From 0e24e996285d2fd1cec040940b2b7477bf39c806 Mon Sep 17 00:00:00 2001 From: Henrik Levkowetz Date: Sat, 6 Jun 2020 21:02:30 +0000 Subject: [PATCH] Added patches for some issues with the oic and oidc-provider modules, and updated a patch for request-profiler. - Legacy-Id: 17920 --- ...change-oidc-provider-field-sizes-228.patch | 289 ++++++++++++++++++ patch/fix-oic-logging.patch | 11 + patch/fix-oidc-access-token-post.patch | 39 +++ ...ix-request-profiler-streaming-length.patch | 19 +- 4 files changed, 355 insertions(+), 3 deletions(-) create mode 100644 patch/change-oidc-provider-field-sizes-228.patch create mode 100644 patch/fix-oic-logging.patch create mode 100644 patch/fix-oidc-access-token-post.patch diff --git a/patch/change-oidc-provider-field-sizes-228.patch b/patch/change-oidc-provider-field-sizes-228.patch new file mode 100644 index 000000000..3810121da --- /dev/null +++ b/patch/change-oidc-provider-field-sizes-228.patch @@ -0,0 +1,289 @@ +diff -ur oidc_provider.orig/migrations/0001_initial.py oidc_provider/migrations/0001_initial.py +--- oidc_provider.orig/migrations/0001_initial.py 2020-05-22 15:09:21.005044205 +0200 ++++ oidc_provider/migrations/0001_initial.py 2020-05-22 15:09:40.305603247 +0200 +@@ -18,8 +18,8 @@ + fields=[ + ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), + ('name', models.CharField(default=b'', max_length=100)), +- ('client_id', models.CharField(unique=True, max_length=255)), +- ('client_secret', models.CharField(unique=True, max_length=255)), ++ ('client_id', models.CharField(unique=True, max_length=228)), ++ ('client_secret', models.CharField(unique=True, max_length=228)), + ('response_type', models.CharField(max_length=30, choices=[ + (b'code', b'code (Authorization Code Flow)'), (b'id_token', b'id_token (Implicit Flow)'), + (b'id_token token', b'id_token token (Implicit Flow)')])), +@@ -35,7 +35,7 @@ + ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), + ('expires_at', models.DateTimeField()), + ('_scope', models.TextField(default=b'')), +- ('code', models.CharField(unique=True, max_length=255)), ++ ('code', models.CharField(unique=True, max_length=228)), + ('client', models.ForeignKey(to='oidc_provider.Client', on_delete=models.CASCADE)), + ], + options={ +@@ -49,7 +49,7 @@ + ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), + ('expires_at', models.DateTimeField()), + ('_scope', models.TextField(default=b'')), +- ('access_token', models.CharField(unique=True, max_length=255)), ++ ('access_token', models.CharField(unique=True, max_length=228)), + ('_id_token', models.TextField()), + ('client', models.ForeignKey(to='oidc_provider.Client', on_delete=models.CASCADE)), + ], +@@ -62,26 +62,26 @@ + name='UserInfo', + fields=[ + ('user', models.OneToOneField(primary_key=True, serialize=False, to=settings.AUTH_USER_MODEL, on_delete=models.CASCADE)), +- ('given_name', models.CharField(max_length=255, null=True, blank=True)), +- ('family_name', models.CharField(max_length=255, null=True, blank=True)), +- ('middle_name', models.CharField(max_length=255, null=True, blank=True)), +- ('nickname', models.CharField(max_length=255, null=True, blank=True)), ++ ('given_name', models.CharField(max_length=228, null=True, blank=True)), ++ ('family_name', models.CharField(max_length=228, null=True, blank=True)), ++ ('middle_name', models.CharField(max_length=228, null=True, blank=True)), ++ ('nickname', models.CharField(max_length=228, null=True, blank=True)), + ('gender', models.CharField(max_length=100, null=True, choices=[(b'F', b'Female'), (b'M', b'Male')])), + ('birthdate', models.DateField(null=True)), + ('zoneinfo', models.CharField(default=b'', max_length=100, null=True, blank=True)), +- ('preferred_username', models.CharField(max_length=255, null=True, blank=True)), ++ ('preferred_username', models.CharField(max_length=228, null=True, blank=True)), + ('profile', models.URLField(default=b'', null=True, blank=True)), + ('picture', models.URLField(default=b'', null=True, blank=True)), + ('website', models.URLField(default=b'', null=True, blank=True)), + ('email_verified', models.NullBooleanField(default=False)), + ('locale', models.CharField(max_length=100, null=True, blank=True)), +- ('phone_number', models.CharField(max_length=255, null=True, blank=True)), ++ ('phone_number', models.CharField(max_length=228, null=True, blank=True)), + ('phone_number_verified', models.NullBooleanField(default=False)), +- ('address_street_address', models.CharField(max_length=255, null=True, blank=True)), +- ('address_locality', models.CharField(max_length=255, null=True, blank=True)), +- ('address_region', models.CharField(max_length=255, null=True, blank=True)), +- ('address_postal_code', models.CharField(max_length=255, null=True, blank=True)), +- ('address_country', models.CharField(max_length=255, null=True, blank=True)), ++ ('address_street_address', models.CharField(max_length=228, null=True, blank=True)), ++ ('address_locality', models.CharField(max_length=228, null=True, blank=True)), ++ ('address_region', models.CharField(max_length=228, null=True, blank=True)), ++ ('address_postal_code', models.CharField(max_length=228, null=True, blank=True)), ++ ('address_country', models.CharField(max_length=228, null=True, blank=True)), + ('updated_at', models.DateTimeField(auto_now=True, null=True)), + ], + options={ +diff -ur oidc_provider.orig/migrations/0003_code_nonce.py oidc_provider/migrations/0003_code_nonce.py +--- oidc_provider.orig/migrations/0003_code_nonce.py 2020-05-22 15:09:21.005044205 +0200 ++++ oidc_provider/migrations/0003_code_nonce.py 2020-05-22 15:09:40.297603016 +0200 +@@ -14,6 +14,6 @@ + migrations.AddField( + model_name='code', + name='nonce', +- field=models.CharField(default=b'', max_length=255, blank=True), ++ field=models.CharField(default=b'', max_length=228, blank=True), + ), + ] +diff -ur oidc_provider.orig/migrations/0005_token_refresh_token.py oidc_provider/migrations/0005_token_refresh_token.py +--- oidc_provider.orig/migrations/0005_token_refresh_token.py 2020-05-22 15:09:21.005044205 +0200 ++++ oidc_provider/migrations/0005_token_refresh_token.py 2020-05-22 15:09:40.269602205 +0200 +@@ -14,7 +14,7 @@ + migrations.AddField( + model_name='token', + name='refresh_token', +- field=models.CharField(max_length=255, unique=True, null=True), ++ field=models.CharField(max_length=228, unique=True, null=True), + preserve_default=True, + ), + ] +diff -ur oidc_provider.orig/migrations/0012_auto_20160405_2041.py oidc_provider/migrations/0012_auto_20160405_2041.py +--- oidc_provider.orig/migrations/0012_auto_20160405_2041.py 2020-05-22 15:09:21.005044205 +0200 ++++ oidc_provider/migrations/0012_auto_20160405_2041.py 2020-05-22 15:09:40.289602784 +0200 +@@ -15,6 +15,6 @@ + migrations.AlterField( + model_name='client', + name='client_secret', +- field=models.CharField(blank=True, default=b'', max_length=255), ++ field=models.CharField(blank=True, default=b'', max_length=228), + ), + ] +diff -ur oidc_provider.orig/migrations/0013_auto_20160407_1912.py oidc_provider/migrations/0013_auto_20160407_1912.py +--- oidc_provider.orig/migrations/0013_auto_20160407_1912.py 2020-05-22 15:09:21.005044205 +0200 ++++ oidc_provider/migrations/0013_auto_20160407_1912.py 2020-05-22 15:09:40.277602437 +0200 +@@ -15,11 +15,11 @@ + migrations.AddField( + model_name='code', + name='code_challenge', +- field=models.CharField(max_length=255, null=True), ++ field=models.CharField(max_length=228, null=True), + ), + migrations.AddField( + model_name='code', + name='code_challenge_method', +- field=models.CharField(max_length=255, null=True), ++ field=models.CharField(max_length=228, null=True), + ), + ] +diff -ur oidc_provider.orig/migrations/0015_change_client_code.py oidc_provider/migrations/0015_change_client_code.py +--- oidc_provider.orig/migrations/0015_change_client_code.py 2020-05-22 15:09:21.005044205 +0200 ++++ oidc_provider/migrations/0015_change_client_code.py 2020-05-22 15:09:40.281602552 +0200 +@@ -20,7 +20,7 @@ + migrations.AlterField( + model_name='client', + name='client_secret', +- field=models.CharField(blank=True, default='', max_length=255), ++ field=models.CharField(blank=True, default='', max_length=228), + ), + migrations.AlterField( + model_name='client', +@@ -63,7 +63,7 @@ + migrations.AlterField( + model_name='code', + name='nonce', +- field=models.CharField(blank=True, default='', max_length=255), ++ field=models.CharField(blank=True, default='', max_length=228), + ), + migrations.AlterField( + model_name='token', +diff -ur oidc_provider.orig/migrations/0016_userconsent_and_verbosenames.py oidc_provider/migrations/0016_userconsent_and_verbosenames.py +--- oidc_provider.orig/migrations/0016_userconsent_and_verbosenames.py 2020-05-22 15:09:21.005044205 +0200 ++++ oidc_provider/migrations/0016_userconsent_and_verbosenames.py 2020-05-22 15:14:37.858221152 +0200 +@@ -20,7 +20,7 @@ + model_name='userconsent', + name='date_given', + field=models.DateTimeField( +- default=datetime.datetime(2016, 6, 10, 17, 53, 48, 889808, tzinfo=utc), verbose_name='Date Given'), ++ default=datetime.datetime(2016, 6, 10, 17, 53, 48, 889808), verbose_name='Date Given'), + preserve_default=False, + ), + migrations.AlterField( +@@ -32,12 +32,12 @@ + migrations.AlterField( + model_name='client', + name='client_id', +- field=models.CharField(max_length=255, unique=True, verbose_name='Client ID'), ++ field=models.CharField(max_length=228, unique=True, verbose_name='Client ID'), + ), + migrations.AlterField( + model_name='client', + name='client_secret', +- field=models.CharField(blank=True, default=b'', max_length=255, verbose_name='Client SECRET'), ++ field=models.CharField(blank=True, default=b'', max_length=228, verbose_name='Client SECRET'), + ), + migrations.AlterField( + model_name='client', +@@ -84,17 +84,17 @@ + migrations.AlterField( + model_name='code', + name='code', +- field=models.CharField(max_length=255, unique=True, verbose_name='Code'), ++ field=models.CharField(max_length=228, unique=True, verbose_name='Code'), + ), + migrations.AlterField( + model_name='code', + name='code_challenge', +- field=models.CharField(max_length=255, null=True, verbose_name='Code Challenge'), ++ field=models.CharField(max_length=228, null=True, verbose_name='Code Challenge'), + ), + migrations.AlterField( + model_name='code', + name='code_challenge_method', +- field=models.CharField(max_length=255, null=True, verbose_name='Code Challenge Method'), ++ field=models.CharField(max_length=228, null=True, verbose_name='Code Challenge Method'), + ), + migrations.AlterField( + model_name='code', +@@ -109,7 +109,7 @@ + migrations.AlterField( + model_name='code', + name='nonce', +- field=models.CharField(blank=True, default=b'', max_length=255, verbose_name='Nonce'), ++ field=models.CharField(blank=True, default=b'', max_length=228, verbose_name='Nonce'), + ), + migrations.AlterField( + model_name='code', +@@ -135,7 +135,7 @@ + migrations.AlterField( + model_name='token', + name='access_token', +- field=models.CharField(max_length=255, unique=True, verbose_name='Access Token'), ++ field=models.CharField(max_length=228, unique=True, verbose_name='Access Token'), + ), + migrations.AlterField( + model_name='token', +@@ -151,7 +151,7 @@ + migrations.AlterField( + model_name='token', + name='refresh_token', +- field=models.CharField(max_length=255, null=True, unique=True, verbose_name='Refresh Token'), ++ field=models.CharField(max_length=228, null=True, unique=True, verbose_name='Refresh Token'), + ), + migrations.AlterField( + model_name='token', +diff -ur oidc_provider.orig/migrations/0017_auto_20160811_1954.py oidc_provider/migrations/0017_auto_20160811_1954.py +--- oidc_provider.orig/migrations/0017_auto_20160811_1954.py 2020-05-22 15:09:21.005044205 +0200 ++++ oidc_provider/migrations/0017_auto_20160811_1954.py 2020-05-22 15:09:40.329603942 +0200 +@@ -20,7 +20,7 @@ + migrations.AlterField( + model_name='client', + name='client_secret', +- field=models.CharField(blank=True, default='', max_length=255, verbose_name='Client SECRET'), ++ field=models.CharField(blank=True, default='', max_length=228, verbose_name='Client SECRET'), + ), + migrations.AlterField( + model_name='client', +@@ -56,7 +56,7 @@ + migrations.AlterField( + model_name='code', + name='nonce', +- field=models.CharField(blank=True, default='', max_length=255, verbose_name='Nonce'), ++ field=models.CharField(blank=True, default='', max_length=228, verbose_name='Nonce'), + ), + migrations.AlterField( + model_name='token', +diff -ur oidc_provider.orig/migrations/0018_hybridflow_and_clientattrs.py oidc_provider/migrations/0018_hybridflow_and_clientattrs.py +--- oidc_provider.orig/migrations/0018_hybridflow_and_clientattrs.py 2020-05-22 15:09:21.005044205 +0200 ++++ oidc_provider/migrations/0018_hybridflow_and_clientattrs.py 2020-05-22 15:09:40.317603595 +0200 +@@ -15,7 +15,7 @@ + migrations.AddField( + model_name='client', + name='contact_email', +- field=models.CharField(blank=True, default='', max_length=255, verbose_name='Contact Email'), ++ field=models.CharField(blank=True, default='', max_length=228, verbose_name='Contact Email'), + ), + migrations.AddField( + model_name='client', +@@ -30,13 +30,13 @@ + blank=True, + default='', + help_text='External reference to the privacy policy of the client.', +- max_length=255, ++ max_length=228, + verbose_name='Terms URL'), + ), + migrations.AddField( + model_name='client', + name='website_url', +- field=models.CharField(blank=True, default='', max_length=255, verbose_name='Website URL'), ++ field=models.CharField(blank=True, default='', max_length=228, verbose_name='Website URL'), + ), + migrations.AlterField( + model_name='client', +diff -ur oidc_provider.orig/migrations/0019_auto_20161005_1552.py oidc_provider/migrations/0019_auto_20161005_1552.py +--- oidc_provider.orig/migrations/0019_auto_20161005_1552.py 2020-05-22 15:09:21.005044205 +0200 ++++ oidc_provider/migrations/0019_auto_20161005_1552.py 2020-05-22 15:09:40.325603827 +0200 +@@ -15,6 +15,6 @@ + migrations.AlterField( + model_name='client', + name='client_secret', +- field=models.CharField(blank=True, max_length=255, verbose_name='Client SECRET'), ++ field=models.CharField(blank=True, max_length=228, verbose_name='Client SECRET'), + ), + ] +diff -ur oidc_provider.orig/migrations/0021_refresh_token_not_unique.py oidc_provider/migrations/0021_refresh_token_not_unique.py +--- oidc_provider.orig/migrations/0021_refresh_token_not_unique.py 2020-05-22 15:09:21.009044320 +0200 ++++ oidc_provider/migrations/0021_refresh_token_not_unique.py 2020-05-22 15:09:40.309603363 +0200 +@@ -15,7 +15,7 @@ + migrations.AlterField( + model_name='token', + name='refresh_token', +- field=models.CharField(default='', max_length=255, unique=True, verbose_name='Refresh Token'), ++ field=models.CharField(default='', max_length=228, unique=True, verbose_name='Refresh Token'), + preserve_default=False, + ), + ] diff --git a/patch/fix-oic-logging.patch b/patch/fix-oic-logging.patch new file mode 100644 index 000000000..1b93d1155 --- /dev/null +++ b/patch/fix-oic-logging.patch @@ -0,0 +1,11 @@ +--- oic/utils/keyio.py.orig 2020-06-06 18:49:44.819104615 +0200 ++++ oic/utils/keyio.py 2020-06-06 18:49:47.523182608 +0200 +@@ -191,7 +191,7 @@ + args["headers"] = {"If-None-Match": self.etag} + + try: +- logging.debug("KeyBundle fetch keys from: %s", self.source) ++ logger.debug("KeyBundle fetch keys from: %s", self.source) + r = requests.get(self.source, **args) + except Exception as err: + logger.error(err) diff --git a/patch/fix-oidc-access-token-post.patch b/patch/fix-oidc-access-token-post.patch new file mode 100644 index 000000000..4234fdf61 --- /dev/null +++ b/patch/fix-oidc-access-token-post.patch @@ -0,0 +1,39 @@ +diff -ur oidc_provider.orig/lib/utils/common.py oidc_provider/lib/utils/common.py +--- oidc_provider.orig/lib/utils/common.py 2020-05-22 15:09:21.009044320 +0200 ++++ oidc_provider/lib/utils/common.py 2020-06-04 16:00:12.049562502 +0200 +@@ -19,6 +19,7 @@ + """ + response = HttpResponse('', status=302) + response['Location'] = uri ++ response.url = uri + return response + + +--- oidc_provider.orig/lib/utils/oauth2.py 2020-05-22 15:09:21.009044320 +0200 ++++ oidc_provider/lib/utils/oauth2.py 2020-06-05 17:05:23.271285858 +0200 +@@ -21,10 +21,14 @@ + """ + auth_header = request.META.get('HTTP_AUTHORIZATION', '') + +- if re.compile('^[Bb]earer\s{1}.+$').match(auth_header): ++ if re.compile(r'^[Bb]earer\s{1}.+$').match(auth_header): + access_token = auth_header.split()[1] +- else: ++ elif request.method == 'GET': + access_token = request.GET.get('access_token', '') ++ elif request.method == 'POST': ++ access_token = request.POST.get('access_token', '') ++ else: ++ access_token = '' + + return access_token + +@@ -39,7 +43,7 @@ + """ + auth_header = request.META.get('HTTP_AUTHORIZATION', '') + +- if re.compile('^Basic\s{1}.+$').match(auth_header): ++ if re.compile(r'^Basic\s{1}.+$').match(auth_header): + b64_user_pass = auth_header.split()[1] + try: + user_pass = b64decode(b64_user_pass).decode('utf-8').split(':') diff --git a/patch/fix-request-profiler-streaming-length.patch b/patch/fix-request-profiler-streaming-length.patch index 934c5b49a..52f49cc7a 100644 --- a/patch/fix-request-profiler-streaming-length.patch +++ b/patch/fix-request-profiler-streaming-length.patch @@ -1,5 +1,5 @@ ---- request_profiler/models.py.old 2020-04-20 13:39:17.844147379 +0200 -+++ request_profiler/models.py 2020-04-20 13:39:50.749093653 +0200 +--- request_profiler.orig/models.py 2020-06-05 14:33:10.408859604 +0200 ++++ request_profiler/models.py 2020-06-05 14:35:09.412282408 +0200 @@ -181,7 +181,7 @@ """Extract values from HttpRequest and store locally.""" self.request = request @@ -9,7 +9,20 @@ self.query_string = request.META.get("QUERY_STRING", "") self.http_user_agent = request.META.get("HTTP_USER_AGENT", "")[:400] # we care about the domain more than the URL itself, so truncating -@@ -206,7 +206,10 @@ +@@ -189,11 +189,7 @@ + self.http_referer = request.META.get("HTTP_REFERER", "")[:400] + # X-Forwarded-For is used by convention when passing through + # load balancers etc., as the REMOTE_ADDR is rewritten in transit +- self.remote_addr = ( +- request.META.get("HTTP_X_FORWARDED_FOR") +- if "HTTP_X_FORWARDED_FOR" in request.META +- else request.META.get("REMOTE_ADDR") +- ) ++ self.remote_addr = request.META.get("REMOTE_ADDR") + # these two require middleware, so may not exist + if hasattr(request, "session"): + self.session_key = request.session.session_key or "" +@@ -206,7 +202,10 @@ """Extract values from HttpResponse and store locally.""" self.response = response self.response_status_code = response.status_code