providers/app_gw: fix Issuer URL being incorrect, fix incorrect length cookie secret

2020-07-25 21:34:14 +02:00 · 2020-07-25 21:34:14 +02:00 · 9c1a824dc4
parent 738ced3327
commit 9c1a824dc4
3 changed files with 12 additions and 3 deletions
--- a/passbook/providers/app_gw/models.py
+++ b/passbook/providers/app_gw/models.py
@ -6,6 +6,7 @@ from typing import Optional, Type
 from django.db import models
 from django.forms import ModelForm
 from django.http import HttpRequest
+from django.shortcuts import reverse
 from django.utils.translation import gettext as _
 from oidc_provider.models import Client

@ -35,9 +36,17 @@ class ApplicationGatewayProvider(Provider):
            SystemRandom().choice(string.ascii_uppercase + string.digits)
            for _ in range(50)
        )
+        full_issuer_user = request.build_absolute_uri(
+            reverse("passbook_providers_oidc:authorize")
+        )
        return render_to_string(
            "app_gw/setup_modal.html",
-            {"provider": self, "cookie_secret": cookie_secret, "version": __version__},
+            {
+                "provider": self,
+                "cookie_secret": cookie_secret,
+                "version": __version__,
+                "full_issuer_user": full_issuer_user,
+            },
        )

    def __str__(self):
--- a/passbook/providers/app_gw/templates/app_gw/docker-compose.yml
+++ b/passbook/providers/app_gw/templates/app_gw/docker-compose.yml
@ -9,6 +9,6 @@ services:
      OAUTH2_PROXY_CLIENT_ID: {{ provider.client.client_id }}
      OAUTH2_PROXY_CLIENT_SECRET: {{ provider.client.client_secret }}
      OAUTH2_PROXY_REDIRECT_URL: https://{{ provider.external_host }}/oauth2/callback
-      OAUTH2_PROXY_OIDC_ISSUER_URL: https://{{ request.META.HTTP_HOST }}/application/oidc
+      OAUTH2_PROXY_OIDC_ISSUER_URL: {{ full_issuer_user }}
      OAUTH2_PROXY_COOKIE_SECRET: {{ cookie_secret }}
      OAUTH2_PROXY_UPSTREAMS: http://{{ provider.internal_host }}
--- a/passbook/providers/app_gw/views.py
+++ b/passbook/providers/app_gw/views.py
@ -18,7 +18,7 @@ LOGGER = get_logger()
 def get_cookie_secret():
    """Generate random 50-character string for cookie-secret"""
    return "".join(
-        SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(50)
+        SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(32)
    )