Adarnauth-esi

v1.4.8 broke filtering by scopes if passed a queryset with length 1. This fixes it.

When the SSO servers are having a bad time and send back bad responses, they don't always come with an error message. The oautlib package then thinks the response is OK so it checks for the access token. Upon not finding said token it raises a `MissingTokenError` which until now had been interpreted as a reason for token invalidation.

Because it seems this happens fairly often and is leading to token hellpurging this is instead re-raised as a `IncompleteResponseError`.

Tokens which fail to refresh when a `.require_valid()` is used will be excluded from the returned queryset.

Part of the swagger API specification is the ability to define data structures ('models') for API responses. Recent updated to `bravado-core` (~4.13) and the swagger spec published by CCP have resulted in parsing of spec models and two distinct errors:
- duplicate model names are defined in the spec provided by CCP which raises an error on swagger spec parsing
- returned models are not pickle-able which breaks response caching

This release adds an extra kwarg to spec generation which prevents returning data as models, favouring dictionaries.

A part of the OAuth spec as yet unimplemented by CCP until recently is the ability, upon refresh of an OAuth token, to return both a new access token and a new refresh token. This refresh token was being ignored leading to issues with subsequent refreshes (instead resulting in a `InvalidRefreshToken` error).

This release records both the access and refresh tokens when refreshing.

Removes installation barrier for use with Django 2.0. Allegedly it works.

Experimental support for Django 2.0a1 by defining `on_delete` for foreignkeys and changing `reverse` imports to its new location. Drops support for Django<1.10.

Additionally allows initialization without `ESI_SSO_CLIENT_ID`, `ESI_SSO_CLIENT_SECRET`, and `ESI_SSO_CALLBACL_URL` settings if `settings.DEBUG` is `True`. This is useful for testing.