2020-08-19 08:32:44 +00:00
|
|
|
"""passbook OAuth2 Provider Forms"""
|
|
|
|
|
|
|
|
|
|
from django import forms
|
2020-10-01 18:01:45 +00:00
|
|
|
from django.core.exceptions import ValidationError
|
2020-08-19 08:32:44 +00:00
|
|
|
from django.utils.translation import gettext as _
|
|
|
|
|
|
|
|
|
|
from passbook.admin.fields import CodeMirrorWidget
|
|
|
|
|
from passbook.core.expression import PropertyMappingEvaluator
|
|
|
|
|
from passbook.crypto.models import CertificateKeyPair
|
|
|
|
|
from passbook.flows.models import Flow, FlowDesignation
|
|
|
|
|
from passbook.providers.oauth2.generators import (
|
|
|
|
|
generate_client_id,
|
|
|
|
|
generate_client_secret,
|
|
|
|
|
)
|
2020-10-03 18:36:36 +00:00
|
|
|
from passbook.providers.oauth2.models import JWTAlgorithms, OAuth2Provider, ScopeMapping
|
2020-08-19 08:32:44 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class OAuth2ProviderForm(forms.ModelForm):
|
|
|
|
|
"""OAuth2 Provider form"""
|
|
|
|
|
|
|
|
|
|
def __init__(self, *args, **kwargs):
|
|
|
|
|
super().__init__(*args, **kwargs)
|
|
|
|
|
self.fields["authorization_flow"].queryset = Flow.objects.filter(
|
|
|
|
|
designation=FlowDesignation.AUTHORIZATION
|
|
|
|
|
)
|
|
|
|
|
self.fields["client_id"].initial = generate_client_id()
|
|
|
|
|
self.fields["client_secret"].initial = generate_client_secret()
|
|
|
|
|
self.fields["rsa_key"].queryset = CertificateKeyPair.objects.exclude(
|
|
|
|
|
key_data__exact=""
|
|
|
|
|
)
|
|
|
|
|
self.fields["property_mappings"].queryset = ScopeMapping.objects.all()
|
|
|
|
|
|
2020-10-01 18:01:45 +00:00
|
|
|
def clean_jwt_alg(self):
|
|
|
|
|
"""Ensure that when RS256 is selected, a certificate-key-pair is selected"""
|
2020-10-03 18:36:36 +00:00
|
|
|
if (
|
|
|
|
|
self.data["rsa_key"] == ""
|
|
|
|
|
and self.cleaned_data["jwt_alg"] == JWTAlgorithms.RS256
|
|
|
|
|
):
|
2020-10-01 18:01:45 +00:00
|
|
|
raise ValidationError(
|
|
|
|
|
_("RS256 requires a Certificate-Key-Pair to be selected.")
|
|
|
|
|
)
|
|
|
|
|
return self.cleaned_data["jwt_alg"]
|
|
|
|
|
|
2020-08-19 08:32:44 +00:00
|
|
|
class Meta:
|
|
|
|
|
model = OAuth2Provider
|
|
|
|
|
fields = [
|
|
|
|
|
"name",
|
|
|
|
|
"authorization_flow",
|
|
|
|
|
"client_type",
|
|
|
|
|
"client_id",
|
|
|
|
|
"client_secret",
|
|
|
|
|
"response_type",
|
2020-10-01 18:01:28 +00:00
|
|
|
"token_validity",
|
2020-08-19 08:32:44 +00:00
|
|
|
"jwt_alg",
|
|
|
|
|
"rsa_key",
|
|
|
|
|
"redirect_uris",
|
2020-09-15 18:54:42 +00:00
|
|
|
"sub_mode",
|
2020-08-19 08:32:44 +00:00
|
|
|
"property_mappings",
|
|
|
|
|
]
|
|
|
|
|
widgets = {
|
|
|
|
|
"name": forms.TextInput(),
|
2020-10-01 18:01:28 +00:00
|
|
|
"token_validity": forms.TextInput(),
|
2020-08-19 08:32:44 +00:00
|
|
|
}
|
|
|
|
|
labels = {"property_mappings": _("Scopes")}
|
|
|
|
|
help_texts = {
|
|
|
|
|
"property_mappings": _(
|
|
|
|
|
(
|
|
|
|
|
"Select which scopes <b>can</b> be used by the client. "
|
|
|
|
|
"The client stil has to specify the scope to access the data."
|
|
|
|
|
)
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class ScopeMappingForm(forms.ModelForm):
|
|
|
|
|
"""Form to edit ScopeMappings"""
|
|
|
|
|
|
2020-10-11 17:29:13 +00:00
|
|
|
template_name = "providers/oauth2/property_mapping_form.html"
|
|
|
|
|
|
2020-08-19 08:32:44 +00:00
|
|
|
def clean_expression(self):
|
|
|
|
|
"""Test Syntax"""
|
|
|
|
|
expression = self.cleaned_data.get("expression")
|
|
|
|
|
evaluator = PropertyMappingEvaluator()
|
|
|
|
|
evaluator.validate(expression)
|
|
|
|
|
return expression
|
|
|
|
|
|
|
|
|
|
class Meta:
|
|
|
|
|
|
|
|
|
|
model = ScopeMapping
|
|
|
|
|
fields = ["name", "scope_name", "description", "expression"]
|
|
|
|
|
widgets = {
|
|
|
|
|
"name": forms.TextInput(),
|
|
|
|
|
"scope_name": forms.TextInput(),
|
|
|
|
|
"description": forms.TextInput(),
|
|
|
|
|
"expression": CodeMirrorWidget(mode="python"),
|
|
|
|
|
}
|
