0001-auth_oidc-move-claims-form-code-66419.patch
| src/authentic2_auth_oidc/admin.py | ||
|---|---|---|
| 14 | 14 |
# You should have received a copy of the GNU Affero General Public License |
| 15 | 15 |
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 16 | 16 | |
| 17 |
from collections import OrderedDict |
|
| 18 | 17 | |
| 19 |
from django import forms |
|
| 20 | 18 |
from django.contrib import admin |
| 21 |
from django.utils.translation import ugettext as _ |
|
| 22 | ||
| 23 |
from authentic2.custom_user.models import User |
|
| 24 |
from authentic2.forms.widgets import DatalistTextInput |
|
| 25 |
from authentic2.models import Attribute |
|
| 26 | 19 | |
| 27 | 20 |
from . import models |
| 28 | ||
| 29 | ||
| 30 |
class OIDCClaimMappingForm(forms.ModelForm): |
|
| 31 |
def __init__(self, *args, **kwargs): |
|
| 32 |
super().__init__(*args, **kwargs) |
|
| 33 |
claim_widget = self.fields['claim'].widget |
|
| 34 |
# fill datalist with standard claims from |
|
| 35 |
# https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims |
|
| 36 |
claim_widget.data = ( |
|
| 37 |
'sub', |
|
| 38 |
'name', |
|
| 39 |
'given_name', |
|
| 40 |
'family_name', |
|
| 41 |
'nickname', |
|
| 42 |
'preferred_username', |
|
| 43 |
'profile', |
|
| 44 |
'picture', |
|
| 45 |
'website', |
|
| 46 |
'email', |
|
| 47 |
'email_verified', |
|
| 48 |
'gender', |
|
| 49 |
'birthdate', |
|
| 50 |
'zoneinfo', |
|
| 51 |
'locale', |
|
| 52 |
'phone_number', |
|
| 53 |
'phone_number_verified', |
|
| 54 |
'address', |
|
| 55 |
'updated_at', |
|
| 56 |
) |
|
| 57 |
claim_widget.name = 'list__oidcclaim-mapping-inline' |
|
| 58 |
claim_widget.attrs.update({'list': 'list__oidcclaim-mapping-inline'})
|
|
| 59 | ||
| 60 |
# Setup the attribute field |
|
| 61 |
choices = OrderedDict([('', '---------')])
|
|
| 62 |
for name in ('email', 'username', 'first_name', 'last_name'):
|
|
| 63 |
field = User._meta.get_field(name) |
|
| 64 |
choices[name] = '%s (%s)' % (field.verbose_name.title(), name) |
|
| 65 |
for attribute in Attribute.objects.all(): |
|
| 66 |
if attribute.name in choices: |
|
| 67 |
continue |
|
| 68 |
choices[attribute.name] = '%s (%s)' % (attribute.label, attribute.name) |
|
| 69 |
choices['ou__slug'] = _('Organizational unit slug (ou__slug)')
|
|
| 70 |
self.fields['attribute'] = forms.ChoiceField(choices=choices.items()) |
|
| 71 | ||
| 72 |
class Meta: |
|
| 73 |
model = models.OIDCClaimMapping |
|
| 74 |
fields = [ |
|
| 75 |
'claim', |
|
| 76 |
'attribute', |
|
| 77 |
'verified', |
|
| 78 |
'required', |
|
| 79 |
'idtoken_claim', |
|
| 80 |
] |
|
| 81 |
readonly_fields = ['created', 'modified'] |
|
| 82 |
widgets = {
|
|
| 83 |
'claim': DatalistTextInput, |
|
| 84 |
} |
|
| 21 |
from .forms import OIDCClaimMappingForm |
|
| 85 | 22 | |
| 86 | 23 | |
| 87 | 24 |
class OIDCClaimMappingInline(admin.TabularInline): |
| src/authentic2_auth_oidc/forms.py | ||
|---|---|---|
| 14 | 14 |
# You should have received a copy of the GNU Affero General Public License |
| 15 | 15 |
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 16 | 16 | |
| 17 |
from collections import OrderedDict |
|
| 18 | ||
| 17 | 19 |
from django import forms |
| 20 |
from django.utils.translation import ugettext as _ |
|
| 21 | ||
| 22 |
from authentic2.custom_user.models import User |
|
| 23 |
from authentic2.forms.widgets import DatalistTextInput |
|
| 24 |
from authentic2.models import Attribute |
|
| 18 | 25 | |
| 19 |
from .models import OIDCProvider |
|
| 26 |
from .models import OIDCClaimMapping, OIDCProvider
|
|
| 20 | 27 | |
| 21 | 28 | |
| 22 | 29 |
class OIDCProviderEditForm(forms.ModelForm): |
| ... | ... | |
| 28 | 35 |
super().__init__(*args, **kwargs) |
| 29 | 36 |
self.fields['ou'].required = True |
| 30 | 37 |
self.fields['ou'].empty_label = None |
| 38 | ||
| 39 | ||
| 40 |
class OIDCClaimMappingForm(forms.ModelForm): |
|
| 41 |
def __init__(self, *args, **kwargs): |
|
| 42 |
super().__init__(*args, **kwargs) |
|
| 43 |
claim_widget = self.fields['claim'].widget |
|
| 44 |
# fill datalist with standard claims from |
|
| 45 |
# https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims |
|
| 46 |
claim_widget.data = ( |
|
| 47 |
'sub', |
|
| 48 |
'name', |
|
| 49 |
'given_name', |
|
| 50 |
'family_name', |
|
| 51 |
'nickname', |
|
| 52 |
'preferred_username', |
|
| 53 |
'profile', |
|
| 54 |
'picture', |
|
| 55 |
'website', |
|
| 56 |
'email', |
|
| 57 |
'email_verified', |
|
| 58 |
'gender', |
|
| 59 |
'birthdate', |
|
| 60 |
'zoneinfo', |
|
| 61 |
'locale', |
|
| 62 |
'phone_number', |
|
| 63 |
'phone_number_verified', |
|
| 64 |
'address', |
|
| 65 |
'updated_at', |
|
| 66 |
) |
|
| 67 |
claim_widget.name = 'list__oidcclaim-mapping-inline' |
|
| 68 |
claim_widget.attrs.update({'list': 'list__oidcclaim-mapping-inline'})
|
|
| 69 | ||
| 70 |
# Setup the attribute field |
|
| 71 |
choices = OrderedDict([('', '---------')])
|
|
| 72 |
for name in ('email', 'username', 'first_name', 'last_name'):
|
|
| 73 |
field = User._meta.get_field(name) |
|
| 74 |
choices[name] = '%s (%s)' % (field.verbose_name.title(), name) |
|
| 75 |
for attribute in Attribute.objects.all(): |
|
| 76 |
if attribute.name in choices: |
|
| 77 |
continue |
|
| 78 |
choices[attribute.name] = '%s (%s)' % (attribute.label, attribute.name) |
|
| 79 |
choices['ou__slug'] = _('Organizational unit slug (ou__slug)')
|
|
| 80 |
self.fields['attribute'] = forms.ChoiceField(choices=choices.items()) |
|
| 81 | ||
| 82 |
class Meta: |
|
| 83 |
model = OIDCClaimMapping |
|
| 84 |
fields = [ |
|
| 85 |
'claim', |
|
| 86 |
'attribute', |
|
| 87 |
'verified', |
|
| 88 |
'required', |
|
| 89 |
'idtoken_claim', |
|
| 90 |
] |
|
| 91 |
readonly_fields = ['created', 'modified'] |
|
| 92 |
widgets = {
|
|
| 93 |
'claim': DatalistTextInput, |
|
| 94 |
} |
|
| 31 |
- |
|