authentik/passbook/providers/saml/forms.py

"""passbook SAML IDP Forms"""

from django import forms
from django.contrib.admin.widgets import FilteredSelectMultiple
from django.utils.html import mark_safe
from django.utils.translation import gettext as _

from passbook.admin.fields import CodeMirrorWidget
from passbook.core.expression import PropertyMappingEvaluator
from passbook.flows.models import Flow, FlowDesignation
from passbook.providers.saml.models import SAMLPropertyMapping, SAMLProvider


class SAMLProviderForm(forms.ModelForm):
    """SAML Provider form"""

    authorization_flow = forms.ModelChoiceField(
        queryset=Flow.objects.filter(designation=FlowDesignation.AUTHORIZATION)
    )

    class Meta:

        model = SAMLProvider
        fields = [
            "name",
            "authorization_flow",
            "acs_url",
            "audience",
            "issuer",
            "sp_binding",
            "assertion_valid_not_before",
            "assertion_valid_not_on_or_after",
            "session_valid_not_on_or_after",
            "property_mappings",
            "digest_algorithm",
            "require_signing",
            "signature_algorithm",
            "signing_kp",
        ]
        widgets = {
            "name": forms.TextInput(),
            "audience": forms.TextInput(),
            "issuer": forms.TextInput(),
            "assertion_valid_not_before": forms.TextInput(),
            "assertion_valid_not_on_or_after": forms.TextInput(),
            "session_valid_not_on_or_after": forms.TextInput(),
            "property_mappings": FilteredSelectMultiple(_("Property Mappings"), False),
        }


class SAMLPropertyMappingForm(forms.ModelForm):
    """SAML Property Mapping form"""

    template_name = "providers/saml/property_mapping_form.html"

    def clean_expression(self):
        """Test Syntax"""
        expression = self.cleaned_data.get("expression")
        evaluator = PropertyMappingEvaluator()
        evaluator.validate(expression)
        return expression

    class Meta:

        model = SAMLPropertyMapping
        fields = ["name", "saml_name", "friendly_name", "expression"]
        widgets = {
            "name": forms.TextInput(),
            "saml_name": forms.TextInput(),
            "friendly_name": forms.TextInput(),
            "expression": CodeMirrorWidget(mode="python"),
        }
        help_texts = {
            "saml_name": mark_safe(
                _(
                    "URN OID used by SAML. This is optional. "
                    '<a href="https://www.rfc-editor.org/rfc/rfc2798.html#section-2">Reference</a>'
                )
            ),
        }
admin: add provider admin 2018-11-26 21:40:10 +00:00			`"""passbook SAML IDP Forms"""`

			`from django import forms`
always use FilteredSelectMultiple for many-to-many fields 2019-03-10 17:34:09 +00:00			`from django.contrib.admin.widgets import FilteredSelectMultiple`
sources/ldap: fix expression field not being CodeMirror 2020-06-05 18:18:45 +00:00			`from django.utils.html import mark_safe`
always use FilteredSelectMultiple for many-to-many fields 2019-03-10 17:34:09 +00:00			`from django.utils.translation import gettext as _`
admin: add provider admin 2018-11-26 21:40:10 +00:00
sources/ldap: fix expression field not being CodeMirror 2020-06-05 18:18:45 +00:00			`from passbook.admin.fields import CodeMirrorWidget`
policies/expression: migrate to raw python instead of jinja2 (#49) * policies/expression: migrate to raw python instead of jinja2 * lib/expression: create base evaluator, custom subclass for policies * core: rewrite propertymappings to use python * providers/saml: update to new PropertyMappings * sources/ldap: update to new PropertyMappings * docs: update docs for new propertymappings * root: remove jinja2 * root: re-add jinja to lock file as its implicitly required 2020-06-05 10:00:27 +00:00			`from passbook.core.expression import PropertyMappingEvaluator`
WIP Use Flows for Sources and Providers (#32) * core: start migrating to flows for authorisation * sources/oauth: start type-hinting * core: create default user * core: only show user delete button if an unenrollment flow exists * flows: Correctly check initial policies on flow with context * policies: add more verbosity to engine * sources/oauth: migrate to flows * sources/oauth: fix typing errors * flows: add more tests * sources/oauth: start implementing unittests * sources/ldap: add option to disable user sync, move connection init to model * sources/ldap: re-add default PropertyMappings * providers/saml: re-add default PropertyMappings * admin: fix missing stage count * stages/identification: fix sources not being shown * crypto: fix being unable to save with private key * crypto: re-add default self-signed keypair * policies: rewrite cache_key to prevent wrong cache * sources/saml: migrate to flows for auth and enrollment * stages/consent: add new stage * admin: fix PropertyMapping widget not rendering properly * core: provider.authorization_flow is mandatory * flows: add support for "autosubmit" attribute on form * flows: add InMemoryStage for dynamic stages * flows: optionally allow empty flows from FlowPlanner * providers/saml: update to authorization_flow * sources/: fix flow executor URL flows: fix pylint error * flows: wrap responses in JSON object to easily handle redirects * flow: dont cache plan's context * providers/oauth: rewrite OAuth2 Provider to use flows * providers/: update docstrings of models core: fix forms not passing help_text through safe * flows: fix HttpResponses not being converted to JSON * providers/oidc: rewrite to use flows * flows: fix linting 2020-06-07 14:35:08 +00:00			`from passbook.flows.models import Flow, FlowDesignation`
providers/saml: remove processor_path field 2020-07-11 11:28:03 +00:00			`from passbook.providers.saml.models import SAMLPropertyMapping, SAMLProvider`
admin: add provider admin 2018-11-26 21:40:10 +00:00

			`class SAMLProviderForm(forms.ModelForm):`
			`"""SAML Provider form"""`

WIP Use Flows for Sources and Providers (#32) * core: start migrating to flows for authorisation * sources/oauth: start type-hinting * core: create default user * core: only show user delete button if an unenrollment flow exists * flows: Correctly check initial policies on flow with context * policies: add more verbosity to engine * sources/oauth: migrate to flows * sources/oauth: fix typing errors * flows: add more tests * sources/oauth: start implementing unittests * sources/ldap: add option to disable user sync, move connection init to model * sources/ldap: re-add default PropertyMappings * providers/saml: re-add default PropertyMappings * admin: fix missing stage count * stages/identification: fix sources not being shown * crypto: fix being unable to save with private key * crypto: re-add default self-signed keypair * policies: rewrite cache_key to prevent wrong cache * sources/saml: migrate to flows for auth and enrollment * stages/consent: add new stage * admin: fix PropertyMapping widget not rendering properly * core: provider.authorization_flow is mandatory * flows: add support for "autosubmit" attribute on form * flows: add InMemoryStage for dynamic stages * flows: optionally allow empty flows from FlowPlanner * providers/saml: update to authorization_flow * sources/: fix flow executor URL flows: fix pylint error * flows: wrap responses in JSON object to easily handle redirects * flow: dont cache plan's context * providers/oauth: rewrite OAuth2 Provider to use flows * providers/: update docstrings of models core: fix forms not passing help_text through safe * flows: fix HttpResponses not being converted to JSON * providers/oidc: rewrite to use flows * flows: fix linting 2020-06-07 14:35:08 +00:00			`authorization_flow = forms.ModelChoiceField(`
			`queryset=Flow.objects.filter(designation=FlowDesignation.AUTHORIZATION)`
			`)`
saml_idp: Add Certificate, Key and other settings to DB 2018-12-09 22:06:14 +00:00
admin: add provider admin 2018-11-26 21:40:10 +00:00			`class Meta:`

			`model = SAMLProvider`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`fields = [`
			`"name",`
WIP Use Flows for Sources and Providers (#32) * core: start migrating to flows for authorisation * sources/oauth: start type-hinting * core: create default user * core: only show user delete button if an unenrollment flow exists * flows: Correctly check initial policies on flow with context * policies: add more verbosity to engine * sources/oauth: migrate to flows * sources/oauth: fix typing errors * flows: add more tests * sources/oauth: start implementing unittests * sources/ldap: add option to disable user sync, move connection init to model * sources/ldap: re-add default PropertyMappings * providers/saml: re-add default PropertyMappings * admin: fix missing stage count * stages/identification: fix sources not being shown * crypto: fix being unable to save with private key * crypto: re-add default self-signed keypair * policies: rewrite cache_key to prevent wrong cache * sources/saml: migrate to flows for auth and enrollment * stages/consent: add new stage * admin: fix PropertyMapping widget not rendering properly * core: provider.authorization_flow is mandatory * flows: add support for "autosubmit" attribute on form * flows: add InMemoryStage for dynamic stages * flows: optionally allow empty flows from FlowPlanner * providers/saml: update to authorization_flow * sources/: fix flow executor URL flows: fix pylint error * flows: wrap responses in JSON object to easily handle redirects * flow: dont cache plan's context * providers/oauth: rewrite OAuth2 Provider to use flows * providers/: update docstrings of models core: fix forms not passing help_text through safe * flows: fix HttpResponses not being converted to JSON * providers/oidc: rewrite to use flows * flows: fix linting 2020-06-07 14:35:08 +00:00			`"authorization_flow",`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`"acs_url",`
			`"audience",`
			`"issuer",`
WIP Use Flows for Sources and Providers (#32) * core: start migrating to flows for authorisation * sources/oauth: start type-hinting * core: create default user * core: only show user delete button if an unenrollment flow exists * flows: Correctly check initial policies on flow with context * policies: add more verbosity to engine * sources/oauth: migrate to flows * sources/oauth: fix typing errors * flows: add more tests * sources/oauth: start implementing unittests * sources/ldap: add option to disable user sync, move connection init to model * sources/ldap: re-add default PropertyMappings * providers/saml: re-add default PropertyMappings * admin: fix missing stage count * stages/identification: fix sources not being shown * crypto: fix being unable to save with private key * crypto: re-add default self-signed keypair * policies: rewrite cache_key to prevent wrong cache * sources/saml: migrate to flows for auth and enrollment * stages/consent: add new stage * admin: fix PropertyMapping widget not rendering properly * core: provider.authorization_flow is mandatory * flows: add support for "autosubmit" attribute on form * flows: add InMemoryStage for dynamic stages * flows: optionally allow empty flows from FlowPlanner * providers/saml: update to authorization_flow * sources/: fix flow executor URL flows: fix pylint error * flows: wrap responses in JSON object to easily handle redirects * flow: dont cache plan's context * providers/oauth: rewrite OAuth2 Provider to use flows * providers/: update docstrings of models core: fix forms not passing help_text through safe * flows: fix HttpResponses not being converted to JSON * providers/oidc: rewrite to use flows * flows: fix linting 2020-06-07 14:35:08 +00:00			`"sp_binding",`
providers/saml: big cleanup, simplify base processor add New fields for - assertion_valid_not_before - assertion_valid_not_on_or_after - session_valid_not_on_or_after allow flexible time durations for these fields fall back to Provider's ACS if none is specified in AuthNRequest 2020-02-14 14:19:48 +00:00			`"assertion_valid_not_before",`
			`"assertion_valid_not_on_or_after",`
			`"session_valid_not_on_or_after",`
			`"property_mappings",`
providers/saml: add changeable signature and digest algorithm 2020-02-17 15:28:18 +00:00			`"digest_algorithm",`
providers/saml: optionally verify SAML Signature 2020-05-06 16:03:12 +00:00			`"require_signing",`
providers/saml: add changeable signature and digest algorithm 2020-02-17 15:28:18 +00:00			`"signature_algorithm",`
providers/saml: fix signing_kp typo 2020-03-05 16:09:08 +00:00			`"signing_kp",`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`]`
saml_idp: Add Certificate, Key and other settings to DB 2018-12-09 22:06:14 +00:00			`widgets = {`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`"name": forms.TextInput(),`
			`"audience": forms.TextInput(),`
			`"issuer": forms.TextInput(),`
providers/saml: big cleanup, simplify base processor add New fields for - assertion_valid_not_before - assertion_valid_not_on_or_after - session_valid_not_on_or_after allow flexible time durations for these fields fall back to Provider's ACS if none is specified in AuthNRequest 2020-02-14 14:19:48 +00:00			`"assertion_valid_not_before": forms.TextInput(),`
			`"assertion_valid_not_on_or_after": forms.TextInput(),`
			`"session_valid_not_on_or_after": forms.TextInput(),`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`"property_mappings": FilteredSelectMultiple(_("Property Mappings"), False),`
saml_idp: Add Certificate, Key and other settings to DB 2018-12-09 22:06:14 +00:00			`}`
add PropertyMapping Model, add Subclass for SAML, test with AWS 2019-03-08 11:47:50 +00:00

			`class SAMLPropertyMappingForm(forms.ModelForm):`
			`"""SAML Property Mapping form"""`

providers/saml: move templates into correct folder 2020-06-20 19:49:16 +00:00			`template_name = "providers/saml/property_mapping_form.html"`
providers/saml: add custom help text for templates, add docs for User Object reference 2020-02-17 19:30:14 +00:00
policies/expression: migrate to raw python instead of jinja2 (#49) * policies/expression: migrate to raw python instead of jinja2 * lib/expression: create base evaluator, custom subclass for policies * core: rewrite propertymappings to use python * providers/saml: update to new PropertyMappings * sources/ldap: update to new PropertyMappings * docs: update docs for new propertymappings * root: remove jinja2 * root: re-add jinja to lock file as its implicitly required 2020-06-05 10:00:27 +00:00			`def clean_expression(self):`
			`"""Test Syntax"""`
			`expression = self.cleaned_data.get("expression")`
			`evaluator = PropertyMappingEvaluator()`
			`evaluator.validate(expression)`
			`return expression`

add PropertyMapping Model, add Subclass for SAML, test with AWS 2019-03-08 11:47:50 +00:00			`class Meta:`

			`model = SAMLPropertyMapping`
*: propertymapping template -> expression 2020-02-17 19:38:14 +00:00			`fields = ["name", "saml_name", "friendly_name", "expression"]`
add PropertyMapping Model, add Subclass for SAML, test with AWS 2019-03-08 11:47:50 +00:00			`widgets = {`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`"name": forms.TextInput(),`
			`"saml_name": forms.TextInput(),`
			`"friendly_name": forms.TextInput(),`
sources/ldap: fix expression field not being CodeMirror 2020-06-05 18:18:45 +00:00			`"expression": CodeMirrorWidget(mode="python"),`
			`}`
			`help_texts = {`
			`"saml_name": mark_safe(`
			`_(`
			`"URN OID used by SAML. This is optional. "`
			`'<a href="https://www.rfc-editor.org/rfc/rfc2798.html#section-2">Reference</a>'`
			`)`
			`),`
add custom DynamicArrayField to better handle arrays 2019-03-08 14:11:01 +00:00			`}`