='',
+                 help_text='External reference to the privacy policy of the client.',
+-                max_length=255,
++                max_length=228,
+                 verbose_name='Terms URL'),
+         ),
+         migrations.AddField(
+             model_name='client',
+             name='website_url',
+-            field=models.CharField(blank=True, default='', max_length=255, verbose_name='Website URL'),
++            field=models.CharField(blank=True, default='', max_length=228, verbose_name='Website URL'),
+         ),
+         migrations.AlterField(
+             model_name='client',
+diff -ur oidc_provider.orig/migrations/0019_auto_20161005_1552.py oidc_provider/migrations/0019_auto_20161005_1552.py
+--- oidc_provider.orig/migrations/0019_auto_20161005_1552.py	2020-05-22 15:09:21.005044205 +0200
++++ oidc_provider/migrations/0019_auto_20161005_1552.py	2020-05-22 15:09:40.325603827 +0200
+@@ -15,6 +15,6 @@
+         migrations.AlterField(
+             model_name='client',
+             name='client_secret',
+-            field=models.CharField(blank=True, max_length=255, verbose_name='Client SECRET'),
++            field=models.CharField(blank=True, max_length=228, verbose_name='Client SECRET'),
+         ),
+     ]
+diff -ur oidc_provider.orig/migrations/0021_refresh_token_not_unique.py oidc_provider/migrations/0021_refresh_token_not_unique.py
+--- oidc_provider.orig/migrations/0021_refresh_token_not_unique.py	2020-05-22 15:09:21.009044320 +0200
++++ oidc_provider/migrations/0021_refresh_token_not_unique.py	2020-05-22 15:09:40.309603363 +0200
+@@ -15,7 +15,7 @@
+         migrations.AlterField(
+             model_name='token',
+             name='refresh_token',
+-            field=models.CharField(default='', max_length=255, unique=True, verbose_name='Refresh Token'),
++            field=models.CharField(default='', max_length=228, unique=True, verbose_name='Refresh Token'),
+             preserve_default=False,
+         ),
+     ]
diff --git a/patch/fix-oic-logging.patch b/patch/fix-oic-logging.patch
@@ -0,0 +1,11 @@
+--- oic/utils/keyio.py.orig	2020-06-06 18:49:44.819104615 +0200
++++ oic/utils/keyio.py	2020-06-06 18:49:47.523182608 +0200
+@@ -191,7 +191,7 @@
+             args["headers"] = {"If-None-Match": self.etag}
+ 
+         try:
+-            logging.debug("KeyBundle fetch keys from: %s", self.source)
++            logger.debug("KeyBundle fetch keys from: %s", self.source)
+             r = requests.get(self.source, **args)
+         except Exception as err:
+             logger.error(err)
diff --git a/patch/fix-oidc-access-token-post.patch b/patch/fix-oidc-access-token-post.patch
@@ -0,0 +1,39 @@
+diff -ur oidc_provider.orig/lib/utils/common.py oidc_provider/lib/utils/common.py
+--- oidc_provider.orig/lib/utils/common.py	2020-05-22 15:09:21.009044320 +0200
++++ oidc_provider/lib/utils/common.py	2020-06-04 16:00:12.049562502 +0200
+@@ -19,6 +19,7 @@
+     """
+     response = HttpResponse('', status=302)
+     response['Location'] = uri
++    response.url = uri
+     return response
+ 
+ 
+--- oidc_provider.orig/lib/utils/oauth2.py	2020-05-22 15:09:21.009044320 +0200
++++ oidc_provider/lib/utils/oauth2.py	2020-06-05 17:05:23.271285858 +0200
+@@ -21,10 +21,14 @@
+     """
+     auth_header = request.META.get('HTTP_AUTHORIZATION', '')
+ 
+-    if re.compile('^[Bb]earer\s{1}.+$').match(auth_header):
++    if re.compile(r'^[Bb]earer\s{1}.+$').match(auth_header):
+         access_token = auth_header.split()[1]
+-    else:
++    elif request.method == 'GET':
+         access_token = request.GET.get('access_token', '')
++    elif request.method == 'POST':
++        access_token = request.POST.get('access_token', '')
++    else:
++        access_token = ''
+ 
+     return access_token
+ 
+@@ -39,7 +43,7 @@
+     """
+     auth_header = request.META.get('HTTP_AUTHORIZATION', '')
+ 
+-    if re.compile('^Basic\s{1}.+$').match(auth_header):
++    if re.compile(r'^Basic\s{1}.+$').match(auth_header):
+         b64_user_pass = auth_header.split()[1]
+         try:
+             user_pass = b64decode(b64_user_pass).decode('utf-8').split(':')
diff --git a/patch/fix-request-profiler-streaming-length.patch b/patch/fix-request-profiler-streaming-length.patch
@@ -1,5 +1,5 @@
---- request_profiler/models.py.old	2020-04-20 13:39:17.844147379 +0200
-+++ request_profiler/models.py	2020-04-20 13:39:50.749093653 +0200
+--- request_profiler.orig/models.py	2020-06-05 14:33:10.408859604 +0200
++++ request_profiler/models.py	2020-06-05 14:35:09.412282408 +0200
 @@ -181,7 +181,7 @@
          """Extract values from HttpRequest and store locally."""
          self.request = request
@@ -9,7 +9,20 @@
          self.query_string = request.META.get("QUERY_STRING", "")
          self.http_user_agent = request.META.get("HTTP_USER_AGENT", "")[:400]
          # we care about the domain more than the URL itself, so truncating
-@@ -206,7 +206,10 @@
+@@ -189,11 +189,7 @@
+         self.http_referer = request.META.get("HTTP_REFERER", "")[:400]
+         # X-Forwarded-For is used by convention when passing through
+         # load balancers etc., as the REMOTE_ADDR is rewritten in transit
+-        self.remote_addr = (
+-            request.META.get("HTTP_X_FORWARDED_FOR")
+-            if "HTTP_X_FORWARDED_FOR" in request.META
+-            else request.META.get("REMOTE_ADDR")
+-        )
++        self.remote_addr = request.META.get("REMOTE_ADDR")
+         # these two require middleware, so may not exist
+         if hasattr(request, "session"):
+             self.session_key = request.session.session_key or ""
+@@ -206,7 +202,10 @@
          """Extract values from HttpResponse and store locally."""
          self.response = response
          self.response_status_code = response.status_code
