providers/proxy: start implementing basic_auth_enabled

see #244
2020-09-30 11:15:17 +02:00 · 2020-09-30 11:15:17 +02:00 · 9d5dd896f3
parent 02f5f12089
commit 9d5dd896f3
4 changed files with 66 additions and 2 deletions
--- a/passbook/providers/proxy/api.py
+++ b/passbook/providers/proxy/api.py
@ -57,6 +57,9 @@ class ProxyProviderSerializer(ModelSerializer):
            "internal_host_ssl_validation",
            "certificate",
            "skip_path_regex",
+            "basic_auth_enabled",
+            "basic_auth_password_attribute",
+            "basic_auth_user_attribute",
        ]


@ -97,6 +100,9 @@ class ProxyOutpostConfigSerializer(ModelSerializer):
            "cookie_secret",
            "certificate",
            "skip_path_regex",
+            "basic_auth_enabled",
+            "basic_auth_password_attribute",
+            "basic_auth_user_attribute",
        ]

    @swagger_serializer_method(serializer_or_field=OpenIDConnectConfigurationSerializer)
--- a/passbook/providers/proxy/forms.py
+++ b/passbook/providers/proxy/forms.py
@ -37,9 +37,14 @@ class ProxyProviderForm(forms.ModelForm):
            "external_host",
            "certificate",
            "skip_path_regex",
+            "basic_auth_enabled",
+            "basic_auth_user_attribute",
+            "basic_auth_password_attribute",
        ]
        widgets = {
            "name": forms.TextInput(),
            "internal_host": forms.TextInput(),
            "external_host": forms.TextInput(),
+            "basic_auth_user_attribute": forms.TextInput(),
+            "basic_auth_password_attribute": forms.TextInput(),
        }
--- a/passbook/providers/proxy/models.py
+++ b/passbook/providers/proxy/models.py
@ -66,6 +66,31 @@ class ProxyProvider(OutpostModel, OAuth2Provider):
        ),
    )

+    basic_auth_enabled = models.BooleanField(
+        default=False,
+        verbose_name=_("Set HTTP-Basic Authentication"),
+        help_text=_(
+            "Set a custom HTTP-Basic Authentication header based on values from passbook."
+        ),
+    )
+    basic_auth_user_attribute = models.TextField(
+        blank=True,
+        verbose_name=_("HTTP-Basic Username"),
+        help_text=_(
+            (
+                "User Attribute used for the user part of the HTTP-Basic Header. "
+                "If not set, the user's Email address is used."
+            )
+        ),
+    )
+    basic_auth_password_attribute = models.TextField(
+        blank=True,
+        verbose_name=_("HTTP-Basic Password"),
+        help_text=_(
+            ("User Attribute used for the password part of the HTTP-Basic Header.")
+        ),
+    )
+
    certificate = models.ForeignKey(
        CertificateKeyPair, on_delete=models.SET_NULL, null=True, blank=True,
    )
--- a/swagger.yaml
+++ b/swagger.yaml
@ -6216,7 +6216,7 @@ definitions:
        type: string
        minLength: 1
      internal_host_ssl_validation:
-        title: Internal host ssl validation
+        title: Internal host SSL Validation
        description: Validate SSL Certificates of upstream servers
        type: boolean
      client_id:
@ -6244,6 +6244,20 @@ definitions:
        description: Regular expressions for which authentication is not required.
          Each new line is interpreted as a new Regular Expression.
        type: string
+      basic_auth_enabled:
+        title: Set HTTP-Basic Authentication
+        description: Set a custom HTTP-Basic Authentication header based on values
+          from passbook.
+        type: boolean
+      basic_auth_password_attribute:
+        title: HTTP-Basic Password
+        description: User Attribute used for the password part of the HTTP-Basic Header.
+        type: string
+      basic_auth_user_attribute:
+        title: HTTP-Basic Username
+        description: User Attribute used for the user part of the HTTP-Basic Header.
+          If not set, the user's Email address is used.
+        type: string
  Policy:
    type: object
    properties:
@ -6705,7 +6719,7 @@ definitions:
        type: string
        minLength: 1
      internal_host_ssl_validation:
-        title: Internal host ssl validation
+        title: Internal host SSL Validation
        description: Validate SSL Certificates of upstream servers
        type: boolean
      certificate:
@ -6718,6 +6732,20 @@ definitions:
        description: Regular expressions for which authentication is not required.
          Each new line is interpreted as a new Regular Expression.
        type: string
+      basic_auth_enabled:
+        title: Set HTTP-Basic Authentication
+        description: Set a custom HTTP-Basic Authentication header based on values
+          from passbook.
+        type: boolean
+      basic_auth_password_attribute:
+        title: HTTP-Basic Password
+        description: User Attribute used for the password part of the HTTP-Basic Header.
+        type: string
+      basic_auth_user_attribute:
+        title: HTTP-Basic Username
+        description: User Attribute used for the user part of the HTTP-Basic Header.
+          If not set, the user's Email address is used.
+        type: string
  SAMLProvider:
    required:
      - name