Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DRAFT] ✨ Implement necessary attributes for DigiD machtigen #1009

Closed
wants to merge 21 commits into from
Closed

[DRAFT] ✨ Implement necessary attributes for DigiD machtigen #1009

wants to merge 21 commits into from

Conversation

stevenbal
Copy link
Contributor

@stevenbal stevenbal commented Nov 30, 2021
edited
Loading

On hold until refactor that introduces SubmissionAuth is done (most likely in not until 2022)

TODO:

  • Also implement for eHerkenning
  • Add tests

@stevenbal stevenbal changed the title ✨ Implement necessary attributes for DigiD machtigen [DRAFT] ✨ Implement necessary attributes for DigiD machtigen Nov 30, 2021
@stevenbal stevenbal marked this pull request as draft November 30, 2021 14:23
@stevenbal stevenbal force-pushed the feature/digid-machtigen branch from b0c2e18 to ecc2d3b Compare November 30, 2021 14:29
@codecov-commenter
Copy link

codecov-commenter commented Nov 30, 2021
edited
Loading

Codecov Report

Merging #1009 (ecc2d3b) into feature/oidc-for-citizens (8a8c4eb) will decrease coverage by 0.08%.
The diff coverage is 46.66%.

Impacted file tree graph

@@                      Coverage Diff                      @@
##           feature/oidc-for-citizens    #1009      +/-   ##
=============================================================
- Coverage                      88.60%   88.52%   -0.09%     
=============================================================
  Files                            404      404              
  Lines                          11027    11007      -20     
  Branches                         991      991              
=============================================================
- Hits                            9771     9744      -27     
- Misses                          1052     1058       +6     
- Partials                         204      205       +1
Impacted Files Coverage Δ
...enforms/authentication/contrib/digid_oidc/admin.py 100.00% <ø> (ø)
...orms/authentication/contrib/digid_oidc/backends.py 48.71% <0.00%> (-4.06%) ⬇️
src/openforms/submissions/api/viewsets.py 95.03% <42.85%> (-2.75%) ⬇️
src/openforms/authentication/constants.py 100.00% <100.00%> (ø)
...nforms/authentication/contrib/digid_oidc/models.py 85.29% <100.00%> (+0.44%) ⬆️
src/openforms/submissions/models.py 95.88% <100.00%> (+0.01%) ⬆️
src/openforms/forms/api/serializers.py 92.96% <0.00%> (-0.17%) ⬇️
...issions/tests/form_logic/test_modify_components.py 100.00% <0.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8a8c4eb...ecc2d3b. Read the comment docs.

@sergei-maertens
Copy link
Member

Please park this entire PR until #957 and #977 are done, we are changing the authentication implementation details.

Note also the final remarks in this comment:

To do later, refactor and decoupling auth module:

  • Create model SubmissionAuth with fields plugin_id, attribute and value.
    This is a generic model suitable for all authentication backends, and should be
    part of the base auth plugin.
  • Store the ID of the SubmissionAuth record in the form_auth session key.
  • On submission start, correlated the session["form_auth"] to the submission record
    (OneToOneField).

Effectively, this should make it possible to store implementation details and functionality with the plugin rather than requiring the Submission model to gain extra fields.

@stevenbal
✨ Add auth plugin for DigiD login via OIDC
26bed2b 
issue: #565
@stevenbal
✨ Add auth plugin for eHerkenning login via OIDC
0730c7d 
issue #565
@stevenbal
✨ Allow disabling of auth plugins
5df408e
@stevenbal
✅ Add tests for DigiD/eHerkenning OIDC auth plugins
87159e2
@stevenbal
♻️ Configurable kvk/bsn claim name for digid/eherkenning OIDC
fc6a4e2
@stevenbal
🍱 Add OIDC configs for DigiD/eHerkenning to admin index
764bbd8
@stevenbal
🐛 Workaround for migration dependencies in OAS generation
311074a
@stevenbal
✨ Implement logout for DigiD/eHerkenning via OIDC
5cfb277
@stevenbal
✅ Fix tests for form oidc auth backend in admin
24cafd5
@stevenbal
✨ Add validator for DigiD/eHerkenning disabling via admin
4239d17 
to ensure that these auth backends cannot be disabled if they are used for any Forms
@stevenbal
✅ Add tests for disabling eHerkenning/DigiD OIDC via admin
decca68
@stevenbal
♻️ Remove duplicated code in OIDC admin forms
e3a805e 
since this code is now part of mozilla-django-oidc-db
@stevenbal
👌 PR feedback
989c006
@stevenbal
📝 Add documentation for DigiD/eHerkenning via OIDC
8e35dc9
@stevenbal
✨ Add oidc_redirect_allowed_hosts option to OIDC configuration
d57d608
@stevenbal
✅ Add tests for allowed/disallowed OIDC redirect domains
dca8e84
@stevenbal
✨ Add support in OIDC config for Keycloak IdP hint
aa72252 
this is a Keycloak specific feature, that allows OIDC for eHerkenning/DigiD to be configured in
such a way that the parameter `kc_idp_hint` is passed to Keycloak when starting the
authentication process, allowing Keycloak to automatically forward the user to the intended
identity provider (without showing the generic Keycloak login screen/options)
@stevenbal
✅ Add tests for OIDC keycloak identity provider hint
7005fa9
@stevenbal
💄 Shorten OIDC login button labels
8953b3a 
removed the `via OpenID Connect` part, since this information is not useful for end users
@stevenbal
⬆️ Bump mozilla-django-oidc-db to 0.7.1
0669192
@stevenbal stevenbal force-pushed the feature/oidc-for-citizens branch from 8a8c4eb to 0669192 Compare December 6, 2021 14:36
@stevenbal stevenbal force-pushed the feature/digid-machtigen branch from ecc2d3b to 5a80cb7 Compare December 6, 2021 15:35
@stevenbal stevenbal force-pushed the feature/oidc-for-citizens branch 2 times, most recently from b25cd29 to b9e5283 Compare December 14, 2021 12:04
@stevenbal stevenbal force-pushed the feature/oidc-for-citizens branch 3 times, most recently from 424681b to 41dd89f Compare December 20, 2021 13:57
@stevenbal stevenbal force-pushed the feature/oidc-for-citizens branch from 41dd89f to b650007 Compare January 3, 2022 14:14
@stevenbal stevenbal force-pushed the feature/oidc-for-citizens branch 6 times, most recently from a78c9eb to aab0350 Compare January 18, 2022 07:58
@stevenbal stevenbal force-pushed the feature/oidc-for-citizens branch from aab0350 to 4af6662 Compare January 24, 2022 10:39
@stevenbal stevenbal force-pushed the feature/oidc-for-citizens branch 2 times, most recently from 3fb0eac to f73dbe2 Compare February 7, 2022 10:42
@stevenbal stevenbal force-pushed the feature/oidc-for-citizens branch from f1d9a78 to 5d385e1 Compare February 14, 2022 11:57
@stevenbal stevenbal force-pushed the feature/oidc-for-citizens branch 7 times, most recently from 1a0c9d5 to e9069c1 Compare March 4, 2022 15:22
@stevenbal stevenbal force-pushed the feature/oidc-for-citizens branch 4 times, most recently from d5c2b00 to ff227ee Compare March 14, 2022 10:09
Base automatically changed from feature/oidc-for-citizens to master March 14, 2022 10:45
@stevenbal
Copy link
Contributor Author

closed in favor of #1485

@stevenbal stevenbal closed this May 10, 2022
@stevenbal stevenbal deleted the feature/digid-machtigen branch May 10, 2022 11:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@stevenbal @codecov-commenter @sergei-maertens