From 9b5bc13a927b05873c4c8dff5af0babd1bb6219f Mon Sep 17 00:00:00 2001 From: Eduardo Robles Date: Mon, 13 Nov 2023 13:12:38 +0100 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20Refresh=20&=20document=20OIDC=20sup?= =?UTF-8?q?port=20(#350)=20(#351)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Parent issue: https://github.com/sequentech/meta/issues/256 --- config.yml | 25 ------------------------- doc/devel/auth1.config.yml | 26 -------------------------- doc/devel/auth2.config.yml | 27 +-------------------------- doc/devel/sequent.config.yml | 26 -------------------------- doc/production/config.auth.yml | 26 -------------------------- doc/production/config.master.yml | 26 -------------------------- iam/templates/deploy.py | 20 -------------------- sequent-ui/templates/SequentConfig.js | 11 ----------- 8 files changed, 1 insertion(+), 186 deletions(-) diff --git a/config.yml b/config.yml index e4ec28c..d958bde 100644 --- a/config.yml +++ b/config.yml @@ -1405,31 +1405,6 @@ config: # Possible backends: email|console backend: 'console' - # List of OpenID Connect providers information. Each provider contains - # public info that is used by sequent-ui to show information about the - # providers, and private info that is used by iam for authentication. - # - # The logout_redirect_uri is used in case the election is configured to - # show a way to logout or even redirect after voting, and this URI can - # contain a __EVENT_ID__ that will be changed to the appropiate event_id - # before sending the user to it. - # - # openid_connect_providers: - # - public_info: - # id: example - # title: Authenticate to vote with Example - # description: Authenticate to vote with Example - # icon: https://www.example.com/favicon.ico - # authorization_endpoint: https://accounts.example.com/o/oauth2/v2/auth - # client_id: my_example_client_id.apps.example.com - # issuer: https://accounts.example.com - # token_endpoint: https://oauth2.example.com/token - # jwks_uri: https://www.example.com/oauth2/v3/certs - # logout_uri: https://accounts.example.com/o/oauth2/v2/auth_logout - # private_config: - # client_secret: example_secret - openid_connect_providers: [] - # list of extra options, added at the end as configuration lines in the # configuration file extra_options: [] diff --git a/doc/devel/auth1.config.yml b/doc/devel/auth1.config.yml index 7e79cda..e0d4bd6 100644 --- a/doc/devel/auth1.config.yml +++ b/doc/devel/auth1.config.yml @@ -1359,33 +1359,7 @@ config: extra_options: [] # - WHATEVER = 'VALUE' - # List of OpenID Connect providers information. Each provider contains - # public info that is used by sequent-ui to show information about the - # providers, and private info that is used by iam for authentication. - # - # The logout_redirect_uri is used in case the election is configured to - # show a way to logout or even redirect after voting, and this URI can - # contain a __EVENT_ID__ that will be changed to the appropiate event_id - # before sending the user to it. - # - # openid_connect_providers: - # - public_info: - # id: example - # title: Authenticate to vote with Example - # description: Authenticate to vote with Example - # icon: https://www.example.com/favicon.ico - # authorization_endpoint: https://accounts.example.com/o/oauth2/v2/auth - # client_id: my_example_client_id.apps.example.com - # issuer: https://accounts.example.com - # token_endpoint: https://oauth2.example.com/token - # jwks_uri: https://www.example.com/oauth2/v3/certs - # logout_uri: https://accounts.example.com/o/oauth2/v2/auth_logout - # private_config: - # client_secret: example_secret - openid_connect_providers: [] - # Authorities - authorities: - id: "auth1" name: "Sequent 1" diff --git a/doc/devel/auth2.config.yml b/doc/devel/auth2.config.yml index c797054..da1e709 100644 --- a/doc/devel/auth2.config.yml +++ b/doc/devel/auth2.config.yml @@ -1365,33 +1365,8 @@ config: # configuration file extra_options: [] # - WHATEVER = 'VALUE' - - # List of OpenID Connect providers information. Each provider contains - # public info that is used by sequent-ui to show information about the - # providers, and private info that is used by iam for authentication. - # - # The logout_redirect_uri is used in case the election is configured to - # show a way to logout or even redirect after voting, and this URI can - # contain a __EVENT_ID__ that will be changed to the appropiate event_id - # before sending the user to it. - # - # openid_connect_providers: - # - public_info: - # id: example - # title: Authenticate to vote with Example - # description: Authenticate to vote with Example - # icon: https://www.example.com/favicon.ico - # authorization_endpoint: https://accounts.example.com/o/oauth2/v2/auth - # client_id: my_example_client_id.apps.example.com - # issuer: https://accounts.example.com - # token_endpoint: https://oauth2.example.com/token - # jwks_uri: https://www.example.com/oauth2/v3/certs - # logout_uri: https://accounts.example.com/o/oauth2/v2/auth_logout - # private_config: - # client_secret: example_secret - + # Authorities - authorities: - id: "auth1" name: "Sequent 1" diff --git a/doc/devel/sequent.config.yml b/doc/devel/sequent.config.yml index 3847021..2784e27 100644 --- a/doc/devel/sequent.config.yml +++ b/doc/devel/sequent.config.yml @@ -1373,33 +1373,7 @@ config: extra_options: [] # - WHATEVER = 'VALUE' - # List of OpenID Connect providers information. Each provider contains - # public info that is used by sequent-ui to show information about the - # providers, and private info that is used by iam for authentication. - # - # The logout_redirect_uri is used in case the election is configured to - # show a way to logout or even redirect after voting, and this URI can - # contain a __EVENT_ID__ that will be changed to the appropiate event_id - # before sending the user to it. - # - # openid_connect_providers: - # - public_info: - # id: example - # title: Authenticate to vote with Example - # description: Authenticate to vote with Example - # icon: https://www.example.com/favicon.ico - # authorization_endpoint: https://accounts.example.com/o/oauth2/v2/auth - # client_id: my_example_client_id.apps.example.com - # issuer: https://accounts.example.com - # token_endpoint: https://oauth2.example.com/token - # jwks_uri: https://www.example.com/oauth2/v3/certs - # logout_uri: https://accounts.example.com/o/oauth2/v2/auth_logout - # private_config: - # client_secret: example_secret - openid_connect_providers: [] - # Authorities - authorities: - id: "auth1" name: "Sequent 1" diff --git a/doc/production/config.auth.yml b/doc/production/config.auth.yml index f9c08fd..73b7727 100644 --- a/doc/production/config.auth.yml +++ b/doc/production/config.auth.yml @@ -1375,33 +1375,7 @@ config: extra_options: [] # - WHATEVER = 'VALUE' - # List of OpenID Connect providers information. Each provider contains - # public info that is used by sequent-ui to show information about the - # providers, and private info that is used by iam for authentication. - # - # The logout_redirect_uri is used in case the election is configured to - # show a way to logout or even redirect after voting, and this URI can - # contain a __EVENT_ID__ that will be changed to the appropiate event_id - # before sending the user to it. - # - # openid_connect_providers: - # - public_info: - # id: example - # title: Authenticate to vote with Example - # description: Authenticate to vote with Example - # icon: https://www.example.com/favicon.ico - # authorization_endpoint: https://accounts.example.com/o/oauth2/v2/auth - # client_id: my_example_client_id.apps.example.com - # issuer: https://accounts.example.com - # token_endpoint: https://oauth2.example.com/token - # jwks_uri: https://www.example.com/oauth2/v3/certs - # logout_uri: https://accounts.example.com/o/oauth2/v2/auth_logout - # private_config: - # client_secret: example_secret - openid_connect_providers: [] - # Authorities - authorities: - id: "auth1" name: "Sequent 1" diff --git a/doc/production/config.master.yml b/doc/production/config.master.yml index 342da12..3452685 100644 --- a/doc/production/config.master.yml +++ b/doc/production/config.master.yml @@ -1375,33 +1375,7 @@ config: extra_options: [] # - WHATEVER = 'VALUE' - # List of OpenID Connect providers information. Each provider contains - # public info that is used by sequent-ui to show information about the - # providers, and private info that is used by iam for authentication. - # - # The logout_redirect_uri is used in case the election is configured to - # show a way to logout or even redirect after voting, and this URI can - # contain a __EVENT_ID__ that will be changed to the appropiate event_id - # before sending the user to it. - # - # openid_connect_providers: - # - public_info: - # id: example - # title: Authenticate to vote with Example - # description: Authenticate to vote with Example - # icon: https://www.example.com/favicon.ico - # authorization_endpoint: https://accounts.example.com/o/oauth2/v2/auth - # client_id: my_example_client_id.apps.example.com - # issuer: https://accounts.example.com - # token_endpoint: https://oauth2.example.com/token - # jwks_uri: https://www.example.com/oauth2/v3/certs - # logout_uri: https://accounts.example.com/o/oauth2/v2/auth_logout - # private_config: - # client_secret: example_secret - openid_connect_providers: [] - # Authorities - authorities: - id: "auth1" name: "Sequent 1" diff --git a/iam/templates/deploy.py b/iam/templates/deploy.py index 4228e01..607ceb5 100644 --- a/iam/templates/deploy.py +++ b/iam/templates/deploy.py @@ -199,26 +199,6 @@ def on_celery_setup_logging(**kwargs): SMS_OTP_EXPIRE_SECONDS = {{config.iam.sms_otp.expire_seconds}} -OPENID_CONNECT_PROVIDERS_CONF = [ -{% for provider in config.iam.openid_connect_providers %} - dict( - public_info = dict( -{% for key, value in provider.public_info.items() %} - {{key}}="{{value}}"{% if not loop.last %},{% endif %} - -{% endfor %} - ), - private_config = dict( -{% for key, value in provider.private_config.items() %} - {{key}}="{{value}}"{% if not loop.last %},{% endif %} -{% endfor %} - - ) - ){% if not loop.last %},{% endif %} -{% endfor %} - -] - OTL_URL = "https://{{ config.ballot_box.domain }}/election/__EVENT_ID__/public/otl/__SECRET__" ALT_AUTH_BASE_URL = "https://{{ config.ballot_box.domain }}/election/__EVENT_ID__/public/login-alt/__AUTH_METHOD_ID__" diff --git a/sequent-ui/templates/SequentConfig.js b/sequent-ui/templates/SequentConfig.js index 5f587d7..2d4e84b 100644 --- a/sequent-ui/templates/SequentConfig.js +++ b/sequent-ui/templates/SequentConfig.js @@ -183,17 +183,6 @@ var SequentConfigData = { ], - // Information regarding OpenID Connect authentication - openIDConnectProviders: [ - {% for provider in config.iam.openid_connect_providers %} - { - {% for key, value in provider.public_info.items() %} - "{{key}}": "{{value}}"{% if not loop.last %},{% endif %} - {% endfor %} - }{% if not loop.last %},{% endif %} - {% endfor %} - ], - //Minimum loading time (milliseconds) minLoadingTime: {{ config.sequent_ui.min_loading_time }},