🚩 [#4246] Put new callback endpoint behind feature flag

open-formulieren · May 13, 2024 · 59b5eb4 · 59b5eb4
1 parent 7f0ce3b
commit 59b5eb4
Show file tree

Hide file tree

Showing 4 changed files with 99 additions and 6 deletions.
diff --git a/src/digid_eherkenning_oidc_generics/models.py b/src/digid_eherkenning_oidc_generics/models.py
@@ -1,6 +1,9 @@
+import warnings
 from typing import ClassVar
 
+from django.conf import settings
 from django.db import models
+from django.utils.functional import classproperty
 from django.utils.translation import gettext_lazy as _
 
 from django_jsonform.models.fields import ArrayField
@@ -46,6 +49,12 @@ class OpenIDConnectBaseConfig(CachingMixin, OpenIDConnectConfigBase):
         blank=True,
     )
 
+    # FIXME: this url/namespace is not defined anywhere inside this package, it's
+    # currently specific to Open Forms.
+    # Probably best to tackle this when different configs are no longer applied through
+    # django-solo model subclassing.
+    oidc_authentication_callback_url: ClassVar[str] = "authentication:oidc-callback"
+
     class Meta:
         verbose_name = _("OpenID Connect configuration")
         abstract = True
@@ -74,11 +83,20 @@ class OpenIDConnectPublicConfig(OpenIDConnectBaseConfig):
     )
 
     custom_oidc_db_prefix: ClassVar[str] = "digid_oidc"
-    oidc_authentication_callback_url: ClassVar[str] = "digid_oidc:callback"
 
     class Meta:
         verbose_name = _("OpenID Connect configuration for DigiD")
 
+    @classproperty
+    def oidc_authentication_callback_url(cls) -> str:  # type: ignore
+        if settings.USE_LEGACY_DIGID_EH_OIDC_ENDPOINTS:
+            warnings.warn(
+                "Legacy DigiD-eHerkenning callback endpoints will be removed in 3.0",
+                DeprecationWarning,
+            )
+            return "digid_oidc:callback"
+        return super().oidc_authentication_callback_url
+
 
 class OpenIDConnectDigiDMachtigenConfig(OpenIDConnectBaseConfig):
     vertegenwoordigde_claim_name = models.CharField(
@@ -109,11 +127,20 @@ class OpenIDConnectDigiDMachtigenConfig(OpenIDConnectBaseConfig):
     )
 
     custom_oidc_db_prefix: ClassVar[str] = "digid_machtigen_oidc"
-    oidc_authentication_callback_url: ClassVar[str] = "digid_machtigen_oidc:callback"
 
     class Meta:
         verbose_name = _("OpenID Connect configuration for DigiD Machtigen")
 
+    @classproperty
+    def oidc_authentication_callback_url(cls) -> str:  # type: ignore
+        if settings.USE_LEGACY_DIGID_EH_OIDC_ENDPOINTS:
+            warnings.warn(
+                "Legacy DigiD-eHerkenning callback endpoints will be removed in 3.0",
+                DeprecationWarning,
+            )
+            return "digid_machtigen_oidc:callback"
+        return super().oidc_authentication_callback_url
+
 
 class OpenIDConnectEHerkenningConfig(OpenIDConnectBaseConfig):
     """
@@ -138,11 +165,20 @@ class OpenIDConnectEHerkenningConfig(OpenIDConnectBaseConfig):
     )
 
     custom_oidc_db_prefix: ClassVar[str] = "eherkenning_oidc"
-    oidc_authentication_callback_url: ClassVar[str] = "eherkenning_oidc:callback"
 
     class Meta:
         verbose_name = _("OpenID Connect configuration for eHerkenning")
 
+    @classproperty
+    def oidc_authentication_callback_url(cls) -> str:  # type: ignore
+        if settings.USE_LEGACY_DIGID_EH_OIDC_ENDPOINTS:
+            warnings.warn(
+                "Legacy DigiD-eHerkenning callback endpoints will be removed in 3.0",
+                DeprecationWarning,
+            )
+            return "eherkenning_oidc:callback"
+        return super().oidc_authentication_callback_url
+
 
 class OpenIDConnectEHerkenningBewindvoeringConfig(OpenIDConnectBaseConfig):
     vertegenwoordigde_company_claim_name = models.CharField(
@@ -173,9 +209,16 @@ class OpenIDConnectEHerkenningBewindvoeringConfig(OpenIDConnectBaseConfig):
     )
 
     custom_oidc_db_prefix: ClassVar[str] = "eherkenning_bewindvoering_oidc"
-    oidc_authentication_callback_url: ClassVar[str] = (
-        "eherkenning_bewindvoering_oidc:callback"
-    )
 
     class Meta:
         verbose_name = _("OpenID Connect configuration for eHerkenning Bewindvoering")
+
+    @classproperty
+    def oidc_authentication_callback_url(cls) -> str:  # type: ignore
+        if settings.USE_LEGACY_DIGID_EH_OIDC_ENDPOINTS:
+            warnings.warn(
+                "Legacy DigiD-eHerkenning callback endpoints will be removed in 3.0",
+                DeprecationWarning,
+            )
+            return "eherkenning_bewindvoering_oidc:callback"
+        return super().oidc_authentication_callback_url
diff --git a/src/digid_eherkenning_oidc_generics/tests/__init__.py b/src/digid_eherkenning_oidc_generics/tests/__init__.py
diff --git a/src/digid_eherkenning_oidc_generics/tests/test_callback_endpoints.py b/src/digid_eherkenning_oidc_generics/tests/test_callback_endpoints.py
@@ -0,0 +1,45 @@
+from django.test import SimpleTestCase, override_settings
+from django.urls import reverse
+
+from ..models import (
+    OpenIDConnectDigiDMachtigenConfig,
+    OpenIDConnectEHerkenningBewindvoeringConfig,
+    OpenIDConnectEHerkenningConfig,
+    OpenIDConnectPublicConfig,
+)
+
+
+class CallbackEndpointTests(SimpleTestCase):
+
+    @override_settings(USE_LEGACY_DIGID_EH_OIDC_ENDPOINTS=True)
+    def test_legacy_behaviour(self):
+        expected = (
+            (OpenIDConnectPublicConfig, "/digid-oidc/callback/"),
+            (OpenIDConnectEHerkenningConfig, "/eherkenning-oidc/callback/"),
+            (OpenIDConnectDigiDMachtigenConfig, "/digid-machtigen-oidc/callback/"),
+            (
+                OpenIDConnectEHerkenningBewindvoeringConfig,
+                "/eherkenning-bewindvoering-oidc/callback/",
+            ),
+        )
+
+        for config, expected_path in expected:
+            with self.subTest(config=config):
+                callback_path = reverse(config.oidc_authentication_callback_url)
+
+                self.assertEqual(callback_path, expected_path)
+
+    @override_settings(USE_LEGACY_DIGID_EH_OIDC_ENDPOINTS=False)
+    def test_new_behaviour(self):
+        expected = (
+            OpenIDConnectPublicConfig,
+            OpenIDConnectEHerkenningConfig,
+            OpenIDConnectDigiDMachtigenConfig,
+            OpenIDConnectEHerkenningBewindvoeringConfig,
+        )
+
+        for config in expected:
+            with self.subTest(config=config):
+                callback_path = reverse(config.oidc_authentication_callback_url)
+
+                self.assertEqual(callback_path, "/auth/oidc/callback/")
diff --git a/src/openforms/conf/base.py b/src/openforms/conf/base.py
@@ -624,6 +624,11 @@
     "LOG_OUTGOING_REQUESTS_MAX_AGE", default=7
 )  # number of days
 
+USE_LEGACY_DIGID_EH_OIDC_ENDPOINTS = config(
+    "USE_LEGACY_DIGID_EH_OIDC_ENDPOINTS",
+    default=True,
+)
+
 ##############################
 #                            #
 # 3RD PARTY LIBRARY SETTINGS #