chore: dynamic help_text for client_secret (#1628)

Author: Michael Li

AUTHORS

@@ -85,6 +85,7 @@ Jun Zhou
 Kaleb Porter
 Kristian Rune Larsen
 Lazaros Toumanidis
+lrq315
 Ludwig Hähne
 Łukasz Skarżyński
 Madison Swain-Bowden

CHANGELOG.md

@@ -20,6 +20,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Fixed
 * #1252 Fix crash  when 'client' is in token request body
 * #1496 Fix error when Bearer token string is empty but preceded by `Bearer` keyword.
+* #1628 Fix inaccurate help_text on client_secret field of Application model
 <!--
 ### Security
 -->

Dockerfile

@@ -9,12 +9,6 @@ FROM python:3.11.6-slim as builder
 ENV PYTHONDONTWRITEBYTECODE 1
 ENV PYTHONUNBUFFERED 1
 
-ENV DEBUG=False
-ENV ALLOWED_HOSTS="*"
-ENV TEMPLATES_DIRS="/data/templates"
-ENV STATIC_ROOT="/data/static"
-ENV DATABASE_URL="sqlite:////data/db.sqlite3"
-
 RUN apt-get update
 # Build Deps
 RUN apt-get install -y --no-install-recommends gcc libc-dev python3-dev git openssh-client libpq-dev file libev-dev
@@ -28,7 +22,7 @@ COPY . /code
 WORKDIR /code/tests/app/idp
 RUN pip install -r requirements.txt
 RUN pip install gunicorn
-RUN python manage.py collectstatic --noinput
+RUN STATIC_ROOT="static" python manage.py collectstatic --noinput
 
 
 
@@ -47,8 +41,8 @@ ENV SENTRY_RELEASE=${GIT_SHA1}
 # disable debug mode, but allow all hosts by default when running in docker
 ENV DEBUG=False
 ENV ALLOWED_HOSTS="*"
-ENV TEMPLATES_DIRS="/data/templates"
-ENV STATIC_ROOT="/data/static"
+ENV TEMPLATES_DIRS="/code/tests/app/idp/templates"
+ENV STATIC_ROOT="/code/tests/app/idp/static"
 ENV DATABASE_URL="sqlite:////data/db.sqlite3"
 
 
@@ -57,9 +51,6 @@ ENV DATABASE_URL="sqlite:////data/db.sqlite3"
 COPY --from=builder /opt/venv /opt/venv
 ENV PATH="/opt/venv/bin:$PATH"
 COPY --from=builder /code /code
-RUN mkdir -p /data/static /data/templates
-COPY --from=builder /code/tests/app/idp/static /data/static
-COPY --from=builder /code/tests/app/idp/templates /data/templates
 
 WORKDIR /code/tests/app/idp
 RUN apt-get update && apt-get install -y \

oauth2_provider/admin.py

@@ -1,6 +1,7 @@
 from django.contrib import admin
 from django.contrib.auth import get_user_model
 
+from oauth2_provider.forms import ApplicationForm
 from oauth2_provider.models import (
     get_access_token_admin_class,
     get_access_token_model,
@@ -19,6 +20,7 @@
 
 
 class ApplicationAdmin(admin.ModelAdmin):
+    form = ApplicationForm
     list_display = ("pk", "name", "user", "client_type", "authorization_grant_type")
     list_filter = ("client_type", "authorization_grant_type", "skip_authorization")
     radio_fields = {
@@ -28,6 +30,9 @@ class ApplicationAdmin(admin.ModelAdmin):
     search_fields = ("name",) + (("user__email",) if has_email else ())
     raw_id_fields = ("user",)
 
+    class Media:
+        js = ("oauth2_provider/admin/application_form.js",)
+
 
 class AccessTokenAdmin(admin.ModelAdmin):
     list_display = ("token", "user", "application", "expires")

oauth2_provider/forms.py

@@ -1,4 +1,48 @@
 from django import forms
+from django.utils.encoding import force_str
+from django.utils.translation import gettext_lazy as _
+
+from .models import get_application_model
+
+
+HASHED_WARNING_TEXT = _("Hashed on save. Copy it now if this is a new secret.")
+
+
+def get_application_form_class():
+    application_model = get_application_model()
+
+    class ApplicationForm(forms.ModelForm):
+        """
+        Form for Application model with dynamic help_text for client_secret field
+        based on hash_client_secret value.
+        """
+
+        class Meta:
+            model = application_model
+            fields = (
+                "name",
+                "client_id",
+                "client_secret",
+                "hash_client_secret",
+                "client_type",
+                "authorization_grant_type",
+                "redirect_uris",
+                "post_logout_redirect_uris",
+                "allowed_origins",
+                "algorithm",
+            )
+
+        def __init__(self, *args, **kwargs):
+            super().__init__(*args, **kwargs)
+
+            self.fields.get("client_secret").widget.attrs.setdefault(
+                "data-hashed-warning", force_str(HASHED_WARNING_TEXT)
+            )
+
+    return ApplicationForm
+
+
+ApplicationForm = get_application_form_class()
 
 
 class AllowForm(forms.Form):

oauth2_provider/locale/zh_Hans/LC_MESSAGES/django.po

@@ -0,0 +1,240 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2025-12-15 01:04+0800\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <[email protected]>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=1; plural=0;\n"
+#: oauth2_provider/forms.py:6
+msgid "Hashed on save. Copy it now if this is a new secret."
+msgstr "保存时会进行哈希处理。如果这是一个新的密钥，请立即复制并保存。"
+
+#: oauth2_provider/models.py:87
+msgid "Confidential"
+msgstr ""
+
+#: oauth2_provider/models.py:88
+msgid "Public"
+msgstr ""
+
+#: oauth2_provider/models.py:98
+msgid "Authorization code"
+msgstr ""
+
+#: oauth2_provider/models.py:99
+msgid "Device Code"
+msgstr ""
+
+#: oauth2_provider/models.py:100
+msgid "Implicit"
+msgstr ""
+
+#: oauth2_provider/models.py:101
+msgid "Resource owner password-based"
+msgstr ""
+
+#: oauth2_provider/models.py:102
+msgid "Client credentials"
+msgstr ""
+
+#: oauth2_provider/models.py:103
+msgid "OpenID connect hybrid"
+msgstr ""
+
+#: oauth2_provider/models.py:110
+msgid "No OIDC support"
+msgstr ""
+
+#: oauth2_provider/models.py:111
+msgid "RSA with SHA-2 256"
+msgstr ""
+
+#: oauth2_provider/models.py:112
+msgid "HMAC with SHA-2 256"
+msgstr ""
+
+#: oauth2_provider/models.py:127
+msgid "Allowed URIs list, space separated"
+msgstr ""
+
+#: oauth2_provider/models.py:131
+msgid "Allowed Post Logout URIs list, space separated"
+msgstr ""
+
+#: oauth2_provider/models.py:141
+msgid "Client secret for authentication"
+msgstr ""
+
+#: oauth2_provider/models.py:152
+msgid "Allowed origins list to enable CORS, space separated"
+msgstr ""
+
+#: oauth2_provider/models.py:232
+#, python-brace-format
+msgid "redirect_uris cannot be empty with grant_type {grant_type}"
+msgstr ""
+
+#: oauth2_provider/models.py:249
+msgid "You must set OIDC_RSA_PRIVATE_KEY to use RSA algorithm"
+msgstr ""
+
+#: oauth2_provider/models.py:258
+msgid "You cannot use HS256 with public grants or clients"
+msgstr ""
+
+#: oauth2_provider/models.py:674
+msgid "Authorized"
+msgstr ""
+
+#: oauth2_provider/models.py:675
+msgid "Authorization pending"
+msgstr ""
+
+#: oauth2_provider/models.py:676
+msgid "Expired"
+msgstr ""
+
+#: oauth2_provider/models.py:677
+msgid "Denied"
+msgstr ""
+
+#: oauth2_provider/oauth2_validators.py:249
+msgid "The access token is invalid."
+msgstr ""
+
+#: oauth2_provider/oauth2_validators.py:256
+msgid "The access token has expired."
+msgstr ""
+
+#: oauth2_provider/oauth2_validators.py:263
+msgid "The access token is valid but does not have enough scope."
+msgstr ""
+
+#: oauth2_provider/templates/oauth2_provider/application_confirm_delete.html:6
+msgid "Are you sure to delete the application"
+msgstr ""
+
+#: oauth2_provider/templates/oauth2_provider/application_confirm_delete.html:12
+#: oauth2_provider/templates/oauth2_provider/authorize.html:29
+msgid "Cancel"
+msgstr ""
+
+#: oauth2_provider/templates/oauth2_provider/application_confirm_delete.html:13
+#: oauth2_provider/templates/oauth2_provider/application_detail.html:53
+#: oauth2_provider/templates/oauth2_provider/authorized-token-delete.html:7
+msgid "Delete"
+msgstr ""
+
+#: oauth2_provider/templates/oauth2_provider/application_detail.html:10
+msgid "Client id"
+msgstr ""
+
+#: oauth2_provider/templates/oauth2_provider/application_detail.html:15
+msgid "Client secret"
+msgstr ""
+
+#: oauth2_provider/templates/oauth2_provider/application_detail.html:20
+msgid "Hash client secret"
+msgstr ""
+
+#: oauth2_provider/templates/oauth2_provider/application_detail.html:21
+msgid "yes,no"
+msgstr ""
+
+#: oauth2_provider/templates/oauth2_provider/application_detail.html:25
+msgid "Client type"
+msgstr ""
+
+#: oauth2_provider/templates/oauth2_provider/application_detail.html:30
+msgid "Authorization Grant Type"
+msgstr ""
+
+#: oauth2_provider/templates/oauth2_provider/application_detail.html:35
+msgid "Redirect Uris"
+msgstr ""
+
+#: oauth2_provider/templates/oauth2_provider/application_detail.html:40
+msgid "Post Logout Redirect Uris"
+msgstr ""
+
+#: oauth2_provider/templates/oauth2_provider/application_detail.html:45
+msgid "Allowed Origins"
+msgstr ""
+
+#: oauth2_provider/templates/oauth2_provider/application_detail.html:51
+#: oauth2_provider/templates/oauth2_provider/application_form.html:38
+msgid "Go Back"
+msgstr ""
+
+#: oauth2_provider/templates/oauth2_provider/application_detail.html:52
+msgid "Edit"
+msgstr ""
+
+#: oauth2_provider/templates/oauth2_provider/application_form.html:9
+msgid "Edit application"
+msgstr ""
+
+#: oauth2_provider/templates/oauth2_provider/application_form.html:40
+msgid "Save"
+msgstr ""
+
+#: oauth2_provider/templates/oauth2_provider/application_list.html:6
+msgid "Your applications"
+msgstr ""
+
+#: oauth2_provider/templates/oauth2_provider/application_list.html:14
+msgid "New Application"
+msgstr ""
+
+#: oauth2_provider/templates/oauth2_provider/application_list.html:17
+msgid "No applications defined"
+msgstr ""
+
+#: oauth2_provider/templates/oauth2_provider/application_list.html:17
+msgid "Click here"
+msgstr ""
+
+#: oauth2_provider/templates/oauth2_provider/application_list.html:17
+msgid "if you want to register a new one"
+msgstr ""
+
+#: oauth2_provider/templates/oauth2_provider/application_registration_form.html:5
+msgid "Register a new application"
+msgstr ""
+
+#: oauth2_provider/templates/oauth2_provider/authorize.html:8
+#: oauth2_provider/templates/oauth2_provider/authorize.html:30
+msgid "Authorize"
+msgstr ""
+
+#: oauth2_provider/templates/oauth2_provider/authorize.html:17
+msgid "Application requires the following permissions"
+msgstr ""
+
+#: oauth2_provider/templates/oauth2_provider/authorized-token-delete.html:6
+msgid "Are you sure you want to delete this token?"
+msgstr ""
+
+#: oauth2_provider/templates/oauth2_provider/authorized-tokens.html:6
+msgid "Tokens"
+msgstr ""
+
+#: oauth2_provider/templates/oauth2_provider/authorized-tokens.html:11
+msgid "revoke"
+msgstr ""
+
+#: oauth2_provider/templates/oauth2_provider/authorized-tokens.html:19
+msgid "There are no authorized tokens yet."
+msgstr ""

oauth2_provider/migrations/0014_alter_help_text.py

@@ -0,0 +1,20 @@
+# Generated by Django 5.2.9 on 2025-12-14 17:02
+
+import oauth2_provider.generators
+import oauth2_provider.models
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('oauth2_provider', '0013_alter_application_authorization_grant_type_device'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='application',
+            name='client_secret',
+            field=oauth2_provider.models.ClientSecretField(blank=True, db_index=True, default=oauth2_provider.generators.generate_client_secret, help_text='Client secret for authentication', max_length=255),
+        ),
+    ]