providers/app_gw: fix Issuer URL being incorrect, fix incorrect length cookie secret
This commit is contained in:
parent
738ced3327
commit
9c1a824dc4
|
@ -6,6 +6,7 @@ from typing import Optional, Type
|
||||||
from django.db import models
|
from django.db import models
|
||||||
from django.forms import ModelForm
|
from django.forms import ModelForm
|
||||||
from django.http import HttpRequest
|
from django.http import HttpRequest
|
||||||
|
from django.shortcuts import reverse
|
||||||
from django.utils.translation import gettext as _
|
from django.utils.translation import gettext as _
|
||||||
from oidc_provider.models import Client
|
from oidc_provider.models import Client
|
||||||
|
|
||||||
|
@ -35,9 +36,17 @@ class ApplicationGatewayProvider(Provider):
|
||||||
SystemRandom().choice(string.ascii_uppercase + string.digits)
|
SystemRandom().choice(string.ascii_uppercase + string.digits)
|
||||||
for _ in range(50)
|
for _ in range(50)
|
||||||
)
|
)
|
||||||
|
full_issuer_user = request.build_absolute_uri(
|
||||||
|
reverse("passbook_providers_oidc:authorize")
|
||||||
|
)
|
||||||
return render_to_string(
|
return render_to_string(
|
||||||
"app_gw/setup_modal.html",
|
"app_gw/setup_modal.html",
|
||||||
{"provider": self, "cookie_secret": cookie_secret, "version": __version__},
|
{
|
||||||
|
"provider": self,
|
||||||
|
"cookie_secret": cookie_secret,
|
||||||
|
"version": __version__,
|
||||||
|
"full_issuer_user": full_issuer_user,
|
||||||
|
},
|
||||||
)
|
)
|
||||||
|
|
||||||
def __str__(self):
|
def __str__(self):
|
||||||
|
|
|
@ -9,6 +9,6 @@ services:
|
||||||
OAUTH2_PROXY_CLIENT_ID: {{ provider.client.client_id }}
|
OAUTH2_PROXY_CLIENT_ID: {{ provider.client.client_id }}
|
||||||
OAUTH2_PROXY_CLIENT_SECRET: {{ provider.client.client_secret }}
|
OAUTH2_PROXY_CLIENT_SECRET: {{ provider.client.client_secret }}
|
||||||
OAUTH2_PROXY_REDIRECT_URL: https://{{ provider.external_host }}/oauth2/callback
|
OAUTH2_PROXY_REDIRECT_URL: https://{{ provider.external_host }}/oauth2/callback
|
||||||
OAUTH2_PROXY_OIDC_ISSUER_URL: https://{{ request.META.HTTP_HOST }}/application/oidc
|
OAUTH2_PROXY_OIDC_ISSUER_URL: {{ full_issuer_user }}
|
||||||
OAUTH2_PROXY_COOKIE_SECRET: {{ cookie_secret }}
|
OAUTH2_PROXY_COOKIE_SECRET: {{ cookie_secret }}
|
||||||
OAUTH2_PROXY_UPSTREAMS: http://{{ provider.internal_host }}
|
OAUTH2_PROXY_UPSTREAMS: http://{{ provider.internal_host }}
|
||||||
|
|
|
@ -18,7 +18,7 @@ LOGGER = get_logger()
|
||||||
def get_cookie_secret():
|
def get_cookie_secret():
|
||||||
"""Generate random 50-character string for cookie-secret"""
|
"""Generate random 50-character string for cookie-secret"""
|
||||||
return "".join(
|
return "".join(
|
||||||
SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(50)
|
SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(32)
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
|
Reference in a new issue