Allow API tokens to be flagged as deprecated.

Review Request #12627 — Created Sept. 26, 2022 and submitted — Latest diff uploaded

Information

Djblets
release-3.x

Reviewers

This change introduces a concept of deprecated token generators and allows API
tokens to be considered as deprecated if they were generated by a deprecated
token generator. The deprecated token generators can be set via the
DJBLETS_DEPRECATED_TOKEN_GENERATORS setting.

Now when a deprecated token is used for authentication, a deprecation notice
will be sent via a response header. Previously, the base WebAPIResource
class would include headers set by authentication backends in the response
only when the authentication failed. For the purposes of including
deprecation notices in successful responses, we modified the WebAPIResource
to always include any headers set by authentication backends.

  • Ran all unit tests
  • Made requests using deprecated and non deprecated tokens to some
    Reviewboard API endpoints (specifically GET and POST requests to
    /review-requests/id/reviews/)
  • Ran all webapi tests in the Reviewboard test suite.

Commits

Files