Merge pull request #1 from snok/master

Merge in latest changes

.github/workflows/testing.yml

@@ -30,22 +30,16 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python-version: [ "3.7", "3.8", "3.9", "3.10", "3.11" ]
-        django-version: [ "3.2", "4.0", "4.1", "4.2a1"]
+        python-version: [ "3.8", "3.9", "3.10", "3.11", "3.12"]
+        django-version: [ "4.2", "5.0"]
         drf-version: [ "3.11", "3.12", "3.13" ]
         exclude:
-          # Python 3.7 is incompatible with Django v4+
-          - django-version: 4.0
-            python-version: 3.7
-          - django-version: 4.1
-            python-version: 3.7
-          - django-version: 4.2a1
-            python-version: 3.7
-          # Python 3.11 is incompatible with Django <v4.1
-          - django-version: 3.2
-            python-version: 3.11
-          - django-version: 4.0
-            python-version: 3.11
+          # Python 3.8 is incompatible with Django v5+
+          - django-version: 5.0
+            python-version: 3.8
+          # Python 3.9 is incompatible with Django v5+
+          - django-version: 5.0
+            python-version: 3.9
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-python@v4

.readthedocs.yaml

@@ -0,0 +1,21 @@
+# Read the Docs configuration file
+# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
+
+# Required
+version: 2
+
+# Set the version of Python and other tools you might need
+build:
+  os: ubuntu-22.04
+  tools:
+    python: "3.11"
+
+# Build documentation in the docs/ directory with Sphinx
+sphinx:
+  configuration: docs/conf.py
+
+# We recommend specifying your dependencies to enable reproducible builds:
+# https://docs.readthedocs.io/en/stable/guides/reproducible-builds.html
+python:
+  install:
+  - requirements: docs/requirements.txt

LICENSE

@@ -1,13 +1,12 @@
 Copyright (c) 2016, Joris Beckers
-All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification,
 are permitted provided that the following conditions are met:
 
-- Redistributions of source code must retain the above copyright notice, this
+1. Redistributions of source code must retain the above copyright notice, this
   list of conditions and the following disclaimer.
 
-- Redistributions in binary form must reproduce the above copyright notice, this
+2. Redistributions in binary form must reproduce the above copyright notice, this
   list of conditions and the following disclaimer in the documentation and/or
   other materials provided with the distribution.
 

django_auth_adfs/__init__.py

@@ -4,4 +4,4 @@
 Adding imports here will break setup.py
 """
 
-__version__ = '1.11.4'
+__version__ = '1.14.0'

django_auth_adfs/config.py

@@ -79,6 +79,7 @@ def __init__(self):
         self.PROXIES = None
 
         self.VERSION = 'v1.0'
+        self.SCOPES = []
 
         required_settings = [
             "AUDIENCE",
@@ -139,6 +140,10 @@ def __init__(self):
         elif "VERSION" in _settings:
             raise ImproperlyConfigured("The VERSION cannot be set when TENANT_ID is not set.")
 
+        if self.VERSION == "v2.0" and not self.SCOPES and self.RELYING_PARTY_ID:
+            warnings.warn('Use `SCOPES` for AzureAD instead of RELYING_PARTY_ID', DeprecationWarning)
+        if not isinstance(self.SCOPES, list):
+            raise ImproperlyConfigured("Scopes must be a list")
         # Overwrite defaults with user settings
         for setting, value in _settings.items():
             if hasattr(self, setting):
@@ -347,7 +352,10 @@ def build_authorization_endpoint(self, request, disable_sso=None, force_mfa=Fals
         })
         if self._mode == "openid_connect":
             if settings.VERSION == 'v2.0':
-                query["scope"] = f"openid api://{settings.RELYING_PARTY_ID}/.default"
+                if settings.SCOPES:
+                    query['scope'] = " ".join(settings.SCOPES)
+                else:
+                    query["scope"] = f"openid api://{settings.RELYING_PARTY_ID}/.default"
                 query.pop("resource")
             else:
                 query["scope"] = "openid"

django_auth_adfs/drf_urls.py

@@ -11,4 +11,5 @@
 
 urlpatterns = [
     re_path(r'^login$', views.OAuth2LoginView.as_view(), name='login'),
+    re_path(r'^logout$', views.OAuth2LogoutView.as_view(), name='logout'),
 ]

docs/install.rst

@@ -6,8 +6,8 @@ Installation
 Requirements
 ------------
 
-* Python 3.5 and above
-* Django 1.11 and above
+* Python 3.8 and above
+* Django 4.2 and above
 
 You will also need the following:
 

docs/requirements.txt

@@ -0,0 +1 @@
+sphinx_rtd_theme

docs/settings_ref.rst

@@ -117,17 +117,17 @@ The dictionary can also map extra details to the Django user account using an
 `Extension of the User model <https://docs.djangoproject.com/en/stable/topics/auth/customizing/#extending-the-existing-user-model>`_
 Set a dictionary as value in the CLAIM_MAPPING setting with as key the name User model.
 You will need to make sure the related field exists before the user authenticates.
-This can be done by creating a receiver on the 
+This can be done by creating a receiver on the
 `post_save <https://docs.djangoproject.com/en/4.0/ref/signals/#post-save>`_ signal that
 creates the related instance when the ``User`` instance is created.
 
 example
 
 .. code-block:: python
 
-    'CLAIM_MAPPING': {'first_name': 'given_name', 
-                      'last_name': 'family_name', 
-                      'email': 'upn', 
+    'CLAIM_MAPPING': {'first_name': 'given_name',
+                      'last_name': 'family_name',
+                      'email': 'upn',
                       'userprofile': {
                           'employee_id': 'employeeid'
                       }}
@@ -369,6 +369,16 @@ RETRIES
 The number of time a request to the ADFS server is retried. It allows, in combination with :ref:`timeout_setting`
 to fine tune the behaviour of the connection to ADFS.
 
+
+SCOPES
+------
+* **Default**: ``[]``
+* **Type**: ``list``
+
+**Only used when you have v2 AzureAD config**
+
+
+
 SERVER
 ------
 * **Default**: