diff --git a/src/digid_eherkenning_oidc_generics/admin.py b/src/digid_eherkenning_oidc_generics/admin.py index 1a504dbaa5..c44c462604 100644 --- a/src/digid_eherkenning_oidc_generics/admin.py +++ b/src/digid_eherkenning_oidc_generics/admin.py @@ -139,7 +139,6 @@ class OpenIDConnectConfigEHerkenningBewindvoeringAdmin( { "fields": ( "vertegenwoordigde_company_claim_name", - "vertegenwoordigde_person_claim_name", "gemachtigde_person_claim_name", ) }, diff --git a/src/digid_eherkenning_oidc_generics/migrations/0003_openidconnecteherkenningbewindvoeringconfig.py b/src/digid_eherkenning_oidc_generics/migrations/0005_auto_20220426_1552.py similarity index 77% rename from src/digid_eherkenning_oidc_generics/migrations/0003_openidconnecteherkenningbewindvoeringconfig.py rename to src/digid_eherkenning_oidc_generics/migrations/0005_auto_20220426_1552.py index ce4007a683..17bc9aa531 100644 --- a/src/digid_eherkenning_oidc_generics/migrations/0003_openidconnecteherkenningbewindvoeringconfig.py +++ b/src/digid_eherkenning_oidc_generics/migrations/0005_auto_20220426_1552.py @@ -1,4 +1,4 @@ -# Generated by Django 3.2.13 on 2022-04-13 08:42 +# Generated by Django 3.2.13 on 2022-04-26 13:52 import digid_eherkenning_oidc_generics.models from django.db import migrations, models @@ -9,7 +9,7 @@ class Migration(migrations.Migration): dependencies = [ - ("digid_eherkenning_oidc_generics", "0002_openidconnectdigidmachtigenconfig"), + ("digid_eherkenning_oidc_generics", "0004_auto_20220425_1801"), ] operations = [ @@ -109,6 +109,43 @@ class Migration(migrations.Migration): verbose_name="Sign key", ), ), + ( + "oidc_use_nonce", + models.BooleanField( + default=True, + help_text="Controls whether the OpenID Connect client uses nonce verification", + verbose_name="Use nonce", + ), + ), + ( + "oidc_nonce_size", + models.PositiveIntegerField( + default=32, + help_text="Sets the length of the random string used for OpenID Connect nonce verification", + verbose_name="Nonce size", + ), + ), + ( + "oidc_state_size", + models.PositiveIntegerField( + default=32, + help_text="Sets the length of the random string used for OpenID Connect state verification", + verbose_name="State size", + ), + ), + ( + "oidc_exempt_urls", + django_better_admin_arrayfield.models.fields.ArrayField( + base_field=models.CharField( + max_length=1000, verbose_name="Exempt URL" + ), + blank=True, + default=list, + help_text="This is a list of absolute url paths, regular expressions for url paths, or Django view names. This plus the mozilla-django-oidc urls are exempted from the session renewal by the SessionRefresh middleware.", + size=None, + verbose_name="URLs exempt from session renewal", + ), + ), ( "oidc_op_logout_endpoint", models.URLField( @@ -133,16 +170,7 @@ class Migration(migrations.Migration): default="aanvrager.kvk", help_text="Name of the claim in which the KVK of the company being represented is stored", max_length=50, - verbose_name="vertegenwoordigde claim name", - ), - ), - ( - "vertegenwoordigde_person_claim_name", - models.CharField( - default="aanvrager.pseudoID", - help_text="Name of the claim in which the ID of the person being represented is stored", - max_length=50, - verbose_name="vertegenwoordigde claim name", + verbose_name="vertegenwoordigde company claim name", ), ), ( @@ -151,7 +179,7 @@ class Migration(migrations.Migration): default="gemachtigde.pseudoID", help_text="Name of the claim in which the ID of the person representing a company is stored", max_length=50, - verbose_name="gemachtigde claim name", + verbose_name="gemachtigde person claim name", ), ), ( diff --git a/src/digid_eherkenning_oidc_generics/mixins.py b/src/digid_eherkenning_oidc_generics/mixins.py index a4204f3278..c73e0c4e18 100644 --- a/src/digid_eherkenning_oidc_generics/mixins.py +++ b/src/digid_eherkenning_oidc_generics/mixins.py @@ -1,6 +1,11 @@ from mozilla_django_oidc_db.mixins import SoloConfigMixin as _SoloConfigMixin -from . import digid_machtigen_settings, digid_settings, eherkenning_settings, eherkenning_bewindvoering_settings +from . import ( + digid_machtigen_settings, + digid_settings, + eherkenning_bewindvoering_settings, + eherkenning_settings, +) from .models import ( OpenIDConnectDigiDMachtigenConfig, OpenIDConnectEHerkenningBewindvoeringConfig, diff --git a/src/digid_eherkenning_oidc_generics/models.py b/src/digid_eherkenning_oidc_generics/models.py index a5a60ee71d..3517bfba8f 100644 --- a/src/digid_eherkenning_oidc_generics/models.py +++ b/src/digid_eherkenning_oidc_generics/models.py @@ -9,7 +9,9 @@ from .digid_machtigen_settings import DIGID_MACHTIGEN_CUSTOM_OIDC_DB_PREFIX from .digid_settings import DIGID_CUSTOM_OIDC_DB_PREFIX -from .eherkenning_bewindvoering import EHERKENNING_BEWINDVOERING_CUSTOM_OIDC_DB_PREFIX +from .eherkenning_bewindvoering_settings import ( + EHERKENNING_BEWINDVOERING_CUSTOM_OIDC_DB_PREFIX, +) from .eherkenning_settings import EHERKENNING_CUSTOM_OIDC_DB_PREFIX @@ -153,23 +155,15 @@ class Meta: class OpenIDConnectEHerkenningBewindvoeringConfig(OpenIDConnectBaseConfig): vertegenwoordigde_company_claim_name = models.CharField( - verbose_name=_("vertegenwoordigde claim name"), + verbose_name=_("vertegenwoordigde company claim name"), default="aanvrager.kvk", max_length=50, help_text=_( "Name of the claim in which the KVK of the company being represented is stored" ), ) - vertegenwoordigde_person_claim_name = models.CharField( - verbose_name=_("vertegenwoordigde claim name"), - default="aanvrager.pseudoID", - max_length=50, - help_text=_( - "Name of the claim in which the ID of the person being represented is stored" - ), - ) gemachtigde_person_claim_name = models.CharField( - verbose_name=_("gemachtigde claim name"), + verbose_name=_("gemachtigde person claim name"), default="gemachtigde.pseudoID", max_length=50, help_text=_( diff --git a/src/openforms/authentication/contrib/digid_eherkenning_oidc/backends.py b/src/openforms/authentication/contrib/digid_eherkenning_oidc/backends.py index d0fff616b7..ba5465986b 100644 --- a/src/openforms/authentication/contrib/digid_eherkenning_oidc/backends.py +++ b/src/openforms/authentication/contrib/digid_eherkenning_oidc/backends.py @@ -128,7 +128,6 @@ def get_or_create_user(self, access_token, id_token, payload): def claim_names(self): return [ self.config.vertegenwoordigde_company_claim_name, - self.config.vertegenwoordigde_person_claim_name, self.config.gemachtigde_person_claim_name, ]