deps: bump to django 4.2

auth_backends/suomifi.py

@@ -317,12 +317,13 @@ def create_logout_redirect(self, social_user, token=''):
         Token is used for tracking state."""
         idp = self.get_idp('suomifi')
         auth = self._create_saml_auth(idp=idp)
+        extra_data = json.loads(social_user.extra_data)
         redirect = auth.logout(return_to=token,
                                nq=idp.entity_id,
-                               name_id=social_user.extra_data['name_id'],
+                               name_id=extra_data['name_id'],
                                name_id_format='urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
                                spnq=self.setting('SP_ENTITY_ID'),
-                               session_index=social_user.extra_data['session_index'])
+                               session_index=extra_data['session_index'])
         social_user.extra_data = {}
         social_user.save()
         return self.strategy.redirect(redirect)

auth_backends/tests/conftest.py

@@ -33,10 +33,10 @@ class DummyOidcBackchannelLogoutBackend(
 
 def create_backend_logout_token(backend, **kwargs):
     kwargs.setdefault('iss', backend.oidc_config().get('issuer'))
-    kwargs.setdefault('sub', get_random_string())
+    kwargs.setdefault('sub', get_random_string(15))
     kwargs.setdefault('aud', backend.setting('KEY'))
     kwargs.setdefault('iat', int(time.time()) - 10)
-    kwargs.setdefault('jti', get_random_string())
+    kwargs.setdefault('jti', get_random_string(15))
     kwargs.setdefault('events', {
         'http://schemas.openid.net/event/backchannel-logout': {},
     })

auth_backends/tests/test_oidc_backchannel_logout.py

@@ -227,7 +227,7 @@ def test_logout_token_extra_nonce(
 ):
     logout_token = logout_token_factory(
         backend,
-        nonce=get_random_string(),
+        nonce=get_random_string(15),
     )
     backend.strategy.logout_token = logout_token
 
@@ -245,7 +245,7 @@ def test_logout_token_no_social_auth(
 ):
     logout_token = logout_token_factory(
         backend,
-        sub=get_random_string(),
+        sub=get_random_string(15),
     )
     backend.strategy.logout_token = logout_token
 
@@ -269,7 +269,7 @@ def test_backchannel_logout_not_implemented_in_backend(
 
     reload_social_django_utils()
 
-    password = get_random_string()
+    password = get_random_string(15)
     user = user_factory(password=password)
     usersocialauth_factory(provider='dummyoidcbackend', user=user)
 
@@ -310,7 +310,7 @@ def test_backchannel_successful_logout(
 
     reload_social_django_utils()
 
-    password = get_random_string()
+    password = get_random_string(15)
     user = user_factory(password=password)
 
     backend = DummyOidcBackchannelLogoutBackend()
@@ -367,7 +367,7 @@ def test_backchannel_logout_no_social_auth(
 
     reload_social_django_utils()
 
-    password = get_random_string()
+    password = get_random_string(15)
     user = user_factory(password=password)
 
     backend = DummyOidcBackchannelLogoutBackend()
@@ -416,9 +416,9 @@ def test_backchannel_successful_logout_other_session_unaffected(
 
     reload_social_django_utils()
 
-    password = get_random_string()
+    password = get_random_string(15)
     user = user_factory(password=password)
-    password2 = get_random_string()
+    password2 = get_random_string(15)
     user2 = user_factory(password=password2)
 
     backend = DummyOidcBackchannelLogoutBackend()

docker-compose.yml

@@ -1,7 +1,7 @@
 version: '3.7'
 services:
     postgres:
-        image: postgres:9.6-alpine
+        image: postgres:13.4-alpine
         environment:
             POSTGRES_USER: tunnistamo
             POSTGRES_PASSWORD: tunnistamo

oidc_apis/scopes.py

@@ -1,3 +1,4 @@
+import json
 import re
 
 from django.utils.translation import gettext_lazy as _
@@ -142,6 +143,10 @@ def create_response_dic(self):
             social_user = UserSocialAuth.objects.get(user=self.user, provider='suomifi')
         except UserSocialAuth.DoesNotExist:
             return dic
+
+        if isinstance(social_user.extra_data, str):
+            social_user.extra_data = json.loads(social_user.extra_data)
+
         for level in SuomiFiAccessLevel.objects.all():
             scope = 'suomifi_' + level.shorthand
             if scope in self.scopes:

requirements-dev.txt

@@ -8,8 +8,6 @@
 
 argparse==1.4.0
     # via unittest2
-attrs==21.2.0
-    # via pytest
 build==1.0.3
     # via pip-tools
 click==8.1.7
@@ -38,8 +36,9 @@ linecache2==1.0.0
     # via traceback2
 mccabe==0.6.1
     # via flake8
-packaging==21.0
+packaging==24.1
     # via
+    #   -c requirements.txt
     #   build
     #   pytest
 pip-tools==7.4.0
@@ -50,20 +49,18 @@ pycodestyle==2.8.0
     # via flake8
 pyflakes==2.4.0
     # via flake8
-pyparsing==2.4.7
-    # via packaging
 pyproject-hooks==1.0.0
     # via
     #   build
     #   pip-tools
-pytest==7.2.0
+pytest==7.4.4
     # via
     #   -r requirements-dev.in
     #   pytest-cov
     #   pytest-django
 pytest-cov==3.0.0
     # via -r requirements-dev.in
-pytest-django==4.4.0
+pytest-django==4.8.0
     # via -r requirements-dev.in
 python-dateutil==2.8.2
     # via

requirements.in

@@ -1,15 +1,15 @@
-django<4.0
+django<5.0
 django-multiselectfield
-django-oauth-toolkit
+django-oauth-toolkit<=1.6.0
 django-parler>2.1
 django-cors-headers
 # Use our own fork of django-oidc-provider as long as the token extraction PR is not merged
 # https://github.com/juanifioren/django-oidc-provider/pull/389
-git+https://github.com/City-of-Helsinki/django-oidc-provider.git@745b7ebfabd568acc282ec0e8ac098f54ee933f9
+git+https://github.com/City-of-Helsinki/django-oidc-provider.git@f25cf7665eef59d15f14a8b2a8276ec955b5b73b
 djangorestframework>=3.10
-django-helusers
+git+https://github.com/City-of-Helsinki/django-helusers.git@0b3fa6a60cbaa8c3f0ea7f2203cc66a52b2bcc41
 django-bootstrap3
-psycopg2
+psycopg2>2.8.3
 --no-binary psycopg2
 raven
 PyJWT[crypto]

requirements.txt

@@ -6,8 +6,10 @@
 #
 --no-binary psycopg2
 
-asgiref==3.4.1
+asgiref==3.8.1
     # via django
+cachetools==5.3.3
+    # via django-helusers
 certifi==2023.7.22
     # via requests
 cffi==1.14.4
@@ -18,7 +20,7 @@ coreapi==2.3.3
     # via -r requirements.in
 coreschema==0.0.4
     # via coreapi
-cryptography==41.0.3
+cryptography==42.0.8
     # via
     #   -r requirements.in
     #   jwcrypto
@@ -29,26 +31,27 @@ defusedxml==0.5.0
     #   python3-openid
     #   python3-saml
     #   social-auth-core
-deprecated==1.2.13
-    # via jwcrypto
-django==3.2.21
+deprecation==2.1.0
+    # via django-helusers
+django==4.2.13
     # via
     #   -r requirements.in
     #   django-appconf
+    #   django-bootstrap3
     #   django-cors-headers
     #   django-crequest
     #   django-filter
     #   django-helusers
     #   django-multiselectfield
     #   django-oauth-toolkit
+    #   django-parler
     #   django-translation-checker
     #   djangorestframework
-    #   drf-oidc-auth
 django-appconf==1.0.5
     # via django-compressor
-django-bootstrap3==10.0.1
+django-bootstrap3==23.6
     # via -r requirements.in
-django-compressor==2.4.1
+django-compressor==3.0
     # via -r requirements.in
 django-cors-headers==3.6.0
     # via -r requirements.in
@@ -58,32 +61,28 @@ django-environ==0.4.5
     # via -r requirements.in
 django-filter==2.4.0
     # via -r requirements.in
-django-helusers==0.4.2
+django-helusers @ git+https://github.com/City-of-Helsinki/django-helusers.git@0b3fa6a60cbaa8c3f0ea7f2203cc66a52b2bcc41
     # via -r requirements.in
 django-ipware==2.1.0
     # via -r requirements.in
 django-multiselectfield==0.1.12
     # via -r requirements.in
 django-npm==1.0.0
     # via -r requirements.in
-django-oauth-toolkit==1.2.0
+django-oauth-toolkit==1.6.0
     # via -r requirements.in
-django-oidc-provider @ git+https://github.com/City-of-Helsinki/django-oidc-provider.git@745b7ebfabd568acc282ec0e8ac098f54ee933f9
+django-oidc-provider @ git+https://github.com/City-of-Helsinki/django-oidc-provider.git@f25cf7665eef59d15f14a8b2a8276ec955b5b73b
     # via -r requirements.in
-django-parler==2.2
+django-parler==2.3
     # via
     #   -r requirements.in
     #   django-translation-checker
-django-sass-processor==1.1
+django-sass-processor==1.4.1
     # via -r requirements.in
 django-translation-checker @ git+https://github.com/City-of-Helsinki/django-translation-checker.git@master
     # via -r requirements.in
-djangorestframework==3.12.4
-    # via
-    #   -r requirements.in
-    #   drf-oidc-auth
-drf-oidc-auth==0.9
-    # via django-helusers
+djangorestframework==3.15.2
+    # via -r requirements.in
 ecdsa==0.14.1
     # via python-jose
 future==0.18.3
@@ -98,8 +97,10 @@ itypes==1.1.0
     # via coreapi
 jinja2==2.11.3
     # via coreschema
-jwcrypto==1.4.2
-    # via -r requirements.in
+jwcrypto==1.5.6
+    # via
+    #   -r requirements.in
+    #   django-oauth-toolkit
 libsass==0.21.0
     # via -r requirements.in
 lxml==4.9.1
@@ -108,16 +109,18 @@ markupsafe==1.1.0
     # via jinja2
 maxminddb==1.5.1
     # via geoip2
-oauthlib==2.1.0
+oauthlib==3.2.2
     # via
     #   django-oauth-toolkit
     #   requests-oauthlib
     #   social-auth-core
-pillow==9.5.0
+packaging==24.1
+    # via deprecation
+pillow==10.4.0
     # via -r requirements.in
 polib==1.1.0
     # via django-translation-checker
-psycopg2==2.8.3
+psycopg2==2.9.9
     # via -r requirements.in
 pyasn1==0.4.5
     # via
@@ -128,28 +131,25 @@ pycparser==2.18
 pycryptodomex==3.15.0
     # via pyjwkest
 pyjwkest==1.4.0
-    # via
-    #   django-oidc-provider
-    #   drf-oidc-auth
+    # via django-oidc-provider
 pyjwt==2.4.0
     # via
     #   -r requirements.in
     #   social-auth-core
 python-jose==3.3.0
     # via
     #   -r requirements.in
+    #   django-helusers
     #   social-auth-core
 python3-openid==3.1.0
     # via social-auth-core
 python3-saml==1.9.0
     # via
     #   -r requirements.in
     #   social-auth-core
-pytz==2018.4
-    # via django
 raven==6.9.0
     # via -r requirements.in
-rcssmin==1.0.6
+rcssmin==1.1.0
     # via django-compressor
 requests==2.31.0
     # via
@@ -163,7 +163,7 @@ requests==2.31.0
     #   social-auth-core
 requests-oauthlib==1.0.0
     # via social-auth-core
-rjsmin==1.1.0
+rjsmin==1.2.0
     # via django-compressor
 rsa==4.7.2
     # via python-jose
@@ -173,24 +173,25 @@ ruamel-yaml-clib==0.2.6
     # via ruamel-yaml
 six==1.16.0
     # via
-    #   django-compressor
     #   ecdsa
     #   isodate
     #   libsass
     #   pyjwkest
-social-auth-app-django==5.0.0
+social-auth-app-django==5.1.0
     # via -r requirements.in
 social-auth-core==4.1.0
     # via
     #   -r requirements.in
     #   social-auth-app-django
-sqlparse==0.4.4
+sqlparse==0.5.0
     # via django
+typing-extensions==4.12.2
+    # via
+    #   asgiref
+    #   jwcrypto
 uritemplate==3.0.0
     # via coreapi
-urllib3==1.26.6
+urllib3==2.2.2
     # via requests
-wrapt==1.14.1
-    # via deprecated
 xmlsec==1.3.10
     # via python3-saml

scopes/tests/test_api.py

@@ -44,7 +44,7 @@ def test_get_oidc_scopes_list(api_client):
     assert [s['id'] for s in results] == EXPECTED_OIDC_SCOPES
     email_scope_data = next(s for s in results if s['id'] == 'email')
     assert email_scope_data.keys() == {'id', 'name', 'description'}
-    assert email_scope_data['name'] == {'fi': 'Sähköpostiosoite', 'sv': 'E-postadress', 'en': 'Email'}
+    assert email_scope_data['name'] == {'fi': 'Sähköposti', 'sv': 'E-postadress', 'en': 'Email'}
 
 
 def test_get_also_api_scopes_list(api_client):