mirror of
				https://gitlab.crans.org/bde/nk20
				synced 2025-10-24 22:03:06 +02:00 
			
		
		
		
	Compare commits
	
		
			1 Commits
		
	
	
		
			3ec9e7811d
			...
			c28dfdc15d
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|  | c28dfdc15d | 
| @@ -1,6 +1,5 @@ | |||||||
| # Copyright (C) 2018-2025 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2025 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from oauth2_provider.oauth2_validators import OAuth2Validator | from oauth2_provider.oauth2_validators import OAuth2Validator | ||||||
| from oauth2_provider.scopes import BaseScopes | from oauth2_provider.scopes import BaseScopes | ||||||
| from member.models import Club | from member.models import Club | ||||||
| @@ -19,27 +18,21 @@ class PermissionScopes(BaseScopes): | |||||||
|     """ |     """ | ||||||
|  |  | ||||||
|     def get_all_scopes(self): |     def get_all_scopes(self): | ||||||
|         scopes = {f"{p.id}_{club.id}": f"{p.description} (club {club.name})" |         return {f"{p.id}_{club.id}": f"{p.description} (club {club.name})" | ||||||
|                 for p in Permission.objects.all() for club in Club.objects.all()} |                 for p in Permission.objects.all() for club in Club.objects.all()} | ||||||
|         scopes['openid'] = "OpenID Connect" |  | ||||||
|         return scopes |  | ||||||
|  |  | ||||||
|     def get_available_scopes(self, application=None, request=None, *args, **kwargs): |     def get_available_scopes(self, application=None, request=None, *args, **kwargs): | ||||||
|         if not application: |         if not application: | ||||||
|             return [] |             return [] | ||||||
|         scopes = [f"{p.id}_{p.membership.club.id}" |         return [f"{p.id}_{p.membership.club.id}" | ||||||
|                 for t in Permission.PERMISSION_TYPES |                 for t in Permission.PERMISSION_TYPES | ||||||
|                 for p in PermissionBackend.get_raw_permissions(get_current_request(), t[0])] |                 for p in PermissionBackend.get_raw_permissions(get_current_request(), t[0])] | ||||||
|         scopes.append('openid') |  | ||||||
|         return scopes |  | ||||||
|  |  | ||||||
|     def get_default_scopes(self, application=None, request=None, *args, **kwargs): |     def get_default_scopes(self, application=None, request=None, *args, **kwargs): | ||||||
|         if not application: |         if not application: | ||||||
|             return [] |             return [] | ||||||
|         scopes = [f"{p.id}_{p.membership.club.id}" |         return [f"{p.id}_{p.membership.club.id}" | ||||||
|                 for p in PermissionBackend.get_raw_permissions(get_current_request(), 'view')] |                 for p in PermissionBackend.get_raw_permissions(get_current_request(), 'view')] | ||||||
|         scopes.append('openid') |  | ||||||
|         return scopes |  | ||||||
|  |  | ||||||
|  |  | ||||||
| class PermissionOAuth2Validator(OAuth2Validator): | class PermissionOAuth2Validator(OAuth2Validator): | ||||||
| @@ -56,10 +49,6 @@ class PermissionOAuth2Validator(OAuth2Validator): | |||||||
|             "email": request.user.email, |             "email": request.user.email, | ||||||
|         } |         } | ||||||
|  |  | ||||||
|     def get_discovery_claims(self, request): |  | ||||||
|         claims = super().get_discovery_claims(self) |  | ||||||
|         return claims + ["name", "normalized_name", "email"] |  | ||||||
|  |  | ||||||
|     def validate_scopes(self, client_id, scopes, client, request, *args, **kwargs): |     def validate_scopes(self, client_id, scopes, client, request, *args, **kwargs): | ||||||
|         """ |         """ | ||||||
|         User can request as many scope as he wants, including invalid scopes, |         User can request as many scope as he wants, including invalid scopes, | ||||||
| @@ -77,8 +66,6 @@ class PermissionOAuth2Validator(OAuth2Validator): | |||||||
|                 if scope in scopes: |                 if scope in scopes: | ||||||
|                     valid_scopes.add(scope) |                     valid_scopes.add(scope) | ||||||
|  |  | ||||||
|         if 'openid' in scopes: |  | ||||||
|             valid_scopes.add('openid') |  | ||||||
|  |  | ||||||
|         request.scopes = valid_scopes |         request.scopes = valid_scopes | ||||||
|  |  | ||||||
|         return valid_scopes |         return valid_scopes | ||||||
|   | |||||||
| @@ -19,7 +19,6 @@ EXCLUDED = [ | |||||||
|     'oauth2_provider.accesstoken', |     'oauth2_provider.accesstoken', | ||||||
|     'oauth2_provider.grant', |     'oauth2_provider.grant', | ||||||
|     'oauth2_provider.refreshtoken', |     'oauth2_provider.refreshtoken', | ||||||
|     'oauth2_provider.idtoken', |  | ||||||
|     'sessions.session', |     'sessions.session', | ||||||
| ] | ] | ||||||
|  |  | ||||||
|   | |||||||
| @@ -171,7 +171,7 @@ class ScopesView(LoginRequiredMixin, TemplateView): | |||||||
|             available_scopes = scopes.get_available_scopes(app) |             available_scopes = scopes.get_available_scopes(app) | ||||||
|             context["scopes"][app] = OrderedDict() |             context["scopes"][app] = OrderedDict() | ||||||
|             items = [(k, v) for (k, v) in all_scopes.items() if k in available_scopes] |             items = [(k, v) for (k, v) in all_scopes.items() if k in available_scopes] | ||||||
|             # items.sort(key=lambda x: (int(x[0].split("_")[1]), int(x[0].split("_")[0]))) |             items.sort(key=lambda x: (int(x[0].split("_")[1]), int(x[0].split("_")[0]))) | ||||||
|             for k, v in items: |             for k, v in items: | ||||||
|                 context["scopes"][app][k] = v |                 context["scopes"][app][k] = v | ||||||
|  |  | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user