Skip to content

Commit

Permalink
Merge pull request #71 from maykinmedia/feature/refactor-oidc-to-clai…
Browse files Browse the repository at this point in the history 
…mfield

Extend/refactor OIDC configuration for DigiD/eHerkenning
  • Loading branch information
@sergei-maertens
sergei-maertens authored Jun 13, 2024
2 parents 0f75dbd + 04242ab commit f6a6801
Show file tree
Hide file tree
Showing 8 changed files with 648 additions and 76 deletions.
33 changes: 23 additions & 10 deletions digid_eherkenning/oidc/admin.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,34 +90,47 @@ def fieldsets_factory(claim_mapping_fields: Sequence[str]):


@admin.register(DigiDConfig)
class OpenIDConnectConfigDigiDAdmin(SingletonModelAdmin):
class DigiDConfigAdmin(SingletonModelAdmin):
form = admin_modelform_factory(DigiDConfig)
fieldsets = fieldsets_factory(claim_mapping_fields=["identifier_claim_name"])
fieldsets = fieldsets_factory(claim_mapping_fields=["bsn_claim"])


@admin.register(EHerkenningConfig)
class OpenIDConnectConfigEHerkenningAdmin(SingletonModelAdmin):
class EHerkenningConfigAdmin(SingletonModelAdmin):
form = admin_modelform_factory(EHerkenningConfig)
fieldsets = fieldsets_factory(claim_mapping_fields=["identifier_claim_name"])
fieldsets = fieldsets_factory(
claim_mapping_fields=[
"identifier_type_claim",
"legal_subject_claim",
"branch_number_claim",
"acting_subject_claim",
]
)


@admin.register(DigiDMachtigenConfig)
class OpenIDConnectConfigDigiDMachtigenAdmin(SingletonModelAdmin):
class DigiDMachtigenConfigAdmin(SingletonModelAdmin):
form = admin_modelform_factory(DigiDMachtigenConfig)
fieldsets = fieldsets_factory(
claim_mapping_fields=[
"vertegenwoordigde_claim_name",
"gemachtigde_claim_name",
"representee_bsn_claim",
"authorizee_bsn_claim",
"mandate_service_id_claim",
]
)


@admin.register(EHerkenningBewindvoeringConfig)
class OpenIDConnectConfigEHerkenningBewindvoeringAdmin(SingletonModelAdmin):
class EHerkenningBewindvoeringConfigAdmin(SingletonModelAdmin):
form = admin_modelform_factory(EHerkenningBewindvoeringConfig)
fieldsets = fieldsets_factory(
claim_mapping_fields=[
"vertegenwoordigde_company_claim_name",
"gemachtigde_person_claim_name",
"representee_claim",
"identifier_type_claim",
"legal_subject_claim",
"branch_number_claim",
"acting_subject_claim",
"mandate_service_id_claim",
"mandate_service_uuid_claim",
]
)
258 changes: 258 additions & 0 deletions digid_eherkenning/oidc/migrations/0004_migrate_config_to_claimfield.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,258 @@
# Generated by Django 4.2.13 on 2024-06-11 13:43

from typing import Any, Callable

from django.conf import settings
from django.core.cache import caches
from django.db import migrations, models, transaction

import mozilla_django_oidc_db.fields


def flush_cache():
cache_name = getattr(settings, "SOLO_CACHE", None)
if not cache_name:
return
caches[cache_name].clear()


def operation_factory(model: str, mappings: dict[str, str]) -> migrations.RunPython:

def _action_factory(transformer: Callable[[Any], None]):
def _run_python_action(apps, _) -> None:
ConfigModel = apps.get_model("digid_eherkenning_oidc_generics", model)

# Solo model, so there's only ever one instance
config = ConfigModel.objects.first()
if config is None:
return

transformer(config)

config.save()
transaction.on_commit(flush_cache)

return _run_python_action

@_action_factory
def forward(instance) -> None:
for old, new in mappings.items():
new_value = getattr(instance, old).split(".")
setattr(instance, new, new_value)

@_action_factory
def reverse(instance) -> None:
for old, new in mappings.items():
old_value = ".".join(getattr(instance, new))
setattr(instance, old, old_value)

return migrations.RunPython(forward, reverse)


class Migration(migrations.Migration):

dependencies = [
(
"digid_eherkenning_oidc_generics",
"0003_rename_openidconnectpublicconfig_digidconfig_and_more",
),
]

operations = [
migrations.AddField(
model_name="digidconfig",
name="bsn_claim",
field=mozilla_django_oidc_db.fields.ClaimField(
base_field=models.CharField(
max_length=50, verbose_name="claim path segment"
),
default=mozilla_django_oidc_db.fields.ClaimFieldDefault("bsn"),
help_text="Name of the claim holding the authenticated user's BSN.",
size=None,
verbose_name="bsn claim",
),
),
migrations.AddField(
model_name="digidmachtigenconfig",
name="authorizee_bsn_claim",
field=mozilla_django_oidc_db.fields.ClaimField(
base_field=models.CharField(
max_length=50, verbose_name="claim path segment"
),
default=mozilla_django_oidc_db.fields.ClaimFieldDefault(
"urn:nl-eid-gdi:1.0:ActingSubjectID"
),
help_text="Name of the claim holding the BSN of the authorized user.",
size=None,
verbose_name="authorizee bsn claim",
),
),
migrations.AddField(
model_name="digidmachtigenconfig",
name="representee_bsn_claim",
field=mozilla_django_oidc_db.fields.ClaimField(
base_field=models.CharField(
max_length=50, verbose_name="claim path segment"
),
default=mozilla_django_oidc_db.fields.ClaimFieldDefault(
"urn:nl-eid-gdi:1.0:LegalSubjectID"
),
help_text="Name of the claim holding the BSN of the represented user.",
size=None,
verbose_name="representee bsn claim",
),
),
migrations.AddField(
model_name="eherkenningbewindvoeringconfig",
name="identifier_type_claim",
field=mozilla_django_oidc_db.fields.ClaimField(
base_field=models.CharField(
max_length=50, verbose_name="claim path segment"
),
default=mozilla_django_oidc_db.fields.ClaimFieldDefault(
"namequalifier"
),
help_text="Claim that specifies how the legal subject claim must be interpreted. The expected claim value is one of: 'urn:etoegang:1.9:EntityConcernedID:KvKnr' or 'urn:etoegang:1.9:EntityConcernedID:RSIN'.",
size=None,
verbose_name="identifier type claim",
),
),
migrations.AddField(
model_name="eherkenningbewindvoeringconfig",
name="legal_subject_claim",
field=mozilla_django_oidc_db.fields.ClaimField(
base_field=models.CharField(
max_length=50, verbose_name="claim path segment"
),
default=mozilla_django_oidc_db.fields.ClaimFieldDefault(
"urn:etoegang:core:LegalSubjectID"
),
help_text="Name of the claim holding the identifier of the authenticated company.",
size=None,
verbose_name="company identifier claim",
),
),
migrations.AddField(
model_name="eherkenningbewindvoeringconfig",
name="representee_claim",
field=mozilla_django_oidc_db.fields.ClaimField(
base_field=models.CharField(
max_length=50, verbose_name="claim path segment"
),
default=mozilla_django_oidc_db.fields.ClaimFieldDefault("sel_uid"),
help_text="Name of the claim holding the BSN of the represented person.",
size=None,
verbose_name="representee identifier claim",
),
),
migrations.AddField(
model_name="eherkenningconfig",
name="identifier_type_claim",
field=mozilla_django_oidc_db.fields.ClaimField(
base_field=models.CharField(
max_length=50, verbose_name="claim path segment"
),
default=mozilla_django_oidc_db.fields.ClaimFieldDefault(
"namequalifier"
),
help_text="Claim that specifies how the legal subject claim must be interpreted. The expected claim value is one of: 'urn:etoegang:1.9:EntityConcernedID:KvKnr' or 'urn:etoegang:1.9:EntityConcernedID:RSIN'.",
size=None,
verbose_name="identifier type claim",
),
),
migrations.AddField(
model_name="eherkenningconfig",
name="legal_subject_claim",
field=mozilla_django_oidc_db.fields.ClaimField(
base_field=models.CharField(
max_length=50, verbose_name="claim path segment"
),
default=mozilla_django_oidc_db.fields.ClaimFieldDefault(
"urn:etoegang:core:LegalSubjectID"
),
help_text="Name of the claim holding the identifier of the authenticated company.",
size=None,
verbose_name="company identifier claim",
),
),
migrations.AddField(
model_name="eherkenningbewindvoeringconfig",
name="acting_subject_claim",
field=mozilla_django_oidc_db.fields.ClaimField(
base_field=models.CharField(
max_length=50, verbose_name="claim path segment"
),
default=mozilla_django_oidc_db.fields.ClaimFieldDefault(
"urn:etoegang:core:ActingSubjectID"
),
help_text="Name of the claim holding the (opaque) identifier of the user representing the authenticated company..",
size=None,
verbose_name="acting subject identifier claim",
),
),
migrations.AddField(
model_name="eherkenningconfig",
name="acting_subject_claim",
field=mozilla_django_oidc_db.fields.ClaimField(
base_field=models.CharField(
max_length=50, verbose_name="claim path segment"
),
default=mozilla_django_oidc_db.fields.ClaimFieldDefault(
"urn:etoegang:core:ActingSubjectID"
),
help_text="Name of the claim holding the (opaque) identifier of the user representing the authenticated company..",
size=None,
verbose_name="acting subject identifier claim",
),
),
operation_factory(
"DigiDConfig",
mappings={
"identifier_claim_name": "bsn_claim",
},
),
operation_factory(
"DigiDMachtigenConfig",
mappings={
"vertegenwoordigde_claim_name": "representee_bsn_claim",
"gemachtigde_claim_name": "authorizee_bsn_claim",
},
),
operation_factory(
"EHerkenningConfig",
mappings={
"identifier_claim_name": "legal_subject_claim",
},
),
operation_factory(
"EHerkenningBewindvoeringConfig",
mappings={
"vertegenwoordigde_company_claim_name": "representee_claim",
"gemachtigde_person_claim_name": "acting_subject_claim",
},
),
migrations.RemoveField(
model_name="digidconfig",
name="identifier_claim_name",
),
migrations.RemoveField(
model_name="digidmachtigenconfig",
name="gemachtigde_claim_name",
),
migrations.RemoveField(
model_name="digidmachtigenconfig",
name="vertegenwoordigde_claim_name",
),
migrations.RemoveField(
model_name="eherkenningbewindvoeringconfig",
name="gemachtigde_person_claim_name",
),
migrations.RemoveField(
model_name="eherkenningbewindvoeringconfig",
name="vertegenwoordigde_company_claim_name",
),
migrations.RemoveField(
model_name="eherkenningconfig",
name="identifier_claim_name",
),
]
Loading

0 comments on commit f6a6801

Please sign in to comment.