Projet

Général

Profil

0002-idp_oidc-hide-RSA-algorithms-if-no-JWKSET-is-defined.patch

Benjamin Dauvergne, 22 novembre 2018 12:14

Télécharger (3,3 ko)

Voir les différences: 

Subject: [PATCH 2/2] idp_oidc: hide RSA algorithms if no JWKSET is defined
 (fixes #28249)


 .../migrations/0001_initial.py                    |  2 +-
 src/authentic2_idp_oidc/models.py                 | 15 +++++++++++++--
 2 files changed, 14 insertions(+), 3 deletions(-)
src/authentic2_idp_oidc/migrations/0001_initial.py
44 44 
                ('redirect_uris', models.TextField(verbose_name='redirect URIs', validators=[authentic2_idp_oidc.models.validate_https_url])),
45 45 
                ('sector_identifier_uri', models.URLField(verbose_name='sector identifier URI', blank=True)),
46 46 
                ('identifier_policy', models.PositiveIntegerField(default=2, verbose_name='identifier policy', choices=[(1, 'uuid'), (2, 'pairwise'), (3, 'email')])),
47 
                ('idtoken_algo', models.PositiveIntegerField(default=1, verbose_name='IDToken signature algorithm', choices=[(1, 'RSA'), (2, 'HMAC')])),
47 
                ('idtoken_algo', models.PositiveIntegerField(default=1, verbose_name='IDToken signature algorithm', choices=[(2, 'HMAC')])),
48 48 
                ('created', models.DateTimeField(auto_now_add=True, verbose_name='created')),
49 49 
                ('modified', models.DateTimeField(auto_now=True, verbose_name='modified')),
50 50 
            ],
src/authentic2_idp_oidc/models.py
4 4 
from django.db import models
5 5 
from django.contrib.contenttypes.models import ContentType
6 6 
from django.core.validators import URLValidator
7 
from django.core.exceptions import ValidationError
7 
from django.core.exceptions import ValidationError, ImproperlyConfigured
8 8 
from django.utils.translation import ugettext_lazy as _
9 9 
from django.conf import settings
10 10 
from django.utils.timezone import now
......
12 12 

  		




  13
  13
  
    
from authentic2.managers import GenericManager

  		




  14
  14
  
    
from authentic2.models import Service

  		




  
  15
  
    
from authentic2.utils import to_iter

  		




  15
  16
  
    

  		




  16
  17
  
    
from . import utils, managers

  		




  17
  18
  
    

  		




  ......




  110
  111
  
    
        verbose_name=_('identifier policy'),

  		




  111
  112
  
    
        default=POLICY_PAIRWISE,

  		




  112
  113
  
    
        choices=IDENTIFIER_POLICIES)

  		




  
  114
  
    

  		




  
  115
  
    
    @to_iter

  		




  
  116
  
    
    def get_idtoken_algorithms():

  		




  
  117
  
    
        try:

  		




  
  118
  
    
            utils.get_jwkset()

  		




  
  119
  
    
        except ImproperlyConfigured:

  		




  
  120
  
    
            return [(algo_id, algo_name) for algo_id, algo_name in OIDCClient.ALGO_CHOICES

  		




  
  121
  
    
                    if algo_id != OIDCClient.ALGO_RSA]

  		




  
  122
  
    
        return OIDCClient.ALGO_CHOICES

  		




  
  123
  
    

  		




  113
  124
  
    
    idtoken_algo = models.PositiveIntegerField(

  		




  114
  125
  
    
        default=ALGO_RSA,

  		




  115
  
  
    
        choices=ALGO_CHOICES,

  		




  
  126
  
    
        choices=get_idtoken_algorithms(),

  		




  116
  127
  
    
        verbose_name=_('IDToken signature algorithm'))

  		




  117
  128
  
    
    has_api_access = models.BooleanField(

  		




  118
  129
  
    
        verbose_name=_('has API access'),

  		




  119
  
  
    
-