From: Ben Darnell Date: Fri, 29 May 2026 20:04:56 +0000 (-0400) Subject: auth: Formally deprecated OpenIDMixin X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=refs%2Fpull%2F3629%2Fhead;p=thirdparty%2Ftornado.git auth: Formally deprecated OpenIDMixin --- diff --git a/tornado/auth.py b/tornado/auth.py index 31115f6f..3086ec08 100644 --- a/tornado/auth.py +++ b/tornado/auth.py @@ -97,8 +97,19 @@ class OpenIdMixin: Class attributes: * ``_OPENID_ENDPOINT``: the identity provider's URI. + + .. deprecated:: 6.6 + OpenID 2.0 is no longer widely supported by identity providers. + This class will be removed in Tornado 7.0. """ + def __init__(self) -> None: + warnings.warn( + "OpenIdMixin is deprecated and will be removed in Tornado 7.0", + DeprecationWarning, + stacklevel=2, + ) + def authenticate_redirect( self, callback_uri: str | None = None, diff --git a/tornado/test/auth_test.py b/tornado/test/auth_test.py index a411a159..ace828ff 100644 --- a/tornado/test/auth_test.py +++ b/tornado/test/auth_test.py @@ -18,7 +18,8 @@ from tornado.escape import json_decode from tornado.httpclient import HTTPClientError from tornado.httputil import url_concat from tornado.log import app_log -from tornado.testing import AsyncHTTPTestCase, ExpectLog +from tornado.testing import AsyncHTTPTestCase, ExpectLog, setup_with_context_manager +from tornado.test.util import ignore_deprecation from tornado.web import Application, HTTPError, RequestHandler @@ -273,12 +274,46 @@ class TwitterServerVerifyCredentialsHandler(RequestHandler): self.write(dict(screen_name="foo", name="Foo")) +class OpenIDAuthTest(AsyncHTTPTestCase): + def setUp(self): + setup_with_context_manager(self, ignore_deprecation()) + return super().setUp() + + def get_app(self): + return Application( + [ + ("/openid/client/login", OpenIdClientLoginHandler, dict(test=self)), + ("/openid/server/authenticate", OpenIdServerAuthenticateHandler), + ], + http_client=self.http_client, + ) + + def test_openid_redirect(self): + with ignore_deprecation(): + response = self.fetch("/openid/client/login", follow_redirects=False) + self.assertEqual(response.code, 302) + self.assertIn("/openid/server/authenticate?", response.headers["Location"]) + + def test_openid_get_user(self): + for i in range(2): + with self.subTest(i=i): + with ignore_deprecation(): + response = self.fetch( + "/openid/client/login?openid.mode=blah" + "&openid.ns.ax=http://openid.net/srv/ax/1.0" + "&openid.ax.type.email=http://axschema.org/contact/email" + "&openid.ax.value.email=foo@example.com" + ) + response.rethrow() + parsed = json_decode(response.body) + self.assertEqual(parsed["email"], "foo@example.com") + + class AuthTest(AsyncHTTPTestCase): def get_app(self): return Application( [ # test endpoints - ("/openid/client/login", OpenIdClientLoginHandler, dict(test=self)), ( "/oauth10/client/login", OAuth1ClientLoginHandler, @@ -323,7 +358,6 @@ class AuthTest(AsyncHTTPTestCase): dict(test=self), ), # simulated servers - ("/openid/server/authenticate", OpenIdServerAuthenticateHandler), ("/oauth1/server/request_token", OAuth1ServerRequestTokenHandler), ("/oauth1/server/access_token", OAuth1ServerAccessTokenHandler), ("/facebook/server/access_token", FacebookServerAccessTokenHandler), @@ -342,24 +376,6 @@ class AuthTest(AsyncHTTPTestCase): facebook_secret="test_facebook_secret", ) - def test_openid_redirect(self): - response = self.fetch("/openid/client/login", follow_redirects=False) - self.assertEqual(response.code, 302) - self.assertIn("/openid/server/authenticate?", response.headers["Location"]) - - def test_openid_get_user(self): - for i in range(2): - with self.subTest(i=i): - response = self.fetch( - "/openid/client/login?openid.mode=blah" - "&openid.ns.ax=http://openid.net/srv/ax/1.0" - "&openid.ax.type.email=http://axschema.org/contact/email" - "&openid.ax.value.email=foo@example.com" - ) - response.rethrow() - parsed = json_decode(response.body) - self.assertEqual(parsed["email"], "foo@example.com") - def test_oauth10_redirect(self): response = self.fetch("/oauth10/client/login", follow_redirects=False) self.assertEqual(response.code, 302)