providers/proxy: add pb_proxy scope for proxy that sends user_attributes
This commit is contained in:
parent
b0b2c0830b
commit
90ea6dba90
|
@ -0,0 +1,66 @@
|
|||
# Generated by Django 3.1.1 on 2020-09-30 08:10
|
||||
|
||||
from django.apps.registry import Apps
|
||||
from django.db import migrations, models
|
||||
from django.db.backends.base.schema import BaseDatabaseSchemaEditor
|
||||
|
||||
SCOPE_PB_PROXY_EXPRESSION = """return {
|
||||
"pb_proxy": {
|
||||
"user_attributes": user.group_attributes()
|
||||
}
|
||||
}"""
|
||||
|
||||
|
||||
def create_proxy_scope(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
|
||||
from passbook.providers.proxy.models import SCOPE_PB_PROXY, ProxyProvider
|
||||
|
||||
ScopeMapping = apps.get_model("passbook_providers_oauth2", "ScopeMapping")
|
||||
|
||||
ScopeMapping.objects.update_or_create(
|
||||
scope_name=SCOPE_PB_PROXY,
|
||||
defaults={
|
||||
"name": "Autogenerated OAuth2 Mapping: passbook Proxy",
|
||||
"scope_name": SCOPE_PB_PROXY,
|
||||
"description": "",
|
||||
"expression": SCOPE_PB_PROXY_EXPRESSION,
|
||||
},
|
||||
)
|
||||
|
||||
for provider in ProxyProvider.objects.all():
|
||||
provider.set_oauth_defaults()
|
||||
provider.save()
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("passbook_providers_proxy", "0007_auto_20200923_1017"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name='proxyprovider',
|
||||
name='internal_host_ssl_validation',
|
||||
field=models.BooleanField(
|
||||
default=True, help_text='Validate SSL Certificates of upstream servers', verbose_name='Internal host SSL Validation'),
|
||||
),
|
||||
migrations.AddField(
|
||||
model_name='proxyprovider',
|
||||
name='basic_auth_enabled',
|
||||
field=models.BooleanField(
|
||||
default=False, help_text='Set a custom HTTP-Basic Authentication header based on values from passbook.', verbose_name='Set HTTP-Basic Authentication'),
|
||||
),
|
||||
migrations.AddField(
|
||||
model_name='proxyprovider',
|
||||
name='basic_auth_password_attribute',
|
||||
field=models.TextField(
|
||||
blank=True, help_text='User Attribute used for the password part of the HTTP-Basic Header.', verbose_name='HTTP-Basic Password'),
|
||||
),
|
||||
migrations.AddField(
|
||||
model_name='proxyprovider',
|
||||
name='basic_auth_user_attribute',
|
||||
field=models.TextField(
|
||||
blank=True, help_text="User Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used.", verbose_name='HTTP-Basic Username'),
|
||||
),
|
||||
migrations.RunPython(create_proxy_scope),
|
||||
]
|
|
@ -24,6 +24,8 @@ from passbook.providers.oauth2.models import (
|
|||
ScopeMapping,
|
||||
)
|
||||
|
||||
SCOPE_PB_PROXY = "pb_proxy"
|
||||
|
||||
|
||||
def get_cookie_secret():
|
||||
"""Generate random 32-character string for cookie-secret"""
|
||||
|
@ -80,7 +82,12 @@ class ProxyProvider(OutpostModel, OAuth2Provider):
|
|||
self.jwt_alg = JWTAlgorithms.RS256
|
||||
self.rsa_key = CertificateKeyPair.objects.first()
|
||||
scopes = ScopeMapping.objects.filter(
|
||||
scope_name__in=[SCOPE_OPENID, SCOPE_OPENID_PROFILE, SCOPE_OPENID_EMAIL]
|
||||
scope_name__in=[
|
||||
SCOPE_OPENID,
|
||||
SCOPE_OPENID_PROFILE,
|
||||
SCOPE_OPENID_EMAIL,
|
||||
SCOPE_PB_PROXY,
|
||||
]
|
||||
)
|
||||
self.property_mappings.set(scopes)
|
||||
self.redirect_uris = "\n".join(
|
||||
|
|
Reference in a new issue