Fix AUD default value

.github/workflows/python-publish.yml

@@ -41,6 +41,6 @@ jobs:
           TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
           TWINE_PYPI_URL: ${{ secrets.PYPI_URL }}
         run: |
-          python setup.py sdist          
-          ls .
-          twine upload --repository-url $TWINE_PYPI_URL -u $TWINE_USERNAME -p $TWINE_PASSWORD dist/*
+          python setup.py sdist
+          cp qr_code.png dist
+          twine upload --repository-url $TWINE_PYPI_URL -u $TWINE_USERNAME -p $TWINE_PASSWORD dist/*

README.md

@@ -123,6 +123,7 @@ MIDDLEWARE = [
 
 # Exempt URIS
 # For example: ['core/banks', 'swagger']
+# This variable only works with Django Rest Framework Views, but not for native Django views.
 KEYCLOAK_EXEMPT_URIS = []
 
 # LOCAL_DECODE: is optional and False by default.  If True

django_keycloak_auth/keycloak.py

@@ -298,8 +298,8 @@ def decode(self, token, audience=None, options=None, raise_exception=True):
             json: decoded token
         """
 
-        if audience is None:
-            audience = self.client_id
+        if audience is None:            
+            audience = 'account'
 
         jwks = self.jwks()
         keys = jwks.get('keys', [])

django_keycloak_auth/settings.py

@@ -155,7 +155,7 @@
     'KEYCLOAK_SERVER_URL': 'http://localhost:8080/auth',
     'KEYCLOAK_REALM': 'TEST',
     'KEYCLOAK_CLIENT_ID': 'client-backend',
-    'KEYCLOAK_CLIENT_SECRET_KEY': 'E2n41fJgl9BPIS3nDk1DQQ7BIPf6PauH',
+    'KEYCLOAK_CLIENT_SECRET_KEY': '',
     'KEYCLOAK_CACHE_TTL': 60,
     'LOCAL_DECODE': False,
 }

django_keycloak_auth/tests.py

@@ -5,6 +5,7 @@
 from .middleware import KeycloakMiddleware, KeycloakConnect
 from core import views
 from unittest.mock import Mock
+from django.conf import settings
 
 
 class KeycloakConfigTestCase(TestCase):
@@ -346,8 +347,38 @@ def test_when_token_is_active_and_has_roles_request_not_authorizated(self):
 
         # THEN not allows endpoint to be accessed (401)
         self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
-
+        
     def test_when_token_is_active_and_has_roles_request_authorizated(self):
+
+        # GIVEN LOCAL_DECODE as False in settings.py
+        settings.KEYCLOAK_CONFIG['LOCAL_DECODE'] = False
+
+        # GIVEN token as valid
+        KeycloakConnect.is_token_active = Mock(return_value=True)        
+
+        # GIVEN token has roles
+        KeycloakConnect.roles_from_token = Mock(return_value=['director'])
+
+        # GIVEN userinfo from fake token
+        KeycloakConnect.userinfo = Mock(return_value=self.fake_userinfo)
+
+        # GIVEN a View endpoint has existis 'diretor' role on GET method
+        view = views.loans
+
+        # GIVEN a fake request
+        request = self.factory.get(self.uri)
+        request.META['HTTP_AUTHORIZATION'] = 'Bearer token_fake'
+
+        # WHEN middleware is processed
+        KeycloakMiddleware(Mock()).process_view(request, view, [], {})
+
+        # THEN allows endpoint and pass token roles and userinfo to request View
+        self.assertEqual(['director'], request.roles)
+
+    def test_when_cached_token_is_active_and_has_roles_request_authorizated(self):
+
+        # GIVEN LOCAL_DECODE as True in settings.py
+        settings.KEYCLOAK_CONFIG['LOCAL_DECODE'] = True
 
         # GIVEN token as valid
         KeycloakConnect.is_token_active = Mock(return_value=True)        
@@ -369,4 +400,4 @@ def test_when_token_is_active_and_has_roles_request_authorizated(self):
         KeycloakMiddleware(Mock()).process_view(request, view, [], {})
 
         # THEN allows endpoint and pass token roles and userinfo to request View
-        self.assertEqual(['director'], request.roles)
+        self.assertEqual([], request.roles)

setup.py

@@ -8,7 +8,7 @@
 
 setup(
     name="django-keycloak-auth",
-    version="0.9.9",
+    version="1.0.0",
     packages=find_packages(),
 
     # Project uses reStructuredText, so ensure that the docutils get