From d1b8142b94b4fb582ea8f9831b114f0635fef631 Mon Sep 17 00:00:00 2001
From: adamscmRH <chadams@redhat.com>
Date: Tue, 10 Apr 2018 16:46:57 -0400
Subject: [PATCH] add oauth2 help text

---
 .../migrations/0025_v330_delete_authtoken.py  |  1 +
 .../migrations/0031_v330_oauth_help_text.py   | 50 ++++++++++++++++++
 awx/main/models/oauth.py                      | 52 ++++++++++++++++++-
 3 files changed, 101 insertions(+), 2 deletions(-)
 create mode 100644 awx/main/migrations/0031_v330_oauth_help_text.py

diff --git a/awx/main/migrations/0025_v330_delete_authtoken.py b/awx/main/migrations/0025_v330_delete_authtoken.py
index cd55a901b1..237473c60f 100644
--- a/awx/main/migrations/0025_v330_delete_authtoken.py
+++ b/awx/main/migrations/0025_v330_delete_authtoken.py
@@ -7,6 +7,7 @@ from django.conf import settings
 from django.db import migrations, models
 import django.db.models.deletion
 
+# TODO: Squash all of these migrations with '0024_v330_add_oauth_activity_stream_registrar'
 
 class Migration(migrations.Migration):
 
diff --git a/awx/main/migrations/0031_v330_oauth_help_text.py b/awx/main/migrations/0031_v330_oauth_help_text.py
new file mode 100644
index 0000000000..86f7e2a86e
--- /dev/null
+++ b/awx/main/migrations/0031_v330_oauth_help_text.py
@@ -0,0 +1,50 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11.11 on 2018-04-11 15:54
+from __future__ import unicode_literals
+
+import awx.main.fields
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+import oauth2_provider.generators
+
+# TODO: Squash all of these migrations with '0024_v330_add_oauth_activity_stream_registrar'
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('main', '0030_v330_polymorphic_delete'),
+    ]
+    
+    operations = [
+        migrations.AlterField(
+            model_name='oauth2accesstoken',
+            name='scope',
+            field=models.TextField(blank=True, help_text="Allowed scopes, further restricts user's permissions."),
+        ),
+        migrations.AlterField(
+            model_name='oauth2accesstoken',
+            name='user',
+            field=models.ForeignKey(blank=True, help_text='The user representing the token owner', null=True, on_delete=django.db.models.deletion.CASCADE, related_name='main_oauth2accesstoken', to=settings.AUTH_USER_MODEL),
+        ),
+        migrations.AlterField(
+            model_name='oauth2application',
+            name='authorization_grant_type',
+            field=models.CharField(choices=[(b'authorization-code', 'Authorization code'), (b'implicit', 'Implicit'), (b'password', 'Resource owner password-based'), (b'client-credentials', 'Client credentials')], help_text='The Grant type the user must use for acquire tokens for this application.', max_length=32),
+        ),
+        migrations.AlterField(
+            model_name='oauth2application',
+            name='client_secret',
+            field=awx.main.fields.OAuth2ClientSecretField(blank=True, db_index=True, default=oauth2_provider.generators.generate_client_secret, help_text='Used for more stringent verification of access to an application when creating a token.', max_length=1024),
+        ),
+        migrations.AlterField(
+            model_name='oauth2application',
+            name='client_type',
+            field=models.CharField(choices=[(b'confidential', 'Confidential'), (b'public', 'Public')], help_text='Set to Public or Confidential depending on how secure the client device is.', max_length=32),
+        ),
+        migrations.AlterField(
+            model_name='oauth2application',
+            name='skip_authorization',
+            field=models.BooleanField(default=False, help_text='Set True to skip authorization step for completely trusted applications.'),
+        ),
+    ]
diff --git a/awx/main/models/oauth.py b/awx/main/models/oauth.py
index c905aad3f4..248df271a6 100644
--- a/awx/main/models/oauth.py
+++ b/awx/main/models/oauth.py
@@ -6,6 +6,7 @@ from django.core.validators import RegexValidator
 from django.db import models
 from django.utils.timezone import now
 from django.utils.translation import ugettext_lazy as _
+from django.conf import settings
 
 # Django OAuth Toolkit
 from oauth2_provider.models import AbstractApplication, AbstractAccessToken
@@ -24,6 +25,24 @@ class OAuth2Application(AbstractApplication):
     class Meta:
         app_label = 'main'
         verbose_name = _('application')
+    
+    CLIENT_CONFIDENTIAL = "confidential"
+    CLIENT_PUBLIC = "public"
+    CLIENT_TYPES = (
+        (CLIENT_CONFIDENTIAL, _("Confidential")),
+        (CLIENT_PUBLIC, _("Public")),
+    )
+
+    GRANT_AUTHORIZATION_CODE = "authorization-code"
+    GRANT_IMPLICIT = "implicit"
+    GRANT_PASSWORD = "password"
+    GRANT_CLIENT_CREDENTIALS = "client-credentials"
+    GRANT_TYPES = (
+        (GRANT_AUTHORIZATION_CODE, _("Authorization code")),
+        (GRANT_IMPLICIT, _("Implicit")),
+        (GRANT_PASSWORD, _("Resource owner password-based")),
+        (GRANT_CLIENT_CREDENTIALS, _("Client credentials")),
+    )
 
     description = models.TextField(
         default='',
@@ -41,9 +60,26 @@ class OAuth2Application(AbstractApplication):
         on_delete=models.CASCADE,
         null=True,
     )
-
     client_secret = OAuth2ClientSecretField(
-        max_length=1024, blank=True, default=generate_client_secret, db_index=True
+        max_length=1024, 
+        blank=True, 
+        default=generate_client_secret, 
+        db_index=True,
+        help_text=_('Used for more stringent verification of access to an application when creating a token.')
+    )
+    client_type = models.CharField(
+        max_length=32, 
+        choices=CLIENT_TYPES,
+        help_text=_('Set to Public or Confidential depending on how secure the client device is.')
+    )
+    skip_authorization = models.BooleanField(
+        default=False,
+        help_text=_('Set True to skip authorization step for completely trusted applications.')
+    )
+    authorization_grant_type = models.CharField(
+        max_length=32, 
+        choices=GRANT_TYPES,
+        help_text=_('The Grant type the user must use for acquire tokens for this application.')
     )
 
 
@@ -53,6 +89,14 @@ class OAuth2AccessToken(AbstractAccessToken):
         app_label = 'main'
         verbose_name = _('access token')
 
+    user = models.ForeignKey(
+        settings.AUTH_USER_MODEL, 
+        on_delete=models.CASCADE, 
+        blank=True, 
+        null=True,
+        related_name="%(app_label)s_%(class)s",
+        help_text=_('The user representing the token owner')
+    )
     description = models.CharField(
         max_length=200,
         default='',
@@ -63,6 +107,10 @@ class OAuth2AccessToken(AbstractAccessToken):
         default=None,
         editable=False,
     )
+    scope = models.TextField(
+        blank=True,
+        help_text=_('Allowed scopes, further restricts user\'s permissions.')
+    )
 
     def is_valid(self, scopes=None):
         valid = super(OAuth2AccessToken, self).is_valid(scopes)