From 41ce283e716ddf187d9c0ca2eb658ad5df691860 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 13 Sep 2024 10:30:46 +0000
Subject: [PATCH] Bump django-oauth-toolkit from 2.4.0 to 3.0.1 (#1349)

* Bump django-oauth-toolkit from 2.4.0 to 3.0.1

Bumps [django-oauth-toolkit](https://github.com/jazzband/django-oauth-toolkit) from 2.4.0 to 3.0.1.
- [Release notes](https://github.com/jazzband/django-oauth-toolkit/releases)
- [Changelog](https://github.com/jazzband/django-oauth-toolkit/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jazzband/django-oauth-toolkit/compare/2.4.0...3.0.1)

---
updated-dependencies:
- dependency-name: django-oauth-toolkit
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* add migration for AccessToken

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Julian B <jeriox@users.noreply.github.com>
---
 ...ksum_refreshtoken_token_family_and_more.py | 52 +++++++++++++++++++
 poetry.lock                                   | 15 +++---
 pyproject.toml                                |  2 +-
 3 files changed, 60 insertions(+), 9 deletions(-)
 create mode 100644 ephios/api/migrations/0005_accesstoken_token_checksum_refreshtoken_token_family_and_more.py

diff --git a/ephios/api/migrations/0005_accesstoken_token_checksum_refreshtoken_token_family_and_more.py b/ephios/api/migrations/0005_accesstoken_token_checksum_refreshtoken_token_family_and_more.py
new file mode 100644
index 000000000..356e0bb08
--- /dev/null
+++ b/ephios/api/migrations/0005_accesstoken_token_checksum_refreshtoken_token_family_and_more.py
@@ -0,0 +1,52 @@
+# Generated by Django 5.0.8 on 2024-09-12 20:15
+
+import oauth2_provider.models
+from django.db import migrations, models
+from oauth2_provider.settings import oauth2_settings
+
+
+def forwards_func(apps, schema_editor):
+    """
+    Forward migration touches every "old" accesstoken.token which will cause the checksum to be computed.
+    Taken from https://github.com/jazzband/django-oauth-toolkit/pull/1491/
+    """
+    AccessToken = apps.get_model(oauth2_settings.ACCESS_TOKEN_MODEL)
+    accesstokens = AccessToken._default_manager.all()  # pylint: disable=protected-access
+    for accesstoken in accesstokens:
+        accesstoken.save(update_fields=["token_checksum"])
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("api", "0004_application_allowed_origins_and_more"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="accesstoken",
+            name="token_checksum",
+            field=oauth2_provider.models.TokenChecksumField(
+                default="", max_length=64, blank=True, null=True
+            ),
+            preserve_default=False,
+        ),
+        migrations.AddField(
+            model_name="refreshtoken",
+            name="token_family",
+            field=models.UUIDField(blank=True, editable=False, null=True),
+        ),
+        migrations.AlterField(
+            model_name="accesstoken",
+            name="token",
+            field=models.TextField(),
+        ),
+        migrations.RunPython(forwards_func, migrations.RunPython.noop),
+        migrations.AlterField(
+            model_name="accesstoken",
+            name="token_checksum",
+            field=oauth2_provider.models.TokenChecksumField(
+                blank=False, max_length=64, db_index=True, unique=True
+            ),
+        ),
+    ]
diff --git a/poetry.lock b/poetry.lock
index a743ce0f7..ded30d3a8 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -1055,20 +1055,19 @@ libsass = ">=0.7.0,<1"
 
 [[package]]
 name = "django-oauth-toolkit"
-version = "2.4.0"
+version = "3.0.1"
 description = "OAuth2 Provider for Django"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "django_oauth_toolkit-2.4.0-py3-none-any.whl", hash = "sha256:4931d6bf64b6aee32a42f989f218769d1876f3daa53c6bf883d8ab793fb302ee"},
-    {file = "django_oauth_toolkit-2.4.0.tar.gz", hash = "sha256:8975eaf697413a8d54208ee068bc5ad6d1ed76f1df84e4882fbb25e7e6966e1b"},
+    {file = "django_oauth_toolkit-3.0.1-py3-none-any.whl", hash = "sha256:3ef00b062a284f2031b0732b32dc899e3bbf0eac221bbb1cffcb50b8932e55ed"},
+    {file = "django_oauth_toolkit-3.0.1.tar.gz", hash = "sha256:7200e4a9fb229b145a6d808cbf0423b6d69a87f68557437733eec3c0cf71db02"},
 ]
 
 [package.dependencies]
-django = ">=3.2,<4.0.0 || >4.0.0"
-jwcrypto = ">=0.8.0"
-oauthlib = ">=3.1.0"
-pytz = ">=2024.1"
+django = ">=4.2"
+jwcrypto = ">=1.5.0"
+oauthlib = ">=3.2.2"
 requests = ">=2.13.0"
 
 [[package]]
@@ -3882,4 +3881,4 @@ redis = ["redis"]
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.10"
-content-hash = "924ff34bc71b07dbcf63ef09dbae91c9731d83bbec7b2e4a996073811503deee"
+content-hash = "55d8df43868a30a6d3394d174e289f27030d35d1df1a52f6c5607d75d456130f"
diff --git a/pyproject.toml b/pyproject.toml
index 04626a832..686453270 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -39,7 +39,7 @@ django-filter = "^24.0"
 djangorestframework-guardian = "^0.3.0"
 uritemplate = "^4.1.1"
 django-recurrence = "^1.11.1"
-django-oauth-toolkit = "~2.4.0"  # pinned because minor versions sometimes require migrations in our models
+django-oauth-toolkit = "~3.0.1"  # pinned because minor versions sometimes require migrations in our models
 urllib3 = "^1.26.0,<2.0.0"  # pinned because of uberspace issues with urllib3 2.0.0
 pyyaml = "^6.0.1"
 lxml = ">=4.9.3,<6.0.0"