chore: dynamic help_text for client_secret (#1628)

Author: Michael Li

AUTHORS

@@ -85,6 +85,7 @@ Jun Zhou
 Kaleb Porter
 Kristian Rune Larsen
 Lazaros Toumanidis
+lrq315
 Ludwig Hähne
 Łukasz Skarżyński
 Madison Swain-Bowden

CHANGELOG.md

@@ -20,6 +20,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Fixed
 * #1252 Fix crash  when 'client' is in token request body
 * #1496 Fix error when Bearer token string is empty but preceded by `Bearer` keyword.
+* #1628 Fix inaccurate help_text on client_secret field of Application model
 <!--
 ### Security
 -->

Dockerfile

@@ -9,15 +9,9 @@ FROM python:3.11.6-slim as builder
 ENV PYTHONDONTWRITEBYTECODE 1
 ENV PYTHONUNBUFFERED 1
 
-ENV DEBUG=False
-ENV ALLOWED_HOSTS="*"
-ENV TEMPLATES_DIRS="/data/templates"
-ENV STATIC_ROOT="/data/static"
-ENV DATABASE_URL="sqlite:////data/db.sqlite3"
-
 RUN apt-get update
 # Build Deps
-RUN apt-get install -y --no-install-recommends gcc libc-dev python3-dev git openssh-client libpq-dev file libev-dev
+RUN apt-get install -y --no-install-recommends gcc libc-dev python3-dev git openssh-client libpq-dev file libev-dev gettext
 # bundle code in a virtual env to make copying to the final image without all the upstream stuff easier.
 RUN python -m venv /opt/venv
 ENV PATH="/opt/venv/bin:$PATH"
@@ -28,7 +22,8 @@ COPY . /code
 WORKDIR /code/tests/app/idp
 RUN pip install -r requirements.txt
 RUN pip install gunicorn
-RUN python manage.py collectstatic --noinput
+RUN cd /code/oauth2_provider && django-admin compilemessages
+RUN STATIC_ROOT="static" python manage.py collectstatic --noinput
 
 
 
@@ -47,8 +42,8 @@ ENV SENTRY_RELEASE=${GIT_SHA1}
 # disable debug mode, but allow all hosts by default when running in docker
 ENV DEBUG=False
 ENV ALLOWED_HOSTS="*"
-ENV TEMPLATES_DIRS="/data/templates"
-ENV STATIC_ROOT="/data/static"
+ENV TEMPLATES_DIRS="/code/tests/app/idp/templates"
+ENV STATIC_ROOT="/code/tests/app/idp/static"
 ENV DATABASE_URL="sqlite:////data/db.sqlite3"
 
 
@@ -57,9 +52,6 @@ ENV DATABASE_URL="sqlite:////data/db.sqlite3"
 COPY --from=builder /opt/venv /opt/venv
 ENV PATH="/opt/venv/bin:$PATH"
 COPY --from=builder /code /code
-RUN mkdir -p /data/static /data/templates
-COPY --from=builder /code/tests/app/idp/static /data/static
-COPY --from=builder /code/tests/app/idp/templates /data/templates
 
 WORKDIR /code/tests/app/idp
 RUN apt-get update && apt-get install -y \

docs/contributing.rst

@@ -380,18 +380,18 @@ Development with astral uv package and project manager.
 We have experimental support for `astral uv <https://docs.astral.sh/uv/>`__. It provides an improved
 developer experience over vanilla virtualenv/venv and pip by managing multiple python versions,
 virtual environments and dependencies in a more efficient way. The ``uv run`` command automatically
-syncs dependencies and python version before running the command, saving multiple steps when 
+syncs dependencies and python version before running the command, saving multiple steps when
 working on multiple branches with different dependencies.
 
 You can use uv sync to set up your environment and install dependencies and run python::
 
-... code-block:: bash
+.. code-block:: bash
     uv sync    # checks deps, installs virtualenv and dependencies as necessary
     uv run ... # runs command in the uv environment, syncs deps and python version first if necessary
 
 To run tox uv use `tox uv <https://github.com/tox-dev/tox-uv>`__::
 
-... code-block:: bash
+.. code-block:: bash
     uv tool install tox --with tox-uv # use uv to install
     tox --version # validate you are using the installed tox
     tox r -e py312 # will use uv

oauth2_provider/admin.py

@@ -1,6 +1,7 @@
 from django.contrib import admin
 from django.contrib.auth import get_user_model
 
+from oauth2_provider.forms import ApplicationForm
 from oauth2_provider.models import (
     get_access_token_admin_class,
     get_access_token_model,
@@ -19,6 +20,7 @@
 
 
 class ApplicationAdmin(admin.ModelAdmin):
+    form = ApplicationForm
     list_display = ("pk", "name", "user", "client_type", "authorization_grant_type")
     list_filter = ("client_type", "authorization_grant_type", "skip_authorization")
     radio_fields = {
@@ -28,6 +30,9 @@ class ApplicationAdmin(admin.ModelAdmin):
     search_fields = ("name",) + (("user__email",) if has_email else ())
     raw_id_fields = ("user",)
 
+    class Media:
+        js = ("oauth2_provider/admin/application_form.js",)
+
 
 class AccessTokenAdmin(admin.ModelAdmin):
     list_display = ("token", "user", "application", "expires")

oauth2_provider/forms.py

@@ -1,4 +1,48 @@
 from django import forms
+from django.utils.encoding import force_str
+from django.utils.translation import gettext_lazy as _
+
+from .models import get_application_model
+
+
+HASHED_WARNING_TEXT = _("Hashed on Save. Copy it now if this is a new secret.")
+
+
+def get_application_form_class():
+    application_model = get_application_model()
+
+    class ApplicationForm(forms.ModelForm):
+        """
+        Form for Application model with dynamic help_text for client_secret field
+        based on hash_client_secret value.
+        """
+
+        class Meta:
+            model = application_model
+            fields = (
+                "name",
+                "client_id",
+                "client_secret",
+                "hash_client_secret",
+                "client_type",
+                "authorization_grant_type",
+                "redirect_uris",
+                "post_logout_redirect_uris",
+                "allowed_origins",
+                "algorithm",
+            )
+
+        def __init__(self, *args, **kwargs):
+            super().__init__(*args, **kwargs)
+
+            self.fields.get("client_secret").widget.attrs.setdefault(
+                "data-hashed-warning", force_str(HASHED_WARNING_TEXT)
+            )
+
+    return ApplicationForm
+
+
+ApplicationForm = get_application_form_class()
 
 
 class AllowForm(forms.Form):