-
Notifications
You must be signed in to change notification settings - Fork 43
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Replaces #44 - [x] Update requirements_all.txt - [x] Add common model changes to prevent time changing from oauth2 system changes - [x] Add tests - [x] Fix linting --------- Signed-off-by: Rick Elrod <[email protected]> Co-authored-by: Rick Elrod <[email protected]>
- Loading branch information
1 parent
b660136
commit 010efea
Showing
45 changed files
with
2,145 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
from django.contrib import admin # noqa: F401 | ||
|
||
# Register your models here. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
from django.apps import AppConfig | ||
|
||
|
||
class Oauth2ProviderConfig(AppConfig): | ||
default_auto_field = 'django.db.models.BigAutoField' | ||
name = 'ansible_base.oauth2_provider' | ||
label = 'dab_oauth2_provider' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
import logging | ||
|
||
from django.utils.encoding import smart_str | ||
from oauth2_provider.contrib.rest_framework import OAuth2Authentication | ||
|
||
logger = logging.getLogger('ansible_base.oauth2_provider.authentication') | ||
|
||
|
||
class LoggedOAuth2Authentication(OAuth2Authentication): | ||
def authenticate(self, request): | ||
ret = super().authenticate(request) | ||
if ret: | ||
user, token = ret | ||
username = user.username if user else '<none>' | ||
logger.info( | ||
smart_str(u"User {} performed a {} to {} through the API using OAuth 2 token {}.".format(username, request.method, request.path, token.pk)) | ||
) | ||
# TODO: check oauth_scopes when we have RBAC in Gateway | ||
setattr(user, 'oauth_scopes', [x for x in token.scope.split() if x]) | ||
return ret |
130 changes: 130 additions & 0 deletions
130
ansible_base/oauth2_provider/migrations/0001_initial.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,130 @@ | ||
# Generated by Django 4.2.8 on 2024-02-11 20:16 | ||
|
||
import re | ||
import uuid | ||
|
||
import django.core.validators | ||
import django.db.models.deletion | ||
import oauth2_provider.generators | ||
from django.conf import settings | ||
from django.db import migrations, models | ||
|
||
import ansible_base.oauth2_provider.models.application | ||
|
||
|
||
class Migration(migrations.Migration): | ||
|
||
initial = True | ||
|
||
dependencies = [ | ||
migrations.swappable_dependency(settings.AUTH_USER_MODEL), | ||
migrations.swappable_dependency(settings.ANSIBLE_BASE_ORGANIZATION_MODEL), | ||
] | ||
|
||
run_before = [ | ||
('oauth2_provider', '0001_initial'), | ||
] | ||
|
||
operations = [ | ||
migrations.CreateModel( | ||
name='OAuth2Application', | ||
fields=[ | ||
('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), | ||
('created', models.DateTimeField(auto_now_add=True, default=django.utils.timezone.now, editable=False, help_text='The date/time this resource was created')), | ||
('modified', models.DateTimeField(default=None, editable=False, help_text='The date/time this resource was created')), | ||
('name', models.CharField(blank=True, help_text='The name of this resource', max_length=255)), | ||
('client_id', models.CharField(db_index=True, default=oauth2_provider.generators.generate_client_id, max_length=100, unique=True)), | ||
('description', models.TextField(blank=True, default='')), | ||
('logo_data', models.TextField(default='', editable=False, validators=[django.core.validators.RegexValidator(re.compile('.*'))])), | ||
('client_secret', models.CharField(blank=True, db_index=True, default=oauth2_provider.generators.generate_client_secret, help_text='Used for more stringent verification of access to an application when creating a token.', max_length=1024)), | ||
('client_type', models.CharField(choices=[('confidential', 'Confidential'), ('public', 'Public')], help_text='Set to Public or Confidential depending on how secure the client device is.', max_length=32)), | ||
('skip_authorization', models.BooleanField(default=False, help_text='Set True to skip authorization step for completely trusted applications.')), | ||
('authorization_grant_type', models.CharField(choices=[('authorization-code', 'Authorization code'), ('password', 'Resource owner password-based')], help_text='The Grant type the user must use for acquire tokens for this application.', max_length=32)), | ||
('created_by', models.ForeignKey(default=None, editable=False, help_text='The user who created this resource', null=True, on_delete=django.db.models.deletion.DO_NOTHING, related_name='%(app_label)s_%(class)s_created+', to=settings.AUTH_USER_MODEL)), | ||
('modified_by', models.ForeignKey(default=None, editable=False, help_text='The user who last modified this resource', null=True, on_delete=django.db.models.deletion.DO_NOTHING, related_name='%(app_label)s_%(class)s_modified+', to=settings.AUTH_USER_MODEL)), | ||
('organization', models.ForeignKey(help_text='Organization containing this application.', null=True, on_delete=django.db.models.deletion.CASCADE, related_name='applications', to=settings.ANSIBLE_BASE_ORGANIZATION_MODEL)), | ||
('algorithm', models.CharField(blank=True, choices=[('', 'No OIDC support'), ('RS256', 'RSA with SHA-2 256'), ('HS256', 'HMAC with SHA-2 256')], default='', max_length=5)), | ||
('post_logout_redirect_uris', models.TextField(blank=True, help_text='Allowed Post Logout URIs list, space separated')), | ||
('redirect_uris', models.TextField(blank=True, help_text='Allowed URIs list, space separated')), | ||
('updated', models.DateTimeField(auto_now=True)), | ||
('user', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='%(app_label)s_%(class)s', to=settings.AUTH_USER_MODEL)), | ||
], | ||
options={ | ||
'verbose_name': 'application', | ||
'ordering': ('organization', 'name'), | ||
'swappable': 'OAUTH2_PROVIDER_APPLICATION_MODEL', | ||
'unique_together': {('name', 'organization')}, | ||
}, | ||
), | ||
migrations.CreateModel( | ||
name='OAuth2IDToken', | ||
fields=[ | ||
('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), | ||
('created', models.DateTimeField(auto_now_add=True, default=django.utils.timezone.now, editable=False, help_text='The date/time this resource was created')), | ||
('modified', models.DateTimeField(default=None, editable=False, help_text='The date/time this resource was created')), | ||
('created_by', models.ForeignKey(default=None, editable=False, help_text='The user who created this resource', null=True, on_delete=django.db.models.deletion.DO_NOTHING, related_name='%(app_label)s_%(class)s_created+', to=settings.AUTH_USER_MODEL)), | ||
('modified_by', models.ForeignKey(default=None, editable=False, help_text='The user who last modified this resource', null=True, on_delete=django.db.models.deletion.DO_NOTHING, related_name='%(app_label)s_%(class)s_modified+', to=settings.AUTH_USER_MODEL)), | ||
('application', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to=settings.OAUTH2_PROVIDER_APPLICATION_MODEL)), | ||
('expires', models.DateTimeField(default=None)), | ||
('jti', models.UUIDField(default=uuid.uuid4, editable=False, unique=True, verbose_name='JWT Token ID')), | ||
('scope', models.TextField(blank=True)), | ||
('updated', models.DateTimeField(auto_now=True)), | ||
('user', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='%(app_label)s_%(class)s', to=settings.AUTH_USER_MODEL)), | ||
], | ||
options={ | ||
'verbose_name': 'id token', | ||
'swappable': 'OAUTH2_PROVIDER_ID_TOKEN_MODEL', | ||
}, | ||
), | ||
migrations.CreateModel( | ||
name='OAuth2RefreshToken', | ||
fields=[ | ||
('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), | ||
('created', models.DateTimeField(default=None, editable=False, help_text='The date/time this resource was created')), | ||
('modified', models.DateTimeField(default=None, editable=False, help_text='The date/time this resource was created')), | ||
('created_by', models.ForeignKey(default=None, editable=False, help_text='The user who created this resource', null=True, on_delete=django.db.models.deletion.DO_NOTHING, related_name='%(app_label)s_%(class)s_created+', to=settings.AUTH_USER_MODEL)), | ||
('modified_by', models.ForeignKey(default=None, editable=False, help_text='The user who last modified this resource', null=True, on_delete=django.db.models.deletion.DO_NOTHING, related_name='%(app_label)s_%(class)s_modified+', to=settings.AUTH_USER_MODEL)), | ||
('application', models.ForeignKey(default='', on_delete=django.db.models.deletion.CASCADE, to=settings.OAUTH2_PROVIDER_APPLICATION_MODEL)), | ||
('revoked', models.DateTimeField(null=True)), | ||
('token', models.CharField(default='', max_length=255)), | ||
('updated', models.DateTimeField(auto_now=True)), | ||
('user', models.ForeignKey(default='', on_delete=django.db.models.deletion.CASCADE, related_name='%(app_label)s_%(class)s', to=settings.AUTH_USER_MODEL)), | ||
], | ||
options={ | ||
'verbose_name': 'access token', | ||
'ordering': ('id',), | ||
'swappable': 'OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL', | ||
'unique_together': {('token', 'revoked')}, | ||
}, | ||
), | ||
migrations.CreateModel( | ||
name='OAuth2AccessToken', | ||
fields=[ | ||
('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), | ||
('created', models.DateTimeField(auto_now_add=True, default=django.utils.timezone.now, editable=False, help_text='The date/time this resource was created')), | ||
('modified', models.DateTimeField(default=None, editable=False, help_text='The date/time this resource was created')), | ||
('description', models.TextField(blank=True, default='')), | ||
('last_used', models.DateTimeField(default=None, editable=False, null=True)), | ||
('scope', models.CharField(blank=True, choices=[('read', 'read'), ('write', 'write')], default='write', help_text="Allowed scopes, further restricts user's permissions. Must be a simple space-separated string with allowed scopes ['read', 'write'].", max_length=32)), | ||
('created_by', models.ForeignKey(default=None, editable=False, help_text='The user who created this resource', null=True, on_delete=django.db.models.deletion.DO_NOTHING, related_name='%(app_label)s_%(class)s_created+', to=settings.AUTH_USER_MODEL)), | ||
('modified_by', models.ForeignKey(default=None, editable=False, help_text='The user who last modified this resource', null=True, on_delete=django.db.models.deletion.DO_NOTHING, related_name='%(app_label)s_%(class)s_modified+', to=settings.AUTH_USER_MODEL)), | ||
('user', models.ForeignKey(blank=True, help_text='The user representing the token owner', null=True, on_delete=django.db.models.deletion.CASCADE, related_name='%(app_label)s_%(class)s', to=settings.AUTH_USER_MODEL)), | ||
('application', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to=settings.OAUTH2_PROVIDER_APPLICATION_MODEL)), | ||
('expires', models.DateTimeField(default=None)), | ||
('token', models.CharField(default='', max_length=255, unique=True)), | ||
('updated', models.DateTimeField(auto_now=True)), | ||
('id_token', models.OneToOneField(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='access_token', to=settings.OAUTH2_PROVIDER_ID_TOKEN_MODEL)), | ||
('source_refresh_token', models.OneToOneField(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='refreshed_access_token', to=settings.OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL)), | ||
], | ||
options={ | ||
'verbose_name': 'access token', | ||
'ordering': ('id',), | ||
'swappable': 'OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL', | ||
}, | ||
), | ||
migrations.AddField( | ||
model_name='oauth2refreshtoken', | ||
name='access_token', | ||
field=models.OneToOneField(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='refresh_token', to=settings.OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL), | ||
), | ||
] |
Oops, something went wrong.