diff --git a/ChangeLog.rst b/ChangeLog.rst index b73f1fdec4..9e1977efea 100644 --- a/ChangeLog.rst +++ b/ChangeLog.rst @@ -1,3 +1,14 @@ +0.63.5 (2024-07-11) +******************* + +Fixes +----- + +- The security fix in 0.63.4 that altered the ``__str__()`` of ``SocialToken`` + caused issues within the Amazon Cognito, Atlassian, JupyterHub, LemonLDAP, + Nextcloud and OpenID Connect providers. Fixed. + + 0.63.4 (2024-07-10) ******************* diff --git a/allauth/__init__.py b/allauth/__init__.py index c65284c791..ed1835328a 100644 --- a/allauth/__init__.py +++ b/allauth/__init__.py @@ -8,7 +8,7 @@ """ -VERSION = (0, 63, 4, "final", 0) +VERSION = (0, 63, 5, "final", 0) __title__ = "django-allauth" __version_info__ = VERSION diff --git a/allauth/socialaccount/providers/amazon_cognito/views.py b/allauth/socialaccount/providers/amazon_cognito/views.py index 4871138af1..424413c287 100644 --- a/allauth/socialaccount/providers/amazon_cognito/views.py +++ b/allauth/socialaccount/providers/amazon_cognito/views.py @@ -1,5 +1,6 @@ from allauth.socialaccount import app_settings from allauth.socialaccount.adapter import get_adapter +from allauth.socialaccount.models import SocialToken from allauth.socialaccount.providers.oauth2.views import ( OAuth2Adapter, OAuth2CallbackView, @@ -39,9 +40,9 @@ def authorize_url(self): def profile_url(self): return "{}/oauth2/userInfo".format(self.domain) - def complete_login(self, request, app, access_token, **kwargs): + def complete_login(self, request, app, token: SocialToken, **kwargs): headers = { - "Authorization": "Bearer {}".format(access_token), + "Authorization": "Bearer {}".format(token.token), } extra_data = ( get_adapter().get_requests_session().get(self.profile_url, headers=headers) diff --git a/allauth/socialaccount/providers/atlassian/views.py b/allauth/socialaccount/providers/atlassian/views.py index 3acb92e25c..51ea5e89d1 100644 --- a/allauth/socialaccount/providers/atlassian/views.py +++ b/allauth/socialaccount/providers/atlassian/views.py @@ -1,4 +1,5 @@ from allauth.socialaccount.adapter import get_adapter +from allauth.socialaccount.models import SocialToken from allauth.socialaccount.providers.oauth2.views import ( OAuth2Adapter, OAuth2CallbackView, @@ -12,9 +13,9 @@ class AtlassianOAuth2Adapter(OAuth2Adapter): authorize_url = "https://auth.atlassian.com/authorize" profile_url = "https://api.atlassian.com/me" - def complete_login(self, request, app, access_token, **kwargs): + def complete_login(self, request, app, token: SocialToken, **kwargs): headers = { - "Authorization": f"Bearer {access_token}", + "Authorization": f"Bearer {token.token}", "Accept": "application/json", } response = ( diff --git a/allauth/socialaccount/providers/jupyterhub/views.py b/allauth/socialaccount/providers/jupyterhub/views.py index ce61875c4a..818df56cd1 100644 --- a/allauth/socialaccount/providers/jupyterhub/views.py +++ b/allauth/socialaccount/providers/jupyterhub/views.py @@ -1,5 +1,6 @@ from allauth.socialaccount import app_settings from allauth.socialaccount.adapter import get_adapter +from allauth.socialaccount.models import SocialToken from allauth.socialaccount.providers.oauth2.views import ( OAuth2Adapter, OAuth2CallbackView, @@ -17,8 +18,8 @@ class JupyterHubOAuth2Adapter(OAuth2Adapter): authorize_url = "{0}/hub/api/oauth2/authorize".format(provider_base_url) profile_url = "{0}/hub/api/user".format(provider_base_url) - def complete_login(self, request, app, access_token, **kwargs): - headers = {"Authorization": "Bearer {0}".format(access_token)} + def complete_login(self, request, app, token: SocialToken, **kwargs): + headers = {"Authorization": "Bearer {0}".format(token.token)} extra_data = ( get_adapter().get_requests_session().get(self.profile_url, headers=headers) diff --git a/allauth/socialaccount/providers/lemonldap/views.py b/allauth/socialaccount/providers/lemonldap/views.py index 93ad5efc0f..aa3838cf3d 100644 --- a/allauth/socialaccount/providers/lemonldap/views.py +++ b/allauth/socialaccount/providers/lemonldap/views.py @@ -1,5 +1,6 @@ from allauth.socialaccount import app_settings from allauth.socialaccount.adapter import get_adapter +from allauth.socialaccount.models import SocialToken from allauth.socialaccount.providers.oauth2.views import ( OAuth2Adapter, OAuth2CallbackView, @@ -17,11 +18,11 @@ class LemonLDAPOAuth2Adapter(OAuth2Adapter): authorize_url = "{0}/oauth2/authorize".format(provider_base_url) profile_url = "{0}/oauth2/userinfo".format(provider_base_url) - def complete_login(self, request, app, token, response): + def complete_login(self, request, app, token: SocialToken, response): response = ( get_adapter() .get_requests_session() - .post(self.profile_url, headers={"Authorization": "Bearer " + str(token)}) + .post(self.profile_url, headers={"Authorization": "Bearer " + token.token}) ) response.raise_for_status() extra_data = response.json() diff --git a/allauth/socialaccount/providers/nextcloud/views.py b/allauth/socialaccount/providers/nextcloud/views.py index 6f790702c0..88435bb820 100644 --- a/allauth/socialaccount/providers/nextcloud/views.py +++ b/allauth/socialaccount/providers/nextcloud/views.py @@ -3,6 +3,7 @@ from allauth.core import context from allauth.socialaccount import app_settings from allauth.socialaccount.adapter import get_adapter +from allauth.socialaccount.models import SocialToken from allauth.socialaccount.providers.oauth2.views import ( OAuth2Adapter, OAuth2CallbackView, @@ -34,12 +35,12 @@ def authorize_url(self): def profile_url(self): return self._build_server_url("/ocs/v1.php/cloud/users/") - def complete_login(self, request, app, token, **kwargs): + def complete_login(self, request, app, token: SocialToken, **kwargs): extra_data = self.get_user_info(token, kwargs["response"]["user_id"]) return self.get_provider().sociallogin_from_response(request, extra_data) - def get_user_info(self, token, user_id): - headers = {"Authorization": "Bearer {0}".format(token)} + def get_user_info(self, token: SocialToken, user_id): + headers = {"Authorization": "Bearer {0}".format(token.token)} resp = ( get_adapter() .get_requests_session() diff --git a/allauth/socialaccount/providers/openid_connect/views.py b/allauth/socialaccount/providers/openid_connect/views.py index 09e9c58994..df40fe3818 100644 --- a/allauth/socialaccount/providers/openid_connect/views.py +++ b/allauth/socialaccount/providers/openid_connect/views.py @@ -1,6 +1,7 @@ from django.urls import reverse from allauth.socialaccount.adapter import get_adapter +from allauth.socialaccount.models import SocialToken from allauth.socialaccount.providers.oauth2.views import ( OAuth2Adapter, OAuth2CallbackView, @@ -44,11 +45,11 @@ def authorize_url(self): def profile_url(self): return self.openid_config["userinfo_endpoint"] - def complete_login(self, request, app, token, response): + def complete_login(self, request, app, token: SocialToken, response): response = ( get_adapter() .get_requests_session() - .get(self.profile_url, headers={"Authorization": "Bearer " + str(token)}) + .get(self.profile_url, headers={"Authorization": "Bearer " + token.token}) ) response.raise_for_status() extra_data = response.json() diff --git a/docs/conf.py b/docs/conf.py index 203fc8b22b..79d5d5deb5 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -53,9 +53,9 @@ # built documents. # # The short X.Y version. -version = "0.63.4" +version = "0.63.5" # The full version, including alpha/beta/rc tags. -release = "0.63.4" +release = "0.63.5" # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. diff --git a/examples/react-spa/backend/requirements.txt b/examples/react-spa/backend/requirements.txt index 04d5cbe1a2..b0d05e62b2 100644 --- a/examples/react-spa/backend/requirements.txt +++ b/examples/react-spa/backend/requirements.txt @@ -1,2 +1,2 @@ -django-allauth[mfa,socialaccount]>=0.63.4 +django-allauth[mfa,socialaccount]>=0.63.5 qrcode >= 7.0.0 diff --git a/examples/regular-django/requirements.txt b/examples/regular-django/requirements.txt index 427da0ffbe..dca603b30c 100644 --- a/examples/regular-django/requirements.txt +++ b/examples/regular-django/requirements.txt @@ -1 +1 @@ -django-allauth[mfa,saml,socialaccount]>=0.63.4 +django-allauth[mfa,saml,socialaccount]>=0.63.5