✨[#114] full implementation of new setup config

maykinmedia · Nov 18, 2024 · 18e6d69 · 18e6d69
1 parent 539ab50
commit 18e6d69
Show file tree

Hide file tree

Showing 8 changed files with 51 additions and 27 deletions.
diff --git a/mozilla_django_oidc_db/setup_configuration/models.py b/mozilla_django_oidc_db/setup_configuration/models.py
@@ -7,9 +7,32 @@
 from mozilla_django_oidc_db.models import OpenIDConnectConfig
 
 
+class OIDCFullEndpointConfig(ConfigurationModel):
+
+    class Meta:
+        django_model_refs = {
+            OpenIDConnectConfig: [
+                "oidc_op_authorization_endpoint",
+                "oidc_op_token_endpoint",
+                "oidc_op_user_endpoint",
+            ]
+        }
+
+
+class OIDCDiscoveryEndpoint(ConfigurationModel):
+
+    class Meta:
+        django_model_refs = {
+            OpenIDConnectConfig: [
+                "oidc_op_discovery_endpoint",
+            ]
+        }
+
+
 class AdminOIDCConfigurationModel(ConfigurationModel):
 
-    # claim_mapping: Optional[str] = None  # JSON
+    # Json
+    claim_mapping: Optional[dict] = DjangoModelRef(OpenIDConnectConfig, "claim_mapping")
 
     # Arrays are overridden to make the typing simpler (the underlying Django field is an ArrayField, which is non-standard)
     username_claim: Optional[list[str]] = DjangoModelRef(
@@ -21,26 +44,17 @@ class AdminOIDCConfigurationModel(ConfigurationModel):
     superuser_group_names: Optional[list[str]] = DjangoModelRef(
         OpenIDConnectConfig, "superuser_group_names"
     )
-
-    # Endpoints
-    oidc_op_authorization_endpoint: Optional[AnyUrl] = DjangoModelRef(
-        OpenIDConnectConfig, "oidc_op_authorization_endpoint", required=False
-    )
-    oidc_op_token_endpoint: Optional[AnyUrl] = DjangoModelRef(
-        OpenIDConnectConfig, "oidc_op_token_endpoint", required=False
-    )
-    oidc_op_user_endpoint: Optional[AnyUrl] = DjangoModelRef(
-        OpenIDConnectConfig, "oidc_op_user_endpoint", required=False
+    default_groups: Optional[list[str]] = DjangoModelRef(
+        OpenIDConnectConfig, "superuser_group_names"
     )
 
+    endpoint_config: OIDCFullEndpointConfig | OIDCDiscoveryEndpoint
+
     class Meta:
         django_model_refs = {
             OpenIDConnectConfig: [
                 "oidc_rp_client_id",
                 "oidc_rp_client_secret",
-                "oidc_op_authorization_endpoint",
-                "oidc_op_token_endpoint",
-                "oidc_op_user_endpoint",
                 "oidc_token_use_basic_auth",
                 "oidc_rp_idp_sign_key",
                 "oidc_op_logout_endpoint",

diff --git a/mozilla_django_oidc_db/setup_configuration/steps.py b/mozilla_django_oidc_db/setup_configuration/steps.py
@@ -28,15 +28,23 @@ def is_configured(self, model) -> bool:
         return OpenIDConnectConfig.get_solo().enabled
 
     def execute(self, model: AdminOIDCConfigurationModel) -> None:
+
+        print("_-" * 10)
         config = OpenIDConnectConfig.get_solo()
 
+        base_model_data = model.model_dump()
+        endpoint_config_data = base_model_data.pop("endpoint_config")
+
+        print(endpoint_config_data)
+
         all_settings = {
             "sync_groups": config.sync_groups,
             "oidc_use_nonce": config.oidc_use_nonce,
             "enabled": True,
             "claim_mapping": config.claim_mapping,  # JSONFormField widget cannot handle blank values with object schema
             "sync_groups_glob_pattern": config.sync_groups_glob_pattern,
-            **model.model_dump(),
+            **base_model_data,
+            **endpoint_config_data,
         }
 
         if groups := all_settings.get("default_groups"):

diff --git a/...est_configure_use_discovery_endpoint.yaml → ...est_configure_use_discovery_endpoint.yaml b/...est_configure_use_discovery_endpoint.yaml → ...est_configure_use_discovery_endpoint.yaml
diff --git a/tests/setupconfig/files/defaults.yml b/tests/setupconfig/files/defaults.yml
@@ -2,6 +2,7 @@ ADMIN_OIDC_CONFIG_ENABLE: True
 ADMIN_OIDC:
   oidc_rp_client_id: client-id
   oidc_rp_client_secret: secret
-  oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth
-  oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token
-  oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo
+  endpoint_config:
+    oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth
+    oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token
+    oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo
diff --git a/tests/setupconfig/files/discovery.yml b/tests/setupconfig/files/discovery.yml
@@ -2,4 +2,5 @@ ADMIN_OIDC_CONFIG_ENABLE: True
 ADMIN_OIDC:
   oidc_rp_client_id: testid
   oidc_rp_client_secret: 7DB3KUAAizYCcmZufpHRVOcD0TOkNO3I
-  oidc_op_discovery_endpoint: http://localhost:8080/realms/test/
+  endpoint_config:
+    oidc_op_discovery_endpoint: http://localhost:8080/realms/test/
diff --git a/tests/setupconfig/files/discovery_disabled.yml b/tests/setupconfig/files/discovery_disabled.yml
@@ -2,4 +2,5 @@ ADMIN_OIDC_CONFIG_ENABLE: False
 ADMIN_OIDC:
   oidc_rp_client_id: testid
   oidc_rp_client_secret: 7DB3KUAAizYCcmZufpHRVOcD0TOkNO3I
-  oidc_op_discovery_endpoint: http://localhost:8080/realms/test/
+  endpoint_config:
+    oidc_op_discovery_endpoint: http://localhost:8080/realms/test/
diff --git a/tests/setupconfig/files/full_setup.yml b/tests/setupconfig/files/full_setup.yml
@@ -9,11 +9,12 @@ ADMIN_OIDC:
   - extra_scope
   oidc_rp_sign_algo: RS256
   oidc_rp_idp_sign_key: key
-  oidc_op_discovery_endpoint:
   oidc_op_jwks_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/certs
-  oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth
-  oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token
-  oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo
+  endpoint_config:
+      oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth
+      oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token
+      oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo
+      oidc_op_discovery_endpoint:
   username_claim:
   - claim_name
   groups_claim:

diff --git a/tests/setupconfig/test_steps.py b/tests/setupconfig/test_steps.py
@@ -89,9 +89,7 @@ def test_enable_required_setting():
 
     assert "ADMIN_OIDC.oidc_rp_client_id" in str(command_error.value)
     assert "ADMIN_OIDC.oidc_rp_client_secret" in str(command_error.value)
-    assert "ADMIN_OIDC.oidc_op_authorization_endpoint" in str(command_error.value)
-    assert "ADMIN_OIDC.oidc_op_token_endpoint" in str(command_error.value)
-    assert "ADMIN_OIDC.oidc_op_user_endpoint" in str(command_error.value)
+    assert "ADMIN_OIDC.endpoint_config" in str(command_error.value)
 
     config = OpenIDConnectConfig.get_solo()
     assert not config.enabled