Summary

[WIP]Add OAuth2 provider support

Review Request #7285 — Created May 2, 2015 and discarded Jan. 29, 2019, 2:41 p.m.

Information

Owner

Chenxi

Repository

Review Board

Branch

master

Bugs

Depends On

Reviewers

Groups

reviewboard

People

Description

This is about making Review Board work as an OAuth2 provider, so that other services can link up with Review Board and request permissions to perform operations.

About the code

the add_valid_policy_ids in reviewboard/settings.py is a recursive function to walking the WebAPIResource tree for adding scopes to OAUTH2_PROVIDER.SCOPES which will be used for validation in AccessToken.allow_scopes (in oauth2_provider/models.py)

modify WebAPIResource.call_method_view (in reviewboard/webapi/base.py) to not just check the policies around API Tokens, but also any OAuth2 tokens.

How to use

Firstly install the toolkit:

pip install django-oauth-toolkit

Now we can use following shell to get the access token.

curl -X POST -d "grant_type=password&username=<user_name>&password=<password>&scope=read" -u"<client_id>:<client_secret>" http://localhost:8000/o/token/

We can use following code to access UserResource [We use WebAPIResource.policy_id for the scope name of that resource]. Thus we succuessfully apply the verify mechanism to our code.

curl -H "Authorization: Bearer <your_access_token_with_user_scope>" http://localhost:8000/api/users/<username>/

Testing Done

Issues

Description	From	Last Updated
'django_reset' imported but unused	reviewbot	May 13, 2015, 3:39 a.m.
'from settings_local import *' used; unable to detect undefined names	reviewbot	June 14, 2015, 5:42 a.m.
Col: 18 E126 continuation line over-indented for hanging indent	reviewbot	June 14, 2015, 5:42 a.m.
Col: 80 E501 line too long (95 > 79 characters)	reviewbot	May 13, 2015, 3:42 a.m.
'PIPELINE_JS' imported but unused	reviewbot	June 14, 2015, 5:42 a.m.
'PIPELINE_CSS' imported but unused	reviewbot	June 14, 2015, 5:42 a.m.
Col: 80 E501 line too long (84 > 79 characters)	reviewbot	June 14, 2015, 5:42 a.m.
Col: 2 W292 no newline at end of file	reviewbot	May 13, 2015, 3:43 a.m.
'django_reset' imported but unused	reviewbot	June 14, 2015, 5:42 a.m.
'from settings_local import *' used; unable to detect undefined names	reviewbot	June 14, 2015, 5:42 a.m.
Col: 18 E126 continuation line over-indented for hanging indent	reviewbot	June 14, 2015, 5:42 a.m.
'PIPELINE_JS' imported but unused	reviewbot	June 14, 2015, 5:42 a.m.
'PIPELINE_CSS' imported but unused	reviewbot	June 14, 2015, 5:42 a.m.
Col: 80 E501 line too long (84 > 79 characters)	reviewbot	June 14, 2015, 5:42 a.m.
Col: 20 E225 missing whitespace around operator	reviewbot	June 14, 2015, 5:42 a.m.
Col: 25 E231 missing whitespace after ','	reviewbot	June 14, 2015, 5:42 a.m.
Col: 9 E265 block comment should start with '# '	reviewbot	June 14, 2015, 5:42 a.m.
'django_reset' imported but unused	reviewbot	June 14, 2015, 5:36 a.m.
'from settings_local import *' used; unable to detect undefined names	reviewbot	June 14, 2015, 5:36 a.m.
Col: 18 E126 continuation line over-indented for hanging indent	reviewbot	June 24, 2015, 3:09 a.m.
'PIPELINE_JS' imported but unused	reviewbot	June 14, 2015, 5:36 a.m.
'PIPELINE_CSS' imported but unused	reviewbot	June 14, 2015, 5:36 a.m.
Col: 1 E302 expected 2 blank lines, found 1	reviewbot	June 14, 2015, 5:35 a.m.
Col: 8 E111 indentation is not a multiple of four	reviewbot	June 14, 2015, 5:34 a.m.
Col: 1 E402 module level import not at top of file	reviewbot	June 14, 2015, 5:35 a.m.
Col: 37 W292 no newline at end of file	reviewbot	June 14, 2015, 5:29 a.m.
Col: 5 E265 block comment should start with '# '	reviewbot	June 14, 2015, 5:28 a.m.
Col: 20 E225 missing whitespace around operator	reviewbot	June 14, 2015, 5:28 a.m.
Col: 25 E231 missing whitespace after ','	reviewbot	June 14, 2015, 5:28 a.m.
Col: 9 E265 block comment should start with '# '	reviewbot	June 14, 2015, 5:27 a.m.
'django_reset' imported but unused	reviewbot	June 24, 2015, 3:17 a.m.
'from settings_local import *' used; unable to detect undefined names	reviewbot	June 24, 2015, 3:17 a.m.
'PIPELINE_CSS' imported but unused	reviewbot	June 24, 2015, 3:17 a.m.
'PIPELINE_JS' imported but unused	reviewbot	June 24, 2015, 3:17 a.m.
Col: 1 E402 module level import not at top of file	reviewbot	June 24, 2015, 3:22 a.m.
'django_reset' imported but unused	reviewbot	June 24, 2015, 3:22 a.m.
'from settings_local import *' used; unable to detect undefined names	reviewbot	June 24, 2015, 3:22 a.m.
'PIPELINE_JS' imported but unused	reviewbot	June 24, 2015, 3:22 a.m.
'PIPELINE_CSS' imported but unused	reviewbot	June 24, 2015, 3:22 a.m.
Needs a docstring.	brennie	June 25, 2015, 1:49 a.m.
No blank line here.	brennie	June 25, 2015, 1:53 a.m.
You can use %-formatting to build this string more efficiently.	brennie	June 25, 2015, 2:22 a.m.
These should go with the django/djblets imports.	brennie	June 25, 2015, 2:28 a.m.
This doesn't need a leading underscore.	brennie	June 25, 2015, 2:29 a.m.
Needs a docstring.	brennie	June 25, 2015, 2:38 a.m.
You can use .split(' ', 1)[0] to get only the first element out.	brennie	June 25, 2015, 2:45 a.m.
Needs a docstring.	brennie	June 25, 2015, 2:47 a.m.
'django_reset' imported but unused	reviewbot	June 25, 2015, 4:45 a.m.
'from settings_local import *' used; unable to detect undefined names	reviewbot	June 25, 2015, 4:45 a.m.
'PIPELINE_JS' imported but unused	reviewbot	June 25, 2015, 4:45 a.m.
'PIPELINE_CSS' imported but unused	reviewbot	June 25, 2015, 4:45 a.m.
Col: 1 E402 module level import not at top of file	reviewbot	June 25, 2015, 4:44 a.m.
Docstrings should be of the format: """Single line summary. Multi-line description. """	brennie	June 25, 2015, 8:33 p.m.
This should end with a period and the trailing """" should be on the previous line.	brennie	June 25, 2015, 8:33 p.m.
Blank line between these.	brennie	June 25, 2015, 8:33 p.m.
Needs periods.	brennie	June 25, 2015, 8:33 p.m.
This should say something like "The policy_id field is determines the default scope that is used for the resources. Child …	brennie	June 25, 2015, 8:34 p.m.
'django_reset' imported but unused	reviewbot	June 25, 2015, 8:43 p.m.
'from settings_local import *' used; unable to detect undefined names	reviewbot	June 25, 2015, 8:43 p.m.
'PIPELINE_JS' imported but unused	reviewbot	June 25, 2015, 8:43 p.m.
'PIPELINE_CSS' imported but unused	reviewbot	June 25, 2015, 8:43 p.m.
Col: 1 E402 module level import not at top of file	reviewbot	June 25, 2015, 8:43 p.m.
Where this part should be?	LE lehoangm	Feb. 23, 2016, 11 p.m.

Tool: Pyflakes
Processed Files:
    reviewboard/settings.py
    reviewboard/urls.py



Tool: PEP8 Style Checker
Processed Files:
    reviewboard/settings.py
    reviewboard/urls.py

reviewboard/settings.py (Diff revision 1)
The issue has been resolved. Show all issues
```
 'django_reset' imported but unused
```
reviewboard/settings.py (Diff revision 1)
The issue has been dropped. Show all issues
```
 'from settings_local import *' used; unable to detect undefined names
```
reviewboard/settings.py (Diff revision 1)
The issue has been dropped. Show all issues
```
Col: 18
 E126 continuation line over-indented for hanging indent
```
reviewboard/settings.py (Diff revision 1)
The issue has been resolved. Show all issues
```
Col: 80
 E501 line too long (95 > 79 characters)
```
reviewboard/settings.py (Diff revision 1)
The issue has been dropped. Show all issues
```
 'PIPELINE_JS' imported but unused
```
reviewboard/settings.py (Diff revision 1)
The issue has been dropped. Show all issues
```
 'PIPELINE_CSS' imported but unused
```
reviewboard/urls.py (Diff revision 1)
The issue has been dropped. Show all issues
```
Col: 80
 E501 line too long (84 > 79 characters)
```
reviewboard/urls.py (Diff revision 1)
The issue has been resolved. Show all issues
```
Col: 2
 W292 no newline at end of file
```

Change Summary:

Combine the verify part of OAuth code into ReviewBoard

Description:

~		Just codes following the tutorial
	~	Firstly I follow the tutorial:
-
-		The link of the tutorial:
		https://django-oauth-toolkit.readthedocs.org/en/latest/tutorial/tutorial.html

~		1.Now we can use following shell to get the access token.
	~	1.
	+	Now we can use following shell to get the access token.
		curl -X POST -d "grant_type=password&username=<user_name>&password=<password>&scope=read" -u"<client_id>:<client_secret>" http://localhost:8000/o/token/

~		Then we can use following code to access the view needed OAuth scope curl -H "Authorization: Bearer <your_access_token>" http://localhost:8000/users/
	~	Then we can use following code to access the view needed OAuth scope
	+	curl -H "Authorization: Bearer <your_access_token>" http://localhost:8000/getusers/
	+
	+	2.
	+	We can use following code to access `UserResource` [We use `WebAPIResource.policy_id` for the scope name of that resource]. Thus we succuessfully apply the verify mechanism to our code.
	+	curl -H "Authorization: Bearer <your_access_token_with_user_scope>" http://localhost:8000/api/users/test

Commit:

5f470814f6e0906fca45592f70d41d4c68d2d370

be1027c671f4d9219f7d948b1b88c8fc4cb99ce2

Diff:

Revision 2 (+94 -1)

Show changes

	reviewboard/settings.py
	reviewboard/urls.py
	reviewboard/webapi/base.py

Tool: Pyflakes
Processed Files:
    reviewboard/webapi/base.py
    reviewboard/settings.py
    reviewboard/urls.py



Tool: PEP8 Style Checker
Processed Files:
    reviewboard/webapi/base.py
    reviewboard/settings.py
    reviewboard/urls.py

reviewboard/settings.py (Diff revision 2)
The issue has been dropped. Show all issues
```
 'django_reset' imported but unused
```
reviewboard/settings.py (Diff revision 2)
The issue has been dropped. Show all issues
```
 'from settings_local import *' used; unable to detect undefined names
```
reviewboard/settings.py (Diff revision 2)
The issue has been dropped. Show all issues
```
Col: 18
 E126 continuation line over-indented for hanging indent
```
reviewboard/settings.py (Diff revision 2)
The issue has been dropped. Show all issues
```
 'PIPELINE_JS' imported but unused
```
reviewboard/settings.py (Diff revision 2)
The issue has been dropped. Show all issues
```
 'PIPELINE_CSS' imported but unused
```
reviewboard/urls.py (Diff revision 2)
The issue has been dropped. Show all issues
```
Col: 80
 E501 line too long (84 > 79 characters)
```
reviewboard/webapi/base.py (Diff revision 2)
The issue has been dropped. Show all issues
```
Col: 20
 E225 missing whitespace around operator
```
reviewboard/webapi/base.py (Diff revision 2)
The issue has been dropped. Show all issues
```
Col: 25
 E231 missing whitespace after ','
```
reviewboard/webapi/base.py (Diff revision 2)
The issue has been dropped. Show all issues
```
Col: 9
 E265 block comment should start with '# '
```

Change Summary:

Add scopes to OAUTH2_PROVIDER.SCOPES by walking the WebAPIResource tree and remove useless code about tutorials

Description:

~		Firstly I follow the tutorial:
	~	This is about making Review Board work as an OAuth2 provider, so that other services can link up with Review Board and request permissions to perform operations.
-		https://django-oauth-toolkit.readthedocs.org/en/latest/tutorial/tutorial.html

~		1.
	~	About the code
-		Now we can use following shell to get the access token.
-		curl -X POST -d "grant_type=password&username=<user_name>&password=<password>&scope=read" -u"<client_id>:<client_secret>" http://localhost:8000/o/token/

~		Then we can use following code to access the view needed OAuth scope
	~	the `add_valid_policy_ids` in `reviewboard/settings.py` is a recursive function to walking the WebAPIResource tree for adding scopes to OAUTH2_PROVIDER.SCOPES which will be used for validation in `AccessToken.allow_scopes` (in `oauth2_provider/models.py`)
-		curl -H "Authorization: Bearer <your_access_token>" http://localhost:8000/getusers/

~		2.
~		We can use following code to access `UserResource` [We use `WebAPIResource.policy_id` for the scope name of that resource]. Thus we succuessfully apply the verify mechanism to our code.
~		curl -H "Authorization: Bearer <your_access_token_with_user_scope>" http://localhost:8000/api/users/test
	~
	~
	~	modify `WebAPIResource.call_method_view` (in `reviewboard/webapi/base.py`) to not just check the policies around API Tokens, but also any OAuth2 tokens.
	+
	+
	+
	+	How to use
	+
	+	Firstly install the toolkit:
	+
	+	`pip install django-oauth-toolkit`
	+
	+
	+	Now we can use following shell to get the access token.
	+
	+	`curl -X POST -d "grant_type=password&username=<user_name>&password=<password>&scope=read" -u"<client_id>:<client_secret>" http://localhost:8000/o/token/`
	+
	+
	+	We can use following code to access `UserResource` [We use `WebAPIResource.policy_id` for the scope name of that resource]. Thus we succuessfully apply the verify mechanism to our code.
	+
	+	`curl -H "Authorization: Bearer <your_access_token_with_user_scope>" http://localhost:8000/api/users/<username>/`
	+

Commit:

be1027c671f4d9219f7d948b1b88c8fc4cb99ce2

83eba08234ca6408e9307a14cf09c46946447478

Diff:

Revision 3 (+57 -2)

Show changes

	reviewboard/settings.py
	reviewboard/urls.py
	reviewboard/webapi/base.py

Tool: Pyflakes
Processed Files:
    reviewboard/webapi/base.py
    reviewboard/settings.py
    reviewboard/urls.py



Tool: PEP8 Style Checker
Processed Files:
    reviewboard/webapi/base.py
    reviewboard/settings.py
    reviewboard/urls.py

reviewboard/settings.py (Diff revision 3)
The issue has been dropped. Show all issues
```
 'django_reset' imported but unused
```
reviewboard/settings.py (Diff revision 3)
The issue has been dropped. Show all issues
```
 'from settings_local import *' used; unable to detect undefined names
```
reviewboard/settings.py (Diff revision 3)
The issue has been resolved. Show all issues
```
Col: 18
 E126 continuation line over-indented for hanging indent
```
reviewboard/settings.py (Diff revision 3)
The issue has been dropped. Show all issues
```
 'PIPELINE_JS' imported but unused
```
reviewboard/settings.py (Diff revision 3)
The issue has been dropped. Show all issues
```
 'PIPELINE_CSS' imported but unused
```
reviewboard/settings.py (Diff revision 3)
The issue has been resolved. Show all issues
```
Col: 1
 E302 expected 2 blank lines, found 1
```
reviewboard/settings.py (Diff revision 3)
The issue has been resolved. Show all issues
```
Col: 8
 E111 indentation is not a multiple of four
```
reviewboard/settings.py (Diff revision 3)
The issue has been resolved. Show all issues
```
Col: 1
 E402 module level import not at top of file
```
reviewboard/settings.py (Diff revision 3)
The issue has been resolved. Show all issues
```
Col: 37
 W292 no newline at end of file
```
reviewboard/urls.py (Diff revision 3)
The issue has been resolved. Show all issues
```
Col: 5
 E265 block comment should start with '# '
```
reviewboard/webapi/base.py (Diff revision 3)
The issue has been resolved. Show all issues
```
Col: 20
 E225 missing whitespace around operator
```
reviewboard/webapi/base.py (Diff revision 3)
The issue has been resolved. Show all issues
```
Col: 25
 E231 missing whitespace after ','
```
reviewboard/webapi/base.py (Diff revision 3)
The issue has been resolved. Show all issues
```
Col: 9
 E265 block comment should start with '# '
```

Change Summary:

correct format errors

Commit:

83eba08234ca6408e9307a14cf09c46946447478

be9baa727dcb358dddf6da6063536fcafd4a5a6a

Diff:

Revision 4 (+58 -1)

Show changes

	reviewboard/settings.py
	reviewboard/urls.py
	reviewboard/webapi/base.py

Tool: Pyflakes
Processed Files:
    reviewboard/webapi/base.py
    reviewboard/settings.py
    reviewboard/urls.py



Tool: PEP8 Style Checker
Processed Files:
    reviewboard/webapi/base.py
    reviewboard/settings.py
    reviewboard/urls.py

reviewboard/settings.py (Diff revision 4)
The issue has been dropped. Show all issues
```
 'django_reset' imported but unused
```
reviewboard/settings.py (Diff revision 4)
The issue has been dropped. Show all issues
```
 'from settings_local import *' used; unable to detect undefined names
```
reviewboard/settings.py (Diff revision 4)
The issue has been dropped. Show all issues
```
 'PIPELINE_CSS' imported but unused
```
reviewboard/settings.py (Diff revision 4)
The issue has been dropped. Show all issues
```
 'PIPELINE_JS' imported but unused
```
reviewboard/settings.py (Diff revision 4)
The issue has been resolved. Show all issues
```
Col: 1
 E402 module level import not at top of file
```

Commit:

be9baa727dcb358dddf6da6063536fcafd4a5a6a

4d639473d1e8d3b917ed6ba1bebbba562d07b0de

Diff:

Revision 5 (+57 -1)

Show changes

	reviewboard/settings.py
	reviewboard/urls.py
	reviewboard/webapi/base.py

Tool: PEP8 Style Checker
Processed Files:
    reviewboard/webapi/base.py
    reviewboard/settings.py
    reviewboard/urls.py



Tool: Pyflakes
Processed Files:
    reviewboard/webapi/base.py
    reviewboard/settings.py
    reviewboard/urls.py

reviewboard/settings.py (Diff revision 5)
The issue has been dropped. Show all issues
```
 'django_reset' imported but unused
```
reviewboard/settings.py (Diff revision 5)
The issue has been dropped. Show all issues
```
 'from settings_local import *' used; unable to detect undefined names
```
reviewboard/settings.py (Diff revision 5)
The issue has been dropped. Show all issues
```
 'PIPELINE_JS' imported but unused
```
reviewboard/settings.py (Diff revision 5)
The issue has been dropped. Show all issues
```
 'PIPELINE_CSS' imported but unused
```

reviewboard/settings.py (Diff revision 5)
The issue has been resolved. Show all issues
```
Needs a docstring.
```
reviewboard/settings.py (Diff revision 5)
The issue has been resolved. Show all issues
```
No blank line here.
```
reviewboard/settings.py (Diff revision 5)
The issue has been resolved. Show all issues
```
You can use %-formatting to build this string more efficiently.
```
reviewboard/webapi/base.py (Diff revision 5)
The issue has been resolved. Show all issues
```
These should go with the django/djblets imports.
```
reviewboard/webapi/base.py (Diff revision 5)
The issue has been resolved. Show all issues
```
This doesn't need a leading underscore.
```
reviewboard/webapi/base.py (Diff revision 5)
The issue has been resolved. Show all issues
```
Needs a docstring.
```
reviewboard/webapi/base.py (Diff revision 5)
The issue has been resolved. Show all issues
```
You can use .split(' ', 1)[0] to get only the first element out.
```
reviewboard/webapi/base.py (Diff revision 5)
The issue has been resolved. Show all issues
```
Needs a docstring.
```

Change Summary:

add some docstring

Commit:

4d639473d1e8d3b917ed6ba1bebbba562d07b0de

faf253e7548e786b10f4aa997e2ad33e97f1dba9

Diff:

Revision 6 (+66 -1)

Show changes

	reviewboard/settings.py
	reviewboard/urls.py
	reviewboard/webapi/base.py

Tool: PEP8 Style Checker
Processed Files:
    reviewboard/webapi/base.py
    reviewboard/settings.py
    reviewboard/urls.py



Tool: Pyflakes
Processed Files:
    reviewboard/webapi/base.py
    reviewboard/settings.py
    reviewboard/urls.py

reviewboard/settings.py (Diff revision 6)
The issue has been dropped. Show all issues
```
 'django_reset' imported but unused
```
reviewboard/settings.py (Diff revision 6)
The issue has been dropped. Show all issues
```
 'from settings_local import *' used; unable to detect undefined names
```
reviewboard/settings.py (Diff revision 6)
The issue has been dropped. Show all issues
```
 'PIPELINE_JS' imported but unused
```
reviewboard/settings.py (Diff revision 6)
The issue has been dropped. Show all issues
```
 'PIPELINE_CSS' imported but unused
```
reviewboard/settings.py (Diff revision 6)
The issue has been dropped. Show all issues
```
Col: 1
 E402 module level import not at top of file
```

reviewboard/settings.py (Diff revision 6)

The issue has been resolved. Show all issues

Docstrings should be of the format:

"""Single line summary.

Multi-line description.
"""

reviewboard/webapi/base.py (Diff revision 6)

The issue has been resolved. Show all issues

This should end with a period and the trailing """" should be on the previous line.

reviewboard/webapi/base.py (Diff revision 6)
The issue has been resolved. Show all issues
```
Blank line between these.
```
reviewboard/webapi/base.py (Diff revision 6)
The issue has been resolved. Show all issues
```
Needs periods.
```

reviewboard/webapi/base.py (Diff revision 6)

The issue has been resolved. Show all issues

This should say something like
"The policy_id field is determines the default scope that is used for the resources. Child classes should override this function to change the default behaviour."

Change Summary:

correct docstrings

Commit:

faf253e7548e786b10f4aa997e2ad33e97f1dba9

7088d64ef2a53b7869372f57c958ca1e72de9318

Diff:

Revision 7 (+70 -1)

Show changes

	reviewboard/settings.py
	reviewboard/urls.py
	reviewboard/webapi/base.py

Tool: Pyflakes
Processed Files:
    reviewboard/webapi/base.py
    reviewboard/settings.py
    reviewboard/urls.py



Tool: PEP8 Style Checker
Processed Files:
    reviewboard/webapi/base.py
    reviewboard/settings.py
    reviewboard/urls.py

reviewboard/settings.py (Diff revision 7)
The issue has been dropped. Show all issues
```
 'django_reset' imported but unused
```
reviewboard/settings.py (Diff revision 7)
The issue has been dropped. Show all issues
```
 'from settings_local import *' used; unable to detect undefined names
```
reviewboard/settings.py (Diff revision 7)
The issue has been dropped. Show all issues
```
 'PIPELINE_JS' imported but unused
```
reviewboard/settings.py (Diff revision 7)
The issue has been dropped. Show all issues
```
 'PIPELINE_CSS' imported but unused
```
reviewboard/settings.py (Diff revision 7)
The issue has been dropped. Show all issues
```
Col: 1
 E402 module level import not at top of file
```

Thanks for taking this on, Chenxi! I'm sorry we've been so busy lately. I can tell you our goal is for this to be one of the key features of Review Board 2.6 :)

What work is left to get this out of WIP?

What else would remain for full OAuth2 support? For instance, other OAuth2 providers have a page that a client can pop up that lets the user confirm the client's access, and will then provide the client with a token. Usually that has the provider's logo/name, and the client's logo/name, and a list of things to request for access. Do we have anything for that? I don't know how much the module we're using automatically gives us.

Fix it!

reviewboard/settings.py (Diff revision 7)

An issue was opened. Show all issues

Where this part should be?

Status:: Discarded