idp_oidc: remove client config through django's admin pages (#71700)

This removal ensures that OIDC configuration happens through
/manage/ pages as part of Publik's backoffice interface.

src/authentic2_idp_oidc/admin.py

@@ -1,125 +0,0 @@
-# authentic2 - versatile identity manager
-# Copyright (C) 2010-2019 Entr'ouvert
-#
-# This program is free software: you can redistribute it and/or modify it
-# under the terms of the GNU Affero General Public License as published
-# by the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-from functools import partialmethod
-
-from django import forms
-from django.contrib import admin
-
-from authentic2.attributes_ng.engine import get_service_attributes
-from authentic2.forms.widgets import DatalistTextInput
-
-from . import app_settings, models
-
-
-class OIDCClaimInlineForm(forms.ModelForm):
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        data = dict(get_service_attributes(getattr(self.instance, 'client', None))).keys()
-        widget = self.fields['value'].widget
-        widget.data = data
-        widget.name = 'list__oidcclaim-inline'
-        widget.attrs.update({'list': 'list__oidcclaim-inline'})
-
-    class Meta:
-        model = models.OIDCClaim
-        fields = ['name', 'value', 'scopes']
-        widgets = {
-            'value': DatalistTextInput,
-        }
-
-
-class OIDCClaimInlineAdmin(admin.TabularInline):
-
-    model = models.OIDCClaim
-    form = OIDCClaimInlineForm
-    extra = 0
-
-    def get_formset(self, request, obj=None, **kwargs):
-        initial = []
-        # formsets are only saved if formset.has_changed() is True, so only set initial
-        # values on the GET (display of the creation form)
-        if request.method == 'GET' and not obj:
-            initial.extend(app_settings.DEFAULT_MAPPINGS)
-            self.extra = 5
-        formset = super().get_formset(request, obj=obj, **kwargs)
-        formset.__init__ = partialmethod(formset.__init__, initial=initial)
-        return formset
-
-
-class OIDCClientAdmin(admin.ModelAdmin):
-    list_display = [
-        'name',
-        'slug',
-        'client_id',
-        'ou',
-        'identifier_policy',
-        'created',
-        'modified',
-        'activate_user_profiles',
-    ]
-    list_filter = ['ou', 'identifier_policy']
-    date_hierarchy = 'modified'
-    readonly_fields = ['created', 'modified']
-    inlines = [OIDCClaimInlineAdmin]
-
-
-class OIDCAuthorizationAdmin(admin.ModelAdmin):
-    list_display = ['client', 'user', 'created', 'expired']
-    search_fields = ['user__first_name', 'user__last_name', 'user__email', 'user__username']
-    date_hierarchy = 'created'
-    readonly_fields = ['created', 'expired']
-
-    def get_queryset(self, request):
-        qs = super().get_queryset(request)
-        qs = qs.prefetch_related('client')
-        return qs
-
-    def get_search_results(self, request, queryset, search_term):
-        from django.contrib.contenttypes.models import ContentType
-
-        from authentic2.a2_rbac.models import OrganizationalUnit as OU
-
-        queryset, use_distinct = super().get_search_results(request, queryset, search_term)
-        clients = models.OIDCClient.objects.filter(name__contains=search_term).values_list('pk')
-        ous = OU.objects.filter(name__contains=search_term).values_list('pk')
-        queryset |= self.model.objects.filter(
-            client_ct=ContentType.objects.get_for_model(models.OIDCClient), client_id=clients
-        )
-        queryset |= self.model.objects.filter(client_ct=ContentType.objects.get_for_model(OU), client_id=ous)
-        return queryset, use_distinct
-
-
-class OIDCCodeAdmin(admin.ModelAdmin):
-    list_display = ['client', 'user', 'uuid', 'created', 'expired']
-    list_filter = ['client']
-    search_fields = ['user__first_name', 'user__last_name', 'user__email', 'user__username', 'client__name']
-    date_hierarchy = 'created'
-    readonly_fields = ['uuid', 'created', 'expired', 'user', 'uuid', 'client', 'state', 'nonce']
-
-
-class OIDCAccessTokenAdmin(admin.ModelAdmin):
-    list_display = ['client', 'user', 'uuid', 'created', 'expired']
-    list_filter = ['client']
-    search_fields = ['user__first_name', 'user__last_name', 'user__email', 'user__username', 'client__name']
-    date_hierarchy = 'created'
-    readonly_fields = ['uuid', 'created', 'expired']
-
-
-admin.site.register(models.OIDCClient, OIDCClientAdmin)
-admin.site.register(models.OIDCAuthorization, OIDCAuthorizationAdmin)
-admin.site.register(models.OIDCCode, OIDCCodeAdmin)
-admin.site.register(models.OIDCAccessToken, OIDCAccessTokenAdmin)

tests/idp_oidc/conftest.py

@@ -138,15 +138,14 @@ def oidc_client(request, superuser, app, simple_user, oidc_settings):
 
 @pytest.fixture
 def normal_oidc_client(superuser, app, simple_user):
-    url = reverse('admin:authentic2_idp_oidc_oidcclient_add')
+    url = reverse('a2-manager-add-oidc-service')
     assert OIDCClient.objects.count() == 0
     response = utils.login(app, superuser, path=url)
     response.form.set('name', 'oidcclient')
-    response.form.set('slug', 'oidcclient')
     response.form.set('ou', get_default_ou().pk)
     response.form.set('unauthorized_url', 'https://example.com/southpark/')
     response.form.set('redirect_uris', 'https://example.com/callbac%C3%A9')
-    response = response.form.submit(name='_save').follow()
+    response = response.form.submit().follow()
     assert OIDCClient.objects.count() == 1
     client = OIDCClient.objects.get()
     utils.logout(app)

tests/idp_oidc/test_misc.py

@@ -109,34 +109,6 @@ OIDC_CLIENT_PARAMS = [
 ]
 
 
-@pytest.mark.parametrize('other_attributes', OIDC_CLIENT_PARAMS)
-def test_admin(other_attributes, app, superuser, oidc_settings):
-    Attribute.objects.create(
-        name='cityscape_image',
-        label='cityscape',
-        kind='profile_image',
-        asked_on_registration=True,
-        required=False,
-        user_visible=True,
-        user_editable=True,
-    )
-
-    url = reverse('admin:authentic2_idp_oidc_oidcclient_add')
-    assert OIDCClient.objects.count() == 0
-    response = utils.login(app, superuser, path=url)
-    response.form.set('name', 'oidcclient')
-    response.form.set('slug', 'oidcclient')
-    response.form.set('ou', get_default_ou().pk)
-    response.form.set('unauthorized_url', 'https://example.com/southpark/')
-    response.form.set('redirect_uris', 'https://example.com/callbac%C3%A9')
-    for key, value in other_attributes.items():
-        if isinstance(value, datetime.timedelta):
-            value = f'{value.total_seconds()}'
-        response.form.set(key, value)
-    response = response.form.submit().follow()
-    assert OIDCClient.objects.count() == 1
-
-
 def test_login_from_client_with_home_url(oidc_client, app, simple_user):
     redirect_uri = oidc_client.redirect_uris.split()[0]
     params = {