trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

providers/proxy: make upstream SSL Validation configurable

This commit is contained in:
Jens Langhammer 2020-09-23 12:20:09 +02:00
parent 1aff9afca6
commit 6458b1dbf8
5 changed files with 41 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
passbook/providers/proxy/api.py
View File

@ -54,6 +54,7 @@ class ProxyProviderSerializer(ModelSerializer):
"name", "name",
"internal_host", "internal_host",
"external_host", "external_host",
"internal_host_ssl_validation",
"certificate", "certificate",
"skip_path_regex", "skip_path_regex",
] ]
@ -89,6 +90,7 @@ class ProxyOutpostConfigSerializer(ModelSerializer):
"name", "name",
"internal_host", "internal_host",
"external_host", "external_host",
"internal_host_ssl_validation",
"client_id", "client_id",
"client_secret", "client_secret",
"oidc_configuration", "oidc_configuration",

1
passbook/providers/proxy/forms.py
View File

@ -33,6 +33,7 @@ class ProxyProviderForm(forms.ModelForm):
"name", "name",
"authorization_flow", "authorization_flow",
"internal_host", "internal_host",
"internal_host_ssl_validation",
"external_host", "external_host",
"certificate", "certificate",
"skip_path_regex", "skip_path_regex",

23
passbook/providers/proxy/migrations/0007_auto_20200923_1017.py Normal file
View File

@ -0,0 +1,23 @@
# Generated by Django 3.1.1 on 2020-09-23 10:17
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('passbook_providers_proxy', '0006_proxyprovider_skip_path_regex'),
]
operations = [
migrations.AddField(
model_name='proxyprovider',
name='internal_host_ssl_validation',
field=models.BooleanField(default=True, help_text='Validate SSL Certificates of upstream servers'),
),
migrations.AlterField(
model_name='proxyprovider',
name='skip_path_regex',
field=models.TextField(blank=True, default='', help_text='Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression.'),
),
]

8
passbook/providers/proxy/models.py
View File

@ -46,15 +46,15 @@ class ProxyProvider(OutpostModel, OAuth2Provider):
external_host = models.TextField( external_host = models.TextField(
validators=[DomainlessURLValidator(schemes=("http", "https"))] validators=[DomainlessURLValidator(schemes=("http", "https"))]
) )
internal_host_ssl_validation = models.BooleanField(
cookie_secret = models.TextField(default=get_cookie_secret) default=True, help_text=_("Validate SSL Certificates of upstream servers"))
skip_path_regex = models.TextField( skip_path_regex = models.TextField(
default="", default="",
blank=True, blank=True,
help_text=_( help_text=_(
( (
"Regular expression for which authentication is not required. " "Regular expressions for which authentication is not required. "
"Each new line is interpreted as a new Regular Expression." "Each new line is interpreted as a new Regular Expression."
) )
), ),
@ -64,6 +64,8 @@ class ProxyProvider(OutpostModel, OAuth2Provider):
CertificateKeyPair, on_delete=models.SET_NULL, null=True, blank=True, CertificateKeyPair, on_delete=models.SET_NULL, null=True, blank=True,
) )
cookie_secret = models.TextField(default=get_cookie_secret)
def form(self) -> Type[ModelForm]: def form(self) -> Type[ModelForm]:
from passbook.providers.proxy.forms import ProxyProviderForm from passbook.providers.proxy.forms import ProxyProviderForm

12
swagger.yaml
View File

@ -6215,6 +6215,10 @@ definitions:
title: External host title: External host
type: string type: string
minLength: 1 minLength: 1
internal_host_ssl_validation:
title: Internal host ssl validation
description: Validate SSL Certificates of upstream servers
type: boolean
client_id: client_id:
title: Client ID title: Client ID
type: string type: string
@ -6237,7 +6241,7 @@ definitions:
x-nullable: true x-nullable: true
skip_path_regex: skip_path_regex:
title: Skip path regex title: Skip path regex
description: Regular expression for which authentication is not required. description: Regular expressions for which authentication is not required.
Each new line is interpreted as a new Regular Expression. Each new line is interpreted as a new Regular Expression.
type: string type: string
Policy: Policy:
@ -6700,6 +6704,10 @@ definitions:
title: External host title: External host
type: string type: string
minLength: 1 minLength: 1
internal_host_ssl_validation:
title: Internal host ssl validation
description: Validate SSL Certificates of upstream servers
type: boolean
certificate: certificate:
title: Certificate title: Certificate
type: string type: string
@ -6707,7 +6715,7 @@ definitions:
x-nullable: true x-nullable: true
skip_path_regex: skip_path_regex:
title: Skip path regex title: Skip path regex
description: Regular expression for which authentication is not required. description: Regular expressions for which authentication is not required.
Each new line is interpreted as a new Regular Expression. Each new line is interpreted as a new Regular Expression.
type: string type: string
SAMLProvider: SAMLProvider: