authentik/passbook/providers/oidc/forms.py

"""passbook OIDC IDP Forms"""

from django import forms
from oauth2_provider.generators import generate_client_id, generate_client_secret
from oidc_provider.models import Client

from passbook.flows.models import Flow, FlowDesignation
from passbook.providers.oidc.models import OpenIDProvider


class OIDCProviderForm(forms.ModelForm):
    """OpenID Client form"""

    authorization_flow = forms.ModelChoiceField(
        queryset=Flow.objects.filter(designation=FlowDesignation.AUTHORIZATION)
    )

    def __init__(self, *args, **kwargs):
        # Correctly load data from 1:1 rel
        if "instance" in kwargs and kwargs["instance"]:
            kwargs["instance"] = kwargs["instance"].oidc_client
        super().__init__(*args, **kwargs)
        self.fields["client_id"].initial = generate_client_id()
        self.fields["client_secret"].initial = generate_client_secret()
        try:
            self.fields[
                "authorization_flow"
            ].initial = self.instance.openidprovider.authorization_flow
        # pylint: disable=no-member
        except Client.openidprovider.RelatedObjectDoesNotExist:
            pass

    def save(self, *args, **kwargs):
        self.instance.reuse_consent = False  # This is managed by passbook
        self.instance.require_consent = False  # This is managed by passbook
        response = super().save(*args, **kwargs)
        # Check if openidprovider class instance exists
        if not OpenIDProvider.objects.filter(oidc_client=self.instance).exists():
            OpenIDProvider.objects.create(
                oidc_client=self.instance,
                authorization_flow=self.cleaned_data.get("authorization_flow"),
            )
        self.instance.openidprovider.authorization_flow = self.cleaned_data.get(
            "authorization_flow"
        )
        self.instance.openidprovider.save()
        return response

    class Meta:
        model = Client
        fields = [
            "name",
            "authorization_flow",
            "client_type",
            "client_id",
            "client_secret",
            "response_types",
            "jwt_alg",
            "_redirect_uris",
            "_scope",
        ]
        labels = {"client_secret": "Client Secret"}
remove oidc from OAuth2, add dedicated OIDC provider 2019-07-05 13:21:48 +00:00			`"""passbook OIDC IDP Forms"""`

			`from django import forms`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`from oauth2_provider.generators import generate_client_id, generate_client_secret`
remove oidc from OAuth2, add dedicated OIDC provider 2019-07-05 13:21:48 +00:00			`from oidc_provider.models import Client`

WIP Use Flows for Sources and Providers (#32) * core: start migrating to flows for authorisation * sources/oauth: start type-hinting * core: create default user * core: only show user delete button if an unenrollment flow exists * flows: Correctly check initial policies on flow with context * policies: add more verbosity to engine * sources/oauth: migrate to flows * sources/oauth: fix typing errors * flows: add more tests * sources/oauth: start implementing unittests * sources/ldap: add option to disable user sync, move connection init to model * sources/ldap: re-add default PropertyMappings * providers/saml: re-add default PropertyMappings * admin: fix missing stage count * stages/identification: fix sources not being shown * crypto: fix being unable to save with private key * crypto: re-add default self-signed keypair * policies: rewrite cache_key to prevent wrong cache * sources/saml: migrate to flows for auth and enrollment * stages/consent: add new stage * admin: fix PropertyMapping widget not rendering properly * core: provider.authorization_flow is mandatory * flows: add support for "autosubmit" attribute on form * flows: add InMemoryStage for dynamic stages * flows: optionally allow empty flows from FlowPlanner * providers/saml: update to authorization_flow * sources/: fix flow executor URL flows: fix pylint error * flows: wrap responses in JSON object to easily handle redirects * flow: dont cache plan's context * providers/oauth: rewrite OAuth2 Provider to use flows * providers/: update docstrings of models core: fix forms not passing help_text through safe * flows: fix HttpResponses not being converted to JSON * providers/oidc: rewrite to use flows * flows: fix linting 2020-06-07 14:35:08 +00:00			`from passbook.flows.models import Flow, FlowDesignation`
*(minor): small refactor 2019-10-07 14:33:48 +00:00			`from passbook.providers.oidc.models import OpenIDProvider`
remove oidc from OAuth2, add dedicated OIDC provider 2019-07-05 13:21:48 +00:00

			`class OIDCProviderForm(forms.ModelForm):`
			`"""OpenID Client form"""`

WIP Use Flows for Sources and Providers (#32) * core: start migrating to flows for authorisation * sources/oauth: start type-hinting * core: create default user * core: only show user delete button if an unenrollment flow exists * flows: Correctly check initial policies on flow with context * policies: add more verbosity to engine * sources/oauth: migrate to flows * sources/oauth: fix typing errors * flows: add more tests * sources/oauth: start implementing unittests * sources/ldap: add option to disable user sync, move connection init to model * sources/ldap: re-add default PropertyMappings * providers/saml: re-add default PropertyMappings * admin: fix missing stage count * stages/identification: fix sources not being shown * crypto: fix being unable to save with private key * crypto: re-add default self-signed keypair * policies: rewrite cache_key to prevent wrong cache * sources/saml: migrate to flows for auth and enrollment * stages/consent: add new stage * admin: fix PropertyMapping widget not rendering properly * core: provider.authorization_flow is mandatory * flows: add support for "autosubmit" attribute on form * flows: add InMemoryStage for dynamic stages * flows: optionally allow empty flows from FlowPlanner * providers/saml: update to authorization_flow * sources/: fix flow executor URL flows: fix pylint error * flows: wrap responses in JSON object to easily handle redirects * flow: dont cache plan's context * providers/oauth: rewrite OAuth2 Provider to use flows * providers/: update docstrings of models core: fix forms not passing help_text through safe * flows: fix HttpResponses not being converted to JSON * providers/oidc: rewrite to use flows * flows: fix linting 2020-06-07 14:35:08 +00:00			`authorization_flow = forms.ModelChoiceField(`
			`queryset=Flow.objects.filter(designation=FlowDesignation.AUTHORIZATION)`
			`)`

remove oidc from OAuth2, add dedicated OIDC provider 2019-07-05 13:21:48 +00:00			`def __init__(self, args, *kwargs):`
			`# Correctly load data from 1:1 rel`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`if "instance" in kwargs and kwargs["instance"]:`
			`kwargs["instance"] = kwargs["instance"].oidc_client`
remove oidc from OAuth2, add dedicated OIDC provider 2019-07-05 13:21:48 +00:00			`super().__init__(args, *kwargs)`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`self.fields["client_id"].initial = generate_client_id()`
			`self.fields["client_secret"].initial = generate_client_secret()`
WIP Use Flows for Sources and Providers (#32) * core: start migrating to flows for authorisation * sources/oauth: start type-hinting * core: create default user * core: only show user delete button if an unenrollment flow exists * flows: Correctly check initial policies on flow with context * policies: add more verbosity to engine * sources/oauth: migrate to flows * sources/oauth: fix typing errors * flows: add more tests * sources/oauth: start implementing unittests * sources/ldap: add option to disable user sync, move connection init to model * sources/ldap: re-add default PropertyMappings * providers/saml: re-add default PropertyMappings * admin: fix missing stage count * stages/identification: fix sources not being shown * crypto: fix being unable to save with private key * crypto: re-add default self-signed keypair * policies: rewrite cache_key to prevent wrong cache * sources/saml: migrate to flows for auth and enrollment * stages/consent: add new stage * admin: fix PropertyMapping widget not rendering properly * core: provider.authorization_flow is mandatory * flows: add support for "autosubmit" attribute on form * flows: add InMemoryStage for dynamic stages * flows: optionally allow empty flows from FlowPlanner * providers/saml: update to authorization_flow * sources/: fix flow executor URL flows: fix pylint error * flows: wrap responses in JSON object to easily handle redirects * flow: dont cache plan's context * providers/oauth: rewrite OAuth2 Provider to use flows * providers/: update docstrings of models core: fix forms not passing help_text through safe * flows: fix HttpResponses not being converted to JSON * providers/oidc: rewrite to use flows * flows: fix linting 2020-06-07 14:35:08 +00:00			`try:`
			`self.fields[`
			`"authorization_flow"`
			`].initial = self.instance.openidprovider.authorization_flow`
			`# pylint: disable=no-member`
			`except Client.openidprovider.RelatedObjectDoesNotExist:`
			`pass`
remove oidc from OAuth2, add dedicated OIDC provider 2019-07-05 13:21:48 +00:00
			`def save(self, args, *kwargs):`
core: fix saving of policy not correctly clearing it's cache 2020-02-24 12:15:27 +00:00			`self.instance.reuse_consent = False # This is managed by passbook`
WIP Use Flows for Sources and Providers (#32) * core: start migrating to flows for authorisation * sources/oauth: start type-hinting * core: create default user * core: only show user delete button if an unenrollment flow exists * flows: Correctly check initial policies on flow with context * policies: add more verbosity to engine * sources/oauth: migrate to flows * sources/oauth: fix typing errors * flows: add more tests * sources/oauth: start implementing unittests * sources/ldap: add option to disable user sync, move connection init to model * sources/ldap: re-add default PropertyMappings * providers/saml: re-add default PropertyMappings * admin: fix missing stage count * stages/identification: fix sources not being shown * crypto: fix being unable to save with private key * crypto: re-add default self-signed keypair * policies: rewrite cache_key to prevent wrong cache * sources/saml: migrate to flows for auth and enrollment * stages/consent: add new stage * admin: fix PropertyMapping widget not rendering properly * core: provider.authorization_flow is mandatory * flows: add support for "autosubmit" attribute on form * flows: add InMemoryStage for dynamic stages * flows: optionally allow empty flows from FlowPlanner * providers/saml: update to authorization_flow * sources/: fix flow executor URL flows: fix pylint error * flows: wrap responses in JSON object to easily handle redirects * flow: dont cache plan's context * providers/oauth: rewrite OAuth2 Provider to use flows * providers/: update docstrings of models core: fix forms not passing help_text through safe * flows: fix HttpResponses not being converted to JSON * providers/oidc: rewrite to use flows * flows: fix linting 2020-06-07 14:35:08 +00:00			`self.instance.require_consent = False # This is managed by passbook`
remove oidc from OAuth2, add dedicated OIDC provider 2019-07-05 13:21:48 +00:00			`response = super().save(args, *kwargs)`
			`# Check if openidprovider class instance exists`
			`if not OpenIDProvider.objects.filter(oidc_client=self.instance).exists():`
WIP Use Flows for Sources and Providers (#32) * core: start migrating to flows for authorisation * sources/oauth: start type-hinting * core: create default user * core: only show user delete button if an unenrollment flow exists * flows: Correctly check initial policies on flow with context * policies: add more verbosity to engine * sources/oauth: migrate to flows * sources/oauth: fix typing errors * flows: add more tests * sources/oauth: start implementing unittests * sources/ldap: add option to disable user sync, move connection init to model * sources/ldap: re-add default PropertyMappings * providers/saml: re-add default PropertyMappings * admin: fix missing stage count * stages/identification: fix sources not being shown * crypto: fix being unable to save with private key * crypto: re-add default self-signed keypair * policies: rewrite cache_key to prevent wrong cache * sources/saml: migrate to flows for auth and enrollment * stages/consent: add new stage * admin: fix PropertyMapping widget not rendering properly * core: provider.authorization_flow is mandatory * flows: add support for "autosubmit" attribute on form * flows: add InMemoryStage for dynamic stages * flows: optionally allow empty flows from FlowPlanner * providers/saml: update to authorization_flow * sources/: fix flow executor URL flows: fix pylint error * flows: wrap responses in JSON object to easily handle redirects * flow: dont cache plan's context * providers/oauth: rewrite OAuth2 Provider to use flows * providers/: update docstrings of models core: fix forms not passing help_text through safe * flows: fix HttpResponses not being converted to JSON * providers/oidc: rewrite to use flows * flows: fix linting 2020-06-07 14:35:08 +00:00			`OpenIDProvider.objects.create(`
			`oidc_client=self.instance,`
			`authorization_flow=self.cleaned_data.get("authorization_flow"),`
			`)`
			`self.instance.openidprovider.authorization_flow = self.cleaned_data.get(`
			`"authorization_flow"`
			`)`
			`self.instance.openidprovider.save()`
remove oidc from OAuth2, add dedicated OIDC provider 2019-07-05 13:21:48 +00:00			`return response`

			`class Meta:`
			`model = Client`
			`fields = [`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`"name",`
WIP Use Flows for Sources and Providers (#32) * core: start migrating to flows for authorisation * sources/oauth: start type-hinting * core: create default user * core: only show user delete button if an unenrollment flow exists * flows: Correctly check initial policies on flow with context * policies: add more verbosity to engine * sources/oauth: migrate to flows * sources/oauth: fix typing errors * flows: add more tests * sources/oauth: start implementing unittests * sources/ldap: add option to disable user sync, move connection init to model * sources/ldap: re-add default PropertyMappings * providers/saml: re-add default PropertyMappings * admin: fix missing stage count * stages/identification: fix sources not being shown * crypto: fix being unable to save with private key * crypto: re-add default self-signed keypair * policies: rewrite cache_key to prevent wrong cache * sources/saml: migrate to flows for auth and enrollment * stages/consent: add new stage * admin: fix PropertyMapping widget not rendering properly * core: provider.authorization_flow is mandatory * flows: add support for "autosubmit" attribute on form * flows: add InMemoryStage for dynamic stages * flows: optionally allow empty flows from FlowPlanner * providers/saml: update to authorization_flow * sources/: fix flow executor URL flows: fix pylint error * flows: wrap responses in JSON object to easily handle redirects * flow: dont cache plan's context * providers/oauth: rewrite OAuth2 Provider to use flows * providers/: update docstrings of models core: fix forms not passing help_text through safe * flows: fix HttpResponses not being converted to JSON * providers/oidc: rewrite to use flows * flows: fix linting 2020-06-07 14:35:08 +00:00			`"authorization_flow",`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`"client_type",`
			`"client_id",`
			`"client_secret",`
			`"response_types",`
			`"jwt_alg",`
			`"_redirect_uris",`
			`"_scope",`
remove oidc from OAuth2, add dedicated OIDC provider 2019-07-05 13:21:48 +00:00			`]`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`labels = {"client_secret": "Client Secret"}`