Mailinglist Archive: opensuse-commit (1903 mails)

< Previous Next >
commit python-adal for openSUSE:Factory
Hello community,

here is the log from the commit of package python-adal for openSUSE:Factory
checked in at 2019-04-19 18:37:16
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-adal (Old)
and /work/SRC/openSUSE:Factory/.python-adal.new.5536 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "python-adal"

Fri Apr 19 18:37:16 2019 rev:5 rq:694364 version:1.2.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/python-adal/python-adal.changes 2018-09-26
16:12:23.323389833 +0200
+++ /work/SRC/openSUSE:Factory/.python-adal.new.5536/python-adal.changes
2019-04-19 18:37:17.455101483 +0200
@@ -1,0 +2,10 @@
+Mon Mar 4 11:02:25 UTC 2019 - John Paul Adrian Glaubitz
<adrian.glaubitz@xxxxxxxx>
+
+- New upstream release
+ + Version 1.2.1
+ + For detailed information about changes see the
+ HISTORY.txt file provided with this package
+- Run %fdupes with %python_expand
+- Update Url field to point to actual project homepage
+
+-------------------------------------------------------------------

Old:
----
adal-1.0.2.tar.gz

New:
----
adal-1.2.1.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python-adal.spec ++++++
--- /var/tmp/diff_new_pack.z5hSJo/_old 2019-04-19 18:37:18.111102316 +0200
+++ /var/tmp/diff_new_pack.z5hSJo/_new 2019-04-19 18:37:18.115102321 +0200
@@ -1,7 +1,7 @@
#
# spec file for package python-adal
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -12,18 +12,18 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#


%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-adal
-Version: 1.0.2
+Version: 1.2.1
Release: 0
Summary: Azure Active Directory library
License: MIT
Group: Development/Languages/Python
-Url: https://pypi.python.org/pypi/adal
+Url:
https://github.com/AzureAD/azure-activedirectory-library-for-python
Source:
https://files.pythonhosted.org/packages/source/a/adal/adal-%{version}.tar.gz
Source1: HISTORY.txt
BuildRequires: %{python_module devel}
@@ -52,8 +52,7 @@

%install
%python_install
-
-%fdupes %{buildroot}/%{python_sitelib}/*
+%python_expand %fdupes %{buildroot}%{$python_sitelib}

%files %{python_files}
%defattr(-,root,root,-)

++++++ adal-1.0.2.tar.gz -> adal-1.2.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/adal-1.0.2/PKG-INFO new/adal-1.2.1/PKG-INFO
--- old/adal-1.0.2/PKG-INFO 2018-06-26 21:24:16.000000000 +0200
+++ new/adal-1.2.1/PKG-INFO 2019-01-25 02:31:09.000000000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: adal
-Version: 1.0.2
+Version: 1.2.1
Summary: The ADAL for Python library makes it easy for python application to
authenticate to Azure Active Directory (AAD) in order to access AAD protected
web resources.
Home-page: https://github.com/AzureAD/azure-activedirectory-library-for-python
Author: Microsoft Corporation
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/adal-1.0.2/adal/__init__.py
new/adal-1.2.1/adal/__init__.py
--- old/adal-1.0.2/adal/__init__.py 2018-06-26 21:23:14.000000000 +0200
+++ new/adal-1.2.1/adal/__init__.py 2019-01-25 02:30:39.000000000 +0100
@@ -27,7 +27,7 @@

# pylint: disable=wrong-import-position

-__version__ = '1.0.2'
+__version__ = '1.2.1'

import logging

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/adal-1.0.2/adal/authentication_context.py
new/adal-1.2.1/adal/authentication_context.py
--- old/adal-1.0.2/adal/authentication_context.py 2018-06-26
21:23:14.000000000 +0200
+++ new/adal-1.2.1/adal/authentication_context.py 2019-01-25
02:30:39.000000000 +0100
@@ -235,19 +235,22 @@
return self._acquire_token(token_func)

def acquire_token_with_client_certificate(self, resource, client_id,
- certificate, thumbprint):
+ certificate, thumbprint,
public_certificate=None):
'''Gets a token for a given resource via certificate credentials

:param str resource: A URI that identifies the resource for which the
token is valid.
:param str client_id: The OAuth client id of the calling application.
:param str certificate: A PEM encoded certificate private key.
- :param str thumbprint: hex encoded thumbprint of the certificate.
+ :param str thumbprint: hex encoded thumbprint of the certificate.
+ :param public_certificate(optional): if not None, it will be sent to
the service for subject name
+ and issuer based authentication, which is to support cert auto
rolls. The value must match the
+ certificate private key parameter.
:returns: dict with several keys, include "accessToken".
'''
def token_func(self):
token_request = TokenRequest(self._call_context, self, client_id,
resource)
- return token_request.get_token_with_certificate(certificate,
thumbprint)
+ return token_request.get_token_with_certificate(certificate,
thumbprint, public_certificate)

return self._acquire_token(token_func)

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/adal-1.0.2/adal/authority.py
new/adal-1.2.1/adal/authority.py
--- old/adal-1.0.2/adal/authority.py 2018-06-26 21:23:14.000000000 +0200
+++ new/adal-1.2.1/adal/authority.py 2019-01-25 02:30:39.000000000 +0100
@@ -1,20 +1,20 @@
-#------------------------------------------------------------------------------
+#------------------------------------------------------------------------------
#
-# Copyright (c) Microsoft Corporation.
+# Copyright (c) Microsoft Corporation.
# All rights reserved.
-#
+#
# This code is licensed under the MIT License.
-#
+#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files(the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions :
-#
+#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
-#
+#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
@@ -62,6 +62,12 @@
def url(self):
return self._url.geturl()

+ def _whitelisted(self): # testing if self._url.hostname is a dsts
whitelisted domain
+ for domain in AADConstants.WHITELISTED_DOMAINS:
+ if self._url.hostname.endswith(domain):
+ return True
+ return False
+
def _validate_authority_url(self):

if self._url.scheme != 'https':
@@ -71,7 +77,7 @@
raise ValueError("The authority url must not have a query string.")

path_parts = [part for part in self._url.path.split('/') if part]
- if len(path_parts) > 1:
+ if (len(path_parts) > 1) and (not self._whitelisted()): #if dsts host,
path_parts will be 2
raise ValueError("The authority url must be of the format
https://login.microsoftonline.com/your_tenant";)
elif len(path_parts) == 1:
self._url = urlparse(self._url.geturl().rstrip('/'))
@@ -89,6 +95,9 @@

self._log.debug("Performing static instance discovery")

+ if self._whitelisted(): # testing if self._url.hostname is a dsts
whitelisted domain
+ self._log.debug("Authority validated via static instance
discovery")
+ return True
try:
AADConstants.WELL_KNOWN_AUTHORITY_HOSTS.index(self._url.hostname)
except ValueError:
@@ -98,16 +107,16 @@
return True

def _create_authority_url(self):
- return "https://{}/{}{}".format(self._url.hostname,
- self._tenant,
+ return "https://{}/{}{}".format(self._url.hostname,
+ self._tenant,
AADConstants.AUTHORIZE_ENDPOINT_PATH)

def _create_instance_discovery_endpoint_from_template(self,
authority_host):

discovery_endpoint = AADConstants.INSTANCE_DISCOVERY_ENDPOINT_TEMPLATE
discovery_endpoint = discovery_endpoint.replace('{authorize_host}',
authority_host)
- discovery_endpoint =
discovery_endpoint.replace('{authorize_endpoint}',
-
quote(self._create_authority_url(),
+ discovery_endpoint = discovery_endpoint.replace('{authorize_endpoint}',
+
quote(self._create_authority_url(),
safe='~()*!.\''))
return urlparse(discovery_endpoint)

@@ -132,7 +141,7 @@
if resp.status_code == 429:
resp.raise_for_status() # Will raise requests.exceptions.HTTPError
if not util.is_http_success(resp.status_code):
- return_error_string = u"{} request returned http error:
{}".format(operation,
+ return_error_string = u"{} request returned http error:
{}".format(operation,

resp.status_code)
error_response = ""
if resp.text:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/adal-1.0.2/adal/constants.py
new/adal-1.2.1/adal/constants.py
--- old/adal-1.0.2/adal/constants.py 2018-06-26 21:23:14.000000000 +0200
+++ new/adal-1.2.1/adal/constants.py 2019-01-25 02:30:39.000000000 +0100
@@ -1,4 +1,4 @@
-#------------------------------------------------------------------------------
+#------------------------------------------------------------------------------
#
# Copyright (c) Microsoft Corporation.
# All rights reserved.
@@ -173,6 +173,8 @@

TokenTypeV1 = 'urn:oasis:names:tc:SAML:1.0:assertion'
TokenTypeV2 = 'urn:oasis:names:tc:SAML:2.0:assertion'
+ OasisWssSaml11TokenProfile11 =
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";
+ OasisWssSaml2TokenProfile2 =
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";


class XmlNamespaces(object):
@@ -215,6 +217,15 @@
'login.microsoftonline.us',
'login.microsoftonline.de',
]
+ WHITELISTED_DOMAINS = [
+ # Define dSTS domains whitelist based on its Supported Environments &
National Clouds list here
+ #
https://microsoft.sharepoint.com/teams/AzureSecurityCompliance/Security/SitePages/dSTS%20Fundamentals.aspx
+ 'dsts.core.windows.net',
+ 'dsts.core.chinacloudapi.cn',
+ 'dsts.core.cloudapi.de',
+ 'dsts.core.usgovcloudapi.net',
+ 'dsts.core.azure-test.net',
+ ]
INSTANCE_DISCOVERY_ENDPOINT_TEMPLATE =
'https://{authorize_host}/common/discovery/instance?authorization_endpoint={authorize_endpoint}&api-version=1.0'
# pylint: disable=invalid-name
AUTHORIZE_ENDPOINT_PATH = '/oauth2/authorize'
TOKEN_ENDPOINT_PATH = '/oauth2/token'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/adal-1.0.2/adal/log.py new/adal-1.2.1/adal/log.py
--- old/adal-1.0.2/adal/log.py 2018-06-26 21:23:14.000000000 +0200
+++ new/adal-1.2.1/adal/log.py 2019-01-25 02:30:39.000000000 +0100
@@ -42,7 +42,7 @@

Basic Usages::
>>>adal.set_logging_options({
- >>> 'level': 'DEBUG'
+ >>> 'level': 'DEBUG',
>>> 'handler': logging.FileHandler('adal.log')
>>>})
'''
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/adal-1.0.2/adal/mex.py new/adal-1.2.1/adal/mex.py
--- old/adal-1.0.2/adal/mex.py 2018-06-26 21:23:14.000000000 +0200
+++ new/adal-1.2.1/adal/mex.py 2019-01-25 02:30:39.000000000 +0100
@@ -144,7 +144,7 @@
policy_id = self._check_policy(policy_node)
if policy_id:
id_ref = '#' + policy_id
- policies[id_ref] = {id:id_ref}
+ policies[id_ref] = {policy_id:id_ref}

return policies if policies else None

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/adal-1.0.2/adal/self_signed_jwt.py
new/adal-1.2.1/adal/self_signed_jwt.py
--- old/adal-1.0.2/adal/self_signed_jwt.py 2018-06-26 21:23:14.000000000
+0200
+++ new/adal-1.2.1/adal/self_signed_jwt.py 2019-01-25 02:30:39.000000000
+0100
@@ -78,12 +78,13 @@
self._token_endpoint = authority.token_endpoint
self._client_id = client_id

- def _create_header(self, thumbprint):
+ def _create_header(self, thumbprint, public_certificate):
x5t = _create_x5t_value(thumbprint)
header = {'typ':'JWT', 'alg':'RS256', 'x5t':x5t}
-
- self._log.debug("Creating self signed JWT header. x5t: %(x5t)s",
- {"x5t": x5t})
+ if public_certificate:
+ header['x5c'] = public_certificate
+ self._log.debug("Creating self signed JWT header. x5t: %(x5t)s, x5c:
%(x5c)s",
+ {"x5t": x5t, "x5c": public_certificate})

return header

@@ -117,8 +118,9 @@
self._raise_on_invalid_thumbprint(canonical)
return canonical

- def create(self, certificate, thumbprint):
+ def create(self, certificate, thumbprint, public_certificate):
thumbprint = self._reduce_thumbprint(thumbprint)
- header = self._create_header(thumbprint)
+
+ header = self._create_header(thumbprint, public_certificate)
payload = self._create_payload()
return _sign_jwt(header, payload, certificate)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/adal-1.0.2/adal/token_request.py
new/adal-1.2.1/adal/token_request.py
--- old/adal-1.0.2/adal/token_request.py 2018-06-26 21:23:14.000000000
+0200
+++ new/adal-1.2.1/adal/token_request.py 2019-01-25 02:30:39.000000000
+0100
@@ -55,10 +55,10 @@

def _get_saml_grant_type(wstrust_response):
token_type = wstrust_response.token_type
- if token_type == SAML.TokenTypeV1:
+ if token_type == SAML.TokenTypeV1 or token_type ==
SAML.OasisWssSaml11TokenProfile11:
return OAUTH2_GRANT_TYPE.SAML1

- elif token_type == SAML.TokenTypeV2:
+ elif token_type == SAML.TokenTypeV2 or token_type ==
SAML.OasisWssSaml2TokenProfile2:
return OAUTH2_GRANT_TYPE.SAML2

else:
@@ -351,20 +351,20 @@
self._user_id = user_id
return self._find_token_from_cache()

- def _create_jwt(self, certificate, thumbprint):
+ def _create_jwt(self, certificate, thumbprint, public_certificate):

ssj = self._create_self_signed_jwt()
- jwt = ssj.create(certificate, thumbprint)
+ jwt = ssj.create(certificate, thumbprint, public_certificate)

if not jwt:
raise AdalError("Failed to create JWT.")
return jwt

- def get_token_with_certificate(self, certificate, thumbprint):
+ def get_token_with_certificate(self, certificate, thumbprint,
public_certificate):

self._log.info("Getting a token via certificate.")

- jwt = self._create_jwt(certificate, thumbprint)
+ jwt = self._create_jwt(certificate, thumbprint, public_certificate)

oauth_parameters =
self._create_oauth_parameters(OAUTH2_GRANT_TYPE.CLIENT_CREDENTIALS)
oauth_parameters[OAUTH2_PARAMETERS.CLIENT_ASSERTION_TYPE] =
OAUTH2_GRANT_TYPE.JWT_BEARER
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/adal-1.0.2/adal.egg-info/PKG-INFO
new/adal-1.2.1/adal.egg-info/PKG-INFO
--- old/adal-1.0.2/adal.egg-info/PKG-INFO 2018-06-26 21:24:16.000000000
+0200
+++ new/adal-1.2.1/adal.egg-info/PKG-INFO 2019-01-25 02:31:09.000000000
+0100
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: adal
-Version: 1.0.2
+Version: 1.2.1
Summary: The ADAL for Python library makes it easy for python application to
authenticate to Azure Active Directory (AAD) in order to access AAD protected
web resources.
Home-page: https://github.com/AzureAD/azure-activedirectory-library-for-python
Author: Microsoft Corporation


< Previous Next >
This Thread
  • No further messages