2f1eb4e6b9
This commit downgrades pyoidc from 1.7.0 to 1.6.1 to resolve dependency
conflicts with pydantic-core dependency and stx-builder environment.
The pyjwkest package is added to satisfy the missing dependency
required for pyoidc functionality.
This commit also restructures package naming for pyoidc to follow the
Debian python3-* convention for consistency with other Python packages
in the distribution.
Test Plan:
PASS: Build pyjwkest and pyoidc packages.
PASS: Build, install and deploy a image load containing the code
changes for these packages. Installation succeed for AIO-SX
environment and packages are installed on runtime system.
PASS: Import exception, message, utils and oic modules from oic library
and observe that modules are imported successfully.
PASS: Test the current oic common implementation with oic version 1.6.1
installed at system runtime. Observe that the implementation is
working as expected using both valid and invalid tokens.
Story: 2011511
Task: 53554
Change-Id: I2736571878cbcf1d528433df7009093b376ad8c9
Signed-off-by: Manoel Benedito Neto <Manoel.BeneditoNeto@windriver.com>
229 lines
8.2 KiB
Diff
229 lines
8.2 KiB
Diff
From 2cb26cf20c34707988f7e5195a7ada79c01a5028 Mon Sep 17 00:00:00 2001
|
|
From: Manoel Benedito Neto <Manoel.BeneditoNeto@windriver.com>
|
|
Date: Thu, 18 Dec 2025 17:31:33 -0300
|
|
Subject: [PATCH] Revert "Improve settings by using pydantic"
|
|
|
|
This reverts commit 9670f833391de4ba47e6b9a895e9f9979267cced.
|
|
---
|
|
CHANGELOG.md | 21 --------
|
|
doc/conf.py | 7 ---
|
|
setup.py | 3 +-
|
|
src/oic/utils/settings.py | 104 ++++++++++++++++++++++++++++----------
|
|
4 files changed, 79 insertions(+), 56 deletions(-)
|
|
|
|
diff --git a/CHANGELOG.md b/CHANGELOG.md
|
|
index dff9557d..36b8b977 100644
|
|
--- a/CHANGELOG.md
|
|
+++ b/CHANGELOG.md
|
|
@@ -7,27 +7,6 @@ The format is based on the [KeepAChangeLog] project.
|
|
|
|
## Unreleased
|
|
|
|
-## 1.6.1 [2023-07-13]
|
|
-- [#862] Fixed pydantic dependency
|
|
-
|
|
-[#862]: https://github.com/CZ-NIC/pyoidc/pull/862
|
|
-
|
|
-## 1.6.0 [2023-05-15]
|
|
-
|
|
-- [#854] Improve OIDC Session Management support by using the `session_state` parameter from an *Authentication Response* (if available) as a key to store `Consumer` data.
|
|
-
|
|
-### Changed
|
|
-- [#847] Using pydantic for settings instead of custom class
|
|
-- [#851], [#852] Add `authn_method` to `Consumer.complete`
|
|
-
|
|
-## Fixed
|
|
-- [#857] Made oauth_example less broken
|
|
-
|
|
-[#847]: https://github.com/CZ-NIC/pyoidc/pull/847
|
|
-[#851]: https://github.com/CZ-NIC/pyoidc/issues/851
|
|
-[#852]: https://github.com/CZ-NIC/pyoidc/pull/852
|
|
-[#857]: https://github.com/CZ-NIC/pyoidc/pull/857
|
|
-
|
|
## 1.5.0 [2022-12-14]
|
|
|
|
### Changed
|
|
diff --git a/doc/conf.py b/doc/conf.py
|
|
index 7351e836..4eef9c4d 100644
|
|
--- a/doc/conf.py
|
|
+++ b/doc/conf.py
|
|
@@ -1,19 +1,12 @@
|
|
import alabaster
|
|
-import os
|
|
-import sys
|
|
-
|
|
-sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), '..', 'src')))
|
|
|
|
extensions = [
|
|
'sphinx.ext.autodoc',
|
|
'sphinx.ext.napoleon',
|
|
- 'sphinxcontrib.autodoc_pydantic',
|
|
]
|
|
|
|
autoclass_content = 'both' # Merge the __init__ docstring into the class docstring.
|
|
autodoc_member_order = 'bysource' # Order by source ordering
|
|
-autodoc_pydantic_model_show_config = True
|
|
-autodoc_pydantic_settings_show_json = False
|
|
|
|
templates_path = ['_templates']
|
|
|
|
diff --git a/setup.py b/setup.py
|
|
index a56df08d..8b14d65d 100755
|
|
--- a/setup.py
|
|
+++ b/setup.py
|
|
@@ -78,7 +78,7 @@ setup(
|
|
extras_require={
|
|
'develop': ["cherrypy==3.2.4", "pyOpenSSL"],
|
|
'testing': tests_requires,
|
|
- 'docs': ['Sphinx', 'sphinx-autobuild', 'alabaster', 'autodoc_pydantic'],
|
|
+ 'docs': ['Sphinx', 'sphinx-autobuild', 'alabaster'],
|
|
'quality': ['pylama', 'isort', 'eradicate', 'mypy', 'black', 'bandit', 'readme_renderer[md]'],
|
|
'types': ['types-requests'],
|
|
'ldap_authn': ['python-ldap'],
|
|
@@ -87,7 +87,6 @@ setup(
|
|
install_requires=[
|
|
"requests",
|
|
"pycryptodomex",
|
|
- "pydantic",
|
|
"pyjwkest>=1.3.6",
|
|
"mako",
|
|
"cryptography",
|
|
diff --git a/src/oic/utils/settings.py b/src/oic/utils/settings.py
|
|
index c4cda7e2..0a2730e2 100644
|
|
--- a/src/oic/utils/settings.py
|
|
+++ b/src/oic/utils/settings.py
|
|
@@ -8,48 +8,97 @@ Settings for oic objects.
|
|
|
|
In order to configure some objects in PyOIDC, you need a settings object.
|
|
If you need to add some settings, make sure that you settings class inherits from the appropriate class in this module.
|
|
-
|
|
-The settings make use of `pydantic <https://docs.pydantic.dev/usage/settings/>`_ library.
|
|
-It is possible to instance them directly or use environment values to fill the settings.
|
|
"""
|
|
+import typing
|
|
from typing import Optional
|
|
from typing import Tuple
|
|
from typing import Union
|
|
|
|
import requests
|
|
-from pydantic import BaseSettings
|
|
|
|
|
|
-class PyoidcSettings(BaseSettings):
|
|
- """Main class for all settings shared among consumer and client."""
|
|
+class SettingsException(Exception):
|
|
+ """Exception raised by misconfigured settings class."""
|
|
|
|
- verify_ssl: Union[bool, str] = True
|
|
- """
|
|
- Control TLS server certificate validation:
|
|
|
|
- * If set to True the certificate is validated against the global settings,
|
|
- * If set to False, no validation is performed.
|
|
- * If set to a filename this is used as a certificate bundle in openssl format.
|
|
- * If set to a directory name this is used as a CA directory in the openssl format.
|
|
- """
|
|
- client_cert: Union[None, str, Tuple[str, str]] = None
|
|
+class PyoidcSettings:
|
|
"""
|
|
- Local cert to use as client side certificate.
|
|
- Can be a single file (containing the private key and the certificate) or a tuple of both file's path.
|
|
- """
|
|
- timeout: Union[float, Tuple[float, float]] = 5
|
|
- """
|
|
- Timeout for requests library.
|
|
- Can be specified either as a single float or as a tuple of floats.
|
|
- For more details, refer to ``requests`` documentation.
|
|
+ Main class for all settings shared among consumer and client.
|
|
+
|
|
+ Keyword Args:
|
|
+ verify_ssl
|
|
+ Control TLS server certificate validation.
|
|
+ If set to True the certificate is validated against the global settings,
|
|
+ if set to False, no validation is performed.
|
|
+ If set to a filename this is used as a certificate bundle in openssl format.
|
|
+ If set to a directory name this is used as a CA directory in the openssl format.
|
|
+ client_cert
|
|
+ Local cert to use as client side certificate.
|
|
+ Can be a single file (containing the private key and the certificate) or a tuple of both file's path.
|
|
+ timeout
|
|
+ Timeout for requests library.
|
|
+ Can be specified either as a single float or as a tuple of floats.
|
|
+ For more details, refer to ``requests`` documentation.
|
|
+
|
|
"""
|
|
|
|
+ def __init__(
|
|
+ self,
|
|
+ verify_ssl: Union[bool, str] = True,
|
|
+ client_cert: Union[None, str, Tuple[str, str]] = None,
|
|
+ timeout: Union[float, Tuple[float, float]] = 5,
|
|
+ ):
|
|
+ self.verify_ssl = verify_ssl
|
|
+ self.client_cert = client_cert
|
|
+ self.timeout = timeout
|
|
+
|
|
+ def __setattr__(self, name, value):
|
|
+ """This attempts to check if value matches the expected value."""
|
|
+ annotation = typing.get_type_hints(self.__init__)[name] # type: ignore
|
|
+ # Expand Union -> Since 3.8, this can be written as typing.get_origin
|
|
+ if getattr(annotation, "__origin__", annotation) is Union:
|
|
+ expanded = tuple(an for an in annotation.__args__)
|
|
+ else:
|
|
+ expanded = (annotation,)
|
|
+ # Convert Generics
|
|
+ # FIXME: this doesn't check the args of the generic
|
|
+ resolved = tuple(getattr(an, "__origin__", an) for an in expanded)
|
|
+ # Add int if float is present
|
|
+ if float in resolved:
|
|
+ resolved = resolved + (int,)
|
|
+ # FIXME: Add more valid substitution
|
|
+ if isinstance(value, resolved):
|
|
+ # FIXME: Handle bool being an instance of int...
|
|
+ super().__setattr__(name, value)
|
|
+ else:
|
|
+ raise SettingsException(
|
|
+ "%s has a type of %s, expected any of %s."
|
|
+ % (name, type(value), resolved),
|
|
+ )
|
|
+
|
|
|
|
class ClientSettings(PyoidcSettings):
|
|
- """Base settings for consumer shared among OAuth 2.0 and OpenID Connect."""
|
|
+ """
|
|
+ Base settings for consumer shared among OAuth 2.0 and OpenID Connect.
|
|
+
|
|
+ Keyword Args:
|
|
+ requests_session
|
|
+ Instance of `requests.Session` with configuration options.
|
|
|
|
- requests_session: Optional[requests.Session] = None
|
|
- """Instance of `requests.Session` with configuration options."""
|
|
+ """
|
|
+
|
|
+ def __init__(
|
|
+ self,
|
|
+ verify_ssl: Union[bool, str] = True,
|
|
+ client_cert: Union[None, str, Tuple[str, str]] = None,
|
|
+ timeout: Union[float, Tuple[float, float]] = 5,
|
|
+ requests_session: Optional[requests.Session] = None,
|
|
+ ):
|
|
+ super().__init__(
|
|
+ verify_ssl=verify_ssl, client_cert=client_cert, timeout=timeout
|
|
+ )
|
|
+ # For session persistence
|
|
+ self.requests_session = requests_session
|
|
|
|
|
|
class OauthClientSettings(ClientSettings):
|
|
@@ -82,3 +131,6 @@ class OauthProviderSettings(OauthServerSettings):
|
|
|
|
class OicProviderSettings(OicServerSettings):
|
|
"""Specific settings for OpenID Connect provider."""
|
|
+
|
|
+ # TODO: Decide on inheritance...
|
|
+ # It might be better to have a mixin providing OIC specific stuff?
|
|
--
|
|
2.34.1
|
|
|