idp_oidc: remove client config through django's admin pages (#71700)
This removal ensures that OIDC configuration happens through /manage/ pages as part of Publik's backoffice interface.
This commit is contained in:
parent
d19ac19469
commit
0c5da1c832
|
@ -1,125 +0,0 @@
|
|||
# authentic2 - versatile identity manager
|
||||
# Copyright (C) 2010-2019 Entr'ouvert
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify it
|
||||
# under the terms of the GNU Affero General Public License as published
|
||||
# by the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
from functools import partialmethod
|
||||
|
||||
from django import forms
|
||||
from django.contrib import admin
|
||||
|
||||
from authentic2.attributes_ng.engine import get_service_attributes
|
||||
from authentic2.forms.widgets import DatalistTextInput
|
||||
|
||||
from . import app_settings, models
|
||||
|
||||
|
||||
class OIDCClaimInlineForm(forms.ModelForm):
|
||||
def __init__(self, *args, **kwargs):
|
||||
super().__init__(*args, **kwargs)
|
||||
data = dict(get_service_attributes(getattr(self.instance, 'client', None))).keys()
|
||||
widget = self.fields['value'].widget
|
||||
widget.data = data
|
||||
widget.name = 'list__oidcclaim-inline'
|
||||
widget.attrs.update({'list': 'list__oidcclaim-inline'})
|
||||
|
||||
class Meta:
|
||||
model = models.OIDCClaim
|
||||
fields = ['name', 'value', 'scopes']
|
||||
widgets = {
|
||||
'value': DatalistTextInput,
|
||||
}
|
||||
|
||||
|
||||
class OIDCClaimInlineAdmin(admin.TabularInline):
|
||||
|
||||
model = models.OIDCClaim
|
||||
form = OIDCClaimInlineForm
|
||||
extra = 0
|
||||
|
||||
def get_formset(self, request, obj=None, **kwargs):
|
||||
initial = []
|
||||
# formsets are only saved if formset.has_changed() is True, so only set initial
|
||||
# values on the GET (display of the creation form)
|
||||
if request.method == 'GET' and not obj:
|
||||
initial.extend(app_settings.DEFAULT_MAPPINGS)
|
||||
self.extra = 5
|
||||
formset = super().get_formset(request, obj=obj, **kwargs)
|
||||
formset.__init__ = partialmethod(formset.__init__, initial=initial)
|
||||
return formset
|
||||
|
||||
|
||||
class OIDCClientAdmin(admin.ModelAdmin):
|
||||
list_display = [
|
||||
'name',
|
||||
'slug',
|
||||
'client_id',
|
||||
'ou',
|
||||
'identifier_policy',
|
||||
'created',
|
||||
'modified',
|
||||
'activate_user_profiles',
|
||||
]
|
||||
list_filter = ['ou', 'identifier_policy']
|
||||
date_hierarchy = 'modified'
|
||||
readonly_fields = ['created', 'modified']
|
||||
inlines = [OIDCClaimInlineAdmin]
|
||||
|
||||
|
||||
class OIDCAuthorizationAdmin(admin.ModelAdmin):
|
||||
list_display = ['client', 'user', 'created', 'expired']
|
||||
search_fields = ['user__first_name', 'user__last_name', 'user__email', 'user__username']
|
||||
date_hierarchy = 'created'
|
||||
readonly_fields = ['created', 'expired']
|
||||
|
||||
def get_queryset(self, request):
|
||||
qs = super().get_queryset(request)
|
||||
qs = qs.prefetch_related('client')
|
||||
return qs
|
||||
|
||||
def get_search_results(self, request, queryset, search_term):
|
||||
from django.contrib.contenttypes.models import ContentType
|
||||
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit as OU
|
||||
|
||||
queryset, use_distinct = super().get_search_results(request, queryset, search_term)
|
||||
clients = models.OIDCClient.objects.filter(name__contains=search_term).values_list('pk')
|
||||
ous = OU.objects.filter(name__contains=search_term).values_list('pk')
|
||||
queryset |= self.model.objects.filter(
|
||||
client_ct=ContentType.objects.get_for_model(models.OIDCClient), client_id=clients
|
||||
)
|
||||
queryset |= self.model.objects.filter(client_ct=ContentType.objects.get_for_model(OU), client_id=ous)
|
||||
return queryset, use_distinct
|
||||
|
||||
|
||||
class OIDCCodeAdmin(admin.ModelAdmin):
|
||||
list_display = ['client', 'user', 'uuid', 'created', 'expired']
|
||||
list_filter = ['client']
|
||||
search_fields = ['user__first_name', 'user__last_name', 'user__email', 'user__username', 'client__name']
|
||||
date_hierarchy = 'created'
|
||||
readonly_fields = ['uuid', 'created', 'expired', 'user', 'uuid', 'client', 'state', 'nonce']
|
||||
|
||||
|
||||
class OIDCAccessTokenAdmin(admin.ModelAdmin):
|
||||
list_display = ['client', 'user', 'uuid', 'created', 'expired']
|
||||
list_filter = ['client']
|
||||
search_fields = ['user__first_name', 'user__last_name', 'user__email', 'user__username', 'client__name']
|
||||
date_hierarchy = 'created'
|
||||
readonly_fields = ['uuid', 'created', 'expired']
|
||||
|
||||
|
||||
admin.site.register(models.OIDCClient, OIDCClientAdmin)
|
||||
admin.site.register(models.OIDCAuthorization, OIDCAuthorizationAdmin)
|
||||
admin.site.register(models.OIDCCode, OIDCCodeAdmin)
|
||||
admin.site.register(models.OIDCAccessToken, OIDCAccessTokenAdmin)
|
|
@ -138,15 +138,14 @@ def oidc_client(request, superuser, app, simple_user, oidc_settings):
|
|||
|
||||
@pytest.fixture
|
||||
def normal_oidc_client(superuser, app, simple_user):
|
||||
url = reverse('admin:authentic2_idp_oidc_oidcclient_add')
|
||||
url = reverse('a2-manager-add-oidc-service')
|
||||
assert OIDCClient.objects.count() == 0
|
||||
response = utils.login(app, superuser, path=url)
|
||||
response.form.set('name', 'oidcclient')
|
||||
response.form.set('slug', 'oidcclient')
|
||||
response.form.set('ou', get_default_ou().pk)
|
||||
response.form.set('unauthorized_url', 'https://example.com/southpark/')
|
||||
response.form.set('redirect_uris', 'https://example.com/callbac%C3%A9')
|
||||
response = response.form.submit(name='_save').follow()
|
||||
response = response.form.submit().follow()
|
||||
assert OIDCClient.objects.count() == 1
|
||||
client = OIDCClient.objects.get()
|
||||
utils.logout(app)
|
||||
|
|
|
@ -109,34 +109,6 @@ OIDC_CLIENT_PARAMS = [
|
|||
]
|
||||
|
||||
|
||||
@pytest.mark.parametrize('other_attributes', OIDC_CLIENT_PARAMS)
|
||||
def test_admin(other_attributes, app, superuser, oidc_settings):
|
||||
Attribute.objects.create(
|
||||
name='cityscape_image',
|
||||
label='cityscape',
|
||||
kind='profile_image',
|
||||
asked_on_registration=True,
|
||||
required=False,
|
||||
user_visible=True,
|
||||
user_editable=True,
|
||||
)
|
||||
|
||||
url = reverse('admin:authentic2_idp_oidc_oidcclient_add')
|
||||
assert OIDCClient.objects.count() == 0
|
||||
response = utils.login(app, superuser, path=url)
|
||||
response.form.set('name', 'oidcclient')
|
||||
response.form.set('slug', 'oidcclient')
|
||||
response.form.set('ou', get_default_ou().pk)
|
||||
response.form.set('unauthorized_url', 'https://example.com/southpark/')
|
||||
response.form.set('redirect_uris', 'https://example.com/callbac%C3%A9')
|
||||
for key, value in other_attributes.items():
|
||||
if isinstance(value, datetime.timedelta):
|
||||
value = f'{value.total_seconds()}'
|
||||
response.form.set(key, value)
|
||||
response = response.form.submit().follow()
|
||||
assert OIDCClient.objects.count() == 1
|
||||
|
||||
|
||||
def test_login_from_client_with_home_url(oidc_client, app, simple_user):
|
||||
redirect_uri = oidc_client.redirect_uris.split()[0]
|
||||
params = {
|
||||
|
|
Loading…
Reference in New Issue