Skip to content
This repository has been archived by the owner on Aug 20, 2024. It is now read-only.

[WIP] Simplify package #9

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

[WIP] Simplify package #9

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
c5db268
Remove basic auth
lbeaufort May 21, 2024
8579bbb
Remove unused session refresh
lbeaufort May 21, 2024
7d10590
Remove unused integration tests
lbeaufort May 21, 2024
67ce85e
Allow for hashing user, default to not
lbeaufort May 21, 2024
dd92d90
Only allow unique ID to be stored in username or email
lbeaufort May 21, 2024
578fd24
Streamline token logic
lbeaufort May 21, 2024
edd7678
Remove DRF
lbeaufort May 21, 2024
bf50b52
Update minor version for security warning
lbeaufort May 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 0 additions & 5 deletions docs/settings.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -267,11 +267,6 @@ of ``mozilla-django-oidc``.

https://tools.ietf.org/html/rfc7519#section-6

.. py:attribute:: OIDC_TOKEN_USE_BASIC_AUTH

:default: False

Use HTTP Basic Authentication instead of sending the client secret in token request POST body.

.. py:attribute:: ALLOW_LOGOUT_GET_METHOD

Expand Down
87 changes: 0 additions & 87 deletions integration_tests/integration_tests.py
View file
Open in desktop

This file was deleted.

59 changes: 5 additions & 54 deletions mozilla_django_oidc/auth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,6 @@
import base64
import hashlib
import json
import logging
import requests
from requests.auth import HTTPBasicAuth

# logindotgov-oidc
import secrets
Expand All @@ -28,26 +25,6 @@
LOGGER = logging.getLogger(__name__)


def default_username_algo(unique_identifier, claims=None):
"""Generate username for the Django user.

:arg str/unicode unique_identifier: the unique_identifier to use to generate a username
:arg dic claims: the claims from your OIDC provider, currently unused

:returns: str/unicode

"""
# bluntly stolen from django-browserid
# store the username as a base64 encoded sha224 of the unique_identifier
# this protects against data leakage because usernames are often
# treated as public identifiers (so we can't use the unique_identifier).
username = base64.urlsafe_b64encode(
hashlib.sha1(force_bytes(unique_identifier)).digest()
).rstrip(b"=")

return smart_str(username)


class OIDCAuthenticationBackend(ModelBackend):
"""Override Django's authentication."""

Expand Down Expand Up @@ -129,20 +106,7 @@ def create_user(self, claims):
email = claims.get("email")
username = self.get_username(claims)

# Create user with custom values if they're specified
if not (
(self.OIDC_RP_UNIQUE_IDENTIFIER == "email")
or (self.OIDC_RP_UNIQUE_IDENTIFIER == "username")
):
# { app_field: idp_field}
# { "uuid": "sub_value"}
extra_params = {
self.OIDC_RP_UNIQUE_IDENTIFIER: self.get_idp_unique_id_value(claims)
}
else:
extra_params = {}

return self.UserModel.objects.create_user(username, email=email, **extra_params)
return self.UserModel.objects.create_user(username, email=email)

def get_username(self, claims):
"""Generate username based on claims."""
Expand All @@ -161,7 +125,7 @@ def get_username(self, claims):
# also pass the claims to the custom user name algo
return username_algo(self.get_idp_unique_id_value(claims), claims)

return default_username_algo(self.get_idp_unique_id_value(claims), claims)
return self.get_idp_unique_id_value(claims)

def update_user(self, user, claims):
"""Update existing user with new email, if necessary save, and return user"""
Expand Down Expand Up @@ -293,30 +257,17 @@ def get_token(self, payload):
self.OIDC_RP_CLIENT_SECRET,
algorithm=self.OIDC_RP_SIGN_ALGO
)
token_payload = {
code = payload.get("code")
payload = {
"client_assertion": encoded_jwt,
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"code": payload.get("code"),
"code": code,
"grant_type": "authorization_code",
}
response = requests.post(self.OIDC_OP_TOKEN_ENDPOINT, data=token_payload)
self.raise_token_response_error(response)
return response.json()

# Default implementation
auth = None
if self.get_settings("OIDC_TOKEN_USE_BASIC_AUTH", False):
# When Basic auth is defined, create the Auth Header and remove secret from payload.
user = payload.get("client_id")
pw = payload.get("client_secret")

auth = HTTPBasicAuth(user, pw)
del payload["client_secret"]

response = requests.post(
self.OIDC_OP_TOKEN_ENDPOINT,
data=payload,
auth=auth,
verify=self.get_settings("OIDC_VERIFY_SSL", True),
timeout=self.get_settings("OIDC_TIMEOUT", None),
proxies=self.get_settings("OIDC_PROXY", None),
Expand Down
Empty file removed mozilla_django_oidc/contrib/__init__.py
View file
Open in desktop
Empty file.
143 changes: 0 additions & 143 deletions mozilla_django_oidc/contrib/drf.py
View file
Open in desktop

This file was deleted.

Loading