0001-authentic2_auth_oidc-attach-claims-and-accounts-to-n.patch

Valentin Deniaud, 24 mai 2022 11:55

Voir les différences: en ligne côte à côte

Subject: [PATCH] authentic2_auth_oidc: attach claims and accounts to new
 authenticator (#65504)

 ...0009_oidcprovider_baseauthenticator_ptr.py | 10 ++++++
 .../migrations/0010_auto_20220413_1622.py     | 15 ++++++++
 .../migrations/0012_auto_20220524_1147.py     | 34 +++++++++++++++++++
 tests/test_auth_oidc.py                       | 33 +++++++++++++++---
 4 files changed, 87 insertions(+), 5 deletions(-)
 create mode 100644 src/authentic2_auth_oidc/migrations/0012_auto_20220524_1147.py

                 field=models.IntegerField(default=0),
                 preserve_default=False,
             ),
             migrations.AlterField(
                 model_name='oidcaccount',
                 name='provider',
                 field=models.IntegerField(),
             ),
             migrations.AlterField(
                 model_name='oidcclaimmapping',
                 name='provider',
                 field=models.IntegerField(),
             ),
+        ]

         BaseAuthenticator = apps.get_model('authenticators', 'BaseAuthenticator')
         OIDCProvider = apps.get_model('authentic2_auth_oidc', 'OIDCProvider')
         OIDCClaimMapping = apps.get_model('authentic2_auth_oidc', 'OIDCClaimMapping')
         OIDCAccount = apps.get_model('authentic2_auth_oidc', 'OIDCAccount')
         remap_provider_ids = []
         for provider in OIDCProvider.objects.all():
             if isinstance(show_condition, dict):
                 show_condition_authenticator = show_condition.get(provider.slug) or ''
-...
             provider.baseauthenticator_ptr = base_authenticator.pk
             provider.save()
             remap_provider_ids.append(
+                (
                     list(OIDCClaimMapping.objects.filter(provider=provider.pk).values_list('pk', flat=True)),
                     list(OIDCAccount.objects.filter(provider=provider.pk).values_list('pk', flat=True)),
                     base_authenticator.pk,
+                )
+            )
         for mapping_ids, account_ids, to_provider_id in remap_provider_ids:
             OIDCClaimMapping.objects.filter(id__in=mapping_ids).update(provider=to_provider_id)
             OIDCAccount.objects.filter(id__in=account_ids).update(provider=to_provider_id)
     class Migration(migrations.Migration):

     # Generated by Django 2.2.28 on 2022-05-24 09:47
     import django.db.models.deletion
     from django.db import migrations, models
     class Migration(migrations.Migration):
         dependencies = [
             ('authentic2_auth_oidc', '0011_auto_20220413_1632'),
+        ]
         operations = [
             migrations.AlterField(
                 model_name='oidcaccount',
                 name='provider',
                 field=models.ForeignKey(
                     on_delete=django.db.models.deletion.CASCADE,
                     related_name='accounts',
                     to='authentic2_auth_oidc.OIDCProvider',
                     verbose_name='provider',
                 ),
             ),
             migrations.AlterField(
                 model_name='oidcclaimmapping',
                 name='provider',
                 field=models.ForeignKey(
                     on_delete=django.db.models.deletion.CASCADE,
                     related_name='claim_mappings',
                     to='authentic2_auth_oidc.OIDCProvider',
                     verbose_name='provider',
                 ),
             ),
+        ]

         app = 'authentic2_auth_oidc'
         migrate_from = [(app, '0008_auto_20201102_1142')]
         migrate_to = [(app, '0011_auto_20220413_1632')]
         migrate_to = [(app, '0012_auto_20220524_1147')]
         old_apps = migration.before(migrate_from)
         OIDCProvider = old_apps.get_model(app, 'OIDCProvider')
         OIDCClaimMapping = old_apps.get_model(app, 'OIDCClaimMapping')
         OIDCAccount = old_apps.get_model(app, 'OIDCAccount')
         OrganizationalUnit = old_apps.get_model('a2_rbac', 'OrganizationalUnit')
         User = old_apps.get_model('custom_user', 'User')
         ou1 = OrganizationalUnit.objects.create(name='OU1', slug='ou1')
         issuer = 'https://baz.example.com'
         OIDCProvider.objects.create(
         first_provider = OIDCProvider.objects.create(
             name='Baz',
             slug='baz',
             ou=ou1,
-...
             userinfo_endpoint='%s/user_info' % issuer,
             token_revocation_endpoint='%s/revoke' % issuer,
+        )
         second_provider = OIDCProvider.objects.create(name='Second', slug='second', ou=ou1)
         second_provider_claim_mapping = OIDCClaimMapping.objects.create(
             provider=second_provider, claim='second_provider', attribute='username'
+        )
         user1 = User.objects.create()
         second_provider_account = OIDCAccount.objects.create(
             user=user1, provider=second_provider, sub='second_provider'
+        )
         first_provider_claim_mapping = OIDCClaimMapping.objects.create(
             provider=first_provider, claim='first_provider', attribute='username'
+        )
         new_apps = migration.apply(migrate_to)
         OIDCProvider = new_apps.get_model(app, 'OIDCProvider')
         BaseAuthenticator = new_apps.get_model('authenticators', 'BaseAuthenticator')
         authenticator = OIDCProvider.objects.get()
         authenticator = OIDCProvider.objects.get(slug='baz')
         assert authenticator.name == 'Baz'
         assert authenticator.slug == 'baz'
         assert authenticator.ou.pk == ou1.pk
         assert authenticator.enabled is True
         assert authenticator.order == auth_frontend_kwargs['oidc'].get('priority', 2)
         assert authenticator.show_condition == '"backoffice" not in login_hint'
         assert authenticator.authorization_endpoint == '%s/authorize' % issuer
         assert authenticator.claim_mappings.count() == 1
         assert authenticator.claim_mappings.get().pk == first_provider_claim_mapping.pk
         assert not authenticator.accounts.exists()
         base_authenticator = BaseAuthenticator.objects.get()
         base_authenticator = BaseAuthenticator.objects.get(slug='baz')
         assert authenticator.uuid == base_authenticator.uuid
         second_authenticator = OIDCProvider.objects.get(slug='second')
         assert second_authenticator.name == 'Second'
         assert second_authenticator.claim_mappings.count() == 1
         assert second_authenticator.claim_mappings.get().pk == second_provider_claim_mapping.pk
         assert second_authenticator.accounts.count() == 1
         assert second_authenticator.accounts.get().pk == second_provider_account.pk
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2

0001-authentic2_auth_oidc-attach-claims-and-accounts-to-n.patch