[WIP]Add OAuth2 provider support

Review Request #7285 — Created May 2, 2015 and discarded

Information

Review Board
master

Reviewers

This is about making Review Board work as an OAuth2 provider, so that other services can link up with Review Board and request permissions to perform operations.

About the code

  • the add_valid_policy_ids in reviewboard/settings.py is a recursive function to walking the WebAPIResource tree for adding scopes to OAUTH2_PROVIDER.SCOPES which will be used for validation in AccessToken.allow_scopes (in oauth2_provider/models.py)

  • modify WebAPIResource.call_method_view (in reviewboard/webapi/base.py) to not just check the policies around API Tokens, but also any OAuth2 tokens.

How to use

  • Firstly install the toolkit:
pip install django-oauth-toolkit
  • Now we can use following shell to get the access token.
curl -X POST -d "grant_type=password&username=<user_name>&password=<password>&scope=read" -u"<client_id>:<client_secret>" http://localhost:8000/o/token/
  • We can use following code to access UserResource [We use WebAPIResource.policy_id for the scope name of that resource]. Thus we succuessfully apply the verify mechanism to our code.
curl -H "Authorization: Bearer <your_access_token_with_user_scope>" http://localhost:8000/api/users/<username>/

 
Description From Last Updated

'django_reset' imported but unused

reviewbotreviewbot

'from settings_local import *' used; unable to detect undefined names

reviewbotreviewbot

Col: 18 E126 continuation line over-indented for hanging indent

reviewbotreviewbot

Col: 80 E501 line too long (95 > 79 characters)

reviewbotreviewbot

'PIPELINE_JS' imported but unused

reviewbotreviewbot

'PIPELINE_CSS' imported but unused

reviewbotreviewbot

Col: 80 E501 line too long (84 > 79 characters)

reviewbotreviewbot

Col: 2 W292 no newline at end of file

reviewbotreviewbot

'django_reset' imported but unused

reviewbotreviewbot

'from settings_local import *' used; unable to detect undefined names

reviewbotreviewbot

Col: 18 E126 continuation line over-indented for hanging indent

reviewbotreviewbot

'PIPELINE_JS' imported but unused

reviewbotreviewbot

'PIPELINE_CSS' imported but unused

reviewbotreviewbot

Col: 80 E501 line too long (84 > 79 characters)

reviewbotreviewbot

Col: 20 E225 missing whitespace around operator

reviewbotreviewbot

Col: 25 E231 missing whitespace after ','

reviewbotreviewbot

Col: 9 E265 block comment should start with '# '

reviewbotreviewbot

'django_reset' imported but unused

reviewbotreviewbot

'from settings_local import *' used; unable to detect undefined names

reviewbotreviewbot

Col: 18 E126 continuation line over-indented for hanging indent

reviewbotreviewbot

'PIPELINE_JS' imported but unused

reviewbotreviewbot

'PIPELINE_CSS' imported but unused

reviewbotreviewbot

Col: 1 E302 expected 2 blank lines, found 1

reviewbotreviewbot

Col: 8 E111 indentation is not a multiple of four

reviewbotreviewbot

Col: 1 E402 module level import not at top of file

reviewbotreviewbot

Col: 37 W292 no newline at end of file

reviewbotreviewbot

Col: 5 E265 block comment should start with '# '

reviewbotreviewbot

Col: 20 E225 missing whitespace around operator

reviewbotreviewbot

Col: 25 E231 missing whitespace after ','

reviewbotreviewbot

Col: 9 E265 block comment should start with '# '

reviewbotreviewbot

'django_reset' imported but unused

reviewbotreviewbot

'from settings_local import *' used; unable to detect undefined names

reviewbotreviewbot

'PIPELINE_CSS' imported but unused

reviewbotreviewbot

'PIPELINE_JS' imported but unused

reviewbotreviewbot

Col: 1 E402 module level import not at top of file

reviewbotreviewbot

'django_reset' imported but unused

reviewbotreviewbot

'from settings_local import *' used; unable to detect undefined names

reviewbotreviewbot

'PIPELINE_JS' imported but unused

reviewbotreviewbot

'PIPELINE_CSS' imported but unused

reviewbotreviewbot

Needs a docstring.

brenniebrennie

No blank line here.

brenniebrennie

You can use %-formatting to build this string more efficiently.

brenniebrennie

These should go with the django/djblets imports.

brenniebrennie

This doesn't need a leading underscore.

brenniebrennie

Needs a docstring.

brenniebrennie

You can use .split(' ', 1)[0] to get only the first element out.

brenniebrennie

Needs a docstring.

brenniebrennie

'django_reset' imported but unused

reviewbotreviewbot

'from settings_local import *' used; unable to detect undefined names

reviewbotreviewbot

'PIPELINE_JS' imported but unused

reviewbotreviewbot

'PIPELINE_CSS' imported but unused

reviewbotreviewbot

Col: 1 E402 module level import not at top of file

reviewbotreviewbot

Docstrings should be of the format: """Single line summary. Multi-line description. """

brenniebrennie

This should end with a period and the trailing """" should be on the previous line.

brenniebrennie

Blank line between these.

brenniebrennie

Needs periods.

brenniebrennie

This should say something like "The policy_id field is determines the default scope that is used for the resources. Child …

brenniebrennie

'django_reset' imported but unused

reviewbotreviewbot

'from settings_local import *' used; unable to detect undefined names

reviewbotreviewbot

'PIPELINE_JS' imported but unused

reviewbotreviewbot

'PIPELINE_CSS' imported but unused

reviewbotreviewbot

Col: 1 E402 module level import not at top of file

reviewbotreviewbot

Where this part should be?

LE lehoangm
reviewbot
  1. Tool: Pyflakes
    Processed Files:
        reviewboard/settings.py
        reviewboard/urls.py
    
    
    
    Tool: PEP8 Style Checker
    Processed Files:
        reviewboard/settings.py
        reviewboard/urls.py
    
    
  2. reviewboard/settings.py (Diff revision 1)
     
     
    Show all issues
     'django_reset' imported but unused
    
  3. reviewboard/settings.py (Diff revision 1)
     
     
    Show all issues
     'from settings_local import *' used; unable to detect undefined names
    
  4. reviewboard/settings.py (Diff revision 1)
     
     
    Show all issues
    Col: 18
     E126 continuation line over-indented for hanging indent
    
  5. reviewboard/settings.py (Diff revision 1)
     
     
    Show all issues
    Col: 80
     E501 line too long (95 > 79 characters)
    
  6. reviewboard/settings.py (Diff revision 1)
     
     
    Show all issues
     'PIPELINE_JS' imported but unused
    
  7. reviewboard/settings.py (Diff revision 1)
     
     
    Show all issues
     'PIPELINE_CSS' imported but unused
    
  8. reviewboard/urls.py (Diff revision 1)
     
     
    Show all issues
    Col: 80
     E501 line too long (84 > 79 characters)
    
  9. reviewboard/urls.py (Diff revision 1)
     
     
    Show all issues
    Col: 2
     W292 no newline at end of file
    
  10. 
      
CH
reviewbot
  1. Tool: Pyflakes
    Processed Files:
        reviewboard/webapi/base.py
        reviewboard/settings.py
        reviewboard/urls.py
    
    
    
    Tool: PEP8 Style Checker
    Processed Files:
        reviewboard/webapi/base.py
        reviewboard/settings.py
        reviewboard/urls.py
    
    
  2. reviewboard/settings.py (Diff revision 2)
     
     
    Show all issues
     'django_reset' imported but unused
    
  3. reviewboard/settings.py (Diff revision 2)
     
     
    Show all issues
     'from settings_local import *' used; unable to detect undefined names
    
  4. reviewboard/settings.py (Diff revision 2)
     
     
    Show all issues
    Col: 18
     E126 continuation line over-indented for hanging indent
    
  5. reviewboard/settings.py (Diff revision 2)
     
     
    Show all issues
     'PIPELINE_JS' imported but unused
    
  6. reviewboard/settings.py (Diff revision 2)
     
     
    Show all issues
     'PIPELINE_CSS' imported but unused
    
  7. reviewboard/urls.py (Diff revision 2)
     
     
    Show all issues
    Col: 80
     E501 line too long (84 > 79 characters)
    
  8. reviewboard/webapi/base.py (Diff revision 2)
     
     
    Show all issues
    Col: 20
     E225 missing whitespace around operator
    
  9. reviewboard/webapi/base.py (Diff revision 2)
     
     
    Show all issues
    Col: 25
     E231 missing whitespace after ','
    
  10. reviewboard/webapi/base.py (Diff revision 2)
     
     
    Show all issues
    Col: 9
     E265 block comment should start with '# '
    
  11. 
      
CH
reviewbot
  1. Tool: Pyflakes
    Processed Files:
        reviewboard/webapi/base.py
        reviewboard/settings.py
        reviewboard/urls.py
    
    
    
    Tool: PEP8 Style Checker
    Processed Files:
        reviewboard/webapi/base.py
        reviewboard/settings.py
        reviewboard/urls.py
    
    
  2. reviewboard/settings.py (Diff revision 3)
     
     
    Show all issues
     'django_reset' imported but unused
    
  3. reviewboard/settings.py (Diff revision 3)
     
     
    Show all issues
     'from settings_local import *' used; unable to detect undefined names
    
  4. reviewboard/settings.py (Diff revision 3)
     
     
    Show all issues
    Col: 18
     E126 continuation line over-indented for hanging indent
    
  5. reviewboard/settings.py (Diff revision 3)
     
     
    Show all issues
     'PIPELINE_JS' imported but unused
    
  6. reviewboard/settings.py (Diff revision 3)
     
     
    Show all issues
     'PIPELINE_CSS' imported but unused
    
  7. reviewboard/settings.py (Diff revision 3)
     
     
    Show all issues
    Col: 1
     E302 expected 2 blank lines, found 1
    
  8. reviewboard/settings.py (Diff revision 3)
     
     
    Show all issues
    Col: 8
     E111 indentation is not a multiple of four
    
  9. reviewboard/settings.py (Diff revision 3)
     
     
    Show all issues
    Col: 1
     E402 module level import not at top of file
    
  10. reviewboard/settings.py (Diff revision 3)
     
     
    Show all issues
    Col: 37
     W292 no newline at end of file
    
  11. reviewboard/urls.py (Diff revision 3)
     
     
    Show all issues
    Col: 5
     E265 block comment should start with '# '
    
  12. reviewboard/webapi/base.py (Diff revision 3)
     
     
    Show all issues
    Col: 20
     E225 missing whitespace around operator
    
  13. reviewboard/webapi/base.py (Diff revision 3)
     
     
    Show all issues
    Col: 25
     E231 missing whitespace after ','
    
  14. reviewboard/webapi/base.py (Diff revision 3)
     
     
    Show all issues
    Col: 9
     E265 block comment should start with '# '
    
  15. 
      
CH
reviewbot
  1. Tool: Pyflakes
    Processed Files:
        reviewboard/webapi/base.py
        reviewboard/settings.py
        reviewboard/urls.py
    
    
    
    Tool: PEP8 Style Checker
    Processed Files:
        reviewboard/webapi/base.py
        reviewboard/settings.py
        reviewboard/urls.py
    
    
  2. reviewboard/settings.py (Diff revision 4)
     
     
    Show all issues
     'django_reset' imported but unused
    
  3. reviewboard/settings.py (Diff revision 4)
     
     
    Show all issues
     'from settings_local import *' used; unable to detect undefined names
    
  4. reviewboard/settings.py (Diff revision 4)
     
     
    Show all issues
     'PIPELINE_CSS' imported but unused
    
  5. reviewboard/settings.py (Diff revision 4)
     
     
    Show all issues
     'PIPELINE_JS' imported but unused
    
  6. reviewboard/settings.py (Diff revision 4)
     
     
    Show all issues
    Col: 1
     E402 module level import not at top of file
    
  7. 
      
CH
reviewbot
  1. Tool: PEP8 Style Checker
    Processed Files:
        reviewboard/webapi/base.py
        reviewboard/settings.py
        reviewboard/urls.py
    
    
    
    Tool: Pyflakes
    Processed Files:
        reviewboard/webapi/base.py
        reviewboard/settings.py
        reviewboard/urls.py
    
    
  2. reviewboard/settings.py (Diff revision 5)
     
     
    Show all issues
     'django_reset' imported but unused
    
  3. reviewboard/settings.py (Diff revision 5)
     
     
    Show all issues
     'from settings_local import *' used; unable to detect undefined names
    
  4. reviewboard/settings.py (Diff revision 5)
     
     
    Show all issues
     'PIPELINE_JS' imported but unused
    
  5. reviewboard/settings.py (Diff revision 5)
     
     
    Show all issues
     'PIPELINE_CSS' imported but unused
    
  6. 
      
brennie
  1. 
      
  2. reviewboard/settings.py (Diff revision 5)
     
     
    Show all issues

    Needs a docstring.

  3. reviewboard/settings.py (Diff revision 5)
     
     
    Show all issues

    No blank line here.

  4. reviewboard/settings.py (Diff revision 5)
     
     
    Show all issues

    You can use %-formatting to build this string more efficiently.

  5. reviewboard/webapi/base.py (Diff revision 5)
     
     
     
     
    Show all issues

    These should go with the django/djblets imports.

  6. reviewboard/webapi/base.py (Diff revision 5)
     
     
    Show all issues

    This doesn't need a leading underscore.

  7. reviewboard/webapi/base.py (Diff revision 5)
     
     
    Show all issues

    Needs a docstring.

  8. reviewboard/webapi/base.py (Diff revision 5)
     
     
    Show all issues

    You can use .split(' ', 1)[0] to get only the first element out.

  9. reviewboard/webapi/base.py (Diff revision 5)
     
     
    Show all issues

    Needs a docstring.

  10. 
      
CH
reviewbot
  1. Tool: PEP8 Style Checker
    Processed Files:
        reviewboard/webapi/base.py
        reviewboard/settings.py
        reviewboard/urls.py
    
    
    
    Tool: Pyflakes
    Processed Files:
        reviewboard/webapi/base.py
        reviewboard/settings.py
        reviewboard/urls.py
    
    
  2. reviewboard/settings.py (Diff revision 6)
     
     
    Show all issues
     'django_reset' imported but unused
    
  3. reviewboard/settings.py (Diff revision 6)
     
     
    Show all issues
     'from settings_local import *' used; unable to detect undefined names
    
  4. reviewboard/settings.py (Diff revision 6)
     
     
    Show all issues
     'PIPELINE_JS' imported but unused
    
  5. reviewboard/settings.py (Diff revision 6)
     
     
    Show all issues
     'PIPELINE_CSS' imported but unused
    
  6. reviewboard/settings.py (Diff revision 6)
     
     
    Show all issues
    Col: 1
     E402 module level import not at top of file
    
  7. 
      
brennie
  1. 
      
  2. reviewboard/settings.py (Diff revision 6)
     
     
     
     
     
    Show all issues

    Docstrings should be of the format:

    """Single line summary.
    
    Multi-line description.
    """
    
  3. reviewboard/webapi/base.py (Diff revision 6)
     
     
     
    Show all issues

    This should end with a period and the trailing """" should be on the previous line.

  4. reviewboard/webapi/base.py (Diff revision 6)
     
     
     
    Show all issues

    Blank line between these.

  5. reviewboard/webapi/base.py (Diff revision 6)
     
     
     
     
    Show all issues

    Needs periods.

  6. reviewboard/webapi/base.py (Diff revision 6)
     
     
    Show all issues

    This should say something like

    "The policy_id field is determines the default scope that is used for the resources. Child classes should override this function to change the default behaviour."

  7. 
      
CH
reviewbot
  1. Tool: Pyflakes
    Processed Files:
        reviewboard/webapi/base.py
        reviewboard/settings.py
        reviewboard/urls.py
    
    
    
    Tool: PEP8 Style Checker
    Processed Files:
        reviewboard/webapi/base.py
        reviewboard/settings.py
        reviewboard/urls.py
    
    
  2. reviewboard/settings.py (Diff revision 7)
     
     
    Show all issues
     'django_reset' imported but unused
    
  3. reviewboard/settings.py (Diff revision 7)
     
     
    Show all issues
     'from settings_local import *' used; unable to detect undefined names
    
  4. reviewboard/settings.py (Diff revision 7)
     
     
    Show all issues
     'PIPELINE_JS' imported but unused
    
  5. reviewboard/settings.py (Diff revision 7)
     
     
    Show all issues
     'PIPELINE_CSS' imported but unused
    
  6. reviewboard/settings.py (Diff revision 7)
     
     
    Show all issues
    Col: 1
     E402 module level import not at top of file
    
  7. 
      
chipx86
  1. Thanks for taking this on, Chenxi! I'm sorry we've been so busy lately. I can tell you our goal is for this to be one of the key features of Review Board 2.6 :)

    What work is left to get this out of WIP?

    What else would remain for full OAuth2 support? For instance, other OAuth2 providers have a page that a client can pop up that lets the user confirm the client's access, and will then provide the client with a token. Usually that has the provider's logo/name, and the client's logo/name, and a list of things to request for access. Do we have anything for that? I don't know how much the module we're using automatically gives us.

  2. 
      
LE
  1. 
      
  2. reviewboard/settings.py (Diff revision 7)
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
    Show all issues

    Where this part should be?

  3. 
      
david
Review request changed
Status:
Discarded