0001-authentic2_auth_oidc-attach-claims-and-accounts-to-n.patch
src/authentic2_auth_oidc/migrations/0009_oidcprovider_baseauthenticator_ptr.py | ||
---|---|---|
16 | 16 |
field=models.IntegerField(default=0), |
17 | 17 |
preserve_default=False, |
18 | 18 |
), |
19 |
migrations.AlterField( |
|
20 |
model_name='oidcaccount', |
|
21 |
name='provider', |
|
22 |
field=models.IntegerField(), |
|
23 |
), |
|
24 |
migrations.AlterField( |
|
25 |
model_name='oidcclaimmapping', |
|
26 |
name='provider', |
|
27 |
field=models.IntegerField(), |
|
28 |
), |
|
19 | 29 |
] |
src/authentic2_auth_oidc/migrations/0010_auto_20220413_1622.py | ||
---|---|---|
14 | 14 | |
15 | 15 |
BaseAuthenticator = apps.get_model('authenticators', 'BaseAuthenticator') |
16 | 16 |
OIDCProvider = apps.get_model('authentic2_auth_oidc', 'OIDCProvider') |
17 |
OIDCClaimMapping = apps.get_model('authentic2_auth_oidc', 'OIDCClaimMapping') |
|
18 |
OIDCAccount = apps.get_model('authentic2_auth_oidc', 'OIDCAccount') |
|
17 | 19 | |
20 |
remap_provider_ids = [] |
|
18 | 21 |
for provider in OIDCProvider.objects.all(): |
19 | 22 |
if isinstance(show_condition, dict): |
20 | 23 |
show_condition_authenticator = show_condition.get(provider.slug) or '' |
... | ... | |
32 | 35 |
provider.baseauthenticator_ptr = base_authenticator.pk |
33 | 36 |
provider.save() |
34 | 37 | |
38 |
remap_provider_ids.append( |
|
39 |
( |
|
40 |
list(OIDCClaimMapping.objects.filter(provider=provider.pk).values_list('pk', flat=True)), |
|
41 |
list(OIDCAccount.objects.filter(provider=provider.pk).values_list('pk', flat=True)), |
|
42 |
base_authenticator.pk, |
|
43 |
) |
|
44 |
) |
|
45 | ||
46 |
for mapping_ids, account_ids, to_provider_id in remap_provider_ids: |
|
47 |
OIDCClaimMapping.objects.filter(id__in=mapping_ids).update(provider=to_provider_id) |
|
48 |
OIDCAccount.objects.filter(id__in=account_ids).update(provider=to_provider_id) |
|
49 | ||
35 | 50 | |
36 | 51 |
class Migration(migrations.Migration): |
37 | 52 |
src/authentic2_auth_oidc/migrations/0012_auto_20220524_1147.py | ||
---|---|---|
1 |
# Generated by Django 2.2.28 on 2022-05-24 09:47 |
|
2 | ||
3 |
import django.db.models.deletion |
|
4 |
from django.db import migrations, models |
|
5 | ||
6 | ||
7 |
class Migration(migrations.Migration): |
|
8 | ||
9 |
dependencies = [ |
|
10 |
('authentic2_auth_oidc', '0011_auto_20220413_1632'), |
|
11 |
] |
|
12 | ||
13 |
operations = [ |
|
14 |
migrations.AlterField( |
|
15 |
model_name='oidcaccount', |
|
16 |
name='provider', |
|
17 |
field=models.ForeignKey( |
|
18 |
on_delete=django.db.models.deletion.CASCADE, |
|
19 |
related_name='accounts', |
|
20 |
to='authentic2_auth_oidc.OIDCProvider', |
|
21 |
verbose_name='provider', |
|
22 |
), |
|
23 |
), |
|
24 |
migrations.AlterField( |
|
25 |
model_name='oidcclaimmapping', |
|
26 |
name='provider', |
|
27 |
field=models.ForeignKey( |
|
28 |
on_delete=django.db.models.deletion.CASCADE, |
|
29 |
related_name='claim_mappings', |
|
30 |
to='authentic2_auth_oidc.OIDCProvider', |
|
31 |
verbose_name='provider', |
|
32 |
), |
|
33 |
), |
|
34 |
] |
tests/test_auth_oidc.py | ||
---|---|---|
1083 | 1083 | |
1084 | 1084 |
app = 'authentic2_auth_oidc' |
1085 | 1085 |
migrate_from = [(app, '0008_auto_20201102_1142')] |
1086 |
migrate_to = [(app, '0011_auto_20220413_1632')]
|
|
1086 |
migrate_to = [(app, '0012_auto_20220524_1147')]
|
|
1087 | 1087 | |
1088 | 1088 |
old_apps = migration.before(migrate_from) |
1089 | 1089 |
OIDCProvider = old_apps.get_model(app, 'OIDCProvider') |
1090 |
OIDCClaimMapping = old_apps.get_model(app, 'OIDCClaimMapping') |
|
1091 |
OIDCAccount = old_apps.get_model(app, 'OIDCAccount') |
|
1090 | 1092 |
OrganizationalUnit = old_apps.get_model('a2_rbac', 'OrganizationalUnit') |
1093 |
User = old_apps.get_model('custom_user', 'User') |
|
1091 | 1094 |
ou1 = OrganizationalUnit.objects.create(name='OU1', slug='ou1') |
1092 | 1095 |
issuer = 'https://baz.example.com' |
1093 |
OIDCProvider.objects.create( |
|
1096 |
first_provider = OIDCProvider.objects.create(
|
|
1094 | 1097 |
name='Baz', |
1095 | 1098 |
slug='baz', |
1096 | 1099 |
ou=ou1, |
... | ... | |
1102 | 1105 |
userinfo_endpoint='%s/user_info' % issuer, |
1103 | 1106 |
token_revocation_endpoint='%s/revoke' % issuer, |
1104 | 1107 |
) |
1108 |
second_provider = OIDCProvider.objects.create(name='Second', slug='second', ou=ou1) |
|
1109 |
second_provider_claim_mapping = OIDCClaimMapping.objects.create( |
|
1110 |
provider=second_provider, claim='second_provider', attribute='username' |
|
1111 |
) |
|
1112 |
user1 = User.objects.create() |
|
1113 |
second_provider_account = OIDCAccount.objects.create( |
|
1114 |
user=user1, provider=second_provider, sub='second_provider' |
|
1115 |
) |
|
1116 |
first_provider_claim_mapping = OIDCClaimMapping.objects.create( |
|
1117 |
provider=first_provider, claim='first_provider', attribute='username' |
|
1118 |
) |
|
1105 | 1119 | |
1106 | 1120 |
new_apps = migration.apply(migrate_to) |
1107 | 1121 |
OIDCProvider = new_apps.get_model(app, 'OIDCProvider') |
1108 | 1122 |
BaseAuthenticator = new_apps.get_model('authenticators', 'BaseAuthenticator') |
1109 | 1123 | |
1110 |
authenticator = OIDCProvider.objects.get() |
|
1124 |
authenticator = OIDCProvider.objects.get(slug='baz')
|
|
1111 | 1125 |
assert authenticator.name == 'Baz' |
1112 |
assert authenticator.slug == 'baz' |
|
1113 | 1126 |
assert authenticator.ou.pk == ou1.pk |
1114 | 1127 |
assert authenticator.enabled is True |
1115 | 1128 |
assert authenticator.order == auth_frontend_kwargs['oidc'].get('priority', 2) |
1116 | 1129 |
assert authenticator.show_condition == '"backoffice" not in login_hint' |
1117 | 1130 |
assert authenticator.authorization_endpoint == '%s/authorize' % issuer |
1131 |
assert authenticator.claim_mappings.count() == 1 |
|
1132 |
assert authenticator.claim_mappings.get().pk == first_provider_claim_mapping.pk |
|
1133 |
assert not authenticator.accounts.exists() |
|
1118 | 1134 | |
1119 |
base_authenticator = BaseAuthenticator.objects.get() |
|
1135 |
base_authenticator = BaseAuthenticator.objects.get(slug='baz')
|
|
1120 | 1136 |
assert authenticator.uuid == base_authenticator.uuid |
1137 | ||
1138 |
second_authenticator = OIDCProvider.objects.get(slug='second') |
|
1139 |
assert second_authenticator.name == 'Second' |
|
1140 |
assert second_authenticator.claim_mappings.count() == 1 |
|
1141 |
assert second_authenticator.claim_mappings.get().pk == second_provider_claim_mapping.pk |
|
1142 |
assert second_authenticator.accounts.count() == 1 |
|
1143 |
assert second_authenticator.accounts.get().pk == second_provider_account.pk |
|
1121 |
- |