OAuth Provider Rewrite (#182)

2020-08-19 10:32:44 +02:00
parent b9076b5fd4
commit c7a2410b1d
97 changed files with 3107 additions and 1911 deletions
--- a/passbook/providers/proxy/models.py
+++ b/passbook/providers/proxy/models.py
@ -0,0 +1,73 @@
+"""passbook proxy models"""
+from typing import Optional, Type
+
+from django.core.validators import URLValidator
+from django.db import models
+from django.forms import ModelForm
+from django.http import HttpRequest
+from django.utils.translation import gettext as _
+
+from passbook.lib.utils.template import render_to_string
+from passbook.providers.oauth2.constants import (
+    SCOPE_OPENID,
+    SCOPE_OPENID_EMAIL,
+    SCOPE_OPENID_PROFILE,
+)
+from passbook.providers.oauth2.models import (
+    ClientTypes,
+    JWTAlgorithms,
+    OAuth2Provider,
+    ResponseTypes,
+    ScopeMapping,
+)
+
+
+class ProxyProvider(OAuth2Provider):
+    """Protect applications that don't support any of the other
+    Protocols by using a Reverse-Proxy."""
+
+    internal_host = models.TextField(
+        validators=[URLValidator(schemes=("http", "https"))]
+    )
+    external_host = models.TextField(
+        validators=[URLValidator(schemes=("http", "https"))]
+    )
+
+    def form(self) -> Type[ModelForm]:
+        from passbook.providers.proxy.forms import ProxyProviderForm
+
+        return ProxyProviderForm
+
+    def html_setup_urls(self, request: HttpRequest) -> Optional[str]:
+        """return template and context modal with URLs for authorize, token, openid-config, etc"""
+        from passbook.providers.proxy.views import DockerComposeView
+
+        docker_compose_yaml = DockerComposeView(request=request).get_compose(self)
+        return render_to_string(
+            "providers/proxy/setup_modal.html",
+            {"provider": self, "docker_compose": docker_compose_yaml},
+        )
+
+    def set_oauth_defaults(self):
+        """Ensure all OAuth2-related settings are correct"""
+        self.client_type = ClientTypes.CONFIDENTIAL
+        self.response_type = ResponseTypes.CODE
+        self.jwt_alg = JWTAlgorithms.HS256
+        scopes = ScopeMapping.objects.filter(
+            scope_name__in=[SCOPE_OPENID, SCOPE_OPENID_PROFILE, SCOPE_OPENID_EMAIL]
+        )
+        self.property_mappings.set(scopes)
+        self.redirect_uris = "\n".join(
+            [
+                f"{self.external_host}/oauth2/callback",
+                f"{self.internal_host}/oauth2/callback",
+            ]
+        )
+
+    def __str__(self):
+        return self.name
+
+    class Meta:
+
+        verbose_name = _("Proxy Provider")
+        verbose_name_plural = _("Proxy Providers")