dtinit · aaronjae22 · Apr 11, 2026 · Apr 8, 2026 · Apr 8, 2026 · Apr 9, 2026
diff --git a/testbed/core/json_ld_builders.py b/testbed/core/json_ld_builders.py
@@ -4,7 +4,7 @@
                             build_activity_id,
                             build_note_id,
                             build_outbox_id)
-from .utils.oauth_utils import build_oauth_endpoint_url
+from .oauth.utils import build_oauth_endpoint_url
 from .models import CreateActivity, LikeActivity, FollowActivity
 
 # Build JSON-LD Actor with LOLA compliance.

diff --git a/testbed/core/oauth/__init__.py b/testbed/core/oauth/__init__.py
@@ -0,0 +1,27 @@
+from .authentication import OptionalOAuth2Authentication
+from .forms import OAuthApplicationForm
+from .utils import (
+    clear_token_from_session,
+    generate_secure_state,
+    get_token_from_session,
+    get_token_scope_from_session,
+    get_user_application,
+    store_state_in_session,
+    store_token_in_session,
+    validate_state_from_session,
+)
+from .validators import ActivityPubOAuth2Validator
+
+__all__ = [
+    "OptionalOAuth2Authentication",
+    "OAuthApplicationForm",
+    "ActivityPubOAuth2Validator",
+    "clear_token_from_session",
+    "generate_secure_state",
+    "get_token_from_session",
+    "get_token_scope_from_session",
+    "get_user_application",
+    "store_state_in_session",
+    "store_token_in_session",
+    "validate_state_from_session",
+]
diff --git a/testbed/core/utils/authentication.py → testbed/core/oauth/authentication.py b/testbed/core/utils/authentication.py → testbed/core/oauth/authentication.py
@@ -155,7 +155,7 @@ def _try_session_auth(self, request):
             A tuple of (user, token) if authentication succeeds, None otherwise
         """
         from oauth2_provider.models import AccessToken
-        from testbed.core.utils.oauth_utils import get_token_from_session, clear_token_from_session
+        from testbed.core.oauth.utils import get_token_from_session, clear_token_from_session
 
         # Check if public_only parameter is set (for demo comparison)
         if request.GET.get('public_only'):

diff --git a/testbed/core/forms/oauth_connection_form.py → testbed/core/oauth/forms.py b/testbed/core/forms/oauth_connection_form.py → testbed/core/oauth/forms.py
diff --git a/testbed/core/utils/oauth_utils.py → testbed/core/oauth/utils.py b/testbed/core/utils/oauth_utils.py → testbed/core/oauth/utils.py
@@ -82,7 +82,7 @@ def get_user_application(user, request=None):
                 credentials.save()
 
                 application.raw_client_secret = client_secret
-                logger.info(f"Successfully upgraded client secret to encrypted storage")
+                logger.info("Successfully upgraded client secret to encrypted storage")
 
                 # Clean up session storage
                 request.session.pop(CLIENT_SECRET_SESSION_KEY, None)
@@ -258,9 +258,7 @@ def store_token_in_session(request, token_data):
     scope = token_data.get('scope', '')
     request.session[TOKEN_SCOPE_SESSION_KEY] = scope
 
-    # Get expires_in for logging purposes only (not stored for validation)
-    expires_in = token_data.get('expires_in', 3600)
-    logger.info(f"OAuth token stored in session for demo authentication (server will validate expiry)")
+    logger.info("OAuth token stored in session for demo authentication (server will validate expiry)")
 
 def get_token_from_session(request):
     """

diff --git a/testbed/core/utils/oauth_validators.py → testbed/core/oauth/validators.py b/testbed/core/utils/oauth_validators.py → testbed/core/oauth/validators.py
diff --git a/testbed/core/tests/test_oauth_validators.py b/testbed/core/tests/test_oauth_validators.py
@@ -3,7 +3,7 @@
 
 from django.contrib.auth import get_user_model
 from oauth2_provider.models import get_application_model
-from testbed.core.utils.oauth_validators import ActivityPubOAuth2Validator
+from testbed.core.oauth.validators import ActivityPubOAuth2Validator
 
 User = get_user_model()
 Application = get_application_model()

diff --git a/testbed/core/urls/api_urls.py b/testbed/core/urls/api_urls.py
@@ -2,7 +2,6 @@
 from testbed.core.views import (
     actor_detail,
     portability_outbox_detail,
-    deactivate_account,
     following_collection,
     followers_collection,
     content_collection,
@@ -49,10 +48,4 @@
         blocked_collection,
         name="blocked-collection",
     ),
-    # Deactivate Account: API endpoint for account deactivation
-    path(
-        "actors/<int:actor_id>/deactivate/",
-        deactivate_account,
-        name="deactivate-account",
-    ),
 ]
diff --git a/testbed/core/urls/views_urls.py b/testbed/core/urls/views_urls.py
@@ -1,13 +1,14 @@
 from django.urls import path
 from testbed.core.views import (
+    deactivate_account,
     index,
     trigger_account,
     report_activity,
     test_authorization_view,
     test_error_view,
     oauth_callback,
     test_token_exchange_view,
-    )
+)
 
 urlpatterns = [
     path("", index, name="home"),
@@ -20,4 +21,10 @@
     path("test/oauth/error/", test_error_view, name="test-oauth-error"),
     path("test/oauth/token/", test_token_exchange_view, name="test-oauth-token"),
     path("callback", oauth_callback, name="oauth-callback"),
+    # Staff-only admin action: deactivate a user account
+    path(
+        "actors/<int:actor_id>/deactivate/",
+        deactivate_account,
+        name="deactivate-account",
+    ),
 ]
diff --git a/testbed/core/views/api.py b/testbed/core/views/api.py
@@ -40,7 +40,7 @@
     Note,
     PortabilityOutbox,
 )
-from ..utils.authentication import OptionalOAuth2Authentication
+from ..oauth.authentication import OptionalOAuth2Authentication
 from ..utils.errors import build_actor_not_found_error
 from .decorators import activitypub_content, build_auth_context, validate_lola_access
 

diff --git a/testbed/core/views/oauth_demo.py b/testbed/core/views/oauth_demo.py
@@ -24,10 +24,11 @@
 from django.urls import reverse
 
 from ..models import Actor
-from testbed.core.utils.oauth_utils import (
+from ..oauth.utils import (
     generate_secure_state,
     get_user_application,
     store_state_in_session,
+    store_token_in_session,
     validate_state_from_session,
 )
 
@@ -264,9 +265,7 @@ def test_token_exchange_view(request):
             logger.info("Successfully exchanged authorization code for token")
             context["token_response"] = token_json
 
-            # NEW: Store token in session for seamless demo authentication
-            from testbed.core.utils.oauth_utils import store_token_in_session
-
+            # Store token in session for seamless demo authentication
             store_token_in_session(request, token_json)
             context["session_auth_enabled"] = True
             logger.info("Token stored in session - demo authentication now active")

diff --git a/testbed/core/views/pages.py b/testbed/core/views/pages.py
@@ -20,8 +20,8 @@
 from django.shortcuts import redirect, render
 
 from ..models import Actor
-from testbed.core.forms.oauth_connection_form import OAuthApplicationForm
-from testbed.core.utils.oauth_utils import get_user_application
+from ..oauth.forms import OAuthApplicationForm
+from ..oauth.utils import get_user_application
 
 logger = logging.getLogger(__name__)
 

diff --git a/testbed/settings/base.py b/testbed/settings/base.py
@@ -12,7 +12,6 @@
 
 from pathlib import Path
 import os
-import sys
 import logging
 import environ
 import structlog
@@ -246,7 +245,7 @@
     'ACCESS_TOKEN_EXPIRE_SECONDS': 3600,  # 1 hour
     'REFRESH_TOKEN_EXPIRE_SECONDS': 86400,  # 1 day
     'AUTHORIZATION_CODE_EXPIRE_SECONDS': 600,  # 10 minutes
-    'OAUTH2_VALIDATOR_CLASS': 'testbed.core.utils.oauth_validators.ActivityPubOAuth2Validator',
+    'OAUTH2_VALIDATOR_CLASS': 'testbed.core.oauth.validators.ActivityPubOAuth2Validator',
     # For testing purposes -> make PKCE optional
     'PKCE_REQUIRED': False,
 }