Upgrade Authlib (#68)

* Upgrade Authlib

* Bump version and patch CVE in authlib, Dropping Pydantic v1 support

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 2.1.0
+current_version = 2.2.0
 commit = False
 tag = False
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)(\-(?P<release>[a-z]+)(?P<build>\d+))?

.github/workflows/test-package.yml

@@ -13,7 +13,6 @@ jobs:
     strategy:
       matrix:
         python-version: ['3.11', '3.12']
-        pydantic-version: ['1.*', '2.*']
       fail-fast: false
     steps:
       - uses: actions/checkout@v2
@@ -26,8 +25,6 @@ jobs:
           python -m pip install --upgrade pip
           pip install flit
           flit install --deps develop
-          pip install -U "pydantic==${{ matrix.pydantic-version }}"
-          pip install pydantic_settings || true
       - name: Check formatting
         run: |
           black --check .
@@ -42,16 +39,8 @@ jobs:
           apache-license-check --copyright "2019-`date +%Y` SURF" oauth2_lib
       - name: Test with pytest
         run: |
-          pytest -vvv --cov-branch --cov-fail-under=80 --cov=oauth2_lib --cov-config=.coveragerc
-        env:
-          COVERAGE_FILE: reports/.coverage.${{ matrix.python-version }}
-      - name: Upload pytest test results
-        uses: actions/upload-artifact@v2
-        with:
-          name: reports
-          path: reports
-        # Use always() to always run this step to publish test results when there are test failures
-        if: ${{ matrix.pydantic-version == '2.*' }} && ${{ always() }}
+          mkdir reports
+          pytest -vvv --cov-branch --cov-fail-under=80 --cov=oauth2_lib --cov-config=.coveragerc --cov-report=xml
   coverage-combine:
     needs: [build]
     runs-on: ubuntu-latest
@@ -61,7 +50,7 @@ jobs:
         with:
           python-version: '3.8'
       - name: Get coverage files
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: reports
           path: reports

oauth2_lib/__init__.py

@@ -13,4 +13,4 @@
 
 """This is the SURF Oauth2 module that interfaces with the oauth2 setup."""
 
-__version__ = "2.1.0"
+__version__ = "2.2.0"

oauth2_lib/fastapi.py

@@ -253,7 +253,7 @@ async def check_openid_config(self, async_client: AsyncClient) -> None:
                 status_code=HTTPStatus.SERVICE_UNAVAILABLE,
                 detail=f"Could not load openid config from {self.openid_config_url}",
             )
-        self.openid_config = OIDCConfig.parse_obj(response.json())
+        self.openid_config = OIDCConfig(**response.json())
 
 
 class Authorization(ABC):
@@ -299,7 +299,7 @@ async def get_decision(self, async_client: AsyncClient, opa_input: dict) -> OPAR
 
         json_result = result.json()
         logger.debug("Received decision from policy agent", decision=json_result)
-        return OPAResult.parse_obj(json_result)
+        return OPAResult(**json_result)
 
     def evaluate_decision(self, decision: OPAResult, **context: dict[str, Any]) -> bool:
         did = decision.decision_id

pyproject.toml

@@ -33,8 +33,9 @@ requires = [
     "structlog>=20.2.0",
     "fastapi>=0.90.1",
     "httpx[http2]>=0.23.0,<0.27.0",
-    "authlib==1.0.1",
-    "pydantic",
+    "authlib==1.3.1",
+    "pydantic>=2",
+    "pydantic-settings",
     "strawberry-graphql>=0.171.1",
     "asyncstdlib",
 ]

tests/test_fastapi.py

@@ -112,7 +112,7 @@ def oidc_auth():
 async def test_openid_config_success(make_mock_async_client, discovery, oidc_auth):
     mock_async_client = make_mock_async_client(MockResponse(json=discovery))
     await oidc_auth.check_openid_config(mock_async_client.client)
-    assert oidc_auth.openid_config == OIDCConfig.parse_obj(discovery)
+    assert oidc_auth.openid_config == OIDCConfig(**discovery)
     mock_async_client.client.get.assert_called_once_with("openid_url/.well-known/openid-configuration")
     assert oidc_auth.openid_config.issuer == discovery["issuer"], "OpenID configuration not loaded correctly"