Port OpenID Connect generics for DigiD/eHerkenning #69
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We only support a single endpoint going forward.
Organizing by DigiD and eHerkenning, similarly to the SAML models.
26e7891 to
0bedd5c
Compare
This will allow us to make different test envs/builds to check the correct functioning of the library with and without OIDC.
6ba759d to
e6a0213
Compare
e6a0213 to
7f257ad
Compare
a4d2d7c to
4ddc79a
Compare
The OIDC subpackage is an optional feature that is tested separately in CI.
4ddc79a to
fa355ac
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #69 +/- ##
==========================================
- Coverage 96.19% 90.12% -6.08%
==========================================
Files 75 50 -25
Lines 3337 1569 -1768
Branches 0 142 +142
==========================================
- Hits 3210 1414 -1796
+ Misses 127 114 -13
- Partials 0 41 +41
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
sergei-maertens
commented
May 28, 2024
* Enable branch coverage measuring * Hide 100% covered files in report * Skip migrations from coverage reports
... and immediately some bugs were found and fixed.
I don't see a good way to ensure 100% test coverage, especially with classes/models that are essentially intended to be subclassed further.
Subclassing models with proxies only to change a setting implemented on the base class is quite excessive, especially because it makes you override the admin registration. For callback view modifications, we can optionally provide a django setting.
|
@stevenbal there will be more changes to the model fields/configuration aspects, so I'm skipping on those tests for now. I'm also not sure that 100% test coverage is possible since some sanity checks/building blocks are provided here that are intended to be consumed by backends/views defined in downstream projects 🤔 |
39ff789 to
98a1f02
Compare
98a1f02 to
662de12
Compare
vaszig
approved these changes
May 31, 2024
So that downstream projects can import this too for type checks and issubclass checks.
455c352 to
9012e74
Compare
Ensure that our sanity check in the base class works as expected for downstream projects wishing to override the callback behaviour on a per-config basis.
We don't support Django < 4.2 anymore.
3a62c3e to
200d987
Compare
stevenbal
requested changes
Jun 11, 2024
|
|
||
|
|
||
| class DigiDMachtigenConfig(OpenIDConnectBaseConfig): | ||
| # TODO: support periods in claim keys |
There was a problem hiding this comment.
All the ..._claim_name fields will probably be migrated to use ClaimField in a next PR?
There was a problem hiding this comment.
exactly :-) and then I will add additional fields for the extra claims that need to be extracted, so I will make sure that's a single migration
The op_logout endpoint was provided in upstream, so the mapping in the modelform factory no longer requires patching. Additionally, the field is not necessarily required, so this requirement is dropped too.
stevenbal
approved these changes
Jun 11, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds the optional dependency group
oidc, which builds on top of mozilla-django-oidc-db.The models and configuration are extracted from Open Forms, and the models have been renamed so that the meaning is better conveyed.
The test/CI setup is also updated, using the codecov flags feature to track the optional sub-package coverage "independently", but in a way that we verify the project still works without enabling the OIDC feature.
The next PR will change the model definitions to be able to configure more aspects.