django_htcpcp_tea in middleware only if in apps

apps/api/urls.py

@@ -2,7 +2,8 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django.conf import settings
-from django.conf.urls import url, include
+from django.conf.urls import include
+from django.urls import re_path
 from rest_framework import routers
 
 from .views import UserInformationView
@@ -47,7 +48,7 @@ app_name = 'api'
 # Wire up our API using automatic URL routing.
 # Additionally, we include login URLs for the browsable API.
 urlpatterns = [
-    url('^', include(router.urls)),
+    re_path('^', include(router.urls)),
-    url('^me/', UserInformationView.as_view()),
+    re_path('^me/', UserInformationView.as_view()),
-    url('^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
+    re_path('^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
 ]

apps/member/views.py

@@ -26,7 +26,7 @@ from permission.backends import PermissionBackend
 from permission.models import Role
 from permission.views import ProtectQuerysetMixin, ProtectedCreateView
 
-from .forms import UserForm, ProfileForm, ImageForm, ClubForm, MembershipForm,\
+from .forms import UserForm, ProfileForm, ImageForm, ClubForm, MembershipForm, \
     CustomAuthenticationForm, MembershipRolesForm
 from .models import Club, Membership
 from .tables import ClubTable, UserTable, MembershipTable, ClubManagerTable

apps/note/api/views.py

@@ -13,7 +13,7 @@ from rest_framework import status
 from api.viewsets import ReadProtectedModelViewSet, ReadOnlyProtectedModelViewSet
 from permission.backends import PermissionBackend
 
-from .serializers import NotePolymorphicSerializer, AliasSerializer, ConsumerSerializer,\
+from .serializers import NotePolymorphicSerializer, AliasSerializer, ConsumerSerializer, \
     TemplateCategorySerializer, TransactionTemplateSerializer, TransactionPolymorphicSerializer, \
     TrustSerializer
 from ..models.notes import Note, Alias, NoteUser, NoteClub, NoteSpecial, Trust

apps/note/tests/test_transactions.py

@@ -10,7 +10,7 @@ from django.urls import reverse
 from django.utils import timezone
 from permission.models import Role
 
-from ..api.views import AliasViewSet, ConsumerViewSet, NotePolymorphicViewSet, TemplateCategoryViewSet,\
+from ..api.views import AliasViewSet, ConsumerViewSet, NotePolymorphicViewSet, TemplateCategoryViewSet, \
     TransactionTemplateViewSet, TransactionViewSet
 from ..models import NoteUser, Transaction, TemplateCategory, TransactionTemplate, RecurrentTransaction, \
     MembershipTransaction, SpecialTransaction, NoteSpecial, Alias, Note

apps/permission/scopes.py

@@ -44,6 +44,8 @@ class PermissionOAuth2Validator(OAuth2Validator):
         subset of permissions.
         """
 
+        oidc_claim_scope = None  # fix breaking change of django-oauth-toolkit 2.0.0
+
         valid_scopes = set()
 
         for t in Permission.PERMISSION_TYPES:

apps/treasury/api/views.py

@@ -5,7 +5,7 @@ from django_filters.rest_framework import DjangoFilterBackend
 from rest_framework.filters import SearchFilter
 from api.viewsets import ReadProtectedModelViewSet
 
-from .serializers import InvoiceSerializer, ProductSerializer, RemittanceTypeSerializer, RemittanceSerializer,\
+from .serializers import InvoiceSerializer, ProductSerializer, RemittanceTypeSerializer, RemittanceSerializer, \
     SogeCreditSerializer
 from ..models import Invoice, Product, RemittanceType, Remittance, SogeCredit
 

apps/treasury/urls.py

@@ -3,8 +3,8 @@
 
 from django.urls import path
 
-from .views import InvoiceCreateView, InvoiceListView, InvoiceUpdateView, InvoiceDeleteView, InvoiceRenderView,\
+from .views import InvoiceCreateView, InvoiceListView, InvoiceUpdateView, InvoiceDeleteView, InvoiceRenderView, \
-    RemittanceListView, RemittanceCreateView, RemittanceUpdateView, LinkTransactionToRemittanceView,\
+    RemittanceListView, RemittanceCreateView, RemittanceUpdateView, LinkTransactionToRemittanceView, \
     UnlinkTransactionToRemittanceView, SogeCreditListView, SogeCreditManageView
 
 app_name = 'treasury'

note_kfet/admin.py

@@ -25,8 +25,8 @@ admin_site.register(Site, SiteAdmin)
 
 # Add external apps model
 if "oauth2_provider" in settings.INSTALLED_APPS:
-    from oauth2_provider.admin import Application, ApplicationAdmin, Grant, \
+    from oauth2_provider.admin import ApplicationAdmin, GrantAdmin, AccessTokenAdmin, RefreshTokenAdmin
-        GrantAdmin, AccessToken, AccessTokenAdmin, RefreshToken, RefreshTokenAdmin
+    from oauth2_provider.models import Application, Grant, AccessToken, RefreshToken
     admin_site.register(Application, ApplicationAdmin)
     admin_site.register(Grant, GrantAdmin)
     admin_site.register(AccessToken, AccessTokenAdmin)

note_kfet/settings/base.py

@@ -90,12 +90,14 @@ MIDDLEWARE = [
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
     'django.middleware.locale.LocaleMiddleware',
     'django.contrib.sites.middleware.CurrentSiteMiddleware',
-    'django_htcpcp_tea.middleware.HTCPCPTeaMiddleware',
     'note_kfet.middlewares.SessionMiddleware',
     'note_kfet.middlewares.LoginByIPMiddleware',
     'note_kfet.middlewares.TurbolinksMiddleware',
     'note_kfet.middlewares.ClacksMiddleware',
 ]
+if "django_htcpcp_tea" in INSTALLED_APPS:
+    MIDDLEWARE.append('django_htcpcp_tea.middleware.HTCPCPTeaMiddleware')
+
 
 ROOT_URLCONF = 'note_kfet.urls'
 
@@ -263,6 +265,9 @@ OAUTH2_PROVIDER = {
     'REFRESH_TOKEN_EXPIRE_SECONDS': timedelta(days=14),
 }
 
+# PKCE (fix a breaking change of django-oauth-toolkit 2.0.0)
+PKCE_REQUIRED = False
+
 # Take control on how widget templates are sourced
 # See https://docs.djangoproject.com/en/2.2/ref/forms/renderers/#templatessetting
 FORM_RENDERER = 'django.forms.renderers.TemplatesSetting'