diff --git a/CHANGELOG.md b/CHANGELOG.md index add96ac5f..75df2cd2e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,4 @@ +## Changelog ### 1.3.0 [unreleased] * Fix a race condition in creation of AccessToken with external oauth2 server. diff --git a/docs/changelog.rst b/docs/changelog.rst index 7b9901d0a..6336d7666 100644 --- a/docs/changelog.rst +++ b/docs/changelog.rst @@ -1,295 +1 @@ -Changelog -========= - -1.3.0 [unreleased] ------------------- - -* Fix a race condition in creation of AccessToken with external oauth2 server. -* **Backwards-incompatible** squashed migrations: - If you are currently on a release < 1.2.0, you will need to first install 1.2.x then `manage.py migrate` before - upgrading to >= 1.3.0. - - -1.2.0 [2018-06-03] ------------------- - -* **Compatibility**: Python 3.4 is the new minimum required version. -* **Compatibility**: Django 2.0 is the new minimum required version. -* **New feature**: Added TokenMatchesOASRequirements Permissions. -* validators.URIValidator has been updated to match URLValidator behaviour more closely. -* Moved `redirect_uris` validation to the application clean() method. - - -1.1.2 [2018-05-12] ------------------- - -* Return state with Authorization Denied error (RFC6749 section 4.1.2.1) -* Fix a crash with malformed base64 authentication headers -* Fix a crash with malformed IPv6 redirect URIs - - -1.1.1 [2018-05-08] ------------------- - -* **Critical**: Django OAuth Toolkit 1.1.0 contained a migration that would revoke all existing - RefreshTokens (`0006_auto_20171214_2232`). This release corrects the migration. - If you have already ran it in production, please see the following issue for more details: - https://github.com/jazzband/django-oauth-toolkit/issues/589 - - -1.1.0 [2018-04-13] ------------------- - -* **Notice**: The Django OAuth Toolkit project is now hosted by JazzBand. -* **Compatibility**: Django 1.11 is the new minimum required version. Django 1.10 is no longer supported. -* **Compatibility**: This will be the last release to support Django 1.11 and Python 2.7. -* **New feature**: Option for RFC 7662 external AS that uses HTTP Basic Auth. -* **New feature**: Individual applications may now override the `ALLOWED_REDIRECT_URI_SCHEMES` - setting by returning a list of allowed redirect uri schemes in `Application.get_allowed_schemes()`. -* **New feature**: The new setting `ERROR_RESPONSE_WITH_SCOPES` can now be set to True to include required - scopes when DRF authorization fails due to improper scopes. -* **New feature**: The new setting `REFRESH_TOKEN_GRACE_PERIOD_SECONDS` controls a grace period during which - refresh tokens may be re-used. -* An `app_authorized` signal is fired when a token is generated. - - -1.0.0 [2017-06-07] ------------------- - -* **New feature**: AccessToken, RefreshToken and Grant models are now swappable. -* #477: **New feature**: Add support for RFC 7662 (IntrospectTokenView, introspect scope) -* **Compatibility**: Django 1.10 is the new minimum required version -* **Compatibility**: Django 1.11 is now supported -* **Backwards-incompatible**: The `oauth2_provider.ext.rest_framework` module - has been moved to `oauth2_provider.contrib.rest_framework` -* #177: Changed `id` field on Application, AccessToken, RefreshToken and Grant to BigAutoField (bigint/bigserial) -* #321: Added `created` and `updated` auto fields to Application, AccessToken, RefreshToken and Grant -* #476: Disallow empty redirect URIs -* Fixed bad `url` parameter in some error responses. -* Django 2.0 compatibility fixes. -* The dependency on django-braces has been dropped. -* The oauthlib dependency is no longer pinned. - - -0.12.0 [2017-02-24] -------------------- - -* **New feature**: Class-based scopes backends. Listing scopes, available scopes and default scopes - is now done through the class that the `SCOPES_BACKEND_CLASS` setting points to. - By default, this is set to `oauth2_provider.scopes.SettingsScopes` which implements the - legacy settings-based scope behaviour. No changes are necessary. -* **Dropped support for Python 3.2 and Python 3.3**, added support for Python 3.6 -* Support for the `scopes` query parameter, deprecated in 0.6.1, has been dropped -* #448: Added support for customizing applications' allowed grant types -* #141: The `is_usable(request)` method on the Application model can be overridden to dynamically - enable or disable applications. -* #434: Relax URL patterns to allow for UUID primary keys - - -0.11.0 [2016-12-1] ------------------- - -* #424: Added a ROTATE_REFRESH_TOKEN setting to control whether refresh tokens are reused or not -* #315: AuthorizationView does not overwrite requests on get -* #425: Added support for Django 1.10 -* #396: Added an IsAuthenticatedOrTokenHasScope Permission -* #357: Support multiple-user clients by allowing User to be NULL for Applications -* #389: Reuse refresh tokens if enabled. - - -0.10.0 [2015-12-14] -------------------- - -* **#322: dropping support for python 2.6 and django 1.4, 1.5, 1.6** -* #310: Fixed error that could occur sometimes when checking validity of incomplete AccessToken/Grant -* #333: Added possibility to specify the default list of scopes returned when scope parameter is missing -* #325: Added management views of issued tokens -* #249: Added a command to clean expired tokens -* #323: Application registration view uses custom application model in form class -* #299: 'server_class' is now pluggable through Django settings -* #309: Add the py35-django19 env to travis -* #308: Use compact syntax for tox envs -* #306: Django 1.9 compatibility -* #288: Put additional information when generating token responses -* #297: Fixed doc about SessionAuthenticationMiddleware -* #273: Generic read write scope by resource - - -0.9.0 [2015-07-28] ------------------- - -* ``oauthlib_backend_class`` is now pluggable through Django settings -* #127: ``application/json`` Content-Type is now supported using ``JSONOAuthLibCore`` -* #238: Fixed redirect uri handling in case of error -* #229: Invalidate access tokens when getting a new refresh token -* added support for oauthlib 1.0 - - -0.8.2 [2015-06-25] ------------------- - -* Fix the migrations to be two-step and allow upgrade from 0.7.2 - - -0.8.1 [2015-04-27] ------------------- - -* South migrations fixed. Added new django migrations. - - -0.8.0 [2015-03-27] ------------------- - -* Several docs improvements and minor fixes -* #185: fixed vulnerabilities on Basic authentication -* #173: ProtectResourceMixin now allows OPTIONS requests -* Fixed client_id and client_secret characters set -* #169: hide sensitive informations in error emails -* #161: extend search to all token types when revoking a token -* #160: return empty response on successful token revocation -* #157: skip authorization form with ``skip_authorization_completely`` class field -* #155: allow custom uri schemes -* fixed ``get_application_model`` on Django 1.7 -* fixed non rotating refresh tokens -* #137: fixed base template -* customized ``client_secret`` lenght -* #38: create access tokens not bound to a user instance for *client credentials* flow - - -0.7.2 [2014-07-02] ------------------- - -* Don't pin oauthlib - - -0.7.0 [2014-03-01] ------------------- - -* Created a setting for the default value for approval prompt. -* Improved docs -* Don't pin django-braces and six versions - -**Backwards incompatible changes in 0.7.0** - -* Make Application model truly "swappable" (introduces a new non-namespaced setting OAUTH2_PROVIDER_APPLICATION_MODEL) - - -0.6.1 [2014-02-05] ------------------- - - * added support for `scope` query parameter keeping backwards compatibility for the original `scopes` parameter. - * __str__ method in Application model returns name when available - - -0.6.0 [2014-01-26] ------------------- - - * oauthlib 0.6.1 support - * Django dev branch support - * Python 2.6 support - * Skip authorization form via `approval_prompt` parameter - -**Bugfixes** - - * Several fixes to the docs - * Issue #71: Fix migrations - * Issue #65: Use OAuth2 password grant with multiple devices - * Issue #84: Add information about login template to tutorial. - * Issue #64: Fix urlencode clientid secret - - -0.5.0 [2013-09-17] ------------------- - - * oauthlib 0.6.0 support - -**Backwards incompatible changes in 0.5.0** - - * backends.py module has been renamed to oauth2_backends.py so you should change your imports whether you're extending this module - -**Bugfixes** - - * Issue #54: Auth backend proposal to address #50 - * Issue #61: Fix contributing page - * Issue #55: Add support for authenticating confidential client with request body params - * Issue #53: Quote characters in the url query that are safe for Django but not for oauthlib - -0.4.1 [2013-09-06] ------------------- - - * Optimize queries on access token validation - -0.4.0 [2013-08-09] ------------------- - -**New Features** - - * Add Application management views, you no more need the admin to register, update and delete your application. - * Add support to configurable application model - * Add support for function based views - -**Backwards incompatible changes in 0.4.0** - - * `SCOPE` attribute in settings is now a dictionary to store `{'scope_name': 'scope_description'}` - * Namespace 'oauth2_provider' is mandatory in urls. See issue #36 - -**Bugfixes** - - * Issue #25: Bug in the Basic Auth parsing in Oauth2RequestValidator - * Issue #24: Avoid generation of client_id with ":" colon char when using HTTP Basic Auth - * Issue #21: IndexError when trying to authorize an application - * Issue #9: Default_redirect_uri is mandatory when grant_type is implicit, authorization_code or all-in-one - * Issue #22: Scopes need a verbose description - * Issue #33: Add django-oauth-toolkit version on example main page - * Issue #36: Add mandatory namespace to urls - * Issue #31: Add docstring to OAuthToolkitError and FatalClientError - * Issue #32: Add docstring to validate_uris - * Issue #34: Documentation tutorial part1 needs corsheaders explanation - * Issue #36: Add mandatory namespace to urls - * Issue #45: Add docs for AbstractApplication - * Issue #47: Add docs for views decorators - -0.3.2 [2013-07-10] ------------------- - - * Bugfix #37: Error in migrations with custom user on Django 1.5 - -0.3.1 [2013-07-10] ------------------- - - * Bugfix #27: OAuthlib refresh token refactoring - -0.3.0 [2013-06-14] ------------------- - - * `Django REST Framework `_ integration layer - * Bugfix #13: Populate request with client and user in validate_bearer_token - * Bugfix #12: Fix paths in documentation - -**Backwards incompatible changes in 0.3.0** - - * `requested_scopes` parameter in ScopedResourceMixin changed to `required_scopes` - -0.2.1 [2013-06-06] ------------------- - - * Core optimizations - -0.2.0 [2013-06-05] ------------------- - - * Add support for Django1.4 and Django1.6 - * Add support for Python 3.3 - * Add a default ReadWriteScoped view - * Add tutorial to docs - -0.1.0 [2013-05-31] ------------------- - - * Support OAuth2 Authorization Flows - -0.0.0 [2013-05-17] ------------------- - - * Discussion with Daniel Greenfeld at Django Circus - * Ignition +.. mdinclude:: ../CHANGELOG.md diff --git a/docs/conf.py b/docs/conf.py index a0eee6fc8..628fb4bed 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -36,7 +36,7 @@ # Add any Sphinx extension module names here, as strings. They can be extensions # coming with Sphinx (named 'sphinx.ext.*') or your custom ones. -extensions = ['sphinx.ext.autodoc', 'sphinx.ext.todo', 'sphinx.ext.coverage', 'rfc',] +extensions = ['sphinx.ext.autodoc', 'sphinx.ext.todo', 'sphinx.ext.coverage', 'rfc', 'm2r',] # Add any paths that contain templates here, relative to this directory. templates_path = ['_templates'] diff --git a/tox.ini b/tox.ini index d0f79a62f..66a59d5d6 100644 --- a/tox.ini +++ b/tox.ini @@ -42,6 +42,7 @@ whitelist_externals = make commands = make html deps = sphinx oauthlib>=3.0.1 + m2r>=0.2.1 [testenv:py37-flake8] skip_install = True