Source: django-oauth-toolkit
Version: 1.2.0-2
Severity: serious
Justification: FTBFS on amd64
Tags: bullseye sid ftbfs
Usertags: ftbfs-20200222 ftbfs-bullseye
Hi,
During a rebuild of all packages in sid, your package failed to build
on amd64.
Relevant part (hopefully):
> make[1]: Entering directory '/<<PKGBUILDDIR>>'
> dh_auto_test -- --system=custom --test-args="PYTHONPATH={build_dir}
> {interpreter} -m pytest"
> I: pybuild base:217:
> PYTHONPATH=/<<PKGBUILDDIR>>/.pybuild/cpython3_3.8_django-oauth-toolkit/build
> python3.8 -m pytest
> ============================= test session starts
> ==============================
> platform linux -- Python 3.8.2rc2, pytest-4.6.9, py-1.8.1, pluggy-0.13.0
> Django settings: tests.settings (from ini file)
> rootdir: /<<PKGBUILDDIR>>, inifile: tox.ini
> plugins: django-3.5.1
> collected 221 items
>
> tests/test_application_views.py ..... [
> 2%]
> tests/test_auth_backends.py ........ [
> 5%]
> tests/test_authorization_code.py .......................F..F......FFF..F [
> 23%]
> ...... [
> 26%]
> tests/test_client_credential.py ..... [
> 28%]
> tests/test_decorators.py ... [
> 29%]
> tests/test_generator.py ... [
> 31%]
> tests/test_implicit.py ........... [
> 36%]
> tests/test_introspection_auth.py ..... [
> 38%]
> tests/test_introspection_view.py ......... [
> 42%]
> tests/test_mixins.py ........ [
> 46%]
> tests/test_models.py ....................... [
> 56%]
> tests/test_oauth2_backends.py ...... [
> 59%]
> tests/test_oauth2_validators.py ......................... [
> 70%]
> tests/test_password.py F.. [
> 71%]
> tests/test_rest_framework.py ............................. [
> 85%]
> tests/test_scopes.py ............ [
> 90%]
> tests/test_scopes_backend.py .. [
> 91%]
> tests/test_token_revocation.py FFFFFF [
> 94%]
> tests/test_token_view.py .......... [
> 98%]
> tests/test_validators.py ...
> [100%]
>
> =================================== FAILURES
> ===================================
> _________ TestAuthorizationCodeTokenView.test_basic_auth_bad_authcode
> __________
>
> self = <tests.test_authorization_code.TestAuthorizationCodeTokenView
> testMethod=test_basic_auth_bad_authcode>
>
> def test_basic_auth_bad_authcode(self):
> """
> Request an access token using a bad authorization code
> """
> self.client.login(username="test_user", password="123456")
>
> token_request_data = {
> "grant_type": "authorization_code",
> "code": "BLAH",
> "redirect_uri": "http://example.org";
> }
> auth_headers = get_basic_auth_header(self.application.client_id,
> self.application.client_secret)
>
> response = self.client.post(reverse("oauth2_provider:token"),
> data=token_request_data, **auth_headers)
> > self.assertEqual(response.status_code, 401)
> E AssertionError: 400 != 401
>
> tests/test_authorization_code.py:854: AssertionError
> _________ TestAuthorizationCodeTokenView.test_basic_auth_grant_expired
> _________
>
> self = <tests.test_authorization_code.TestAuthorizationCodeTokenView
> testMethod=test_basic_auth_grant_expired>
>
> def test_basic_auth_grant_expired(self):
> """
> Request an access token using an expired grant token
> """
> self.client.login(username="test_user", password="123456")
> g = Grant(
> application=self.application, user=self.test_user, code="BLAH",
> expires=timezone.now(), redirect_uri="", scope="")
> g.save()
>
> token_request_data = {
> "grant_type": "authorization_code",
> "code": "BLAH",
> "redirect_uri": "http://example.org";
> }
> auth_headers = get_basic_auth_header(self.application.client_id,
> self.application.client_secret)
>
> response = self.client.post(reverse("oauth2_provider:token"),
> data=token_request_data, **auth_headers)
> > self.assertEqual(response.status_code, 401)
> E AssertionError: 400 != 401
>
> tests/test_authorization_code.py:890: AssertionError
> _________________ TestAuthorizationCodeTokenView.test_refresh
> __________________
>
> self = <tests.test_authorization_code.TestAuthorizationCodeTokenView
> testMethod=test_refresh>
>
> def test_refresh(self):
> """
> Request an access token using a refresh token
> """
> self.client.login(username="test_user", password="123456")
> authorization_code = self.get_auth()
>
> token_request_data = {
> "grant_type": "authorization_code",
> "code": authorization_code,
> "redirect_uri": "http://example.org";
> }
> auth_headers = get_basic_auth_header(self.application.client_id,
> self.application.client_secret)
>
> response = self.client.post(reverse("oauth2_provider:token"),
> data=token_request_data, **auth_headers)
> content = json.loads(response.content.decode("utf-8"))
> self.assertTrue("refresh_token" in content)
>
> # make a second token request to be sure the previous refresh token
> remains valid, see #65
> authorization_code = self.get_auth()
> token_request_data = {
> "grant_type": "authorization_code",
> "code": authorization_code,
> "redirect_uri": "http://example.org";
> }
> response = self.client.post(reverse("oauth2_provider:token"),
> data=token_request_data, **auth_headers)
>
> token_request_data = {
> "grant_type": "refresh_token",
> "refresh_token": content["refresh_token"],
> "scope": content["scope"],
> }
> response = self.client.post(reverse("oauth2_provider:token"),
> data=token_request_data, **auth_headers)
> self.assertEqual(response.status_code, 200)
>
> content = json.loads(response.content.decode("utf-8"))
> self.assertTrue("access_token" in content)
>
> # check refresh token cannot be used twice
> response = self.client.post(reverse("oauth2_provider:token"),
> data=token_request_data, **auth_headers)
> > self.assertEqual(response.status_code, 401)
> E AssertionError: 400 != 401
>
> tests/test_authorization_code.py:602: AssertionError
> ------------------------------ Captured log call
> -------------------------------
> DEBUG oauth2_provider:base.py:123 Success url for the request:
> http://example.org?code=l2AmHuE4wbSp2reQQN45z16cP3J0PO&state=random_state_string
> DEBUG oauth2_provider:base.py:123 Success url for the request:
> http://example.org?code=cRHhTdtbcuflkVoOTyPZyz6PbBekAL&state=random_state_string
> ____________ TestAuthorizationCodeTokenView.test_refresh_bad_scopes
> ____________
>
> self = <tests.test_authorization_code.TestAuthorizationCodeTokenView
> testMethod=test_refresh_bad_scopes>
>
> def test_refresh_bad_scopes(self):
> """
> Request an access token using a refresh token and wrong scopes
> """
> self.client.login(username="test_user", password="123456")
> authorization_code = self.get_auth()
>
> token_request_data = {
> "grant_type": "authorization_code",
> "code": authorization_code,
> "redirect_uri": "http://example.org";
> }
> auth_headers = get_basic_auth_header(self.application.client_id,
> self.application.client_secret)
>
> response = self.client.post(reverse("oauth2_provider:token"),
> data=token_request_data, **auth_headers)
> content = json.loads(response.content.decode("utf-8"))
> self.assertTrue("refresh_token" in content)
>
> token_request_data = {
> "grant_type": "refresh_token",
> "refresh_token": content["refresh_token"],
> "scope": "read write nuke",
> }
> response = self.client.post(reverse("oauth2_provider:token"),
> data=token_request_data, **auth_headers)
> > self.assertEqual(response.status_code, 401)
> E AssertionError: 400 != 401
>
> tests/test_authorization_code.py:738: AssertionError
> ------------------------------ Captured log call
> -------------------------------
> DEBUG oauth2_provider:base.py:123 Success url for the request:
> http://example.org?code=iJ1ZqhQpW7nGz72LgOCtZtAMc1AMkT&state=random_state_string
> _____ TestAuthorizationCodeTokenView.test_refresh_fail_repeating_requests
> ______
>
> self = <tests.test_authorization_code.TestAuthorizationCodeTokenView
> testMethod=test_refresh_fail_repeating_requests>
>
> def test_refresh_fail_repeating_requests(self):
> """
> Try refreshing an access token with the same refresh token more than
> once
> """
> self.client.login(username="test_user", password="123456")
> authorization_code = self.get_auth()
>
> token_request_data = {
> "grant_type": "authorization_code",
> "code": authorization_code,
> "redirect_uri": "http://example.org";
> }
> auth_headers = get_basic_auth_header(self.application.client_id,
> self.application.client_secret)
>
> response = self.client.post(reverse("oauth2_provider:token"),
> data=token_request_data, **auth_headers)
> content = json.loads(response.content.decode("utf-8"))
> self.assertTrue("refresh_token" in content)
>
> token_request_data = {
> "grant_type": "refresh_token",
> "refresh_token": content["refresh_token"],
> "scope": content["scope"],
> }
> response = self.client.post(reverse("oauth2_provider:token"),
> data=token_request_data, **auth_headers)
> self.assertEqual(response.status_code, 200)
> response = self.client.post(reverse("oauth2_provider:token"),
> data=token_request_data, **auth_headers)
> > self.assertEqual(response.status_code, 401)
> E AssertionError: 400 != 401
>
> tests/test_authorization_code.py:766: AssertionError
> ------------------------------ Captured log call
> -------------------------------
> DEBUG oauth2_provider:base.py:123 Success url for the request:
> http://example.org?code=6b3Ykx9JcNqfZZP34hXp4LQKEMbfkf&state=random_state_string
> ________ TestAuthorizationCodeTokenView.test_refresh_repeating_requests
> ________
>
> self = <tests.test_authorization_code.TestAuthorizationCodeTokenView
> testMethod=test_refresh_repeating_requests>
>
> def test_refresh_repeating_requests(self):
> """
> Trying to refresh an access token with the same refresh token more
> than
> once succeeds in the grace period and fails outside
> """
> oauth2_settings.REFRESH_TOKEN_GRACE_PERIOD_SECONDS = 120
> self.client.login(username="test_user", password="123456")
> authorization_code = self.get_auth()
>
> token_request_data = {
> "grant_type": "authorization_code",
> "code": authorization_code,
> "redirect_uri": "http://example.org";
> }
> auth_headers = get_basic_auth_header(self.application.client_id,
> self.application.client_secret)
>
> response = self.client.post(reverse("oauth2_provider:token"),
> data=token_request_data, **auth_headers)
> content = json.loads(response.content.decode("utf-8"))
> self.assertTrue("refresh_token" in content)
>
> token_request_data = {
> "grant_type": "refresh_token",
> "refresh_token": content["refresh_token"],
> "scope": content["scope"],
> }
> response = self.client.post(reverse("oauth2_provider:token"),
> data=token_request_data, **auth_headers)
> self.assertEqual(response.status_code, 200)
> response = self.client.post(reverse("oauth2_provider:token"),
> data=token_request_data, **auth_headers)
> self.assertEqual(response.status_code, 200)
>
> # try refreshing outside the refresh window, see #497
> rt = RefreshToken.objects.get(token=content["refresh_token"])
> self.assertIsNotNone(rt.revoked)
> rt.revoked = timezone.now() - datetime.timedelta(minutes=10) #
> instead of mocking out datetime
> rt.save()
>
> response = self.client.post(reverse("oauth2_provider:token"),
> data=token_request_data, **auth_headers)
> > self.assertEqual(response.status_code, 401)
> E AssertionError: 400 != 401
>
> tests/test_authorization_code.py:805: AssertionError
> ------------------------------ Captured log call
> -------------------------------
> DEBUG oauth2_provider:base.py:123 Success url for the request:
> http://example.org?code=6Op5KhS2YPELG4NWKYkhIL2OJb8Y3G&state=random_state_string
> __________________ TestPasswordTokenView.test_bad_credentials
> __________________
>
> self = <tests.test_password.TestPasswordTokenView
> testMethod=test_bad_credentials>
>
> def test_bad_credentials(self):
> """
> Request an access token using Resource Owner Password Flow
> """
> token_request_data = {
> "grant_type": "password",
> "username": "test_user",
> "password": "NOT_MY_PASS",
> }
> auth_headers = get_basic_auth_header(self.application.client_id,
> self.application.client_secret)
>
> response = self.client.post(reverse("oauth2_provider:token"),
> data=token_request_data, **auth_headers)
> > self.assertEqual(response.status_code, 401)
> E AssertionError: 400 != 401
>
> tests/test_password.py:79: AssertionError
> _________________ TestRevocationView.test_revoke_access_token
> __________________
>
> self = <tests.test_token_revocation.TestRevocationView
> testMethod=test_revoke_access_token>
>
> def test_revoke_access_token(self):
> """
>
> """
> tok = AccessToken.objects.create(
> user=self.test_user, token="1234567890",
> application=self.application,
> expires=timezone.now() + datetime.timedelta(days=1),
> scope="read write"
> )
> query_string = urlencode({
> "client_id": self.application.client_id,
> "client_secret": self.application.client_secret,
> "token": tok.token,
> })
> url =
> "{url}?{qs}".format(url=reverse("oauth2_provider:revoke-token"),
> qs=query_string)
> response = self.client.post(url)
> > self.assertEqual(response.status_code, 200)
> E AssertionError: 400 != 200
>
> tests/test_token_revocation.py:62: AssertionError
> ______________ TestRevocationView.test_revoke_access_token_public
> ______________
>
> self = <tests.test_token_revocation.TestRevocationView
> testMethod=test_revoke_access_token_public>
>
> def test_revoke_access_token_public(self):
> public_app = Application(
> name="Test Application",
> redirect_uris="http://localhost http://example.com
> http://example.org";,
> user=self.dev_user,
> client_type=Application.CLIENT_PUBLIC,
> authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE,
> )
> public_app.save()
>
> tok = AccessToken.objects.create(
> user=self.test_user, token="1234567890", application=public_app,
> expires=timezone.now() + datetime.timedelta(days=1),
> scope="read write"
> )
>
> query_string = urlencode({
> "client_id": public_app.client_id,
> "token": tok.token,
> })
>
> url =
> "{url}?{qs}".format(url=reverse("oauth2_provider:revoke-token"),
> qs=query_string)
> response = self.client.post(url)
> > self.assertEqual(response.status_code, 200)
> E AssertionError: 400 != 200
>
> tests/test_token_revocation.py:89: AssertionError
> ____________ TestRevocationView.test_revoke_access_token_with_hint
> _____________
>
> self = <tests.test_token_revocation.TestRevocationView
> testMethod=test_revoke_access_token_with_hint>
>
> def test_revoke_access_token_with_hint(self):
> """
>
> """
> tok = AccessToken.objects.create(
> user=self.test_user, token="1234567890",
> application=self.application,
> expires=timezone.now() + datetime.timedelta(days=1),
> scope="read write"
> )
> query_string = urlencode({
> "client_id": self.application.client_id,
> "client_secret": self.application.client_secret,
> "token": tok.token,
> "token_type_hint": "access_token"
> })
> url =
> "{url}?{qs}".format(url=reverse("oauth2_provider:revoke-token"),
> qs=query_string)
> response = self.client.post(url)
> > self.assertEqual(response.status_code, 200)
> E AssertionError: 400 != 200
>
> tests/test_token_revocation.py:109: AssertionError
> ________ TestRevocationView.test_revoke_access_token_with_invalid_hint
> _________
>
> self = <tests.test_token_revocation.TestRevocationView
> testMethod=test_revoke_access_token_with_invalid_hint>
>
> def test_revoke_access_token_with_invalid_hint(self):
> tok = AccessToken.objects.create(
> user=self.test_user, token="1234567890",
> application=self.application,
> expires=timezone.now() + datetime.timedelta(days=1),
> scope="read write"
> )
> # invalid hint should have no effect
> query_string = urlencode({
> "client_id": self.application.client_id,
> "client_secret": self.application.client_secret,
> "token": tok.token,
> "token_type_hint": "bad_hint"
> })
> url =
> "{url}?{qs}".format(url=reverse("oauth2_provider:revoke-token"),
> qs=query_string)
> response = self.client.post(url)
> > self.assertEqual(response.status_code, 200)
> E AssertionError: 400 != 200
>
> tests/test_token_revocation.py:128: AssertionError
> _________________ TestRevocationView.test_revoke_refresh_token
> _________________
>
> self = <tests.test_token_revocation.TestRevocationView
> testMethod=test_revoke_refresh_token>
>
> def test_revoke_refresh_token(self):
> tok = AccessToken.objects.create(
> user=self.test_user, token="1234567890",
> application=self.application,
> expires=timezone.now() + datetime.timedelta(days=1),
> scope="read write"
> )
> rtok = RefreshToken.objects.create(
> user=self.test_user, token="999999999",
> application=self.application, access_token=tok
> )
> query_string = urlencode({
> "client_id": self.application.client_id,
> "client_secret": self.application.client_secret,
> "token": rtok.token,
> })
> url =
> "{url}?{qs}".format(url=reverse("oauth2_provider:revoke-token"),
> qs=query_string)
> response = self.client.post(url)
> > self.assertEqual(response.status_code, 200)
> E AssertionError: 400 != 200
>
> tests/test_token_revocation.py:149: AssertionError
> _____________ TestRevocationView.test_revoke_token_with_wrong_hint
> _____________
>
> self = <tests.test_token_revocation.TestRevocationView
> testMethod=test_revoke_token_with_wrong_hint>
>
> def test_revoke_token_with_wrong_hint(self):
> """
> From the revocation rfc, `Section 4.1.2`_ :
>
> If the server is unable to locate the token using the given hint,
> it MUST extend its search across all of its supported token types
> .. _`Section 4.1.2`:
> http://tools.ietf.org/html/draft-ietf-oauth-revocation-11#section-4.1.2
> """
> tok = AccessToken.objects.create(
> user=self.test_user, token="1234567890",
> application=self.application,
> expires=timezone.now() + datetime.timedelta(days=1),
> scope="read write"
> )
>
> query_string = urlencode({
> "client_id": self.application.client_id,
> "client_secret": self.application.client_secret,
> "token": tok.token,
> "token_type_hint": "refresh_token"
> })
> url =
> "{url}?{qs}".format(url=reverse("oauth2_provider:revoke-token"),
> qs=query_string)
> response = self.client.post(url)
> > self.assertEqual(response.status_code, 200)
> E AssertionError: 400 != 200
>
> tests/test_token_revocation.py:177: AssertionError
> =============================== warnings summary
> ===============================
> tests/test_application_views.py::TestApplicationViews::test_application_detail_owner
> tests/test_application_views.py::TestApplicationViews::test_application_list
> tests/test_authorization_code.py::TestRegressionIssue315::test_request_is_not_overwritten
> tests/test_authorization_code.py::TestAuthorizationCodeView::test_code_post_auth_fails_when_redirect_uri_path_is_invalid
> tests/test_authorization_code.py::TestAuthorizationCodeView::test_code_post_auth_forbidden_redirect_uri
> tests/test_authorization_code.py::TestAuthorizationCodeView::test_code_post_auth_malicious_redirect_uri
> tests/test_authorization_code.py::TestAuthorizationCodeView::test_pre_auth_approval_prompt
> tests/test_authorization_code.py::TestAuthorizationCodeView::test_pre_auth_approval_prompt_default
> tests/test_authorization_code.py::TestAuthorizationCodeView::test_pre_auth_default_redirect
> tests/test_authorization_code.py::TestAuthorizationCodeView::test_pre_auth_forbibben_redirect
> tests/test_authorization_code.py::TestAuthorizationCodeView::test_pre_auth_invalid_client
> tests/test_authorization_code.py::TestAuthorizationCodeView::test_pre_auth_valid_client
> tests/test_authorization_code.py::TestAuthorizationCodeView::test_pre_auth_valid_client_custom_redirect_uri_scheme
> tests/test_authorization_code.py::TestDefaultScopes::test_pre_auth_default_scopes
> tests/test_implicit.py::TestImplicitAuthorizationCodeView::test_implicit_fails_when_redirect_uri_path_is_invalid
> tests/test_implicit.py::TestImplicitAuthorizationCodeView::test_pre_auth_default_redirect
> tests/test_implicit.py::TestImplicitAuthorizationCodeView::test_pre_auth_forbibben_redirect
> tests/test_implicit.py::TestImplicitAuthorizationCodeView::test_pre_auth_invalid_client
> tests/test_implicit.py::TestImplicitAuthorizationCodeView::test_pre_auth_valid_client
> tests/test_implicit.py::TestImplicitAuthorizationCodeView::test_pre_auth_valid_client_default_scopes
> tests/test_token_view.py::TestAuthorizedTokenListView::test_empty_list_view
> tests/test_token_view.py::TestAuthorizedTokenListView::test_list_view_one_token
> tests/test_token_view.py::TestAuthorizedTokenListView::test_list_view_shows_correct_user_token
> tests/test_token_view.py::TestAuthorizedTokenListView::test_list_view_two_tokens
> tests/test_token_view.py::TestAuthorizedTokenDeleteView::test_delete_view_post_actually_deletes
> tests/test_token_view.py::TestAuthorizedTokenDeleteView::test_delete_view_works
>
> /usr/lib/python3/dist-packages/django/contrib/staticfiles/templatetags/staticfiles.py:24:
> RemovedInDjango30Warning: {% load staticfiles %} is deprecated in favor of
> {% load static %}.
> warnings.warn(
>
> -- Docs: https://docs.pytest.org/en/latest/warnings.html
> ============= 13 failed, 208 passed, 26 warnings in 40.01 seconds
> ==============
> E: pybuild pybuild:341: test: plugin custom failed with: exit code=1:
> PYTHONPATH=/<<PKGBUILDDIR>>/.pybuild/cpython3_3.8_django-oauth-toolkit/build
> python3.8 -m pytest
> dh_auto_test: error: pybuild --test --test-pytest -i python{version} -p "3.8
> 3.7" --system=custom "--test-args=PYTHONPATH={build_dir} {interpreter} -m
> pytest" returned exit code 13
The full build log is available from:
http://qa-logs.debian.net/2020/02/22/django-oauth-toolkit_1.2.0-2_unstable.log
A list of current common problems and possible solutions is available at
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!
About the archive rebuild: The rebuild was done on EC2 VM instances from
Amazon Web Services, using a clean, minimal and up-to-date chroot. Every
failed build was retried once to eliminate random failures.
