🚧 [#1471] Update OIDC module generics

open-formulieren · Mar 31, 2022 · 55052e0 · 55052e0
1 parent 01704ab
commit 55052e0
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 3 deletions.
diff --git a/src/digid_eherkenning_oidc_generics/backends.py b/src/digid_eherkenning_oidc_generics/backends.py
@@ -16,16 +16,20 @@ class OIDCAuthenticationBackend(_OIDCAuthenticationBackend):
     session_key = ""
     claim_name_field = "identifier_claim_name"
 
+    def extract_claims(self, payload):
+        self.request.session[self.session_key] = payload[
+            self.get_settings(self.claim_name_field)
+        ]
+
     def get_or_create_user(self, access_token, id_token, payload):
         user_info = self.get_userinfo(access_token, id_token, payload)
         claims_verified = self.verify_claims(user_info)
         if not claims_verified:
             msg = "Claims verification failed"
             raise SuspiciousOperation(msg)
 
-        self.request.session[self.session_key] = payload[
-            self.get_settings(self.claim_name_field)
-        ]
+        self.extract_claims(payload)
+
         user = AnonymousUser()
         user.is_active = True
         return user

diff --git a/src/digid_eherkenning_oidc_generics/migrations/0002_auto_20220331_1221.py b/src/digid_eherkenning_oidc_generics/migrations/0002_auto_20220331_1221.py
@@ -0,0 +1,33 @@
+# Generated by Django 3.2.12 on 2022-03-31 10:21
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("digid_eherkenning_oidc_generics", "0001_initial"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="openidconnectpublicconfig",
+            name="gemachtigde_claim_name",
+            field=models.CharField(
+                default="gemachtigde.bsn",
+                help_text="Name of the claim in which the BSN of the person representing someone else is stored",
+                max_length=50,
+                verbose_name="gemachtigde claim name",
+            ),
+        ),
+        migrations.AddField(
+            model_name="openidconnectpublicconfig",
+            name="vertegenwoordigde_claim_name",
+            field=models.CharField(
+                default="aanvrager.bsn",
+                help_text="Name of the claim in which the BSN of the person being represented is stored",
+                max_length=50,
+                verbose_name="vertegenwoordigde claim name",
+            ),
+        ),
+    ]
diff --git a/src/digid_eherkenning_oidc_generics/models.py b/src/digid_eherkenning_oidc_generics/models.py
@@ -74,6 +74,22 @@ class OpenIDConnectPublicConfig(OpenIDConnectBaseConfig):
             "These scopes are hardcoded and must be supported by the identity provider"
         ),
     )
+    vertegenwoordigde_claim_name = models.CharField(
+        verbose_name=_("vertegenwoordigde claim name"),
+        default="aanvrager.bsn",
+        max_length=50,
+        help_text=_(
+            "Name of the claim in which the BSN of the person being represented is stored"
+        ),
+    )
+    gemachtigde_claim_name = models.CharField(
+        verbose_name=_("gemachtigde claim name"),
+        default="gemachtigde.bsn",
+        max_length=50,
+        help_text=_(
+            "Name of the claim in which the BSN of the person representing someone else is stored"
+        ),
+    )
 
     @classproperty
     def custom_oidc_db_prefix(cls):