def application_details_fields(self):
return [
hqcrispy.B3TextField(
'login_url',
url_helpers.get_oidc_login_url(self.idp),
),
hqcrispy.B3TextField(
'redirect_uris',
url_helpers.get_oidc_auth_url(self.idp),
),
hqcrispy.B3TextField(
'logout_redirect_uris',
url_helpers.get_oidc_logout_url(self.idp),
),
]
def service_provider_fields(self):
shown_fields = []
if self.show_help_block:
shown_fields.append(self.service_provider_help_block)
shown_fields.extend([
hqcrispy.B3TextField(
'sp_entity_id',
url_helpers.get_saml_entity_id(self.idp),
),
hqcrispy.B3TextField(
'sp_acs_url',
url_helpers.get_saml_acs_url(self.idp),
),
hqcrispy.B3TextField(
'sp_sign_on_url',
url_helpers.get_saml_login_url(self.idp),
),
])
return shown_fields
def token_encryption_fields(self):
download = _("Download")
return [
hqcrispy.B3TextField(
'sp_public_cert',
format_html('<a href="?sp_cert_public" target="_blank">{}</a>',
download),
),
hqcrispy.B3TextField(
'sp_public_cert_expiration',
self.idp.date_sp_cert_expiration.strftime(
'%d %B %Y at %H:%M UTC'),
),
hqcrispy.B3TextField(
'sp_rollover_cert',
(format_html(
'<a href="?sp_rollover_cert_public" target="_blank">{}</a>',
download) if self.idp.sp_rollover_cert_public else
_("Not needed/generated yet.")),
),
]
def __init__(self, identity_provider, *args, **kwargs):
self.idp = identity_provider
kwargs['initial'] = {
'name': identity_provider.name,
'is_editable': identity_provider.is_editable,
'is_active': identity_provider.is_active,
'slug': identity_provider.slug,
}
super().__init__(*args, **kwargs)
sp_details_form = ServiceProviderDetailsForm(identity_provider,
show_help_block=False)
self.fields.update(sp_details_form.fields)
from corehq.apps.accounting.views import ManageBillingAccountView
account_link = reverse(ManageBillingAccountView.urlname,
args=(identity_provider.owner.id, ))
if self.idp.is_editable:
self.fields['is_editable'].help_text = format_html(
'<a href="{}">{}</a>',
url_helpers.get_dashboard_link(self.idp),
_("Edit Enterprise Settings"))
self.helper = FormHelper()
self.helper.form_tag = False
self.helper.label_class = 'col-sm-3 col-md-2'
self.helper.field_class = 'col-sm-9 col-md-8 col-lg-6'
self.helper.layout = crispy.Layout(
crispy.Div(crispy.Div(crispy.Fieldset(
_('Primary Configuration'),
hqcrispy.B3TextField(
'owner',
format_html('<a href="{}">{}</a>', account_link,
identity_provider.owner.name)),
'name',
twbscrispy.PrependedText('is_editable', ''),
twbscrispy.PrependedText('is_active', ''),
),
css_class="panel-body"),
css_class="panel panel-modern-gray panel-form-only"),
crispy.Div(crispy.Div(crispy.Fieldset(
_('Service Provider Settings'), 'slug',
*sp_details_form.service_provider_fields),
css_class="panel-body"),
css_class="panel panel-modern-gray panel-form-only"),
hqcrispy.FormActions(
twbscrispy.StrictButton(
ugettext_lazy("Update Configuration"),
type="submit",
css_class="btn btn-primary",
)))
def get_primary_fields(self):
return [
crispy.Div(crispy.Div(crispy.Fieldset(
_('Single Sign-On Settings'),
hqcrispy.B3TextField(
'name',
self.idp.name,
),
hqcrispy.B3TextField(
'linked_email_domains',
", ".join(self.idp.get_email_domains()),
),
twbscrispy.PrependedText('is_active', ''),
),
css_class="panel-body"),
css_class="panel panel-modern-gray panel-form-only"),
hqcrispy.FormActions(
twbscrispy.StrictButton(
gettext_lazy("Update Configuration"),
type="submit",
css_class="btn btn-primary",
)),
]
def service_provider_fields(self):
download = _("Download")
shown_fields = []
if self.show_help_block:
shown_fields.append(self.service_provider_help_block)
shown_fields.extend([
hqcrispy.B3TextField(
'sp_entity_id',
url_helpers.get_saml_entity_id(self.idp),
),
hqcrispy.B3TextField(
'sp_acs_url',
url_helpers.get_saml_acs_url(self.idp),
),
hqcrispy.B3TextField(
'sp_logout_url',
url_helpers.get_saml_sls_url(self.idp),
),
])
if self.show_public_cert:
shown_fields.extend([
hqcrispy.B3TextField(
'sp_public_cert',
format_html(
'<a href="?sp_cert_public" target="_blank">{}</a>',
download),
),
hqcrispy.B3TextField(
'sp_public_cert_expiration',
self.idp.date_sp_cert_expiration.strftime(
'%d %B %Y at %H:%M UTC'),
),
])
if self.show_rollover_cert:
shown_fields.append(
hqcrispy.B3TextField(
'sp_rollover_cert',
(format_html(
'<a href="?sp_rollover_cert_public" target="_blank">{}</a>',
download) if self.idp.sp_rollover_cert_public else
_("Not needed/generated yet.")),
))
return shown_fields
def __init__(self, identity_provider, *args, **kwargs):
kwargs['initial'] = {
'is_active':
identity_provider.is_active,
'entity_id':
identity_provider.entity_id,
'login_url':
identity_provider.login_url,
'logout_url':
identity_provider.logout_url,
'require_encrypted_assertions':
identity_provider.require_encrypted_assertions,
}
super().__init__(identity_provider, *args, **kwargs)
sp_details_form = ServiceProviderDetailsForm(identity_provider)
self.fields.update(sp_details_form.fields)
self.fields['entity_id'].label = _("{} Identifier").format(
self.idp.service_name)
certificate_details = []
if self.idp.idp_cert_public:
self.fields['idp_cert_public'].label = _(
"Upload New Certificate (Base64)")
certificate_details = [
hqcrispy.B3TextField(
'download_idp_cert_public',
format_html(
'<a href="?idp_cert_public" target="_blank">{}</a>',
_("Download")),
),
hqcrispy.B3TextField(
'date_idp_cert_expiration',
self.idp.date_idp_cert_expiration.strftime(
'%d %B %Y at %H:%M UTC'),
),
]
self.helper = FormHelper()
self.helper.label_class = 'col-sm-3 col-md-2'
self.helper.field_class = 'col-sm-9 col-md-8 col-lg-6'
self.helper.layout = crispy.Layout(
crispy.Div(crispy.Div(crispy.Fieldset(
_('Basic SAML Configuration for {}').format(
self.idp.service_name),
*sp_details_form.service_provider_fields),
css_class="panel-body"),
css_class="panel panel-modern-gray panel-form-only"),
crispy.Div(crispy.Div(crispy.Fieldset(
_('Connection Details from {}').format(self.idp.service_name),
'login_url',
'entity_id',
'logout_url',
crispy.Div(*certificate_details),
'idp_cert_public',
),
css_class="panel-body"),
css_class="panel panel-modern-gray panel-form-only"),
crispy.Div(crispy.Div(crispy.Fieldset(
_('SAML Token Encryption'),
sp_details_form.token_encryption_help_block,
twbscrispy.PrependedText('require_encrypted_assertions', ''),
crispy.Div(*sp_details_form.token_encryption_fields),
),
css_class="panel-body"),
css_class="panel panel-modern-gray panel-form-only"),
crispy.Div(*self.get_primary_fields()),
)
def __init__(self, identity_provider, *args, **kwargs):
self.idp = identity_provider
kwargs['initial'] = {
'name': identity_provider.name,
'is_editable': identity_provider.is_editable,
'is_active': identity_provider.is_active,
'slug': identity_provider.slug,
}
super().__init__(*args, **kwargs)
current_protocol_name = dict(
IdentityProviderProtocol.CHOICES)[self.idp.protocol]
if self.idp.protocol == IdentityProviderProtocol.SAML:
sp_details_form = ServiceProviderDetailsForm(identity_provider,
show_help_block=False)
self.fields.update(sp_details_form.fields)
sp_or_rp_settings = crispy.Fieldset(
_('Service Provider Settings'),
'slug',
crispy.Div(*sp_details_form.service_provider_fields),
crispy.Div(*sp_details_form.token_encryption_fields),
)
protocol_notice = current_protocol_name
else:
rp_details_form = RelyingPartyDetailsForm(identity_provider)
self.fields.update(rp_details_form.fields)
sp_or_rp_settings = crispy.Fieldset(
_('Relying Party Settings'),
'slug',
crispy.Div(*rp_details_form.application_details_fields),
)
# todo remove when OIDC is active
protocol_notice = format_html(
"{}<p class='alert alert-warning'>"
"<strong>Please Note that OIDC support is still in development!</strong><br/> "
"Do not make any Identity Providers live on production.</p>",
current_protocol_name)
from corehq.apps.accounting.views import ManageBillingAccountView
account_link = reverse(ManageBillingAccountView.urlname,
args=(identity_provider.owner.id, ))
if self.idp.is_editable:
self.fields['is_editable'].help_text = format_html(
'<a href="{}">{}</a>',
url_helpers.get_dashboard_link(self.idp),
_("Edit Enterprise Settings"))
self.helper = FormHelper()
self.helper.form_tag = False
self.helper.label_class = 'col-sm-3 col-md-2'
self.helper.field_class = 'col-sm-9 col-md-8 col-lg-6'
self.helper.layout = crispy.Layout(
crispy.Div(crispy.Div(crispy.Fieldset(
_('Primary Configuration'),
protocol_notice,
hqcrispy.B3TextField(
'owner',
format_html('<a href="{}">{}</a>', account_link,
identity_provider.owner.name)),
hqcrispy.B3TextField('protocol', protocol_notice),
hqcrispy.B3TextField('idp_type', self.idp.service_name),
'name',
twbscrispy.PrependedText('is_editable', ''),
twbscrispy.PrependedText('is_active', ''),
),
css_class="panel-body"),
css_class="panel panel-modern-gray panel-form-only"),
crispy.Div(crispy.Div(sp_or_rp_settings, css_class="panel-body"),
css_class="panel panel-modern-gray panel-form-only"),
hqcrispy.FormActions(
twbscrispy.StrictButton(
gettext_lazy("Update Configuration"),
type="submit",
css_class="btn btn-primary",
)))
def __init__(self, identity_provider, *args, **kwargs):
self.idp = identity_provider
kwargs['initial'] = {
'is_active':
identity_provider.is_active,
'entity_id':
identity_provider.entity_id,
'login_url':
identity_provider.login_url,
'logout_url':
identity_provider.logout_url,
'idp_cert_public':
identity_provider.idp_cert_public,
'date_idp_cert_expiration':
(identity_provider.date_idp_cert_expiration.isoformat()
if identity_provider.date_idp_cert_expiration else ''),
}
super().__init__(*args, **kwargs)
sp_details_form = ServiceProviderDetailsForm(identity_provider)
self.fields.update(sp_details_form.fields)
self.helper = FormHelper()
self.helper.label_class = 'col-sm-3 col-md-2'
self.helper.field_class = 'col-sm-9 col-md-8 col-lg-6'
self.helper.layout = crispy.Layout(
crispy.Div(crispy.Div(crispy.Fieldset(
_('Service Provider Details for Azure AD'),
*sp_details_form.service_provider_fields),
css_class="panel-body"),
css_class="panel panel-modern-gray panel-form-only"),
crispy.Div(crispy.Div(crispy.Fieldset(
_('Single Sign-On Settings'),
hqcrispy.B3TextField(
'name',
identity_provider.name,
),
hqcrispy.B3TextField(
'linked_email_domains',
", ".join(identity_provider.get_email_domains()),
),
twbscrispy.PrependedText('is_active', ''),
),
css_class="panel-body"),
css_class="panel panel-modern-gray panel-form-only"),
crispy.Div(crispy.Div(crispy.Fieldset(
_('Connection Details from Azure AD'),
'entity_id',
'login_url',
'logout_url',
'idp_cert_public',
crispy.Field(
'date_idp_cert_expiration',
placeholder="YYYY/MM/DD HH:MM AM/PM",
),
),
css_class="panel-body"),
css_class="panel panel-modern-gray panel-form-only"),
hqcrispy.FormActions(
twbscrispy.StrictButton(
ugettext_lazy("Update Configuration"),
type="submit",
css_class="btn btn-primary",
)))