This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/passbook/providers/oauth2/forms.py

97 lines
3.1 KiB
Python
Raw Normal View History

2020-08-19 08:32:44 +00:00
"""passbook OAuth2 Provider Forms"""
from django import forms
from django.core.exceptions import ValidationError
2020-08-19 08:32:44 +00:00
from django.utils.translation import gettext as _
from passbook.admin.fields import CodeMirrorWidget
from passbook.core.expression import PropertyMappingEvaluator
from passbook.crypto.models import CertificateKeyPair
from passbook.flows.models import Flow, FlowDesignation
from passbook.providers.oauth2.generators import (
generate_client_id,
generate_client_secret,
)
from passbook.providers.oauth2.models import JWTAlgorithms, OAuth2Provider, ScopeMapping
2020-08-19 08:32:44 +00:00
class OAuth2ProviderForm(forms.ModelForm):
"""OAuth2 Provider form"""
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
self.fields["authorization_flow"].queryset = Flow.objects.filter(
designation=FlowDesignation.AUTHORIZATION
)
self.fields["client_id"].initial = generate_client_id()
self.fields["client_secret"].initial = generate_client_secret()
self.fields["rsa_key"].queryset = CertificateKeyPair.objects.exclude(
key_data__exact=""
)
self.fields["property_mappings"].queryset = ScopeMapping.objects.all()
def clean_jwt_alg(self):
"""Ensure that when RS256 is selected, a certificate-key-pair is selected"""
if (
self.data["rsa_key"] == ""
and self.cleaned_data["jwt_alg"] == JWTAlgorithms.RS256
):
raise ValidationError(
_("RS256 requires a Certificate-Key-Pair to be selected.")
)
return self.cleaned_data["jwt_alg"]
2020-08-19 08:32:44 +00:00
class Meta:
model = OAuth2Provider
fields = [
"name",
"authorization_flow",
"client_type",
"client_id",
"client_secret",
"response_type",
"token_validity",
2020-08-19 08:32:44 +00:00
"jwt_alg",
"rsa_key",
"redirect_uris",
"sub_mode",
2020-08-19 08:32:44 +00:00
"property_mappings",
]
widgets = {
"name": forms.TextInput(),
"token_validity": forms.TextInput(),
2020-08-19 08:32:44 +00:00
}
labels = {"property_mappings": _("Scopes")}
help_texts = {
"property_mappings": _(
(
"Select which scopes <b>can</b> be used by the client. "
"The client stil has to specify the scope to access the data."
)
)
}
class ScopeMappingForm(forms.ModelForm):
"""Form to edit ScopeMappings"""
template_name = "providers/oauth2/property_mapping_form.html"
2020-08-19 08:32:44 +00:00
def clean_expression(self):
"""Test Syntax"""
expression = self.cleaned_data.get("expression")
evaluator = PropertyMappingEvaluator()
evaluator.validate(expression)
return expression
class Meta:
model = ScopeMapping
fields = ["name", "scope_name", "description", "expression"]
widgets = {
"name": forms.TextInput(),
"scope_name": forms.TextInput(),
"description": forms.TextInput(),
"expression": CodeMirrorWidget(mode="python"),
}