From 90ea6dba90a9e011724aa855891cf5f0aafe373a Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 30 Sep 2020 11:13:59 +0200 Subject: [PATCH] providers/proxy: add pb_proxy scope for proxy that sends user_attributes --- .../migrations/0008_auto_20200930_0810.py | 66 +++++++++++++++++++ passbook/providers/proxy/models.py | 9 ++- 2 files changed, 74 insertions(+), 1 deletion(-) create mode 100644 passbook/providers/proxy/migrations/0008_auto_20200930_0810.py diff --git a/passbook/providers/proxy/migrations/0008_auto_20200930_0810.py b/passbook/providers/proxy/migrations/0008_auto_20200930_0810.py new file mode 100644 index 000000000..e221c442f --- /dev/null +++ b/passbook/providers/proxy/migrations/0008_auto_20200930_0810.py @@ -0,0 +1,66 @@ +# Generated by Django 3.1.1 on 2020-09-30 08:10 + +from django.apps.registry import Apps +from django.db import migrations, models +from django.db.backends.base.schema import BaseDatabaseSchemaEditor + +SCOPE_PB_PROXY_EXPRESSION = """return { + "pb_proxy": { + "user_attributes": user.group_attributes() + } +}""" + + +def create_proxy_scope(apps: Apps, schema_editor: BaseDatabaseSchemaEditor): + from passbook.providers.proxy.models import SCOPE_PB_PROXY, ProxyProvider + + ScopeMapping = apps.get_model("passbook_providers_oauth2", "ScopeMapping") + + ScopeMapping.objects.update_or_create( + scope_name=SCOPE_PB_PROXY, + defaults={ + "name": "Autogenerated OAuth2 Mapping: passbook Proxy", + "scope_name": SCOPE_PB_PROXY, + "description": "", + "expression": SCOPE_PB_PROXY_EXPRESSION, + }, + ) + + for provider in ProxyProvider.objects.all(): + provider.set_oauth_defaults() + provider.save() + + +class Migration(migrations.Migration): + + dependencies = [ + ("passbook_providers_proxy", "0007_auto_20200923_1017"), + ] + + operations = [ + migrations.AlterField( + model_name='proxyprovider', + name='internal_host_ssl_validation', + field=models.BooleanField( + default=True, help_text='Validate SSL Certificates of upstream servers', verbose_name='Internal host SSL Validation'), + ), + migrations.AddField( + model_name='proxyprovider', + name='basic_auth_enabled', + field=models.BooleanField( + default=False, help_text='Set a custom HTTP-Basic Authentication header based on values from passbook.', verbose_name='Set HTTP-Basic Authentication'), + ), + migrations.AddField( + model_name='proxyprovider', + name='basic_auth_password_attribute', + field=models.TextField( + blank=True, help_text='User Attribute used for the password part of the HTTP-Basic Header.', verbose_name='HTTP-Basic Password'), + ), + migrations.AddField( + model_name='proxyprovider', + name='basic_auth_user_attribute', + field=models.TextField( + blank=True, help_text="User Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used.", verbose_name='HTTP-Basic Username'), + ), + migrations.RunPython(create_proxy_scope), + ] diff --git a/passbook/providers/proxy/models.py b/passbook/providers/proxy/models.py index ac01b6572..9d0c23eb8 100644 --- a/passbook/providers/proxy/models.py +++ b/passbook/providers/proxy/models.py @@ -24,6 +24,8 @@ from passbook.providers.oauth2.models import ( ScopeMapping, ) +SCOPE_PB_PROXY = "pb_proxy" + def get_cookie_secret(): """Generate random 32-character string for cookie-secret""" @@ -80,7 +82,12 @@ class ProxyProvider(OutpostModel, OAuth2Provider): self.jwt_alg = JWTAlgorithms.RS256 self.rsa_key = CertificateKeyPair.objects.first() scopes = ScopeMapping.objects.filter( - scope_name__in=[SCOPE_OPENID, SCOPE_OPENID_PROFILE, SCOPE_OPENID_EMAIL] + scope_name__in=[ + SCOPE_OPENID, + SCOPE_OPENID_PROFILE, + SCOPE_OPENID_EMAIL, + SCOPE_PB_PROXY, + ] ) self.property_mappings.set(scopes) self.redirect_uris = "\n".join(