4915205678
* core: start migrating to flows for authorisation * sources/oauth: start type-hinting * core: create default user * core: only show user delete button if an unenrollment flow exists * flows: Correctly check initial policies on flow with context * policies: add more verbosity to engine * sources/oauth: migrate to flows * sources/oauth: fix typing errors * flows: add more tests * sources/oauth: start implementing unittests * sources/ldap: add option to disable user sync, move connection init to model * sources/ldap: re-add default PropertyMappings * providers/saml: re-add default PropertyMappings * admin: fix missing stage count * stages/identification: fix sources not being shown * crypto: fix being unable to save with private key * crypto: re-add default self-signed keypair * policies: rewrite cache_key to prevent wrong cache * sources/saml: migrate to flows for auth and enrollment * stages/consent: add new stage * admin: fix PropertyMapping widget not rendering properly * core: provider.authorization_flow is mandatory * flows: add support for "autosubmit" attribute on form * flows: add InMemoryStage for dynamic stages * flows: optionally allow empty flows from FlowPlanner * providers/saml: update to authorization_flow * sources/*: fix flow executor URL * flows: fix pylint error * flows: wrap responses in JSON object to easily handle redirects * flow: dont cache plan's context * providers/oauth: rewrite OAuth2 Provider to use flows * providers/*: update docstrings of models * core: fix forms not passing help_text through safe * flows: fix HttpResponses not being converted to JSON * providers/oidc: rewrite to use flows * flows: fix linting
41 lines
1.6 KiB
Python
41 lines
1.6 KiB
Python
"""passbook Application Security Gateway Forms"""
|
|
from django import forms
|
|
from oauth2_provider.generators import generate_client_id, generate_client_secret
|
|
from oidc_provider.models import Client, ResponseType
|
|
|
|
from passbook.providers.app_gw.models import ApplicationGatewayProvider
|
|
|
|
|
|
class ApplicationGatewayProviderForm(forms.ModelForm):
|
|
"""Security Gateway Provider form"""
|
|
|
|
def save(self, *args, **kwargs):
|
|
if not self.instance.pk:
|
|
# New instance, so we create a new OIDC client with random keys
|
|
self.instance.client = Client.objects.create(
|
|
client_id=generate_client_id(), client_secret=generate_client_secret()
|
|
)
|
|
self.instance.client.name = self.instance.name
|
|
self.instance.client.response_types.set(
|
|
[ResponseType.objects.get_by_natural_key("code")]
|
|
)
|
|
self.instance.client.redirect_uris = [
|
|
f"http://{self.instance.external_host}/oauth2/callback",
|
|
f"https://{self.instance.external_host}/oauth2/callback",
|
|
f"http://{self.instance.internal_host}/oauth2/callback",
|
|
f"https://{self.instance.internal_host}/oauth2/callback",
|
|
]
|
|
self.instance.client.scope = ["openid", "email"]
|
|
self.instance.client.save()
|
|
return super().save(*args, **kwargs)
|
|
|
|
class Meta:
|
|
|
|
model = ApplicationGatewayProvider
|
|
fields = ["name", "authorization_flow", "internal_host", "external_host"]
|
|
widgets = {
|
|
"name": forms.TextInput(),
|
|
"internal_host": forms.TextInput(),
|
|
"external_host": forms.TextInput(),
|
|
}
|