Projet

Général

Profil

0001-authentic2_auth_oidc-attach-claims-and-accounts-to-n.patch

Valentin Deniaud, 23 mai 2022 15:44

Télécharger (4,71 ko)

Voir les différences: 

Subject: [PATCH] authentic2_auth_oidc: attach claims and accounts to new
 authenticator (#65504)


 .../migrations/0010_auto_20220413_1622.py     |  4 +++
 tests/test_auth_oidc.py                       | 31 ++++++++++++++++---
 2 files changed, 31 insertions(+), 4 deletions(-)
src/authentic2_auth_oidc/migrations/0010_auto_20220413_1622.py
14 14 

  		




  15
  15
  
    
    BaseAuthenticator = apps.get_model('authenticators', 'BaseAuthenticator')

  		




  16
  16
  
    
    OIDCProvider = apps.get_model('authentic2_auth_oidc', 'OIDCProvider')

  		




  
  17
  
    
    OIDCClaimMapping = apps.get_model('authentic2_auth_oidc', 'OIDCClaimMapping')

  		




  
  18
  
    
    OIDCAccount = apps.get_model('authentic2_auth_oidc', 'OIDCAccount')

  		




  17
  19
  
    

  		




  18
  20
  
    
    for provider in OIDCProvider.objects.all():

  		




  19
  21
  
    
        if isinstance(show_condition, dict):

  		




  ......




  31
  33
  
    
        )

  		




  32
  34
  
    
        provider.baseauthenticator_ptr = base_authenticator.pk

  		




  33
  35
  
    
        provider.save()

  		




  
  36
  
    
        OIDCClaimMapping.objects.filter(provider_id=provider.pk).update(provider_id=base_authenticator.pk)

  		




  
  37
  
    
        OIDCAccount.objects.filter(provider_id=provider.pk).update(provider_id=base_authenticator.pk)

  		




  34
  38
  
    

  		




  35
  39
  
    

  		




  36
  40
  
    
class Migration(migrations.Migration):

  		












  

    
      tests/test_auth_oidc.py
    
  





  1087
  1087
  
    

  		




  1088
  1088
  
    
    old_apps = migration.before(migrate_from)

  		




  1089
  1089
  
    
    OIDCProvider = old_apps.get_model(app, 'OIDCProvider')

  		




  
  1090
  
    
    OIDCClaimMapping = old_apps.get_model(app, 'OIDCClaimMapping')

  		




  
  1091
  
    
    OIDCAccount = old_apps.get_model(app, 'OIDCAccount')

  		




  1090
  1092
  
    
    OrganizationalUnit = old_apps.get_model('a2_rbac', 'OrganizationalUnit')

  		




  
  1093
  
    
    User = old_apps.get_model('custom_user', 'User')

  		




  1091
  1094
  
    
    ou1 = OrganizationalUnit.objects.create(name='OU1', slug='ou1')

  		




  1092
  1095
  
    
    issuer = 'https://baz.example.com'

  		




  1093
  
  
    
    OIDCProvider.objects.create(

  		




  
  1096
  
    
    first_provider = OIDCProvider.objects.create(

  		




  1094
  1097
  
    
        name='Baz',

  		




  1095
  1098
  
    
        slug='baz',

  		




  1096
  1099
  
    
        ou=ou1,

  		




  ......




  1102
  1105
  
    
        userinfo_endpoint='%s/user_info' % issuer,

  		




  1103
  1106
  
    
        token_revocation_endpoint='%s/revoke' % issuer,

  		




  1104
  1107
  
    
    )

  		




  
  1108
  
    
    second_provider = OIDCProvider.objects.create(name='Second', slug='second', ou=ou1)

  		




  
  1109
  
    
    second_provider_claim_mapping = OIDCClaimMapping.objects.create(

  		




  
  1110
  
    
        provider=second_provider, claim='second_provider', attribute='username'

  		




  
  1111
  
    
    )

  		




  
  1112
  
    
    user1 = User.objects.create()

  		




  
  1113
  
    
    second_provider_account = OIDCAccount.objects.create(

  		




  
  1114
  
    
        user=user1, provider=second_provider, sub='second_provider'

  		




  
  1115
  
    
    )

  		




  
  1116
  
    
    first_provider_claim_mapping = OIDCClaimMapping.objects.create(

  		




  
  1117
  
    
        provider=first_provider, claim='first_provider', attribute='username'

  		




  
  1118
  
    
    )

  		




  1105
  1119
  
    

  		




  1106
  1120
  
    
    new_apps = migration.apply(migrate_to)

  		




  1107
  1121
  
    
    OIDCProvider = new_apps.get_model(app, 'OIDCProvider')

  		




  1108
  1122
  
    
    BaseAuthenticator = new_apps.get_model('authenticators', 'BaseAuthenticator')

  		




  1109
  1123
  
    

  		




  1110
  
  
    
    authenticator = OIDCProvider.objects.get()

  		




  
  1124
  
    
    authenticator = OIDCProvider.objects.get(slug='baz')

  		




  1111
  1125
  
    
    assert authenticator.name == 'Baz'

  		




  1112
  
  
    
    assert authenticator.slug == 'baz'

  		




  1113
  1126
  
    
    assert authenticator.ou.pk == ou1.pk

  		




  1114
  1127
  
    
    assert authenticator.enabled is True

  		




  1115
  1128
  
    
    assert authenticator.order == auth_frontend_kwargs['oidc'].get('priority', 2)

  		




  1116
  1129
  
    
    assert authenticator.show_condition == '"backoffice" not in login_hint'

  		




  1117
  1130
  
    
    assert authenticator.authorization_endpoint == '%s/authorize' % issuer

  		




  
  1131
  
    
    assert authenticator.claim_mappings.count() == 1

  		




  
  1132
  
    
    assert authenticator.claim_mappings.get().pk == first_provider_claim_mapping.pk

  		




  
  1133
  
    
    assert not authenticator.accounts.exists()

  		




  1118
  1134
  
    

  		




  1119
  
  
    
    base_authenticator = BaseAuthenticator.objects.get()

  		




  
  1135
  
    
    base_authenticator = BaseAuthenticator.objects.get(slug='baz')

  		




  1120
  1136
  
    
    assert authenticator.uuid == base_authenticator.uuid

  		




  
  1137
  
    

  		




  
  1138
  
    
    second_authenticator = OIDCProvider.objects.get(slug='second')

  		




  
  1139
  
    
    assert second_authenticator.name == 'Second'

  		




  
  1140
  
    
    assert second_authenticator.claim_mappings.count() == 1

  		




  
  1141
  
    
    assert second_authenticator.claim_mappings.get().pk == second_provider_claim_mapping.pk

  		




  
  1142
  
    
    assert second_authenticator.accounts.count() == 1

  		




  
  1143
  
    
    assert second_authenticator.accounts.get().pk == second_provider_account.pk

  		




  1121
  
  
    
-