providers/proxy: add pb_proxy scope for proxy that sends user_attributes

2020-09-30 11:13:59 +02:00 · 2020-09-30 11:13:59 +02:00 · 90ea6dba90
parent b0b2c0830b
commit 90ea6dba90
2 changed files with 74 additions and 1 deletions
--- a/passbook/providers/proxy/migrations/0008_auto_20200930_0810.py
+++ b/passbook/providers/proxy/migrations/0008_auto_20200930_0810.py
@ -0,0 +1,66 @@
+# Generated by Django 3.1.1 on 2020-09-30 08:10
+
+from django.apps.registry import Apps
+from django.db import migrations, models
+from django.db.backends.base.schema import BaseDatabaseSchemaEditor
+
+SCOPE_PB_PROXY_EXPRESSION = """return {
+    "pb_proxy": {
+        "user_attributes": user.group_attributes()
+    }
+}"""
+
+
+def create_proxy_scope(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
+    from passbook.providers.proxy.models import SCOPE_PB_PROXY, ProxyProvider
+
+    ScopeMapping = apps.get_model("passbook_providers_oauth2", "ScopeMapping")
+
+    ScopeMapping.objects.update_or_create(
+        scope_name=SCOPE_PB_PROXY,
+        defaults={
+            "name": "Autogenerated OAuth2 Mapping: passbook Proxy",
+            "scope_name": SCOPE_PB_PROXY,
+            "description": "",
+            "expression": SCOPE_PB_PROXY_EXPRESSION,
+        },
+    )
+
+    for provider in ProxyProvider.objects.all():
+        provider.set_oauth_defaults()
+        provider.save()
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("passbook_providers_proxy", "0007_auto_20200923_1017"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='proxyprovider',
+            name='internal_host_ssl_validation',
+            field=models.BooleanField(
+                default=True, help_text='Validate SSL Certificates of upstream servers', verbose_name='Internal host SSL Validation'),
+        ),
+        migrations.AddField(
+            model_name='proxyprovider',
+            name='basic_auth_enabled',
+            field=models.BooleanField(
+                default=False, help_text='Set a custom HTTP-Basic Authentication header based on values from passbook.', verbose_name='Set HTTP-Basic Authentication'),
+        ),
+        migrations.AddField(
+            model_name='proxyprovider',
+            name='basic_auth_password_attribute',
+            field=models.TextField(
+                blank=True, help_text='User Attribute used for the password part of the HTTP-Basic Header.', verbose_name='HTTP-Basic Password'),
+        ),
+        migrations.AddField(
+            model_name='proxyprovider',
+            name='basic_auth_user_attribute',
+            field=models.TextField(
+                blank=True, help_text="User Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used.", verbose_name='HTTP-Basic Username'),
+        ),
+        migrations.RunPython(create_proxy_scope),
+    ]
--- a/passbook/providers/proxy/models.py
+++ b/passbook/providers/proxy/models.py
@ -24,6 +24,8 @@ from passbook.providers.oauth2.models import (
    ScopeMapping,
 )

+SCOPE_PB_PROXY = "pb_proxy"
+

 def get_cookie_secret():
    """Generate random 32-character string for cookie-secret"""
@ -80,7 +82,12 @@ class ProxyProvider(OutpostModel, OAuth2Provider):
        self.jwt_alg = JWTAlgorithms.RS256
        self.rsa_key = CertificateKeyPair.objects.first()
        scopes = ScopeMapping.objects.filter(
-            scope_name__in=[SCOPE_OPENID, SCOPE_OPENID_PROFILE, SCOPE_OPENID_EMAIL]
+            scope_name__in=[
+                SCOPE_OPENID,
+                SCOPE_OPENID_PROFILE,
+                SCOPE_OPENID_EMAIL,
+                SCOPE_PB_PROXY,
+            ]
        )
        self.property_mappings.set(scopes)
        self.redirect_uris = "\n".join(