From 0c5da1c83257ee58224151414259c6aa9ba91f29 Mon Sep 17 00:00:00 2001 From: Paul Marillonnet Date: Fri, 25 Nov 2022 10:06:29 +0100 Subject: [PATCH] idp_oidc: remove client config through django's admin pages (#71700) This removal ensures that OIDC configuration happens through /manage/ pages as part of Publik's backoffice interface. --- src/authentic2_idp_oidc/admin.py | 125 ------------------------------- tests/idp_oidc/conftest.py | 5 +- tests/idp_oidc/test_misc.py | 28 ------- 3 files changed, 2 insertions(+), 156 deletions(-) delete mode 100644 src/authentic2_idp_oidc/admin.py diff --git a/src/authentic2_idp_oidc/admin.py b/src/authentic2_idp_oidc/admin.py deleted file mode 100644 index 5e4216d59..000000000 --- a/src/authentic2_idp_oidc/admin.py +++ /dev/null @@ -1,125 +0,0 @@ -# authentic2 - versatile identity manager -# Copyright (C) 2010-2019 Entr'ouvert -# -# This program is free software: you can redistribute it and/or modify it -# under the terms of the GNU Affero General Public License as published -# by the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . - -from functools import partialmethod - -from django import forms -from django.contrib import admin - -from authentic2.attributes_ng.engine import get_service_attributes -from authentic2.forms.widgets import DatalistTextInput - -from . import app_settings, models - - -class OIDCClaimInlineForm(forms.ModelForm): - def __init__(self, *args, **kwargs): - super().__init__(*args, **kwargs) - data = dict(get_service_attributes(getattr(self.instance, 'client', None))).keys() - widget = self.fields['value'].widget - widget.data = data - widget.name = 'list__oidcclaim-inline' - widget.attrs.update({'list': 'list__oidcclaim-inline'}) - - class Meta: - model = models.OIDCClaim - fields = ['name', 'value', 'scopes'] - widgets = { - 'value': DatalistTextInput, - } - - -class OIDCClaimInlineAdmin(admin.TabularInline): - - model = models.OIDCClaim - form = OIDCClaimInlineForm - extra = 0 - - def get_formset(self, request, obj=None, **kwargs): - initial = [] - # formsets are only saved if formset.has_changed() is True, so only set initial - # values on the GET (display of the creation form) - if request.method == 'GET' and not obj: - initial.extend(app_settings.DEFAULT_MAPPINGS) - self.extra = 5 - formset = super().get_formset(request, obj=obj, **kwargs) - formset.__init__ = partialmethod(formset.__init__, initial=initial) - return formset - - -class OIDCClientAdmin(admin.ModelAdmin): - list_display = [ - 'name', - 'slug', - 'client_id', - 'ou', - 'identifier_policy', - 'created', - 'modified', - 'activate_user_profiles', - ] - list_filter = ['ou', 'identifier_policy'] - date_hierarchy = 'modified' - readonly_fields = ['created', 'modified'] - inlines = [OIDCClaimInlineAdmin] - - -class OIDCAuthorizationAdmin(admin.ModelAdmin): - list_display = ['client', 'user', 'created', 'expired'] - search_fields = ['user__first_name', 'user__last_name', 'user__email', 'user__username'] - date_hierarchy = 'created' - readonly_fields = ['created', 'expired'] - - def get_queryset(self, request): - qs = super().get_queryset(request) - qs = qs.prefetch_related('client') - return qs - - def get_search_results(self, request, queryset, search_term): - from django.contrib.contenttypes.models import ContentType - - from authentic2.a2_rbac.models import OrganizationalUnit as OU - - queryset, use_distinct = super().get_search_results(request, queryset, search_term) - clients = models.OIDCClient.objects.filter(name__contains=search_term).values_list('pk') - ous = OU.objects.filter(name__contains=search_term).values_list('pk') - queryset |= self.model.objects.filter( - client_ct=ContentType.objects.get_for_model(models.OIDCClient), client_id=clients - ) - queryset |= self.model.objects.filter(client_ct=ContentType.objects.get_for_model(OU), client_id=ous) - return queryset, use_distinct - - -class OIDCCodeAdmin(admin.ModelAdmin): - list_display = ['client', 'user', 'uuid', 'created', 'expired'] - list_filter = ['client'] - search_fields = ['user__first_name', 'user__last_name', 'user__email', 'user__username', 'client__name'] - date_hierarchy = 'created' - readonly_fields = ['uuid', 'created', 'expired', 'user', 'uuid', 'client', 'state', 'nonce'] - - -class OIDCAccessTokenAdmin(admin.ModelAdmin): - list_display = ['client', 'user', 'uuid', 'created', 'expired'] - list_filter = ['client'] - search_fields = ['user__first_name', 'user__last_name', 'user__email', 'user__username', 'client__name'] - date_hierarchy = 'created' - readonly_fields = ['uuid', 'created', 'expired'] - - -admin.site.register(models.OIDCClient, OIDCClientAdmin) -admin.site.register(models.OIDCAuthorization, OIDCAuthorizationAdmin) -admin.site.register(models.OIDCCode, OIDCCodeAdmin) -admin.site.register(models.OIDCAccessToken, OIDCAccessTokenAdmin) diff --git a/tests/idp_oidc/conftest.py b/tests/idp_oidc/conftest.py index 5e8d89dcc..46b8a0eda 100644 --- a/tests/idp_oidc/conftest.py +++ b/tests/idp_oidc/conftest.py @@ -138,15 +138,14 @@ def oidc_client(request, superuser, app, simple_user, oidc_settings): @pytest.fixture def normal_oidc_client(superuser, app, simple_user): - url = reverse('admin:authentic2_idp_oidc_oidcclient_add') + url = reverse('a2-manager-add-oidc-service') assert OIDCClient.objects.count() == 0 response = utils.login(app, superuser, path=url) response.form.set('name', 'oidcclient') - response.form.set('slug', 'oidcclient') response.form.set('ou', get_default_ou().pk) response.form.set('unauthorized_url', 'https://example.com/southpark/') response.form.set('redirect_uris', 'https://example.com/callbac%C3%A9') - response = response.form.submit(name='_save').follow() + response = response.form.submit().follow() assert OIDCClient.objects.count() == 1 client = OIDCClient.objects.get() utils.logout(app) diff --git a/tests/idp_oidc/test_misc.py b/tests/idp_oidc/test_misc.py index 21d0b62eb..68e6ccc54 100644 --- a/tests/idp_oidc/test_misc.py +++ b/tests/idp_oidc/test_misc.py @@ -109,34 +109,6 @@ OIDC_CLIENT_PARAMS = [ ] -@pytest.mark.parametrize('other_attributes', OIDC_CLIENT_PARAMS) -def test_admin(other_attributes, app, superuser, oidc_settings): - Attribute.objects.create( - name='cityscape_image', - label='cityscape', - kind='profile_image', - asked_on_registration=True, - required=False, - user_visible=True, - user_editable=True, - ) - - url = reverse('admin:authentic2_idp_oidc_oidcclient_add') - assert OIDCClient.objects.count() == 0 - response = utils.login(app, superuser, path=url) - response.form.set('name', 'oidcclient') - response.form.set('slug', 'oidcclient') - response.form.set('ou', get_default_ou().pk) - response.form.set('unauthorized_url', 'https://example.com/southpark/') - response.form.set('redirect_uris', 'https://example.com/callbac%C3%A9') - for key, value in other_attributes.items(): - if isinstance(value, datetime.timedelta): - value = f'{value.total_seconds()}' - response.form.set(key, value) - response = response.form.submit().follow() - assert OIDCClient.objects.count() == 1 - - def test_login_from_client_with_home_url(oidc_client, app, simple_user): redirect_uri = oidc_client.redirect_uris.split()[0] params = {