providers/proxy: add pb_proxy scope for proxy that sends user_attributes

This commit is contained in:
Jens Langhammer 2020-09-30 11:13:59 +02:00
parent b0b2c0830b
commit 90ea6dba90
2 changed files with 74 additions and 1 deletions

View file

@ -0,0 +1,66 @@
# Generated by Django 3.1.1 on 2020-09-30 08:10
from django.apps.registry import Apps
from django.db import migrations, models
from django.db.backends.base.schema import BaseDatabaseSchemaEditor
SCOPE_PB_PROXY_EXPRESSION = """return {
"pb_proxy": {
"user_attributes": user.group_attributes()
}
}"""
def create_proxy_scope(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
from passbook.providers.proxy.models import SCOPE_PB_PROXY, ProxyProvider
ScopeMapping = apps.get_model("passbook_providers_oauth2", "ScopeMapping")
ScopeMapping.objects.update_or_create(
scope_name=SCOPE_PB_PROXY,
defaults={
"name": "Autogenerated OAuth2 Mapping: passbook Proxy",
"scope_name": SCOPE_PB_PROXY,
"description": "",
"expression": SCOPE_PB_PROXY_EXPRESSION,
},
)
for provider in ProxyProvider.objects.all():
provider.set_oauth_defaults()
provider.save()
class Migration(migrations.Migration):
dependencies = [
("passbook_providers_proxy", "0007_auto_20200923_1017"),
]
operations = [
migrations.AlterField(
model_name='proxyprovider',
name='internal_host_ssl_validation',
field=models.BooleanField(
default=True, help_text='Validate SSL Certificates of upstream servers', verbose_name='Internal host SSL Validation'),
),
migrations.AddField(
model_name='proxyprovider',
name='basic_auth_enabled',
field=models.BooleanField(
default=False, help_text='Set a custom HTTP-Basic Authentication header based on values from passbook.', verbose_name='Set HTTP-Basic Authentication'),
),
migrations.AddField(
model_name='proxyprovider',
name='basic_auth_password_attribute',
field=models.TextField(
blank=True, help_text='User Attribute used for the password part of the HTTP-Basic Header.', verbose_name='HTTP-Basic Password'),
),
migrations.AddField(
model_name='proxyprovider',
name='basic_auth_user_attribute',
field=models.TextField(
blank=True, help_text="User Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used.", verbose_name='HTTP-Basic Username'),
),
migrations.RunPython(create_proxy_scope),
]

View file

@ -24,6 +24,8 @@ from passbook.providers.oauth2.models import (
ScopeMapping,
)
SCOPE_PB_PROXY = "pb_proxy"
def get_cookie_secret():
"""Generate random 32-character string for cookie-secret"""
@ -80,7 +82,12 @@ class ProxyProvider(OutpostModel, OAuth2Provider):
self.jwt_alg = JWTAlgorithms.RS256
self.rsa_key = CertificateKeyPair.objects.first()
scopes = ScopeMapping.objects.filter(
scope_name__in=[SCOPE_OPENID, SCOPE_OPENID_PROFILE, SCOPE_OPENID_EMAIL]
scope_name__in=[
SCOPE_OPENID,
SCOPE_OPENID_PROFILE,
SCOPE_OPENID_EMAIL,
SCOPE_PB_PROXY,
]
)
self.property_mappings.set(scopes)
self.redirect_uris = "\n".join(