summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSerghei MIHAI <smihai@entrouvert.com>2014-08-01 09:13:17 (GMT)
committerBenjamin Dauvergne <bdauvergne@entrouvert.com>2014-08-12 12:48:06 (GMT)
commit047746e9d1db2f98d1570ad29d3e089f62b9aa41 (patch)
treeafc514b5c3f5edc84e76816afb64e86c754015cc
parent142caf82d5f65d606d6f4cdd71ccd3774e8c8e6c (diff)
downloadauthentic2-idp-oauth2-047746e9d1db2f98d1570ad29d3e089f62b9aa41.zip
authentic2-idp-oauth2-047746e9d1db2f98d1570ad29d3e089f62b9aa41.tar.gz
authentic2-idp-oauth2-047746e9d1db2f98d1570ad29d3e089f62b9aa41.tar.bz2
automatically granted scopes defined also in client attribute besides of settings
Closes #5231
-rw-r--r--authentic2_idp_oauth2/admin.py3
-rw-r--r--authentic2_idp_oauth2/migrations/0004_auto__add_field_a2client_authorized_scopes.py99
-rw-r--r--authentic2_idp_oauth2/models.py4
-rw-r--r--authentic2_idp_oauth2/views.py14
4 files changed, 115 insertions, 5 deletions
diff --git a/authentic2_idp_oauth2/admin.py b/authentic2_idp_oauth2/admin.py
index 6cb36c5..883e3e3 100644
--- a/authentic2_idp_oauth2/admin.py
+++ b/authentic2_idp_oauth2/admin.py
@@ -32,6 +32,7 @@ class A2ClientAdmin(ClientAdmin):
(None, {'fields': (
'name',
'user',
+ 'authorized_scopes',
) }),
(_('Location'), {'fields': (
'url',
@@ -42,7 +43,7 @@ class A2ClientAdmin(ClientAdmin):
'client_type',
'client_secret',
) }),
- (_('Logout'),
+ (_('Logout'),
{'fields': ('logout_url', 'logout_use_iframe', 'logout_use_iframe_timeout'),}),)
admin.site.register(models.WebService, WebServiceAdmin)
diff --git a/authentic2_idp_oauth2/migrations/0004_auto__add_field_a2client_authorized_scopes.py b/authentic2_idp_oauth2/migrations/0004_auto__add_field_a2client_authorized_scopes.py
new file mode 100644
index 0000000..e888a4e
--- /dev/null
+++ b/authentic2_idp_oauth2/migrations/0004_auto__add_field_a2client_authorized_scopes.py
@@ -0,0 +1,99 @@
+# -*- coding: utf-8 -*-
+from south.utils import datetime_utils as datetime
+from south.db import db
+from south.v2 import SchemaMigration
+from django.db import models
+
+
+class Migration(SchemaMigration):
+
+ def forwards(self, orm):
+ # Adding field 'A2Client.authorized_scopes'
+ db.add_column(u'authentic2_idp_oauth2_a2client', 'authorized_scopes',
+ self.gf('django.db.models.fields.CharField')(max_length=256, null=True, blank=True),
+ keep_default=False)
+
+
+ def backwards(self, orm):
+ # Deleting field 'A2Client.authorized_scopes'
+ db.delete_column(u'authentic2_idp_oauth2_a2client', 'authorized_scopes')
+
+
+ models = {
+ u'auth.group': {
+ 'Meta': {'object_name': 'Group'},
+ u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+ 'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}),
+ 'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'})
+ },
+ u'auth.permission': {
+ 'Meta': {'ordering': "(u'content_type__app_label', u'content_type__model', u'codename')", 'unique_together': "((u'content_type', u'codename'),)", 'object_name': 'Permission'},
+ 'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+ 'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}),
+ u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+ 'name': ('django.db.models.fields.CharField', [], {'max_length': '50'})
+ },
+ u'auth.user': {
+ 'Meta': {'object_name': 'User'},
+ 'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
+ 'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}),
+ 'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
+ 'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}),
+ u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+ 'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
+ 'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+ 'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+ 'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
+ 'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
+ 'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}),
+ 'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}),
+ 'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '255'})
+ },
+ u'authentic2_idp_oauth2.a2client': {
+ 'Meta': {'object_name': 'A2Client', '_ormbases': [u'oauth2.Client']},
+ 'authorized_scopes': ('django.db.models.fields.CharField', [], {'max_length': '256', 'null': 'True', 'blank': 'True'}),
+ u'client_ptr': ('django.db.models.fields.related.OneToOneField', [], {'to': u"orm['oauth2.Client']", 'unique': 'True', 'primary_key': 'True'}),
+ 'logout_url': ('django.db.models.fields.URLField', [], {'max_length': '255', 'null': 'True', 'blank': 'True'}),
+ 'logout_use_iframe': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+ 'logout_use_iframe_timeout': ('django.db.models.fields.PositiveIntegerField', [], {'default': '300'})
+ },
+ u'authentic2_idp_oauth2.attributerelease': {
+ 'Meta': {'object_name': 'AttributeRelease'},
+ 'attribute_name': ('django.db.models.fields.CharField', [], {'max_length': '64'}),
+ 'client': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['authentic2_idp_oauth2.A2Client']"}),
+ u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+ 'name': ('django.db.models.fields.CharField', [], {'max_length': '64'})
+ },
+ u'authentic2_idp_oauth2.webservice': {
+ 'Meta': {'object_name': 'WebService'},
+ 'allow_redirects': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
+ 'auth_mech': ('django.db.models.fields.CharField', [], {'default': "''", 'max_length': '16', 'blank': 'True'}),
+ u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+ 'name': ('django.db.models.fields.CharField', [], {'max_length': '32'}),
+ 'signature_key': ('django.db.models.fields.CharField', [], {'default': "''", 'max_length': '128', 'blank': 'True'}),
+ 'slug': ('django.db.models.fields.SlugField', [], {'max_length': '32'}),
+ 'timeout': ('django.db.models.fields.IntegerField', [], {'default': '10'}),
+ 'url': ('django.db.models.fields.CharField', [], {'max_length': '1024'}),
+ 'verify_certificate': ('django.db.models.fields.BooleanField', [], {'default': 'True'})
+ },
+ u'contenttypes.contenttype': {
+ 'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"},
+ 'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+ u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+ 'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+ 'name': ('django.db.models.fields.CharField', [], {'max_length': '100'})
+ },
+ u'oauth2.client': {
+ 'Meta': {'object_name': 'Client'},
+ 'client_id': ('django.db.models.fields.CharField', [], {'default': "'cf075b80aceb0c66e850'", 'max_length': '255'}),
+ 'client_secret': ('django.db.models.fields.CharField', [], {'default': "'abcfb70705da942c4ab431697857e073f605bf5f'", 'max_length': '255'}),
+ 'client_type': ('django.db.models.fields.IntegerField', [], {}),
+ u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+ 'name': ('django.db.models.fields.CharField', [], {'max_length': '255', 'blank': 'True'}),
+ 'redirect_uri': ('django.db.models.fields.URLField', [], {'max_length': '200'}),
+ 'url': ('django.db.models.fields.URLField', [], {'max_length': '200'}),
+ 'user': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'oauth2_client'", 'null': 'True', 'to': u"orm['auth.User']"})
+ }
+ }
+
+ complete_apps = ['authentic2_idp_oauth2']
diff --git a/authentic2_idp_oauth2/models.py b/authentic2_idp_oauth2/models.py
index 3303076..d523394 100644
--- a/authentic2_idp_oauth2/models.py
+++ b/authentic2_idp_oauth2/models.py
@@ -9,6 +9,10 @@ from authentic2.models import LogoutUrlAbstract
from authentic2.managers import GetBySlugManager
class A2Client(LogoutUrlAbstract, Client):
+
+ authorized_scopes = models.CharField('automatically granted scopes',
+ max_length=256, blank=True, null=True,
+ help_text=_('space separated scopes'))
class Meta:
verbose_name = _('client')
verbose_name_plural = _('clients')
diff --git a/authentic2_idp_oauth2/views.py b/authentic2_idp_oauth2/views.py
index abc1fa0..1fb0369 100644
--- a/authentic2_idp_oauth2/views.py
+++ b/authentic2_idp_oauth2/views.py
@@ -88,13 +88,19 @@ class Authorize(Authorize):
automatic grant for some scopes and some clients
'''
def get_authorization_form(self, request, client, data, client_data):
- for url_prefix, scopes in app_settings.AUTOMATIC_GRANT:
- if client.url.startswith(url_prefix) and \
+
+ automatic_grant = app_settings.AUTOMATIC_GRANT
+ if hasattr(client, 'a2client'):
+ client_scopes = client.a2client.authorized_scopes.split(' ')
+ automatic_grant += ((client.url, client_scopes),)
+
+ for url_prefix, scopes in automatic_grant:
+ if client_data['redirect_uri'].startswith(url_prefix) and \
scope.check(client_data['scope'], scope.to_int(*scopes)):
- # return an always valid form
return forms.EmptyForm({}, scope=client_data['scope'])
+
return super(Authorize, self).get_authorization_form(
- request, client, data, client_data)
+ request, client, data, client_data)
@api_view(['GET', 'POST', 'PUT', 'DELETE'])
@authentication_classes([OAuth2Authentication, SessionAuthentication])