diff --git a/docs/setup_configuration.rst b/docs/setup_configuration.rst index 4506714..c472ff0 100644 --- a/docs/setup_configuration.rst +++ b/docs/setup_configuration.rst @@ -26,8 +26,8 @@ put the ``AdminOIDCConfigurationStep`` in your django-setup-configuration steps: ... ] -Configuration Settings YAML: -============================ +Setup Configuration Settings: +============================= The setup configuration source must contain the following base keys to use this setup configuration step (using ``yaml`` as an example): @@ -79,8 +79,15 @@ Providing both will cause the validation to fail. Optional Fields: """""""""""""""" + +.. warning:: + + The default values are always provided and will overwrite any settings changed in the admin. + Make sure updated settings are added to the configuration yaml. + All the following keys are placed in the ``oidc_db_config_admin_auth`` dictionary. +* ``enabled``: whether OIDC is enabled for admin login. Defaults to ``True``. * ``oidc_op_jwks_endpoint``: URL of your OpenID Connect provider JSON Web Key Set endpoint. Required if ``RS256`` is used as signing algorithm. No default value. * ``claim_mapping``: Mapping from user-model fields to OIDC claims. diff --git a/mozilla_django_oidc_db/forms.py b/mozilla_django_oidc_db/forms.py index 5ae7c1a..f1e8ef0 100644 --- a/mozilla_django_oidc_db/forms.py +++ b/mozilla_django_oidc_db/forms.py @@ -72,17 +72,3 @@ def clean(self): self.add_error(field, _("This field is required.")) return cleaned_data - - -class OIDCSetupConfigForm(OpenIDConnectConfigForm): - def __init__(self, *args, **kwargs): - super().__init__(*args, **kwargs) - - if self.fields: - self.fields["oidc_rp_sign_algo"].required = False - self.fields["oidc_nonce_size"].required = False - self.fields["oidc_state_size"].required = False - self.fields["userinfo_claims_source"].required = False - self.fields["username_claim"].required = False - self.fields["claim_mapping"].required = False - self.fields["sync_groups_glob_pattern"].required = False diff --git a/mozilla_django_oidc_db/setup_configuration/models.py b/mozilla_django_oidc_db/setup_configuration/models.py index 6b55167..8e4b637 100644 --- a/mozilla_django_oidc_db/setup_configuration/models.py +++ b/mozilla_django_oidc_db/setup_configuration/models.py @@ -48,6 +48,9 @@ def get_endpoint_endpoint_model(endpoint_data): class AdminOIDCConfigurationModel(ConfigurationModel): + # Change default to True + enabled: bool | None = DjangoModelRef(OpenIDConnectConfig, "enabled", default=True) + # Json claim_mapping: Optional[dict] = DjangoModelRef(OpenIDConnectConfig, "claim_mapping") diff --git a/mozilla_django_oidc_db/setup_configuration/steps.py b/mozilla_django_oidc_db/setup_configuration/steps.py index 2a29942..0a0f5fe 100644 --- a/mozilla_django_oidc_db/setup_configuration/steps.py +++ b/mozilla_django_oidc_db/setup_configuration/steps.py @@ -1,7 +1,7 @@ from django_setup_configuration.configuration import BaseConfigurationStep from django_setup_configuration.exceptions import ConfigurationRunFailed -from mozilla_django_oidc_db.forms import OIDCSetupConfigForm +from mozilla_django_oidc_db.forms import OpenIDConnectConfigForm from mozilla_django_oidc_db.models import OpenIDConnectConfig from mozilla_django_oidc_db.setup_configuration.models import ( AdminOIDCConfigurationModel, @@ -23,25 +23,16 @@ def execute(self, model: AdminOIDCConfigurationModel) -> None: config = OpenIDConnectConfig.get_solo() - base_model_data = model.model_dump() - endpoint_config_data = base_model_data.pop("endpoint_config") - - all_settings = { - "sync_groups": config.sync_groups, - "oidc_use_nonce": config.oidc_use_nonce, - "enabled": True, - "claim_mapping": config.claim_mapping, # JSONFormField widget cannot handle blank values with object schema - "sync_groups_glob_pattern": config.sync_groups_glob_pattern, - **base_model_data, - **endpoint_config_data, - } + all_settings = model.model_dump() + endpoint_config_data = all_settings.pop("endpoint_config") + all_settings.update(endpoint_config_data) if groups := all_settings.get("default_groups"): all_settings["default_groups"] = create_missing_groups( groups, all_settings["sync_groups_glob_pattern"] ) - form = OIDCSetupConfigForm( + form = OpenIDConnectConfigForm( instance=config, data=all_settings, ) diff --git a/pyproject.toml b/pyproject.toml index 0e31c15..9b5ff94 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -44,7 +44,7 @@ Changelog = "https://github.com/maykinmedia/mozilla-django-oidc-db/blob/master/C [project.optional-dependencies] setupconfig = [ - "django-setup-configuration@git+https://github.com/maykinmedia/django-setup-configuration.git@c3cb480223d23d1220bd4aca0c57eb07aacaf637", + "django-setup-configuration>=0.4.0", ] tests = [ "psycopg2", diff --git a/tests/setupconfig/files/full_setup.yml b/tests/setupconfig/files/full_setup.yml index cf06ee3..0a4a63f 100644 --- a/tests/setupconfig/files/full_setup.yml +++ b/tests/setupconfig/files/full_setup.yml @@ -1,5 +1,6 @@ oidc_db_config_enable: True oidc_db_config_admin_auth: + enabled: False oidc_rp_client_id: client-id oidc_rp_client_secret: secret oidc_rp_scopes_list: diff --git a/tests/setupconfig/test_steps.py b/tests/setupconfig/test_steps.py index ced6803..8339501 100644 --- a/tests/setupconfig/test_steps.py +++ b/tests/setupconfig/test_steps.py @@ -28,7 +28,7 @@ def test_configure(setup_config_full_model): config = OpenIDConnectConfig.get_solo() - assert config.enabled + assert not config.enabled assert config.oidc_rp_client_id == "client-id" assert config.oidc_rp_client_secret == "secret" assert config.oidc_rp_scopes_list == ["open_id", "email", "profile", "extra_scope"]