From c174e9cbdc2b96870294bf1996a48e11745f2e79 Mon Sep 17 00:00:00 2001 From: Alan <2.alan.tom@gmail.com> Date: Thu, 3 Jul 2025 14:48:54 +0530 Subject: [PATCH] fix: apply fixes on accepted Copilot suggestions Update frappe/integrations/oauth2.py Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Update frappe/integrations/README.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Update frappe/integrations/utils.py Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Update frappe/integrations/utils.py Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- frappe/integrations/README.md | 2 +- frappe/integrations/oauth2.py | 19 ++++++++++++------- frappe/integrations/utils.py | 6 +++--- 3 files changed, 16 insertions(+), 11 deletions(-) diff --git a/frappe/integrations/README.md b/frappe/integrations/README.md index b0ddb0564b..219ea6ba61 100644 --- a/frappe/integrations/README.md +++ b/frappe/integrations/README.md @@ -2,7 +2,7 @@ ## OAuth 2 -Frappe Framwork uses [`oauthlib`](https://github.com/oauthlib/oauthlib) to manage OAuth2 requirements. A Frappe instance can function as all of these: +Frappe Framework uses [`oauthlib`](https://github.com/oauthlib/oauthlib) to manage OAuth2 requirements. A Frappe instance can function as all of these: 1. **Resource Server**: contains resources, for example the data in your DocTypes. 2. **Authorization Server**: server that issues tokens to access some resource. diff --git a/frappe/integrations/oauth2.py b/frappe/integrations/oauth2.py index 976532473b..07a2c28e14 100644 --- a/frappe/integrations/oauth2.py +++ b/frappe/integrations/oauth2.py @@ -444,14 +444,19 @@ def _get_protected_resource_metadata(): def is_oauth_metadata_enabled(label: Literal["resource", "auth_server"]): - fieldname = ( - "show_auth_server_metadata" if label == "authorization" else "show_protected_resource_metadata" - ) + if label not in ["resource", "auth_server"]: + return False - return frappe.get_cached_value( - "OAuth Settings", - "OAuth Settings", - fieldname, + fieldname = "show_auth_server_metadata" + if label == "resource": + fieldname = "show_protected_resource_metadata" + + return bool( + frappe.get_cached_value( + "OAuth Settings", + "OAuth Settings", + fieldname, + ) ) diff --git a/frappe/integrations/utils.py b/frappe/integrations/utils.py index 07d649388a..e428b55b8d 100644 --- a/frappe/integrations/utils.py +++ b/frappe/integrations/utils.py @@ -210,11 +210,11 @@ def validate_dynamic_client_metadata(client: OAuth2DynamicClientMetadata): if client.token_endpoint_auth_method not in ["client_secret_basic"]: invalidation_reasons.append("only client_secret_basic token_endpoint_auth_method is supported") - if client.grant_types not in ["authorization_code"]: + if client.grant_types and not set(client.grant_types).issubset({"authorization_code", "refresh_token"}): invalidation_reasons.append("only authorization_code and refresh_token grant types are supported") - if client.response_types not in ["code"]: - invalidation_reasons.append("only code response_type is supported") + if client.response_types and not all(rt == "code" for rt in client.response_types): + invalidation_reasons.append("only 'code' response_type is supported") if not frappe.conf.developer_mode and any(c.scheme != "https" for c in client.redirect_uris): invalidation_reasons.append("redirect_uris must be https")