chore: Add mock-oauth2-server

README.md

@@ -42,6 +42,13 @@ see: https://github.com/navikt/mock-oauth2-server
 
 configuration can be found in ./tests/resources
 
+If you want for redirects to work properly you need to add mock oauth to `/etc/hosts`
+```bash
+echo "127.0.0.1 oauth.localhost" >> /etc/hosts
+```
+
+But if you can't, you can always change `oauth.localhost` to `localhost` in your browser when redirect fails.
+
 ## Deployment
 
 ```shell

docker-compose.yml

@@ -12,7 +12,9 @@ services:
       - APP_DB_PASSWORD=S3cret
       - APP_DB_HOST=postgres
       - APP_DB_PORT=5432
-      - APP_OAUTH_OPENID=http://oauth2:8080/issuer1/.well-known/openid-configuration
+      - OAUTH_CLIENT_ID=fake-development-client-id
+      - OAUTH_CLIENT_SECRET=12345678
+      - APP_OAUTH_OPENID=http://oauth.localhost:8080/issuer1/.well-known/openid-configuration
 
     ports:
       # use 127.0.0.1:8000:8000
@@ -34,6 +36,22 @@ services:
       - POSTGRES_PASSWORD=S3cret
       - POSTGRES_USER=whohacks
       - POSTGRES_DB=whohacks
+  mock-oauth2-server:
+    image: ghcr.io/navikt/mock-oauth2-server:2.1.8
+    hostname: oauth.localhost
+    ports:
+      - "8080:8080"
+    # this
+    # network_mode: "host"
+    volumes:
+      - ./tests/resources/config.json:/app/config.json
+      - ./tests/resources/login.example.html:/app/login/login.example.html
+      - ./tests/resources/static/:/app/static/
+    environment:
+      LOG_LEVEL: "debug"
+      SERVER_PORT: 8080
+      # SERVER_HOSTNAME: localhost
+      JSON_CONFIG_PATH: /app/config.json
 
 volumes:
   sqlite:

tests/resources/config.json

@@ -0,0 +1,38 @@
+{
+  "interactiveLogin": true,
+  "httpServer": "NettyWrapper",
+  "loginPagePath": "/app/login/login.example.html",
+  "staticAssetsPath": "/app/static",
+  "tokenCallbacks": [
+    {
+      "issuerId": "issuer1",
+      "tokenExpiry": 120,
+      "requestMappings": [
+        {
+          "requestParam": "scope",
+          "match": "openid profile email",
+          "claims": {
+            "preferred_username": "user1",
+            "email": "[email protected]",
+            "sub": "subBySomeParam",
+                        "aud": [
+                            "audBySomeParam"
+                        ]
+          }
+        },
+        {
+          "requestParam": "client_id",
+          "match": "fake-development-client-id",
+          "claims": {
+            "sub": "$clientId",
+            "aud": "00000000-0000-0000-0123-456789abcdef",
+            "code": "00000000-0000-0000-0123-456789abcdef",
+            "scope": ["openid", "offline_access"],
+            "token_type": "bearer",
+            "client_id": "00000000-0000-0000-0123-456789abcdef"
+          }
+        }
+      ]
+    }
+  ]
+}

tests/resources/login.example.html

@@ -0,0 +1,47 @@
+<!doctype html>
+<html lang="en">
+
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+    <title>Mock OAuth2 Server Example Sign-in</title>
+
+    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css"
+        integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
+</head>
+
+<body>
+    <div class="container">
+        <div class="row mt-5 justify-content-md-center">
+            <div class="col-md-5">
+                <h4><img src="/static/nav-logo-red.svg" />&nbsp;&nbsp; Mock OAuth2 Server Example</h4>
+                <hr class="divisor">
+                <h5>Quick</h5>
+                <form method="post">
+                    <input type="hidden" name="username" value='user1' />
+                    <input type="hidden" name="claims" value='{"preferred_username":"user1"}' />
+                    <button type="submit" class="btn btn-primary topBtn"><i class="fa fa-sign-in"></i>Sign-in as <pre>user1</pre></button>
+                </form>
+                <hr class="divisor">
+                <h5>Custom</h5>
+                <form method="post">
+                    <div></div>
+
+                    <div class="form-group">
+                        <input type="text" class="form-control" name="username" autofocus="on"
+                            placeholder="Enter any user/subject">
+                    </div>
+                    <div class="form-group">
+                        <textarea class="form-control" name="claims" rows="15" placeholder="Optional claims JSON value, example:
+{
+  &quot;acr&quot;: &quot;reference&quot;
+}"></textarea>
+                    </div>
+                    <button type="submit" class="btn btn-primary topBtn"><i class="fa fa-sign-in"></i>Sign-in</button>
+                </form>
+            </div>
+        </div>
+    </div>
+</body>
+
+</html>

tests/resources/static/test.css

@@ -0,0 +1,3 @@
+.container {
+    max-width: 800px;
+}

whois/settings.py

@@ -33,11 +33,12 @@
 
 oidc_enabled = True
 # OAuth settings
-SSO_CLIENT_ID = os.environ.get("APP_OAUTH_CLIENT_ID")
-SSO_CLIENT_SECRET = os.environ.get("APP_OAUTH_CLIENT_SECRET")
-SSO_AUTH_URL = os.environ.get("APP_OAUTH_AUTH_URL")
-SSO_TOKEN_URL = os.environ.get("APP_OAUTH_TOKEN_URL")
-SSO_USERINFO_URL = os.environ.get("APP_OAUTH_USERINFO_URL")
+# TODO: cleanup, as we are getting everything from well-known endpoint
+SSO_CLIENT_ID = os.environ.get("OAUTH_CLIENT_ID")
+SSO_CLIENT_SECRET = os.environ.get("OAUTH_CLIENT_SECRET")
+# SSO_AUTH_URL = os.environ.get("APP_OAUTH_AUTH_URL")
+# SSO_TOKEN_URL = os.environ.get("APP_OAUTH_TOKEN_URL")
+# SSO_USERINFO_URL = os.environ.get("APP_OAUTH_USERINFO_URL")
 APP_OAUTH_OPENID = os.environ.get("APP_OAUTH_OPENID")
 
 # production