mozilla-django-oidc

Release 4.0.1

A lightweight authentication and access management library for integration with OpenID Connect enabled authentication services.

Homepage PyPI Python

Keywords
mozilla-django-oidc
License
MPL-2.0
Install
pip install mozilla-django-oidc==4.0.1

Documentation

mozilla-django-oidc

https://circleci.com/gh/mozilla/mozilla-django-oidc/tree/main.svg?style=svg

A lightweight authentication and access management library for integration with OpenID Connect enabled authentication services.

Documentation

The full documentation is at https://mozilla-django-oidc.readthedocs.io.

Design principles

  • Keep it as minimal/lightweight as possible
  • Store as few authn/authz artifacts as possible
  • Allow custom functionality by overriding the authentication backend
  • Mainly support OIDC authorization code flow
  • Allow shipping Mozilla-centric authn/authz features
  • Test against all supported Python/Django version
  • E2E tested and audited by Mozilla InfoSec

Running Unit Tests

Use tox to run as many different versions of Python you have. If you don't have tox installed (and executable) already you can either install it in your system Python or https://pypi.python.org/pypi/pipsi. Once installed, simply execute in the project root directory.

$ tox

tox will do the equivalent of installing virtual environments for every combination mentioned in the tox.ini file. If your system, for example, doesn't have python3.4 those tox tests will be skipped.

For a faster test-rinse-repeat cycle you can run tests in a specific environment with a specific version of Python and specific version of Django of your choice. Here is such an example:

$ virtualenv -p /path/to/bin/python3.8 venv
$ source venv
(venv) $ pip install -r requirements/requirements_dev.txt
(venv) $ DJANGO_SETTINGS_MODULE=tests.settings django-admin test

Measuring code coverage, continuing the steps above:

(venv) $ pip install coverage
(venv) $ DJANGO_SETTINGS_MODULE=tests.settings coverage run --source mozilla_django_oidc `which django-admin` test
(venv) $ coverage report
(venv) $ coverage html
(venv) $ open htmlcov/index.html

Local development

The local development setup is based on Docker so you need the following installed in your system:

  • docker
  • docker-compose

You will also need to edit your hosts file to resolve testrp and testprovider hostnames to 127.0.0.1.

Running test services

To run the testrp and testprovider instances run the following:

(venv) $ docker-compose up -d testprovider testrp

Then visit the testing django app on: http://testrp:8081.

The library source code is mounted as a docker volume and source code changes are reflected directly in. In order to test a change you need to restart the testrp service.

(venv) $ docker-compose stop testrp
(venv) $ docker-compose up -d testrp

Running integration tests

Integration tests are mounted as a volume to the docker containers. Tests can be run using the following command:

(venv) $ docker-compose run --service-ports testrunner

Linting

All code is checked with https://pypi.python.org/pypi/flake8 in continuous integration. To make sure your code still passes all style guides install flake8 and check:

$ flake8 mozilla_django_oidc tests

Note

When you run tox it also does a flake8 run on the main package files and the tests.

You can also run linting with tox:

$ tox -e lint

Finally you can use pre-commit hooks to run linting and formatting before you commit your code:

(venv)  $ pre-commit install

Releasing a new version

mozilla-django-oidc releases are hosted in PyPI. Here are the steps you need to follow in order to push a new release:

  • Make sure that HISTORY.rst is up-to-date focusing mostly on backwards incompatible changes.

    Security vulnerabilities should be clearly marked in a "Security issues" section along with a level indicator of:

    • High: vulnerability facilitates data loss, data access, impersonation of admin, or allows access to other sites or components

      Users should upgrade immediately.

    • Medium: vulnerability endangers users by sending them to malicious sites or stealing browser data.

      Users should upgrade immediately.

    • Low: vulnerability is a nuissance to site staff and/or users

      Users should upgrade.

  • Bump the project version and create a commit for the new version.

    • You can use bumpversion for that. It is a tool to automate this procedure following the semantic versioning scheme.
      • For a patch version update (eg 0.1.1 to 0.1.2) you can run bumpversion patch.
      • For a minor version update (eg 0.1.0 to 0.2.0) you can run bumpversion minor.
      • For a major version update (eg 0.1.0 to 1.0.0) you can run bumpversion major.

  • Create a signed tag for that version

    Example:

    git tag -s 0.1.1 -m "Bump version: 0.1.0 to 0.1.1"

  • Push the signed tag to Github

    Example:

    git push origin 0.1.1

The release is pushed automatically to PyPI using a travis deployment hook on every new tag.

License

This software is licensed under the MPL 2.0 license. For more info check the LICENSE file.

Credits

Tools used in rendering this package:

Stats

Dependencies
4
Dependent packages
17
Dependent repositories
29
Total releases
28
Latest release
First release
Stars
413
Forks
165
Watchers
20
Contributors
51
Repository size
604 KB
SourceRank
16

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

4.0.1
4.0.0
3.0.0
2.0.0
1.2.4
1.2.3
1.2.2
1.2.1
1.2.0
1.1.2
See all 28 releases

Contributors

John Giannelos Tasos Katsoulas Will Kahn-Greene Jaap Roes Peter Bengtsson John Paulett Jannis Leidel Andreas Lutro Christian Franke Jonathan Claudius Jonathan Claudius E Gustavsson David Beitey GermanoGuerrini jannh Eduard Rosert Dustin J. Mitchell Patrick Uiterwijk Pierros Papadeas Ryan Johnson Craig Weber Chris Brantley Steve Jalim Rob Hudson


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2024-03-12 12:30:00 UTC

Login to resync this project