authentik/passbook/providers/proxy/models.py

"""passbook proxy models"""
from typing import Optional, Type

from django.core.validators import URLValidator
from django.db import models
from django.forms import ModelForm
from django.http import HttpRequest
from django.utils.translation import gettext as _

from passbook.lib.utils.template import render_to_string
from passbook.providers.oauth2.constants import (
    SCOPE_OPENID,
    SCOPE_OPENID_EMAIL,
    SCOPE_OPENID_PROFILE,
)
from passbook.providers.oauth2.models import (
    ClientTypes,
    JWTAlgorithms,
    OAuth2Provider,
    ResponseTypes,
    ScopeMapping,
)


class ProxyProvider(OAuth2Provider):
    """Protect applications that don't support any of the other
    Protocols by using a Reverse-Proxy."""

    internal_host = models.TextField(
        validators=[URLValidator(schemes=("http", "https"))]
    )
    external_host = models.TextField(
        validators=[URLValidator(schemes=("http", "https"))]
    )

    def form(self) -> Type[ModelForm]:
        from passbook.providers.proxy.forms import ProxyProviderForm

        return ProxyProviderForm

    def html_setup_urls(self, request: HttpRequest) -> Optional[str]:
        """return template and context modal with URLs for authorize, token, openid-config, etc"""
        from passbook.providers.proxy.views import DockerComposeView

        docker_compose_yaml = DockerComposeView(request=request).get_compose(self)
        return render_to_string(
            "providers/proxy/setup_modal.html",
            {"provider": self, "docker_compose": docker_compose_yaml},
        )

    def set_oauth_defaults(self):
        """Ensure all OAuth2-related settings are correct"""
        self.client_type = ClientTypes.CONFIDENTIAL
        self.response_type = ResponseTypes.CODE
        self.jwt_alg = JWTAlgorithms.HS256
        scopes = ScopeMapping.objects.filter(
            scope_name__in=[SCOPE_OPENID, SCOPE_OPENID_PROFILE, SCOPE_OPENID_EMAIL]
        )
        self.property_mappings.set(scopes)
        self.redirect_uris = "\n".join(
            [
                f"{self.external_host}/oauth2/callback",
                f"{self.internal_host}/oauth2/callback",
            ]
        )

    def __str__(self):
        return self.name

    class Meta:

        verbose_name = _("Proxy Provider")
        verbose_name_plural = _("Proxy Providers")
OAuth Provider Rewrite (#182) 2020-08-19 08:32:44 +00:00			`"""passbook proxy models"""`
			`from typing import Optional, Type`

			`from django.core.validators import URLValidator`
			`from django.db import models`
			`from django.forms import ModelForm`
			`from django.http import HttpRequest`
			`from django.utils.translation import gettext as _`

			`from passbook.lib.utils.template import render_to_string`
			`from passbook.providers.oauth2.constants import (`
			`SCOPE_OPENID,`
			`SCOPE_OPENID_EMAIL,`
			`SCOPE_OPENID_PROFILE,`
			`)`
			`from passbook.providers.oauth2.models import (`
			`ClientTypes,`
			`JWTAlgorithms,`
			`OAuth2Provider,`
			`ResponseTypes,`
			`ScopeMapping,`
			`)`


			`class ProxyProvider(OAuth2Provider):`
			`"""Protect applications that don't support any of the other`
			`Protocols by using a Reverse-Proxy."""`

			`internal_host = models.TextField(`
			`validators=[URLValidator(schemes=("http", "https"))]`
			`)`
			`external_host = models.TextField(`
			`validators=[URLValidator(schemes=("http", "https"))]`
			`)`

			`def form(self) -> Type[ModelForm]:`
			`from passbook.providers.proxy.forms import ProxyProviderForm`

			`return ProxyProviderForm`

			`def html_setup_urls(self, request: HttpRequest) -> Optional[str]:`
			`"""return template and context modal with URLs for authorize, token, openid-config, etc"""`
			`from passbook.providers.proxy.views import DockerComposeView`

			`docker_compose_yaml = DockerComposeView(request=request).get_compose(self)`
			`return render_to_string(`
			`"providers/proxy/setup_modal.html",`
			`{"provider": self, "docker_compose": docker_compose_yaml},`
			`)`

			`def set_oauth_defaults(self):`
			`"""Ensure all OAuth2-related settings are correct"""`
			`self.client_type = ClientTypes.CONFIDENTIAL`
			`self.response_type = ResponseTypes.CODE`
			`self.jwt_alg = JWTAlgorithms.HS256`
			`scopes = ScopeMapping.objects.filter(`
			`scope_name__in=[SCOPE_OPENID, SCOPE_OPENID_PROFILE, SCOPE_OPENID_EMAIL]`
			`)`
			`self.property_mappings.set(scopes)`
			`self.redirect_uris = "\n".join(`
			`[`
			`f"{self.external_host}/oauth2/callback",`
			`f"{self.internal_host}/oauth2/callback",`
			`]`
			`)`

			`def __str__(self):`
			`return self.name`

			`class Meta:`

			`verbose_name = _("Proxy Provider")`
			`verbose_name_plural = _("Proxy Providers")`