entrouvert
/
authentic
16
0
Fork 0
Code Issues Pull Requests 32 Releases Activity

idp_oidc: hide RSA algorithms if no JWKSET is defined (fixes #28249)

This commit is contained in:
Benjamin Dauvergne 2018-11-22 12:13:48 +01:00
parent b4036dd183
commit 977455a304
2 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/authentic2_idp_oidc/migrations/0001_initial.py
View File

@ -44,7 +44,7 @@ class Migration(migrations.Migration):
('redirect_uris', models.TextField(verbose_name='redirect URIs', validators=[authentic2_idp_oidc.models.validate_https_url])),
('sector_identifier_uri', models.URLField(verbose_name='sector identifier URI', blank=True)),
('identifier_policy', models.PositiveIntegerField(default=2, verbose_name='identifier policy', choices=[(1, 'uuid'), (2, 'pairwise'), (3, 'email')])),
('idtoken_algo', models.PositiveIntegerField(default=1, verbose_name='IDToken signature algorithm', choices=[(1, 'RSA'), (2, 'HMAC')])),
('idtoken_algo', models.PositiveIntegerField(default=1, verbose_name='IDToken signature algorithm', choices=[(2, 'HMAC')])),
('created', models.DateTimeField(auto_now_add=True, verbose_name='created')),
('modified', models.DateTimeField(auto_now=True, verbose_name='modified')),
],

15
src/authentic2_idp_oidc/models.py
View File

@ -4,7 +4,7 @@ from importlib import import_module
from django.db import models
from django.contrib.contenttypes.models import ContentType
from django.core.validators import URLValidator
from django.core.exceptions import ValidationError
from django.core.exceptions import ValidationError, ImproperlyConfigured
from django.utils.translation import ugettext_lazy as _
from django.conf import settings
from django.utils.timezone import now
@ -12,6 +12,7 @@ from django.contrib.contenttypes.fields import GenericForeignKey, GenericRelatio
from authentic2.managers import GenericManager
from authentic2.models import Service
from authentic2.utils import to_iter
from . import utils, managers
@ -110,9 +111,19 @@ class OIDCClient(Service):
verbose_name=_('identifier policy'),
default=POLICY_PAIRWISE,
choices=IDENTIFIER_POLICIES)
@to_iter
def get_idtoken_algorithms():
try:
utils.get_jwkset()
except ImproperlyConfigured:
return [(algo_id, algo_name) for algo_id, algo_name in OIDCClient.ALGO_CHOICES
if algo_id != OIDCClient.ALGO_RSA]
return OIDCClient.ALGO_CHOICES
idtoken_algo = models.PositiveIntegerField(
default=ALGO_RSA,
choices=ALGO_CHOICES,
choices=get_idtoken_algorithms(),
verbose_name=_('IDToken signature algorithm'))
has_api_access = models.BooleanField(
verbose_name=_('has API access'),