authentik/passbook/providers/app_gw/forms.py

41 lines
1.6 KiB
Python
Raw Normal View History

"""passbook Application Security Gateway Forms"""
from django import forms
2019-12-31 11:51:16 +00:00
from oauth2_provider.generators import generate_client_id, generate_client_secret
from oidc_provider.models import Client, ResponseType
from passbook.providers.app_gw.models import ApplicationGatewayProvider
class ApplicationGatewayProviderForm(forms.ModelForm):
"""Security Gateway Provider form"""
def save(self, *args, **kwargs):
if not self.instance.pk:
# New instance, so we create a new OIDC client with random keys
self.instance.client = Client.objects.create(
2019-12-31 11:51:16 +00:00
client_id=generate_client_id(), client_secret=generate_client_secret()
)
self.instance.client.name = self.instance.name
2020-01-02 19:22:36 +00:00
self.instance.client.response_types.set(
[ResponseType.objects.get_by_natural_key("code")]
)
self.instance.client.redirect_uris = [
f"http://{self.instance.external_host}/oauth2/callback",
f"https://{self.instance.external_host}/oauth2/callback",
f"http://{self.instance.internal_host}/oauth2/callback",
f"https://{self.instance.internal_host}/oauth2/callback",
]
2019-12-31 11:51:16 +00:00
self.instance.client.scope = ["openid", "email"]
self.instance.client.save()
return super().save(*args, **kwargs)
2019-03-22 09:55:26 +00:00
class Meta:
model = ApplicationGatewayProvider
WIP Use Flows for Sources and Providers (#32) * core: start migrating to flows for authorisation * sources/oauth: start type-hinting * core: create default user * core: only show user delete button if an unenrollment flow exists * flows: Correctly check initial policies on flow with context * policies: add more verbosity to engine * sources/oauth: migrate to flows * sources/oauth: fix typing errors * flows: add more tests * sources/oauth: start implementing unittests * sources/ldap: add option to disable user sync, move connection init to model * sources/ldap: re-add default PropertyMappings * providers/saml: re-add default PropertyMappings * admin: fix missing stage count * stages/identification: fix sources not being shown * crypto: fix being unable to save with private key * crypto: re-add default self-signed keypair * policies: rewrite cache_key to prevent wrong cache * sources/saml: migrate to flows for auth and enrollment * stages/consent: add new stage * admin: fix PropertyMapping widget not rendering properly * core: provider.authorization_flow is mandatory * flows: add support for "autosubmit" attribute on form * flows: add InMemoryStage for dynamic stages * flows: optionally allow empty flows from FlowPlanner * providers/saml: update to authorization_flow * sources/*: fix flow executor URL * flows: fix pylint error * flows: wrap responses in JSON object to easily handle redirects * flow: dont cache plan's context * providers/oauth: rewrite OAuth2 Provider to use flows * providers/*: update docstrings of models * core: fix forms not passing help_text through safe * flows: fix HttpResponses not being converted to JSON * providers/oidc: rewrite to use flows * flows: fix linting
2020-06-07 15:35:08 +01:00
fields = ["name", "authorization_flow", "internal_host", "external_host"]
2019-03-21 15:21:51 +00:00
widgets = {
2019-12-31 11:51:16 +00:00
"name": forms.TextInput(),
"internal_host": forms.TextInput(),
"external_host": forms.TextInput(),
}