providers/proxy: make upstream SSL Validation configurable
This commit is contained in:
parent
1aff9afca6
commit
6458b1dbf8
|
@ -54,6 +54,7 @@ class ProxyProviderSerializer(ModelSerializer):
|
|||
"name",
|
||||
"internal_host",
|
||||
"external_host",
|
||||
"internal_host_ssl_validation",
|
||||
"certificate",
|
||||
"skip_path_regex",
|
||||
]
|
||||
|
@ -89,6 +90,7 @@ class ProxyOutpostConfigSerializer(ModelSerializer):
|
|||
"name",
|
||||
"internal_host",
|
||||
"external_host",
|
||||
"internal_host_ssl_validation",
|
||||
"client_id",
|
||||
"client_secret",
|
||||
"oidc_configuration",
|
||||
|
|
|
@ -33,6 +33,7 @@ class ProxyProviderForm(forms.ModelForm):
|
|||
"name",
|
||||
"authorization_flow",
|
||||
"internal_host",
|
||||
"internal_host_ssl_validation",
|
||||
"external_host",
|
||||
"certificate",
|
||||
"skip_path_regex",
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
# Generated by Django 3.1.1 on 2020-09-23 10:17
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('passbook_providers_proxy', '0006_proxyprovider_skip_path_regex'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AddField(
|
||||
model_name='proxyprovider',
|
||||
name='internal_host_ssl_validation',
|
||||
field=models.BooleanField(default=True, help_text='Validate SSL Certificates of upstream servers'),
|
||||
),
|
||||
migrations.AlterField(
|
||||
model_name='proxyprovider',
|
||||
name='skip_path_regex',
|
||||
field=models.TextField(blank=True, default='', help_text='Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression.'),
|
||||
),
|
||||
]
|
|
@ -46,15 +46,15 @@ class ProxyProvider(OutpostModel, OAuth2Provider):
|
|||
external_host = models.TextField(
|
||||
validators=[DomainlessURLValidator(schemes=("http", "https"))]
|
||||
)
|
||||
|
||||
cookie_secret = models.TextField(default=get_cookie_secret)
|
||||
internal_host_ssl_validation = models.BooleanField(
|
||||
default=True, help_text=_("Validate SSL Certificates of upstream servers"))
|
||||
|
||||
skip_path_regex = models.TextField(
|
||||
default="",
|
||||
blank=True,
|
||||
help_text=_(
|
||||
(
|
||||
"Regular expression for which authentication is not required. "
|
||||
"Regular expressions for which authentication is not required. "
|
||||
"Each new line is interpreted as a new Regular Expression."
|
||||
)
|
||||
),
|
||||
|
@ -64,6 +64,8 @@ class ProxyProvider(OutpostModel, OAuth2Provider):
|
|||
CertificateKeyPair, on_delete=models.SET_NULL, null=True, blank=True,
|
||||
)
|
||||
|
||||
cookie_secret = models.TextField(default=get_cookie_secret)
|
||||
|
||||
def form(self) -> Type[ModelForm]:
|
||||
from passbook.providers.proxy.forms import ProxyProviderForm
|
||||
|
||||
|
|
12
swagger.yaml
12
swagger.yaml
|
@ -6215,6 +6215,10 @@ definitions:
|
|||
title: External host
|
||||
type: string
|
||||
minLength: 1
|
||||
internal_host_ssl_validation:
|
||||
title: Internal host ssl validation
|
||||
description: Validate SSL Certificates of upstream servers
|
||||
type: boolean
|
||||
client_id:
|
||||
title: Client ID
|
||||
type: string
|
||||
|
@ -6237,7 +6241,7 @@ definitions:
|
|||
x-nullable: true
|
||||
skip_path_regex:
|
||||
title: Skip path regex
|
||||
description: Regular expression for which authentication is not required.
|
||||
description: Regular expressions for which authentication is not required.
|
||||
Each new line is interpreted as a new Regular Expression.
|
||||
type: string
|
||||
Policy:
|
||||
|
@ -6700,6 +6704,10 @@ definitions:
|
|||
title: External host
|
||||
type: string
|
||||
minLength: 1
|
||||
internal_host_ssl_validation:
|
||||
title: Internal host ssl validation
|
||||
description: Validate SSL Certificates of upstream servers
|
||||
type: boolean
|
||||
certificate:
|
||||
title: Certificate
|
||||
type: string
|
||||
|
@ -6707,7 +6715,7 @@ definitions:
|
|||
x-nullable: true
|
||||
skip_path_regex:
|
||||
title: Skip path regex
|
||||
description: Regular expression for which authentication is not required.
|
||||
description: Regular expressions for which authentication is not required.
|
||||
Each new line is interpreted as a new Regular Expression.
|
||||
type: string
|
||||
SAMLProvider:
|
||||
|
|
Reference in a new issue