0001-idp-oidc-set-user-identifier-as-preferred-username-c.patch

Josué Kouka, 09 août 2018 11:21

Voir les différences: en ligne côte à côte

Subject: [PATCH] idp oidc: set user identifier as preferred username claim
 (#23900)

 .../migrations/0011_auto_20180808_1546.py     | 38 +++++++++++++++
 tests/test_idp_oidc.py                        | 46 +++++++++++++++++--
 2 files changed, 81 insertions(+), 3 deletions(-)
 create mode 100644 src/authentic2_idp_oidc/migrations/0011_auto_20180808_1546.py

     # -*- coding: utf-8 -*-
     from __future__ import unicode_literals
     from django.db import migrations
     DEFAULT_CLAIM_VALUES = {
         'django_user_email', 'django_user_email_verified', 'django_user_first_name',
         'django_user_last_name', 'django_user_username'}
     def set_oidcclient_default_preferred_username_as_identifier(apps, schema_editor):
         OIDCClient = apps.get_model('authentic2_idp_oidc', 'OIDCClient')
         OIDCClaim = apps.get_model('authentic2_idp_oidc', 'OIDCClaim')
         for oidcclient in OIDCClient.objects.all():
             claim_values = set(oidcclient.oidcclaim_set.values_list('value', flat=True))
             # check if default config
             if DEFAULT_CLAIM_VALUES.symmetric_difference(claim_values):
                 continue
             pref_username_claim = OIDCClaim.objects.get(name='preferred_username', client=oidcclient)
             if pref_username_claim.value != 'django_user_identifier':
                 pref_username_claim.value = 'django_user_identifier'
                 pref_username_claim.save()
     def unset_oidcclient_default_preferred_username_as_identifier(apps, schema_editor):
         pass
     class Migration(migrations.Migration):
         dependencies = [
             ('authentic2_idp_oidc', '0010_oidcclaim'),
+        ]
         operations = [
             migrations.RunPython(set_oidcclient_default_preferred_username_as_identifier, unset_oidcclient_default_preferred_username_as_identifier)
+        ]

     import utils
     from django.core.urlresolvers import reverse
     from django.db import connection
     from django.db.migrations.executor import MigrationExecutor
     from django.utils.timezone import now
     from django.contrib.auth import get_user_model
     User = get_user_model()
     from authentic2_idp_oidc.models import OIDCClient, OIDCAuthorization, OIDCCode, OIDCAccessToken, OIDCClaim
-...
     def test_oidclient_claims_data_migration():
         from django.db import connection
         from django.db.migrations.executor import MigrationExecutor
         executor = MigrationExecutor(connection)
         app = 'authentic2_idp_oidc'
         migrate_from = [(app, '0009_auto_20180313_1156')]
-...
         assert OIDCClaim.objects.filter(client=client.id).count() == 5
     def test_oidclient_preferred_username_as_identifier_data_migration():
         executor = MigrationExecutor(connection)
         app = 'authentic2_idp_oidc'
         migrate_from = [(app, '0010_oidcclaim')]
         migrate_to = [(app, '0011_auto_20180808_1546')]
         executor.migrate(migrate_from)
         executor.loader.build_graph()
         old_apps = executor.loader.project_state(migrate_from).apps
         OIDCClient = old_apps.get_model('authentic2_idp_oidc', 'OIDCClient')
         OIDCClaim = old_apps.get_model('authentic2_idp_oidc', 'OIDCClaim')
         client1 = OIDCClient.objects.create(name='test', slug='test', redirect_uris='https://example.net/')
         client2 = OIDCClient.objects.create(name='test1', slug='test1', redirect_uris='https://example.net/')
         client3 = OIDCClient.objects.create(name='test2', slug='test2', redirect_uris='https://example.net/')
         for client in (client1, client2, client3):
             if client.name == 'test1':
                 continue
             OIDCClaim.objects.create(client=client, name='preferred_username', value='django_user_username', scopes='profile')
             OIDCClaim.objects.create(client=client, name='given_name', value='django_user_first_name', scopes='profile')
             OIDCClaim.objects.create(client=client, name='family_name', value='django_user_last_name', scopes='profile')
             if client.name == 'test2':
                 continue
             OIDCClaim.objects.create(client=client, name='email', value='django_user_email', scopes='email')
             OIDCClaim.objects.create(client=client, name='email_verified', value='django_user_email_verified', scopes='email')
         executor.migrate(migrate_to)
         executor.loader.build_graph()
         client = OIDCClient.objects.first()
         for client in OIDCClient.objects.all():
             claims = client.oidcclaim_set.all()
             if client.name == 'test':
                 assert claims.count() == 5
                 assert sorted(claims.values_list('name', flat=True)) == [u'email', u'email_verified', u'family_name', u'given_name', u'preferred_username']
                 assert sorted(claims.values_list('value', flat=True)) == [u'django_user_email', u'django_user_email_verified', u'django_user_first_name', u'django_user_identifier', u'django_user_last_name']
             elif client.name == 'test2':
                 assert claims.count() == 3
                 assert sorted(claims.values_list('name', flat=True)) == [u'family_name', u'given_name', u'preferred_username']
                 assert sorted(claims.values_list('value', flat=True)) == [u'django_user_first_name', u'django_user_last_name', u'django_user_username']
             else:
                 assert claims.count() == 0
     def test_api_synchronization(app, oidc_client):
         oidc_client.has_api_access = True
         oidc_client.save()
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2

0001-idp-oidc-set-user-identifier-as-preferred-username-c.patch