Implement OAuth2 provider (#927)

- [x] Application management - [x] Link - [ ] Tests - [x] Authorize flow - [x] Tests - [x] Refresh token handling - [x] Tests - [x] Revocation endpoint - [x] Tests - [x] Mitigate: https://github.com/jazzband/django-oauth-toolkit/issues/585 - [x] API authenticator / permission driver - [x] Test - [x] Enforce organizer restriction - [x] Tests - [x] Enforce scope restriction - [x] Tests - [x] Show current applications to user - [x] Revoke - [x] Tests - [x] Log new authorizations - [x] notify user - [x] Ensure other grant types are not available - [x] Documentation - [x] check if revoking access toking, then refreshing gets rid of organizer constraint - [x] Show logentry foo
2026-05-03 14:54:04 +00:00 · 2018-06-05 12:58:04 +02:00
parent df031b2222
commit 69d10489b8
53 changed files with 1786 additions and 116 deletions
--- a/src/pretix/base/models/base.py
+++ b/src/pretix/base/models/base.py
@@ -36,7 +36,7 @@ def cached_file_delete(sender, instance, **kwargs):

 class LoggingMixin:

-    def log_action(self, action, data=None, user=None, api_token=None, save=True):
+    def log_action(self, action, data=None, user=None, api_token=None, auth=None, save=True):
        """
        Create a LogEntry object that is related to this object.
        See the LogEntry documentation for details.
@@ -47,6 +47,8 @@ class LoggingMixin:
        """
        from .log import LogEntry
        from .event import Event
+        from pretix.api.models import OAuthAccessToken, OAuthApplication
+        from .organizer import TeamAPIToken
        from ..notifications import get_all_notification_types
        from ..services.notifications import notify

@@ -57,7 +59,18 @@ class LoggingMixin:
            event = self.event
        if user and not user.is_authenticated:
            user = None
-        logentry = LogEntry(content_object=self, user=user, action_type=action, event=event, api_token=api_token)
+
+        kwargs = {}
+        if isinstance(auth, OAuthAccessToken):
+            kwargs['oauth_application'] = auth.application
+        elif isinstance(auth, OAuthApplication):
+            kwargs['oauth_application'] = auth
+        elif isinstance(auth, TeamAPIToken):
+            kwargs['api_token'] = auth
+        elif isinstance(api_token, TeamAPIToken):
+            kwargs['api_token'] = api_token
+
+        logentry = LogEntry(content_object=self, user=user, action_type=action, event=event, **kwargs)
        if data:
            logentry.data = json.dumps(data, cls=CustomJSONEncoder)
        if save:
@@ -83,4 +96,4 @@ class LoggedModel(models.Model, LoggingMixin):

        return LogEntry.objects.filter(
            content_type=ContentType.objects.get_for_model(type(self)), object_id=self.pk
-        ).select_related('user', 'event')
+        ).select_related('user', 'event', 'oauth_application', 'api_token')