Projet

Général

Profil

0009-idp_oidc-fix-order-of-ALGO_CHOICES-in-migrations-425.patch

Benjamin Dauvergne, 05 mai 2020 16:08

Télécharger (3,39 ko)

Voir les différences: 

Subject: [PATCH 09/10] idp_oidc: fix order of ALGO_CHOICES in migrations
 (#42504)

Choices should not depend on environment.

 .../migrations/0001_initial.py                |  2 +-
 src/authentic2_idp_oidc/models.py             | 19 ++++++++-----------
 2 files changed, 9 insertions(+), 12 deletions(-)
src/authentic2_idp_oidc/migrations/0001_initial.py
44 44 
                ('redirect_uris', models.TextField(verbose_name='redirect URIs', validators=[authentic2_idp_oidc.models.validate_https_url])),
45 45 
                ('sector_identifier_uri', models.URLField(verbose_name='sector identifier URI', blank=True)),
46 46 
                ('identifier_policy', models.PositiveIntegerField(default=2, verbose_name='identifier policy', choices=[(1, 'uuid'), (2, 'pairwise'), (3, 'email')])),
47 
                ('idtoken_algo', models.PositiveIntegerField(default=2, verbose_name='IDToken signature algorithm', choices=[(2, 'HMAC')])),
47 
                ('idtoken_algo', models.PositiveIntegerField(default=2, verbose_name='IDToken signature algorithm', choices=[(2, 'HMAC'), (1, 'RSA'), (3, 'EC')])),
48 48 
                ('created', models.DateTimeField(auto_now_add=True, verbose_name='created')),
49 49 
                ('modified', models.DateTimeField(auto_now=True, verbose_name='modified')),
50 50 
            ],
src/authentic2_idp_oidc/models.py
143 143 
        help_text=_('Permitted or default scopes (for credentials grant)'),
144 144 
        default='',
145 145 
        blank=True)
146 

  		




  147
  
  
    
    @to_iter

  		




  148
  
  
    
    def get_idtoken_algorithms():

  		




  149
  
  
    
        try:

  		




  150
  
  
    
            utils.get_jwkset()

  		




  151
  
  
    
        except ImproperlyConfigured:

  		




  152
  
  
    
            return [(algo_id, algo_name) for algo_id, algo_name in OIDCClient.ALGO_CHOICES

  		




  153
  
  
    
                    if algo_id not in (OIDCClient.ALGO_RSA, OIDCClient.ALGO_EC)]

  		




  154
  
  
    
        return OIDCClient.ALGO_CHOICES

  		




  155
  
  
    

  		




  156
  146
  
    
    idtoken_algo = models.PositiveIntegerField(

  		




  157
  147
  
    
        default=ALGO_HMAC,

  		




  158
  
  
    
        choices=get_idtoken_algorithms(),

  		




  
  148
  
    
        choices=ALGO_CHOICES,

  		




  159
  149
  
    
        verbose_name=_('IDToken signature algorithm'))

  		




  160
  150
  
    
    has_api_access = models.BooleanField(

  		




  161
  151
  
    
        verbose_name=_('has API access'),

  		




  ......




  183
  173
  
    
    def clean(self):

  		




  184
  174
  
    
        self.redirect_uris = strip_words(self.redirect_uris)

  		




  185
  175
  
    
        self.post_logout_redirect_uris = strip_words(self.post_logout_redirect_uris)

  		




  
  176
  
    
        if self.idtoken_algo in (OIDCClient.ALGO_RSA, OIDCClient.ALGO_EC):

  		




  
  177
  
    
            try:

  		




  
  178
  
    
                utils.get_jwkset()

  		




  
  179
  
    
            except ImproperlyConfigured:

  		




  
  180
  
    
                raise ValidationError(

  		




  
  181
  
    
                    _('You cannot use algorithm %(algorithm)s, setting A2_IDP_OIDC_JWKSET is not defined') %

  		




  
  182
  
    
                    {'algorithm': self.get_idtoken_algo_display()})

  		




  186
  183
  
    

  		




  187
  184
  
    
    def get_wanted_attributes(self):

  		




  188
  185
  
    
        return self.oidcclaim_set.filter(name__isnull=False).values_list('value', flat=True)

  		




  189
  
  
    
-