🚧 [#1471] Changes after testing on DH keycloak

open-formulieren · Apr 26, 2022 · 005314c · 005314c
1 parent 8a97ea7
commit 005314c
Show file tree

Hide file tree

Showing 5 changed files with 52 additions and 27 deletions.
diff --git a/src/digid_eherkenning_oidc_generics/admin.py b/src/digid_eherkenning_oidc_generics/admin.py
@@ -139,7 +139,6 @@ class OpenIDConnectConfigEHerkenningBewindvoeringAdmin(
             {
                 "fields": (
                     "vertegenwoordigde_company_claim_name",
-                    "vertegenwoordigde_person_claim_name",
                     "gemachtigde_person_claim_name",
                 )
             },

diff --git a/...dconnecteherkenningbewindvoeringconfig.py → ...ics/migrations/0005_auto_20220426_1552.py b/...dconnecteherkenningbewindvoeringconfig.py → ...ics/migrations/0005_auto_20220426_1552.py
@@ -1,4 +1,4 @@
-# Generated by Django 3.2.13 on 2022-04-13 08:42
+# Generated by Django 3.2.13 on 2022-04-26 13:52
 
 import digid_eherkenning_oidc_generics.models
 from django.db import migrations, models
@@ -9,7 +9,7 @@
 class Migration(migrations.Migration):
 
     dependencies = [
-        ("digid_eherkenning_oidc_generics", "0002_openidconnectdigidmachtigenconfig"),
+        ("digid_eherkenning_oidc_generics", "0004_auto_20220425_1801"),
     ]
 
     operations = [
@@ -109,6 +109,43 @@ class Migration(migrations.Migration):
                         verbose_name="Sign key",
                     ),
                 ),
+                (
+                    "oidc_use_nonce",
+                    models.BooleanField(
+                        default=True,
+                        help_text="Controls whether the OpenID Connect client uses nonce verification",
+                        verbose_name="Use nonce",
+                    ),
+                ),
+                (
+                    "oidc_nonce_size",
+                    models.PositiveIntegerField(
+                        default=32,
+                        help_text="Sets the length of the random string used for OpenID Connect nonce verification",
+                        verbose_name="Nonce size",
+                    ),
+                ),
+                (
+                    "oidc_state_size",
+                    models.PositiveIntegerField(
+                        default=32,
+                        help_text="Sets the length of the random string used for OpenID Connect state verification",
+                        verbose_name="State size",
+                    ),
+                ),
+                (
+                    "oidc_exempt_urls",
+                    django_better_admin_arrayfield.models.fields.ArrayField(
+                        base_field=models.CharField(
+                            max_length=1000, verbose_name="Exempt URL"
+                        ),
+                        blank=True,
+                        default=list,
+                        help_text="This is a list of absolute url paths, regular expressions for url paths, or Django view names. This plus the mozilla-django-oidc urls are exempted from the session renewal by the SessionRefresh middleware.",
+                        size=None,
+                        verbose_name="URLs exempt from session renewal",
+                    ),
+                ),
                 (
                     "oidc_op_logout_endpoint",
                     models.URLField(
@@ -133,16 +170,7 @@ class Migration(migrations.Migration):
                         default="aanvrager.kvk",
                         help_text="Name of the claim in which the KVK of the company being represented is stored",
                         max_length=50,
-                        verbose_name="vertegenwoordigde claim name",
-                    ),
-                ),
-                (
-                    "vertegenwoordigde_person_claim_name",
-                    models.CharField(
-                        default="aanvrager.pseudoID",
-                        help_text="Name of the claim in which the ID of the person being represented is stored",
-                        max_length=50,
-                        verbose_name="vertegenwoordigde claim name",
+                        verbose_name="vertegenwoordigde company claim name",
                     ),
                 ),
                 (
@@ -151,7 +179,7 @@ class Migration(migrations.Migration):
                         default="gemachtigde.pseudoID",
                         help_text="Name of the claim in which the ID of the person representing a company is stored",
                         max_length=50,
-                        verbose_name="gemachtigde claim name",
+                        verbose_name="gemachtigde person claim name",
                     ),
                 ),
                 (

diff --git a/src/digid_eherkenning_oidc_generics/mixins.py b/src/digid_eherkenning_oidc_generics/mixins.py
@@ -1,6 +1,11 @@
 from mozilla_django_oidc_db.mixins import SoloConfigMixin as _SoloConfigMixin
 
-from . import digid_machtigen_settings, digid_settings, eherkenning_settings, eherkenning_bewindvoering_settings
+from . import (
+    digid_machtigen_settings,
+    digid_settings,
+    eherkenning_bewindvoering_settings,
+    eherkenning_settings,
+)
 from .models import (
     OpenIDConnectDigiDMachtigenConfig,
     OpenIDConnectEHerkenningBewindvoeringConfig,

diff --git a/src/digid_eherkenning_oidc_generics/models.py b/src/digid_eherkenning_oidc_generics/models.py
@@ -9,7 +9,9 @@
 
 from .digid_machtigen_settings import DIGID_MACHTIGEN_CUSTOM_OIDC_DB_PREFIX
 from .digid_settings import DIGID_CUSTOM_OIDC_DB_PREFIX
-from .eherkenning_bewindvoering import EHERKENNING_BEWINDVOERING_CUSTOM_OIDC_DB_PREFIX
+from .eherkenning_bewindvoering_settings import (
+    EHERKENNING_BEWINDVOERING_CUSTOM_OIDC_DB_PREFIX,
+)
 from .eherkenning_settings import EHERKENNING_CUSTOM_OIDC_DB_PREFIX
 
 
@@ -153,23 +155,15 @@ class Meta:
 
 class OpenIDConnectEHerkenningBewindvoeringConfig(OpenIDConnectBaseConfig):
     vertegenwoordigde_company_claim_name = models.CharField(
-        verbose_name=_("vertegenwoordigde claim name"),
+        verbose_name=_("vertegenwoordigde company claim name"),
         default="aanvrager.kvk",
         max_length=50,
         help_text=_(
             "Name of the claim in which the KVK of the company being represented is stored"
         ),
     )
-    vertegenwoordigde_person_claim_name = models.CharField(
-        verbose_name=_("vertegenwoordigde claim name"),
-        default="aanvrager.pseudoID",
-        max_length=50,
-        help_text=_(
-            "Name of the claim in which the ID of the person being represented is stored"
-        ),
-    )
     gemachtigde_person_claim_name = models.CharField(
-        verbose_name=_("gemachtigde claim name"),
+        verbose_name=_("gemachtigde person claim name"),
         default="gemachtigde.pseudoID",
         max_length=50,
         help_text=_(

diff --git a/src/openforms/authentication/contrib/digid_eherkenning_oidc/backends.py b/src/openforms/authentication/contrib/digid_eherkenning_oidc/backends.py
@@ -128,7 +128,6 @@ def get_or_create_user(self, access_token, id_token, payload):
     def claim_names(self):
         return [
             self.config.vertegenwoordigde_company_claim_name,
-            self.config.vertegenwoordigde_person_claim_name,
             self.config.gemachtigde_person_claim_name,
         ]