providers/proxy: make upstream SSL Validation configurable

This commit is contained in:
Jens Langhammer 2020-09-23 12:20:09 +02:00
parent 1aff9afca6
commit 6458b1dbf8
5 changed files with 41 additions and 5 deletions

View file

@ -54,6 +54,7 @@ class ProxyProviderSerializer(ModelSerializer):
"name",
"internal_host",
"external_host",
"internal_host_ssl_validation",
"certificate",
"skip_path_regex",
]
@ -89,6 +90,7 @@ class ProxyOutpostConfigSerializer(ModelSerializer):
"name",
"internal_host",
"external_host",
"internal_host_ssl_validation",
"client_id",
"client_secret",
"oidc_configuration",

View file

@ -33,6 +33,7 @@ class ProxyProviderForm(forms.ModelForm):
"name",
"authorization_flow",
"internal_host",
"internal_host_ssl_validation",
"external_host",
"certificate",
"skip_path_regex",

View file

@ -0,0 +1,23 @@
# Generated by Django 3.1.1 on 2020-09-23 10:17
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('passbook_providers_proxy', '0006_proxyprovider_skip_path_regex'),
]
operations = [
migrations.AddField(
model_name='proxyprovider',
name='internal_host_ssl_validation',
field=models.BooleanField(default=True, help_text='Validate SSL Certificates of upstream servers'),
),
migrations.AlterField(
model_name='proxyprovider',
name='skip_path_regex',
field=models.TextField(blank=True, default='', help_text='Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression.'),
),
]

View file

@ -46,15 +46,15 @@ class ProxyProvider(OutpostModel, OAuth2Provider):
external_host = models.TextField(
validators=[DomainlessURLValidator(schemes=("http", "https"))]
)
cookie_secret = models.TextField(default=get_cookie_secret)
internal_host_ssl_validation = models.BooleanField(
default=True, help_text=_("Validate SSL Certificates of upstream servers"))
skip_path_regex = models.TextField(
default="",
blank=True,
help_text=_(
(
"Regular expression for which authentication is not required. "
"Regular expressions for which authentication is not required. "
"Each new line is interpreted as a new Regular Expression."
)
),
@ -64,6 +64,8 @@ class ProxyProvider(OutpostModel, OAuth2Provider):
CertificateKeyPair, on_delete=models.SET_NULL, null=True, blank=True,
)
cookie_secret = models.TextField(default=get_cookie_secret)
def form(self) -> Type[ModelForm]:
from passbook.providers.proxy.forms import ProxyProviderForm

View file

@ -6215,6 +6215,10 @@ definitions:
title: External host
type: string
minLength: 1
internal_host_ssl_validation:
title: Internal host ssl validation
description: Validate SSL Certificates of upstream servers
type: boolean
client_id:
title: Client ID
type: string
@ -6237,7 +6241,7 @@ definitions:
x-nullable: true
skip_path_regex:
title: Skip path regex
description: Regular expression for which authentication is not required.
description: Regular expressions for which authentication is not required.
Each new line is interpreted as a new Regular Expression.
type: string
Policy:
@ -6700,6 +6704,10 @@ definitions:
title: External host
type: string
minLength: 1
internal_host_ssl_validation:
title: Internal host ssl validation
description: Validate SSL Certificates of upstream servers
type: boolean
certificate:
title: Certificate
type: string
@ -6707,7 +6715,7 @@ definitions:
x-nullable: true
skip_path_regex:
title: Skip path regex
description: Regular expression for which authentication is not required.
description: Regular expressions for which authentication is not required.
Each new line is interpreted as a new Regular Expression.
type: string
SAMLProvider: