Implement OAuth2 provider (#927)

- [x] Application management
  - [x] Link
  - [ ] Tests
- [x] Authorize flow
  - [x] Tests
- [x] Refresh token handling
  - [x] Tests
- [x] Revocation endpoint
  - [x] Tests
  - [x] Mitigate: https://github.com/jazzband/django-oauth-toolkit/issues/585
- [x] API authenticator / permission driver
  - [x] Test
- [x] Enforce organizer restriction
  - [x] Tests
- [x] Enforce scope restriction
  - [x] Tests
- [x] Show current applications to user
  - [x] Revoke
  - [x] Tests
- [x] Log new authorizations
  - [x] notify user
- [x] Ensure other grant types are not available
- [x] Documentation
- [x] check if revoking access toking, then refreshing gets rid of organizer constraint
- [x] Show logentry foo

src/pretix/control/templates/pretixcontrol/oauth/app_delete.html

@@ -0,0 +1,19 @@
+{% extends "pretixcontrol/base.html" %}
+{% load i18n %}
+{% load bootstrap3 %}
+{% block title %}{% trans "Disable application" %}{% endblock %}
+{% block content %}
+    <h1>{% trans "Disable application" %}</h1>
+        <form action="" method="post" class="form-horizontal">
+            {% csrf_token %}
+            <p>{% blocktrans %}Are you sure you want to disable the application <strong>{{ application }}</strong> permanently?{% endblocktrans %}</p>
+            <div class="form-group submit-group">
+                <a href="{% url "control:user.settings.oauth.apps" %}" class="btn btn-default btn-cancel">
+                    {% trans "Cancel" %}
+                </a>
+                <button type="submit" class="btn btn-danger btn-save">
+                    {% trans "Disable" %}
+                </button>
+            </div>
+        </form>
+{% endblock %}

src/pretix/control/templates/pretixcontrol/oauth/app_list.html

@@ -0,0 +1,50 @@
+{% extends "pretixcontrol/base.html" %}
+{% load i18n %}
+{% load bootstrap3 %}
+{% block title %}{% trans "Your applications" %}{% endblock %}
+{% block content %}
+    <h1>{% trans "Your applications" %}</h1>
+    {% if applications %}
+        <div class="table-responsive">
+            <table class="table table-condensed table-hover">
+                <thead>
+                <tr>
+                    <th>{% trans "Name" %}</th>
+                    <th class="action-col-2"></th>
+                </tr>
+                </thead>
+                <tbody>
+                {% for application in applications %}
+                    <tr>
+                        <td><strong><a href="{% url "control:user.settings.oauth.app" pk=application.pk %}">{{ application.name }}</a></strong></td>
+                        <td class="text-right">
+                            <a href="{% url "control:user.settings.oauth.app" pk=application.pk %}" class="btn btn-default btn-sm"><i class="fa fa-edit"></i></a>
+                            <a href="{% url "control:user.settings.oauth.app.roll" pk=application.pk %}" class="btn btn-default btn-sm"><i class="fa fa-repeat"></i></a>
+                            <a href="{% url "control:user.settings.oauth.app.disable" pk=application.pk %}" class="btn btn-danger btn-sm"><i class="fa fa-trash"></i></a>
+                        </td>
+                    </tr>
+                {% endfor %}
+                </tbody>
+            </table>
+        </div>
+        <p>
+            <a class="btn btn-primary" href="{% url "control:user.settings.oauth.apps.register" %}">
+                <span class="fa fa-plus"></span>
+                {% trans "Create new application" %}
+            </a>
+        </p>
+    {% else %}
+        <div class="empty-collection">
+            <p>
+                {% blocktrans trimmed %}
+                    No applications registered yet.
+                {% endblocktrans %}
+            </p>
+
+            <a href="{% url "control:user.settings.oauth.apps.register" %}"
+               class="btn btn-primary btn-lg">
+                {% trans "Register a new application" %}
+            </a>
+        </div>
+    {% endif %}
+{% endblock %}

src/pretix/control/templates/pretixcontrol/oauth/app_register.html

@@ -0,0 +1,16 @@
+{% extends "pretixcontrol/base.html" %}
+{% load i18n %}
+{% load bootstrap3 %}
+{% block title %}{% trans "Register a new application" %}{% endblock %}
+{% block content %}
+    <h1>{% trans "Register a new application" %}</h1>
+    <form class="form-horizontal" method="post" action="">
+        {% csrf_token %}
+        {% bootstrap_form form layout='control' %}
+        <div class="form-group submit-group">
+            <button type="submit" class="btn btn-primary btn-save">
+                {% trans "Save" %}
+            </button>
+        </div>
+    </form>
+{% endblock %}

src/pretix/control/templates/pretixcontrol/oauth/app_rollkeys.html

@@ -0,0 +1,19 @@
+{% extends "pretixcontrol/base.html" %}
+{% load i18n %}
+{% load bootstrap3 %}
+{% block title %}{% trans "Generate new application secret" %}{% endblock %}
+{% block content %}
+    <h1>{% trans "Generate new application secret" %}</h1>
+        <form action="" method="post" class="form-horizontal">
+            {% csrf_token %}
+            <p>{% blocktrans %}Are you sure you want to generate a new client secret for the application <strong>{{ application }}</strong>?{% endblocktrans %}</p>
+            <div class="form-group submit-group">
+                <a href="{% url "control:user.settings.oauth.apps" %}" class="btn btn-default btn-cancel">
+                    {% trans "Cancel" %}
+                </a>
+                <button type="submit" class="btn btn-danger btn-save">
+                    {% trans "Roll secret" %}
+                </button>
+            </div>
+        </form>
+{% endblock %}

src/pretix/control/templates/pretixcontrol/oauth/app_update.html

@@ -0,0 +1,16 @@
+{% extends "pretixcontrol/base.html" %}
+{% load i18n %}
+{% load bootstrap3 %}
+{% block title %}{% trans "Update an application" %}{% endblock %}
+{% block content %}
+    <h1>{% trans "Update an application" %}</h1>
+    <form class="form-horizontal" method="post" action="">
+        {% csrf_token %}
+        {% bootstrap_form form layout='control' %}
+        <div class="form-group submit-group">
+            <button type="submit" class="btn btn-primary btn-save">
+                {% trans "Save" %}
+            </button>
+        </div>
+    </form>
+{% endblock %}

src/pretix/control/templates/pretixcontrol/oauth/auth_revoke.html

@@ -0,0 +1,19 @@
+{% extends "pretixcontrol/base.html" %}
+{% load i18n %}
+{% load bootstrap3 %}
+{% block title %}{% trans "Revoke access" %}{% endblock %}
+{% block content %}
+    <h1>{% trans "Revoke access" %}</h1>
+        <form action="" method="post" class="form-horizontal">
+            {% csrf_token %}
+            <p>{% blocktrans %}Are you sure you want to revoke access to your account for the application <strong>{{ application }}</strong>?{% endblocktrans %}</p>
+            <div class="form-group submit-group">
+                <a href="{% url "control:user.settings.oauth.list" %}" class="btn btn-default btn-cancel">
+                    {% trans "Cancel" %}
+                </a>
+                <button type="submit" class="btn btn-danger btn-save">
+                    {% trans "Revoke" %}
+                </button>
+            </div>
+        </form>
+{% endblock %}

src/pretix/control/templates/pretixcontrol/oauth/authorized.html

@@ -0,0 +1,65 @@
+{% extends "pretixcontrol/base.html" %}
+{% load i18n %}
+{% load bootstrap3 %}
+{% block title %}{% trans "Authorized applications" %}{% endblock %}
+{% block content %}
+    <h1>{% trans "Authorized applications" %}</h1>
+    <p>
+        <a href="{% url "control:user.settings.oauth.apps" %}" class="btn btn-default">
+            {% trans "Manage your own apps" %}
+        </a>
+    </p>
+    {% if tokens %}
+        <div class="table-responsive">
+            <table class="table table-condensed table-hover table-quotas">
+                <thead>
+                <tr>
+                    <th>{% trans "Name" %}</th>
+                    <th>{% trans "Permissions" %}</th>
+                    <th>{% trans "Organizers" %}</th>
+                    <th class="action-col-2"></th>
+                </tr>
+                </thead>
+                <tbody>
+                {% for token in tokens %}
+                    <tr>
+                        <td><strong>{{ token.application.name }}</strong></td>
+                        <td>
+                            <ul>
+                                {% for scope in token.scopes_descriptions %}
+                                    <li>
+                                        {{ scope }}
+                                    </li>
+                                {% endfor %}
+                            </ul>
+                        </td>
+                        <td>
+                            <ul>
+                                {% for o in token.organizers.all %}
+                                    <li>
+                                        <a href="{% url "control:organizer" organizer=o.slug %}">
+                                            {{ o.name }}
+                                        </a>
+                                    </li>
+                                {% endfor %}
+                            </ul>
+                        </td>
+                        <td class="text-right">
+                            <a href="{% url "control:user.settings.oauth.revoke" pk=token.pk %}"
+                               class="btn btn-danger btn-sm">{% trans "Revoke access" %}</a>
+                        </td>
+                    </tr>
+                {% endfor %}
+                </tbody>
+            </table>
+        </div>
+    {% else %}
+        <div class="empty-collection">
+            <p>
+                {% blocktrans trimmed %}
+                    No applications have access to your pretix account.
+                {% endblocktrans %}
+            </p>
+        </div>
+    {% endif %}
+{% endblock %}