Skip to content

Commit

Permalink
♻️[#114] streamline configuration step and model
Browse files Browse the repository at this point in the history
* Pin django-setup-configuration >= 0.4.0
* Use Pydantic model defaults, remove defaults from step
* Remove now unneeded OIDCSetupConfigForm
* Set non-default values for test_configure_use_defaults
* Update Documentation
  • Loading branch information
Coperh committed Nov 29, 2024
1 parent 9679244 commit 1d0bdbf
Show file tree
Hide file tree
Showing 7 changed files with 27 additions and 41 deletions.
11 changes: 9 additions & 2 deletions docs/setup_configuration.rst
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,8 @@ put the ``AdminOIDCConfigurationStep`` in your django-setup-configuration steps:
...
]
Configuration Settings YAML:
============================
Setup Configuration Settings:
=============================


The setup configuration source must contain the following base keys to use this setup configuration step (using ``yaml`` as an example):
Expand Down Expand Up @@ -79,8 +79,15 @@ Providing both will cause the validation to fail.

Optional Fields:
""""""""""""""""

.. warning::

The default values are always provided and will overwrite any settings changed in the admin.
Make sure updated settings are added to the configuration yaml.

All the following keys are placed in the ``oidc_db_config_admin_auth`` dictionary.

* ``enabled``: whether OIDC is enabled for admin login. Defaults to ``True``.
* ``oidc_op_jwks_endpoint``: URL of your OpenID Connect provider JSON Web Key Set endpoint.
Required if ``RS256`` is used as signing algorithm. No default value.
* ``claim_mapping``: Mapping from user-model fields to OIDC claims.
Expand Down
14 changes: 0 additions & 14 deletions mozilla_django_oidc_db/forms.py
Original file line number Diff line number Diff line change
Expand Up @@ -72,17 +72,3 @@ def clean(self):
self.add_error(field, _("This field is required."))

return cleaned_data


class OIDCSetupConfigForm(OpenIDConnectConfigForm):
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)

if self.fields:
self.fields["oidc_rp_sign_algo"].required = False
self.fields["oidc_nonce_size"].required = False
self.fields["oidc_state_size"].required = False
self.fields["userinfo_claims_source"].required = False
self.fields["username_claim"].required = False
self.fields["claim_mapping"].required = False
self.fields["sync_groups_glob_pattern"].required = False
19 changes: 10 additions & 9 deletions mozilla_django_oidc_db/setup_configuration/models.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
from typing import Optional, Union
from typing import Union

from django_setup_configuration.fields import DjangoModelRef
from django_setup_configuration.models import ConfigurationModel
Expand Down Expand Up @@ -48,23 +48,24 @@ def get_endpoint_endpoint_model(endpoint_data):

class AdminOIDCConfigurationModel(ConfigurationModel):

# Change default to True
enabled: bool | None = DjangoModelRef(OpenIDConnectConfig, "enabled", default=True)

# Json
claim_mapping: Optional[dict] = DjangoModelRef(OpenIDConnectConfig, "claim_mapping")
claim_mapping: dict | None = DjangoModelRef(OpenIDConnectConfig, "claim_mapping")

# Arrays are overridden to make the typing simpler (the underlying Django field is an ArrayField, which is non-standard)
username_claim: Optional[list[str]] = DjangoModelRef(
username_claim: list[str] | None = DjangoModelRef(
OpenIDConnectConfig, "username_claim"
)
groups_claim: Optional[list[str]] = DjangoModelRef(
OpenIDConnectConfig, "groups_claim"
)
superuser_group_names: Optional[list[str]] = DjangoModelRef(
groups_claim: list[str] | None = DjangoModelRef(OpenIDConnectConfig, "groups_claim")
superuser_group_names: list[str] | None = DjangoModelRef(
OpenIDConnectConfig, "superuser_group_names"
)
default_groups: Optional[list[str]] = DjangoModelRef(
default_groups: list[str] | None = DjangoModelRef(
OpenIDConnectConfig, "superuser_group_names"
)
oidc_rp_scopes_list: Optional[list[str]] = DjangoModelRef(
oidc_rp_scopes_list: list[str] | None = DjangoModelRef(
OpenIDConnectConfig, "oidc_rp_scopes_list"
)

Expand Down
19 changes: 5 additions & 14 deletions mozilla_django_oidc_db/setup_configuration/steps.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
from django_setup_configuration.configuration import BaseConfigurationStep
from django_setup_configuration.exceptions import ConfigurationRunFailed

from mozilla_django_oidc_db.forms import OIDCSetupConfigForm
from mozilla_django_oidc_db.forms import OpenIDConnectConfigForm
from mozilla_django_oidc_db.models import OpenIDConnectConfig
from mozilla_django_oidc_db.setup_configuration.models import (
AdminOIDCConfigurationModel,
Expand All @@ -23,25 +23,16 @@ def execute(self, model: AdminOIDCConfigurationModel) -> None:

config = OpenIDConnectConfig.get_solo()

base_model_data = model.model_dump()
endpoint_config_data = base_model_data.pop("endpoint_config")

all_settings = {
"sync_groups": config.sync_groups,
"oidc_use_nonce": config.oidc_use_nonce,
"enabled": True,
"claim_mapping": config.claim_mapping, # JSONFormField widget cannot handle blank values with object schema
"sync_groups_glob_pattern": config.sync_groups_glob_pattern,
**base_model_data,
**endpoint_config_data,
}
all_settings = model.model_dump()
endpoint_config_data = all_settings.pop("endpoint_config")
all_settings.update(endpoint_config_data)

if groups := all_settings.get("default_groups"):
all_settings["default_groups"] = create_missing_groups(
groups, all_settings["sync_groups_glob_pattern"]
)

form = OIDCSetupConfigForm(
form = OpenIDConnectConfigForm(
instance=config,
data=all_settings,
)
Expand Down
2 changes: 1 addition & 1 deletion pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ Changelog = "https://github.com/maykinmedia/mozilla-django-oidc-db/blob/master/C

[project.optional-dependencies]
setupconfig = [
"django-setup-configuration@git+https://github.com/maykinmedia/django-setup-configuration.git@c3cb480223d23d1220bd4aca0c57eb07aacaf637",
"django-setup-configuration>=0.4.0",
]
tests = [
"psycopg2",
Expand Down
1 change: 1 addition & 0 deletions tests/setupconfig/files/full_setup.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
oidc_db_config_enable: True
oidc_db_config_admin_auth:
enabled: False
oidc_rp_client_id: client-id
oidc_rp_client_secret: secret
oidc_rp_scopes_list:
Expand Down
2 changes: 1 addition & 1 deletion tests/setupconfig/test_steps.py
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ def test_configure(setup_config_full_model):

config = OpenIDConnectConfig.get_solo()

assert config.enabled
assert not config.enabled
assert config.oidc_rp_client_id == "client-id"
assert config.oidc_rp_client_secret == "secret"
assert config.oidc_rp_scopes_list == ["open_id", "email", "profile", "extra_scope"]
Expand Down

0 comments on commit 1d0bdbf

Please sign in to comment.