0001-auth_oidc-do-not-attempt-to-generate-one-s-own-clien.patch
src/authentic2_auth_oidc/migrations/0001_initial.py | ||
---|---|---|
1 |
import uuid |
|
2 | ||
3 | 1 |
import django.contrib.postgres.fields.jsonb |
4 | 2 |
from django.conf import settings |
5 | 3 |
from django.db import migrations, models |
... | ... | |
70 | 68 |
'issuer', |
71 | 69 |
models.CharField(unique=True, max_length=256, verbose_name='issuer', db_index=True), |
72 | 70 |
), |
73 |
('client_id', models.CharField(default=uuid.uuid4, max_length=128, verbose_name='client id')),
|
|
71 |
('client_id', models.CharField(max_length=128, verbose_name='client id')), |
|
74 | 72 |
( |
75 | 73 |
'client_secret', |
76 |
models.CharField(default=uuid.uuid4, max_length=128, verbose_name='client secret'),
|
|
74 |
models.CharField(max_length=128, verbose_name='client secret'), |
|
77 | 75 |
), |
78 | 76 |
( |
79 | 77 |
'authorization_endpoint', |
src/authentic2_auth_oidc/models.py | ||
---|---|---|
15 | 15 |
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
16 | 16 | |
17 | 17 |
import json |
18 |
import uuid |
|
19 | 18 | |
20 | 19 |
from django.conf import settings |
21 | 20 |
from django.contrib.postgres.fields import JSONField |
... | ... | |
81 | 80 |
] |
82 | 81 | |
83 | 82 |
issuer = models.CharField(max_length=256, verbose_name=_('issuer'), db_index=True) |
84 |
client_id = models.CharField(max_length=128, default=uuid.uuid4, verbose_name=_('client id'))
|
|
85 |
client_secret = models.CharField(max_length=128, default=uuid.uuid4, verbose_name=_('client secret'))
|
|
83 |
client_id = models.CharField(max_length=128, verbose_name=_('client id')) |
|
84 |
client_secret = models.CharField(max_length=128, verbose_name=_('client secret')) |
|
86 | 85 |
# endpoints |
87 | 86 |
authorization_endpoint = models.URLField(max_length=128, verbose_name=_('authorization endpoint')) |
88 | 87 |
token_endpoint = models.URLField(max_length=128, verbose_name=_('token endpoint')) |
tests/test_auth_oidc.py | ||
---|---|---|
161 | 161 |
idtoken_algo=OIDCProvider._meta.get_field('idtoken_algo').default, |
162 | 162 |
jwkset=None, |
163 | 163 |
claims_parameter_supported=False, |
164 |
client_id='abc', |
|
165 |
client_secret='def', |
|
164 | 166 |
): |
165 | 167 |
slug = slug or name.lower() |
166 | 168 |
issuer = issuer or ('https://%s.example.com' % slug) |
... | ... | |
169 | 171 |
ou=get_default_ou(), |
170 | 172 |
name=name, |
171 | 173 |
slug=slug, |
174 |
client_id=client_id, |
|
175 |
client_secret=client_secret, |
|
172 | 176 |
enabled=True, |
173 | 177 |
issuer=issuer, |
174 | 178 |
authorization_endpoint='%s/authorize' % issuer, |
tests/test_manager_authenticators.py | ||
---|---|---|
166 | 166 | |
167 | 167 |
resp = resp.click('Edit') |
168 | 168 |
assert 'enabled' not in resp.form.fields |
169 |
assert resp.pyquery('input#id_client_id').val() == '' |
|
170 |
assert resp.pyquery('input#id_client_secret').val() == '' |
|
169 | 171 |
resp.form['ou'] = ou1.pk |
170 | 172 |
resp.form['issuer'] = 'https://oidc.example.com' |
171 | 173 |
resp.form['scopes'] = 'profile email' |
... | ... | |
176 | 178 |
resp.form['idtoken_algo'] = 2 |
177 | 179 |
resp.form['button_label'] = 'Test' |
178 | 180 |
resp.form['button_description'] = 'test' |
181 |
resp.form['client_id'] = 'auie' |
|
182 |
resp.form['client_secret'] = 'tsrn' |
|
179 | 183 |
resp = resp.form.submit().follow() |
180 | 184 |
assert_event('authenticator.edit', user=superuser, session=app.session) |
181 | 185 | |
... | ... | |
195 | 199 |
resp = resp.click('Journal') |
196 | 200 |
assert 'enable' in resp.text |
197 | 201 |
assert ( |
198 |
'edit (ou, issuer, scopes, strategy, button_label, idtoken_algo, token_endpoint, ' |
|
199 |
'userinfo_endpoint, button_description, authorization_endpoint)' in resp.text |
|
202 |
'edit (ou, issuer, scopes, strategy, client_id, button_label, idtoken_algo, ' |
|
203 |
'client_secret, token_endpoint, userinfo_endpoint, button_description, authorization_endpoint)' |
|
204 |
in resp.text |
|
200 | 205 |
) |
201 | 206 |
assert 'creation' in resp.text |
202 | 207 | |
203 |
- |