0001-idp_oidc-display-BO-custom-client-config-to-superuse.patch
src/authentic2/manager/forms.py | ||
---|---|---|
940 | 940 | |
941 | 941 | |
942 | 942 |
class ServiceForm(forms.ModelForm): |
943 |
def __init__(self, *args, **kwargs): |
|
944 |
if 'user' in kwargs: |
|
945 |
# OIDC services form initialization requires knowing user permissions. |
|
946 |
# this information isn't used for plain services yet. |
|
947 |
# TODO stop using a generic ServiceEditView for OIDC services(?) |
|
948 |
kwargs.pop('user') |
|
949 |
super().__init__(*args, **kwargs) |
|
950 | ||
943 | 951 |
class Meta: |
944 | 952 |
model = Service |
945 | 953 |
fields = ['name', 'slug', 'ou', 'unauthorized_url'] |
src/authentic2/manager/service_views.py | ||
---|---|---|
133 | 133 |
return self.object.manager_form_class |
134 | 134 |
return super().get_form_class() |
135 | 135 | |
136 |
def get_form_kwargs(self): |
|
137 |
kwargs = super().get_form_kwargs() |
|
138 |
kwargs['user'] = self.request.user |
|
139 |
return kwargs |
|
140 | ||
136 | 141 | |
137 | 142 |
edit_service = ServiceEditView.as_view() |
138 | 143 |
src/authentic2_idp_oidc/manager/forms.py | ||
---|---|---|
15 | 15 |
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
16 | 16 | |
17 | 17 |
from django import forms |
18 |
from django.contrib.auth import get_user_model |
|
19 |
from django.utils.translation import gettext_lazy as _ |
|
18 | 20 | |
19 | 21 |
from authentic2.attributes_ng.engine import get_service_attributes |
20 | 22 |
from authentic2.forms.mixins import SlugMixin |
... | ... | |
43 | 45 |
] |
44 | 46 | |
45 | 47 |
def __init__(self, *args, **kwargs): |
48 |
user = kwargs.pop('user') |
|
46 | 49 |
super().__init__(*args, **kwargs) |
47 | 50 |
self.fields['colour'].widget = forms.TextInput(attrs={'type': 'color'}) |
51 |
if user and isinstance(user, get_user_model()) and user.is_superuser: |
|
52 |
initial_has_api_access = self.instance.has_api_access if self.instance else False |
|
53 |
initial_activate_user_profiles = self.instance.activate_user_profiles if self.instance else False |
|
54 |
self.fields['has_api_access'] = forms.BooleanField( |
|
55 |
initial=initial_has_api_access, |
|
56 |
label=_("Has access to Authentic's synchronization API"), |
|
57 |
required=False, |
|
58 |
) |
|
59 | ||
60 |
self.fields['activate_user_profiles'] = forms.BooleanField( |
|
61 |
initial=initial_activate_user_profiles, |
|
62 |
label=_("Activates user profiles selection"), |
|
63 |
required=False, |
|
64 |
) |
|
65 | ||
66 |
def save(self, *args, **kwargs): |
|
67 |
instance = super().save(*args, **kwargs) |
|
68 |
changed = False |
|
69 |
for custom_field in ('has_api_access', 'activate_user_profiles'): |
|
70 |
if ( |
|
71 |
custom_field in self.cleaned_data |
|
72 |
and getattr(instance, custom_field) != self.cleaned_data[custom_field] |
|
73 |
): |
|
74 |
setattr(instance, custom_field, self.cleaned_data[custom_field]) |
|
75 |
changed = True |
|
76 |
if changed: |
|
77 |
instance.save() |
|
78 |
return instance |
|
48 | 79 | |
49 | 80 | |
50 | 81 |
class OIDCClaimForm(forms.ModelForm): |
src/authentic2_idp_oidc/manager/views.py | ||
---|---|---|
37 | 37 |
OIDCClaim.objects.get_or_create(client=self.object, **mapping) |
38 | 38 |
return reverse('a2-manager-service', kwargs={'service_pk': self.object.pk}) |
39 | 39 | |
40 |
def get_form_kwargs(self): |
|
41 |
kwargs = super().get_form_kwargs() |
|
42 |
kwargs['user'] = self.request.user |
|
43 |
return kwargs |
|
44 | ||
40 | 45 | |
41 | 46 |
add_oidc_service = OIDCServiceAddView.as_view() |
42 | 47 |
tests/idp_oidc/test_manager.py | ||
---|---|---|
27 | 27 |
return app |
28 | 28 | |
29 | 29 | |
30 |
def test_add_oidc_service(app): |
|
30 |
@pytest.fixture |
|
31 |
def superuser_app(app, superuser): |
|
32 |
login(app, superuser) |
|
33 |
return app |
|
34 | ||
35 | ||
36 |
def test_add_oidc_service_superuser(superuser_app): |
|
37 |
resp = superuser_app.get('/manage/services/') |
|
38 |
assert 'Add OIDC service' in resp.text |
|
39 |
assert OIDCClient.objects.count() == 0 |
|
40 |
assert OIDCClaim.objects.count() == 0 |
|
41 | ||
42 |
resp = resp.click('Add OIDC service') |
|
43 |
form = resp.form |
|
44 |
form['name'] = 'Test' |
|
45 |
form['redirect_uris'] = 'http://example.com' |
|
46 |
form['has_api_access'] = True |
|
47 |
form['activate_user_profiles'] = True |
|
48 |
resp = form.submit() |
|
49 | ||
50 |
assert OIDCClient.objects.count() == 1 |
|
51 |
assert OIDCClaim.objects.count() == len(oidc_app_settings.DEFAULT_MAPPINGS) |
|
52 |
oidc_client = OIDCClient.objects.get() |
|
53 |
assert oidc_client.has_api_access is True |
|
54 |
assert oidc_client.activate_user_profiles is True |
|
55 |
assert resp.location == f'/manage/services/{oidc_client.pk}/' |
|
56 |
resp = resp.follow() |
|
57 |
assert "Settings" in resp.text |
|
58 |
assert "Delete" in resp.text |
|
59 | ||
60 | ||
61 |
def test_add_oidc_service_admin(app): |
|
31 | 62 |
resp = app.get('/manage/services/') |
32 | 63 |
assert 'Add OIDC service' in resp.text |
33 | 64 |
assert OIDCClient.objects.count() == 0 |
... | ... | |
37 | 68 |
form = resp.form |
38 | 69 |
form['name'] = 'Test' |
39 | 70 |
form['redirect_uris'] = 'http://example.com' |
71 |
assert 'has_api_access' not in form.fields |
|
72 |
assert 'activate_user_profiles' not in form.fields |
|
40 | 73 |
resp = form.submit() |
41 | 74 | |
42 | 75 |
assert OIDCClient.objects.count() == 1 |
43 | 76 |
assert OIDCClaim.objects.count() == len(oidc_app_settings.DEFAULT_MAPPINGS) |
44 | 77 |
oidc_client = OIDCClient.objects.get() |
78 |
assert oidc_client.has_api_access is False |
|
79 |
assert oidc_client.activate_user_profiles is False |
|
45 | 80 |
assert resp.location == f'/manage/services/{oidc_client.pk}/' |
46 | 81 |
resp = resp.follow() |
47 | 82 |
assert "Settings" in resp.text |
48 |
- |