0001-auth-separate-OIDC-providers-in-blocks-on-login-page.patch

Serghei Mihai, 28 novembre 2019 17:42

Voir les différences: en ligne côte à côte

Subject: [PATCH] auth: separate OIDC providers in blocks on login page
 (#31259)

 src/authentic2/views.py                       | 28 ++++++++++++------
 src/authentic2_auth_oidc/authenticators.py    | 14 +++++++--
 .../templates/authentic2_auth_oidc/login.html | 10 +++----
 tests/test_auth_oidc.py                       | 29 +++++++++++++++++++
 4 files changed, 64 insertions(+), 17 deletions(-)

                     block['form'] = form_class()
                 blocks.append(block)
             else:  # New frontends API
                 auth_blocks = []
                 parameters = {'request': request,
                               'context': context}
                 block = utils.get_authenticator_method(authenticator, 'login', parameters)
                 # check if the authenticator has multiple instances
                 if hasattr(authenticator, 'instances'):
                     for instance_id, instance in authenticator.instances:
                         parameters['instance'] = instance
                         block = utils.get_authenticator_method(authenticator, 'login', parameters)
                         # update block id in order to separate instances
                         block['id'] = '%s_%s' % (block['id'], instance_id)
                         auth_blocks.append(block)
                 else:
                     auth_blocks.append(utils.get_authenticator_method(authenticator, 'login', parameters))
                 # If a login frontend method returns an HttpResponse with a status code != 200
                 # this response is returned.
                 if block:
                     if block['status_code'] != 200:
                         return block['response']
                     blocks.append(block)
             if hasattr(authenticator, 'is_hidden'):
                 blocks[-1]['is_hidden'] = authenticator.is_hidden(request)
             else:
                 blocks[-1]['is_hidden'] = False
                 for block in auth_blocks:
                     if block:
                         if block['status_code'] != 200:
                             return block['response']
                         block['is_hidden'] = False
                         blocks.append(block)
             # TODO: remove 'is_hidden' below after cleaning up the templates
             blocks[-1]['is_hidden'] = False
         # Old frontends API
         for block in blocks:

     from django.shortcuts import render
     from . import app_settings, utils
     from authentic2.utils import make_url
     class OIDCAuthenticator(object):
-...
         def id(self):
             return 'oidc'
         @property
         def instances(self):
             for p in utils.get_providers(shown=True):
                 yield (p.slug, p)
         def login(self, request, *args, **kwargs):
             context = kwargs.get('context', {})
             context['providers'] = utils.get_providers(shown=True)
             return render(request, 'authentic2_auth_oidc/login.html', context)
             if kwargs.get('instance'):
                 instance = kwargs['instance']
                 context['provider'] = instance
                 context['login_url'] = make_url('oidc-login', kwargs={'pk': instance.id},
                                                 request=request, keep_params=True)
                 return render(request, 'authentic2_auth_oidc/login.html', context)

     {% for provider in providers %}
       <p id="oidc-p-{% firstof provider.slug provider.name|slugify %}">
         <a id="oidc-a-{% firstof provider.slug  provider.name|slugify %}"
            href="{% url "oidc-login" pk=provider.pk %}?{{ request.GET.urlencode }}">{{ provider.name }}</a>
       </p>
     {% endfor %}
     <p id="oidc-p-{% firstof provider.slug provider.name|slugify %}">
       <a id="oidc-a-{% firstof provider.slug  provider.name|slugify %}"
          href="{{ login_url }}">{{ provider.name }}</a>
     </p>

         return qs
     def test_providers_on_login_page(oidc_provider, app):
         response = app.get('/login/')
         # two frontends should be present on login page
         assert response.pyquery('p#oidc-p-oididp')
         provider = OIDCProvider.objects.create(
             ou=get_default_ou(),
             name='OIDCIDP 2',
             slug='oidcidp-2',
             issuer='https://idp2.example.com/',
             authorization_endpoint='https://idp2.example.com/authorize',
             token_endpoint='https://idp2.example.com/token',
             end_session_endpoint='https://idp2.example.com/logout',
             userinfo_endpoint='https://idp*é.example.com/user_info',
             token_revocation_endpoint='https://idp2.example.com/revoke',
             max_auth_age=10,
             strategy=OIDCProvider.STRATEGY_CREATE,
             jwkset_json=None,
             idtoken_algo=OIDCProvider.ALGO_RSA,
             claims_parameter_supported=False
+        )
         response = app.get('/login/?next=http://example.com')
         assert response.pyquery('a#oidc-a-oididp')
         assert response.pyquery('a#oidc-a-oidcidp-2')
         assert '?next=' in response.pyquery('a#oidc-a-oididp').attr('href')
         assert '?next=' in response.pyquery('a#oidc-a-oidcidp-2').attr('href')
         provider.delete()
     def test_sso(app, caplog, code, oidc_provider, oidc_provider_jwkset, login_url, login_callback_url, hooks):
         OU = get_ou_model()
         cassis = OU.objects.create(name='Cassis', slug='cassis')
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2

0001-auth-separate-OIDC-providers-in-blocks-on-login-page.patch