✨ Define claim obfuscation parameters on config models

Downstream projects will miss/forget this, and we know which claims hold privacy-sensitive information.
maykinmedia · Jun 13, 2024 · 04242ab · 04242ab
1 parent 48667bf
commit 04242ab
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 6 deletions.
diff --git a/digid_eherkenning/oidc/migrations/0004_migrate_config_to_claimfield.py b/digid_eherkenning/oidc/migrations/0004_migrate_config_to_claimfield.py
@@ -140,7 +140,7 @@ class Migration(migrations.Migration):
                     max_length=50, verbose_name="claim path segment"
                 ),
                 default=mozilla_django_oidc_db.fields.ClaimFieldDefault("sel_uid"),
-                help_text="Name of the claim holding the identifier (like a BSN, RSIN or CoC number) of the represented person/company.",
+                help_text="Name of the claim holding the BSN of the represented person.",
                 size=None,
                 verbose_name="representee identifier claim",
             ),

diff --git a/digid_eherkenning/oidc/models/digid.py b/digid_eherkenning/oidc/models/digid.py
@@ -1,3 +1,5 @@
+from collections.abc import Sequence
+
 from django.db import models
 from django.utils.translation import gettext_lazy as _
 
@@ -71,3 +73,10 @@ class DigiDMachtigenConfig(OpenIDConnectBaseConfig):
 
     class Meta:
         verbose_name = _("OpenID Connect configuration for DigiD Machtigen")
+
+    @property
+    def oidcdb_sensitive_claims(self) -> Sequence[ClaimPath]:
+        return [
+            self.representee_bsn_claim,  # type: ignore
+            self.authorizee_bsn_claim,  # type: ignore
+        ]
diff --git a/digid_eherkenning/oidc/models/eherkenning.py b/digid_eherkenning/oidc/models/eherkenning.py
@@ -1,3 +1,5 @@
+from collections.abc import Sequence
+
 from django.db import models
 from django.utils.translation import gettext_lazy as _
 
@@ -52,6 +54,13 @@ class AuthorizeeMixin(models.Model):
     class Meta:
         abstract = True
 
+    @property
+    def oidcdb_sensitive_claims(self) -> Sequence[ClaimPath]:
+        return [
+            self.legal_subject_claim,  # type: ignore
+            self.branch_number_claim,  # type: ignore
+        ]
+
 
 class EHerkenningConfig(AuthorizeeMixin, OpenIDConnectBaseConfig):
     """
@@ -78,15 +87,13 @@ def oidcdb_username_claim(self) -> ClaimPath:
 
 
 class EHerkenningBewindvoeringConfig(AuthorizeeMixin, OpenIDConnectBaseConfig):
-    # XXX: how do we determine the identifier type?
+    # NOTE: Discussion with an employee from Anoigo states this will always be a BSN,
+    # not an RSIN or CoC number.
     representee_claim = ClaimField(
         verbose_name=_("representee identifier claim"),
         # TODO: this is Anoigo, but could really be anything...
         default=ClaimFieldDefault("sel_uid"),
-        help_text=_(
-            "Name of the claim holding the identifier (like a BSN, RSIN or CoC number) "
-            "of the represented person/company."
-        ),
+        help_text=_("Name of the claim holding the BSN of the represented person."),
     )
 
     mandate_service_id_claim = ClaimField(
@@ -119,3 +126,10 @@ class EHerkenningBewindvoeringConfig(AuthorizeeMixin, OpenIDConnectBaseConfig):
 
     class Meta:
         verbose_name = _("OpenID Connect configuration for eHerkenning Bewindvoering")
+
+    @property
+    def oidcdb_sensitive_claims(self) -> Sequence[ClaimPath]:
+        base = super().oidcdb_sensitive_claims
+        return base + [
+            self.representee_claim,  # type: ignore
+        ]