✨ Refresh & document OIDC support (#350) (#351)

Parent issue: sequentech/meta#256
sequentech · Nov 13, 2023 · 9b5bc13 · 9b5bc13
1 parent 17b0532
commit 9b5bc13
Show file tree

Hide file tree

Showing 8 changed files with 1 addition and 186 deletions.
diff --git a/config.yml b/config.yml
@@ -1405,31 +1405,6 @@ config:
       # Possible backends: email|console
       backend: 'console'
 
-    # List of OpenID Connect providers information. Each provider contains
-    # public info that is used by sequent-ui to show information about the
-    # providers, and private info that is used by iam for authentication.
-    #
-    # The logout_redirect_uri is used in case the election is configured to
-    # show a way to logout or even redirect after voting, and this URI can
-    # contain a __EVENT_ID__ that will be changed to the appropiate event_id
-    # before sending the user to it.
-    #
-    # openid_connect_providers:
-    #  - public_info:
-    #      id: example
-    #      title: Authenticate to vote with Example
-    #      description: Authenticate to vote with Example
-    #      icon: https://www.example.com/favicon.ico
-    #      authorization_endpoint: https://accounts.example.com/o/oauth2/v2/auth
-    #      client_id: my_example_client_id.apps.example.com
-    #      issuer: https://accounts.example.com
-    #      token_endpoint: https://oauth2.example.com/token
-    #      jwks_uri: https://www.example.com/oauth2/v3/certs
-    #      logout_uri: https://accounts.example.com/o/oauth2/v2/auth_logout
-    #    private_config:
-    #      client_secret: example_secret
-    openid_connect_providers: []
-
     # list of extra options, added at the end as configuration lines in the
     # configuration file
     extra_options: []

diff --git a/doc/devel/auth1.config.yml b/doc/devel/auth1.config.yml
@@ -1359,33 +1359,7 @@ config:
     extra_options: []
       # - WHATEVER = 'VALUE'
 
-    # List of OpenID Connect providers information. Each provider contains
-    # public info that is used by sequent-ui to show information about the
-    # providers, and private info that is used by iam for authentication.
-    #
-    # The logout_redirect_uri is used in case the election is configured to
-    # show a way to logout or even redirect after voting, and this URI can
-    # contain a __EVENT_ID__ that will be changed to the appropiate event_id
-    # before sending the user to it.
-    #
-    # openid_connect_providers:
-    #  - public_info:
-    #      id: example
-    #      title: Authenticate to vote with Example
-    #      description: Authenticate to vote with Example
-    #      icon: https://www.example.com/favicon.ico
-    #      authorization_endpoint: https://accounts.example.com/o/oauth2/v2/auth
-    #      client_id: my_example_client_id.apps.example.com
-    #      issuer: https://accounts.example.com
-    #      token_endpoint: https://oauth2.example.com/token
-    #      jwks_uri: https://www.example.com/oauth2/v3/certs
-    #      logout_uri: https://accounts.example.com/o/oauth2/v2/auth_logout
-    #    private_config:
-    #      client_secret: example_secret
-    openid_connect_providers: []
-
   # Authorities
-
   authorities:
     - id: "auth1"
       name: "Sequent 1"

diff --git a/doc/devel/auth2.config.yml b/doc/devel/auth2.config.yml
@@ -1365,33 +1365,8 @@ config:
     # configuration file
     extra_options: []
       # - WHATEVER = 'VALUE'
-
-    # List of OpenID Connect providers information. Each provider contains
-    # public info that is used by sequent-ui to show information about the
-    # providers, and private info that is used by iam for authentication.
-    #
-    # The logout_redirect_uri is used in case the election is configured to
-    # show a way to logout or even redirect after voting, and this URI can
-    # contain a __EVENT_ID__ that will be changed to the appropiate event_id
-    # before sending the user to it.
-    #
-    # openid_connect_providers:
-    #  - public_info:
-    #      id: example
-    #      title: Authenticate to vote with Example
-    #      description: Authenticate to vote with Example
-    #      icon: https://www.example.com/favicon.ico
-    #      authorization_endpoint: https://accounts.example.com/o/oauth2/v2/auth
-    #      client_id: my_example_client_id.apps.example.com
-    #      issuer: https://accounts.example.com
-    #      token_endpoint: https://oauth2.example.com/token
-    #      jwks_uri: https://www.example.com/oauth2/v3/certs
-    #      logout_uri: https://accounts.example.com/o/oauth2/v2/auth_logout
-    #    private_config:
-    #      client_secret: example_secret
-
+
   # Authorities
-
   authorities:
     - id: "auth1"
       name: "Sequent 1"

diff --git a/doc/devel/sequent.config.yml b/doc/devel/sequent.config.yml
@@ -1373,33 +1373,7 @@ config:
     extra_options: []
       # - WHATEVER = 'VALUE'
 
-    # List of OpenID Connect providers information. Each provider contains
-    # public info that is used by sequent-ui to show information about the
-    # providers, and private info that is used by iam for authentication.
-    #
-    # The logout_redirect_uri is used in case the election is configured to
-    # show a way to logout or even redirect after voting, and this URI can
-    # contain a __EVENT_ID__ that will be changed to the appropiate event_id
-    # before sending the user to it.
-    #
-    # openid_connect_providers:
-    #  - public_info:
-    #      id: example
-    #      title: Authenticate to vote with Example
-    #      description: Authenticate to vote with Example
-    #      icon: https://www.example.com/favicon.ico
-    #      authorization_endpoint: https://accounts.example.com/o/oauth2/v2/auth
-    #      client_id: my_example_client_id.apps.example.com
-    #      issuer: https://accounts.example.com
-    #      token_endpoint: https://oauth2.example.com/token
-    #      jwks_uri: https://www.example.com/oauth2/v3/certs
-    #      logout_uri: https://accounts.example.com/o/oauth2/v2/auth_logout
-    #    private_config:
-    #      client_secret: example_secret
-    openid_connect_providers: []
-
   # Authorities
-
   authorities:
     - id: "auth1"
       name: "Sequent 1"

diff --git a/doc/production/config.auth.yml b/doc/production/config.auth.yml
@@ -1375,33 +1375,7 @@ config:
     extra_options: []
       # - WHATEVER = 'VALUE'
 
-    # List of OpenID Connect providers information. Each provider contains
-    # public info that is used by sequent-ui to show information about the
-    # providers, and private info that is used by iam for authentication.
-    #
-    # The logout_redirect_uri is used in case the election is configured to
-    # show a way to logout or even redirect after voting, and this URI can
-    # contain a __EVENT_ID__ that will be changed to the appropiate event_id
-    # before sending the user to it.
-    #
-    # openid_connect_providers:
-    #  - public_info:
-    #      id: example
-    #      title: Authenticate to vote with Example
-    #      description: Authenticate to vote with Example
-    #      icon: https://www.example.com/favicon.ico
-    #      authorization_endpoint: https://accounts.example.com/o/oauth2/v2/auth
-    #      client_id: my_example_client_id.apps.example.com
-    #      issuer: https://accounts.example.com
-    #      token_endpoint: https://oauth2.example.com/token
-    #      jwks_uri: https://www.example.com/oauth2/v3/certs
-    #      logout_uri: https://accounts.example.com/o/oauth2/v2/auth_logout
-    #    private_config:
-    #      client_secret: example_secret
-    openid_connect_providers: []
-
   # Authorities
-
   authorities:
     - id: "auth1"
       name: "Sequent 1"

diff --git a/doc/production/config.master.yml b/doc/production/config.master.yml
@@ -1375,33 +1375,7 @@ config:
     extra_options: []
       # - WHATEVER = 'VALUE'
 
-    # List of OpenID Connect providers information. Each provider contains
-    # public info that is used by sequent-ui to show information about the
-    # providers, and private info that is used by iam for authentication.
-    #
-    # The logout_redirect_uri is used in case the election is configured to
-    # show a way to logout or even redirect after voting, and this URI can
-    # contain a __EVENT_ID__ that will be changed to the appropiate event_id
-    # before sending the user to it.
-    #
-    # openid_connect_providers:
-    #  - public_info:
-    #      id: example
-    #      title: Authenticate to vote with Example
-    #      description: Authenticate to vote with Example
-    #      icon: https://www.example.com/favicon.ico
-    #      authorization_endpoint: https://accounts.example.com/o/oauth2/v2/auth
-    #      client_id: my_example_client_id.apps.example.com
-    #      issuer: https://accounts.example.com
-    #      token_endpoint: https://oauth2.example.com/token
-    #      jwks_uri: https://www.example.com/oauth2/v3/certs
-    #      logout_uri: https://accounts.example.com/o/oauth2/v2/auth_logout
-    #    private_config:
-    #      client_secret: example_secret
-    openid_connect_providers: []
-
   # Authorities
-
   authorities:
     - id: "auth1"
       name: "Sequent 1"

diff --git a/iam/templates/deploy.py b/iam/templates/deploy.py
@@ -199,26 +199,6 @@ def on_celery_setup_logging(**kwargs):
 
 SMS_OTP_EXPIRE_SECONDS = {{config.iam.sms_otp.expire_seconds}}
 
-OPENID_CONNECT_PROVIDERS_CONF = [
-{% for provider in config.iam.openid_connect_providers %}
-      dict(
-        public_info = dict(
-{% for key, value in provider.public_info.items() %}
-          {{key}}="{{value}}"{% if not loop.last %},{% endif %}
-
-{% endfor %}
-        ),
-        private_config = dict(
-{% for key, value in provider.private_config.items() %}
-          {{key}}="{{value}}"{% if not loop.last %},{% endif %}
-{% endfor %}
-
-        )
-      ){% if not loop.last %},{% endif %}
-{% endfor %}
-
-]
-
 OTL_URL = "https://{{ config.ballot_box.domain }}/election/__EVENT_ID__/public/otl/__SECRET__"
 
 ALT_AUTH_BASE_URL = "https://{{ config.ballot_box.domain }}/election/__EVENT_ID__/public/login-alt/__AUTH_METHOD_ID__"

diff --git a/sequent-ui/templates/SequentConfig.js b/sequent-ui/templates/SequentConfig.js
@@ -183,17 +183,6 @@ var SequentConfigData = {
 
   ],
 
-  // Information regarding OpenID Connect authentication
-  openIDConnectProviders: [
-      {% for provider in config.iam.openid_connect_providers %}
-      {
-        {% for key, value in provider.public_info.items() %}
-          "{{key}}": "{{value}}"{% if not loop.last %},{% endif %}
-        {% endfor %}
-      }{% if not loop.last %},{% endif %}
-      {% endfor %}
-  ],
-
   //Minimum loading time (milliseconds)
   minLoadingTime: {{ config.sequent_ui.min_loading_time }},