0001-idp_oidc-display-BO-custom-client-config-to-superuse.patch
| src/authentic2/manager/forms.py | ||
|---|---|---|
| 940 | 940 | |
| 941 | 941 | |
| 942 | 942 |
class ServiceForm(forms.ModelForm): |
| 943 |
def __init__(self, *args, **kwargs): |
|
| 944 |
if 'user' in kwargs: |
|
| 945 |
# OIDC services form initialization requires knowing user permissions. |
|
| 946 |
# this information isn't used for plain services yet. |
|
| 947 |
# TODO stop using a generic ServiceEditView for OIDC services(?) |
|
| 948 |
kwargs.pop('user')
|
|
| 949 |
super().__init__(*args, **kwargs) |
|
| 950 | ||
| 943 | 951 |
class Meta: |
| 944 | 952 |
model = Service |
| 945 | 953 |
fields = ['name', 'slug', 'ou', 'unauthorized_url'] |
| src/authentic2/manager/service_views.py | ||
|---|---|---|
| 133 | 133 |
return self.object.manager_form_class |
| 134 | 134 |
return super().get_form_class() |
| 135 | 135 | |
| 136 |
def get_form_kwargs(self): |
|
| 137 |
kwargs = super().get_form_kwargs() |
|
| 138 |
kwargs['user'] = self.request.user |
|
| 139 |
return kwargs |
|
| 140 | ||
| 136 | 141 | |
| 137 | 142 |
edit_service = ServiceEditView.as_view() |
| 138 | 143 | |
| src/authentic2_idp_oidc/manager/forms.py | ||
|---|---|---|
| 15 | 15 |
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 16 | 16 | |
| 17 | 17 |
from django import forms |
| 18 |
from django.contrib.auth import get_user_model |
|
| 19 |
from django.utils.translation import gettext_lazy as _ |
|
| 18 | 20 | |
| 19 | 21 |
from authentic2.attributes_ng.engine import get_service_attributes |
| 20 | 22 |
from authentic2.forms.mixins import SlugMixin |
| ... | ... | |
| 43 | 45 |
] |
| 44 | 46 | |
| 45 | 47 |
def __init__(self, *args, **kwargs): |
| 48 |
user = kwargs.pop('user')
|
|
| 46 | 49 |
super().__init__(*args, **kwargs) |
| 47 | 50 |
self.fields['colour'].widget = forms.TextInput(attrs={'type': 'color'})
|
| 51 |
if user and isinstance(user, get_user_model()) and user.is_superuser: |
|
| 52 |
initial_has_api_access = self.instance.has_api_access if self.instance else False |
|
| 53 |
initial_activate_user_profiles = self.instance.activate_user_profiles if self.instance else False |
|
| 54 |
self.fields['has_api_access'] = forms.BooleanField( |
|
| 55 |
initial=initial_has_api_access, |
|
| 56 |
label=_("Has access to Authentic's synchronization API"),
|
|
| 57 |
required=False, |
|
| 58 |
) |
|
| 59 | ||
| 60 |
self.fields['activate_user_profiles'] = forms.BooleanField( |
|
| 61 |
initial=initial_activate_user_profiles, |
|
| 62 |
label=_("Activates user profiles selection"),
|
|
| 63 |
required=False, |
|
| 64 |
) |
|
| 65 | ||
| 66 |
def save(self, *args, **kwargs): |
|
| 67 |
instance = super().save(*args, **kwargs) |
|
| 68 |
changed = False |
|
| 69 |
for custom_field in ('has_api_access', 'activate_user_profiles'):
|
|
| 70 |
if ( |
|
| 71 |
custom_field in self.cleaned_data |
|
| 72 |
and getattr(instance, custom_field) != self.cleaned_data[custom_field] |
|
| 73 |
): |
|
| 74 |
setattr(instance, custom_field, self.cleaned_data[custom_field]) |
|
| 75 |
changed = True |
|
| 76 |
if changed: |
|
| 77 |
instance.save() |
|
| 78 |
return instance |
|
| 48 | 79 | |
| 49 | 80 | |
| 50 | 81 |
class OIDCClaimForm(forms.ModelForm): |
| src/authentic2_idp_oidc/manager/views.py | ||
|---|---|---|
| 37 | 37 |
OIDCClaim.objects.get_or_create(client=self.object, **mapping) |
| 38 | 38 |
return reverse('a2-manager-service', kwargs={'service_pk': self.object.pk})
|
| 39 | 39 | |
| 40 |
def get_form_kwargs(self): |
|
| 41 |
kwargs = super().get_form_kwargs() |
|
| 42 |
kwargs['user'] = self.request.user |
|
| 43 |
return kwargs |
|
| 44 | ||
| 40 | 45 | |
| 41 | 46 |
add_oidc_service = OIDCServiceAddView.as_view() |
| 42 | 47 | |
| tests/idp_oidc/test_manager.py | ||
|---|---|---|
| 27 | 27 |
return app |
| 28 | 28 | |
| 29 | 29 | |
| 30 |
def test_add_oidc_service(app): |
|
| 30 |
@pytest.fixture |
|
| 31 |
def superuser_app(app, superuser): |
|
| 32 |
login(app, superuser) |
|
| 33 |
return app |
|
| 34 | ||
| 35 | ||
| 36 |
def test_add_oidc_service_superuser(superuser_app): |
|
| 37 |
resp = superuser_app.get('/manage/services/')
|
|
| 38 |
assert 'Add OIDC service' in resp.text |
|
| 39 |
assert OIDCClient.objects.count() == 0 |
|
| 40 |
assert OIDCClaim.objects.count() == 0 |
|
| 41 | ||
| 42 |
resp = resp.click('Add OIDC service')
|
|
| 43 |
form = resp.form |
|
| 44 |
form['name'] = 'Test' |
|
| 45 |
form['redirect_uris'] = 'http://example.com' |
|
| 46 |
form['has_api_access'] = True |
|
| 47 |
form['activate_user_profiles'] = True |
|
| 48 |
resp = form.submit() |
|
| 49 | ||
| 50 |
assert OIDCClient.objects.count() == 1 |
|
| 51 |
assert OIDCClaim.objects.count() == len(oidc_app_settings.DEFAULT_MAPPINGS) |
|
| 52 |
oidc_client = OIDCClient.objects.get() |
|
| 53 |
assert oidc_client.has_api_access is True |
|
| 54 |
assert oidc_client.activate_user_profiles is True |
|
| 55 |
assert resp.location == f'/manage/services/{oidc_client.pk}/'
|
|
| 56 |
resp = resp.follow() |
|
| 57 |
assert "Settings" in resp.text |
|
| 58 |
assert "Delete" in resp.text |
|
| 59 | ||
| 60 | ||
| 61 |
def test_add_oidc_service_admin(app): |
|
| 31 | 62 |
resp = app.get('/manage/services/')
|
| 32 | 63 |
assert 'Add OIDC service' in resp.text |
| 33 | 64 |
assert OIDCClient.objects.count() == 0 |
| ... | ... | |
| 37 | 68 |
form = resp.form |
| 38 | 69 |
form['name'] = 'Test' |
| 39 | 70 |
form['redirect_uris'] = 'http://example.com' |
| 71 |
assert 'has_api_access' not in form.fields |
|
| 72 |
assert 'activate_user_profiles' not in form.fields |
|
| 40 | 73 |
resp = form.submit() |
| 41 | 74 | |
| 42 | 75 |
assert OIDCClient.objects.count() == 1 |
| 43 | 76 |
assert OIDCClaim.objects.count() == len(oidc_app_settings.DEFAULT_MAPPINGS) |
| 44 | 77 |
oidc_client = OIDCClient.objects.get() |
| 78 |
assert oidc_client.has_api_access is False |
|
| 79 |
assert oidc_client.activate_user_profiles is False |
|
| 45 | 80 |
assert resp.location == f'/manage/services/{oidc_client.pk}/'
|
| 46 | 81 |
resp = resp.follow() |
| 47 | 82 |
assert "Settings" in resp.text |
| 48 |
- |
|