Implement OAuth2 provider (#927)

- [x] Application management - [x] Link - [ ] Tests - [x] Authorize flow - [x] Tests - [x] Refresh token handling - [x] Tests - [x] Revocation endpoint - [x] Tests - [x] Mitigate: https://github.com/jazzband/django-oauth-toolkit/issues/585 - [x] API authenticator / permission driver - [x] Test - [x] Enforce organizer restriction - [x] Tests - [x] Enforce scope restriction - [x] Tests - [x] Show current applications to user - [x] Revoke - [x] Tests - [x] Log new authorizations - [x] notify user - [x] Ensure other grant types are not available - [x] Documentation - [x] check if revoking access toking, then refreshing gets rid of organizer constraint - [x] Show logentry foo
2026-05-04 15:04:03 +00:00 · 2018-06-05 12:58:04 +02:00
parent df031b2222
commit 69d10489b8
53 changed files with 1786 additions and 116 deletions
--- a/src/pretix/api/views/checkin.py
+++ b/src/pretix/api/views/checkin.py
@@ -16,7 +16,6 @@ from pretix.api.serializers.order import OrderPositionSerializer
 from pretix.api.views import RichOrderingFilter
 from pretix.api.views.order import OrderPositionFilter
 from pretix.base.models import Checkin, CheckinList, Order, OrderPosition
-from pretix.base.models.organizer import TeamAPIToken
 from pretix.base.services.checkin import (
    CheckInError, RequiredQuestionsError, perform_checkin,
 )
@@ -49,7 +48,7 @@ class CheckinListViewSet(viewsets.ModelViewSet):
        serializer.instance.log_action(
            'pretix.event.checkinlist.added',
            user=self.request.user,
-            api_token=(self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None),
+            auth=self.request.auth,
            data=self.request.data
        )

@@ -63,7 +62,7 @@ class CheckinListViewSet(viewsets.ModelViewSet):
        serializer.instance.log_action(
            'pretix.event.checkinlist.changed',
            user=self.request.user,
-            api_token=(self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None),
+            auth=self.request.auth,
            data=self.request.data
        )

@@ -71,7 +70,7 @@ class CheckinListViewSet(viewsets.ModelViewSet):
        instance.log_action(
            'pretix.event.checkinlist.deleted',
            user=self.request.user,
-            api_token=(self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None),
+            auth=self.request.auth,
        )
        super().perform_destroy(instance)