providers/proxy: make upstream SSL Validation configurable
This commit is contained in:
Jens Langhammer
@ -54,6 +54,7 @@ class ProxyProviderSerializer(ModelSerializer):
|
|||||||
"name",
|
"name",
|
||||||
"internal_host",
|
"internal_host",
|
||||||
"external_host",
|
"external_host",
|
||||||
|
"internal_host_ssl_validation",
|
||||||
"certificate",
|
"certificate",
|
||||||
"skip_path_regex",
|
"skip_path_regex",
|
||||||
]
|
]
|
||||||
@ -89,6 +90,7 @@ class ProxyOutpostConfigSerializer(ModelSerializer):
|
|||||||
"name",
|
"name",
|
||||||
"internal_host",
|
"internal_host",
|
||||||
"external_host",
|
"external_host",
|
||||||
|
"internal_host_ssl_validation",
|
||||||
"client_id",
|
"client_id",
|
||||||
"client_secret",
|
"client_secret",
|
||||||
"oidc_configuration",
|
"oidc_configuration",
|
||||||
|
|||||||
@ -33,6 +33,7 @@ class ProxyProviderForm(forms.ModelForm):
|
|||||||
"name",
|
"name",
|
||||||
"authorization_flow",
|
"authorization_flow",
|
||||||
"internal_host",
|
"internal_host",
|
||||||
|
"internal_host_ssl_validation",
|
||||||
"external_host",
|
"external_host",
|
||||||
"certificate",
|
"certificate",
|
||||||
"skip_path_regex",
|
"skip_path_regex",
|
||||||
|
|||||||
@ -0,0 +1,23 @@
|
|||||||
|
# Generated by Django 3.1.1 on 2020-09-23 10:17
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('passbook_providers_proxy', '0006_proxyprovider_skip_path_regex'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AddField(
|
||||||
|
model_name='proxyprovider',
|
||||||
|
name='internal_host_ssl_validation',
|
||||||
|
field=models.BooleanField(default=True, help_text='Validate SSL Certificates of upstream servers'),
|
||||||
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='proxyprovider',
|
||||||
|
name='skip_path_regex',
|
||||||
|
field=models.TextField(blank=True, default='', help_text='Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression.'),
|
||||||
|
),
|
||||||
|
]
|
||||||
@ -46,15 +46,15 @@ class ProxyProvider(OutpostModel, OAuth2Provider):
|
|||||||
external_host = models.TextField(
|
external_host = models.TextField(
|
||||||
validators=[DomainlessURLValidator(schemes=("http", "https"))]
|
validators=[DomainlessURLValidator(schemes=("http", "https"))]
|
||||||
)
|
)
|
||||||
|
internal_host_ssl_validation = models.BooleanField(
|
||||||
cookie_secret = models.TextField(default=get_cookie_secret)
|
default=True, help_text=_("Validate SSL Certificates of upstream servers"))
|
||||||
|
|
||||||
skip_path_regex = models.TextField(
|
skip_path_regex = models.TextField(
|
||||||
default="",
|
default="",
|
||||||
blank=True,
|
blank=True,
|
||||||
help_text=_(
|
help_text=_(
|
||||||
(
|
(
|
||||||
"Regular expression for which authentication is not required. "
|
"Regular expressions for which authentication is not required. "
|
||||||
"Each new line is interpreted as a new Regular Expression."
|
"Each new line is interpreted as a new Regular Expression."
|
||||||
)
|
)
|
||||||
),
|
),
|
||||||
@ -64,6 +64,8 @@ class ProxyProvider(OutpostModel, OAuth2Provider):
|
|||||||
CertificateKeyPair, on_delete=models.SET_NULL, null=True, blank=True,
|
CertificateKeyPair, on_delete=models.SET_NULL, null=True, blank=True,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
cookie_secret = models.TextField(default=get_cookie_secret)
|
||||||
|
|
||||||
def form(self) -> Type[ModelForm]:
|
def form(self) -> Type[ModelForm]:
|
||||||
from passbook.providers.proxy.forms import ProxyProviderForm
|
from passbook.providers.proxy.forms import ProxyProviderForm
|
||||||
|
|
||||||
|
|||||||
12
swagger.yaml
12
swagger.yaml
@ -6215,6 +6215,10 @@ definitions:
|
|||||||
title: External host
|
title: External host
|
||||||
type: string
|
type: string
|
||||||
minLength: 1
|
minLength: 1
|
||||||
|
internal_host_ssl_validation:
|
||||||
|
title: Internal host ssl validation
|
||||||
|
description: Validate SSL Certificates of upstream servers
|
||||||
|
type: boolean
|
||||||
client_id:
|
client_id:
|
||||||
title: Client ID
|
title: Client ID
|
||||||
type: string
|
type: string
|
||||||
@ -6237,7 +6241,7 @@ definitions:
|
|||||||
x-nullable: true
|
x-nullable: true
|
||||||
skip_path_regex:
|
skip_path_regex:
|
||||||
title: Skip path regex
|
title: Skip path regex
|
||||||
description: Regular expression for which authentication is not required.
|
description: Regular expressions for which authentication is not required.
|
||||||
Each new line is interpreted as a new Regular Expression.
|
Each new line is interpreted as a new Regular Expression.
|
||||||
type: string
|
type: string
|
||||||
Policy:
|
Policy:
|
||||||
@ -6700,6 +6704,10 @@ definitions:
|
|||||||
title: External host
|
title: External host
|
||||||
type: string
|
type: string
|
||||||
minLength: 1
|
minLength: 1
|
||||||
|
internal_host_ssl_validation:
|
||||||
|
title: Internal host ssl validation
|
||||||
|
description: Validate SSL Certificates of upstream servers
|
||||||
|
type: boolean
|
||||||
certificate:
|
certificate:
|
||||||
title: Certificate
|
title: Certificate
|
||||||
type: string
|
type: string
|
||||||
@ -6707,7 +6715,7 @@ definitions:
|
|||||||
x-nullable: true
|
x-nullable: true
|
||||||
skip_path_regex:
|
skip_path_regex:
|
||||||
title: Skip path regex
|
title: Skip path regex
|
||||||
description: Regular expression for which authentication is not required.
|
description: Regular expressions for which authentication is not required.
|
||||||
Each new line is interpreted as a new Regular Expression.
|
Each new line is interpreted as a new Regular Expression.
|
||||||
type: string
|
type: string
|
||||||
SAMLProvider:
|
SAMLProvider:
|
||||||
|
|||||||
Reference in New Issue
Block a user