🚚 Split models into separate modules

Organizing by DigiD and eHerkenning, similarly to the SAML models.
maykinmedia · May 28, 2024 · 0bedd5c · 0bedd5c
1 parent a296a83
commit 0bedd5c
Show file tree

Hide file tree

Showing 6 changed files with 215 additions and 214 deletions.
diff --git a/digid_eherkenning/oidc/forms.py b/digid_eherkenning/oidc/forms.py
@@ -5,7 +5,7 @@
 from mozilla_django_oidc_db.constants import OIDC_MAPPING
 from mozilla_django_oidc_db.forms import OpenIDConnectConfigForm
 
-from .models import OpenIDConnectBaseConfig
+from .models.base import OpenIDConnectBaseConfig
 
 
 def admin_modelform_factory(model: type[OpenIDConnectBaseConfig], *args, **kwargs):

diff --git a/digid_eherkenning/oidc/models.py b/digid_eherkenning/oidc/models.py
diff --git a/digid_eherkenning/oidc/models/__init__.py b/digid_eherkenning/oidc/models/__init__.py
@@ -0,0 +1,12 @@
+from .base import get_default_scopes_bsn, get_default_scopes_kvk
+from .digid import DigiDConfig, DigiDMachtigenConfig
+from .eherkenning import EHerkenningBewindvoeringConfig, EHerkenningConfig
+
+__all__ = [
+    "get_default_scopes_bsn",
+    "get_default_scopes_kvk",
+    "DigiDConfig",
+    "DigiDMachtigenConfig",
+    "EHerkenningConfig",
+    "EHerkenningBewindvoeringConfig",
+]
diff --git a/digid_eherkenning/oidc/models/base.py b/digid_eherkenning/oidc/models/base.py
@@ -0,0 +1,31 @@
+from django.utils.functional import classproperty
+from django.utils.translation import gettext_lazy as _
+
+from mozilla_django_oidc_db.models import OpenIDConnectConfigBase
+
+
+def get_default_scopes_bsn():
+    """
+    Returns the default scopes to request for OpenID Connect logins
+    """
+    return ["openid", "bsn"]
+
+
+def get_default_scopes_kvk():
+    """
+    Returns the default scopes to request for OpenID Connect logins
+    """
+    return ["openid", "kvk"]
+
+
+class OpenIDConnectBaseConfig(OpenIDConnectConfigBase):
+    """
+    Base configuration for DigiD/eHerkenning authentication via OpenID Connect.
+    """
+
+    class Meta:
+        abstract = True
+
+    @classproperty
+    def oidcdb_check_idp_availability(cls) -> bool:
+        return True
diff --git a/digid_eherkenning/oidc/models/digid.py b/digid_eherkenning/oidc/models/digid.py
@@ -0,0 +1,83 @@
+from collections.abc import Collection
+
+from django.db import models
+from django.utils.translation import gettext_lazy as _
+
+from django_jsonform.models.fields import ArrayField
+from mozilla_django_oidc_db.typing import ClaimPath
+
+from .base import OpenIDConnectBaseConfig, get_default_scopes_bsn
+
+
+class DigiDConfig(OpenIDConnectBaseConfig):
+    """
+    Configuration for DigiD authentication via OpenID connect
+    """
+
+    identifier_claim_name = models.CharField(
+        _("BSN claim name"),
+        max_length=100,
+        help_text=_("The name of the claim in which the BSN of the user is stored"),
+        default="bsn",
+    )
+    oidc_rp_scopes_list = ArrayField(
+        verbose_name=_("OpenID Connect scopes"),
+        base_field=models.CharField(_("OpenID Connect scope"), max_length=50),
+        default=get_default_scopes_bsn,
+        blank=True,
+        help_text=_(
+            "OpenID Connect scopes that are requested during login. "
+            "These scopes are hardcoded and must be supported by the identity provider"
+        ),
+    )
+
+    class Meta:
+        verbose_name = _("OpenID Connect configuration for DigiD")
+
+    @property
+    def oidcdb_username_claim(self) -> list[str]:
+        return [self.identifier_claim_name]
+
+
+class DigiDMachtigenConfig(OpenIDConnectBaseConfig):
+    # TODO: support periods in claim keys
+    vertegenwoordigde_claim_name = models.CharField(
+        verbose_name=_("vertegenwoordigde claim name"),
+        default="aanvrager.bsn",
+        max_length=50,
+        help_text=_(
+            "Name of the claim in which the BSN of the person being represented is stored"
+        ),
+    )
+    gemachtigde_claim_name = models.CharField(
+        verbose_name=_("gemachtigde claim name"),
+        default="gemachtigde.bsn",
+        max_length=50,
+        help_text=_(
+            "Name of the claim in which the BSN of the person representing someone else is stored"
+        ),
+    )
+    oidc_rp_scopes_list = ArrayField(
+        verbose_name=_("OpenID Connect scopes"),
+        base_field=models.CharField(_("OpenID Connect scope"), max_length=50),
+        default=get_default_scopes_bsn,
+        blank=True,
+        help_text=_(
+            "OpenID Connect scopes that are requested during login. "
+            "These scopes are hardcoded and must be supported by the identity provider"
+        ),
+    )
+
+    class Meta:
+        verbose_name = _("OpenID Connect configuration for DigiD Machtigen")
+
+    @property
+    def digid_eherkenning_machtigen_claims(self) -> dict[str, ClaimPath]:
+        return {
+            "vertegenwoordigde": [self.vertegenwoordigde_claim_name],
+            "gemachtigde": [self.gemachtigde_claim_name],
+        }
+
+    @property
+    def oidcdb_sensitive_claims(self) -> Collection[ClaimPath]:
+        return list(self.digid_eherkenning_machtigen_claims.values())